itamae-plugin-resource-firewalld 0.0.5 → 0.0.6
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- checksums.yaml +4 -4
- data/.travis.yml +10 -1
- data/README.md +1 -1
- data/examples/README.md +10 -24
- data/examples/recipe.rb +1 -2
- data/itamae-plugin-resource-firewalld.gemspec +1 -1
- data/lib/itamae/plugin/resource/firewalld/version.rb +1 -1
- data/lib/itamae/plugin/resource/firewalld_service.rb +34 -12
- data/test/helper.rb +14 -0
- data/test/itamae/plugin/resource/test_firewalld_service.rb +23 -34
- metadata +4 -4
checksums.yaml
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
---
|
|
2
2
|
SHA1:
|
|
3
|
-
metadata.gz:
|
|
4
|
-
data.tar.gz:
|
|
3
|
+
metadata.gz: 4807810bd464e363989c8de9382f9789a54b929a
|
|
4
|
+
data.tar.gz: 9fd487b59fa8e659f59d15e1e5dd0d01b9e149f5
|
|
5
5
|
SHA512:
|
|
6
|
-
metadata.gz:
|
|
7
|
-
data.tar.gz:
|
|
6
|
+
metadata.gz: bb05092f5c6aab47f91bfe5a1b0664d9d2014c63c4a1fbb353d517d9f506dbd30b56f910dd81f60f7b9a8cca7129a8f74e2ec99a727bedc2566a1390f2b86135
|
|
7
|
+
data.tar.gz: 6035f2c23cdea29bb99359b92fb37a082ec67f3da48a883927694c991054e8eb6c2bde24ad4f6ffd8d0d78703e1fe3e2611765e2bee98787be84662e3eb4c5d1
|
data/.travis.yml
CHANGED
data/README.md
CHANGED
data/examples/README.md
CHANGED
|
@@ -17,30 +17,16 @@ $ cd ./examples/
|
|
|
17
17
|
$ vagrant up
|
|
18
18
|
$ bundle exec itamae ssh -h default --vagrant recipe.rb
|
|
19
19
|
INFO : Starting Itamae...
|
|
20
|
-
INFO : Recipe: /
|
|
21
|
-
INFO :
|
|
22
|
-
INFO :
|
|
23
|
-
INFO :
|
|
24
|
-
INFO :
|
|
25
|
-
INFO :
|
|
26
|
-
INFO :
|
|
27
|
-
INFO :
|
|
28
|
-
INFO :
|
|
29
|
-
INFO :
|
|
30
|
-
INFO : action: restart
|
|
31
|
-
INFO : firewalld_zone[home]
|
|
32
|
-
INFO : action: update
|
|
33
|
-
INFO : services will change from '["dhcpv6-client", "ipp-client", "mdns", "samba-client", "ssh"]' to '["samba", "ssh", "vnc-server"]'
|
|
34
|
-
INFO : ports will change from '[]' to '["1900/udp", "32469/tcp", "5353/udp"]'
|
|
35
|
-
INFO : Notifying restart to service resource 'firewalld' (delayed)
|
|
36
|
-
INFO : firewalld_zone[public]
|
|
37
|
-
INFO : action: update
|
|
38
|
-
INFO : services will change from '["dhcpv6-client", "ssh"]' to '["https", "my-ssh", "mysql", "ssh"]'
|
|
39
|
-
INFO : Notifying restart to service resource 'firewalld' (delayed)
|
|
40
|
-
INFO : service[firewalld-add-service]
|
|
41
|
-
INFO : action: restart
|
|
42
|
-
INFO : service[firewalld]
|
|
43
|
-
INFO : action: restart
|
|
20
|
+
INFO : Recipe: /Users/gongo/.ghq/github.com/gongo/itamae-plugin-resource-firewalld/examples/recipe.rb
|
|
21
|
+
INFO : service[firewalld] running will change from 'false' to 'true'
|
|
22
|
+
INFO : service[firewalld] enabled will change from 'false' to 'true'
|
|
23
|
+
INFO : firewalld_service[my-ssh] ports will change from '[]' to '["2222/tcp"]'
