diff --git a/swh/lister/puppet/__init__.py b/swh/lister/puppet/__init__.py index 3e5e28d..5d8e6a3 100644 --- a/swh/lister/puppet/__init__.py +++ b/swh/lister/puppet/__init__.py @@ -1,108 +1,112 @@ # Copyright (C) 2022 The Software Heritage developers # See the AUTHORS file at the top-level directory of this distribution # License: GNU General Public License version 3, or any later version # See top-level LICENSE file for more information """ Puppet lister ============= The Puppet lister list origins from `Puppet Forge`_. Puppet Forge is a package manager for Puppet modules. As of September 2022 `Puppet Forge`_ list 6917 package names. Origins retrieving strategy --------------------------- To get a list of all package names we call an `http api endpoint`_ which have a `getModules`_ endpoint. It returns a paginated list of results and a `next` url. The api follow `OpenApi 3.0 specifications`. +The lister is incremental using ``with_release_since`` api argument whose value is an +iso date set regarding the last time the lister has been executed, stored as +``lister.state.last_listing_date``. + Page listing ------------ Each page returns a list of ``results`` which are raw data from api response. The results size is 100 as 100 is the maximum limit size allowed by the api. Origins from page ----------------- The lister yields one hundred origin url per page. Origin url is the html page corresponding to a package name on the forge, following this pattern:: "https://forge.puppet.com/modules/{owner}/{pkgname}" For each origin `last_update` is set via the module "updated_at" value. As the api also returns all existing versions for a package, we build an `artifacts` dict in `extra_loader_arguments` with the archive tarball corresponding to each existing versions. Example for ``file_concat`` module located at https://forge.puppet.com/modules/electrical/file_concat:: { "artifacts": [ { "url": "https://forgeapi.puppet.com/v3/files/electrical-file_concat-1.0.1.tar.gz", # noqa: B950 "version": "1.0.1", "filename": "electrical-file_concat-1.0.1.tar.gz", "last_update": "2015-04-17T01:03:46-07:00", "checksums": { "md5": "74901a89544134478c2dfde5efbb7f14", "sha256": "15e973613ea038d8a4f60bafe2d678f88f53f3624c02df3157c0043f4a400de6", # noqa: B950 }, }, { "url": "https://forgeapi.puppet.com/v3/files/electrical-file_concat-1.0.0.tar.gz", # noqa: B950 "version": "1.0.0", "filename": "electrical-file_concat-1.0.0.tar.gz", "last_update": "2015-04-09T12:03:13-07:00", "checksums": { "length": 13289, }, }, ], } Running tests ------------- Activate the virtualenv and run from within swh-lister directory:: pytest -s -vv --log-cli-level=DEBUG swh/lister/puppet/tests Testing with Docker ------------------- Change directory to swh/docker then launch the docker environment:: docker compose up -d Then schedule a Puppet listing task:: docker compose exec swh-scheduler swh scheduler task add -p oneshot list-puppet You can follow lister execution by displaying logs of swh-lister service:: docker compose logs -f swh-lister .. _Puppet Forge: https://forge.puppet.com/ .. _http api endpoint: https://forgeapi.puppet.com/ .. _getModules: https://forgeapi.puppet.com/#tag/Module-Operations/operation/getModules """ def register(): from .lister import PuppetLister return { "lister": PuppetLister, "task_modules": ["%s.tasks" % __name__], } diff --git a/swh/lister/puppet/lister.py b/swh/lister/puppet/lister.py index 80ac3da..39deecf 100644 --- a/swh/lister/puppet/lister.py +++ b/swh/lister/puppet/lister.py @@ -1,113 +1,155 @@ # Copyright (C) 2022 The Software Heritage developers # See the AUTHORS file at the top-level directory of this distribution # License: GNU General Public License version 3, or any later version # See top-level LICENSE file for more information -from datetime import datetime +from dataclasses import dataclass +from datetime import datetime, timedelta, timezone import logging from typing import Any, Dict, Iterator, List, Optional from urllib.parse import urljoin +import iso8601 + from swh.scheduler.interface import SchedulerInterface from swh.scheduler.model import ListedOrigin -from ..pattern import CredentialsType, StatelessLister +from ..pattern import CredentialsType, Lister logger = logging.getLogger(__name__) # Aliasing the page results returned by `get_pages` method from the lister. PuppetListerPage = List[Dict[str, Any]] -class PuppetLister(StatelessLister[PuppetListerPage]): +@dataclass +class PuppetListerState: + """Store lister state for incremental mode operations""" + + last_listing_date: Optional[datetime] = None + """Last date when Puppet lister was executed""" + + +class PuppetLister(Lister[PuppetListerState, PuppetListerPage]): """The Puppet lister list origins from 'Puppet Forge'""" LISTER_NAME = "puppet" VISIT_TYPE = "puppet" INSTANCE = "puppet" BASE_URL = "https://forgeapi.puppet.com/" def __init__( self, scheduler: SchedulerInterface, credentials: Optional[CredentialsType] = None, ): super().__init__( scheduler=scheduler, credentials=credentials, instance=self.INSTANCE, url=self.BASE_URL, ) + # Store the datetime the lister runs for incremental purpose + self.listing_date = datetime.now() + + def state_from_dict(self, d: Dict[str, Any]) -> PuppetListerState: + last_listing_date = d.get("last_listing_date") + if last_listing_date is not None: + d["last_listing_date"] = iso8601.parse_date(last_listing_date) + return PuppetListerState(**d) + + def state_to_dict(self, state: PuppetListerState) -> Dict[str, Any]: + d: Dict[str, Optional[str]] = {"last_listing_date": None} + last_listing_date = state.last_listing_date + if last_listing_date is not None: + d["last_listing_date"] = last_listing_date.isoformat() + return d def get_pages(self) -> Iterator[PuppetListerPage]: """Yield an iterator which returns 'page' It request the http api endpoint to get a paginated results of modules, and retrieve a `next` url. It ends when `next` json value is `null`. Open Api specification for getModules endpoint: https://forgeapi.puppet.com/#tag/Module-Operations/operation/getModules """ # limit = 100 is the max value for pagination limit: int = 100 - response = self.http_request( - f"{self.BASE_URL}v3/modules", params={"limit": limit} - ) + params: Dict[str, Any] = {"limit": limit} + + if self.state.last_listing_date: + # Incremental mode filter query + # To ensure we don't miss records between two lister runs `last_str`` must be + # set with an offset of -15 hours, which is the lower timezone recorded in the + # tzdb + last_str = ( + self.state.last_listing_date.astimezone(timezone(timedelta(hours=-15))) + .date() + .isoformat() + ) + params["with_release_since"] = last_str + + response = self.http_request(f"{self.BASE_URL}v3/modules", params=params) data: Dict[str, Any] = response.json() yield data["results"] while data["pagination"]["next"]: response = self.http_request( urljoin(self.BASE_URL, data["pagination"]["next"]) ) data = response.json() yield data["results"] def get_origins_from_page(self, page: PuppetListerPage) -> Iterator[ListedOrigin]: """Iterate on all pages and yield ListedOrigin instances.""" assert self.lister_obj.id is not None dt_parse_pattern = "%Y-%m-%d %H:%M:%S %z" for entry in page: last_update = datetime.strptime(entry["updated_at"], dt_parse_pattern) pkgname = entry["name"] owner = entry["owner"]["slug"] url = f"https://forge.puppet.com/modules/{owner}/{pkgname}" artifacts = [] for release in entry["releases"]: # Build an artifact entry following original-artifacts-json specification # https://docs.softwareheritage.org/devel/swh-storage/extrinsic-metadata-specification.html#original-artifacts-json # noqa: B950 checksums = {} if release["version"] == entry["current_release"]["version"]: # checksums are only available for current release for checksum in ("md5", "sha256"): checksums[checksum] = entry["current_release"][ f"file_{checksum}" ] else: # use file length as basic content check instead checksums["length"] = release["file_size"] artifacts.append( { "filename": release["file_uri"].split("/")[-1], "url": urljoin(self.BASE_URL, release["file_uri"]), "version": release["version"], "last_update": datetime.strptime( release["created_at"], dt_parse_pattern ).isoformat(), "checksums": checksums, } ) yield ListedOrigin( lister_id=self.lister_obj.id, visit_type=self.VISIT_TYPE, url=url, last_update=last_update, extra_loader_arguments={"artifacts": artifacts}, ) + + def finalize(self) -> None: + self.state.last_listing_date = self.listing_date + self.updated = True diff --git a/swh/lister/puppet/tests/data/https_forgeapi.puppet.com/v3_modules,limit=100,with_release_since=2022-09-26 b/swh/lister/puppet/tests/data/https_forgeapi.puppet.com/v3_modules,limit=100,with_release_since=2022-09-26 new file mode 100644 index 0000000..8bab26c --- /dev/null +++ b/swh/lister/puppet/tests/data/https_forgeapi.puppet.com/v3_modules,limit=100,with_release_since=2022-09-26 @@ -0,0 +1,286 @@ +{ + "pagination": { + "limit": 100, + "offset": 0, + "first": "/v3/modules?limit=100&with_release_since=2022-09-26&offset=0", + "previous": null, + "current": "/v3/modules?limit=100&with_release_since=2022-09-26&offset=0", + "next": null, + "total": 1 + }, + "results": [ + { + "uri": "/v3/modules/puppet-nftables", + "slug": "puppet-nftables", + "name": "nftables", + "downloads": 8031, + "created_at": "2020-12-15 02:15:22 -0800", + "updated_at": "2022-10-25 10:43:50 -0700", + "deprecated_at": null, + "deprecated_for": null, + "superseded_by": null, + "supported": false, + "endorsement": null, + "module_group": "base", + "owner": { + "uri": "/v3/users/puppet", + "slug": "puppet", + "username": "puppet", + "gravatar_id": "e700f5900e0f795fc6811516b475345a" + }, + "premium": false, + "current_release": { + "uri": "/v3/releases/puppet-nftables-2.6.0", + "slug": "puppet-nftables-2.6.0", + "module": { + "uri": "/v3/modules/puppet-nftables", + "slug": "puppet-nftables", + "name": "nftables", + "deprecated_at": null, + "owner": { + "uri": "/v3/users/puppet", + "slug": "puppet", + "username": "puppet", + "gravatar_id": "e700f5900e0f795fc6811516b475345a" + } + }, + "version": "2.6.0", + "metadata": { + "name": "puppet-nftables", + "version": "2.6.0", + "author": "Vox Pupuli", + "summary": "Puppet nftables module", + "license": "Apache-2.0", + "tags": [ + "firewall", + "security", + "nftables", + "iptables" + ], + "source": "https://github.com/voxpupuli/puppet-nftables.git", + "project_page": "https://github.com/voxpupuli/puppet-nftables", + "issues_url": "https://github.com/voxpupuli/puppet-nftables/issues", + "dependencies": [ + { + "name": "puppetlabs/concat", + "version_requirement": ">= 6.2.0 < 8.0.0" + }, + { + "name": "puppet/systemd", + "version_requirement": ">= 2.0.0 < 4.0.0" + }, + { + "name": "puppetlabs/stdlib", + "version_requirement": ">= 4.13.1 < 9.0.0" + } + ], + "operatingsystem_support": [ + { + "operatingsystem": "CentOS", + "operatingsystemrelease": [ + "8", + "9" + ] + }, + { + "operatingsystem": "OracleLinux", + "operatingsystemrelease": [ + "8", + "9" + ] + }, + { + "operatingsystem": "RedHat", + "operatingsystemrelease": [ + "8", + "9" + ] + }, + { + "operatingsystem": "Archlinux" + }, + { + "operatingsystem": "Debian", + "operatingsystemrelease": [ + "11" + ] + }, + { + "operatingsystem": "Ubuntu", + "operatingsystemrelease": [ + "20.04", + "22.04" + ] + } + ], + "requirements": [ + { + "name": "puppet", + "version_requirement": ">= 6.1.0 < 8.0.0" + } + ] + }, + "tags": [ + "iptables", + "security", + "firewall", + "nftables" + ], + "supported": false, + "pdk": false, + "validation_score": 100, + "file_uri": "/v3/files/puppet-nftables-2.6.0.tar.gz", + "file_size": 36251, + "file_md5": "563dcb90a8e9ea91ff1968452824f3aa", + "file_sha256": "53bcbd308220cfbcef298a12f736656c594179d0e4035564c9564f4e721dfff6", + "downloads": 65, + "readme": "# nftables puppet module\n\n[![Puppet Forge](https://img.shields.io/puppetforge/v/puppet/nftables.svg)](https://forge.puppetlabs.com/puppet/nftables)\n[![Puppet Forge - downloads](https://img.shields.io/puppetforge/dt/puppet/nftables.svg)](https://forge.puppetlabs.com/puppet/nftables)\n[![puppetmodule.info docs](http://www.puppetmodule.info/images/badge.png)](http://www.puppetmodule.info/m/puppet-nftables)\n[![Apache-2.0 License](https://img.shields.io/github/license/voxpupuli/puppet-nftables.svg)](LICENSE)\n\nThis module manages an opinionated nftables configuration.