puffy 0.1.0 → 0.2.0

Sign up to get free protection for your applications and to get access to all the features.
checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
2
  SHA256:
3
- metadata.gz: b53bffbf2f30ba597482608cf4f3e005cf481bd69cbfa4fdaf7a9de14f1b90ca
4
- data.tar.gz: 5c4fee30b67e7c8cd777d219173473d2e2d4f0b437c9df02e7f0d16ca9341515
3
+ metadata.gz: 29faa3d9a8f47338dd25bd99d2256bc7bfa60a6790f3e39e8613a86c540bb30a
4
+ data.tar.gz: 345aa1d4ef63d8b7ebcb05f4892a690a81c385fb41ed3c5bc48406bd70ca2ba0
5
5
  SHA512:
6
- metadata.gz: 7a23559f7ff420013adaeafa437f13450a78b41bf1757e584c8bea54c7cade3fd51da7fc31497a2c70844c011d13d841edb0091eb801c03eee7737d9f0fe7a19
7
- data.tar.gz: a3c6db0679f173cd714665e9a884c5eff22df4847562cb188f8d04c18da31ec79d3b9e54f6084d2a9514eb0dfb831337c878b58e92391ed86a7fd125888e181c
6
+ metadata.gz: 5ccead5c447d76590049b2ac548c771bb34d548a2b51ce2b479586926c1a3c7940cce7cc5a24f7a9ac2c15d3c4398fe1fc1c0dad215bda2e3273f68c4dd14a9e
7
+ data.tar.gz: a18934dc97ae9d09ce7dda9b33efb9d35962db15858c234f8a85830967813d74c6049e5f74d917482085a72bb0ac5b86e122daf2d293abdc06b22df06a6f968b
@@ -0,0 +1 @@
1
+ * @opus-codium/core
@@ -11,14 +11,27 @@ on:
11
11
  - master
12
12
 
13
13
  jobs:
14
+ rubocop:
15
+ runs-on: ubuntu-latest
16
+ steps:
17
+ - uses: actions/checkout@v2
18
+ - name: Setup ruby
19
+ uses: ruby/setup-ruby@v1
20
+ with:
21
+ ruby-version: 3.0
22
+ bundler-cache: true
23
+ - name: Run static code analysis
24
+ run: bundle exec rubocop
14
25
  unit:
15
26
  runs-on: ubuntu-latest
27
+ needs: rubocop
16
28
  strategy:
17
29
  matrix:
18
30
  ruby:
19
31
  - "2.6"
20
32
  - "2.7"
21
33
  - "3.0"
34
+ - "3.1"
22
35
  name: Ruby ${{ matrix.ruby }}
23
36
  steps:
24
37
  - uses: actions/checkout@v2
@@ -26,11 +39,16 @@ jobs:
26
39
  uses: ruby/setup-ruby@v1
27
40
  with:
28
41
  ruby-version: ${{ matrix.ruby }}
29
- - name: Install dependencies
30
- run: |
31
- gem install bundler
32
- bundle install --jobs 4 --retry 3
42
+ bundler-cache: true
33
43
  - name: Generate the parser
34
44
  run: bundle exec rake gen_parser
35
- - name: Run tests
45
+ - name: Run tests without uploading code coverage
46
+ if: ${{ matrix.ruby != '3.0' }}
36
47
  run: bundle exec rake
48
+ - name: Run tests and upload coverage to Code Climate
49
+ if: ${{ matrix.ruby == '3.0' }}
50
+ uses: paambaati/codeclimate-action@v3.0.0
51
+ env:
52
+ CC_TEST_REPORTER_ID: ${{ secrets.CODECLIMATE_TOKEN }}
53
+ with:
54
+ coverageCommand: bundle exec rake
data/.rubocop.yml CHANGED
@@ -5,6 +5,7 @@ AllCops:
5
5
  Exclude:
6
6
  - lib/melt/*.tab.rb
7
7
  - tmp/**/*.rb
8
+ - vendor/bundle/**/*
8
9
 