|
|
24
|
+
INFO : Notifying restart to service resource 'firewalld-add-service' (delayed)
|
|
25
|
+
INFO : firewalld_zone[home] services will change from '["dhcpv6-client", "ipp-client", "mdns", "samba-client", "ssh"]' to '["samba", "ssh", "vnc-server"]'
|
|
26
|
+
INFO : firewalld_zone[home] ports will change from '[]' to '["1900/udp", "32469/tcp", "5353/udp"]'
|
|
27
|
+
INFO : Notifying restart to service resource 'firewalld' (delayed)
|
|
28
|
+
INFO : firewalld_zone[public] services will change from '["dhcpv6-client", "ssh"]' to '["https", "my-ssh", "mysql", "ssh"]'
|
|
29
|
+
INFO : Notifying restart to service resource 'firewalld' (delayed)
|
|
44
30
|
```
|
|
45
31
|
|
|
46
32
|
### Confirmation
|
data/examples/recipe.rb
CHANGED
|
@@ -23,5 +23,5 @@ Gem::Specification.new do |spec|
|
|
|
23
23
|
spec.add_development_dependency 'test-unit', '~> 3.0.1'
|
|
24
24
|
spec.add_development_dependency 'mocha'
|
|
25
25
|
spec.add_development_dependency 'coveralls'
|
|
26
|
-
spec.add_dependency 'itamae', '~> 1.2.
|
|
26
|
+
spec.add_dependency 'itamae', '~> 1.2.14'
|
|
27
27
|
end
|
|
@@ -11,8 +11,7 @@ module Itamae
|
|
|
11
11
|
|
|
12
12
|
define_attribute :short, type: String, default: ''
|
|
13
13
|
define_attribute :description, type: String, default: ''
|
|
14
|
-
define_attribute :
|
|
15
|
-
define_attribute :port, type: String, default: ''
|
|
14
|
+
define_attribute :ports, type: Array, default: []
|
|
16
15
|
define_attribute :module_name, type: String, default: ''
|
|
17
16
|
define_attribute :to_ipv4, type: String, default: ''
|
|
18
17
|
define_attribute :to_ipv6, type: String, default: ''
|
|
@@ -35,9 +34,12 @@ module Itamae
|
|
|
35
34
|
current.description = service['description'].text
|
|
36
35
|
end
|
|
37
36
|
|
|
38
|
-
|
|
39
|
-
|
|
40
|
-
|
|
37
|
+
current.ports = service.collect('port') do |port|
|
|
38
|
+
if port.attributes['port'].nil? || port.attributes['port'].empty?
|
|
39
|
+
port.attributes['protocol']
|
|
40
|
+
else
|
|
41
|
+
"#{port.attributes['port']}/#{port.attributes['protocol']}"
|
|
42
|
+
end
|
|
41
43
|
end
|
|
42
44
|
|
|
43
45
|
if service['module']
|
|
@@ -50,6 +52,12 @@ module Itamae
|
|
|
50
52
|
end
|
|
51
53
|
end
|
|
52
54
|
|
|
55
|
+
def show_differences
|
|
56
|
+
current.ports = normalize_ports(current.ports)
|
|
57
|
+
attributes.ports = normalize_ports(attributes.ports)
|
|
58
|
+
super
|
|
59
|
+
end
|
|
60
|
+
|
|
53
61
|
def action_create(options)
|
|
54
62
|
run_specinfra(:move_file, build_xmlfile_on_remote, service_xmlfile_path)
|
|
55
63
|
attributes.status = :defined
|
|
@@ -64,6 +72,16 @@ module Itamae
|
|
|
64
72
|
|
|
65
73
|
private
|
|
66
74
|
|
|
75
|
+
def normalize_ports(ports)
|
|
76
|
+
return [] if ports.nil?