\n\nBy default it sets up a firewall that drops every incoming\nand outgoing connection.\n\nIt only allows outgoing dns, ntp and web and ingoing ssh\ntraffic, although this can be overridden using parameters.\n\nThe config file has a inet filter and a ip nat table setup.\n\nAdditionally, the module comes with a basic infrastructure\nto hook into different places.\n\n## Configuration\n\nThe main configuration file loaded by the nftables service\nwill be `files/config/puppet.nft`, all other files created\nby that module go into `files/config/puppet` and will also\nbe purged if not managed anymore.\n\nThe main configuration file includes dedicated files for\nthe filter and nat tables, as well as processes any\n`custom-*.nft` files before hand.\n\nThe filter and NAT tables both have all the master chains\n(INPUT, OUTPUT, FORWARD in case of filter and PREROUTING\nand POSTROUTING in case of NAT) configured, to which you\ncan hook in your own chains that can contain specific\nrules.\n\nAll filter masterchains drop by default.\nBy default we have a set of default_MASTERCHAIN chains\nconfigured to which you can easily add your custom rules.\n\nFor specific needs you can add your own chain.\n\nThere is a global chain, that defines the default behavior\nfor all masterchains. This chain is empty by default.\n\nINPUT and OUTPUT to the loopback device is allowed by\ndefault, though you could restrict it later.\n\nOn the other hand, if you don't want any of the default tables, chains\nand rules created by the module, you can set `nftables::inet_filter`\nand/or `nftables::nat` to `false` and build your whole nftables\nconfiguration from scratch by using the building blocks provided by\nthis module. Looking at `nftables::inet_filter` for inspiration might\nbe a good idea.\n\n## Rules Validation\n\nInitially puppet deploys all configuration to\n`/etc/nftables/puppet-preflight/` and\n`/etc/nftables/puppet-preflight.nft`. This is validated with\n`nfc -c -L /etc/nftables/puppet-preflight/ -f /etc/nftables/puppet-preflight.nft`.\nIf and only if successful the configuration will be copied to\nthe real locations before the service is reloaded.\n\n## Basic types\n\n### nftables::config\n\nManages a raw file in `/etc/nftables/puppet/${name}.nft`\n\nUse this for any custom table files.\n\n### nftables::chain\n\nPrepares a chain file as a `concat` file to which you will\nbe able to add dedicated rules through `nftables::rule`.\n\nThe name must be unique for all chains. The inject\nparameter can be used to directly add a jump to a\nmasterchain. inject must follow the pattern\n`ORDER-MASTERCHAIN`, where order references a 2-digit\nnumber which defines the rule order (by default use e.g. 20)\nand masterchain references the chain to hook in the new\nchain. It's possible to specify the in-interface name and\nout-interface name for the inject rule.\n\n### nftables::rule\n\nA simple way to add rules to any chain. The name must be:\n`CHAIN_NAME-rulename`, where CHAIN_NAME refers to your\nchain and an arbitrary name for your rule.\nThe rule will be a `concat::fragment` to the chain\n`CHAIN_NAME`.\n\nYou can define the order by using the `order` param.\n\nBefore defining your own rule, take a look to the list of ready-to-use rules\navailable in the\n[REFERENCE](https://github.com/voxpupuli/puppet-nftables/blob/master/REFERENCE.md),\nsomebody might have encapsulated a rule definition for you already.\n\n### nftables::set\n\nAdds a named set to a given table. It allows composing the\nset using individual parameters but also takes raw input\nvia the content and source parameters.\n\n### nftables::simplerule\n\nAllows expressing firewall rules without having to use nftables's language by\nadding an abstraction layer a-la-Firewall. It's rather limited how far you can\ngo so if you need rather complex rules or you can speak nftables it's\nrecommended to use `nftables::rule` directly.\n\n## Facts\n\nOne structured fact `nftables` is available\n\n```\n{\n tables => [\n \"bridge-filter\",\n \"bridge-nat\",\n \"inet-firewalld\",\n \"ip-firewalld\",\n \"ip6-firewalld\"\n ],\n version => \"0.9.3\"\n}\n```\n\n* `nftables.version` is the version of the nft command from `nft --version`.\n* `nftables.tables` is the list of tables installed on the machine from `nft list tables`.\n\n## Editor goodies\n\nIf you're using Emacs there are some snippets for\n[Yasnippet](https://github.com/joaotavora/yasnippet) available\n[here](https://github.com/nbarrientos/dotfiles/tree/master/.emacs.d/snippets/puppet-mode)\nthat could make your life easier when using the module. This is third\nparty configuration that's only included here for reference so changes\nin the interfaces exposed by this module are not guaranteed to be\nautomatically applied there.\n", + "changelog": "# Changelog\n\nAll notable changes to this project will be documented in this file.\nEach new release typically also includes the latest modulesync defaults.\nThese should not affect the functionality of the module.\n\n## [v2.6.0](https://github.com/voxpupuli/puppet-nftables/tree/v2.6.0) (2022-10-25)\n\n[Full Changelog](https://github.com/voxpupuli/puppet-nftables/compare/v2.5.0...v2.6.0)\n\n**Implemented enhancements:**\n\n- Add class for outgoing HKP firewalling [\\#153](https://github.com/voxpupuli/puppet-nftables/pull/153) ([bastelfreak](https://github.com/bastelfreak))\n- Add Ubuntu support [\\#152](https://github.com/voxpupuli/puppet-nftables/pull/152) ([bastelfreak](https://github.com/bastelfreak))\n- split conntrack management into dedicated classes [\\#148](https://github.com/voxpupuli/puppet-nftables/pull/148) ([duritong](https://github.com/duritong))\n- New nftables::file type to include raw file [\\#147](https://github.com/voxpupuli/puppet-nftables/pull/147) ([traylenator](https://github.com/traylenator))\n\n**Closed issues:**\n\n- Add ability to include completely raw files [\\#146](https://github.com/voxpupuli/puppet-nftables/issues/146)\n- Add support for Debian [\\#65](https://github.com/voxpupuli/puppet-nftables/issues/65)\n\n## [v2.5.0](https://github.com/voxpupuli/puppet-nftables/tree/v2.5.0) (2022-08-26)\n\n[Full Changelog](https://github.com/voxpupuli/puppet-nftables/compare/v2.4.0...v2.5.0)\n\n**Implemented enhancements:**\n\n- Add all nftables families as a valid noflush pattern [\\#142](https://github.com/voxpupuli/puppet-nftables/pull/142) ([luisfdez](https://github.com/luisfdez))\n\n**Fixed bugs:**\n\n- Properly escape bridge in rulename [\\#144](https://github.com/voxpupuli/puppet-nftables/pull/144) ([duritong](https://github.com/duritong))\n\n**Closed issues:**\n\n- nftables::bridges creates invalid rule names when bridge devices have multiple IP addresses [\\#143](https://github.com/voxpupuli/puppet-nftables/issues/143)\n\n## [v2.4.0](https://github.com/voxpupuli/puppet-nftables/tree/v2.4.0) (2022-07-11)\n\n[Full Changelog](https://github.com/voxpupuli/puppet-nftables/compare/v2.3.0...v2.4.0)\n\n**Implemented enhancements:**\n\n- Add rule to allow outgoing whois queries [\\#140](https://github.com/voxpupuli/puppet-nftables/pull/140) ([bastelfreak](https://github.com/bastelfreak))\n- chrony: Allow filtering for outgoing NTP servers [\\#139](https://github.com/voxpupuli/puppet-nftables/pull/139) ([bastelfreak](https://github.com/bastelfreak))\n- Add class for pxp-agent firewalling [\\#138](https://github.com/voxpupuli/puppet-nftables/pull/138) ([bastelfreak](https://github.com/bastelfreak))\n\n## [v2.3.0](https://github.com/voxpupuli/puppet-nftables/tree/v2.3.0) (2022-07-06)\n\n[Full Changelog](https://github.com/voxpupuli/puppet-nftables/compare/v2.2.1...v2.3.0)\n\n**Implemented enhancements:**\n\n- systemctl: Use relative path [\\#136](https://github.com/voxpupuli/puppet-nftables/pull/136) ([bastelfreak](https://github.com/bastelfreak))\n- Add Debian support [\\#134](https://github.com/voxpupuli/puppet-nftables/pull/134) ([bastelfreak](https://github.com/bastelfreak))\n- make path to echo configureable [\\#133](https://github.com/voxpupuli/puppet-nftables/pull/133) ([bastelfreak](https://github.com/bastelfreak))\n- make path to `nft` binary configureable [\\#132](https://github.com/voxpupuli/puppet-nftables/pull/132) ([bastelfreak](https://github.com/bastelfreak))\n\n## [v2.2.1](https://github.com/voxpupuli/puppet-nftables/tree/v2.2.1) (2022-05-02)\n\n[Full Changelog](https://github.com/voxpupuli/puppet-nftables/compare/v2.2.0...v2.2.1)\n\n**Merged pull requests:**\n\n- rspec mock systemd process on docker [\\#128](https://github.com/voxpupuli/puppet-nftables/pull/128) ([traylenator](https://github.com/traylenator))\n\n## [v2.2.0](https://github.com/voxpupuli/puppet-nftables/tree/v2.2.0) (2022-02-27)\n\n[Full Changelog](https://github.com/voxpupuli/puppet-nftables/compare/v2.1.0...v2.2.0)\n\n**Implemented enhancements:**\n\n- Add support for Arch Linux [\\#124](https://github.com/voxpupuli/puppet-nftables/pull/124) ([hashworks](https://github.com/hashworks))\n- Declare support for RHEL9, CentOS9 and OL9 [\\#120](https://github.com/voxpupuli/puppet-nftables/pull/120) ([nbarrientos](https://github.com/nbarrientos))\n- Rubocop corrections for rubocop 1.22.3 [\\#118](https://github.com/voxpupuli/puppet-nftables/pull/118) ([traylenator](https://github.com/traylenator))\n- Use protocol number instead of label [\\#112](https://github.com/voxpupuli/puppet-nftables/pull/112) ([keachi](https://github.com/keachi))\n\n**Fixed bugs:**\n\n- Ensure that nftables.service remains active after it exits [\\#125](https://github.com/voxpupuli/puppet-nftables/pull/125) ([hashworks](https://github.com/hashworks))\n\n**Merged pull requests:**\n\n- Fix typos in initial reference examples [\\#122](https://github.com/voxpupuli/puppet-nftables/pull/122) ([hashworks](https://github.com/hashworks))\n\n## [v2.1.0](https://github.com/voxpupuli/puppet-nftables/tree/v2.1.0) (2021-09-14)\n\n[Full Changelog](https://github.com/voxpupuli/puppet-nftables/compare/v2.0.0...v2.1.0)\n\n**Implemented enhancements:**\n\n- nftables::set can only be assigned to 1 table [\\#100](https://github.com/voxpupuli/puppet-nftables/issues/100)\n- support a different table name for 'nat' [\\#107](https://github.com/voxpupuli/puppet-nftables/pull/107) ([figless](https://github.com/figless))\n- Allow declaring the same set in several tables [\\#102](https://github.com/voxpupuli/puppet-nftables/pull/102) ([nbarrientos](https://github.com/nbarrientos))\n\n**Fixed bugs:**\n\n- fix datatype for $table and $dport [\\#104](https://github.com/voxpupuli/puppet-nftables/pull/104) ([bastelfreak](https://github.com/bastelfreak))\n\n**Merged pull requests:**\n\n- Allow stdlib 8.0.0 [\\#106](https://github.com/voxpupuli/puppet-nftables/pull/106) ([smortex](https://github.com/smortex))\n- switch from camptocamp/systemd to voxpupuli/systemd [\\#103](https://github.com/voxpupuli/puppet-nftables/pull/103) ([bastelfreak](https://github.com/bastelfreak))\n- pull fixtures from git and not forge [\\#99](https://github.com/voxpupuli/puppet-nftables/pull/99) ([bastelfreak](https://github.com/bastelfreak))\n\n## [v2.0.0](https://github.com/voxpupuli/puppet-nftables/tree/v2.0.0) (2021-06-03)\n\n[Full Changelog](https://github.com/voxpupuli/puppet-nftables/compare/v1.3.0...v2.0.0)\n\n**Breaking changes:**\n\n- Drop Puppet 5, puppetlabs/concat 7.x, puppetlabs/stdlib 7.x, camptocamp/systemd: 3.x [\\#92](https://github.com/voxpupuli/puppet-nftables/pull/92) ([traylenator](https://github.com/traylenator))\n- Drop Puppet 5 support [\\#79](https://github.com/voxpupuli/puppet-nftables/pull/79) ([kenyon](https://github.com/kenyon))\n\n**Implemented enhancements:**\n\n- Ability to set base chains [\\#95](https://github.com/voxpupuli/puppet-nftables/issues/95)\n- puppetlabs/concat: Allow 7.x [\\#91](https://github.com/voxpupuli/puppet-nftables/pull/91) ([bastelfreak](https://github.com/bastelfreak))\n- puppetlabs/stdlib: Allow 7.x [\\#90](https://github.com/voxpupuli/puppet-nftables/pull/90) ([bastelfreak](https://github.com/bastelfreak))\n- camptocamp/systemd: allow 3.x [\\#89](https://github.com/voxpupuli/puppet-nftables/pull/89) ([bastelfreak](https://github.com/bastelfreak))\n\n**Fixed bugs:**\n\n- Fix IPv4 source address type detection [\\#93](https://github.com/voxpupuli/puppet-nftables/pull/93) ([nbarrientos](https://github.com/nbarrientos))\n\n**Closed issues:**\n\n- Class\\[Nftables::Bridges\\]\\['bridgenames'\\] contains a Regexp value. It will be converted to the String '/^br.