puffy 0.1.0 → 0.2.0

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: b53bffbf2f30ba597482608cf4f3e005cf481bd69cbfa4fdaf7a9de14f1b90ca
-  data.tar.gz: 5c4fee30b67e7c8cd777d219173473d2e2d4f0b437c9df02e7f0d16ca9341515
+  metadata.gz: 29faa3d9a8f47338dd25bd99d2256bc7bfa60a6790f3e39e8613a86c540bb30a
+  data.tar.gz: 345aa1d4ef63d8b7ebcb05f4892a690a81c385fb41ed3c5bc48406bd70ca2ba0
 SHA512:
-  metadata.gz: 7a23559f7ff420013adaeafa437f13450a78b41bf1757e584c8bea54c7cade3fd51da7fc31497a2c70844c011d13d841edb0091eb801c03eee7737d9f0fe7a19
-  data.tar.gz: a3c6db0679f173cd714665e9a884c5eff22df4847562cb188f8d04c18da31ec79d3b9e54f6084d2a9514eb0dfb831337c878b58e92391ed86a7fd125888e181c
+  metadata.gz: 5ccead5c447d76590049b2ac548c771bb34d548a2b51ce2b479586926c1a3c7940cce7cc5a24f7a9ac2c15d3c4398fe1fc1c0dad215bda2e3273f68c4dd14a9e
+  data.tar.gz: a18934dc97ae9d09ce7dda9b33efb9d35962db15858c234f8a85830967813d74c6049e5f74d917482085a72bb0ac5b86e122daf2d293abdc06b22df06a6f968b

data/.github/CODEOWNERS

@@ -0,0 +1 @@
+* @opus-codium/core

data/.github/workflows/ci.yml

@@ -11,14 +11,27 @@ on:
       - master
 
 jobs:
+  rubocop:
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@v2
+      - name: Setup ruby
+        uses: ruby/setup-ruby@v1
+        with:
+          ruby-version: 3.0
+          bundler-cache: true
+      - name: Run static code analysis
+        run: bundle exec rubocop
   unit:
     runs-on: ubuntu-latest
+    needs: rubocop
     strategy:
       matrix:
         ruby:
           - "2.6"
           - "2.7"
           - "3.0"
+          - "3.1"
     name: Ruby ${{ matrix.ruby }}
     steps:
       - uses: actions/checkout@v2
@@ -26,11 +39,16 @@ jobs:
         uses: ruby/setup-ruby@v1
         with:
           ruby-version: ${{ matrix.ruby }}
-      - name: Install dependencies
-        run: |
-          gem install bundler
-          bundle install --jobs 4 --retry 3
+          bundler-cache: true
       - name: Generate the parser
         run: bundle exec rake gen_parser
-      - name: Run tests
+      - name: Run tests without uploading code coverage
+        if: ${{ matrix.ruby != '3.0' }}
         run: bundle exec rake
+      - name: Run tests and upload coverage to Code Climate
+        if: ${{ matrix.ruby == '3.0' }}
+        uses: paambaati/codeclimate-action@v3.0.0
+        env:
+          CC_TEST_REPORTER_ID: ${{ secrets.CODECLIMATE_TOKEN }}
+        with:
+          coverageCommand: bundle exec rake

data/.rubocop.yml

@@ -5,6 +5,7 @@ AllCops:
   Exclude:
     - lib/melt/*.tab.rb
     - tmp/**/*.rb
+    - vendor/bundle/**/*
 
 Layout/HashAlignment:
   EnforcedColonStyle: table
@@ -15,6 +16,7 @@ Layout/LineLength:
 
 Metrics/BlockLength:
   Exclude:
+    - puffy.gemspec
     - spec/**/*.rb
 
 Metrics/ClassLength:

data/CHANGELOG.md

@@ -0,0 +1,50 @@
+# Changelog
+
+## [v0.2.0](https://github.com/opus-codium/puffy/tree/v0.2.0) (2022-12-17)
+
+[Full Changelog](https://github.com/opus-codium/puffy/compare/v0.1.0...v0.2.0)
+
+**Breaking changes:**
+
+- Rename the netfilter formatter to iptables [\#19](https://github.com/opus-codium/puffy/pull/19) ([smortex](https://github.com/smortex))
+
+**Implemented enhancements:**
+
+- New `apt-mirror()` function to expand `mirror+http://` URI used by apt\(1\) [\#18](https://github.com/opus-codium/puffy/pull/18) ([smortex](https://github.com/smortex))
+- New `srv()` function to query SRV records [\#17](https://github.com/opus-codium/puffy/pull/17) ([smortex](https://github.com/smortex))
+- Improve services error reporting [\#16](https://github.com/opus-codium/puffy/pull/16) ([smortex](https://github.com/smortex))
+
+**Fixed bugs:**
+
+- Fix service constraining [\#26](https://github.com/opus-codium/puffy/pull/26) ([smortex](https://github.com/smortex))
+- Fix parsing IPv6 addresses starting with `:` [\#24](https://github.com/opus-codium/puffy/pull/24) ([smortex](https://github.com/smortex))
+- Fix missing require [\#22](https://github.com/opus-codium/puffy/pull/22) ([smortex](https://github.com/smortex))
+- Fix node list support [\#21](https://github.com/opus-codium/puffy/pull/21) ([smortex](https://github.com/smortex))
+
+**Merged pull requests:**
+
+- Rename the project [\#11](https://github.com/opus-codium/puffy/pull/11) ([smortex](https://github.com/smortex))
+
+## [v0.1.0](https://github.com/opus-codium/puffy/tree/v0.1.0) (2021-10-11)
+
+[Full Changelog](https://github.com/opus-codium/puffy/compare/aeea61ce647543fbc4c3567e8b5dd30bee5f0edf...v0.1.0)
+
+**Implemented enhancements:**
+
+- Implement a proper language for configuration [\#10](https://github.com/opus-codium/puffy/pull/10) ([smortex](https://github.com/smortex))
+- Resolve example.com instead of localhost [\#2](https://github.com/opus-codium/puffy/pull/2) ([smortex](https://github.com/smortex))
+- Fix CI [\#1](https://github.com/opus-codium/puffy/pull/1) ([smortex](https://github.com/smortex))
+
+**Merged pull requests:**
+
+- Rename "hosts" to "nodes" [\#9](https://github.com/opus-codium/puffy/pull/9) ([smortex](https://github.com/smortex))
+- Drop support for EOL ruby versions [\#8](https://github.com/opus-codium/puffy/pull/8) ([smortex](https://github.com/smortex))
+- Rely on the Cri DSL to manage parameters [\#7](https://github.com/opus-codium/puffy/pull/7) ([smortex](https://github.com/smortex))
+- Switch from Thor to Cri for command parsing [\#6](https://github.com/opus-codium/puffy/pull/6) ([smortex](https://github.com/smortex))
+- Reduce diff context to fix CI [\#5](https://github.com/opus-codium/puffy/pull/5) ([smortex](https://github.com/smortex))
+- Switch CI from Travis to GitHub actions [\#4](https://github.com/opus-codium/puffy/pull/4) ([smortex](https://github.com/smortex))
+- README.md: fix typo [\#3](https://github.com/opus-codium/puffy/pull/3) ([kenyon](https://github.com/kenyon))
+
+
+
+\* *This Changelog was automatically generated by [github_changelog_generator](https://github.com/github-changelog-generator/github-changelog-generator)*

data/README.md

@@ -1,13 +1,13 @@
 # Puffy
 
-[![Build Status](https://travis-ci.com/opus-codium/puffy.svg?branch=master)](https://travis-ci.com/opus-codium/puffy)
-[![Maintainability](https://api.codeclimate.com/v1/badges/1d46ac8511718fd284fd/maintainability)](https://codeclimate.com/github/opus-codium/puffy/maintainability)
-[![Test Coverage](https://api.codeclimate.com/v1/badges/1d46ac8511718fd284fd/test_coverage)](https://codeclimate.com/github/opus-codium/puffy/test_coverage)
+[![Build Status](https://github.com/opus-codium/puffy/actions/workflows/ci.yml/badge.svg?branch=master)](https://github.com/opus-codium/puffy/actions/workflows/ci.yml)
+[![Maintainability](https://api.codeclimate.com/v1/badges/e12923a13a5e17698b05/maintainability)](https://codeclimate.com/github/opus-codium/puffy/maintainability)
+[![Test Coverage](https://api.codeclimate.com/v1/badges/e12923a13a5e17698b05/test_coverage)](https://codeclimate.com/github/opus-codium/puffy/test_coverage)
 [![Inline docs](http://inch-ci.org/github/opus-codium/puffy.svg?branch=master)](http://inch-ci.org/github/opus-codium/puffy)
 
 ## Features
 
-* Generate rules for [Netfilter](http://www.netfilter.org/) and [PF](http://www.openbsd.org/faq/pf/) (extensible);
+* Generate rules for [iptables](http://www.netfilter.org/) and [PF](http://www.openbsd.org/faq/pf/) (extensible);
 * IPv6 and IPv4 support;
 * Define the configuration of multiple *nodes* in a single file;
 * Define *services* as group of rules to mix-in in *nodes* rules definitions;
@@ -25,27 +25,36 @@ Rules must appear in either a *node* or *service* definition, *services* being
 reusable blocks of related rules:
 
 ~~~
-service base do
-  service ntp
-  service ssh
+service ntp do
+  pass proto udp to port ntp
 end
 
-service ntp do
-  pass out proto udp from any to port ntp
+service postgresql do
+  pass proto tcp to port postgresql
 end
 
 service ssh do
-  pass in proto tcp form any to port ssh
+  pass proto tcp to port ssh
+end
+
+service www do
+  pass proto tcp to port {http https}
+end
+
+service base do
+  client ntp
+  server ssh
 end
 
 node 'db.example.com' do
   service base
-  pass in proto tcp from 'www1.example.com' to port postgresql
+  server postgresql from 'www1.example.com'
 end
 
 node /www\d+.example.com/ do
   service base
-  pass in proto tcp from any to port www
-  pass out proto tcp from any to 'db.example.com' port postgresql
+  server www
+  client postgresql to 'db.example.com'
+  pass in proto tcp from any to port 8000
 end
 ~~~

data/Rakefile

@@ -1,13 +1,23 @@
 # frozen_string_literal: true
 
+require 'puffy/version'
+
 require 'bundler/gem_tasks'
 require 'rspec/core/rake_task'
 require 'cucumber'
 require 'cucumber/rake/task'
+require 'github_changelog_generator/task'
 
 RSpec::Core::RakeTask.new(:spec)
 Cucumber::Rake::Task.new(:features)
 
+GitHubChangelogGenerator::RakeTask.new :changelog do |config|
+  config.user = 'opus-codium'
+  config.project = 'puffy'
+  config.exclude_labels = ['skip-changelog']
+  config.future_release = "v#{Puffy::VERSION}"
+end
+
 task test: %i[spec features]
 
 task default: :test

data/bin/puffy

@@ -8,10 +8,7 @@ require 'puffy/cli'
 begin
   cli = Puffy::Cli.new
   cli.execute(ARGV)
-rescue Puffy::SyntaxError => e
-  $stderr.puts e.message
-  exit 1
-rescue Puffy::ParseError => e
-  $stderr.puts e.message
+rescue Puffy::SyntaxError, Puffy::ParseError => e
+  warn(e.message)
   exit 1
 end

data/lib/core_ext.rb

@@ -28,19 +28,31 @@ module Expandable
 
   private
 
-  def expand_array(key)
+  def expand_array(key) # rubocop:disable Metrics/MethodLength
     orig = @expand_res
     @expand_res = []
     fetch(key).each do |value|
-      @expand_res += orig.map { |hash| hash.merge(key => value) }
+      if value.respond_to?(:expand)
+        value.expand.each do |v|
+          @expand_res += orig.map { |hash| hash.merge(key => v) }
+        end
+      else
+        @expand_res += orig.map { |hash| hash.merge(key => value) }
+      end
     end
   end
 
-  def expand_hash(key)
+  def expand_hash(key) # rubocop:disable Metrics/MethodLength
     orig = @expand_res
     @expand_res = []
     fetch(key).expand.each do |value|
-      @expand_res += orig.map { |hash| hash.merge(key => value) }
+      if value.respond_to?(:expand)
+        value.expand.each do |v|
+          @expand_res += orig.map { |hash| hash.merge(key => v) }
+        end
+      else
+        @expand_res += orig.map { |hash| hash.merge(key => value) }
+      end
     end
   end
 end

data/lib/puffy/cli.rb

@@ -7,7 +7,7 @@ require 'fileutils'
 module Puffy
   # Command-line processing
   class Cli
-    def initialize
+    def initialize # rubocop:disable Metrics/AbcSize, Metrics/MethodLength
       cli = self
 
       @main = Cri::Command.define do

data/lib/puffy/formatters/{netfilter.rb → iptables.rb}

@@ -2,7 +2,7 @@
 
 module Puffy
   module Formatters
-    module Netfilter # :nodoc:
+    module Iptables # :nodoc:
       # Returns the target to jump to
       #
       # @return [String]
@@ -15,7 +15,7 @@ module Puffy
         end
       end
 
-      # Netfilter implementation of a Puffy Ruleset formatter.
+      # Iptables implementation of a Puffy Ruleset formatter.
       class Ruleset < Puffy::Formatters::Base::Ruleset # :nodoc:
         def self.known_conntrack_helpers
           {
@@ -27,7 +27,7 @@ module Puffy
           }
         end
 
-        # Returns a Netfilter String representation of the provided +rules+ Array of Puffy::Rule with the +policy+ policy.
+        # Returns a Iptables String representation of the provided +rules+ Array of Puffy::Rule with the +policy+ policy.
         def emit_ruleset(rules, policy = :block)
           parts = []
           parts << emit_header
@@ -74,7 +74,7 @@ module Puffy
         end
 
         def emit_chain_policies(policies)
-          policies.map { |chain, action| ":#{chain.upcase} #{Puffy::Formatters::Netfilter.iptables_action(action)} [0:0]" }
+          policies.map { |chain, action| ":#{chain.upcase} #{Puffy::Formatters::Iptables.iptables_action(action)} [0:0]" }
         end
 
         def input_filter_ruleset(rules)
@@ -114,9 +114,9 @@ module Puffy
         end
       end
 
-      # Netfilter implementation of a Puffy Rule formatter.
+      # Iptables implementation of a Puffy Rule formatter.
       class Rule < Puffy::Formatters::Base::Rule # :nodoc:
-        # Returns a Netfilter String representation of the provided +rule+ Puffy::Rule.
+        # Returns a Iptables String representation of the provided +rule+ Puffy::Rule.
         def emit_rule(rule)
           if rule.nat?
             emit_postrouting_rule(rule)
@@ -251,7 +251,7 @@ module Puffy
         end
 
         def emit_jump(rule)
-          "-j #{Puffy::Formatters::Netfilter.iptables_action(rule)}"
+          "-j #{Puffy::Formatters::Iptables.iptables_action(rule)}"
         end
 
         def pp_rule(parts)

data/lib/puffy/formatters/iptables4.rb

@@ -0,0 +1,23 @@
+# frozen_string_literal: true
+
+module Puffy
+  module Formatters
+    module Iptables4 # :nodoc:
+      # IPv4 Iptables implementation of a Puffy Ruleset formatter.
+      class Ruleset < Puffy::Formatters::Iptables::Ruleset # :nodoc:
+        # Return an IPv4 Iptables String representation of the provided +rules+ Puffy::Rule with the +policy+ policy.
+        def emit_ruleset(rules, policy = :block)
+          super(rules.select(&:ipv4?), policy)
+        end
+
+        def filename_fragment
+          ['iptables', 'rules.v4']
+        end
+      end
+
+      # IPv4 Iptables implementation of a Puffy Rulet formatter.
+      class Rule < Puffy::Formatters::Iptables::Rule # :nodoc:
+      end
+    end
+  end
+end

data/lib/puffy/formatters/iptables6.rb

@@ -0,0 +1,23 @@
+# frozen_string_literal: true
+
+module Puffy
+  module Formatters
+    module Iptables6 # :nodoc:
+      # IPv6 Iptables implementation of a Puffy Ruleset formatter.
+      class Ruleset < Puffy::Formatters::Iptables::Ruleset # :nodoc:
+        # Return an IPv6 Iptables String representation of the provided +rules+ Puffy::Rule with the +policy+ policy.
+        def emit_ruleset(rules, policy = :block)
+          super(rules.select(&:ipv6?), policy)
+        end
+
+        def filename_fragment
+          ['iptables', 'rules.v6']
+        end
+      end
+
+      # IPv6 Iptables implementation of a Puffy Rule formatter.
+      class Rule < Puffy::Formatters::Iptables::Rule # :nodoc:
+      end
+    end
+  end
+end