From: Tom Hughes <tom@compton.nu>
Date: Tue, 7 Mar 2023 19:16:42 +0000 (+0000)
Subject: Simplify rate limit and connection limit configuration
X-Git-Url: https://git.openstreetmap.org./chef.git/commitdiff_plain/00a01daa46b9837c96684940c52ecafca43381f2

Simplify rate limit and connection limit configuration
---

diff --git a/cookbooks/networking/attributes/default.rb b/cookbooks/networking/attributes/default.rb
index 829a6465e..dcecbb5f6 100644
--- a/cookbooks/networking/attributes/default.rb
+++ b/cookbooks/networking/attributes/default.rb
@@ -2,8 +2,8 @@ default[:networking][:firewall][:enabled] = true
 default[:networking][:firewall][:sets] = []
 default[:networking][:firewall][:incoming] = []
 default[:networking][:firewall][:outgoing] = []
-default[:networking][:firewall][:http_rate_limit] = "-"
-default[:networking][:firewall][:http_connection_limit] = "-"
+default[:networking][:firewall][:http_rate_limit] = nil
+default[:networking][:firewall][:http_connection_limit] = nil
 default[:networking][:firewall][:allowlist] = []
 default[:networking][:roles] = {}
 default[:networking][:interfaces] = {}
diff --git a/cookbooks/networking/resources/firewall_rule.rb b/cookbooks/networking/resources/firewall_rule.rb
index e5f07dca6..385727647 100644
--- a/cookbooks/networking/resources/firewall_rule.rb
+++ b/cookbooks/networking/resources/firewall_rule.rb
@@ -31,8 +31,8 @@ property :dest, :kind_of => String, :required => true
 property :proto, :kind_of => String, :required => true
 property :dest_ports, :kind_of => [String, Integer, Array]
 property :source_ports, :kind_of => [String, Integer, Array]
-property :rate_limit, :kind_of => String, :default => "-"
-property :connection_limit, :kind_of => [String, Integer], :default => "-"
+property :rate_limit, :kind_of => String
+property :connection_limit, :kind_of => [String, Integer]
 
 property :compile_time, TrueClass, :default => true
 
@@ -96,7 +96,7 @@ action_class do
 
     rule << "ct state new" if new_resource.proto == "tcp"
 
-    if new_resource.connection_limit != "-"
+    if new_resource.connection_limit
       set = "connlimit-#{new_resource.rule}-#{ip}"
 
       node.default[:networking][:firewall][:sets] << set