+/' [\\#83](https://github.com/voxpupuli/puppet-nftables/issues/83)\n\n**Merged pull requests:**\n\n- Allow creating a totally empty firewall [\\#96](https://github.com/voxpupuli/puppet-nftables/pull/96) ([nbarrientos](https://github.com/nbarrientos))\n- Amend link to Yasnippets [\\#88](https://github.com/voxpupuli/puppet-nftables/pull/88) ([nbarrientos](https://github.com/nbarrientos))\n\n## [v1.3.0](https://github.com/voxpupuli/puppet-nftables/tree/v1.3.0) (2021-03-25)\n\n[Full Changelog](https://github.com/voxpupuli/puppet-nftables/compare/v1.2.0...v1.3.0)\n\n**Implemented enhancements:**\n\n- Add rules for QEMU/libvirt guests \\(bridged virtual networking\\) [\\#85](https://github.com/voxpupuli/puppet-nftables/pull/85) ([nbarrientos](https://github.com/nbarrientos))\n- Add nftables.version to structured fact. [\\#84](https://github.com/voxpupuli/puppet-nftables/pull/84) ([traylenator](https://github.com/traylenator))\n- Add rules for Apache ActiveMQ [\\#82](https://github.com/voxpupuli/puppet-nftables/pull/82) ([nbarrientos](https://github.com/nbarrientos))\n- Add Docker-CE default rules [\\#80](https://github.com/voxpupuli/puppet-nftables/pull/80) ([luisfdez](https://github.com/luisfdez))\n\n**Closed issues:**\n\n- Increase puppetlabs/concat version in metadata [\\#78](https://github.com/voxpupuli/puppet-nftables/issues/78)\n\n**Merged pull requests:**\n\n- Fix sections and add a pointer to code snippets for Emacs [\\#81](https://github.com/voxpupuli/puppet-nftables/pull/81) ([nbarrientos](https://github.com/nbarrientos))\n\n## [v1.2.0](https://github.com/voxpupuli/puppet-nftables/tree/v1.2.0) (2021-03-03)\n\n[Full Changelog](https://github.com/voxpupuli/puppet-nftables/compare/v1.1.1...v1.2.0)\n\n**Implemented enhancements:**\n\n- start declaring the 'global' chain with module resources [\\#73](https://github.com/voxpupuli/puppet-nftables/pull/73) ([lelutin](https://github.com/lelutin))\n\n**Fixed bugs:**\n\n- nftables service is broken after reboot [\\#74](https://github.com/voxpupuli/puppet-nftables/issues/74)\n- fix \\#74 - ensure table are initialized before flushing them [\\#75](https://github.com/voxpupuli/puppet-nftables/pull/75) ([duritong](https://github.com/duritong))\n\n## [v1.1.1](https://github.com/voxpupuli/puppet-nftables/tree/v1.1.1) (2021-01-29)\n\n[Full Changelog](https://github.com/voxpupuli/puppet-nftables/compare/v1.1.0...v1.1.1)\n\n**Fixed bugs:**\n\n- Simplerule: wrong IP protocol version filter statement for IPv6 traffic [\\#69](https://github.com/voxpupuli/puppet-nftables/issues/69)\n- Fix IP version filter for IPv6 traffic [\\#70](https://github.com/voxpupuli/puppet-nftables/pull/70) ([nbarrientos](https://github.com/nbarrientos))\n\n**Merged pull requests:**\n\n- Improve nftables::rule's documentation [\\#68](https://github.com/voxpupuli/puppet-nftables/pull/68) ([nbarrientos](https://github.com/nbarrientos))\n\n## [v1.1.0](https://github.com/voxpupuli/puppet-nftables/tree/v1.1.0) (2021-01-25)\n\n[Full Changelog](https://github.com/voxpupuli/puppet-nftables/compare/v1.0.0...v1.1.0)\n\n**Implemented enhancements:**\n\n- Enable parameter\\_documentation lint [\\#64](https://github.com/voxpupuli/puppet-nftables/pull/64) ([traylenator](https://github.com/traylenator))\n- Add Samba in rules [\\#62](https://github.com/voxpupuli/puppet-nftables/pull/62) ([glpatcern](https://github.com/glpatcern))\n- Add some mail related outgoing rules [\\#60](https://github.com/voxpupuli/puppet-nftables/pull/60) ([duritong](https://github.com/duritong))\n\n**Fixed bugs:**\n\n- nftables::simplerule should follow the same rules as nftables::rule [\\#58](https://github.com/voxpupuli/puppet-nftables/issues/58)\n- Align simplerule and rule rulename requirements [\\#59](https://github.com/voxpupuli/puppet-nftables/pull/59) ([nbarrientos](https://github.com/nbarrientos))\n\n**Closed issues:**\n\n- Get it under the voxpupuli umbrella [\\#35](https://github.com/voxpupuli/puppet-nftables/issues/35)\n\n**Merged pull requests:**\n\n- Add badges to README [\\#63](https://github.com/voxpupuli/puppet-nftables/pull/63) ([traylenator](https://github.com/traylenator))\n- Check that all the predefined rules are declared in the all rules acceptance test [\\#53](https://github.com/voxpupuli/puppet-nftables/pull/53) ([nbarrientos](https://github.com/nbarrientos))\n\n## [v1.0.0](https://github.com/voxpupuli/puppet-nftables/tree/v1.0.0) (2020-12-15)\n\n[Full Changelog](https://github.com/voxpupuli/puppet-nftables/compare/0ba57c66a35ed4e9b570d8a6315a33a1c4ba3181...v1.0.0)\n\n**Breaking changes:**\n\n- switch the server naming [\\#42](https://github.com/voxpupuli/puppet-nftables/pull/42) ([duritong](https://github.com/duritong))\n\n**Implemented enhancements:**\n\n- Use Stdlib::Port everywhere in place of Integer [\\#56](https://github.com/voxpupuli/puppet-nftables/pull/56) ([traylenator](https://github.com/traylenator))\n- Enable Puppet 7 support [\\#51](https://github.com/voxpupuli/puppet-nftables/pull/51) ([bastelfreak](https://github.com/bastelfreak))\n- Several fixes for nftables::config [\\#48](https://github.com/voxpupuli/puppet-nftables/pull/48) ([nbarrientos](https://github.com/nbarrientos))\n- rubocop corrections [\\#41](https://github.com/voxpupuli/puppet-nftables/pull/41) ([traylenator](https://github.com/traylenator))\n- Add basic configuration validation acceptance test [\\#38](https://github.com/voxpupuli/puppet-nftables/pull/38) ([traylenator](https://github.com/traylenator))\n- Remove duplicate flush on reload [\\#34](https://github.com/voxpupuli/puppet-nftables/pull/34) ([traylenator](https://github.com/traylenator))\n- Add nftables::simplerule [\\#33](https://github.com/voxpupuli/puppet-nftables/pull/33) ([nbarrientos](https://github.com/nbarrientos))\n- Add Ceph and NFS rules [\\#32](https://github.com/voxpupuli/puppet-nftables/pull/32) ([dvanders](https://github.com/dvanders))\n- New parameter noflush\\_tables to selectivly skip flush [\\#31](https://github.com/voxpupuli/puppet-nftables/pull/31) ([traylenator](https://github.com/traylenator))\n- Scientific Linux 8 will never exist [\\#30](https://github.com/voxpupuli/puppet-nftables/pull/30) ([traylenator](https://github.com/traylenator))\n- Enable conntrack in FORWARD [\\#29](https://github.com/voxpupuli/puppet-nftables/pull/29) ([keachi](https://github.com/keachi))\n- Do not test nftables::rules repeatadly [\\#28](https://github.com/voxpupuli/puppet-nftables/pull/28) ([traylenator](https://github.com/traylenator))\n- Allow sourcing sets from Hiera [\\#26](https://github.com/voxpupuli/puppet-nftables/pull/26) ([nbarrientos](https://github.com/nbarrientos))\n- Allow disabling default NAT tables and chains [\\#25](https://github.com/voxpupuli/puppet-nftables/pull/25) ([nbarrientos](https://github.com/nbarrientos))\n- Set a customisable rate limit to the logging rules [\\#22](https://github.com/voxpupuli/puppet-nftables/pull/22) ([nbarrientos](https://github.com/nbarrientos))\n- Make masking Service\\['firewalld'\\] optional [\\#20](https://github.com/voxpupuli/puppet-nftables/pull/20) ([nbarrientos](https://github.com/nbarrientos))\n- Move ICMP stuff to separate classes allowing better customisation [\\#16](https://github.com/voxpupuli/puppet-nftables/pull/16) ([nbarrientos](https://github.com/nbarrientos))\n- Move conntrack rules from global to INPUT and OUTPUT [\\#14](https://github.com/voxpupuli/puppet-nftables/pull/14) ([nbarrientos](https://github.com/nbarrientos))\n- Add comments for all the nftable::rules entries [\\#13](https://github.com/voxpupuli/puppet-nftables/pull/13) ([traylenator](https://github.com/traylenator))\n- Allow tables to add comments to $log\\_prefix [\\#12](https://github.com/voxpupuli/puppet-nftables/pull/12) ([nbarrientos](https://github.com/nbarrientos))\n- Reload rules atomically and verify rules before deploy [\\#10](https://github.com/voxpupuli/puppet-nftables/pull/10) ([traylenator](https://github.com/traylenator))\n- Allow raw sets and dashes in set names [\\#8](https://github.com/voxpupuli/puppet-nftables/pull/8) ([nbarrientos](https://github.com/nbarrientos))\n- Add a parameter to control the fate of discarded traffic [\\#7](https://github.com/voxpupuli/puppet-nftables/pull/7) ([nbarrientos](https://github.com/nbarrientos))\n- Add rules for afs3\\_callback in and out rules for kerberos and openafs. [\\#6](https://github.com/voxpupuli/puppet-nftables/pull/6) ([traylenator](https://github.com/traylenator))\n- Allow customising the log prefix [\\#5](https://github.com/voxpupuli/puppet-nftables/pull/5) ([nbarrientos](https://github.com/nbarrientos))\n- Add classes encapsulating rules for DHCPv6 client traffic \\(in/out\\) [\\#4](https://github.com/voxpupuli/puppet-nftables/pull/4) ([nbarrientos](https://github.com/nbarrientos))\n- Add support for named sets [\\#3](https://github.com/voxpupuli/puppet-nftables/pull/3) ([nbarrientos](https://github.com/nbarrientos))\n- New parameter out\\_all, default false [\\#1](https://github.com/voxpupuli/puppet-nftables/pull/1) ([traylenator](https://github.com/traylenator))\n\n**Fixed bugs:**\n\n- Correct nfs3 invalid udp /tcp matching rule and more tests [\\#50](https://github.com/voxpupuli/puppet-nftables/pull/50) ([traylenator](https://github.com/traylenator))\n- Prefix custom tables with custom- so they're loaded [\\#47](https://github.com/voxpupuli/puppet-nftables/pull/47) ([nbarrientos](https://github.com/nbarrientos))\n- Correct bad merge [\\#15](https://github.com/voxpupuli/puppet-nftables/pull/15) ([traylenator](https://github.com/traylenator))\n\n**Closed issues:**\n\n- deploying custom tables is broken [\\#45](https://github.com/voxpupuli/puppet-nftables/issues/45)\n- Switch to Stdlib::Port everywhere [\\#37](https://github.com/voxpupuli/puppet-nftables/issues/37)\n- Add set definition from Hiera [\\#24](https://github.com/voxpupuli/puppet-nftables/issues/24)\n- Add an option to disable NAT [\\#23](https://github.com/voxpupuli/puppet-nftables/issues/23)\n- Add an option to limit the rate of logged messages [\\#19](https://github.com/voxpupuli/puppet-nftables/issues/19)\n- Rule API [\\#17](https://github.com/voxpupuli/puppet-nftables/issues/17)\n- Publish to forge.puppet.com [\\#11](https://github.com/voxpupuli/puppet-nftables/issues/11)\n- The global chain contains INPUT specific rules [\\#9](https://github.com/voxpupuli/puppet-nftables/issues/9)\n- The fate of forbidden packets should be configurable [\\#2](https://github.com/voxpupuli/puppet-nftables/issues/2)\n\n**Merged pull requests:**\n\n- Docs for nftables::set [\\#55](https://github.com/voxpupuli/puppet-nftables/pull/55) ([traylenator](https://github.com/traylenator))\n- Remove a blank separating the doc string and the code [\\#52](https://github.com/voxpupuli/puppet-nftables/pull/52) ([nbarrientos](https://github.com/nbarrientos))\n- Release 1.0.0 [\\#49](https://github.com/voxpupuli/puppet-nftables/pull/49) ([traylenator](https://github.com/traylenator))\n- Correct layout of ignore table example [\\#44](https://github.com/voxpupuli/puppet-nftables/pull/44) ([traylenator](https://github.com/traylenator))\n- Fix typos and formatting in the README [\\#43](https://github.com/voxpupuli/puppet-nftables/pull/43) ([nbarrientos](https://github.com/nbarrientos))\n- Comment why firewalld\\_enable parameter is required [\\#40](https://github.com/voxpupuli/puppet-nftables/pull/40) ([traylenator](https://github.com/traylenator))\n- modulesync 4.0.0 [\\#36](https://github.com/voxpupuli/puppet-nftables/pull/36) ([traylenator](https://github.com/traylenator))\n- Refresh REFERENCE [\\#27](https://github.com/voxpupuli/puppet-nftables/pull/27) ([traylenator](https://github.com/traylenator))\n\n\n\n\\* *This Changelog was automatically generated by [github_changelog_generator](https://github.com/github-changelog-generator/github-changelog-generator)*\n", + "license": " Apache License\n Version 2.0, January 2004\n http://www.apache.org/licenses/\n\n TERMS AND CONDITIONS FOR USE, REPRODUCTION, AND DISTRIBUTION\n\n 1. Definitions.