9
10
  Layout/HashAlignment:
10
11
  EnforcedColonStyle: table
@@ -15,6 +16,7 @@ Layout/LineLength:
15
16
 
16
17
  Metrics/BlockLength:
17
18
  Exclude:
19
+ - puffy.gemspec
18
20
  - spec/**/*.rb
19
21
 
20
22
  Metrics/ClassLength:
data/CHANGELOG.md ADDED
@@ -0,0 +1,50 @@
1
+ # Changelog
2
+
3
+ ## [v0.2.0](https://github.com/opus-codium/puffy/tree/v0.2.0) (2022-12-17)
4
+
5
+ [Full Changelog](https://github.com/opus-codium/puffy/compare/v0.1.0...v0.2.0)
6
+
7
+ **Breaking changes:**
8
+
9
+ - Rename the netfilter formatter to iptables [\#19](https://github.com/opus-codium/puffy/pull/19) ([smortex](https://github.com/smortex))
10
+
11
+ **Implemented enhancements:**
12
+
13
+ - New `apt-mirror()` function to expand `mirror+http://` URI used by apt\(1\) [\#18](https://github.com/opus-codium/puffy/pull/18) ([smortex](https://github.com/smortex))
14
+ - New `srv()` function to query SRV records [\#17](https://github.com/opus-codium/puffy/pull/17) ([smortex](https://github.com/smortex))
15
+ - Improve services error reporting [\#16](https://github.com/opus-codium/puffy/pull/16) ([smortex](https://github.com/smortex))
16
+
17
+ **Fixed bugs:**
18
+
19
+ - Fix service constraining [\#26](https://github.com/opus-codium/puffy/pull/26) ([smortex](https://github.com/smortex))
20
+ - Fix parsing IPv6 addresses starting with `:` [\#24](https://github.com/opus-codium/puffy/pull/24) ([smortex](https://github.com/smortex))
21
+ - Fix missing require [\#22](https://github.com/opus-codium/puffy/pull/22) ([smortex](https://github.com/smortex))
22
+ - Fix node list support [\#21](https://github.com/opus-codium/puffy/pull/21) ([smortex](https://github.com/smortex))
23
+
24
+ **Merged pull requests:**
25
+
26
+ - Rename the project [\#11](https://github.com/opus-codium/puffy/pull/11) ([smortex](https://github.com/smortex))
27
+
28
+ ## [v0.1.0](https://github.com/opus-codium/puffy/tree/v0.1.0) (2021-10-11)
29
+
30
+ [Full Changelog](https://github.com/opus-codium/puffy/compare/aeea61ce647543fbc4c3567e8b5dd30bee5f0edf...v0.1.0)
31
+
32
+ **Implemented enhancements:**
33
+
34
+ - Implement a proper language for configuration [\#10](https://github.com/opus-codium/puffy/pull/10) ([smortex](https://github.com/smortex))
35
+ - Resolve example.com instead of localhost [\#2](https://github.com/opus-codium/puffy/pull/2) ([smortex](https://github.com/smortex))
36
+ - Fix CI [\#1](https://github.com/opus-codium/puffy/pull/1) ([smortex](https://github.com/smortex))
37
+
38
+ **Merged pull requests:**
39
+
40
+ - Rename "hosts" to "nodes" [\#9](https://github.com/opus-codium/puffy/pull/9) ([smortex](https://github.com/smortex))
41
+ - Drop support for EOL ruby versions [\#8](https://github.com/opus-codium/puffy/pull/8) ([smortex](https://github.com/smortex))
42
+ - Rely on the Cri DSL to manage parameters [\#7](https://github.com/opus-codium/puffy/pull/7) ([smortex](https://github.com/smortex))
43
+ - Switch from Thor to Cri for command parsing [\#6](https://github.com/opus-codium/puffy/pull/6) ([smortex](https://github.com/smortex))
44
+ - Reduce diff context to fix CI [\#5](https://github.com/opus-codium/puffy/pull/5) ([smortex](https://github.com/smortex))
45
+ - Switch CI from Travis to GitHub actions [\#4](https://github.com/opus-codium/puffy/pull/4) ([smortex](https://github.com/smortex))
46
+ - README.md: fix typo [\#3](https://github.com/opus-codium/puffy/pull/3) ([kenyon](https://github.com/kenyon))
47
+
48
+
49
+
50
+ \* *This Changelog was automatically generated by [github_changelog_generator](https://github.com/github-changelog-generator/github-changelog-generator)*
data/README.md CHANGED
@@ -1,13 +1,13 @@
1
1
  # Puffy
2
2
 
