(CAT-376) Rework firewall module to use the resource_api #1145
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
david22swan
force-pushed
the
CONT-376/Firewall_rework
branch
2 times, most recently
from
e7731c0 to
e067e01
Compare
david22swan
changed the title
Closed
david22swan
force-pushed
the
CONT-376/Firewall_rework
branch
13 times, most recently
from
4143d8d to
ccd6486
Compare
david22swan
force-pushed
the
CONT-376/Firewall_rework
branch
from
ccd6486 to
cff3a04
Compare
david22swan
changed the title
david22swan
force-pushed
the
CONT-376/Firewall_rework
branch
9 times, most recently
from
a8affb5 to
91b2ee4
Compare
|
CentOS 8 failures have appeared on nightly, |
Remove all old code from the module
- support for IPv4 (CAT-683) - support for IPv6 (CAT-961)
- support for IPv4 (CAT-684) - support for IPv6 (CAT-961) - support for all attributes (CAT-960)
Update acceptance testing to account for changes. Includes: - standard_usage_spec.rb - rules_spec.rb - resource_cmd_spec.rb - firewallchain_spec.rb - firewall_duplicate_comment_spec.rb
Update acceptance testing to account for changes. Includes: - class_spec.rb - firewall_attributes_exceptions_spec.rb - firewall_attributes_happy_path_spec.rb - firewall_attributes_ipv6_exceptions_spec.rb - firewall_attributes_ipv6_happy_path_spec.rb
Unit test coverage for utility functions found within the puppet_x namespace
Test coverage for the firewall and firewallchain Types
Test separated out into three files due to the size and complexity of the provider.
Actionable errors left in file will be handled by a follow-up PR
david22swan
force-pushed
the
CONT-376/Firewall_rework
branch
from
77b5dd6 to
4a72aab
Compare
bastelfreak
reviewed
Aug 30, 2023
bastelfreak
reviewed
Aug 30, 2023
bastelfreak
approved these changes
Aug 30, 2023
LukasAud
approved these changes
Aug 30, 2023
david22swan
changed the title
|
The action parameter going ? Is that necessary ? If it could live till EOL for EL7? |
|
@traylenator The functionality behind the attribute is still there, it just means renaming the attribute your setting to jump instead. As a side, any reason for E7 in particular? |
Thanks for the reply - will live with the status quo till we launch EL7 into oblivion (and drop this module). |
rdoproject
pushed a commit
to rdo-packages/puppet-firewall-distgit
that referenced
this pull request
Oct 18, 2023
Add Requires on puppet-resource_api It's needed since the merge of [1] [1] puppetlabs/puppetlabs-firewall#1145 (cherry picked from commit 0b245d6) Change-Id: Id033e1418a4696726382b4ceeb684ae0afa3d253
rdoproject
pushed a commit
to rdo-packages/puppet-firewall-distgit
that referenced
this pull request
Oct 18, 2023
It's needed since the merge of [1] [1] puppetlabs/puppetlabs-firewall#1145 Change-Id: If156134ecf968b98578a57dbe14030a1a8c93174
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Summary
This PR has been created to update the Firewall module to utilize the resource_api, with the intention being to increase the ease with which the module can be updated and managed in the future.
As part of this several backwards incompatible changes where made, including:
providerattribute with the Firewall type has been renamedprotocol, due to both the resource_api forbidding the use of this as an attribute name and to bring it in line with the Firewallchain. Though it continues to accept bothiptablesandip6tablesalongsideIPv4andIPv6, this may change in the future.actionattribute has been removed as it managed the same function as thejumpattribute, only on a more limited scale. Though this was given a reason, to enforce the use of generic parameters, I found this to be a needlessly complex addition to the code.portattribute has been removed as it was deprecated several years ago.dport/sportranges should be passed with:as a separator as this is the valid form of input for the flag. Code has been updated to allow the original separator-, though it is not preferred.sport/dport, that require negation to be universal among all passed values have been updated so that rather than negating each and every value passed you now simply negate the first value in the array in order to negate them all, although the original form of negating each and every value is still allowed. Certain array values such assrc_type/dst_typediffer however and necessitate that each value be negated, or not negated as it were, separately.**NOTES:
puppet-resource_apifunctionality to be merged and released: (CAT-761) Add custom_generate as a feature puppet-resource_api#316 -->puppet-resource_apichange has been merged and released (v1.9.0), waiting on update topuppet-agentto include this new version so that I can turn on the automated tests (CAT-761) Update puppet-resource_api version puppet-agent#2383 --> PR has been merged and will be included in7.26.0and8.2.0--> tests enabledChecklist
puppet apply)