itamae-plugin-resource-firewalld 0.0.5 → 0.0.6
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/.travis.yml +10 -1
- data/README.md +1 -1
- data/examples/README.md +10 -24
- data/examples/recipe.rb +1 -2
- data/itamae-plugin-resource-firewalld.gemspec +1 -1
- data/lib/itamae/plugin/resource/firewalld/version.rb +1 -1
- data/lib/itamae/plugin/resource/firewalld_service.rb +34 -12
- data/test/helper.rb +14 -0
- data/test/itamae/plugin/resource/test_firewalld_service.rb +23 -34
- metadata +4 -4
checksums.yaml
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
---
|
|
2
2
|
SHA1:
|
|
3
|
-
metadata.gz:
|
|
4
|
-
data.tar.gz:
|
|
3
|
+
metadata.gz: 4807810bd464e363989c8de9382f9789a54b929a
|
|
4
|
+
data.tar.gz: 9fd487b59fa8e659f59d15e1e5dd0d01b9e149f5
|
|
5
5
|
SHA512:
|
|
6
|
-
metadata.gz:
|
|
7
|
-
data.tar.gz:
|
|
6
|
+
metadata.gz: bb05092f5c6aab47f91bfe5a1b0664d9d2014c63c4a1fbb353d517d9f506dbd30b56f910dd81f60f7b9a8cca7129a8f74e2ec99a727bedc2566a1390f2b86135
|
|
7
|
+
data.tar.gz: 6035f2c23cdea29bb99359b92fb37a082ec67f3da48a883927694c991054e8eb6c2bde24ad4f6ffd8d0d78703e1fe3e2611765e2bee98787be84662e3eb4c5d1
|
data/.travis.yml
CHANGED
data/README.md
CHANGED
data/examples/README.md
CHANGED
|
@@ -17,30 +17,16 @@ $ cd ./examples/
|
|
|
17
17
|
$ vagrant up
|
|
18
18
|
$ bundle exec itamae ssh -h default --vagrant recipe.rb
|
|
19
19
|
INFO : Starting Itamae...
|
|
20
|
-
INFO : Recipe: /
|
|
21
|
-
INFO :
|
|
22
|
-
INFO :
|
|
23
|
-
INFO :
|
|
24
|
-
INFO :
|
|
25
|
-
INFO :
|
|
26
|
-
INFO :
|
|
27
|
-
INFO :
|
|
28
|
-
INFO :
|
|
29
|
-
INFO :
|
|
30
|
-
INFO : action: restart
|
|
31
|
-
INFO : firewalld_zone[home]
|
|
32
|
-
INFO : action: update
|
|
33
|
-
INFO : services will change from '["dhcpv6-client", "ipp-client", "mdns", "samba-client", "ssh"]' to '["samba", "ssh", "vnc-server"]'
|
|
34
|
-
INFO : ports will change from '[]' to '["1900/udp", "32469/tcp", "5353/udp"]'
|
|
35
|
-
INFO : Notifying restart to service resource 'firewalld' (delayed)
|
|
36
|
-
INFO : firewalld_zone[public]
|
|
37
|
-
INFO : action: update
|
|
38
|
-
INFO : services will change from '["dhcpv6-client", "ssh"]' to '["https", "my-ssh", "mysql", "ssh"]'
|
|
39
|
-
INFO : Notifying restart to service resource 'firewalld' (delayed)
|
|
40
|
-
INFO : service[firewalld-add-service]
|
|
41
|
-
INFO : action: restart
|
|
42
|
-
INFO : service[firewalld]
|
|
43
|
-
INFO : action: restart
|
|
20
|
+
INFO : Recipe: /Users/gongo/.ghq/github.com/gongo/itamae-plugin-resource-firewalld/examples/recipe.rb
|
|
21
|
+
INFO : service[firewalld] running will change from 'false' to 'true'
|
|
22
|
+
INFO : service[firewalld] enabled will change from 'false' to 'true'
|
|
23
|
+
INFO : firewalld_service[my-ssh] ports will change from '[]' to '["2222/tcp"]'
|
|
24
|
+
INFO : Notifying restart to service resource 'firewalld-add-service' (delayed)
|
|
25
|
+
INFO : firewalld_zone[home] services will change from '["dhcpv6-client", "ipp-client", "mdns", "samba-client", "ssh"]' to '["samba", "ssh", "vnc-server"]'
|
|
26
|
+
INFO : firewalld_zone[home] ports will change from '[]' to '["1900/udp", "32469/tcp", "5353/udp"]'
|
|
27
|
+
INFO : Notifying restart to service resource 'firewalld' (delayed)
|
|
28
|
+
INFO : firewalld_zone[public] services will change from '["dhcpv6-client", "ssh"]' to '["https", "my-ssh", "mysql", "ssh"]'
|
|
29
|
+
INFO : Notifying restart to service resource 'firewalld' (delayed)
|
|
44
30
|
```
|
|
45
31
|
|
|
46
32
|
### Confirmation
|
data/examples/recipe.rb
CHANGED
|
@@ -23,5 +23,5 @@ Gem::Specification.new do |spec|
|
|
|
23
23
|
spec.add_development_dependency 'test-unit', '~> 3.0.1'
|
|
24
24
|
spec.add_development_dependency 'mocha'
|
|
25
25
|
spec.add_development_dependency 'coveralls'
|
|
26
|
-
spec.add_dependency 'itamae', '~> 1.2.
|
|
26
|
+
spec.add_dependency 'itamae', '~> 1.2.14'
|
|
27
27
|
end
|
|
@@ -11,8 +11,7 @@ module Itamae
|
|
|
11
11
|
|
|
12
12
|
define_attribute :short, type: String, default: ''
|
|
13
13
|
define_attribute :description, type: String, default: ''
|
|
14
|
-
define_attribute :
|
|
15
|
-
define_attribute :port, type: String, default: ''
|
|
14
|
+
define_attribute :ports, type: Array, default: []
|
|
16
15
|
define_attribute :module_name, type: String, default: ''
|
|
17
16
|
define_attribute :to_ipv4, type: String, default: ''
|
|
18
17
|
define_attribute :to_ipv6, type: String, default: ''
|
|
@@ -35,9 +34,12 @@ module Itamae
|
|
|
35
34
|
current.description = service['description'].text
|
|
36
35
|
end
|
|
37
36
|
|
|
38
|
-
|
|
39
|
-
|
|
40
|
-
|
|
37
|
+
current.ports = service.collect('port') do |port|
|
|
38
|
+
if port.attributes['port'].nil? || port.attributes['port'].empty?
|
|
39
|
+
port.attributes['protocol']
|
|
40
|
+
else
|
|
41
|
+
"#{port.attributes['port']}/#{port.attributes['protocol']}"
|
|
42
|
+
end
|
|
41
43
|
end
|
|
42
44
|
|
|
43
45
|
if service['module']
|
|
@@ -50,6 +52,12 @@ module Itamae
|
|
|
50
52
|
end
|
|
51
53
|
end
|
|
52
54
|
|
|
55
|
+
def show_differences
|
|
56
|
+
current.ports = normalize_ports(current.ports)
|
|
57
|
+
attributes.ports = normalize_ports(attributes.ports)
|
|
58
|
+
super
|
|
59
|
+
end
|
|
60
|
+
|
|
53
61
|
def action_create(options)
|
|
54
62
|
run_specinfra(:move_file, build_xmlfile_on_remote, service_xmlfile_path)
|
|
55
63
|
attributes.status = :defined
|
|
@@ -64,6 +72,16 @@ module Itamae
|
|
|
64
72
|
|
|
65
73
|
private
|
|
66
74
|
|
|
75
|
+
def normalize_ports(ports)
|
|
76
|
+
return [] if ports.nil?
