Skip to content

Commit

Permalink
Fixes ordering for ipsets so that ipsets are defined
Browse files Browse the repository at this point in the history 
before they are used.

Confirm autorequires for rich_rules and ipsets.

Make sure the ipset autorequires is actually for :firewalld_ipset.

Code error.

Code error.

Ensure the custom service name is correctly formed for rich rule autorequire.

Ensure ipsets are created before they are used.

Updated ordering for other resource types as well.

Updated ordering for port resources  as well.

Cleanup code style for pull request.
  • Loading branch information
@jbirdman
jbirdman committed Jun 25, 2024
1 parent 8d3ca02 commit 103e7c5
Show file tree
Hide file tree
Showing 2 changed files with 27 additions and 23 deletions.
8 changes: 6 additions & 2 deletions lib/puppet/type/firewalld_rich_rule.rb
View file
Original file line number Diff line number Diff line change
Expand Up @@ -165,15 +165,19 @@ def elements
self[:policy] if self[:policy] != :unset
end

autorequire(:ipset) do
autorequire(:firewalld_ipset) do
self[:source]['ipset'] if self[:source].is_a?(Hash)
end

autorequire(:ipset) do
autorequire(:firewalld_ipset) do
self[:dest]['ipset'] if self[:dest].is_a?(Hash)
end

autorequire(:service) do
['firewalld']
end

autorequire(:firewalld_custom_service) do
self[:service]&.gsub(%r{[^\w-]}, '_')
end
end
42 changes: 21 additions & 21 deletions manifests/init.pp
View file
Original file line number Diff line number Diff line change
Expand Up @@ -182,14 +182,9 @@
enable => $service_enable,
}

# create ports
Firewalld_port {
zone => $default_port_zone,
protocol => $default_port_protocol,
}

$ports.each |String $key, Hash $attrs| {
firewalld_port { $key:
#...ipsets
$ipsets.each | String $key, Hash $attrs| {
firewalld_ipset { $key:
* => $attrs,
}
}
Expand All @@ -208,22 +203,21 @@
}
}

#...services
Firewalld_service {
zone => $default_service_zone,
# create ports
Firewalld_port {
zone => $default_port_zone,
protocol => $default_port_protocol,
}

$services.each | String $key, Hash $attrs| {
firewalld_service { $key:
$ports.each |String $key, Hash $attrs| {
firewalld_port { $key:
* => $attrs,
}
}

#...rich rules
$rich_rules.each | String $key, Hash $attrs| {
firewalld_rich_rule { $key:
* => $attrs,
}
#...services
Firewalld_service {
zone => $default_service_zone,
}

#...custom services
Expand All @@ -233,9 +227,8 @@
}
}

#...ipsets
$ipsets.each | String $key, Hash $attrs| {
firewalld_ipset { $key:
$services.each | String $key, Hash $attrs| {
firewalld_service { $key:
* => $attrs,
}
}
Expand All @@ -259,6 +252,13 @@
}
}

#...rich rules
$rich_rules.each | String $key, Hash $attrs| {
firewalld_rich_rule { $key:
* => $attrs,
}
}

Firewalld_direct_purge {
notify => Class['firewalld::reload'],
}
Expand Down

0 comments on commit 103e7c5

Please sign in to comment.