You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
When using the state parameter as an array with a single value, the matching routine expects the loaded value to also be an array, even if there is only a single value within the array.
Expected Behavior
Whilst the policy applies cleanly, re-applying the policy will attempt to update the rule every time the policy is applied.
Steps to Reproduce
Steps to reproduce the behavior:
Define firewall policy similar to:
firewall { '997 drop invalid forward (v4)':
chain => 'FORWARD',
proto => 'all',
state => ['INVALID'],
jump => 'DROP',
before => undef,
}
Apply.
Ouput expected:
...
Notice: /Stage[main]/Profile::Base::Firewall::Post/Firewall[997 drop invalid forward (v4)]/state: current_value 'INVALID', should be ['INVALID'] (noop) (corrective)
...
Environment
Version: module tag v8.0.2, puppet 8.6.0
Platform: RHEL7, RHEL9
Additional Context
Reducing the value to a string does clean up the issue:
firewall { '997 drop invalid forward (v4)':
chain => 'FORWARD',
proto => 'all',
state => 'INVALID',
jump => 'DROP',
before => undef,
}
However I feel that a single-entry array for this parameter should not cause an error. When comparing the rules, the single-entry array should be flattened to a string to match how it is loaded from the destination system. (or vice-versa).
This is a changed behaviour in the module, admittedly from a much older release.
The text was updated successfully, but these errors were encountered:
Describe the Bug
When using the state parameter as an array with a single value, the matching routine expects the loaded value to also be an array, even if there is only a single value within the array.
Expected Behavior
Whilst the policy applies cleanly, re-applying the policy will attempt to update the rule every time the policy is applied.
Steps to Reproduce
Steps to reproduce the behavior:
Environment
Additional Context
Reducing the value to a string does clean up the issue:
However I feel that a single-entry array for this parameter should not cause an error. When comparing the rules, the single-entry array should be flattened to a string to match how it is loaded from the destination system. (or vice-versa).
This is a changed behaviour in the module, admittedly from a much older release.
The text was updated successfully, but these errors were encountered: