Skip to content
This repository

HTTPS clone URL

Subversion checkout URL

You can clone with HTTPS or Subversion.

Download ZIP
Browse code

refactor all resources and providers into LWRPs

  • Loading branch information...
commit 5cc5aa9abed31835090b6577f48244b4ba15b9f3 1 parent d101a72
Seth Chisamore authored August 30, 2011
17  firewall/README.md
Source Rendered
@@ -31,17 +31,15 @@ Resources/Providers
31 31
 
32 32
 - :enable: enable the firewall.  this will make any rules that have been defined 'active'.
33 33
 - :disable: disable the firewall. drop any rules and put the node in an unprotected state.
34  
-- :reset: reset the firewall. drop any rules and puts the node in the default state. Does not enable or disable the firewall.
35  
-- :logging: set the logging level for the firewall. Requires the 'level' attribute parameter. Default if unset if 'low'.
36 34
 
37 35
 ### Attribute Parameters
38 36
 
39 37
 - name: name attribute. arbitrary name to uniquely identify this resource
40  
-- level: used by the `logging` action, options are 'on', 'off', 'low', 'medium', 'high' and 'full'.
  38
+- log_level: level of verbosity the firewall should log at. valid values are: :low, :medium, :high, :full. default is :low.
41 39
 
42 40
 ### Providers
43 41
 
44  
-- `Chef::Provider::Firewall::Ufw`
  42
+- `Chef::Provider::FirewallUfw`
45 43
     - platform default: Ubuntu
46 44
 
47 45
 ### Examples
@@ -53,8 +51,8 @@ Resources/Providers
53 51
 
54 52
     # increase logging past default of 'low'
55 53
     firewall "debug firewalls" do
56  
-      level 'high'
57  
-      action :logging
  54
+      log_level :high
  55
+      action :enable
58 56
     end
59 57
 
60 58
 `firewall_rule`
@@ -64,7 +62,6 @@ Resources/Providers
64 62
 
65 63
 - :allow: the rule should allow incoming traffic.
66 64
 - :deny: the rule should deny incoming traffic.
67  
-- :logging: the rule should reject incoming traffic.
68 65
 - :reject: the rule should reject incoming traffic.
69 66
 
70 67
 ### Attribute Parameters
@@ -76,13 +73,13 @@ Resources/Providers
76 73
 - destination: ip address or subnet to filter on outgoing traffic. 
77 74
 - dest_port: outgoing port number.
78 75
 - position: position to insert rule at. if not provided rule is inserted at the end of the rule list.
79  
-- direction: direction of the rule. 'in' or 'out' are supported, 'in' is default.
  76
+- direction: direction of the rule. valid values are: :in, :out, default is :in
80 77
 - interface: interface to apply rule (ie. 'eth0').
81  
-- logging: may be added to enable logging for a particular rule. 'log' and 'log-all' are supported options. In the ufw provider, 'log' logs new connections while 'log-all' logs all packets.
  78
+- logging: may be added to enable logging for a particular rule. valid values are: :connections, :packets. In the ufw provider, :connections logs new connections while :packets logs all packets.
82 79
 
83 80
 ### Providers
84 81
 
85  
-- `Chef::Provider::FirewallRule::Ufw`
  82
+- `Chef::Provider::FirewallRuleUfw`
86 83
     - platform default: Ubuntu
87 84
 
88 85
 ### Examples
85  firewall/libraries/provider_firewall_ufw.rb
... ...
@@ -1,85 +0,0 @@
1  
-#
2  
-# Author:: Seth Chisamore (<schisamo@opscode.com>)
3  
-# Copyright:: Copyright (c) 2011 Opscode, Inc.
4  
-# License:: Apache License, Version 2.0
5  
-#
6  
-# Licensed under the Apache License, Version 2.0 (the "License");
7  
-# you may not use this file except in compliance with the License.
8  
-# You may obtain a copy of the License at
9  
-# 
10  
-#     http://www.apache.org/licenses/LICENSE-2.0
11  
-# 
12  
-# Unless required by applicable law or agreed to in writing, software
13  
-# distributed under the License is distributed on an "AS IS" BASIS,
14  
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
15  
-# See the License for the specific language governing permissions and
16  
-# limitations under the License.
17  
-#
18  
-
19  
-require 'chef/log'
20  
-require 'chef/provider'
21  
-require 'chef/mixin/shell_out'
22  
-
23  
-class Chef
24  
-  class Provider
25  
-    class Firewall
26  
-      class Ufw < Chef::Provider
27  
-        include Chef::Mixin::ShellOut
28  
-
29  
-        def load_current_resource
30  
-          @current_resource = Chef::Resource::Firewall.new(@new_resource.name)
31  
-        end
32  
-
33  
-        def action_enable
34  
-          unless active?
35  
-            shell_out!("echo yes | ufw enable")
36  
-            Chef::Log.info("#{@new_resource} enabled")
37  
-            @new_resource.updated_by_last_action(true)
38  
-          else
39  
-            Chef::Log.debug("#{@new_resource} already enabled.")
40  
-          end
41  
-        end
42  
-
43  
-        def action_disable
44  
-          if active?
45  
-            shell_out!("ufw disable")
46  
-            Chef::Log.info("#{@new_resource} disabled")
47  
-            @new_resource.updated_by_last_action(true)
48  
-          else
49  
-            Chef::Log.debug("#{@new_resource} already disabled.")
50  
-          end
51  
-        end
52  
-
53  
-        def action_reset
54  
-          shell_out!("ufw --force reset")
55  
-          Chef::Log.info("#{@new_resource} reset")
56  
-          @new_resource.updated_by_last_action(true)
57  
-        end
58  
-
59  
-        def action_logging
60  
-          if @new_resource.level
61  
-            shell_out!("ufw logging #{@new_resource.level}")
62  
-            Chef::Log.info("ufw logging #{@new_resource.level} set")
63  
-            @new_resource.updated_by_last_action(true)
64  
-          else
65  
-            raise Chef::Exception::UnsupportedAction, "firewall :logging action failed without level!"
66  
-          end
67  
-        end
68  
-          
69  
-        private
70  
-        def active?
71  
-          @active ||= begin
72  
-            cmd = shell_out!("ufw status")
73  
-            cmd.stdout =~ /^Status:\sactive/
74  
-          end
75  
-        end
76  
-      end
77  
-    end
78  
-  end
79  
-end
80  
-
81  
-Chef::Platform.set(
82  
-  :platform => :ubuntu,
83  
-  :resource => :firewall,
84  
-  :provider => Chef::Provider::Firewall::Ufw
85  
-)
110  firewall/libraries/provider_firewall_ufw_rule.rb
... ...
@@ -1,110 +0,0 @@
1  
-#
2  
-# Author:: Seth Chisamore (<schisamo@opscode.com>)
3  
-# Copyright:: Copyright (c) 2011 Opscode, Inc.
4  
-# License:: Apache License, Version 2.0
5  
-#
6  
-# Licensed under the Apache License, Version 2.0 (the "License");
7  
-# you may not use this file except in compliance with the License.
8  
-# You may obtain a copy of the License at
9  
-# 
10  
-#     http://www.apache.org/licenses/LICENSE-2.0
11  
-# 
12  
-# Unless required by applicable law or agreed to in writing, software
13  
-# distributed under the License is distributed on an "AS IS" BASIS,
14  
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
15  
-# See the License for the specific language governing permissions and
16  
-# limitations under the License.
17  
-#
18  
-
19  
-require 'chef/log'
20  
-require 'chef/provider'
21  
-require 'chef/mixin/shell_out'
22  
-
23  
-class Chef
24  
-  class Provider
25  
-    class Firewall
26  
-      class UfwRule < Chef::Provider
27  
-        include Chef::Mixin::ShellOut
28  
-
29  
-        def load_current_resource
30  
-          @current_resource = Chef::Resource::FirewallRule.new(@new_resource.name)
31  
-        end
32  
-
33  
-        def action_allow
34  
-          apply_rule('allow')
35  
-        end
36  
-
37  
-        def action_deny
38  
-          apply_rule('deny')
39  
-        end
40  
-
41  
-        def action_reject
42  
-          apply_rule('reject')
43  
-        end
44  
-
45  
-        private
46  
-        # ufw allow from 192.168.0.4 to any port 22
47  
-        # ufw deny proto tcp from 10.0.0.0/8 to 192.168.0.1 port 25
48  
-        # ufw insert 1 allow proto tcp from 0.0.0.0/0 to 192.168.0.1 port 25
49  
-        def apply_rule(type=nil)
50  
-          unless rule_exists?
51  
-            ufw_command = "ufw "
52  
-            ufw_command += "insert #{@new_resource.position} " if @new_resource.position
53  
-            ufw_command += "#{type} "
54  
-            ufw_command += "#{@new_resource.direction} " if @new_resource.direction
55  
-            if @new_resource.interface
56  
-              if @new_resource.direction
57  
-                ufw_command += "on #{@new_resource.interface} "
58  
-              else
59  
-                ufw_command += "in on #{@new_resource.interface} "
60  
-              end
61  
-            end
62  
-            ufw_command += "#{@new_resource.logging} " if @new_resource.logging
63  
-            ufw_command += "proto #{@new_resource.protocol} " if @new_resource.protocol
64  
-            if @new_resource.source
65  
-              ufw_command += "from #{@new_resource.source} "
66  
-            else
67  
-              ufw_command += "from any "
68  
-            end
69  
-            ufw_command += "port #{@new_resource.dest_port} " if @new_resource.dest_port
70  
-            if @new_resource.destination
71  
-              ufw_command += "to #{@new_resource.destination} "
72  
-            else
73  
-              ufw_command += "to any "
74  
-            end
75  
-            ufw_command += "port #{@new_resource.port} " if @new_resource.port
76  
-
77  
-            Chef::Log.debug("ufw: #{ufw_command}")
78  
-            shell_out!(ufw_command)
79  
-
80  
-            Chef::Log.info("#{@new_resource} #{type} rule added")
81  
-            shell_out!("ufw status verbose") # purely for the Chef::Log.debug output
82  
-            @new_resource.updated_by_last_action(true)
83  
-          else
84  
-            Chef::Log.debug("#{@new_resource} #{type} rule exists..skipping.")
85  
-          end
86  
-        end
87  
-
88  
-        def port_and_proto
89  
-          (@new_resource.protocol) ? "#{@new_resource.port}/#{@new_resource.protocol}" : @new_resource.port
90  
-        end
91  
-
92  
-        # TODO currently only works when firewall is enabled
93  
-        def rule_exists?
94  
-          # To                         Action      From
95  
-          # --                         ------      ----
96  
-          # 22                         ALLOW       Anywhere
97  
-          # 192.168.0.1 25/tcp         DENY        10.0.0.0/8
98  
-          shell_out!("ufw status").stdout =~ 
99  
-/^(#{@new_resource.destination}\s)?#{port_and_proto}\s.*(#{@new_resource.action.to_s})\s.*#{@new_resource.source || 'Anywhere'}$/i
100  
-        end
101  
-      end
102  
-    end
103  
-  end
104  
-end
105  
-
106  
-Chef::Platform.set(
107  
-  :platform => :ubuntu,
108  
-  :resource => :firewall_rule,
109  
-  :provider => Chef::Provider::Firewall::UfwRule
110  
-)
41  firewall/libraries/resource_firewall.rb
... ...
@@ -1,41 +0,0 @@
1  
-#
2  
-# Author:: Seth Chisamore (<schisamo@opscode.com>)
3  
-# Copyright:: Copyright (c) 2011 Opscode, Inc.
4  
-# License:: Apache License, Version 2.0
5  
-#
6  
-# Licensed under the Apache License, Version 2.0 (the "License");
7  
-# you may not use this file except in compliance with the License.
8  
-# You may obtain a copy of the License at
9  
-# 
10  
-#     http://www.apache.org/licenses/LICENSE-2.0
11  
-# 
12  
-# Unless required by applicable law or agreed to in writing, software
13  
-# distributed under the License is distributed on an "AS IS" BASIS,
14  
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
15  
-# See the License for the specific language governing permissions and
16  
-# limitations under the License.
17  
-#
18  
-
19  
-require 'chef/resource'
20  
-
21  
-class Chef
22  
-  class Resource
23  
-    class Firewall < Chef::Resource
24  
-
25  
-      def initialize(name, run_context=nil)
26  
-        super
27  
-        @resource_name = :firewall
28  
-        @allowed_actions.push(:enable, :disable, :reset, :logging)
29  
-      end
30  
-
31  
-      def level(arg=nil)
32  
-        set_or_return(
33  
-          :level,
34  
-          arg,
35  
-          :equal_to => [ 'on', 'off', 'low', 'medium', 'high', 'full' ]
36  
-          )
37  
-      end
38  
-
39  
-    end
40  
-  end
41  
-end
111  firewall/libraries/resource_firewall_rule.rb
... ...
@@ -1,111 +0,0 @@
1  
-#
2  
-# Author:: Seth Chisamore (<schisamo@opscode.com>)
3  
-# Copyright:: Copyright (c) 2011 Opscode, Inc.
4  
-# License:: Apache License, Version 2.0
5  
-#
6  
-# Licensed under the Apache License, Version 2.0 (the "License");
7  
-# you may not use this file except in compliance with the License.
8  
-# You may obtain a copy of the License at
9  
-#
10  
-#     http://www.apache.org/licenses/LICENSE-2.0
11  
-#
12  
-# Unless required by applicable law or agreed to in writing, software
13  
-# distributed under the License is distributed on an "AS IS" BASIS,
14  
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
15  
-# See the License for the specific language governing permissions and
16  
-# limitations under the License.
17  
-#
18  
-
19  
-require 'chef/resource'
20  
-
21  
-class Chef
22  
-  class Resource
23  
-    class FirewallRule < Chef::Resource
24  
-
25  
-      IP_CIDR_VALID_REGEX = /\b(?:\d{1,3}\.){3}\d{1,3}\b(\/[0-3]?[0-9])?/
26  
-
27  
-      def initialize(name, run_context=nil)
28  
-        super
29  
-        @resource_name = :firewall_rule
30  
-        @source = "0.0.0.0/0"
31  
-        @allowed_actions.push(:allow, :deny, :reject)
32  
-      end
33  
-
34  
-      def port(arg=nil)
35  
-        set_or_return(
36  
-          :port,
37  
-          arg,
38  
-          :kind_of => Integer
39  
-          )
40  
-      end
41  
-
42  
-      def protocol(arg=nil)
43  
-        arg.downcase! if arg
44  
-        set_or_return(
45  
-          :protocol,
46  
-          arg,
47  
-          :equal_to => [ 'udp', 'tcp' ]
48  
-          )
49  
-      end
50  
-
51  
-      def direction(arg=nil)
52  
-        arg.downcase! if arg
53  
-        set_or_return(
54  
-          :direction,
55  
-          arg,
56  
-          :equal_to => [ 'in', 'out' ]
57  
-          )
58  
-      end
59  
-
60  
-      def interface(arg=nil)
61  
-        arg.downcase! if arg
62  
-        set_or_return(
63  
-          :interface,
64  
-          arg,
65  
-          :kind_of => [ String ]
66  
-          )
67  
-      end
68  
-
69  
-      def logging(arg=nil)
70  
-        arg.downcase! if arg
71  
-        set_or_return(
72  
-          :logging,
73  
-          arg,
74  