|
|
77
|
+
ports.map(&:to_s).sort
|
|
78
|
+
end
|
|
79
|
+
|
|
80
|
+
# '80/tcp' => ['tcp', 80]; 'igmp' => ['igmp']
|
|
81
|
+
def parse_port(port)
|
|
82
|
+
port.to_s.split('/', 2).reverse
|
|
83
|
+
end
|
|
84
|
+
|
|
67
85
|
def build_xmlfile_on_remote
|
|
68
86
|
local_path = build_xmlfile_on_local
|
|
69
87
|
remote_path = ::File.join(runner.tmpdir, Time.now.to_f.to_s)
|
|
@@ -79,7 +97,7 @@ module Itamae
|
|
|
79
97
|
|
|
80
98
|
add_short_tag
|
|
81
99
|
add_description_tag
|
|
82
|
-
|
|
100
|
+
add_port_tags
|
|
83
101
|
add_module_tag
|
|
84
102
|
add_destination_tag
|
|
85
103
|
|
|
@@ -103,12 +121,16 @@ module Itamae
|
|
|
103
121
|
description.text = attributes.description unless attributes.description.empty?
|
|
104
122
|
end
|
|
105
123
|
|
|
106
|
-
def
|
|
107
|
-
return
|
|
124
|
+
def add_port_tags
|
|
125
|
+
return unless attributes.ports
|
|
108
126
|
|
|
109
|
-
|
|
110
|
-
|
|
111
|
-
|
|
127
|
+
normalize_ports(attributes.ports).each do |port|
|
|
128
|
+
protocol, portnum = parse_port(port)
|
|
129
|
+
|
|
130
|
+
node = @service_document.add_element('port')
|
|
131
|
+
node.add_attribute('protocol', protocol)
|
|
132
|
+
node.add_attribute('port', portnum || '')
|
|
133
|
+
end
|
|
112
134
|
end
|
|
113
135
|
|
|
114
136
|
def add_module_tag
|
|
@@ -131,7 +153,7 @@ module Itamae
|
|
|
131
153
|
end
|
|
132
154
|
|
|
133
155
|
def current_status
|
|
134
|
-
command = ['firewall-cmd', '--permanent', '--
|
|
156
|
+
command = ['firewall-cmd', '--permanent', '--get-services']
|
|
135
157
|
services = run_command(command).stdout.strip.split
|
|
136
158
|
services.include?(attributes.name) ? :defined : :undefined
|
|
137
159
|
end
|
data/test/helper.rb
CHANGED
|
@@ -6,3 +6,17 @@ require 'mocha/test_unit'
|
|
|
6
6
|
require 'itamae'
|
|
7
7
|
|
|
8
8
|
Itamae::Logger.log_device = StringIO.new
|
|
9
|
+
|
|
10
|
+
class BackendMock < ::Itamae::Backend::Local
|
|
11
|
+
class UnexpectedCallError < StandardError ; end
|
|
12
|
+
|
|
13
|
+
attr_reader :sent_file
|
|
14
|
+
|
|
15
|
+
def run_command(*args)
|
|
16
|
+
raise UnexpectedCallError.new('Should have been stubbing')
|
|
17
|
+
end
|
|
18
|
+
|
|
19
|
+
def send_file(src, dst)
|
|
20
|
+
@sent_file = src
|
|
21
|
+
end
|
|
22
|
+
end
|
|
@@ -4,20 +4,12 @@ require 'itamae/plugin/resource/firewalld_service'
|
|
|
4
4
|
module Itamae
|
|
5
5
|
module Plugin
|
|
6
6
|
module Resource
|
|
7
|
-
# Stub
|
|
8
|
-
class FirewalldService
|
|
9
|
-
def send_file(from, to)
|
|
10
|
-
@local_path = from
|
|
11
|
-
end
|
|
12
|
-
|
|
13
|
-
def local_path
|
|
14
|
-
@local_path
|
|
15
|
-
end
|
|
16
|
-
end
|
|
17
|
-
|
|
18
7
|
