diff options
author | Tim Smith <tsmith@chef.io> | 2018-11-06 11:59:25 -0800 |
---|---|---|
committer | Tim Smith <tsmith@chef.io> | 2018-11-06 14:44:23 -0800 |
commit | 61d06b9d6bd5413d057f8f26771f7bf4041178e4 (patch) | |
tree | 0641734443c029cf77a70a7a3adc17490f731d7b /lib/chef/resource | |
parent | b46f0553ef6495ad81196d3065441600fd087762 (diff) | |
download | chef-61d06b9d6bd5413d057f8f26771f7bf4041178e4.tar.gz |
Allow passing multiple ports in windows_firewall
Allow ports to be an integer
Allow ports to be a comma separated list or an array
Workaround a bug in PowerShell where arrays that are converted to json turn into hashes with the count and the value
The quotes around the port are removed because you can't pass '80,8080' in the cmdlet. It has to be a bare 80,8080
Signed-off-by: Tim Smith <tsmith@chef.io>
Diffstat (limited to 'lib/chef/resource')
-rw-r--r-- | lib/chef/resource/windows_firewall_rule.rb | 31 |
1 files changed, 17 insertions, 14 deletions
diff --git a/lib/chef/resource/windows_firewall_rule.rb b/lib/chef/resource/windows_firewall_rule.rb index a7e4609605..466378f615 100644 --- a/lib/chef/resource/windows_firewall_rule.rb +++ b/lib/chef/resource/windows_firewall_rule.rb @@ -40,18 +40,19 @@ class Chef property :local_address, String, description: "The local address the firewall rule applies to." - property :local_port, String, + property :local_port, [String, Integer, Array], + coerce: proc { |d| d.is_a?(String) ? d.split(/\s*,\s*/).sort : Array(d).sort }, description: "The local port the firewall rule applies to." property :remote_address, String, description: "The remote address the firewall rule applies to." - property :remote_port, String, + property :remote_port, [String, Integer, Array], + coerce: proc { |d| d.is_a?(String) ? d.split(/\s*,\s*/).sort : Array(d).sort }, description: "The remote port the firewall rule applies to." property :direction, [Symbol, String], - default: :inbound, - equal_to: [:inbound, :outbound], + default: :inbound, equal_to: [:inbound, :outbound], description: "The direction of the firewall rule. Direction means either inbound or outbound traffic.", coerce: proc { |d| d.is_a?(String) ? d.downcase.to_sym : d } @@ -60,14 +61,12 @@ class Chef description: "The protocol the firewall rule applies to." property :firewall_action, [Symbol, String], - default: :allow, - equal_to: [:allow, :block, :notconfigured], + default: :allow, equal_to: [:allow, :block, :notconfigured], description: "The action of the firewall rule.", coerce: proc { |f| f.is_a?(String) ? f.downcase.to_sym : f } property :profile, [Symbol, String], - default: :any, - equal_to: [:public, :private, :domain, :any, :notapplicable], + default: :any, equal_to: [:public, :private, :domain, :any, :notapplicable], description: "The profile the firewall rule applies to.", coerce: proc { |p| p.is_a?(String) ? p.downcase.to_sym : p } @@ -78,8 +77,7 @@ class Chef description: "The service the firewall rule applies to." property :interface_type, [Symbol, String], - default: :any, - equal_to: [:any, :wireless, :wired, :remoteaccess], + default: :any, equal_to: [:any, :wireless, :wired, :remoteaccess], description: "The interface type the firewall rule applies to.", coerce: proc { |i| i.is_a?(String) ? i.downcase.to_sym : i } @@ -102,9 +100,9 @@ class Chef state = Chef::JSONCompat.from_json(output.stdout) end local_address state["local_address"] - local_port state["local_port"] + local_port Array(state["local_port"]).sort remote_address state["remote_address"] - remote_port state["remote_port"] + remote_port Array(state["remote_port"]).sort direction state["direction"] protocol state["protocol"] firewall_action state["firewall_action"] @@ -116,6 +114,8 @@ class Chef end action :create do + description "Create a Windows firewall entry." + if current_resource converge_if_changed :rule_name, :local_address, :local_port, :remote_address, :remote_port, :direction, :protocol, :firewall_action, :profile, :program, :service, :interface_type, :enabled do @@ -131,6 +131,8 @@ class Chef end action :delete do + description "Delete an existing Windows firewall entry." + if current_resource converge_by("delete firewall rule #{new_resource.rule_name}") do powershell_out!("Remove-NetFirewallRule -Name '#{new_resource.rule_name}'") @@ -148,9 +150,9 @@ class Chef cmd << " -DisplayName '#{new_resource.rule_name}'" if cmdlet_type == "New" cmd << " -Description '#{new_resource.description}'" if new_resource.description cmd << " -LocalAddress '#{new_resource.local_address}'" if new_resource.local_address - cmd << " -LocalPort '#{new_resource.local_port}'" if new_resource.local_port + cmd << " -LocalPort #{new_resource.local_port.join(',')}" if new_resource.local_port cmd << " -RemoteAddress '#{new_resource.remote_address}'" if new_resource.remote_address - cmd << " -RemotePort '#{new_resource.remote_port}'" if new_resource.remote_port + cmd << " -RemotePort #{new_resource.remote_port.join(',')}" if new_resource.remote_port cmd << " -Direction '#{new_resource.direction}'" if new_resource.direction cmd << " -Protocol '#{new_resource.protocol}'" if new_resource.protocol cmd << " -Action '#{new_resource.firewall_action}'" if new_resource.firewall_action @@ -170,6 +172,7 @@ class Chef # # @return [String] current firewall state def load_firewall_state(rule_name) <<-EOH + Remove-TypeData System.Array # workaround for PS bug here: https://bit.ly/2SRMQ8M $rule = Get-NetFirewallRule -Name '#{rule_name}' $addressFilter = $rule | Get-NetFirewallAddressFilter $portFilter = $rule | Get-NetFirewallPortFilter |