From: Craig Gumbley <craiggumbley@gmail.com>
Date: Tue, 22 Feb 2022 12:23:35 +0000 (+0000)
Subject: (SEC-944) Configurable duplicate behaviour
X-Git-Tag: v3.4.0~1^2~3
X-Git-Url: https://review.fuel-infra.org/gitweb?a=commitdiff_plain;h=1c9914f7edc1384b3088c4d7720d9159acb3481c;p=puppet-modules%2Fpuppetlabs-firewall.git

(SEC-944) Configurable duplicate behaviour

Here we add a new parameter that determines how the puppet run will
behave if a duplicate system rule is encountered. The default is to
warn and continue.
---

diff --git a/lib/puppet/type/firewall.rb b/lib/puppet/type/firewall.rb
index e4cb1a2..d2ece90 100644
--- a/lib/puppet/type/firewall.rb
+++ b/lib/puppet/type/firewall.rb
@@ -234,6 +234,24 @@ Puppet::Type.newtype(:firewall) do
     newvalues(%r{^\d+[[:graph:][:space:]]+$})
   end
 
+  newparam(:onduplicaterulebehaviour) do
+    desc <<-PUPPETCODE
+      In certain situations it is possible for an unmanaged rule to exist
+      on the target system that has the same comment as the rule
+      specified in the manifest.
+
+      This setting determines what happens when such a duplicate is found.
+
+      It offers three options:
+
+        * ignore - The duplicate rule is ignored and any updates to the resource will continue unaffected.
+        * warn - The duplicate rule is logged as a warning and any updates to the resource will continue unaffected.
+        * error - The duplicate rule is logged as an error and any updates to the resource will be skipped.
+    PUPPETCODE
+    newvalues(:ignore, :warn, :error)
+    defaultto :warn
+  end
+
   newproperty(:action) do
     desc <<-PUPPETCODE
       This is the action to perform on a match. Can be one of: