Update cookbooks

2016-04-16 00:15:56 +02:00
parent 3854ab7232
commit c50b096c37
127 changed files with 1792 additions and 7431 deletions
--- a/cookbooks/firewall/CHANGELOG.md
+++ b/cookbooks/firewall/CHANGELOG.md
@@ -2,6 +2,14 @@ firewall Cookbook CHANGELOG
 =======================
 This file is used to list changes made in each version of the firewall cookbook.

+v2.5.0 (2016-03-08)
+-------------------
+* Don't modify parameter for port (#120)
+* Remove a reference to the wrong variable name under windows (#123)
+* Add support for mobile shell default firewall rule (#121)
+* New rubocop rules and style fixes
+* Correct a README.md example for `action :allow`
+
 v2.4.0 (2016-01-28)
 -------------------
 * Expose default iptables ruleset so that raw rules can be used in conjunction
--- a/cookbooks/firewall/README.md
+++ b/cookbooks/firewall/README.md
@@ -87,6 +87,7 @@ The default recipe creates a firewall resource with action install, and if `node
 # Attributes

 * `default['firewall']['allow_ssh'] = false`, set true to open port 22 for SSH when the default recipe runs
+* `default['firewall']['allow_mosh'] = false`, set to true to open UDP ports 60000 - 61000 for [Mosh][0] when the default recipe runs
 * `default['firewall']['allow_winrm'] = false`, set true to open port 5989 for WinRM when the default recipe runs

 * `default['firewall']['ubuntu_iptables'] = false`, set to true to use iptables on Ubuntu / Debian when using the default recipe
@@ -245,7 +246,7 @@ end
 firewall_rule 'http/https' do
  protocol :tcp
  port     [80, 443]
-  action   :allow
+  command   :allow
 end

 firewall 'default' do
@@ -321,3 +322,5 @@ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 See the License for the specific language governing permissions and
 limitations under the License.
 ```
+
+[0]: https://mosh.mit.edu/
--- a/cookbooks/firewall/attributes/default.rb
+++ b/cookbooks/firewall/attributes/default.rb
@@ -1,2 +1,3 @@
 default['firewall']['allow_ssh'] = false
 default['firewall']['allow_winrm'] = false
+default['firewall']['allow_mosh'] = false
--- a/cookbooks/firewall/libraries/helpers.rb
+++ b/cookbooks/firewall/libraries/helpers.rb
@@ -10,8 +10,8 @@ module FirewallCookbook
      elsif p && p.is_a?(Integer)
        p.to_s
      elsif p && p.is_a?(Array)
-        p.map! { |o| port_to_s(o) }
-        p.sort.join(',')
+        p_strings = p.map { |o| port_to_s(o) }
+        p_strings.sort.join(',')
      elsif p && p.is_a?(Range)
        if platform_family?('windows')
          "#{p.first}-#{p.last}"
@@ -79,10 +79,10 @@ module FirewallCookbook
        rules.each do |k, v|
          next unless v == sorted_value
          contents << if k.start_with?('COMMIT')
-            'COMMIT'
-            else
-              k
-            end
+                        'COMMIT'
+                      else
+                        k
+                      end
        end
      end
      "#{contents.join("\n")}\n"
--- a/cookbooks/firewall/libraries/helpers_ufw.rb
+++ b/cookbooks/firewall/libraries/helpers_ufw.rb
@@ -42,7 +42,7 @@ module FirewallCookbook
          msg << "firewall_rule[#{new_resource.name}] was asked to "
          msg << "#{new_resource.command} a stateful rule using #{new_resource.stateful} "
          msg << 'but ufw does not support this kind of rule. Consider guarding by platform_family.'
-          fail msg
+          raise msg
        end

        # if we don't do this, ufw will fail as it does not support protocol numbers, so we'll only allow it to run if specifying icmp/tcp/udp protocol types
@@ -51,7 +51,7 @@ module FirewallCookbook
          msg << "firewall_rule[#{new_resource.name}] was asked to "
          msg << "#{new_resource.command} a rule using protocol #{new_resource.protocol} "
          msg << 'but ufw does not support this kind of rule. Consider guarding by platform_family.'
-          fail msg
+          raise msg
        end

        # some examples:
--- a/cookbooks/firewall/libraries/helpers_windows.rb
+++ b/cookbooks/firewall/libraries/helpers_windows.rb
@@ -66,7 +66,7 @@ module FirewallCookbook
        if new_resource.direction.to_sym == :out
          parameters['localip'] = new_resource.source ? fixup_cidr(new_resource.source) : 'any'
          parameters['localport'] = new_resource.source_port ? port_to_s(new_resource.source_port) : 'any'
-          parameters['interfacetype'] = new_resource.source_interface ? new_resource.source_interface : 'any'
+          parameters['interfacetype'] = new_resource.interface ? new_resource.interface : 'any'
          parameters['remoteip'] = new_resource.destination ? fixup_cidr(new_resource.destination) : 'any'
          parameters['remoteport'] = port_to_s(new_resource.dest_port) ? new_resource.dest_port : 'any'
        else
--- a/cookbooks/firewall/libraries/provider_firewall_rule.rb
+++ b/cookbooks/firewall/libraries/provider_firewall_rule.rb
@@ -25,7 +25,7 @@ class Chef
      return unless new_resource.notify_firewall

      firewall_resource = run_context.resource_collection.find(firewall: new_resource.firewall_name)
-      fail 'could not find a firewall resource' unless firewall_resource
+      raise 'could not find a firewall resource' unless firewall_resource

      new_resource.notifies(:restart, firewall_resource, :delayed)
      new_resource.updated_by_last_action(true)
--- a/cookbooks/firewall/metadata.json
+++ b/cookbooks/firewall/metadata.json
--- a/cookbooks/firewall/recipes/default.rb
+++ b/cookbooks/firewall/recipes/default.rb
@@ -39,6 +39,13 @@ firewall_rule 'allow world to winrm' do
  only_if { windows? && node['firewall']['allow_winrm'] }
 end

+firewall_rule 'allow world to mosh' do
+  protocol :udp
+  port 60000..61000
+  source '0.0.0.0/0'
+  only_if { linux? && node['firewall']['allow_mosh'] }
+end
+
 # allow established connections, ufw defaults to this but iptables does not
 firewall_rule 'established' do
  stateful [:related, :established]