\n\n \"License\" shall mean the terms and conditions for use, reproduction,\n and distribution as defined by Sections 1 through 9 of this document.\n\n \"Licensor\" shall mean the copyright owner or entity authorized by\n the copyright owner that is granting the License.\n\n \"Legal Entity\" shall mean the union of the acting entity and all\n other entities that control, are controlled by, or are under common\n control with that entity. For the purposes of this definition,\n \"control\" means (i) the power, direct or indirect, to cause the\n direction or management of such entity, whether by contract or\n otherwise, or (ii) ownership of fifty percent (50%) or more of the\n outstanding shares, or (iii) beneficial ownership of such entity.\n\n \"You\" (or \"Your\") shall mean an individual or Legal Entity\n exercising permissions granted by this License.\n\n \"Source\" form shall mean the preferred form for making modifications,\n including but not limited to software source code, documentation\n source, and configuration files.\n\n \"Object\" form shall mean any form resulting from mechanical\n transformation or translation of a Source form, including but\n not limited to compiled object code, generated documentation,\n and conversions to other media types.\n\n \"Work\" shall mean the work of authorship, whether in Source or\n Object form, made available under the License, as indicated by a\n copyright notice that is included in or attached to the work\n (an example is provided in the Appendix below).\n\n \"Derivative Works\" shall mean any work, whether in Source or Object\n form, that is based on (or derived from) the Work and for which the\n editorial revisions, annotations, elaborations, or other modifications\n represent, as a whole, an original work of authorship. For the purposes\n of this License, Derivative Works shall not include works that remain\n separable from, or merely link (or bind by name) to the interfaces of,\n the Work and Derivative Works thereof.\n\n \"Contribution\" shall mean any work of authorship, including\n the original version of the Work and any modifications or additions\n to that Work or Derivative Works thereof, that is intentionally\n submitted to Licensor for inclusion in the Work by the copyright owner\n or by an individual or Legal Entity authorized to submit on behalf of\n the copyright owner. For the purposes of this definition, \"submitted\"\n means any form of electronic, verbal, or written communication sent\n to the Licensor or its representatives, including but not limited to\n communication on electronic mailing lists, source code control systems,\n and issue tracking systems that are managed by, or on behalf of, the\n Licensor for the purpose of discussing and improving the Work, but\n excluding communication that is conspicuously marked or otherwise\n designated in writing by the copyright owner as \"Not a Contribution.\"\n\n \"Contributor\" shall mean Licensor and any individual or Legal Entity\n on behalf of whom a Contribution has been received by Licensor and\n subsequently incorporated within the Work.\n\n 2. Grant of Copyright License. Subject to the terms and conditions of\n this License, each Contributor hereby grants to You a perpetual,\n worldwide, non-exclusive, no-charge, royalty-free, irrevocable\n copyright license to reproduce, prepare Derivative Works of,\n publicly display, publicly perform, sublicense, and distribute the\n Work and such Derivative Works in Source or Object form.\n\n 3. Grant of Patent License. Subject to the terms and conditions of\n this License, each Contributor hereby grants to You a perpetual,\n worldwide, non-exclusive, no-charge, royalty-free, irrevocable\n (except as stated in this section) patent license to make, have made,\n use, offer to sell, sell, import, and otherwise transfer the Work,\n where such license applies only to those patent claims licensable\n by such Contributor that are necessarily infringed by their\n Contribution(s) alone or by combination of their Contribution(s)\n with the Work to which such Contribution(s) was submitted. If You\n institute patent litigation against any entity (including a\n cross-claim or counterclaim in a lawsuit) alleging that the Work\n or a Contribution incorporated within the Work constitutes direct\n or contributory patent infringement, then any patent licenses\n granted to You under this License for that Work shall terminate\n as of the date such litigation is filed.\n\n 4. Redistribution. You may reproduce and distribute copies of the\n Work or Derivative Works thereof in any medium, with or without\n modifications, and in Source or Object form, provided that You\n meet the following conditions:\n\n (a) You must give any other recipients of the Work or\n Derivative Works a copy of this License; and\n\n (b) You must cause any modified files to carry prominent notices\n stating that You changed the files; and\n\n (c) You must retain, in the Source form of any Derivative Works\n that You distribute, all copyright, patent, trademark, and\n attribution notices from the Source form of the Work,\n excluding those notices that do not pertain to any part of\n the Derivative Works; and\n\n (d) If the Work includes a \"NOTICE\" text file as part of its\n distribution, then any Derivative Works that You distribute must\n include a readable copy of the attribution notices contained\n within such NOTICE file, excluding those notices that do not\n pertain to any part of the Derivative Works, in at least one\n of the following places: within a NOTICE text file distributed\n as part of the Derivative Works; within the Source form or\n documentation, if provided along with the Derivative Works; or,\n within a display generated by the Derivative Works, if and\n wherever such third-party notices normally appear. The contents\n of the NOTICE file are for informational purposes only and\n do not modify the License. You may add Your own attribution\n notices within Derivative Works that You distribute, alongside\n or as an addendum to the NOTICE text from the Work, provided\n that such additional attribution notices cannot be construed\n as modifying the License.\n\n You may add Your own copyright statement to Your modifications and\n may provide additional or different license terms and conditions\n for use, reproduction, or distribution of Your modifications, or\n for any such Derivative Works as a whole, provided Your use,\n reproduction, and distribution of the Work otherwise complies with\n the conditions stated in this License.\n\n 5. Submission of Contributions. Unless You explicitly state otherwise,\n any Contribution intentionally submitted for inclusion in the Work\n by You to the Licensor shall be under the terms and conditions of\n this License, without any additional terms or conditions.\n Notwithstanding the above, nothing herein shall supersede or modify\n the terms of any separate license agreement you may have executed\n with Licensor regarding such Contributions.\n\n 6. Trademarks. This License does not grant permission to use the trade\n names, trademarks, service marks, or product names of the Licensor,\n except as required for reasonable and customary use in describing the\n origin of the Work and reproducing the content of the NOTICE file.\n\n 7. Disclaimer of Warranty. Unless required by applicable law or\n agreed to in writing, Licensor provides the Work (and each\n Contributor provides its Contributions) on an \"AS IS\" BASIS,\n WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or\n implied, including, without limitation, any warranties or conditions\n of TITLE, NON-INFRINGEMENT, MERCHANTABILITY, or FITNESS FOR A\n PARTICULAR PURPOSE. You are solely responsible for determining the\n appropriateness of using or redistributing the Work and assume any\n risks associated with Your exercise of permissions under this License.\n\n 8. Limitation of Liability. In no event and under no legal theory,\n whether in tort (including negligence), contract, or otherwise,\n unless required by applicable law (such as deliberate and grossly\n negligent acts) or agreed to in writing, shall any Contributor be\n liable to You for damages, including any direct, indirect, special,\n incidental, or consequential damages of any character arising as a\n result of this License or out of the use or inability to use the\n Work (including but not limited to damages for loss of goodwill,\n work stoppage, computer failure or malfunction, or any and all\n other commercial damages or losses), even if such Contributor\n has been advised of the possibility of such damages.\n\n 9. Accepting Warranty or Additional Liability. While redistributing\n the Work or Derivative Works thereof, You may choose to offer,\n and charge a fee for, acceptance of support, warranty, indemnity,\n or other liability obligations and/or rights consistent with this\n License. However, in accepting such obligations, You may act only\n on Your own behalf and on Your sole responsibility, not on behalf\n of any other Contributor, and only if You agree to indemnify,\n defend, and hold each Contributor harmless for any liability\n incurred by, or claims asserted against, such Contributor by reason\n of your accepting any such warranty or additional liability.\n\n END OF TERMS AND CONDITIONS\n\n APPENDIX: How to apply the Apache License to your work.\n\n To apply the Apache License to your work, attach the following\n boilerplate notice, with the fields enclosed by brackets \"{}\"\n replaced with your own identifying information. (Don't include\n the brackets!) The text should be enclosed in the appropriate\n comment syntax for the file format. We also recommend that a\n file or class name and description of purpose be included on the\n same \"printed page\" as the copyright notice for easier\n identification within third-party archives.\n\n Copyright 2020 immerda / Puppet Modules\n\n Licensed under the Apache License, Version 2.0 (the \"License\");\n you may not use this file except in compliance with the License.\n You may obtain a copy of the License at\n\n http://www.apache.org/licenses/LICENSE-2.0\n\n Unless required by applicable law or agreed to in writing, software\n distributed under the License is distributed on an \"AS IS\" BASIS,\n WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n See the License for the specific language governing permissions and\n limitations under the License.\n", + "reference": "# Reference\n\n\n\n## Table of Contents\n\n### Classes\n\n* [`nftables`](#nftables): Configure nftables\n* [`nftables::bridges`](#nftablesbridges): allow forwarding traffic on bridges\n* [`nftables::inet_filter`](#nftablesinet_filter): manage basic chains in table inet filter\n* [`nftables::inet_filter::fwd_conntrack`](#nftablesinet_filterfwd_conntrack): enable conntrack for fwd\n* [`nftables::inet_filter::in_out_conntrack`](#nftablesinet_filterin_out_conntrack): manage input & output conntrack\n* [`nftables::ip_nat`](#nftablesip_nat): manage basic chains in table ip nat\n* [`nftables::rules::activemq`](#nftablesrulesactivemq): Provides input rules for Apache ActiveMQ\n* [`nftables::rules::afs3_callback`](#nftablesrulesafs3_callback): Open call back port for AFS clients\n* [`nftables::rules::ceph`](#nftablesrulesceph): Ceph is a distributed object store and file system. Enable this to support Ceph's Object Storage Daemons (OSD), Metadata Server Daemons (MDS)\n* [`nftables::rules::ceph_mon`](#nftablesrulesceph_mon): Ceph is a distributed object store and file system.