All rules employ a numbering system in the resource's title that is used for ordering. When titling your rules, make sure you prefix the rule with a number, for example, '000 accept all icmp requests'. _000_ runs first, _999_ runs last.
+**Note:** The ordering range 9000-9999 is reserved for unmanaged rules. Do not specify any firewall rules in this range.
+
### Default rules
You can place default rules in either `my_fw::pre` or `my_fw::post`, depending on when you would like them to run. Rules placed in the `pre` class will run first, and rules in the `post` class, last.
# Insert our new or updated rule in the correct order of named rules, but
# offset for unnamed rules.
- rules.reject { |r| r.match(unmanaged_rule_regex) }.sort.index(my_rule) + 1 + unnamed_offset
+ sorted_rules = rules.reject { |r| r.match(unmanaged_rule_regex) }.sort
+ raise 'Invalid ordering value in resource name. The range 9000-9999 is reserved for unmanaged rules.' if sorted_rules.index(my_rule).nil?
+ sorted_rules.index(my_rule) + 1 + unnamed_offset
end
end
end
end
end
+
+ context 'when invalid ordering range specified' do
+ pp = <<-PUPPETCODE
+ class { '::firewall': }
+ firewall { '9946 test': ensure => present }
+ PUPPETCODE
+ it 'fails' do
+ apply_manifest(pp, expect_failures: true) do |r|
+ expect(r.stderr).to match(%r{Invalid ordering value})
+ end
+ end
+ end
end
describe 'ensure' do
Code Review / puppet-modules / puppetlabs-firewall.git / commitdiff