Révision a528bf59
New clobber_default_config paramter
Certain OSes namely Debian and Archlinux provide default rules
with the OS.
This module has always respected those rules and appended all of
its own rules to the end of the existing rules.
The new parameter `clobber_default_config` if set `true` (default `false`)
will drop any existing OS provided rules.
Also related to acceptance tests only on Archlinux where the default
OS provided configuration requires kernel >= 6.3 we purge the default rules
if required.
| spec/classes/nftables_spec.rb | ||
|---|---|---|
| 33 | 33 |
|
| 34 | 34 |
it { is_expected.to contain_package('nftables') }
|
| 35 | 35 |
|
| 36 |
context 'with clobber_default_config false' do |
|
| 37 |
let(:params) do |
|
| 38 |
{ clobber_default_config: false }
|
|
| 39 |
end |
|
| 40 |
|
|
| 41 |
it {
|
|
| 42 |
is_expected.to contain_file_line('enable_nftables').with(
|
|
| 43 |
line: 'include "/etc/nftables/puppet.nft"', |
|
| 44 |
path: nft_config |
|
| 45 |
) |
|
| 46 |
} |
|
| 47 |
|
|
| 48 |
it { is_expected.not_to contain_file(nft_config) }
|
|
| 49 |
end |
|
| 50 |
|
|
| 51 |
context 'with clobber_default_config true' do |
|
| 52 |
let(:params) do |
|
| 53 |
{ clobber_default_config: true }
|
|
| 54 |
end |
|
| 55 |
|
|
| 56 |
it {
|
|
| 57 |
is_expected.to contain_file(nft_config).with( |
|
| 58 |
ensure: 'file', |
|
| 59 |
content: %r{^include "/etc/nftables/puppet.nft"$},
|
|
| 60 |
owner: 'root', |
|
| 61 |
group: 'root' |
|
| 62 |
) |
|
| 63 |
} |
|
| 64 |
|
|
| 65 |
it { is_expected.not_to contain_file_line('enable_nftables') }
|
|
| 66 |
end |
|
| 67 |
|
|
| 36 | 68 |
it {
|
| 37 | 69 |
is_expected.to contain_file('/etc/nftables').with(
|
| 38 | 70 |
ensure: 'directory', |
Formats disponibles : Unified diff