\nEnable this option to support Ceph's Monitor Daemon.\n* [`nftables::rules::dhcpv6_client`](#nftablesrulesdhcpv6_client): allow DHCPv6 requests in to a host\n* [`nftables::rules::dns`](#nftablesrulesdns): manage in dns\n* [`nftables::rules::docker_ce`](#nftablesrulesdocker_ce): Default firewall configuration for Docker-CE\n* [`nftables::rules::http`](#nftablesruleshttp): manage in http\n* [`nftables::rules::https`](#nftablesruleshttps): manage in https\n* [`nftables::rules::icinga2`](#nftablesrulesicinga2): manage in icinga2\n* [`nftables::rules::icmp`](#nftablesrulesicmp)\n* [`nftables::rules::nfs`](#nftablesrulesnfs): manage in nfs4\n* [`nftables::rules::nfs3`](#nftablesrulesnfs3): manage in nfs3\n* [`nftables::rules::node_exporter`](#nftablesrulesnode_exporter): manage in node exporter\n* [`nftables::rules::ospf`](#nftablesrulesospf): manage in ospf\n* [`nftables::rules::ospf3`](#nftablesrulesospf3): manage in ospf3\n* [`nftables::rules::out::all`](#nftablesrulesoutall): allow all outbound\n* [`nftables::rules::out::ceph_client`](#nftablesrulesoutceph_client): Ceph is a distributed object store and file system.\nEnable this to be a client of Ceph's Monitor (MON),\nObject Storage Daemons (OSD), Metadata Server Daemons (MDS),\nand Manager Daemons (MGR).\n* [`nftables::rules::out::chrony`](#nftablesrulesoutchrony): manage out chrony\n* [`nftables::rules::out::dhcp`](#nftablesrulesoutdhcp): manage out dhcp\n* [`nftables::rules::out::dhcpv6_client`](#nftablesrulesoutdhcpv6_client): Allow DHCPv6 requests out of a host\n* [`nftables::rules::out::dns`](#nftablesrulesoutdns): manage out dns\n* [`nftables::rules::out::hkp`](#nftablesrulesouthkp): allow outgoing hkp connections to gpg keyservers\n* [`nftables::rules::out::http`](#nftablesrulesouthttp): manage out http\n* [`nftables::rules::out::https`](#nftablesrulesouthttps): manage out https\n* [`nftables::rules::out::icmp`](#nftablesrulesouticmp): control outbound icmp packages\n* [`nftables::rules::out::imap`](#nftablesrulesoutimap): allow outgoing imap\n* [`nftables::rules::out::kerberos`](#nftablesrulesoutkerberos): allows outbound access for kerberos\n* [`nftables::rules::out::mysql`](#nftablesrulesoutmysql): manage out mysql\n* [`nftables::rules::out::nfs`](#nftablesrulesoutnfs): manage out nfs\n* [`nftables::rules::out::nfs3`](#nftablesrulesoutnfs3): manage out nfs3\n* [`nftables::rules::out::openafs_client`](#nftablesrulesoutopenafs_client): allows outbound access for afs clients\n7000 - afs3-fileserver\n7002 - afs3-ptserver\n7003 - vlserver\n* [`nftables::rules::out::ospf`](#nftablesrulesoutospf): manage out ospf\n* [`nftables::rules::out::ospf3`](#nftablesrulesoutospf3): manage out ospf3\n* [`nftables::rules::out::pop3`](#nftablesrulesoutpop3): allow outgoing pop3\n* [`nftables::rules::out::postgres`](#nftablesrulesoutpostgres): manage out postgres\n* [`nftables::rules::out::puppet`](#nftablesrulesoutpuppet): manage outgoing puppet\n* [`nftables::rules::out::pxp_agent`](#nftablesrulesoutpxp_agent): manage outgoing pxp-agent\n* [`nftables::rules::out::smtp`](#nftablesrulesoutsmtp): allow outgoing smtp\n* [`nftables::rules::out::smtp_client`](#nftablesrulesoutsmtp_client): allow outgoing smtp client\n* [`nftables::rules::out::ssh`](#nftablesrulesoutssh): manage out ssh\n* [`nftables::rules::out::ssh::remove`](#nftablesrulesoutsshremove): disable outgoing ssh\n* [`nftables::rules::out::tor`](#nftablesrulesouttor): manage out tor\n* [`nftables::rules::out::whois`](#nftablesrulesoutwhois): allow clients to query remote whois server\n* [`nftables::rules::out::wireguard`](#nftablesrulesoutwireguard): manage out wireguard\n* [`nftables::rules::puppet`](#nftablesrulespuppet): manage in puppet\n* [`nftables::rules::pxp_agent`](#nftablesrulespxp_agent): manage in pxp-agent\n* [`nftables::rules::qemu`](#nftablesrulesqemu): Bridged network configuration for qemu/libvirt\n* [`nftables::rules::samba`](#nftablesrulessamba): manage Samba, the suite to allow Windows file sharing on Linux resources.\n* [`nftables::rules::smtp`](#nftablesrulessmtp): manage in smtp\n* [`nftables::rules::smtp_submission`](#nftablesrulessmtp_submission): manage in smtp submission\n* [`nftables::rules::smtps`](#nftablesrulessmtps): manage in smtps\n* [`nftables::rules::ssh`](#nftablesrulesssh): manage in ssh\n* [`nftables::rules::tor`](#nftablesrulestor): manage in tor\n* [`nftables::rules::wireguard`](#nftablesruleswireguard): manage in wireguard\n* [`nftables::services::dhcpv6_client`](#nftablesservicesdhcpv6_client): Allow in and outbound traffic for DHCPv6 server\n* [`nftables::services::openafs_client`](#nftablesservicesopenafs_client): Open inbound and outbound ports for an AFS client\n\n### Defined types\n\n* [`nftables::chain`](#nftableschain): manage a chain\n* [`nftables::config`](#nftablesconfig): manage a config snippet\n* [`nftables::file`](#nftablesfile): Insert a file into the nftables configuration\n* [`nftables::rule`](#nftablesrule): Provides an interface to create a firewall rule\n* [`nftables::rules::dnat4`](#nftablesrulesdnat4): manage a ipv4 dnat rule\n* [`nftables::rules::masquerade`](#nftablesrulesmasquerade): masquerade all outgoing traffic\n* [`nftables::rules::snat4`](#nftablesrulessnat4): manage a ipv4 snat rule\n* [`nftables::set`](#nftablesset): manage a named set\n* [`nftables::simplerule`](#nftablessimplerule): Provides a simplified interface to nftables::rule\n\n### Data types\n\n* [`Nftables::Addr`](#nftablesaddr): Represents an address expression to be used within a rule.\n* [`Nftables::Addr::Set`](#nftablesaddrset): Represents a set expression to be used within a rule.\n* [`Nftables::Port`](#nftablesport): Represents a port expression to be used within a rule.\n* [`Nftables::Port::Range`](#nftablesportrange): Represents a port range expression to be used within a rule.\n* [`Nftables::RuleName`](#nftablesrulename): Represents a rule name to be used in a raw rule created via nftables::rule.\nIt's a dash separated string. The first component describes the chain to\nadd the rule to, the second the rule name and the (optional) third a number.\nEx: 'default_in-sshd', 'default_out-my_service-2'.\n* [`Nftables::SimpleRuleName`](#nftablessimplerulename): Represents a simple rule name to be used in a rule created via nftables::simplerule\n\n## Classes\n\n### `nftables`\n\nConfigure nftables\n\n#### Examples\n\n##### allow dns out and do not allow ntp out\n\n```puppet\nclass{ 'nftables':\n out_ntp => false,\n out_dns => true,\n}\n```\n\n##### do not flush particular tables, fail2ban in this case\n\n```puppet\nclass{ 'nftables':\n noflush_tables => ['inet-f2b-table'],\n}\n```\n\n#### Parameters\n\nThe following parameters are available in the `nftables` class:\n\n* [`out_all`](#out_all)\n* [`out_ntp`](#out_ntp)\n* [`out_http`](#out_http)\n* [`out_dns`](#out_dns)\n* [`out_https`](#out_https)\n* [`out_icmp`](#out_icmp)\n* [`in_ssh`](#in_ssh)\n* [`in_icmp`](#in_icmp)\n* [`inet_filter`](#inet_filter)\n* [`nat`](#nat)\n* [`nat_table_name`](#nat_table_name)\n* [`sets`](#sets)\n* [`log_prefix`](#log_prefix)\n* [`log_limit`](#log_limit)\n* [`reject_with`](#reject_with)\n* [`in_out_conntrack`](#in_out_conntrack)\n* [`fwd_conntrack`](#fwd_conntrack)\n* [`firewalld_enable`](#firewalld_enable)\n* [`noflush_tables`](#noflush_tables)\n* [`rules`](#rules)\n* [`configuration_path`](#configuration_path)\n* [`nft_path`](#nft_path)\n* [`echo`](#echo)\n\n##### `out_all`\n\nData type: `Boolean`\n\nAllow all outbound connections. If `true` then all other\nout parameters `out_ntp`, `out_dns`, ... will be assuemed\nfalse.\n\nDefault value: ``false``\n\n##### `out_ntp`\n\nData type: `Boolean`\n\nAllow outbound to ntp servers.\n\nDefault value: ``true``\n\n##### `out_http`\n\nData type: `Boolean`\n\nAllow outbound to http servers.\n\nDefault value: ``true``\n\n##### `out_dns`\n\nData type: `Boolean`\n\nAllow outbound to dns servers.\n\nDefault value: ``true``\n\n##### `out_https`\n\nData type: `Boolean`\n\nAllow outbound to https servers.\n\nDefault value: ``true``\n\n##### `out_icmp`\n\nData type: `Boolean`\n\nAllow outbound ICMPv4/v6 traffic.\n\nDefault value: ``true``\n\n##### `in_ssh`\n\nData type: `Boolean`\n\nAllow inbound to ssh servers.\n\nDefault value: ``true``\n\n##### `in_icmp`\n\nData type: `Boolean`\n\nAllow inbound ICMPv4/v6 traffic.\n\nDefault value: ``true``\n\n##### `inet_filter`\n\nData type: `Boolean`\n\nAdd default tables, chains and rules to process traffic.\n\nDefault value: ``true``\n\n##### `nat`\n\nData type: `Boolean`\n\nAdd default tables and chains to process NAT traffic.\n\nDefault value: ``true``\n\n##### `nat_table_name`\n\nData type: `String[1]`\n\nThe name of the 'nat' table.\n\nDefault value: `'nat'`\n\n##### `sets`\n\nData type: `Hash`\n\nAllows sourcing set definitions directly from Hiera.\n\nDefault value: `{}`\n\n##### `log_prefix`\n\nData type: `String`\n\nString that will be used as prefix when logging packets. It can contain\ntwo variables using standard sprintf() string-formatting:\n * chain: Will be replaced by the name of the chain.\n * comment: Allows chains to add extra comments.\n\nDefault value: `'[nftables] %s %s'`\n\n##### `log_limit`\n\nData type: `Variant[Boolean[false], String]`\n\nString with the content of a limit statement to be applied\nto the rules that log discarded traffic. Set to false to\ndisable rate limiting.\n\nDefault value: `'3/minute burst 5 packets'`\n\n##### `reject_with`\n\nData type: `Variant[Boolean[false], Pattern[/icmp(v6|x)? type .+|tcp reset/]]`\n\nHow to discard packets not matching any rule. If `false`, the\nfate of the packet will be defined by the chain policy (normally\ndrop), otherwise the packet will be rejected with the REJECT_WITH\npolicy indicated by the value of this parameter.\n\nDefault value: `'icmpx type port-unreachable'`\n\n##### `in_out_conntrack`\n\nData type: `Boolean`\n\nAdds INPUT and OUTPUT rules to allow traffic that's part of an\nestablished connection and also to drop invalid packets.\n\nDefault value: ``true``\n\n##### `fwd_conntrack`\n\nData type: `Boolean`\n\nAdds FORWARD rules to allow traffic that's part of an\nestablished connection and also to drop invalid packets.\n\nDefault value: ``false``\n\n##### `firewalld_enable`\n\nData type: `Variant[Boolean[false], Enum['mask']]`\n\nConfigures how the firewalld systemd service unit is enabled. It might be\nuseful to set this to false if you're externaly removing firewalld from\nthe system completely.\n\nDefault value: `'mask'`\n\n##### `noflush_tables`\n\nData type: `Optional[Array[Pattern[/^(ip|ip6|inet|arp|bridge|netdev)-[-a-zA-Z0-9_]+$/],1]]`\n\nIf specified only other existings tables will be flushed.\nIf left unset all tables will be flushed via a `flush ruleset`\n\nDefault value: ``undef``\n\n##### `rules`\n\nData type: `Hash`\n\nSpecify hashes of `nftables::rule`s via hiera\n\nDefault value: `{}`\n\n##### `configuration_path`\n\nData type: `Stdlib::Unixpath`\n\nThe absolute path to the principal nftables configuration file. The default\nvaries depending on the system, and is set in the module's data.\n\n##### `nft_path`\n\nData type: `Stdlib::Unixpath`\n\nPath to the nft binary\n\n##### `echo`\n\nData type: `Stdlib::Unixpath`\n\nPath to the echo binary\n\n### `nftables::bridges`\n\nallow forwarding traffic on bridges\n\n#### Parameters\n\nThe following parameters are available in the `nftables::bridges` class:\n\n* [`ensure`](#ensure)\n* [`bridgenames`](#bridgenames)\n\n##### `ensure`\n\nData type: `Enum['present','absent']`\n\n\n\nDefault value: `'present'`\n\n##### `bridgenames`\n\nData type: `Regexp`\n\n\n\nDefault value: `/^br.