Merge pull request #74 from PlagueHO/Issue-53

Issue #53 - Add Missing Parameters to MSFT_xFirewall Resource
dsccommunity · Dec 29, 2015 · c90bfdf · c90bfdf
2 parents c538009 + e700e27
commit c90bfdf
Show file tree

Hide file tree

Showing 6 changed files with 306 additions and 31 deletions.
diff --git a/DSCResources/MSFT_xFirewall/MSFT_xFirewall.Schema.mof b/DSCResources/MSFT_xFirewall/MSFT_xFirewall.Schema.mof
@@ -27,4 +27,11 @@ class MSFT_xFirewall : OMI_BaseResource
   [Write, Description("Specifies that network packets with matching IP addresses match this rule")] String RemoteAddress[];
   [Write, Description("Specifies that matching IPsec rules of the indicated computer accounts are created")] String RemoteMachine;
   [Write, Description("Specifies that matching IPsec rules of the indicated user accounts are created")] String RemoteUser;
+  [Write, Description("Specifies a dynamic transport"), ValueMap{"Any","ProximityApps","ProximitySharing","WifiDirectPrinting","WifiDirectDisplay","WifiDirectDevices"},Values{"Any","ProximityApps","ProximitySharing","WifiDirectPrinting","WifiDirectDisplay","WifiDirectDevices"}] String DynamicTransport;
+  [Write, Description("Specifies that matching firewall rules of the indicated edge traversal policy are created"), ValueMap{"Block","Allow","DeferToUser","DeferToApp"},Values{"Block","Allow","DeferToUser","DeferToApp"}] String EdgeTraversalPolicy;
+  [Write, Description("Specifies the ICMP type codes")] String IcmpType[];
+  [Write, Description("Indicates that matching firewall rules of the indicated value are created")] Boolean LocalOnlyMapping;
+  [Write, Description("Indicates that matching firewall rules of the indicated value are created")] Boolean LooseSourceMapping;
+  [Write, Description("Indicates that matching network traffic that would otherwise be blocked are allowed")] Boolean OverrideBlockRules;
+  [Write, Description("Specifies that matching firewall rules of the indicated owner are created")] String Owner;
 };
diff --git a/DSCResources/MSFT_xFirewall/MSFT_xFirewall.psm1 b/DSCResources/MSFT_xFirewall/MSFT_xFirewall.psm1
@@ -63,6 +63,13 @@ data ParameterList
         @{ Name = 'RemoteAddress'; Source = '$properties.AddressFilters.RemoteAddress'; Type = 'Array' }
         @{ Name = 'RemoteMachine'; Source = '$properties.SecurityFilters.RemoteMachine'; Type = 'String' }
         @{ Name = 'RemoteUser'; Source = '$properties.SecurityFilters.RemoteUser'; Type = 'String' }
+        @{ Name = 'DynamicTransport'; Source = '$properties.PortFilters.DynamicTransport'; Type = 'String' }
+        @{ Name = 'EdgeTraversalPolicy'; Source = '$FirewallRule.EdgeTraversalPolicy'; Type = 'String' }
+        @{ Name = 'IcmpType'; Source = '$properties.PortFilters.IcmpType'; Type = 'Array' }
+        @{ Name = 'LocalOnlyMapping'; Source = '$FirewallRule.LocalOnlyMapping'; Type = 'Boolean' }
+        @{ Name = 'LooseSourceMapping'; Source = '$FirewallRule.LooseSourceMapping'; Type = 'Boolean' }
+        @{ Name = 'OverrideBlockRules'; Source = '$properties.SecurityFilters.OverrideBlockRules'; Type = 'Boolean' }
+        @{ Name = 'Owner'; Source = '$FirewallRule.Owner'; Type = 'String' }
     )
 }
 
@@ -236,7 +243,32 @@ function Set-TargetResource
 
         # Specifies that matching IPsec rules of the indicated user accounts are created
         [ValidateNotNullOrEmpty()]
-        [String] $RemoteUser
+        [String] $RemoteUser,
+
+        # Specifies a dynamic transport
+        [ValidateSet('Any','ProximityApps','ProximitySharing','WifiDirectPrinting','WifiDirectDisplay','WifiDirectDevices')]
+        [String] $DynamicTransport,
+
+        # Specifies that matching firewall rules of the indicated edge traversal policy are created
+        [ValidateSet('Block','Allow','DeferToUser','DeferToApp')]
+        [String] $EdgeTraversalPolicy,
+
+        # Specifies the ICMP type codes
+        [ValidateNotNullOrEmpty()]
+        [String[]] $IcmpType,
+
+        # Indicates that matching firewall rules of the indicated value are created
+        [Boolean] $LocalOnlyMapping,
+
+        # Indicates that matching firewall rules of the indicated value are created
+        [Boolean] $LooseSourceMapping,
+
+        # Indicates that matching network traffic that would otherwise be blocked are allowed
+        [Boolean] $OverrideBlockRules,
+
+        # Specifies that matching firewall rules of the indicated owner are created
+        [ValidateNotNullOrEmpty()]
+        [String] $Owner
     )
 
