Allow passing multiple ports in windows_firewall

Allow ports to be an integer
Allow ports to be a comma separated list or an array
Workaround a bug in PowerShell where arrays that are converted to json turn into hashes with the count and the value
The quotes around the port are removed because you can't pass '80,8080' in the cmdlet. It has to be a bare 80,8080

Signed-off-by: Tim Smith <tsmith@chef.io>

1 files changed, 17 insertions, 14 deletions

diff --git a/lib/chef/resource/windows_firewall_rule.rb b/lib/chef/resource/windows_firewall_rule.rb
index a7e4609605..466378f615 100644
--- a/lib/chef/resource/windows_firewall_rule.rb
+++ b/lib/chef/resource/windows_firewall_rule.rb
@@ -40,18 +40,19 @@ class Chef
       property :local_address, String,
                description: "The local address the firewall rule applies to."
 
-      property :local_port, String,
+      property :local_port, [String, Integer, Array],
+               coerce: proc { |d| d.is_a?(String) ? d.split(/\s*,\s*/).sort : Array(d).sort },
                description: "The local port the firewall rule applies to."
 
       property :remote_address, String,
                description: "The remote address the firewall rule applies to."
 
-      property :remote_port, String,
+      property :remote_port, [String, Integer, Array],
+               coerce: proc { |d| d.is_a?(String) ? d.split(/\s*,\s*/).sort : Array(d).sort },
                description: "The remote port the firewall rule applies to."
 
       property :direction, [Symbol, String],
-               default: :inbound,
-               equal_to: [:inbound, :outbound],
+               default: :inbound, equal_to: [:inbound, :outbound],
                description: "The direction of the firewall rule. Direction means either inbound or outbound traffic.",
                coerce: proc { |d| d.is_a?(String) ? d.downcase.to_sym : d }
 
@@ -60,14 +61,12 @@ class Chef
                description: "The protocol the firewall rule applies to."
 
       property :firewall_action, [Symbol, String],
-               default: :allow,
-               equal_to: [:allow, :block, :notconfigured],
+               default: :allow, equal_to: [:allow, :block, :notconfigured],
                description: "The action of the firewall rule.",
                coerce: proc { |f| f.is_a?(String) ? f.downcase.to_sym : f }
 
       property :profile, [Symbol, String],
-               default: :any,
-               equal_to: [:public, :private, :domain, :any, :notapplicable],
+               default: :any, equal_to: [:public, :private, :domain, :any, :notapplicable],
                description: "The profile the firewall rule applies to.",
                coerce: proc { |p| p.is_a?(String) ? p.downcase.to_sym : p }
 
@@ -78,8 +77,7 @@ class Chef
                description: "The service the firewall rule applies to."
 
       property :interface_type, [Symbol, String],
-               default: :any,
-               equal_to: [:any, :wireless, :wired, :remoteaccess],
+               default: :any, equal_to: [:any, :wireless, :wired, :remoteaccess],
                description: "The interface type the firewall rule applies to.",
                coerce: proc { |i| i.is_a?(String) ? i.downcase.to_sym : i }
 
@@ -102,9 +100,9 @@ class Chef
           state = Chef::JSONCompat.from_json(output.stdout)
         end
         local_address state["local_address"]
-        local_port state["local_port"]
+        local_port Array(state["local_port"]).sort
         remote_address state["remote_address"]
-        remote_port state["remote_port"]
+        remote_port Array(state["remote_port"]).sort
         direction state["direction"]
         protocol state["protocol"]
         firewall_action state["firewall_action"]
@@ -116,6 +114,8 @@ class Chef
       end
 
       action :create do
+        description "Create a Windows firewall entry."
+
         if current_resource
           converge_if_changed :rule_name, :local_address, :local_port, :remote_address, :remote_port, :direction,
                               :protocol, :firewall_action, :profile, :program, :service, :interface_type, :enabled do
@@ -131,6 +131,8 @@ class Chef
       end
 
       action :delete do
+        description "Delete an existing Windows firewall entry."
+
         if current_resource
           converge_by("delete firewall rule #{new_resource.rule_name}") do
             powershell_out!("Remove-NetFirewallRule -Name '#{new_resource.rule_name}'")
@@ -148,9 +150,9 @@ class Chef
           cmd << " -DisplayName '#{new_resource.rule_name}'" if cmdlet_type == "New"
           cmd << " -Description '#{new_resource.description}'" if new_resource.description
           cmd << " -LocalAddress '#{new_resource.local_address}'" if new_resource.local_address
-          cmd << " -LocalPort '#{new_resource.local_port}'" if new_resource.local_port
+          cmd << " -LocalPort #{new_resource.local_port.join(',')}" if new_resource.local_port
           cmd << " -RemoteAddress '#{new_resource.remote_address}'" if new_resource.remote_address
-          cmd << " -RemotePort '#{new_resource.remote_port}'" if new_resource.remote_port
+          cmd << " -RemotePort #{new_resource.remote_port.join(',')}" if new_resource.remote_port
           cmd << " -Direction '#{new_resource.direction}'" if new_resource.direction
           cmd << " -Protocol '#{new_resource.protocol}'" if new_resource.protocol
           cmd << " -Action '#{new_resource.firewall_action}'" if new_resource.firewall_action
@@ -170,6 +172,7 @@ class Chef
       # # @return [String] current firewall state
       def load_firewall_state(rule_name)
         <<-EOH
+          Remove-TypeData System.Array # workaround for PS bug here: https://bit.ly/2SRMQ8M
           $rule = Get-NetFirewallRule -Name '#{rule_name}'
           $addressFilter = $rule | Get-NetFirewallAddressFilter
           $portFilter = $rule | Get-NetFirewallPortFilter