This type provides the capability to manage firewall rules within
puppet.
- **Autorequires:** If Puppet is managing the iptables or ip6tables chains
- specified in the `chain` or `jump` parameters, the firewall resource
- will autorequire those firewallchain resources.
+ **Autorequires:**
+
+ If Puppet is managing the iptables or ip6tables chains specified in the
+ `chain` or `jump` parameters, the firewall resource will autorequire
+ those firewallchain resources.
+
+ If Puppet is managing the iptables or iptables-persistent packages, and
+ the provider is iptables or ip6tables, the firewall resource will
+ autorequire those packages to ensure that any required binaries are
+ installed.
EOS
feature :rate_limiting, "Rate limiting features."
reqs
end
+ # Classes would be a better abstraction, pending:
+ # http://projects.puppetlabs.com/issues/19001
+ autorequire(:package) do
+ case value(:provider)
+ when :iptables, :ip6tables
+ %w{iptables iptables-persistent}
+ else
+ []
+ end
+ end
+
validate do
debug("[validate]")
Currently this supports only iptables, ip6tables and ebtables on Linux. And
provides support for setting the default policy on chains and tables that
allow it.
+
+ **Autorequires:**
+ If Puppet is managing the iptables or iptables-persistent packages, and
+ the provider is iptables_chain, the firewall resource will autorequire
+ those packages to ensure that any required binaries are installed.
EOS
feature :iptables_chain, "The provider provides iptables chain features."
end
end
+ # Classes would be a better abstraction, pending:
+ # http://projects.puppetlabs.com/issues/19001
+ autorequire(:package) do
+ case value(:provider)
+ when :iptables_chain
+ %w{iptables iptables-persistent}
+ else
+ []
+ end
+ end
+
validate do
debug("[validate]")
lambda { @resource[:pkttype] = 'not valid' }.should raise_error(Puppet::Error)
end
end
+
+ describe 'autorequire packages' do
+ [:iptables, :ip6tables].each do |provider|
+ it "provider #{provider} should autorequire package iptables" do
+ @resource[:provider] = provider
+ @resource[:provider].should == provider
+ package = Puppet::Type.type(:package).new(:name => 'iptables')
+ catalog = Puppet::Resource::Catalog.new
+ catalog.add_resource @resource
+ catalog.add_resource package
+ rel = @resource.autorequire[0]
+ rel.source.ref.should == package.ref
+ rel.target.ref.should == @resource.ref
+ end
+
+ it "provider #{provider} should autorequire packages iptables and iptables-persistent" do
+ @resource[:provider] = provider
+ @resource[:provider].should == provider
+ packages = [
+ Puppet::Type.type(:package).new(:name => 'iptables'),
+ Puppet::Type.type(:package).new(:name => 'iptables-persistent')
+ ]
+ catalog = Puppet::Resource::Catalog.new
+ catalog.add_resource @resource
+ packages.each do |package|
+ catalog.add_resource package
+ end
+ packages.zip(@resource.autorequire) do |package, rel|
+ rel.source.ref.should == package.ref
+ rel.target.ref.should == @resource.ref
+ end
+ end
+ end
+ end
end
end
+ describe 'autorequire packages' do
+ it "provider iptables_chain should autorequire package iptables" do
+ resource[:provider].should == :iptables_chain
+ package = Puppet::Type.type(:package).new(:name => 'iptables')
+ catalog = Puppet::Resource::Catalog.new
+ catalog.add_resource resource
+ catalog.add_resource package
+ rel = resource.autorequire[0]
+ rel.source.ref.should == package.ref
+ rel.target.ref.should == resource.ref
+ end
+
+ it "provider iptables_chain should autorequire packages iptables and iptables-persistent" do
+ resource[:provider].should == :iptables_chain
+ packages = [
+ Puppet::Type.type(:package).new(:name => 'iptables'),
+ Puppet::Type.type(:package).new(:name => 'iptables-persistent')
+ ]
+ catalog = Puppet::Resource::Catalog.new
+ catalog.add_resource resource
+ packages.each do |package|
+ catalog.add_resource package
+ end
+ packages.zip(resource.autorequire) do |package, rel|
+ rel.source.ref.should == package.ref
+ rel.target.ref.should == resource.ref
+ end
+ end
+ end
end
Code Review / puppet-modules / puppetlabs-firewall.git / commitdiff