modules/fail2ban/manifests/filter.pp - Issue 29364214: Issue 2487 - Introduce fail2ban module

Delta Between Two Patch Sets: modules/fail2ban/manifests/filter.pp

Issue 29364214: Issue 2487 - Introduce fail2ban module (Closed)

Left Patch Set: Issue 2487 - Introduce fail2ban module Created Nov. 29, 2016, 12:44 p.m.

Right Patch Set: For comment 22 and 23 Created Dec. 2, 2016, 2:22 p.m.

Left:
Right:

Use n/p to move between diff chunks; N/P to move between comments.

Jump to:

Left: Side by side diff | Download
Right: Side by side diff | Download

LEFT	RIGHT
1 # == Type: fail2ban::filter	1 # == Type: fail2ban::filter

2 #	2 #

3 # Manage filter information and files for any custom filter.	3 # Manage filter information and files for any custom filter.

4 #	4 #

5 # == Parameters:	5 # == Parameters:

6 #	6 #

7 # [failregex]	7 # [regexes]
mathias 2016/11/29 13:21:24 Either we allow for passing a single string as wel Either we allow for passing a single string as well (the most common use-case probably, and easy to wrap into an array later, but a little more excessive documentation required) or we should re-name the parameter to reflect the list character (plural). f.lopez 2016/12/01 09:13:48 Acknowledged. Show quoted text On 2016/11/29 13:21:24, mathias wrote: > Either we allow for passing a single string as well (the most common use-case > probably, and easy to wrap into an array later, but a little more excessive > documentation required) or we should re-name the parameter to reflect the list > character (plural). Acknowledged.
8 # Array of strings containing the regular expressions applied to	8 # Array of strings containing the regular expressions applied to

9 # the filter.	9 # the filter.

10 #	10 #

11 # [ensure]	11 # [ensure]

12 # Translates directly into the state of the file resource.	12 # Translates directly into the state of the file resource.

13 #	13 #

14 # === Examples:	14 # === Examples:

15 #	15 #

16 # fail2ban::filter => {'CVE-2013-0235':	16 # fail2ban::filter {'CVE-2013-0235':
mathias 2016/11/29 13:21:24 The "=>" here is invalid syntax, and the sub-level The "=>" here is invalid syntax, and the sub-levels below should be indented by 2wo spaces only. f.lopez 2016/12/01 09:13:48 Acknowledged. Show quoted text On 2016/11/29 13:21:24, mathias wrote: > The "=>" here is invalid syntax, and the sub-levels below should be indented by > 2wo spaces only. Acknowledged.
17 # failregex => [	17 # regexes => [

18 # » '^<HOST>.\"WordPress\/.',	18 # '^<HOST>.\"WordPress\/.',

19 #» '^.\"WordPress\/.<HOST>.*'	19 #» '^.\"WordPress\/.<HOST>.*',
mathias 2016/11/29 13:21:24 Missing a comma here, after the string item. Missing a comma here, after the string item. f.lopez 2016/12/01 09:13:48 Acknowledged. Show quoted text On 2016/11/29 13:21:24, mathias wrote: > Missing a comma here, after the string item. Acknowledged.
20 # » ],	20 # ],

21 # » 'ensure' => 'present',	21 # 'ensure' => 'present',

22 # }	22 # }
mathias 2016/11/29 13:21:24 Another comment-line (hash-tag in the beginning, o Another comment-line (hash-tag in the beginning, otherwise empty) should follow here. f.lopez 2016/12/01 09:13:48 Acknowledged. Show quoted text On 2016/11/29 13:21:24, mathias wrote: > Another comment-line (hash-tag in the beginning, otherwise empty) should follow > here. Acknowledged.
	23 #

23 define fail2ban::filter (	24 define fail2ban::filter (

24 $failregex = [],	25 $regexes = [],

25 $ensure = 'present',	26 $ensure = 'present',

26 ) {	27 ) {

27	28

28 include fail2ban	29 include fail2ban

29 include stdlib	30 include stdlib

30	31

31 if (size($failregex) == 0) and ($ensure == 'present') {	32 if (size($regexes) == 0) and ($ensure == 'present') {

32 fail('Require an array of string[s] with the regex patterns to apply.')	33 fail("An array of one or more regular expressions is needed.")
mathias 2016/11/29 13:21:24 Those square brackets are not necessary. And the e Those square brackets are not necessary. And the error message does not indicate the actual issue, namely that an empty array has been encountered ("array of strings" vs "array of one or more regular expressions", for example). f.lopez 2016/12/01 09:13:48 Acknowledged. Show quoted text On 2016/11/29 13:21:24, mathias wrote: > Those square brackets are not necessary. And the error message does not indicate > the actual issue, namely that an empty array has been encountered ("array of > strings" vs "array of one or more regular expressions", for example). Acknowledged.
33 }	34 }

34	35

35 file {"/etc/fail2ban/filter.d/$title.conf":	36 # The $name parameter is used to compose the file name.

	37 file {"/etc/fail2ban/filter.d/$name.conf":

36 ensure => $ensure,	38 ensure => $ensure,

37 content => template("fail2ban/filter.erb"),	39 content => template("fail2ban/filter.erb"),

38 group => 'root',	40 group => 'root',

39 mode => '0644',	41 mode => '0644',

40 owner => 'root',	42 owner => 'root',

41 require => Package['fail2ban'],	43 require => Package['fail2ban'],

42 notify => Service['fail2ban'],	44 notify => Service['fail2ban'],

43 }	45 }

44 }	46 }

45	47

LEFT	RIGHT