diff options
author | Thore Bödecker <me@foxxx0.de> | 2019-09-11 16:01:32 +0200 |
---|---|---|
committer | Thore Bödecker <me@foxxx0.de> | 2019-09-11 16:01:32 +0200 |
commit | 3d868fb81532d717fd625638781e4663a834260c (patch) | |
tree | 397bcfd1f98200da896b8d032cbd4b9bcb1a3749 | |
parent | 6d96e030be0db4a916dd6a9bd0b25570d359e634 (diff) | |
download | puppet-ferm-3d868fb81532d717fd625638781e4663a834260c.tar.gz puppet-ferm-3d868fb81532d717fd625638781e4663a834260c.tar.bz2 |
allow using an array for $proto
This enables defining ferm::rule with multiple protocols at once,
because using 'all' for $proto does not allow using $dport/$sport.
-rw-r--r-- | REFERENCE.md | 2 | ||||
-rw-r--r-- | manifests/rule.pp | 6 | ||||
-rw-r--r-- | spec/defines/rule_spec.rb | 19 | ||||
-rw-r--r-- | types/protocols.pp | 5 |
4 files changed, 28 insertions, 4 deletions
diff --git a/REFERENCE.md b/REFERENCE.md index 19ffae0..d9adadb 100644 --- a/REFERENCE.md +++ b/REFERENCE.md @@ -412,7 +412,7 @@ Alias of `Enum['ACCEPT', 'DROP']` a list of allowed protocolls to match -Alias of `Enum['icmp', 'tcp', 'udp', 'udplite', 'icmpv6', 'esp', 'ah', 'sctp', 'mh', 'all']` +Alias of `Variant[Enum['icmp', 'tcp', 'udp', 'udplite', 'icmpv6', 'esp', 'ah', 'sctp', 'mh', 'all'], Array[Enum['icmp', 'tcp', 'udp', 'udplite', 'icmpv6', 'esp', 'ah', 'sctp', 'mh', 'all']]]` ### Ferm::Tables diff --git a/manifests/rule.pp b/manifests/rule.pp index 4f2c985..a973601 100644 --- a/manifests/rule.pp +++ b/manifests/rule.pp @@ -73,8 +73,10 @@ define ferm::rule ( Ferm::Chain <| chain == $action_temp and table == $table |> -> Ferm::Rule[$name] } - - $proto_real = "proto ${proto}" + $proto_real = $proto ? { + Array => "proto (${join($proto, ' ')})", + String => "proto ${proto}", + } $dport_real = $dport ? { undef => '', diff --git a/spec/defines/rule_spec.rb b/spec/defines/rule_spec.rb index ef20e17..33ce169 100644 --- a/spec/defines/rule_spec.rb +++ b/spec/defines/rule_spec.rb @@ -114,6 +114,25 @@ describe 'ferm::rule', type: :define do it { is_expected.to contain_concat__fragment('INPUT-eth0-zzz').with_content("}\n") } end + context 'without a specific interface using array for proto' do + let(:title) { 'filter-consul' } + let :params do + { + chain: 'INPUT', + action: 'ACCEPT', + proto: %w[tcp udp], + dport: '(8301 8302)', + saddr: '127.0.0.1' + } + end + + it { is_expected.to compile.with_all_deps } + it { is_expected.to contain_concat__fragment('INPUT-filter-consul').with_content("mod comment comment 'filter-consul' proto (tcp udp) dport (8301 8302) saddr @ipfilter((127.0.0.1)) ACCEPT;\n") } + it { is_expected.to contain_concat__fragment('filter-INPUT-config-include') } + it { is_expected.to contain_concat__fragment('filter-FORWARD-config-include') } + it { is_expected.to contain_concat__fragment('filter-OUTPUT-config-include') } + end + context 'with jumping to custom chains' do # create custom chain let(:pre_condition) do diff --git a/types/protocols.pp b/types/protocols.pp index ee3ac2b..cdd76b2 100644 --- a/types/protocols.pp +++ b/types/protocols.pp @@ -1,2 +1,5 @@ # @summary a list of allowed protocolls to match -type Ferm::Protocols = Enum['icmp', 'tcp', 'udp', 'udplite', 'icmpv6', 'esp', 'ah', 'sctp', 'mh', 'all'] +type Ferm::Protocols = Variant[ + Enum['icmp', 'tcp', 'udp', 'udplite', 'icmpv6', 'esp', 'ah', 'sctp', 'mh', 'all'], + Array[Enum['icmp', 'tcp', 'udp', 'udplite', 'icmpv6', 'esp', 'ah', 'sctp', 'mh', 'all']], +] |