From 103e7c5f4396e494c6bc2d75133ebdbaba0ea457 Mon Sep 17 00:00:00 2001
From: Jeffrey Bird <jeffrey.bird@anu.edu.au>
Date: Tue, 25 Jun 2024 11:04:38 +1000
Subject: [PATCH] Fixes ordering for ipsets so that ipsets are defined before
 they are used.

Confirm autorequires for rich_rules and ipsets.

Make sure the ipset autorequires is actually for :firewalld_ipset.

Code error.

Code error.

Ensure the custom service name is correctly formed for rich rule autorequire.

Ensure ipsets are created before they are used.

Updated ordering for other resource types as well.

Updated ordering for port resources  as well.

Cleanup code style for pull request.
---
 lib/puppet/type/firewalld_rich_rule.rb |  8 +++--
 manifests/init.pp                      | 42 +++++++++++++-------------
 2 files changed, 27 insertions(+), 23 deletions(-)

diff --git a/lib/puppet/type/firewalld_rich_rule.rb b/lib/puppet/type/firewalld_rich_rule.rb
index 1ae3882..e148631 100644
--- a/lib/puppet/type/firewalld_rich_rule.rb
+++ b/lib/puppet/type/firewalld_rich_rule.rb
@@ -165,15 +165,19 @@ def elements
     self[:policy] if self[:policy] != :unset
   end
 
-  autorequire(:ipset) do
+  autorequire(:firewalld_ipset) do
     self[:source]['ipset'] if self[:source].is_a?(Hash)
   end
 
-  autorequire(:ipset) do
+  autorequire(:firewalld_ipset) do
     self[:dest]['ipset'] if self[:dest].is_a?(Hash)
   end
 
   autorequire(:service) do
     ['firewalld']
   end
+
+  autorequire(:firewalld_custom_service) do
+    self[:service]&.gsub(%r{[^\w-]}, '_')
+  end
 end
diff --git a/manifests/init.pp b/manifests/init.pp
index efdc020..ed3bd8c 100644
--- a/manifests/init.pp
+++ b/manifests/init.pp
@@ -182,14 +182,9 @@
     enable => $service_enable,
   }
 
-  # create ports
-  Firewalld_port {
-    zone      => $default_port_zone,
-    protocol  => $default_port_protocol,
-  }
-
-  $ports.each |String $key, Hash $attrs| {
-    firewalld_port { $key:
+  #...ipsets
+  $ipsets.each | String $key, Hash $attrs| {
+    firewalld_ipset { $key:
       *       => $attrs,
     }
   }
@@ -208,22 +203,21 @@
     }
   }
 
-  #...services
-  Firewalld_service {
-    zone      => $default_service_zone,
+  # create ports
+  Firewalld_port {
+    zone      => $default_port_zone,
+    protocol  => $default_port_protocol,
   }
 
-  $services.each | String $key, Hash $attrs| {
-    firewalld_service { $key:
+  $ports.each |String $key, Hash $attrs| {
+    firewalld_port { $key:
       *       => $attrs,
     }
   }
 
-  #...rich rules
-  $rich_rules.each | String $key, Hash $attrs| {
-    firewalld_rich_rule { $key:
-      *       => $attrs,
-    }
+  #...services
+  Firewalld_service {
+    zone      => $default_service_zone,
   }
 
   #...custom services
@@ -233,9 +227,8 @@
     }
   }
 
-  #...ipsets
-  $ipsets.each | String $key, Hash $attrs| {
-    firewalld_ipset { $key:
+  $services.each | String $key, Hash $attrs| {
+    firewalld_service { $key:
       *       => $attrs,
     }
   }
@@ -259,6 +252,13 @@
     }
   }
 
+  #...rich rules
+  $rich_rules.each | String $key, Hash $attrs| {
+    firewalld_rich_rule { $key:
+      *       => $attrs,
+    }
+  }
+
   Firewalld_direct_purge {
     notify => Class['firewalld::reload'],
   }