Make the 'set' parameter optional

[kasimon]

Affected Puppet, Ruby, OS and module versions/distributions

• Puppet: 6.12.0
• Ruby: 2.5.7p206 (2019-10-01 revision 67816) [x86_64-linux]
• Distribution: Debian 10
• Module version: 1.2.0

How to reproduce (e.g Puppet code you use)

    ipset::set { 'dynamicblocklist':
      ensure => present,
      type   => 'hash:ip',
    }
    -> firewall { '500 allow trafic on port 1234':
      proto => tcp,
      dport => 1234,
      ipset => 'dynamicblocklist src',
    }

Reason is we want to ensure a ipset exists in order to be able to use it in a firewall statement, but the list content itself is supposed to be managed on the system itself (for example to dynamically block malicious clients). For this we need an option to have the module ignore the content of the ipset.

What are you seeing

Error 500 on SERVER: Server Error: Evaluation Error: Error while evaluating a Resource Statement, Ipset::Set[setclients]: expects a value for parameter 'set'

What behaviour did you expect instead

An empty ipset is created and and on later runs the content of the ipset is ignored.

[bastelfreak]

@kasimon thanks for bringing this up. Are you able to provide a patch for this?

[kasimon]

@bastelfreak I'll try, but ruby is really not my strong side.

[mnejedlo-tds]

Wouldn't the already existing ipset::unmanaged meet this need?

[kasimon]

@mnejedlo-tds That's great, exactly what I need! I think I overlooked it because it's not documented in the README. I'll add a PR to update the documentation.