class TestFirewalldService < Test::Unit::TestCase
|
|
19
8
|
setup do
|
|
20
|
-
@
|
|
9
|
+
@backend = BackendMock.new({})
|
|
10
|
+
runner = stub(tmpdir: ::Dir.tmpdir, backend: @backend)
|
|
11
|
+
recipe = stub(runner: runner)
|
|
12
|
+
@resource = FirewalldService.new(recipe, 'test-service')
|
|
21
13
|
end
|
|
22
14
|
|
|
23
15
|
sub_test_case '#action_delete' do
|
|
@@ -28,7 +20,7 @@ module Itamae
|
|
|
28
20
|
sub_test_case 'predefined service' do
|
|
29
21
|
setup do
|
|
30
22
|
@resource.expects(:run_command)
|
|
31
|
-
.with(['firewall-cmd', '--permanent', '--
|
|
23
|
+
.with(['firewall-cmd', '--permanent', '--get-services'])
|
|
32
24
|
.returns(stub(stdout: 'service1 service2 test-service'))
|
|
33
25
|
end
|
|
34
26
|
|
|
@@ -42,7 +34,7 @@ module Itamae
|
|
|
42
34
|
sub_test_case 'undefined service' do
|
|
43
35
|
setup do
|
|
44
36
|
@resource.expects(:run_command)
|
|
45
|
-
.with(['firewall-cmd', '--permanent', '--
|
|
37
|
+
.with(['firewall-cmd', '--permanent', '--get-services'])
|
|
46
38
|
.returns(stub(stdout: 'service1 service2'))
|
|
47
39
|
end
|
|
48
40
|
|
|
@@ -56,25 +48,10 @@ module Itamae
|
|
|
56
48
|
sub_test_case '#action_create' do
|
|
57
49
|
setup do
|
|
58
50
|
@resource.attributes.action = :create
|
|
59
|
-
@resource.stubs(:runner).returns(stub(tmpdir: ::Dir.tmpdir))
|
|
60
|
-
@resource.stubs(:move_file)
|
|
61
51
|
@resource.stubs(:run_specinfra).with(:move_file, is_a(String), is_a(String))
|
|
62
|
-
|
|
63
52
|
@resource.expects(:notify)
|
|
64
53
|
end
|
|
65
54
|
|
|
66
|
-
sub_test_case 'undefined service' do
|
|
67
|
-
setup do
|
|
68
|
-
@resource.stubs(:current_status).returns(:undefined)
|
|
69
|
-
end
|
|
70
|
-
|
|
71
|
-
test 'create service' do
|
|
72
|
-
@resource.run
|
|
73
|
-
|
|
74
|
-
assert ::File.exists?(@resource.local_path )
|
|
75
|
-
end
|
|
76
|
-
end
|
|
77
|
-
|
|
78
55
|
sub_test_case 'predefined service' do
|
|
79
56
|
setup do
|
|
80
57
|
@resource.stubs(:current_status).returns(:defined)
|
|
@@ -86,6 +63,8 @@ module Itamae
|
|
|
86
63
|
<short>test-service</short>
|
|
87
64
|
<description>test-service description</description>
|
|
88
65
|
<port protocol="tcp" port="2222"/>
|
|
66
|
+
<port protocol="udp" />
|
|
67
|
+
<port protocol="tcp" port="80-82"/>
|
|
89
68
|
<module name="test-module"/>
|
|
90
69
|
<destination ipv4="224.0.0.251" ipv6="ff02::fb"/>
|
|
91
70
|
</service>
|
|
@@ -95,20 +74,30 @@ module Itamae
|
|
|
95
74
|
test 'update service' do
|
|
96
75
|
@resource.attributes.short = 'test-service!!'
|
|
97
76
|
@resource.attributes.description = 'test-service update description'
|
|
98
|
-
@resource.attributes.
