Update the firewall cookbook to the latest version

This gives us comments from the named resources
2023-06-29 15:08:44 +02:00
parent 916ae8094c
commit 68ce3c4834
72 changed files with 4774 additions and 448 deletions
--- a/cookbooks/firewall/libraries/provider_firewall_iptables_ubuntu.rb
+++ b/cookbooks/firewall/libraries/provider_firewall_iptables_ubuntu.rb
@@ -3,7 +3,7 @@
 # Cookbook:: firewall
 # Resource:: default
 #
-# Copyright:: 2011-2016, Chef Software, Inc.
+# Copyright:: 2011-2019, Chef Software, Inc.
 #
 # Licensed under the Apache License, Version 2.0 (the "License");
 # you may not use this file except in compliance with the License.
@@ -23,14 +23,15 @@ class Chef
    include FirewallCookbook::Helpers::Iptables

    provides :firewall, os: 'linux', platform_family: %w(debian) do |node|
-      node['platform_version'].to_f > 14.04 && node['firewall'] && node['firewall']['ubuntu_iptables']
+      node['firewall'] && node['firewall']['ubuntu_iptables'] &&
+        node['platform_version'].to_f > (node['platform'] == 'ubuntu' ? 14.04 : 7)
    end

    def whyrun_supported?
      false
    end

-    def action_install
+    action :install do
      return if disabled?(new_resource)

      # Ensure the package is installed
@@ -63,7 +64,7 @@ class Chef
      end
    end

-    def action_restart
+    action :restart do
      return if disabled?(new_resource)

      # prints all the firewall rules
@@ -97,6 +98,8 @@ class Chef
        end
      end

+      restart_service = false
+
      rule_files = %w(iptables)
      rule_files << 'ip6tables' if ipv6_enabled?(new_resource)

@@ -119,17 +122,19 @@ class Chef
        iptables_file.run_action(:create)

        # if the file was changed, restart iptables
-        next unless iptables_file.updated_by_last_action?
+        restart_service = true if iptables_file.updated_by_last_action?
+      end
+
+      if restart_service
        service_affected = service 'netfilter-persistent' do
          action :nothing
        end
-
-        new_resource.notifies(:restart, service_affected, :delayed)
+        service_affected.run_action(:restart)
        new_resource.updated_by_last_action(true)
      end
    end

-    def action_disable
+    action :disable do
      return if disabled?(new_resource)

      iptables_flush!(new_resource)
@@ -152,7 +157,7 @@ class Chef
      end
    end

-    def action_flush
+    action :flush do
      return if disabled?(new_resource)

      iptables_flush!(new_resource)