3
- [![Build Status](https://travis-ci.com/opus-codium/puffy.svg?branch=master)](https://travis-ci.com/opus-codium/puffy)
4
- [![Maintainability](https://api.codeclimate.com/v1/badges/1d46ac8511718fd284fd/maintainability)](https://codeclimate.com/github/opus-codium/puffy/maintainability)
5
- [![Test Coverage](https://api.codeclimate.com/v1/badges/1d46ac8511718fd284fd/test_coverage)](https://codeclimate.com/github/opus-codium/puffy/test_coverage)
3
+ [![Build Status](https://github.com/opus-codium/puffy/actions/workflows/ci.yml/badge.svg?branch=master)](https://github.com/opus-codium/puffy/actions/workflows/ci.yml)
4
+ [![Maintainability](https://api.codeclimate.com/v1/badges/e12923a13a5e17698b05/maintainability)](https://codeclimate.com/github/opus-codium/puffy/maintainability)
5
+ [![Test Coverage](https://api.codeclimate.com/v1/badges/e12923a13a5e17698b05/test_coverage)](https://codeclimate.com/github/opus-codium/puffy/test_coverage)
6
6
  [![Inline docs](http://inch-ci.org/github/opus-codium/puffy.svg?branch=master)](http://inch-ci.org/github/opus-codium/puffy)
7
7
 
8
8
  ## Features
9
9
 
10
- * Generate rules for [Netfilter](http://www.netfilter.org/) and [PF](http://www.openbsd.org/faq/pf/) (extensible);
10
+ * Generate rules for [iptables](http://www.netfilter.org/) and [PF](http://www.openbsd.org/faq/pf/) (extensible);
11
11
  * IPv6 and IPv4 support;
12
12
  * Define the configuration of multiple *nodes* in a single file;
13
13
  * Define *services* as group of rules to mix-in in *nodes* rules definitions;
@@ -25,27 +25,36 @@ Rules must appear in either a *node* or *service* definition, *services* being
25
25
  reusable blocks of related rules:
26
26
 
27
27
  ~~~
28
- service base do
29
- service ntp
30
- service ssh
28
+ service ntp do
29
+ pass proto udp to port ntp
31
30
  end
32
31
 
33
- service ntp do
34
- pass out proto udp from any to port ntp
32
+ service postgresql do
33
+ pass proto tcp to port postgresql
35
34
  end
36
35
 
37
36
  service ssh do
38
- pass in proto tcp form any to port ssh
37
+ pass proto tcp to port ssh
38
+ end
39
+
40
+ service www do
41
+ pass proto tcp to port {http https}
42
+ end
43
+
44
+ service base do
45
+ client ntp
46
+ server ssh
39
47
  end
40
48
 
41
49
  node 'db.example.com' do
42
50
  service base
43
- pass in proto tcp from 'www1.example.com' to port postgresql
51
+ server postgresql from 'www1.example.com'
44
52
  end
45
53
 
46
54
  node /www\d+.example.com/ do
47
55
  service base
48
- pass in proto tcp from any to port www
49
- pass out proto tcp from any to 'db.example.com' port postgresql
56
+ server www
57
+ client postgresql to 'db.example.com'
58
+ pass in proto tcp from any to port 8000
50
59
  end
51
60
  ~~~
data/Rakefile CHANGED
@@ -1,13 +1,23 @@
1
1
  # frozen_string_literal: true
2
2
 
