From 55ed8abed9293fdaacb817380891afcc9044c987 Mon Sep 17 00:00:00 2001 From: Pat Riehecky Date: Mon, 14 Sep 2020 14:41:34 -0500 Subject: [PATCH] Add parameter to set 'AllowZoneDrifting' --- manifests/init.pp | 10 ++++++++++ spec/classes/init_spec.rb | 14 ++++++++++++++ 2 files changed, 24 insertions(+) diff --git a/manifests/init.pp b/manifests/init.pp index c6f72c2f..9446e6b2 100644 --- a/manifests/init.pp +++ b/manifests/init.pp @@ -48,6 +48,7 @@ Optional[String] $default_zone = undef, Optional[Enum['off','all','unicast','broadcast','multicast']] $log_denied = undef, Optional[Enum['yes', 'no']] $cleanup_on_exit = undef, + Optional[Enum['yes', 'no']] $zone_drifting = undef, Optional[Integer] $minimal_mark = undef, Optional[Enum['yes', 'no']] $lockdown = undef, Optional[Enum['yes', 'no']] $ipv6_rpfilter = undef, @@ -199,6 +200,15 @@ } } + if $zone_drifting { + augeas { + 'firewalld::zone_drifting': + changes => [ + "set AllowZoneDrifting \"${zone_drifting}\"", + ]; + } + } + if $minimal_mark { augeas { 'firewalld::minimal_mark': diff --git a/spec/classes/init_spec.rb b/spec/classes/init_spec.rb index d93b03ea..36417d88 100644 --- a/spec/classes/init_spec.rb +++ b/spec/classes/init_spec.rb @@ -276,6 +276,20 @@ end end + context 'with parameter zone_drifting' do + let(:params) do + { + zone_drifting: 'yes' + } + end + + it do + is_expected.to contain_augeas('firewalld::zone_drifting').with( + changes: ['set AllowZoneDrifting "yes"'] + ) + end + end + context 'with parameter minimal_mark' do let(:params) do {