kosmos/chef
kosmos/chef
8
3
Fork 0
Code Issues 30 Pull Requests 3 Projects 2 Activity
chef/cookbooks/firewall/resources/firewalld_service.rb
Greg Karékinian 68ce3c4834 Update the firewall cookbook to the latest version 
This gives us comments from the named resources
2023-06-29 15:08:44 +02:00

99 lines
3.5 KiB
Ruby
Raw Blame History

unified_mode true
provides :firewalld_service,
os: 'linux'
property :version,
String,
description: 'see version attribute of service tag in firewalld.service(5).'
property :short,
String,
name_property: true,
description: 'see short tag in firewalld.service(5).'
property :description,
String,
description: 'see description tag in firewalld.service(5).'
property :ports,
[Array, String],
description: 'array of port and protocol pairs. See port tag in firewalld.service(5).',
coerce: proc { |o| Array(o) }
property :module_names,
[Array, String],
description: 'array of kernel netfilter helpers, see module tag in firewalld.service(5).',
coerce: proc { |o| Array(o) }
property :destination,
Hash,
description: 'hash of {IP family : IP address} where \'IP family\' key can be either \'ipv4\' or \'ipv6\'. See destination tag in firewalld.service(5).'
property :protocols,
[Array, String],
description: 'array of protocols, see protocol tag in firewalld.service(5).',
coerce: proc { |o| Array(o) }
property :source_ports,
[Array, String],
description: 'array of port and protocol pairs. See source-port tag in firewalld.service(5).',
coerce: proc { |o| Array(o) }
property :includes,
[Array, String],
description: 'array of service includes, see include tag in firewalld.service(5).',
coerce: proc { |o| Array(o) }
property :helpers,
[Array, String],
description: 'array of service helpers, see helper tag in firewalld.service(5).',
coerce: proc { |o| Array(o) }
load_current_value do |new_resource|
sysbus = DBus.system_bus
firewalld_service = sysbus['org.fedoraproject.FirewallD1']
firewalld_object = firewalld_service['/org/fedoraproject/FirewallD1/config']
fw_config = firewalld_object['org.fedoraproject.FirewallD1.config']
if fw_config.getServiceNames.include?(new_resource.short)
service_path = fw_config.getServiceByName(new_resource.short)
object = firewalld_service[service_path]
config_service = object['org.fedoraproject.FirewallD1.config.service']
config_service.getSettings2.each do |k, v|
send(k, v)
end
else
Chef::Log.info "Service #{new_resource.short} does not exist. Will be created."
end
end
action :update do
dbus = DBus.system_bus
fw = firewalld_interface(dbus)
fw_config = config_interface(dbus)
reload = false
unless fw_config.getServiceNames.include?(new_resource.short)
fw_config.addService2(new_resource.short, {})
end
service_path = fw_config.getServiceByName(new_resource.short)
service = service_interface(dbus, service_path)
properties = new_resource.class.state_properties.map(&:name)
properties.each do |property|
new_value = new_resource.send(property)
next unless new_value
if [:ports, :source_ports].include?(property)
new_value = DBus.variant('a(ss)', new_value.map { |e| e.split('/') })
elsif property == :description
new_value = default_description(new_resource)
end
converge_if_changed property do
key = property == :short ? 'name' : property.to_s
service.update2({ key => new_value })
reload = true
end
end
if reload
converge_by ['reload permanent configuration of firewalld'] do
fw.reload
end
end
end
action_class do
include FirewallCookbook::Helpers
include FirewallCookbook::Helpers::FirewalldDBus
end
Reference in New Issue View Git Blame Copy Permalink