Révision c94658e1
Allow declaring the same set in several tables
Closes #100
| manifests/set.pp | ||
|---|---|---|
| 12 | 12 |
# @param setname name of set, equal to to title. |
| 13 | 13 |
# @param order concat ordering. |
| 14 | 14 |
# @param type type of set. |
| 15 |
# @param table table to add set to.
|
|
| 15 |
# @param table table or array of tables to add the set to.
|
|
| 16 | 16 |
# @param flags specify flags for set |
| 17 | 17 |
# @param timeout timeout in seconds |
| 18 | 18 |
# @param gc_interval garbage collection interval. |
| ... | ... | |
| 27 | 27 |
Pattern[/^[-a-zA-Z0-9_]+$/] $setname = $title, |
| 28 | 28 |
Pattern[/^\d\d$/] $order = '10', |
| 29 | 29 |
Optional[Enum['ipv4_addr', 'ipv6_addr', 'ether_addr', 'inet_proto', 'inet_service', 'mark']] $type = undef, |
| 30 |
String $table = 'inet-filter',
|
|
| 30 |
Variant[String, Array[String, 1]] $table = 'inet-filter',
|
|
| 31 | 31 |
Array[Enum['constant', 'dynamic', 'interval', 'timeout'], 0, 4] $flags = [], |
| 32 | 32 |
Optional[Integer] $timeout = undef, |
| 33 | 33 |
Optional[Integer] $gc_interval = undef, |
| ... | ... | |
| 44 | 44 |
} |
| 45 | 45 |
} |
| 46 | 46 |
|
| 47 |
if $ensure == 'present' {
|
|
| 48 |
concat::fragment {
|
|
| 49 |
"nftables-${table}-set-${setname}":
|
|
| 50 |
order => $order, |
|
| 51 |
target => "nftables-${table}",
|
|
| 52 |
} |
|
| 47 |
$_tables = Array($table, true) |
|
| 53 | 48 |
|
| 54 |
if $content {
|
|
| 55 |
Concat::Fragment["nftables-${table}-set-${setname}"] {
|
|
| 56 |
content => " ${content}",
|
|
| 57 |
} |
|
| 58 |
} elsif $source {
|
|
| 59 |
Concat::Fragment["nftables-${table}-set-${setname}"] {
|
|
| 60 |
source => $source, |
|
| 61 |
} |
|
| 62 |
} else {
|
|
| 63 |
if $type == undef {
|
|
| 64 |
fail('The way the resource is configured must have a type set')
|
|
| 49 |
if $ensure == 'present' {
|
|
| 50 |
$_tables.each |Integer $index, String $_table| {
|
|
| 51 |
concat::fragment {
|
|
| 52 |
"nftables-${_table}-set-${setname}":
|
|
| 53 |
order => $order, |
|
| 54 |
target => "nftables-${_table}",
|
|
| 65 | 55 |
} |
| 66 |
Concat::Fragment["nftables-${table}-set-${setname}"] {
|
|
| 67 |
content => epp('nftables/set.epp',
|
|
| 68 |
{
|
|
| 69 |
'name' => $setname, |
|
| 70 |
'type' => $type, |
|
| 71 |
'flags' => $flags, |
|
| 72 |
'timeout' => $timeout, |
|
| 73 |
'gc_interval' => $gc_interval, |
|
| 74 |
'elements' => $elements, |
|
| 75 |
'size' => $size, |
|
| 76 |
'policy' => $policy, |
|
| 77 |
'auto_merge' => $auto_merge, |
|
| 78 |
} |
|
| 79 |
) |
|
| 56 |
|
|
| 57 |
if $content {
|
|
| 58 |
Concat::Fragment["nftables-${_table}-set-${setname}"] {
|
|
| 59 |
content => " ${content}",
|
|
| 60 |
} |
|
| 61 |
} elsif $source {
|
|
| 62 |
Concat::Fragment["nftables-${_table}-set-${setname}"] {
|
|
| 63 |
source => $source, |
|
| 64 |
} |
|
| 65 |
} else {
|
|
| 66 |
if $type == undef {
|
|
| 67 |
fail('The way the resource is configured must have a type set')
|
|
| 68 |
} |
|
| 69 |
Concat::Fragment["nftables-${_table}-set-${setname}"] {
|
|
| 70 |
content => epp('nftables/set.epp',
|
|
| 71 |
{
|
|
| 72 |
'name' => $setname, |
|
| 73 |
'type' => $type, |
|
| 74 |
'flags' => $flags, |
|
| 75 |
'timeout' => $timeout, |
|
| 76 |
'gc_interval' => $gc_interval, |
|
| 77 |
'elements' => $elements, |
|
| 78 |
'size' => $size, |
|
| 79 |
'policy' => $policy, |
|
| 80 |
'auto_merge' => $auto_merge, |
|
| 81 |
} |
|
| 82 |
) |
|
| 83 |
} |
|
| 80 | 84 |
} |
| 81 | 85 |
} |
| 82 | 86 |
} |
Formats disponibles : Unified diff