3
+ require 'puffy/version'
4
+
3
5
  require 'bundler/gem_tasks'
4
6
  require 'rspec/core/rake_task'
5
7
  require 'cucumber'
6
8
  require 'cucumber/rake/task'
9
+ require 'github_changelog_generator/task'
7
10
 
8
11
  RSpec::Core::RakeTask.new(:spec)
9
12
  Cucumber::Rake::Task.new(:features)
10
13
 
14
+ GitHubChangelogGenerator::RakeTask.new :changelog do |config|
15
+ config.user = 'opus-codium'
16
+ config.project = 'puffy'
17
+ config.exclude_labels = ['skip-changelog']
18
+ config.future_release = "v#{Puffy::VERSION}"
19
+ end
20
+
11
21
  task test: %i[spec features]
12
22
 
13
23
  task default: :test
data/bin/puffy CHANGED
@@ -8,10 +8,7 @@ require 'puffy/cli'
8
8
  begin
9
9
  cli = Puffy::Cli.new
10
10
  cli.execute(ARGV)
11
- rescue Puffy::SyntaxError => e
12
- $stderr.puts e.message
13
- exit 1
14
- rescue Puffy::ParseError => e
15
- $stderr.puts e.message
11
+ rescue Puffy::SyntaxError, Puffy::ParseError => e
12
+ warn(e.message)
16
13
  exit 1
17
14
  end
data/lib/core_ext.rb CHANGED
@@ -28,19 +28,31 @@ module Expandable
28
28
 
29
29
  private
30
30
 
31
- def expand_array(key)
31
+ def expand_array(key) # rubocop:disable Metrics/MethodLength
32
32
  orig = @expand_res
33
33
  @expand_res = []
34
34
  fetch(key).each do |value|
35
- @expand_res += orig.map { |hash| hash.merge(key => value) }
35
+ if value.respond_to?(:expand)
36
+ value.expand.each do |v|
37
+ @expand_res += orig.map { |hash| hash.merge(key => v) }
38
+ end
39
+ else
40
+ @expand_res += orig.map { |hash| hash.merge(key => value) }
41
+ end
36
42
  end
37
43
  end
38
44
 
39
- def expand_hash(key)
45
+ def expand_hash(key) # rubocop:disable Metrics/MethodLength
40
46
  orig = @expand_res
41
47
  @expand_res = []
42
48
  fetch(key).expand.each do |value|
43
- @expand_res += orig.map { |hash| hash.merge(key => value) }
49
+ if value.respond_to?(:expand)
50
+ value.expand.each do |v|
51
+ @expand_res += orig.map { |hash| hash.merge(key => v) }
52
+ end
53
+ else
54
+ @expand_res += orig.map { |hash| hash.merge(key => value) }
55
+ end
44
56
  end
45
57
  end
46
58
  end
data/lib/puffy/cli.rb CHANGED
@@ -7,7 +7,7 @@ require 'fileutils'
7
7
  module Puffy
8
8
  # Command-line processing
9
9
  class Cli
10
- def initialize
10
+ def initialize # rubocop:disable Metrics/AbcSize, Metrics/MethodLength
11
11
  cli = self
12
12
 
13
13
  @main = Cri::Command.define do
@@ -2,7 +2,7 @@
2
2
 
3
3
  module Puffy
4
4
  module Formatters
5
- module Netfilter # :nodoc:
5
+ module Iptables # :nodoc:
6
6
  # Returns the target to jump to
7
7
  #
8
8
  # @return [String]
@@ -15,7 +15,7 @@ module Puffy
15
15
  end
16
16
  end
17
17
 
18
- # Netfilter implementation of a Puffy Ruleset formatter.
18
+ # Iptables implementation of a Puffy Ruleset formatter.
19
19
  class Ruleset < Puffy::Formatters::Base::Ruleset # :nodoc:
20
20
  def self.known_conntrack_helpers
21
21
  {
@@ -27,7 +27,7 @@ module Puffy
27
27
  }
28
28
  end
29
29
 