     Write-Verbose -Message ( @( "$($MyInvocation.MyCommand): "
@@ -465,7 +497,32 @@ function Test-TargetResource
 
         # Specifies that matching IPsec rules of the indicated user accounts are created
         [ValidateNotNullOrEmpty()]
-        [String] $RemoteUser
+        [String] $RemoteUser,
+
+        # Specifies a dynamic transport
+        [ValidateSet('Any','ProximityApps','ProximitySharing','WifiDirectPrinting','WifiDirectDisplay','WifiDirectDevices')]
+        [String] $DynamicTransport,
+
+        # Specifies that matching firewall rules of the indicated edge traversal policy are created
+        [ValidateSet('Block','Allow','DeferToUser','DeferToApp')]
+        [String] $EdgeTraversalPolicy,
+
+        # Specifies the ICMP type codes
+        [ValidateNotNullOrEmpty()]
+        [String[]] $IcmpType,
+
+        # Indicates that matching firewall rules of the indicated value are created
+        [Boolean] $LocalOnlyMapping,
+
+        # Indicates that matching firewall rules of the indicated value are created
+        [Boolean] $LooseSourceMapping,
+
+        # Indicates that matching network traffic that would otherwise be blocked are allowed
+        [Boolean] $OverrideBlockRules,
+
+        # Specifies that matching firewall rules of the indicated owner are created
+        [ValidateNotNullOrEmpty()]
+        [String] $Owner
     )
 
     Write-Verbose -Message ( @( "$($MyInvocation.MyCommand): "
@@ -548,7 +605,14 @@ function Test-RuleProperties
         [String[]] $Platform,
         [String[]] $RemoteAddress,
         [String] $RemoteMachine,
-        [String] $RemoteUser
+        [String] $RemoteUser,
+        [String] $DynamicTransport,
+        [String] $EdgeTraversalPolicy,
+        [String[]] $IcmpType,
+        [Boolean] $LocalOnlyMapping,
+        [Boolean] $LooseSourceMapping,
+        [Boolean] $OverrideBlockRules,
+        [String] $Owner
     )
 
     $properties = Get-FirewallRuleProperty -FirewallRule $FirewallRule
@@ -576,6 +640,18 @@ function Test-RuleProperties
                     $desiredConfigurationMatch = $false
                 }
             }
+            'Boolean'
+            {
+                # Perform a boolean comparison.
+                if ($ParameterNew -and ($ParameterSource -ne $ParameterNew))
+                {
+                    Write-Verbose -Message ( @( "$($MyInvocation.MyCommand): "
+                        $($LocalizedData.PropertyNoMatchMessage) `
+                            -f $parameter.Name,$ParameterSource,$ParameterNew
+                        ) -join '')
+                    $desiredConfigurationMatch = $false
+                }
+            }
             'Array'
             {
                 # Array comparison uses Compare-Object

diff --git a/Examples/Sample_xFirewall_AddFirewallRule_AllParameters.ps1 b/Examples/Sample_xFirewall_AddFirewallRule_AllParameters.ps1
@@ -39,9 +39,16 @@ configuration Sample_xFirewall_AddFirewallRule_AllParameters
             RemoteAddress         = @("192.168.2.0-192.168.2.128","192.168.1.0/255.255.255.0")
             RemoteMachine         = "O:LSD:(D;;CC;;;S-1-5-21-1915925333-479612515-2636650677-1621)(A;;CC;;;S-1-5-21-1915925333-479612515-2636650677-1620)"
             RemoteUser            = "O:LSD:(D;;CC;;;S-1-15-3-4)(A;;CC;;;S-1-5-21-3337988176-3917481366-464002247-1001)"
+            DynamicTransport      = "ProximitySharing"
+            EdgeTraversalPolicy   = "Block"
+            IcmpType              = ("51","52")
+            LocalOnlyMapping      = $true
+            LooseSourceMapping    = $true
+            OverrideBlockRules    = $true
+            Owner                 = "S-1-5-21-3337988176-3917481366-464002247-500"
         }
     }
- }
+}
 