|
|
77
|
+
ports.map(&:to_s).sort
|
|
78
|
+
end
|
|
79
|
+
|
|
80
|
+
# '80/tcp' => ['tcp', 80]; 'igmp' => ['igmp']
|
|
81
|
+
def parse_port(port)
|
|
82
|
+
port.to_s.split('/', 2).reverse
|
|
83
|
+
end
|
|
84
|
+
|
|
67
85
|
def build_xmlfile_on_remote
|
|
68
86
|
local_path = build_xmlfile_on_local
|
|
69
87
|
remote_path = ::File.join(runner.tmpdir, Time.now.to_f.to_s)
|
|
@@ -79,7 +97,7 @@ module Itamae
|
|
|
79
97
|
|
|
80
98
|
add_short_tag
|
|
81
99
|
add_description_tag
|
|
82
|
-
|
|
100
|
+
add_port_tags
|
|
83
101
|
add_module_tag
|
|
84
102
|
add_destination_tag
|
|
85
103
|
|
|
@@ -103,12 +121,16 @@ module Itamae
|
|
|
103
121
|
description.text = attributes.description unless attributes.description.empty?
|
|
104
122
|
end
|
|
105
123
|
|
|
106
|
-
def
|
|
107
|
-
return
|
|
124
|
+
def add_port_tags
|
|
125
|
+
return unless attributes.ports
|
|
108
126
|
|
|
109
|
-
|
|
110
|
-
|
|
111
|
-
|
|
127
|
+
normalize_ports(attributes.ports).each do |port|
|
|
128
|
+
protocol, portnum = parse_port(port)
|
|
129
|
+
|
|
130
|
+
node = @service_document.add_element('port')
|
|
131
|
+
node.add_attribute('protocol', protocol)
|
|
132
|
+
node.add_attribute('port', portnum || '')
|
|
133
|
+
end
|
|
112
134
|
end
|
|
113
135
|
|
|
114
136
|
def add_module_tag
|
|
@@ -131,7 +153,7 @@ module Itamae
|
|
|
131
153
|
end
|
|
132
154
|
|
|
133
155
|
def current_status
|
|
134
|
-
command = ['firewall-cmd', '--permanent', '--
|
|
156
|
+
command = ['firewall-cmd', '--permanent', '--get-services']
|
|
135
157
|
services = run_command(command).stdout.strip.split
|
|
136
158
|
services.include?(attributes.name) ? :defined : :undefined
|
|
137
159
|
end
|
data/test/helper.rb
CHANGED
|
@@ -6,3 +6,17 @@ require 'mocha/test_unit'
|
|
|
6
6
|
require 'itamae'
|
|
7
7
|
|
|
8
8
|
Itamae::Logger.log_device = StringIO.new
|
|
9
|
+
|
|
10
|
+
class BackendMock < ::Itamae::Backend::Local
|
|
11
|
+
class UnexpectedCallError < StandardError ; end
|
|
12
|
+
|
|
13
|
+
attr_reader :sent_file
|
|
14
|
+
|
|
15
|
+
def run_command(*args)
|
|
16
|
+
raise UnexpectedCallError.new('Should have been stubbing')
|
|
17
|
+
end
|
|
18
|
+
|
|
19
|
+
def send_file(src, dst)
|
|
20
|
+
@sent_file = src
|
|
21
|
+
end
|
|
22
|
+
end
|
|
@@ -4,20 +4,12 @@ require 'itamae/plugin/resource/firewalld_service'
|
|
|
4
4
|
module Itamae
|
|
5
5
|
module Plugin
|
|
6
6
|
module Resource
|
|
7
|
-
# Stub
|
|
8
|
-
class FirewalldService
|
|
9
|
-
def send_file(from, to)
|
|
10
|
-
@local_path = from
|
|
11
|
-
end
|
|
12
|
-
|
|
13
|
-
def local_path
|
|
14
|
-
@local_path
|
|
15
|
-
end
|
|
16
|
-
end
|
|
17
|
-
|
|
18
7
|