+/`\n\n### `nftables::inet_filter`\n\nmanage basic chains in table inet filter\n\n### `nftables::inet_filter::fwd_conntrack`\n\nenable conntrack for fwd\n\n### `nftables::inet_filter::in_out_conntrack`\n\nmanage input & output conntrack\n\n### `nftables::ip_nat`\n\nmanage basic chains in table ip nat\n\n### `nftables::rules::activemq`\n\nProvides input rules for Apache ActiveMQ\n\n#### Parameters\n\nThe following parameters are available in the `nftables::rules::activemq` class:\n\n* [`tcp`](#tcp)\n* [`udp`](#udp)\n* [`port`](#port)\n\n##### `tcp`\n\nData type: `Boolean`\n\nCreate the rule for TCP traffic.\n\nDefault value: ``true``\n\n##### `udp`\n\nData type: `Boolean`\n\nCreate the rule for UDP traffic.\n\nDefault value: ``true``\n\n##### `port`\n\nData type: `Stdlib::Port`\n\nThe port number for the ActiveMQ daemon.\n\nDefault value: `61616`\n\n### `nftables::rules::afs3_callback`\n\nOpen call back port for AFS clients\n\n#### Examples\n\n##### allow call backs from particular hosts\n\n```puppet\nclass{'nftables::rules::afs3_callback':\n saddr => ['192.168.0.0/16', '10.0.0.222']\n}\n```\n\n#### Parameters\n\nThe following parameters are available in the `nftables::rules::afs3_callback` class:\n\n* [`saddr`](#saddr)\n\n##### `saddr`\n\nData type: `Array[Stdlib::IP::Address::V4,1]`\n\nlist of source network ranges to a\n\nDefault value: `['0.0.0.0/0']`\n\n### `nftables::rules::ceph`\n\nCeph is a distributed object store and file system.\nEnable this to support Ceph's Object Storage Daemons (OSD),\nMetadata Server Daemons (MDS), or Manager Daemons (MGR).\n\n### `nftables::rules::ceph_mon`\n\nCeph is a distributed object store and file system.\nEnable this option to support Ceph's Monitor Daemon.\n\n#### Parameters\n\nThe following parameters are available in the `nftables::rules::ceph_mon` class:\n\n* [`ports`](#ports)\n\n##### `ports`\n\nData type: `Array[Stdlib::Port,1]`\n\nspecify ports for ceph service\n\nDefault value: `[3300, 6789]`\n\n### `nftables::rules::dhcpv6_client`\n\nallow DHCPv6 requests in to a host\n\n### `nftables::rules::dns`\n\nmanage in dns\n\n#### Parameters\n\nThe following parameters are available in the `nftables::rules::dns` class:\n\n* [`ports`](#ports)\n\n##### `ports`\n\nData type: `Array[Stdlib::Port,1]`\n\nSpecify ports for dns.\n\nDefault value: `[53]`\n\n### `nftables::rules::docker_ce`\n\nThe configuration distributed in this class represents the default firewall\nconfiguration done by docker-ce when the iptables integration is enabled.\n\nThis class is needed as the default docker-ce rules added to ip-filter conflict\nwith the inet-filter forward rules set by default in this module.\n\nWhen using this class 'docker::iptables: false' should be set.\n\n#### Parameters\n\nThe following parameters are available in the `nftables::rules::docker_ce` class:\n\n* [`docker_interface`](#docker_interface)\n* [`docker_prefix`](#docker_prefix)\n* [`manage_docker_chains`](#manage_docker_chains)\n* [`manage_base_chains`](#manage_base_chains)\n\n##### `docker_interface`\n\nData type: `String[1]`\n\nInterface name used by docker.\n\nDefault value: `'docker0'`\n\n##### `docker_prefix`\n\nData type: `Stdlib::IP::Address::V4::CIDR`\n\nThe address space used by docker.\n\nDefault value: `'172.17.0.0/16'`\n\n##### `manage_docker_chains`\n\nData type: `Boolean`\n\nFlag to control whether the class should create the docker related chains.\n\nDefault value: ``true``\n\n##### `manage_base_chains`\n\nData type: `Boolean`\n\nFlag to control whether the class should create the base common chains.\n\nDefault value: ``true``\n\n### `nftables::rules::http`\n\nmanage in http\n\n### `nftables::rules::https`\n\nmanage in https\n\n### `nftables::rules::icinga2`\n\nmanage in icinga2\n\n#### Parameters\n\nThe following parameters are available in the `nftables::rules::icinga2` class:\n\n* [`ports`](#ports)\n\n##### `ports`\n\nData type: `Array[Stdlib::Port,1]`\n\nSpecify ports for icinga1\n\nDefault value: `[5665]`\n\n### `nftables::rules::icmp`\n\nThe nftables::rules::icmp class.\n\n#### Parameters\n\nThe following parameters are available in the `nftables::rules::icmp` class:\n\n* [`v4_types`](#v4_types)\n* [`v6_types`](#v6_types)\n* [`order`](#order)\n\n##### `v4_types`\n\nData type: `Optional[Array[String]]`\n\n\n\nDefault value: ``undef``\n\n##### `v6_types`\n\nData type: `Optional[Array[String]]`\n\n\n\nDefault value: ``undef``\n\n##### `order`\n\nData type: `String`\n\n\n\nDefault value: `'10'`\n\n### `nftables::rules::nfs`\n\nmanage in nfs4\n\n### `nftables::rules::nfs3`\n\nmanage in nfs3\n\n### `nftables::rules::node_exporter`\n\nmanage in node exporter\n\n#### Parameters\n\nThe following parameters are available in the `nftables::rules::node_exporter` class:\n\n* [`prometheus_server`](#prometheus_server)\n* [`port`](#port)\n\n##### `prometheus_server`\n\nData type: `Optional[Variant[String,Array[String,1]]]`\n\nSpecify server name\n\nDefault value: ``undef``\n\n##### `port`\n\nData type: `Stdlib::Port`\n\nSpecify port to open\n\nDefault value: `9100`\n\n### `nftables::rules::ospf`\n\nmanage in ospf\n\n### `nftables::rules::ospf3`\n\nmanage in ospf3\n\n### `nftables::rules::out::all`\n\nallow all outbound\n\n### `nftables::rules::out::ceph_client`\n\nCeph is a distributed object store and file system.\nEnable this to be a client of Ceph's Monitor (MON),\nObject Storage Daemons (OSD), Metadata Server Daemons (MDS),\nand Manager Daemons (MGR).\n\n#### Parameters\n\nThe following parameters are available in the `nftables::rules::out::ceph_client` class:\n\n* [`ports`](#ports)\n\n##### `ports`\n\nData type: `Array[Stdlib::Port,1]`\n\nSpecify ports to open\n\nDefault value: `[3300, 6789]`\n\n### `nftables::rules::out::chrony`\n\nmanage out chrony\n\n#### Parameters\n\nThe following parameters are available in the `nftables::rules::out::chrony` class:\n\n* [`servers`](#servers)\n\n##### `servers`\n\nData type: `Array[Stdlib::IP::Address]`\n\nsingle IP-Address or array of IP-addresses from NTP servers\n\nDefault value: `[]`\n\n### `nftables::rules::out::dhcp`\n\nmanage out dhcp\n\n### `nftables::rules::out::dhcpv6_client`\n\nAllow DHCPv6 requests out of a host\n\n### `nftables::rules::out::dns`\n\nmanage out dns\n\n#### Parameters\n\nThe following parameters are available in the `nftables::rules::out::dns` class:\n\n* [`dns_server`](#dns_server)\n\n##### `dns_server`\n\nData type: `Optional[Variant[String,Array[String,1]]]`\n\nspecify dns_server name\n\nDefault value: ``undef``\n\n### `nftables::rules::out::hkp`\n\nallow outgoing hkp connections to gpg keyservers\n\n### `nftables::rules::out::http`\n\nmanage out http\n\n### `nftables::rules::out::https`\n\nmanage out https\n\n### `nftables::rules::out::icmp`\n\ncontrol outbound icmp packages\n\n#### Parameters\n\nThe following parameters are available in the `nftables::rules::out::icmp` class:\n\n* [`v4_types`](#v4_types)\n* [`v6_types`](#v6_types)\n* [`order`](#order)\n\n##### `v4_types`\n\nData type: `Optional[Array[String]]`\n\n\n\nDefault value: ``undef``\n\n##### `v6_types`\n\nData type: `Optional[Array[String]]`\n\n\n\nDefault value: ``undef``\n\n##### `order`\n\nData type: `String`\n\n\n\nDefault value: `'10'`\n\n### `nftables::rules::out::imap`\n\nallow outgoing imap\n\n### `nftables::rules::out::kerberos`\n\nallows outbound access for kerberos\n\n### `nftables::rules::out::mysql`\n\nmanage out mysql\n\n### `nftables::rules::out::nfs`\n\nmanage out nfs\n\n### `nftables::rules::out::nfs3`\n\nmanage out nfs3\n\n### `nftables::rules::out::openafs_client`\n\nallows outbound access for afs clients\n7000 - afs3-fileserver\n7002 - afs3-ptserver\n7003 - vlserver\n\n* **See also**\n * https://wiki.openafs.org/devel/AFSServicePorts/\n * AFS Service Ports\n\n#### Parameters\n\nThe following parameters are available in the `nftables::rules::out::openafs_client` class:\n\n* [`ports`](#ports)\n\n##### `ports`\n\nData type: `Array[Stdlib::Port,1]`\n\nport numbers to use\n\nDefault value: `[7000, 7002, 7003]`\n\n### `nftables::rules::out::ospf`\n\nmanage out ospf\n\n### `nftables::rules::out::ospf3`\n\nmanage out ospf3\n\n### `nftables::rules::out::pop3`\n\nallow outgoing pop3\n\n### `nftables::rules::out::postgres`\n\nmanage out postgres\n\n### `nftables::rules::out::puppet`\n\nmanage outgoing puppet\n\n#### Parameters\n\nThe following parameters are available in the `nftables::rules::out::puppet` class:\n\n* [`puppetserver`](#puppetserver)\n* [`puppetserver_port`](#puppetserver_port)\n\n##### `puppetserver`\n\nData type: `Variant[Stdlib::IP::Address,Array[Stdlib::IP::Address,1]]`\n\npuppetserver hostname\n\n##### `puppetserver_port`\n\nData type: `Stdlib::Port`\n\npuppetserver port\n\nDefault value: `8140`\n\n### `nftables::rules::out::pxp_agent`\n\nmanage outgoing pxp-agent\n\n* **See also**\n * also\n * take a look at nftables::rules::out::puppet, because the PXP agent also connects to a Puppetserver\n\n#### Parameters\n\nThe following parameters are available in the `nftables::rules::out::pxp_agent` class:\n\n* [`broker`](#broker)\n* [`broker_port`](#broker_port)\n\n##### `broker`\n\nData type: `Variant[Stdlib::IP::Address,Array[Stdlib::IP::Address,1]]`\n\nPXP broker IP(s)\n\n##### `broker_port`\n\nData type: `Stdlib::Port`\n\nPXP broker port\n\nDefault value: `8142`\n\n### `nftables::rules::out::smtp`\n\nallow outgoing smtp\n\n### `nftables::rules::out::smtp_client`\n\nallow outgoing smtp client\n\n### `nftables::rules::out::ssh`\n\nmanage out ssh\n\n### `nftables::rules::out::ssh::remove`\n\ndisable outgoing ssh\n\n### `nftables::rules::out::tor`\n\nmanage out tor\n\n### `nftables::rules::out::whois`\n\nallow clients to query remote whois server\n\n### `nftables::rules::out::wireguard`\n\nmanage out wireguard\n\n#### Parameters\n\nThe following parameters are available in the `nftables::rules::out::wireguard` class:\n\n* [`ports`](#ports)\n\n##### `ports`\n\nData type: `Array[Integer,1]`\n\nspecify wireguard ports\n\nDefault value: `[51820]`\n\n### `nftables::rules::puppet`\n\nmanage in puppet\n\n#### Parameters\n\nThe following parameters are available in the `nftables::rules::puppet` class:\n\n* [`ports`](#ports)\n\n##### `ports`\n\nData type: `Array[Integer,1]`\n\npuppet server ports\n\nDefault value: `[8140]`\n\n### `nftables::rules::pxp_agent`\n\nmanage in pxp-agent\n\n#### Parameters\n\nThe following parameters are available in the `nftables::rules::pxp_agent` class:\n\n* [`ports`](#ports)\n\n##### `ports`\n\nData type: `Array[Stdlib::Port,1]`\n\npxp server ports\n\nDefault value: `[8142]`\n\n### `nftables::rules::qemu`\n\nThis class configures the typical firewall setup that libvirt\ncreates. Depending on your requirements you can switch on and off\nseveral aspects, for instance if you don't do DHCP to your guests\nyou can disable the rules that accept DHCP traffic on the host or if\nyou don't want your guests to talk to hosts outside you can disable\nforwarding and/or masquerading for IPv4 traffic.\n\n#### Parameters\n\nThe following parameters are available in the `nftables::rules::qemu` class:\n\n* [`interface`](#interface)\n* [`network_v4`](#network_v4)\n* [`network_v6`](#network_v6)\n* [`dns`](#dns)\n* [`dhcpv4`](#dhcpv4)\n* [`forward_traffic`](#forward_traffic)\n* [`internal_traffic`](#internal_traffic)\n* [`masquerade`](#masquerade)\n\n##### `interface`\n\nData type: `String[1]`\n\nInterface name used by the bridge.\n\nDefault value: `'virbr0'`\n\n##### `network_v4`\n\nData type: `Stdlib::IP::Address::V4::CIDR`\n\nThe IPv4 network prefix used in the virtual network.\n\nDefault value: `'192.168.122.0/24'`\n\n##### `network_v6`\n\nData type: `Optional[Stdlib::IP::Address::V6::CIDR]`\n\nThe IPv6 network prefix used in the virtual network.\n\nDefault value: ``undef``\n\n##### `dns`\n\nData type: `Boolean`\n\nAllow DNS traffic from the guests to the host.\n\nDefault value: ``true``\n\n##### `dhcpv4`\n\nData type: `Boolean`\n\nAllow DHCPv4 traffic from the guests to the host.\n\nDefault value: ``true``\n\n##### `forward_traffic`\n\nData type: `Boolean`\n\nAllow forwarded traffic (out all, in related/established)\ngenerated by the virtual network.\n\nDefault value: ``true``\n\n##### `internal_traffic`\n\nData type: `Boolean`\n\nAllow guests in the virtual network to talk to each other.\n\nDefault value: ``true``\n\n##### `masquerade`\n\nData type: `Boolean`\n\nDo NAT masquerade on all IPv4 traffic generated by guests\nto external networks.