107 lines
3.1 KiB
Ruby
107 lines
3.1 KiB
Ruby
unified_mode true
|
|
|
|
provides :firewalld_helper,
|
|
os: 'linux'
|
|
|
|
property :version,
|
|
String,
|
|
default: '',
|
|
description: 'see version attribute of helper tag in firewalld.helper(5).'
|
|
property :short,
|
|
String,
|
|
name_property: true,
|
|
description: 'see short tag in firewalld.helper(5).'
|
|
property :description,
|
|
String,
|
|
description: 'see description tag in firewalld.helper(5).'
|
|
property :family,
|
|
String,
|
|
equal_to: %w(ipv4 ipv6),
|
|
default: 'ipv4',
|
|
description: 'see family tag in firewalld.helper(5).'
|
|
property :nf_module,
|
|
String,
|
|
description: 'see module tag in firewalld.helper(5).'
|
|
property :ports,
|
|
[Array, String],
|
|
default: [],
|
|
description: 'array of port and protocol pairs. See port tag in firewalld.helper(5).',
|
|
coerce: proc { |o| Array(o) }
|
|
|
|
load_current_value do |new_resource|
|
|
dbus = DBus.system_bus
|
|
firewalld_service = dbus['org.fedoraproject.FirewallD1']
|
|
firewalld_object = firewalld_service['/org/fedoraproject/FirewallD1/config']
|
|
fw_config = firewalld_object['org.fedoraproject.FirewallD1.config']
|
|
if fw_config.getHelperNames.include?(new_resource.short)
|
|
helper_path = fw_config.getHelperByName(new_resource.short)
|
|
object = firewalld_service[helper_path]
|
|
config_helper = object['org.fedoraproject.FirewallD1.config.helper']
|
|
settings = config_helper.getSettings
|
|
version settings[0]
|
|
# short settings[1]
|
|
description settings[2]
|
|
family settings[3]
|
|
nf_module settings[4]
|
|
ports settings[5]
|
|
else
|
|
Chef::Log.info "Helper #{new_resource.short} does not exist. Will be created."
|
|
end
|
|
end
|
|
|
|
action :update do
|
|
dbus = DBus.system_bus
|
|
fw = firewalld_interface(dbus)
|
|
fw_config = config_interface(dbus)
|
|
helper_names = fw_config.getHelperNames
|
|
reload = false
|
|
if !helper_names.include?(new_resource.short)
|
|
values = [
|
|
new_resource.version,
|
|
new_resource.short,
|
|
default_description(new_resource),
|
|
new_resource.family,
|
|
new_resource.nf_module,
|
|
new_resource.ports.map { |e| e.split('/') },
|
|
]
|
|
converge_by "Add Helper #{new_resource.short}" do
|
|
fw_config.addHelper(new_resource.short, values)
|
|
end
|
|
reload = true
|
|
else
|
|
helper_path = fw_config.getHelperByName(new_resource.short)
|
|
helper = helper_interface(dbus, helper_path)
|
|
converge_if_changed :version do
|
|
helper.setVersion new_resource.version
|
|
reload = true
|
|
end
|
|
converge_if_changed :description do
|
|
helper.setDescription default_description(new_resource)
|
|
reload = true
|
|
end
|
|
converge_if_changed :family do
|
|
helper.setFamily new_resource.family
|
|
reload = true
|
|
end
|
|
converge_if_changed :nf_module do
|
|
helper.setModule new_resource.nf_module
|
|
reload = true
|
|
end
|
|
converge_if_changed :ports do
|
|
helper.setPorts new_resource.ports.map { |e| e.split('/') }
|
|
reload = true
|
|
end
|
|
end
|
|
|
|
if reload
|
|
converge_by ['reload permanent configuration of firewalld'] do
|
|
fw.reload
|
|
end
|
|
end
|
|
end
|
|
|
|
action_class do
|
|
include FirewallCookbook::Helpers
|
|
include FirewallCookbook::Helpers::FirewalldDBus
|
|
end
|