class TestFirewalldService < Test::Unit::TestCase
|
|
19
8
|
setup do
|
|
20
|
-
@
|
|
9
|
+
@backend = BackendMock.new({})
|
|
10
|
+
runner = stub(tmpdir: ::Dir.tmpdir, backend: @backend)
|
|
11
|
+
recipe = stub(runner: runner)
|
|
12
|
+
@resource = FirewalldService.new(recipe, 'test-service')
|
|
21
13
|
end
|
|
22
14
|
|
|
23
15
|
sub_test_case '#action_delete' do
|
|
@@ -28,7 +20,7 @@ module Itamae
|
|
|
28
20
|
sub_test_case 'predefined service' do
|
|
29
21
|
setup do
|
|
30
22
|
@resource.expects(:run_command)
|
|
31
|
-
.with(['firewall-cmd', '--permanent', '--
|
|
23
|
+
.with(['firewall-cmd', '--permanent', '--get-services'])
|
|
32
24
|
.returns(stub(stdout: 'service1 service2 test-service'))
|
|
33
25
|
end
|
|
34
26
|
|
|
@@ -42,7 +34,7 @@ module Itamae
|
|
|
42
34
|
sub_test_case 'undefined service' do
|
|
43
35
|
setup do
|
|
44
36
|
@resource.expects(:run_command)
|
|
45
|
-
.with(['firewall-cmd', '--permanent', '--
|
|
37
|
+
.with(['firewall-cmd', '--permanent', '--get-services'])
|
|
46
38
|
.returns(stub(stdout: 'service1 service2'))
|
|
47
39
|
end
|
|
48
40
|
|
|
@@ -56,25 +48,10 @@ module Itamae
|
|
|
56
48
|
sub_test_case '#action_create' do
|
|
57
49
|
setup do
|
|
58
50
|
@resource.attributes.action = :create
|
|
59
|
-
@resource.stubs(:runner).returns(stub(tmpdir: ::Dir.tmpdir))
|
|
60
|
-
@resource.stubs(:move_file)
|
|
61
51
|
@resource.stubs(:run_specinfra).with(:move_file, is_a(String), is_a(String))
|
|
62
|
-
|
|
63
52
|
@resource.expects(:notify)
|
|
64
53
|
end
|
|
65
54
|
|
|
66
|
-
sub_test_case 'undefined service' do
|
|
67
|
-
setup do
|
|
68
|
-
@resource.stubs(:current_status).returns(:undefined)
|
|
69
|
-
end
|
|
70
|
-
|
|
71
|
-
test 'create service' do
|
|
72
|
-
@resource.run
|
|
73
|
-
|
|
74
|
-
assert ::File.exists?(@resource.local_path )
|
|
75
|
-
end
|
|
76
|
-
end
|
|
77
|
-
|
|
78
55
|
sub_test_case 'predefined service' do
|
|
79
56
|
setup do
|
|
80
57
|
@resource.stubs(:current_status).returns(:defined)
|
|
@@ -86,6 +63,8 @@ module Itamae
|
|
|
86
63
|
<short>test-service</short>
|
|
87
64
|
<description>test-service description</description>
|
|
88
65
|
<port protocol="tcp" port="2222"/>
|
|
66
|
+
<port protocol="udp" />
|
|
67
|
+
<port protocol="tcp" port="80-82"/>
|
|
89
68
|
<module name="test-module"/>
|
|
90
69
|
<destination ipv4="224.0.0.251" ipv6="ff02::fb"/>
|
|
91
70
|
</service>
|
|
@@ -95,20 +74,30 @@ module Itamae
|
|
|
95
74
|
test 'update service' do
|
|
96
75
|
@resource.attributes.short = 'test-service!!'
|
|
97
76
|
@resource.attributes.description = 'test-service update description'
|
|
98
|
-
@resource.attributes.
