Vendor the external cookbooks

Knife-Zero doesn't include Berkshelf support, so vendoring everything in the repo is convenient again
2019-10-13 19:17:42 +02:00
parent f4bfe31ac1
commit a32f34b408
1245 changed files with 100630 additions and 0 deletions
--- a/cookbooks/firewall/libraries/helpers.rb
+++ b/cookbooks/firewall/libraries/helpers.rb
@@ -0,0 +1,100 @@
+module FirewallCookbook
+  module Helpers
+    def dport_calc(new_resource)
+      new_resource.dest_port || new_resource.port
+    end
+
+    def port_to_s(p)
+      if p.is_a?(String)
+        p
+      elsif p && p.is_a?(Integer)
+        p.to_s
+      elsif p && p.is_a?(Array)
+        p_strings = p.map { |o| port_to_s(o) }
+        p_strings.sort.join(',')
+      elsif p && p.is_a?(Range)
+        if platform_family?('windows')
+          "#{p.first}-#{p.last}"
+        else
+          "#{p.first}:#{p.last}"
+        end
+      end
+    end
+
+    def ipv6_enabled?(new_resource)
+      new_resource.ipv6_enabled
+    end
+
+    def disabled?(new_resource)
+      # if either flag is found in the non-default boolean state
+      disable_flag = !(new_resource.enabled && !new_resource.disabled)
+
+      Chef::Log.warn("#{new_resource} has been disabled, not proceeding") if disable_flag
+      disable_flag
+    end
+
+    def ip_with_mask(new_resource, ip)
+      if ip.include?('/')
+        ip
+      elsif ipv4_rule?(new_resource)
+        "#{ip}/32"
+      elsif ipv6_rule?(new_resource)
+        "#{ip}/128"
+      else
+        ip
+      end
+    end
+
+    # ipv4-specific rule?
+    def ipv4_rule?(new_resource)
+      if (new_resource.source && IPAddr.new(new_resource.source).ipv4?) ||
+         (new_resource.destination && IPAddr.new(new_resource.destination).ipv4?)
+        true
+      else
+        false
+      end
+    end
+
+    # ipv6-specific rule?
+    def ipv6_rule?(new_resource)
+      if (new_resource.source && IPAddr.new(new_resource.source).ipv6?) ||
+         (new_resource.destination && IPAddr.new(new_resource.destination).ipv6?) ||
+         new_resource.protocol =~ /ipv6/ ||
+         new_resource.protocol =~ /icmpv6/
+        true
+      else
+        false
+      end
+    end
+
+    def ubuntu?(current_node)
+      current_node['platform'] == 'ubuntu'
+    end
+
+    def build_rule_file(rules)
+      contents = []
+      sorted_values = rules.values.sort.uniq
+      sorted_values.each do |sorted_value|
+        contents << "# position #{sorted_value}"
+        rules.each do |k, v|
+          next unless v == sorted_value
+
+          contents << if repeatable_directives(k)
+                        k[/[^_]+/]
+                      else
+                        k
+                      end
+        end
+      end
+      "#{contents.join("\n")}\n"
+    end
+
+    def repeatable_directives(s)
+      %w(:OUTPUT :INPUT :POSTROUTING :PREROUTING COMMIT).each do |special|
+        return true if s.start_with?(special)
+      end
+
+      false
+    end
+  end
+end