Update the firewall cookbook to the latest version

This gives us comments from the named resources
2023-06-29 15:08:44 +02:00
parent 916ae8094c
commit 68ce3c4834
72 changed files with 4774 additions and 448 deletions
--- a/cookbooks/firewall/libraries/helpers_firewalld_dbus.rb
+++ b/cookbooks/firewall/libraries/helpers_firewalld_dbus.rb
@@ -0,0 +1,72 @@
+module FirewallCookbook
+  module Helpers
+    module FirewalldDBus
+      def firewalld(system_bus)
+        system_bus['org.fedoraproject.FirewallD1']
+      end
+
+      def firewalld_object(system_bus)
+        firewalld(system_bus)['/org/fedoraproject/FirewallD1']
+      end
+
+      def firewalld_interface(system_bus)
+        firewalld_object(system_bus)['org.fedoraproject.FirewallD1']
+      end
+
+      def config_object(system_bus)
+        firewalld(system_bus)['/org/fedoraproject/FirewallD1/config']
+      end
+
+      def config_interface(system_bus)
+        config_object(system_bus)['org.fedoraproject.FirewallD1.config']
+      end
+
+      def icmptype_interface(dbus, icmptype_path)
+        icmptype_object = firewalld(dbus)[icmptype_path]
+        icmptype_object['org.fedoraproject.FirewallD1.config.icmptype']
+      end
+
+      def ipset_interface(dbus, ipset_path)
+        ipset_object = firewalld(dbus)[ipset_path]
+        ipset_object['org.fedoraproject.FirewallD1.config.ipset']
+      end
+
+      def helper_interface(dbus, helper_path)
+        helper_object = firewalld(dbus)[helper_path]
+        helper_object['org.fedoraproject.FirewallD1.config.helper']
+      end
+
+      def service_interface(dbus, service_path)
+        service_object = firewalld(dbus)[service_path]
+        service_object['org.fedoraproject.FirewallD1.config.service']
+      end
+
+      def policy_interface(dbus, policy_path)
+        policy_object = firewalld(dbus)[policy_path]
+        policy_object['org.fedoraproject.FirewallD1.config.policy']
+      end
+
+      def zone_interface(dbus, zone_path)
+        zone_object = firewalld(dbus)[zone_path]
+        zone_object['org.fedoraproject.FirewallD1.config.zone']
+      end
+
+      # port=portid[-portid]:proto=protocol[:toport=portid[-portid]][:toaddr=address[/mask]]
+      def parse_forward_ports(forward_ports)
+        port_regex = %r{port=([\w-]+):proto=([\w]+)(:toport=([\w-]+)|)(:toaddr=([\d\./]+)|)}
+        captures = forward_ports.match(port_regex).captures
+        captures.delete_at(4)
+        captures.delete_at(2)
+        captures.map { |e| e || '' }
+      end
+
+      def forward_ports_to_dbus(new_resource)
+        fwp = new_resource.forward_ports.map do |e|
+          parse_forward_ports(e)
+        end
+        new_resource.forward_ports = fwp
+        DBus.variant('a(ssss)', new_resource.forward_ports)
+      end
+    end
+  end
+end