 Sample_xFirewall_AddFirewallRule_AllParameters
 Start-DscConfiguration -Path Sample_xFirewall_AddFirewallRule_AllParameters -Wait -Verbose -Force
diff --git a/README.md b/README.md
@@ -71,7 +71,14 @@ Please check out common DSC Resources [contributing guidelines](https://github.c
 * **Platform**: Specifies which version of Windows the associated rule applies.
 * **RemoteAddress**: Specifies that network packets with matching IP addresses match this rule. This parameter value is the second end point of an IPsec rule and specifies the computers that are subject to the requirements of this rule. This parameter value is an IPv4 or IPv6 address, hostname, subnet, range, or the following keyword: Any
 * **RemoteMachine**: Specifies that matching IPsec rules of the indicated computer accounts are created. This parameter specifies that only network packets that are authenticated as incoming from or outgoing to a computer identified in the list of computer accounts (SID) match this rule. This parameter value is specified as an SDDL string. 
-* **RemoteUser**: Specifies that matching IPsec rules of the indicated user accounts are created. This parameter specifies that only network packets that are authenticated as incoming from or outgoing to a user identified in the list of user accounts match this rule. This parameter value is specified as an SDDL string. 
+* **RemoteUser**: Specifies that matching IPsec rules of the indicated user accounts are created. This parameter specifies that only network packets that are authenticated as incoming from or outgoing to a user identified in the list of user accounts match this rule. This parameter value is specified as an SDDL string.
+* **DynamicTransport**: Specifies a dynamic transport: { Any | ProximityApps | ProximitySharing | WifiDirectPrinting | WifiDirectDisplay | WifiDirectDevices }
+* **EdgeTraversalPolicy**: Specifies that matching firewall rules of the indicated edge traversal policy are created: { Block | Allow | DeferToUser | DeferToApp }
+* **IcmpType**: Specifies the ICMP type codes.
+* **LocalOnlyMapping**: Indicates that matching firewall rules of the indicated value are created.
+* **LooseSourceMapping**: Indicates that matching firewall rules of the indicated value are created.
+* **OverrideBlockRules**: Indicates that matching network traffic that would otherwise be blocked are allowed.
+* **Owner**: Specifies that matching firewall rules of the indicated owner are created.
 
 ### xNetConnectionProfile
 * **InterfaceAlias**: Specifies the alias for the Interface that is being changed.
@@ -111,6 +118,13 @@ The cmdlet does not fully support the Inquire action for debug messages. Cmdlet
 * MSFT_xNetConnectionProfile: Integration tests fixed when more than one connection profile present.
 * Changed AppVeyor.yml to use WMF 5 build environment.
 * MSFT_xIPAddress: Removed test for DHCP Status.
+* MSFT_xFirewall: New parameters added:
+    * DynamicTransport
+    * EdgeTraversalPolicy
+    * LocalOnlyMapping
+    * LooseSourceMapping
+    * OverrideBlockRules
+    * Owner
 
 ### 2.5.0.0
 * Added the following resources:
@@ -566,6 +580,13 @@ configuration Sample_xFirewall_AddFirewallRule_AllParameters
             RemoteAddress         = @("192.168.2.0-192.168.2.128","192.168.1.0/255.255.255.0")
             RemoteMachine         = "O:LSD:(D;;CC;;;S-1-5-21-1915925333-479612515-2636650677-1621)(A;;CC;;;S-1-5-21-1915925333-479612515-2636650677-1620)"
             RemoteUser            = "O:LSD:(D;;CC;;;S-1-15-3-4)(A;;CC;;;S-1-5-21-3337988176-3917481366-464002247-1001)"
+            DynamicTransport      = "ProximitySharing"
+            EdgeTraversalPolicy   = "Block"
+            IcmpType              = ("51","52")
+            LocalOnlyMapping      = $true
+            LooseSourceMapping    = $true
+            OverrideBlockRules    = $true
+            Owner                 = "S-1-5-21-3337988176-3917481366-464002247-500"
         }
     }
  }

diff --git a/Tests/Integration/MSFT_xFirewall.config.ps1 b/Tests/Integration/MSFT_xFirewall.config.ps1
@@ -29,6 +29,12 @@ $rule = @{
     RemoteAddress         = @('192.168.2.0-192.168.2.128','192.168.1.0/255.255.255.0')
     RemoteMachine         = 'Any'
     RemoteUser            = 'Any'
+    DynamicTransport      = 'Any'
+    EdgeTraversalPolicy   = 'Allow'
+    LocalOnlyMapping      = $false
+    LooseSourceMapping    = $false
+    OverrideBlockRules    = $false
+    Owner                 = (Get-CimInstance win32_useraccount | Select-Object -First 1).Sid
 }
 
 Configuration MSFT_xFirewall_Config {
@@ -60,6 +66,12 @@ Configuration MSFT_xFirewall_Config {
             RemoteAddress         = $rule.RemoteAddress
             RemoteMachine         = $rule.RemoteMachine
             RemoteUser            = $rule.RemoteUser
+            DynamicTransport      = $rule.DynamicTransport
+            EdgeTraversalPolicy   = $rule.EdgeTraversalPolicy
+            LocalOnlyMapping      = $rule.LocalOnlyMapping
+            LooseSourceMapping    = $rule.LooseSourceMapping
+            OverrideBlockRules    = $rule.OverrideBlockRules
+            Owner                 = $rule.Owner
         }
     }
 }