\n\nDefault value: ``true``\n\n### `nftables::rules::samba`\n\nmanage Samba, the suite to allow Windows file sharing on Linux resources.\n\n#### Parameters\n\nThe following parameters are available in the `nftables::rules::samba` class:\n\n* [`ctdb`](#ctdb)\n\n##### `ctdb`\n\nData type: `Boolean`\n\nEnable ctdb-driven clustered Samba setups.\n\nDefault value: ``false``\n\n### `nftables::rules::smtp`\n\nmanage in smtp\n\n### `nftables::rules::smtp_submission`\n\nmanage in smtp submission\n\n### `nftables::rules::smtps`\n\nmanage in smtps\n\n### `nftables::rules::ssh`\n\nmanage in ssh\n\n#### Parameters\n\nThe following parameters are available in the `nftables::rules::ssh` class:\n\n* [`ports`](#ports)\n\n##### `ports`\n\nData type: `Array[Stdlib::Port,1]`\n\nssh ports\n\nDefault value: `[22]`\n\n### `nftables::rules::tor`\n\nmanage in tor\n\n#### Parameters\n\nThe following parameters are available in the `nftables::rules::tor` class:\n\n* [`ports`](#ports)\n\n##### `ports`\n\nData type: `Array[Stdlib::Port,1]`\n\nports for tor\n\nDefault value: `[9001]`\n\n### `nftables::rules::wireguard`\n\nmanage in wireguard\n\n#### Parameters\n\nThe following parameters are available in the `nftables::rules::wireguard` class:\n\n* [`ports`](#ports)\n\n##### `ports`\n\nData type: `Array[Stdlib::Port,1]`\n\nwiregueard port\n\nDefault value: `[51820]`\n\n### `nftables::services::dhcpv6_client`\n\nAllow in and outbound traffic for DHCPv6 server\n\n### `nftables::services::openafs_client`\n\nOpen inbound and outbound ports for an AFS client\n\n## Defined types\n\n### `nftables::chain`\n\nmanage a chain\n\n#### Parameters\n\nThe following parameters are available in the `nftables::chain` defined type:\n\n* [`table`](#table)\n* [`chain`](#chain)\n* [`inject`](#inject)\n* [`inject_iif`](#inject_iif)\n* [`inject_oif`](#inject_oif)\n\n##### `table`\n\nData type: `Pattern[/^(ip|ip6|inet)-[a-zA-Z0-9_]+$/]`\n\n\n\nDefault value: `'inet-filter'`\n\n##### `chain`\n\nData type: `Pattern[/^[a-zA-Z0-9_]+$/]`\n\n\n\nDefault value: `$title`\n\n##### `inject`\n\nData type: `Optional[Pattern[/^\\d\\d-[a-zA-Z0-9_]+$/]]`\n\n\n\nDefault value: ``undef``\n\n##### `inject_iif`\n\nData type: `Optional[String]`\n\n\n\nDefault value: ``undef``\n\n##### `inject_oif`\n\nData type: `Optional[String]`\n\n\n\nDefault value: ``undef``\n\n### `nftables::config`\n\nmanage a config snippet\n\n#### Parameters\n\nThe following parameters are available in the `nftables::config` defined type:\n\n* [`tablespec`](#tablespec)\n* [`content`](#content)\n* [`source`](#source)\n* [`prefix`](#prefix)\n\n##### `tablespec`\n\nData type: `Pattern[/^\\w+-\\w+$/]`\n\n\n\nDefault value: `$title`\n\n##### `content`\n\nData type: `Optional[String]`\n\n\n\nDefault value: ``undef``\n\n##### `source`\n\nData type: `Optional[Variant[String,Array[String,1]]]`\n\n\n\nDefault value: ``undef``\n\n##### `prefix`\n\nData type: `String`\n\n\n\nDefault value: `'custom-'`\n\n### `nftables::file`\n\nInsert a file into the nftables configuration\n\n#### Examples\n\n##### Include a file that includes other files\n\n```puppet\nnftables::file{'geoip':\n content => @(EOT)\n include \"/var/local/geoipsets/dbip/nftset/ipv4/*.ipv4\"\n include \"/var/local/geoipsets/dbip/nftset/ipv6/*.ipv6\"\n |EOT,\n}\n```\n\n#### Parameters\n\nThe following parameters are available in the `nftables::file` defined type:\n\n* [`label`](#label)\n* [`content`](#content)\n* [`source`](#source)\n* [`prefix`](#prefix)\n\n##### `label`\n\nData type: `String[1]`\n\nUnique name to include in filename.\n\nDefault value: `$title`\n\n##### `content`\n\nData type: `Optional[String]`\n\nThe content to place in the file.\n\nDefault value: ``undef``\n\n##### `source`\n\nData type: `Optional[Variant[String,Array[String,1]]]`\n\nA source to obtain the file content from.\n\nDefault value: ``undef``\n\n##### `prefix`\n\nData type: `String`\n\nPrefix of file name to be created, if left as `file-` it will be\nauto included in the main nft configuration\n\nDefault value: `'file-'`\n\n### `nftables::rule`\n\nProvides an interface to create a firewall rule\n\n#### Examples\n\n##### add a rule named 'myhttp' to the 'default_in' chain to allow incoming traffic to TCP port 80\n\n```puppet\nnftables::rule {\n 'default_in-myhttp':\n content => 'tcp dport 80 accept',\n}\n```\n\n##### add a rule named 'count' to the 'PREROUTING6' chain in table 'ip6 nat' to count traffic\n\n```puppet\nnftables::rule {\n 'PREROUTING6-count':\n content => 'counter',\n table => 'ip6-nat'\n}\n```\n\n#### Parameters\n\nThe following parameters are available in the `nftables::rule` defined type:\n\n* [`ensure`](#ensure)\n* [`rulename`](#rulename)\n* [`order`](#order)\n* [`table`](#table)\n* [`content`](#content)\n* [`source`](#source)\n\n##### `ensure`\n\nData type: `Enum['present','absent']`\n\nShould the rule be created.\n\nDefault value: `'present'`\n\n##### `rulename`\n\nData type: `Nftables::RuleName`\n\nThe symbolic name for the rule and to what chain to add it. The\nformat is defined by the Nftables::RuleName type.\n\nDefault value: `$title`\n\n##### `order`\n\nData type: `Pattern[/^\\d\\d$/]`\n\nA number representing the order of the rule.\n\nDefault value: `'50'`\n\n##### `table`\n\nData type: `String`\n\nThe name of the table to add this rule to.\n\nDefault value: `'inet-filter'`\n\n##### `content`\n\nData type: `Optional[String]`\n\nThe raw statements that compose the rule represented using the nftables\nlanguage.\n\nDefault value: ``undef``\n\n##### `source`\n\nData type: `Optional[Variant[String,Array[String,1]]]`\n\nSame goal as content but sourcing the value from a file.\n\nDefault value: ``undef``\n\n### `nftables::rules::dnat4`\n\nmanage a ipv4 dnat rule\n\n#### Parameters\n\nThe following parameters are available in the `nftables::rules::dnat4` defined type:\n\n* [`daddr`](#daddr)\n* [`port`](#port)\n* [`rulename`](#rulename)\n* [`order`](#order)\n* [`chain`](#chain)\n* [`iif`](#iif)\n* [`proto`](#proto)\n* [`dport`](#dport)\n* [`ensure`](#ensure)\n\n##### `daddr`\n\nData type: `Pattern[/^[12]?\\d{1,2}\\.[12]?\\d{1,2}\\.[12]?\\d{1,2}\\.[12]?\\d{1,2}$/]`\n\n\n\n##### `port`\n\nData type: `Variant[String,Stdlib::Port]`\n\n\n\n##### `rulename`\n\nData type: `Pattern[/^[a-zA-Z0-9_]+$/]`\n\n\n\nDefault value: `$title`\n\n##### `order`\n\nData type: `Pattern[/^\\d\\d$/]`\n\n\n\nDefault value: `'50'`\n\n##### `chain`\n\nData type: `String[1]`\n\n\n\nDefault value: `'default_fwd'`\n\n##### `iif`\n\nData type: `Optional[String[1]]`\n\n\n\nDefault value: ``undef``\n\n##### `proto`\n\nData type: `Enum['tcp','udp']`\n\n\n\nDefault value: `'tcp'`\n\n##### `dport`\n\nData type: `Optional[Variant[String,Stdlib::Port]]`\n\n\n\nDefault value: ``undef``\n\n##### `ensure`\n\nData type: `Enum['present','absent']`\n\n\n\nDefault value: `'present'`\n\n### `nftables::rules::masquerade`\n\nmasquerade all outgoing traffic\n\n#### Parameters\n\nThe following parameters are available in the `nftables::rules::masquerade` defined type:\n\n* [`rulename`](#rulename)\n* [`order`](#order)\n* [`chain`](#chain)\n* [`oif`](#oif)\n* [`saddr`](#saddr)\n* [`daddr`](#daddr)\n* [`proto`](#proto)\n* [`dport`](#dport)\n* [`ensure`](#ensure)\n\n##### `rulename`\n\nData type: `Pattern[/^[a-zA-Z0-9_]+$/]`\n\n\n\nDefault value: `$title`\n\n##### `order`\n\nData type: `Pattern[/^\\d\\d$/]`\n\n\n\nDefault value: `'70'`\n\n##### `chain`\n\nData type: `String[1]`\n\n\n\nDefault value: `'POSTROUTING'`\n\n##### `oif`\n\nData type: `Optional[String[1]]`\n\n\n\nDefault value: ``undef``\n\n##### `saddr`\n\nData type: `Optional[String[1]]`\n\n\n\nDefault value: ``undef``\n\n##### `daddr`\n\nData type: `Optional[String[1]]`\n\n\n\nDefault value: ``undef``\n\n##### `proto`\n\nData type: `Optional[Enum['tcp','udp']]`\n\n\n\nDefault value: ``undef``\n\n##### `dport`\n\nData type: `Optional[Variant[String,Stdlib::Port]]`\n\n\n\nDefault value: ``undef``\n\n##### `ensure`\n\nData type: `Enum['present','absent']`\n\n\n\nDefault value: `'present'`\n\n### `nftables::rules::snat4`\n\nmanage a ipv4 snat rule\n\n#### Parameters\n\nThe following parameters are available in the `nftables::rules::snat4` defined type:\n\n* [`snat`](#snat)\n* [`rulename`](#rulename)\n* [`order`](#order)\n* [`chain`](#chain)\n* [`oif`](#oif)\n* [`saddr`](#saddr)\n* [`proto`](#proto)\n* [`dport`](#dport)\n* [`ensure`](#ensure)\n\n##### `snat`\n\nData type: `String[1]`\n\n\n\n##### `rulename`\n\nData type: `Pattern[/^[a-zA-Z0-9_]+$/]`\n\n\n\nDefault value: `$title`\n\n##### `order`\n\nData type: `Pattern[/^\\d\\d$/]`\n\n\n\nDefault value: `'70'`\n\n##### `chain`\n\nData type: `String[1]`\n\n\n\nDefault value: `'POSTROUTING'`\n\n##### `oif`\n\nData type: `Optional[String[1]]`\n\n\n\nDefault value: ``undef``\n\n##### `saddr`\n\nData type: `Optional[String[1]]`\n\n\n\nDefault value: ``undef``\n\n##### `proto`\n\nData type: `Optional[Enum['tcp','udp']]`\n\n\n\nDefault value: ``undef``\n\n##### `dport`\n\nData type: `Optional[Variant[String,Stdlib::Port]]`\n\n\n\nDefault value: ``undef``\n\n##### `ensure`\n\nData type: `Enum['present','absent']`\n\n\n\nDefault value: `'present'`\n\n### `nftables::set`\n\nmanage a named set\n\n#### Examples\n\n##### simple set\n\n```puppet\nnftables::set{'my_set':\n type => 'ipv4_addr',\n flags => ['interval'],\n elements => ['192.168.0.1/24', '10.0.0.2'],\n auto_merge => true,\n}\n```\n\n#### Parameters\n\nThe following parameters are available in the `nftables::set` defined type:\n\n* [`ensure`](#ensure)\n* [`setname`](#setname)\n* [`order`](#order)\n* [`type`](#type)\n* [`table`](#table)\n* [`flags`](#flags)\n* [`timeout`](#timeout)\n* [`gc_interval`](#gc_interval)\n* [`elements`](#elements)\n* [`size`](#size)\n* [`policy`](#policy)\n* [`auto_merge`](#auto_merge)\n* [`content`](#content)\n* [`source`](#source)\n\n##### `ensure`\n\nData type: `Enum['present','absent']`\n\nshould the set be created.\n\nDefault value: `'present'`\n\n##### `setname`\n\nData type: `Pattern[/^[-a-zA-Z0-9_]+$/]`\n\nname of set, equal to to title.\n\nDefault value: `$title`\n\n##### `order`\n\nData type: `Pattern[/^\\d\\d$/]`\n\nconcat ordering.\n\nDefault value: `'10'`\n\n##### `type`\n\nData type: `Optional[Enum['ipv4_addr', 'ipv6_addr', 'ether_addr', 'inet_proto', 'inet_service', 'mark']]`\n\ntype of set.\n\nDefault value: ``undef``\n\n##### `table`\n\nData type: `Variant[String, Array[String, 1]]`\n\ntable or array of tables to add the set to.\n\nDefault value: `'inet-filter'`\n\n##### `flags`\n\nData type: `Array[Enum['constant', 'dynamic', 'interval', 'timeout'], 0, 4]`\n\nspecify flags for set\n\nDefault value: `[]`\n\n##### `timeout`\n\nData type: `Optional[Integer]`\n\ntimeout in seconds\n\nDefault value: ``undef``\n\n##### `gc_interval`\n\nData type: `Optional[Integer]`\n\ngarbage collection interval.\n\nDefault value: ``undef``\n\n##### `elements`\n\nData type: `Optional[Array[String]]`\n\ninitialize the set with some elements in it.\n\nDefault value: ``undef``\n\n##### `size`\n\nData type: `Optional[Integer]`\n\nlimits the maximum number of elements of the set.\n\nDefault value: ``undef``\n\n##### `policy`\n\nData type: `Optional[Enum['performance', 'memory']]`\n\ndetermines set selection policy.\n\nDefault value: ``undef``\n\n##### `auto_merge`\n\nData type: `Boolean`\n\n?\n\nDefault value: ``false``\n\n##### `content`\n\nData type: `Optional[String]`\n\nspecify content of set.\n\nDefault value: ``undef``\n\n##### `source`\n\nData type: `Optional[Variant[String,Array[String,1]]]`\n\nspecify source of set.\n\nDefault value: ``undef``\n\n### `nftables::simplerule`\n\nProvides a simplified interface to nftables::rule\n\n#### Examples\n\n##### allow incoming traffic from port 541 on port 543 TCP to a given IP range and count packets\n\n```puppet\nnftables::simplerule{'my_service_in':\n action => 'accept',\n comment => 'allow traffic to port 543',\n counter => true,\n proto => 'tcp',\n dport => 543,\n daddr => '2001:1458::/32',\n sport => 541,\n}\n```\n\n#### Parameters\n\nThe following parameters are available in the `nftables::simplerule` defined type:\n\n* [`ensure`](#ensure)\n* [`rulename`](#rulename)\n* [`order`](#order)\n* [`chain`](#chain)\n* [`table`](#table)\n* [`action`](#action)\n* [`comment`](#comment)\n* [`dport`](#dport)\n* [`proto`](#proto)\n* [`daddr`](#daddr)\n* [`set_type`](#set_type)\n* [`sport`](#sport)\n* [`saddr`](#saddr)\n* [`counter`](#counter)\n\n##### `ensure`\n\nData type: `Enum['present','absent']`\n\nShould the rule be created.