Skip to content

Commit

Permalink
switch naming to puppetserver
Browse files Browse the repository at this point in the history
  • Loading branch information
@duritong
duritong committed Dec 13, 2020
1 parent 3820575 commit f271db9
Show file tree
Hide file tree
Showing 2 changed files with 44 additions and 5 deletions.
10 changes: 5 additions & 5 deletions manifests/rules/out/puppet.pp
View file
Original file line number Diff line number Diff line change
@@ -1,19 +1,19 @@
# manage outgoing puppet
class nftables::rules::out::puppet (
Variant[String,Array[String,1]] $puppetmaster,
Variant[Stdlib::IP::Address,Array[Stdlib::IP::Address,1]] $puppetserver,
Integer $puppetserver_port = 8140,
) {
any2array($puppetmaster).each |$index,$pm| {
Array($puppetserver, true).each |$index,$ps| {
nftables::rule {
"default_out-puppet-${index}":
}
if $pm =~ /:/ {
if $ps =~ Stdlib::IP::Address::V6 {
Nftables::Rule["default_out-puppet-${index}"] {
content => "ip6 daddr ${pm} tcp dport ${puppetserver_port} accept",
content => "ip6 daddr ${ps} tcp dport ${puppetserver_port} accept",
}
} else {
Nftables::Rule["default_out-puppet-${index}"] {
content => "ip daddr ${pm} tcp dport ${puppetserver_port} accept",
content => "ip daddr ${ps} tcp dport ${puppetserver_port} accept",
}
}
}
Expand Down
39 changes: 39 additions & 0 deletions spec/classes/rules/out/puppet_spec.rb
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,39 @@
require 'spec_helper'

describe 'nftables::rules::out::puppet' do
on_supported_os.each do |os, os_facts|
context "on #{os}" do
let(:facts) { os_facts }
let(:params) do
{puppetserver: '1.2.3.4'}
end

context 'default options' do
it { is_expected.to compile }
it { is_expected.to contain_nftables__rule('default_out-puppet-0').with_content('ip daddr 1.2.3.4 tcp dport 8140 accept') }
end
context 'with different port' do
let(:params) do
super().merge({ puppetserver_port: 8141 })
end
it { is_expected.to compile }
it { is_expected.to contain_nftables__rule('default_out-puppet-0').with_content('ip daddr 1.2.3.4 tcp dport 8141 accept') }
end
context 'with ipv6 address' do
let(:params) do
{ puppetserver: 'fe80::1' }
end
it { is_expected.to compile }
it { is_expected.to contain_nftables__rule('default_out-puppet-0').with_content('ip6 daddr fe80::1 tcp dport 8140 accept') }
end
context 'with ipv6 & ipv4 address' do
let(:params) do
{ puppetserver: ['fe80::1','1.2.3.4'] }
end
it { is_expected.to compile }
it { is_expected.to contain_nftables__rule('default_out-puppet-0').with_content('ip6 daddr fe80::1 tcp dport 8140 accept') }
it { is_expected.to contain_nftables__rule('default_out-puppet-1').with_content('ip daddr 1.2.3.4 tcp dport 8140 accept') }
end
end
end
end

0 comments on commit f271db9

Please sign in to comment.