30
- # Returns a Netfilter String representation of the provided +rules+ Array of Puffy::Rule with the +policy+ policy.
30
+ # Returns a Iptables String representation of the provided +rules+ Array of Puffy::Rule with the +policy+ policy.
31
31
  def emit_ruleset(rules, policy = :block)
32
32
  parts = []
33
33
  parts << emit_header
@@ -74,7 +74,7 @@ module Puffy
74
74
  end
75
75
 
76
76
  def emit_chain_policies(policies)
77
- policies.map { |chain, action| ":#{chain.upcase} #{Puffy::Formatters::Netfilter.iptables_action(action)} [0:0]" }
77
+ policies.map { |chain, action| ":#{chain.upcase} #{Puffy::Formatters::Iptables.iptables_action(action)} [0:0]" }
78
78
  end
79
79
 
80
80
  def input_filter_ruleset(rules)
@@ -114,9 +114,9 @@ module Puffy
114
114
  end
115
115
  end
116
116
 
117
- # Netfilter implementation of a Puffy Rule formatter.
117
+ # Iptables implementation of a Puffy Rule formatter.
118
118
  class Rule < Puffy::Formatters::Base::Rule # :nodoc:
119
- # Returns a Netfilter String representation of the provided +rule+ Puffy::Rule.
119
+ # Returns a Iptables String representation of the provided +rule+ Puffy::Rule.
120
120
  def emit_rule(rule)
121
121
  if rule.nat?
122
122
  emit_postrouting_rule(rule)
@@ -251,7 +251,7 @@ module Puffy
251
251
  end
252
252
 
253
253
  def emit_jump(rule)
254
- "-j #{Puffy::Formatters::Netfilter.iptables_action(rule)}"
254
+ "-j #{Puffy::Formatters::Iptables.iptables_action(rule)}"
255
255
  end
256
256
 
257
257
  def pp_rule(parts)
@@ -0,0 +1,23 @@
1
+ # frozen_string_literal: true
2
+
3
+ module Puffy
4
+ module Formatters
5
+ module Iptables4 # :nodoc:
6
+ # IPv4 Iptables implementation of a Puffy Ruleset formatter.
7
+ class Ruleset < Puffy::Formatters::Iptables::Ruleset # :nodoc:
8
+ # Return an IPv4 Iptables String representation of the provided +rules+ Puffy::Rule with the +policy+ policy.
9
+ def emit_ruleset(rules, policy = :block)
10
+ super(rules.select(&:ipv4?), policy)
11
+ end
12
+
13
+ def filename_fragment
14
+ ['iptables', 'rules.v4']
15
+ end
16
+ end
17
+
18
+ # IPv4 Iptables implementation of a Puffy Rulet formatter.
19
+ class Rule < Puffy::Formatters::Iptables::Rule # :nodoc:
20
+ end
21
+ end
22
+ end
23
+ end
@@ -0,0 +1,23 @@
1
+ # frozen_string_literal: true
2
+
3
+ module Puffy
4
+ module Formatters
5
+ module Iptables6 # :nodoc:
6
+ # IPv6 Iptables implementation of a Puffy Ruleset formatter.
7
+ class Ruleset < Puffy::Formatters::Iptables::Ruleset # :nodoc:
8
+ # Return an IPv6 Iptables String representation of the provided +rules+ Puffy::Rule with the +policy+ policy.
9
+ def emit_ruleset(rules, policy = :block)
10
+ super(rules.select(&:ipv6?), policy)
11
+ end
12
+
13
+ def filename_fragment
14
+ ['iptables', 'rules.v6']
15
+ end
16
+ end
17
+
18
+ # IPv6 Iptables implementation of a Puffy Rule formatter.
19
+ class Rule < Puffy::Formatters::Iptables::Rule # :nodoc:
20
+ end
21
+ end
22
+ end
23
+ end