\n\nDefault value: `'present'`\n\n##### `rulename`\n\nData type: `Nftables::SimpleRuleName`\n\nThe symbolic name for the rule to add. Defaults to the resource's title.\n\nDefault value: `$title`\n\n##### `order`\n\nData type: `Pattern[/^\\d\\d$/]`\n\nA number representing the order of the rule.\n\nDefault value: `'50'`\n\n##### `chain`\n\nData type: `String`\n\nThe name of the chain to add this rule to.\n\nDefault value: `'default_in'`\n\n##### `table`\n\nData type: `String`\n\nThe name of the table to add this rule to.\n\nDefault value: `'inet-filter'`\n\n##### `action`\n\nData type: `Enum['accept', 'continue', 'drop', 'queue', 'return']`\n\nThe verdict for the matched traffic.\n\nDefault value: `'accept'`\n\n##### `comment`\n\nData type: `Optional[String]`\n\nA typically human-readable comment for the rule.\n\nDefault value: ``undef``\n\n##### `dport`\n\nData type: `Optional[Nftables::Port]`\n\nThe destination port, ports or port range.\n\nDefault value: ``undef``\n\n##### `proto`\n\nData type: `Optional[Enum['tcp', 'tcp4', 'tcp6', 'udp', 'udp4', 'udp6']]`\n\nThe transport-layer protocol to match.\n\nDefault value: ``undef``\n\n##### `daddr`\n\nData type: `Optional[Nftables::Addr]`\n\nThe destination address, CIDR or set to match.\n\nDefault value: ``undef``\n\n##### `set_type`\n\nData type: `Enum['ip', 'ip6']`\n\nWhen using sets as saddr or daddr, the type of the set.\nUse `ip` for sets of type `ipv4_addr`.\n\nDefault value: `'ip6'`\n\n##### `sport`\n\nData type: `Optional[Nftables::Port]`\n\nThe source port, ports or port range.\n\nDefault value: ``undef``\n\n##### `saddr`\n\nData type: `Optional[Nftables::Addr]`\n\nThe source address, CIDR or set to match.\n\nDefault value: ``undef``\n\n##### `counter`\n\nData type: `Boolean`\n\nEnable traffic counters for the matched traffic.\n\nDefault value: ``false``\n\n## Data types\n\n### `Nftables::Addr`\n\nRepresents an address expression to be used within a rule.\n\nAlias of\n\n```puppet\nVariant[Stdlib::IP::Address::V6, Stdlib::IP::Address::V4, Nftables::Addr::Set]\n```\n\n### `Nftables::Addr::Set`\n\nRepresents a set expression to be used within a rule.\n\nAlias of\n\n```puppet\nPattern[/^@[-a-zA-Z0-9_]+$/]\n```\n\n### `Nftables::Port`\n\nRepresents a port expression to be used within a rule.\n\nAlias of\n\n```puppet\nVariant[Array[Stdlib::Port, 1], Stdlib::Port, Nftables::Port::Range]\n```\n\n### `Nftables::Port::Range`\n\nRepresents a port range expression to be used within a rule.\n\nAlias of\n\n```puppet\nPattern[/^\\d+-\\d+$/]\n```\n\n### `Nftables::RuleName`\n\nRepresents a rule name to be used in a raw rule created via nftables::rule.\nIt's a dash separated string. The first component describes the chain to\nadd the rule to, the second the rule name and the (optional) third a number.\nEx: 'default_in-sshd', 'default_out-my_service-2'.\n\nAlias of\n\n```puppet\nPattern[/^[a-zA-Z0-9_]+-[a-zA-Z0-9_]+(-\\d+)?$/]\n```\n\n### `Nftables::SimpleRuleName`\n\nRepresents a simple rule name to be used in a rule created via nftables::simplerule\n\nAlias of\n\n```puppet\nPattern[/^[a-zA-Z0-9_]+(-\\d+)?$/]\n```\n\n", + "malware_scan": null, + "tasks": [], + "plans": [], + "created_at": "2022-10-25 10:43:50 -0700", + "updated_at": "2022-10-25 10:44:44 -0700", + "deleted_at": null, + "deleted_for": null + }, + "releases": [ + { + "uri": "/v3/releases/puppet-nftables-2.6.0", + "slug": "puppet-nftables-2.6.0", + "version": "2.6.0", + "supported": false, + "created_at": "2022-10-25 10:43:50 -0700", + "deleted_at": null, + "file_uri": "/v3/files/puppet-nftables-2.6.0.tar.gz", + "file_size": 36251 + }, + { + "uri": "/v3/releases/puppet-nftables-2.5.0", + "slug": "puppet-nftables-2.5.0", + "version": "2.5.0", + "supported": false, + "created_at": "2022-08-26 06:58:15 -0700", + "deleted_at": null, + "file_uri": "/v3/files/puppet-nftables-2.5.0.tar.gz", + "file_size": 35213 + }, + { + "uri": "/v3/releases/puppet-nftables-2.4.0", + "slug": "puppet-nftables-2.4.0", + "version": "2.4.0", + "supported": false, + "created_at": "2022-07-11 01:53:46 -0700", + "deleted_at": null, + "file_uri": "/v3/files/puppet-nftables-2.4.0.tar.gz", + "file_size": 35026 + }, + { + "uri": "/v3/releases/puppet-nftables-2.3.0", + "slug": "puppet-nftables-2.3.0", + "version": "2.3.0", + "supported": false, + "created_at": "2022-07-06 05:55:59 -0700", + "deleted_at": null, + "file_uri": "/v3/files/puppet-nftables-2.3.0.tar.gz", + "file_size": 34184 + }, + { + "uri": "/v3/releases/puppet-nftables-2.2.1", + "slug": "puppet-nftables-2.2.1", + "version": "2.2.1", + "supported": false, + "created_at": "2022-05-02 02:25:24 -0700", + "deleted_at": null, + "file_uri": "/v3/files/puppet-nftables-2.2.1.tar.gz", + "file_size": 33832 + }, + { + "uri": "/v3/releases/puppet-nftables-2.2.0", + "slug": "puppet-nftables-2.2.0", + "version": "2.2.0", + "supported": false, + "created_at": "2022-02-27 09:25:07 -0800", + "deleted_at": null, + "file_uri": "/v3/files/puppet-nftables-2.2.0.tar.gz", + "file_size": 33785 + }, + { + "uri": "/v3/releases/puppet-nftables-2.1.0", + "slug": "puppet-nftables-2.1.0", + "version": "2.1.0", + "supported": false, + "created_at": "2021-09-14 03:59:27 -0700", + "deleted_at": null, + "file_uri": "/v3/files/puppet-nftables-2.1.0.tar.gz", + "file_size": 33604 + }, + { + "uri": "/v3/releases/puppet-nftables-2.0.0", + "slug": "puppet-nftables-2.0.0", + "version": "2.0.0", + "supported": false, + "created_at": "2021-06-03 06:21:53 -0700", + "deleted_at": null, + "file_uri": "/v3/files/puppet-nftables-2.0.0.tar.gz", + "file_size": 33204 + }, + { + "uri": "/v3/releases/puppet-nftables-1.3.0", + "slug": "puppet-nftables-1.3.0", + "version": "1.3.0", + "supported": false, + "created_at": "2021-03-25 05:52:02 -0700", + "deleted_at": null, + "file_uri": "/v3/files/puppet-nftables-1.3.0.tar.gz", + "file_size": 39256 + }, + { + "uri": "/v3/releases/puppet-nftables-1.2.0", + "slug": "puppet-nftables-1.2.0", + "version": "1.2.0", + "supported": false, + "created_at": "2021-03-03 00:41:48 -0800", + "deleted_at": null, + "file_uri": "/v3/files/puppet-nftables-1.2.0.tar.gz", + "file_size": 35637 + }, + { + "uri": "/v3/releases/puppet-nftables-1.1.1", + "slug": "puppet-nftables-1.1.1", + "version": "1.1.1", + "supported": false, + "created_at": "2021-01-29 00:20:01 -0800", + "deleted_at": null, + "file_uri": "/v3/files/puppet-nftables-1.1.1.tar.gz", + "file_size": 35456 + }, + { + "uri": "/v3/releases/puppet-nftables-1.1.0", + "slug": "puppet-nftables-1.1.0", + "version": "1.1.0", + "supported": false, + "created_at": "2021-01-25 07:20:46 -0800", + "deleted_at": null, + "file_uri": "/v3/files/puppet-nftables-1.1.0.tar.gz", + "file_size": 34798 + }, + { + "uri": "/v3/releases/puppet-nftables-1.0.0", + "slug": "puppet-nftables-1.0.0", + "version": "1.0.0", + "supported": false, + "created_at": "2020-12-15 02:15:22 -0800", + "deleted_at": null, + "file_uri": "/v3/files/puppet-nftables-1.0.0.tar.gz", + "file_size": 31530 + } + ], + "feedback_score": null, + "homepage_url": "https://github.com/voxpupuli/puppet-nftables", + "issues_url": "https://github.com/voxpupuli/puppet-nftables/issues" + } + ] +} diff --git a/swh/lister/puppet/tests/test_lister.py b/swh/lister/puppet/tests/test_lister.py index 80e5a63..c3d1cce 100644 --- a/swh/lister/puppet/tests/test_lister.py +++ b/swh/lister/puppet/tests/test_lister.py @@ -1,120 +1,164 @@ # Copyright (C) 2022 The Software Heritage developers # See the AUTHORS file at the top-level directory of this distribution # License: GNU General Public License version 3, or any later version # See top-level LICENSE file for more information +from datetime import datetime, timedelta, timezone + from swh.lister.puppet.lister import PuppetLister # flake8: noqa: B950 expected_origins = [ { "url": "https://forge.puppet.com/modules/electrical/file_concat", "artifacts": [ { "url": "https://forgeapi.puppet.com/v3/files/electrical-file_concat-1.0.1.tar.gz", "version": "1.0.1", "filename": "electrical-file_concat-1.0.1.tar.gz", "last_update": "2015-04-17T01:03:46-07:00", "checksums": { "md5": "74901a89544134478c2dfde5efbb7f14", "sha256": "15e973613ea038d8a4f60bafe2d678f88f53f3624c02df3157c0043f4a400de6", }, }, { "url": "https://forgeapi.puppet.com/v3/files/electrical-file_concat-1.0.0.tar.gz", "version": "1.0.0", "filename": "electrical-file_concat-1.0.0.tar.gz", "last_update": "2015-04-09T12:03:13-07:00", "checksums": { "length": 13289, }, }, ], }, { "url": "https://forge.puppet.com/modules/puppetlabs/puppetdb", "artifacts": [ { "url": "https://forgeapi.puppet.com/v3/files/puppetlabs-puppetdb-7.10.0.tar.gz", "version": "7.10.0", "filename": "puppetlabs-puppetdb-7.10.0.tar.gz", "last_update": "2021-12-16T14:57:46-08:00", "checksums": { "md5": "e91a2074ca8d94a8b3ff7f6c8bbf12bc", "sha256": "49b1a542fbd2a1378c16cb04809e0f88bf4f3e45979532294fb1f03f56c97fbb", }, }, { "url": "https://forgeapi.puppet.com/v3/files/puppetlabs-puppetdb-7.9.0.tar.gz", "version": "7.9.0", "filename": "puppetlabs-puppetdb-7.9.0.tar.gz", "last_update": "2021-06-24T07:48:54-07:00", "checksums": { "length": 42773, }, }, { "url": "https://forgeapi.puppet.com/v3/files/puppetlabs-puppetdb-1.0.0.tar.gz", "version": "1.0.0", "filename": "puppetlabs-puppetdb-1.0.0.tar.gz", "last_update": "2012-09-19T16:51:22-07:00", "checksums": { "length": 16336, }, }, ], }, { "url": "https://forge.puppet.com/modules/saz/memcached", "artifacts": [ { "url": "https://forgeapi.puppet.com/v3/files/saz-memcached-8.1.0.tar.gz", "version": "8.1.0", "filename": "saz-memcached-8.1.0.tar.gz", "last_update": "2022-07-11T03:34:55-07:00", "checksums": { "md5": "aadf80fba5848909429eb002ee1927ea", "sha256": "883d6186e91c2c3fed13ae2009c3aa596657f6707b76f1f7efc6203c6e4ae986", }, }, { "url": "https://forgeapi.puppet.com/v3/files/saz-memcached-1.0.0.tar.gz", "version": "1.0.0", "filename": "saz-memcached-1.0.0.tar.gz", "last_update": "2011-11-20T13:40:30-08:00", "checksums": { "length": 2472, }, }, ], }, ] def test_puppet_lister(datadir, requests_mock_datadir, swh_scheduler): lister = PuppetLister(scheduler=swh_scheduler) res = lister.run() assert res.pages == 2 assert res.origins == 1 + 1 + 1 scheduler_origins = swh_scheduler.get_listed_origins(lister.lister_obj.id).results assert len(scheduler_origins) == len(expected_origins) assert [ ( scheduled.visit_type, scheduled.url, scheduled.extra_loader_arguments["artifacts"], ) for scheduled in sorted(scheduler_origins, key=lambda scheduled: scheduled.url) ] == [ ( "puppet", expected["url"], expected["artifacts"], ) for expected in sorted(expected_origins, key=lambda expected: expected["url"]) ] + + +def test_puppet_lister_incremental(datadir, requests_mock_datadir, swh_scheduler): + + # First run + lister = PuppetLister(scheduler=swh_scheduler) + res = lister.run() + + assert res.pages == 2 + assert res.origins == 1 + 1 + 1 + + scheduler_origins = swh_scheduler.get_listed_origins(lister.lister_obj.id).results + + assert len(scheduler_origins) == len(expected_origins) + + assert [ + ( + scheduled.visit_type, + scheduled.url, + scheduled.extra_loader_arguments["artifacts"], + ) + for scheduled in sorted(scheduler_origins, key=lambda scheduled: scheduled.url) + ] == [ + ( + "puppet", + expected["url"], + expected["artifacts"], + ) + for expected in sorted(expected_origins, key=lambda expected: expected["url"]) + ] + + # Second run + lister = PuppetLister(scheduler=swh_scheduler) + # Force lister.state.last_listing_date for correct fixture loading + + lister.state.last_listing_date = datetime(2022, 9, 26, 18, 0).astimezone( + timezone(timedelta(hours=-7)) + ) + res = lister.run() + + assert res.pages == 1 + assert res.origins == 1