root / manifests / set.pp @ b9785000
Historique | Voir | Annoter | Télécharger (1,88 ko)
| 1 | 20b96360 | Nacho Barrientos | # manage a named set |
|---|---|---|---|
| 2 | 11bf7237 | Steve Traylen | define nftables::set ( |
| 3 | 31b17627 | Steve Traylen | Enum['present','absent'] $ensure = 'present', |
| 4 | Pattern[/^[-a-zA-Z0-9_]+$/] $setname = $title, |
||
| 5 | Pattern[/^\d\d$/] $order = '10', |
||
| 6 | Optional[Enum['ipv4_addr', 'ipv6_addr', 'ether_addr', 'inet_proto', 'inet_service', 'mark']] $type = undef, |
||
| 7 | String $table = 'inet-filter', |
||
| 8 | Array[Enum['constant', 'dynamic', 'interval', 'timeout'], 0, 4] $flags = [], |
||
| 9 | Optional[Integer] $timeout = undef, |
||
| 10 | Optional[Integer] $gc_interval = undef, |
||
| 11 | Optional[Array[String]] $elements = undef, |
||
| 12 | Optional[Integer] $size = undef, |
||
| 13 | Optional[Enum['performance', 'memory']] $policy = undef, |
||
| 14 | Boolean $auto_merge = false, |
||
| 15 | Optional[String] $content = undef, |
||
| 16 | Optional[Variant[String,Array[String,1]]] $source = undef, |
||
| 17 | 11bf7237 | Steve Traylen | ) {
|
| 18 | 20b96360 | Nacho Barrientos | if $size and $elements {
|
| 19 | if length($elements) > $size {
|
||
| 20 | fail("Max size of set ${setname} of ${size} is not being respected")
|
||
| 21 | } |
||
| 22 | } |
||
| 23 | |||
| 24 | if $ensure == 'present' {
|
||
| 25 | 11bf7237 | Steve Traylen | concat::fragment {
|
| 26 | 20b96360 | Nacho Barrientos | "nftables-${table}-set-${setname}":
|
| 27 | order => $order, |
||
| 28 | target => "nftables-${table}",
|
||
| 29 | } |
||
| 30 | |||
| 31 | if $content {
|
||
| 32 | 11bf7237 | Steve Traylen | Concat::Fragment["nftables-${table}-set-${setname}"] {
|
| 33 | 20b96360 | Nacho Barrientos | content => " ${content}",
|
| 34 | } |
||
| 35 | } elsif $source {
|
||
| 36 | 11bf7237 | Steve Traylen | Concat::Fragment["nftables-${table}-set-${setname}"] {
|
| 37 | 20b96360 | Nacho Barrientos | source => $source, |
| 38 | } |
||
| 39 | } else {
|
||
| 40 | 9f0498e3 | Nacho Barrientos | if $type == undef {
|
| 41 | fail('The way the resource is configured must have a type set')
|
||
| 42 | } |
||
| 43 | 11bf7237 | Steve Traylen | Concat::Fragment["nftables-${table}-set-${setname}"] {
|
| 44 | 20b96360 | Nacho Barrientos | content => epp('nftables/set.epp',
|
| 45 | {
|
||
| 46 | 'name' => $setname, |
||
| 47 | 'type' => $type, |
||
| 48 | 'flags' => $flags, |
||
| 49 | 'timeout' => $timeout, |
||
| 50 | 'gc_interval' => $gc_interval, |
||
| 51 | 'elements' => $elements, |
||
| 52 | 'size' => $size, |
||
| 53 | 'policy' => $policy, |
||
| 54 | 'auto_merge' => $auto_merge, |
||
| 55 | } |
||
| 56 | ) |
||
| 57 | } |
||
| 58 | } |
||
| 59 | } |
||
| 60 | } |