diff options
author | Lamont Granquist <lamont@opscode.com> | 2021-06-07 11:02:46 -0700 |
---|---|---|
committer | GitHub <noreply@github.com> | 2021-06-07 11:02:46 -0700 |
commit | f925842b4201b19d4a6817e7817ce415acb05ee0 (patch) | |
tree | 265121cc47d42aa63c4106c3c25c5530f06bbdc1 | |
parent | 3936e6a62c0caac84a9b8f882a7b66ce92c5708a (diff) | |
parent | d140d76e1ed4166aaa626af717f6fbc15c743232 (diff) | |
download | chef-f925842b4201b19d4a6817e7817ce415acb05ee0.tar.gz |
Merge pull request #11657 from chef/jfm/win_firewall
-rw-r--r-- | lib/chef/resource/windows_firewall_rule.rb | 22 | ||||
-rw-r--r-- | spec/unit/resource/windows_firewall_rule_spec.rb | 19 |
2 files changed, 30 insertions, 11 deletions
diff --git a/lib/chef/resource/windows_firewall_rule.rb b/lib/chef/resource/windows_firewall_rule.rb index 069ac650d1..e397a94670 100644 --- a/lib/chef/resource/windows_firewall_rule.rb +++ b/lib/chef/resource/windows_firewall_rule.rb @@ -39,6 +39,19 @@ class Chef end ``` + **Configuring multiple remote-address ports on a rule**: + + ```ruby + windows_firewall_rule 'MyRule' do + description 'Testing out remote address arrays' + enabled false + local_port 1434 + remote_address %w(10.17.3.101 172.7.7.53) + protocol 'TCP' + action :create + end + ``` + **Allow protocol ICMPv6 with ICMP Type**: ```ruby @@ -97,8 +110,9 @@ class Chef coerce: proc { |d| d.is_a?(String) ? d.split(/\s*,\s*/).sort : Array(d).sort.map(&:to_s) }, description: "The local port the firewall rule applies to." - property :remote_address, String, - description: "The remote address the firewall rule applies to." + property :remote_address, [String, Array], + coerce: proc { |d| d.is_a?(String) ? d.split(/\s*,\s*/).sort : Array(d).sort.map(&:to_s) }, + description: "The remote address(es) the firewall rule applies to." property :remote_port, [String, Integer, Array], # split various formats of comma separated lists and provide a sorted array of strings to match PS output @@ -172,7 +186,7 @@ class Chef group state["group"] local_address state["local_address"] local_port Array(state["local_port"]).sort - remote_address state["remote_address"] + remote_address Array(state["remote_address"]).sort remote_port Array(state["remote_port"]).sort direction state["direction"] protocol state["protocol"] @@ -227,7 +241,7 @@ class Chef cmd << " -Description '#{new_resource.description}'" if new_resource.description cmd << " -LocalAddress '#{new_resource.local_address}'" if new_resource.local_address cmd << " -LocalPort '#{new_resource.local_port.join("', '")}'" if new_resource.local_port - cmd << " -RemoteAddress '#{new_resource.remote_address}'" if new_resource.remote_address + cmd << " -RemoteAddress '#{new_resource.remote_address.join("', '")}'" if new_resource.remote_address cmd << " -RemotePort '#{new_resource.remote_port.join("', '")}'" if new_resource.remote_port cmd << " -Direction '#{new_resource.direction}'" if new_resource.direction cmd << " -Protocol '#{new_resource.protocol}'" if new_resource.protocol diff --git a/spec/unit/resource/windows_firewall_rule_spec.rb b/spec/unit/resource/windows_firewall_rule_spec.rb index f4dfea1e0a..d73e7d222a 100644 --- a/spec/unit/resource/windows_firewall_rule_spec.rb +++ b/spec/unit/resource/windows_firewall_rule_spec.rb @@ -85,7 +85,12 @@ describe Chef::Resource::WindowsFirewallRule do it "the remote_address property accepts strings" do resource.remote_address("8.8.4.4") - expect(resource.remote_address).to eql("8.8.4.4") + expect(resource.remote_address).to eql(["8.8.4.4"]) + end + + it "the remote_address property accepts comma separated lists" do + resource.remote_address(["10.17.3.101", "172.7.7.53"]) + expect(resource.remote_address).to eql(%w{10.17.3.101 172.7.7.53}) end it "the remote_port property accepts strings" do @@ -223,8 +228,8 @@ describe Chef::Resource::WindowsFirewallRule do end it "aliases :remoteip to :remote_address" do - resource.remoteip("8.8.8.8") - expect(resource.remote_address).to eql("8.8.8.8") + resource.remoteip(["8.8.8.8"]) + expect(resource.remote_address).to eql(["8.8.8.8"]) end it "aliases :localport to :local_port" do @@ -288,7 +293,7 @@ describe Chef::Resource::WindowsFirewallRule do end it "sets RemoteAddress" do - resource.remote_address("8.8.8.8") + resource.remote_address(["8.8.8.8"]) expect(provider.firewall_command("New")).to eql("New-NetFirewallRule -Name 'test_rule' -DisplayName 'test_rule' -RemoteAddress '8.8.8.8' -Direction 'inbound' -Protocol 'TCP' -IcmpType 'Any' -Action 'allow' -Profile 'any' -InterfaceType 'any' -Enabled 'true'") end @@ -365,7 +370,7 @@ describe Chef::Resource::WindowsFirewallRule do resource.group("new group") resource.local_address("192.168.40.40") resource.local_port("80") - resource.remote_address("8.8.4.4") + resource.remote_address(["8.8.4.4"]) resource.remote_port("8081") resource.direction(:outbound) resource.protocol("UDP") @@ -416,7 +421,7 @@ describe Chef::Resource::WindowsFirewallRule do end it "sets RemoteAddress" do - resource.remote_address("8.8.8.8") + resource.remote_address(["8.8.8.8"]) expect(provider.firewall_command("Set")).to eql("Set-NetFirewallRule -Name 'test_rule' -NewDisplayName 'test_rule' -RemoteAddress '8.8.8.8' -Direction 'inbound' -Protocol 'TCP' -IcmpType 'Any' -Action 'allow' -Profile 'any' -InterfaceType 'any' -Enabled 'true'") end @@ -487,7 +492,7 @@ describe Chef::Resource::WindowsFirewallRule do resource.displayname("some cool display name") resource.local_address("192.168.40.40") resource.local_port("80") - resource.remote_address("8.8.4.4") + resource.remote_address(["8.8.4.4"]) resource.remote_port("8081") resource.direction(:outbound) resource.protocol("UDP") |