|
|
99
|
-
@resource.attributes.port = '2222-2224'
|
|
77
|
+
@resource.attributes.ports = ['2222-2224/udp', '80/tcp', 'igmp']
|
|
100
78
|
@resource.attributes.module_name = 'new-test-module'
|
|
101
79
|
@resource.attributes.to_ipv4 = '172.17.0.1'
|
|
102
80
|
@resource.attributes.to_ipv6 = 'ffff::fc'
|
|
103
81
|
@resource.run
|
|
104
82
|
|
|
105
|
-
|
|
83
|
+
assert_equal 'test-service', @resource.current.short
|
|
84
|
+
assert_equal 'test-service description', @resource.current.description
|
|
85
|
+
assert_equal ['2222/tcp', '80-82/tcp', 'udp'], @resource.current.ports
|
|
86
|
+
assert_equal 'test-module', @resource.current.module_name
|
|
87
|
+
assert_equal '224.0.0.251', @resource.current.to_ipv4
|
|
88
|
+
assert_equal 'ff02::fb', @resource.current.to_ipv6
|
|
89
|
+
|
|
90
|
+
root = REXML::Document.new(File.read(@backend.sent_file))
|
|
106
91
|
service = root.elements['/service'].elements
|
|
107
92
|
|
|
108
93
|
assert_equal @resource.attributes.short, service['short'].text
|
|
109
94
|
assert_equal @resource.attributes.description, service['description'].text
|
|
110
|
-
assert_equal
|
|
111
|
-
assert_equal
|
|
95
|
+
assert_equal 'udp', service[1, 'port'].attributes['protocol']
|
|
96
|
+
assert_equal '2222-2224', service[1, 'port'].attributes['port']
|
|
97
|
+
assert_equal 'tcp', service[2, 'port'].attributes['protocol']
|
|
98
|
+
assert_equal '80', service[2, 'port'].attributes['port']
|
|
99
|
+
assert_equal 'igmp', service[3, 'port'].attributes['protocol']
|
|
100
|
+
assert_equal '', service[3, 'port'].attributes['port']
|
|
112
101
|
assert_equal @resource.attributes.module_name, service['module'].attributes['name']
|
|
113
102
|
assert_equal @resource.attributes.to_ipv4, service['destination'].attributes['ipv4']
|
|
114
103
|
assert_equal @resource.attributes.to_ipv6, service['destination'].attributes['ipv6']
|
metadata
CHANGED
|
@@ -1,14 +1,14 @@
|
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
|
2
2
|
name: itamae-plugin-resource-firewalld
|
|
3
3
|
version: !ruby/object:Gem::Version
|
|
4
|
-
version: 0.0.
|
|
4
|
+
version: 0.0.6
|
|
5
5
|
platform: ruby
|
|
6
6
|
authors:
|
|
7
7
|
- Wataru MIYAGUNI
|
|
8
8
|
autorequire:
|
|
9
9
|
bindir: bin
|
|
10
10
|
cert_chain: []
|
|
11
|
-
date: 2015-07-
|
|
11
|
+
date: 2015-07-25 00:00:00.000000000 Z
|
|
12
12
|
dependencies:
|
|
13
13
|
- !ruby/object:Gem::Dependency
|
|
14
14
|
name: bundler
|
|
@@ -86,14 +86,14 @@ dependencies:
|
|
|
86
86
|
requirements:
|
|
87
87
|
- - "~>"
|
|
88
88
|
- !ruby/object:Gem::Version
|
|
89
|
-
version: 1.2.
|
|
89
|
+
version: 1.2.14
|
|
90
90
|
type: :runtime
|
|
91
91
|
prerelease: false
|
|
92
92
|
version_requirements: !ruby/object:Gem::Requirement
|
|
93
93
|
requirements:
|
|
94
94
|
- - "~>"
|
|
95
95
|
- !ruby/object:Gem::Version
|
|
96
|
-
version: 1.2.
|
|
96
|
+
version: 1.2.14
|
|
97
97
|
description: Itamae resource plugin to manage firewalld.
|
|
98
98
|
email:
|
|
99
99
|
- gonngo@gmail.com
|