Skip to content

Allow explicitly set default log_level #1213

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Open
wants to merge 2 commits into
base: main
Choose a base branch
from
Open

Allow explicitly set default log_level #1213

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
2 commits
Select commit Hold shift + click to select a range
8b7607c
Allow explicitly set default log_level
2fa Apr 5, 2024
b945a2e
Refresh type description
2fa Apr 5, 2024
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
3 changes: 1 addition & 2 deletions REFERENCE.md
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -995,8 +995,7 @@ Data type: `Optional[Variant[Integer[0,7],String[1]]]`

When combined with jump => "LOG" specifies the system log level to log to.

Note: log level 4/warn is the default setting and as such it is not returned by iptables-save.
As a result, explicitly setting `log_level` to this can result in idempotency errors.
Note: log level 4/warn is the default setting.

##### `log_prefix`

Expand Down
7 changes: 6 additions & 1 deletion lib/puppet/provider/firewall/firewall.rb
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -189,6 +189,11 @@ class Puppet::Provider::Firewall::Firewall
:time_contiguous, :kernel_timezone, :clusterip_new, :queue_bypass, :ipvs, :notrack
]

# These are known resources that is omitted from the output of iptables-save if default value is set.
$known_omitted_defaults = [
:log_level
]

# Properties that use "-m <ipt module name>" (with the potential to have multiple
# arguments against the same IPT module) must be in this hash. The keys in this
# hash are the IPT module names, with the values being an array of the respective
Expand Down Expand Up @@ -326,7 +331,7 @@ def insync?(context, _name, property_name, is_hash, should_hash)
context.debug("Checking whether '#{property_name}' is out of sync")

# If either value is nil, no custom logic is required
return nil if is_hash[property_name].nil? || should_hash[property_name].nil?
return nil if (is_hash[property_name].nil? || should_hash[property_name].nil?) && !$known_omitted_defaults.include?(property_name)

case property_name
when :protocol
Expand Down
3 changes: 1 addition & 2 deletions lib/puppet/type/firewall.rb
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -1230,8 +1230,7 @@
desc: <<-DESC
When combined with jump => "LOG" specifies the system log level to log to.

Note: log level 4/warn is the default setting and as such it is not returned by iptables-save.
As a result, explicitly setting `log_level` to this can result in idempotency errors.
Note: log level 4/warn is the default setting.
DESC
},
log_uid: {
Expand Down
1 change: 1 addition & 0 deletions lib/puppet_x/puppetlabs/firewall/utility.rb
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -197,6 +197,7 @@ def self.log_level_name_to_number(value)
when 'not', 'notice' then '5'
when 'info' then '6'
when 'debug' then '7'
when nil then '4'
else nil
end
end
Expand Down