|
|
99
|
-
@resource.attributes.port = '2222-2224'
|
|
77
|
+
@resource.attributes.ports = ['2222-2224/udp', '80/tcp', 'igmp']
|
|
100
78
|
@resource.attributes.module_name = 'new-test-module'
|
|
101
79
|
@resource.attributes.to_ipv4 = '172.17.0.1'
|
|
102
80
|
@resource.attributes.to_ipv6 = 'ffff::fc'
|
|
103
81
|
@resource.run
|
|
104
82
|
|
|
105
|
-
|
|
83
|
+
assert_equal 'test-service', @resource.current.short
|
|
84
|
+
assert_equal 'test-service description', @resource.current.description
|
|
85
|
+
assert_equal ['2222/tcp', '80-82/tcp', 'udp'], @resource.current.ports
|
|
86
|
+
assert_equal 'test-module', @resource.current.module_name
|
|
87
|
+
assert_equal '224.0.0.251', @resource.current.to_ipv4
|
|
88
|
+
assert_equal 'ff02::fb', @resource.current.to_ipv6
|
|
89
|
+
|
|
90
|
+
root = REXML::Document.new(File.read(@backend.sent_file))
|
|
106
91
|
service = root.elements['/service'].elements
|
|
107
92
|
|
|
108
93
|
assert_equal @resource.attributes.short, service['short'].text
|
|
109
94
|
assert_equal @resource.attributes.description, service['description'].text
|
|
110
|
-
assert_equal
|
|
111
|
-
assert_equal
|
|
95
|
+
assert_equal 'udp', service[1, 'port'].attributes['protocol']
|
|
96
|
+
assert_equal '2222-2224', service[1, 'port'].attributes['port']
|
|
97
|
+
assert_equal 'tcp', service[2, 'port'].attributes['protocol']
|
|
98
|
+
assert_equal '80', service[2, 'port'].attributes['port']
|
|
99
|
+
assert_equal 'igmp', service[3, 'port'].attributes['protocol']
|
|
100
|
+
assert_equal '', service[3, 'port'].attributes['port']
|
|
112
101
|
assert_equal @resource.attributes.module_name, service['module'].attributes['name']
|
|
113
102
|
assert_equal @resource.attributes.to_ipv4, service['destination'].attributes['ipv4']
|
|
114
103
|
assert_equal @resource.attributes.to_ipv6, service['destination'].attributes['ipv6']
|
metadata
CHANGED
|
@@ -1,14 +1,14 @@
|
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
|
2
2
|
name: itamae-plugin-resource-firewalld
|
|
3
3
|
version: !ruby/object:Gem::Version
|
|
4
|
-
version: 0.0.
|
|
4
|
+
version: 0.0.6
|
|
5
5
|
platform: ruby
|
|
6
6
|
authors:
|
|
7
7
|
- Wataru MIYAGUNI
|
|
8
8
|
autorequire:
|
|
9
9
|
bindir: bin
|
|
10
10
|
cert_chain: []
|
|
11
|
-
date: 2015-07-
|
|
11
|
+
date: 2015-07-25 00:00:00.000000000 Z
|
|
12
12
|
dependencies:
|
|
13
13
|
- !ruby/object:Gem::Dependency
|
|
14
14
|
name: bundler
|
|
@@ -86,14 +86,14 @@ dependencies:
|
|
|
86
86
|
requirements:
|
|
87
87
|
- - "~>"
|
|
88
88
|
- !ruby/object:Gem::Version
|
|
89
|
-
version: 1.2.
|
|
89
|
+
version: 1.2.14
|
|
90
90
|
type: :runtime
|
|
91
91
|
prerelease: false
|
|
92
92
|
version_requirements: !ruby/object:Gem::Requirement
|
|
93
93
|
requirements:
|
|
94
94
|
- - "~>"
|
|
95
95
|
- !ruby/object:Gem::Version
|
|
96
|
-
version: 1.2.
|
|
96
|
+
version: 1.2.14
|
|
97
97
|
description: Itamae resource plugin to manage firewalld.
|
|
98
98
|
email:
|
|
99
99
|
- gonngo@gmail.com
|