-          :equal_to => [ 'log', 'log-all' ]
75  
-          )
76  
-      end
77  
-
78  
-      def source(arg=nil)
79  
-        set_or_return(
80  
-          :source,
81  
-          arg,
82  
-          :regex => IP_CIDR_VALID_REGEX
83  
-          )
84  
-      end
85  
-
86  
-      def destination(arg=nil)
87  
-        set_or_return(
88  
-          :destination,
89  
-          arg,
90  
-          :regex => IP_CIDR_VALID_REGEX
91  
-          )
92  
-      end
93  
-
94  
-      def dest_port(arg=nil)
95  
-        set_or_return(
96  
-          :dest_port,
97  
-          arg,
98  
-          :kind_of => Integer
99  
-          )
100  
-      end
101  
-
102  
-      def position(arg=nil)
103  
-        set_or_return(
104  
-          :position,
105  
-          arg,
106  
-          :kind_of => Integer
107  
-          )
108  
-      end
109  
-    end
110  
-  end
111  
-end
34  firewall/libraries/resource_ufw_firewall_rule.rb
... ...
@@ -1,34 +0,0 @@
1  
-#
2  
-# Author:: Seth Chisamore (<schisamo@opscode.com>)
3  
-# Copyright:: Copyright (c) 2011 Opscode, Inc.
4  
-# License:: Apache License, Version 2.0
5  
-#
6  
-# Licensed under the Apache License, Version 2.0 (the "License");
7  
-# you may not use this file except in compliance with the License.
8  
-# You may obtain a copy of the License at
9  
-# 
10  
-#     http://www.apache.org/licenses/LICENSE-2.0
11  
-# 
12  
-# Unless required by applicable law or agreed to in writing, software
13  
-# distributed under the License is distributed on an "AS IS" BASIS,
14  
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
15  
-# See the License for the specific language governing permissions and
16  
-# limitations under the License.
17  
-#
18  
-
19  
-require 'chef/resource'
20  
-require File.join(File.dirname(__FILE__), 'resource_firewall_rule')
21  
-
22  
-class Chef
23  
-  class Resource
24  
-    class UfwFirewallRule < Chef::Resource::FirewallRule
25  
-
26  
-      def initialize(name, run_context=nil)
27  
-        super
28  
-        @resource_name = :ufw_firewall_rule
29  
-        @provider = Chef::Provider::Firewall::UfwRule
30  
-      end
31  
-
32  
-    end
33  
-  end
34  
-end
101  firewall/providers/rule_ufw.rb
... ...
@@ -0,0 +1,101 @@
  1
+#
  2
+# Author:: Seth Chisamore (<schisamo@opscode.com>)
  3
+# Cookbook Name:: firwall
  4
+# Provider:: rule_ufw
  5
+#
  6
+# Copyright:: 2011, Opscode, Inc.
  7
+#
  8
+# Licensed under the Apache License, Version 2.0 (the "License");
  9
+# you may not use this file except in compliance with the License.
  10
+# You may obtain a copy of the License at
  11
+#
  12
+#     http://www.apache.org/licenses/LICENSE-2.0
  13
+#
  14
+# Unless required by applicable law or agreed to in writing, software
  15
+# distributed under the License is distributed on an "AS IS" BASIS,
  16
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
  17
+# See the License for the specific language governing permissions and
  18
+# limitations under the License.
  19
+#
  20
+
  21
+include Chef::Mixin::ShellOut
  22
+
  23
+action :allow do
  24
+  apply_rule('allow')
  25
+end
  26
+
  27
+action :deny do
  28
+  apply_rule('deny')
  29
+end
  30
+
  31
+action :reject do
  32
+  apply_rule('reject')
  33
+end
  34
+
  35
+private
  36
+# ufw allow from 192.168.0.4 to any port 22
  37
+# ufw deny proto tcp from 10.0.0.0/8 to 192.168.0.1 port 25
  38
+# ufw insert 1 allow proto tcp from 0.0.0.0/0 to 192.168.0.1 port 25
  39
+def apply_rule(type=nil)
  40
+  unless rule_exists?
  41
+    ufw_command = "ufw "
  42
+    ufw_command << "insert #{@new_resource.position} " if @new_resource.position
  43
+    ufw_command << "#{type} "
  44
+    ufw_command << "#{@new_resource.direction} " if @new_resource.direction
  45
+    if @new_resource.interface
  46
+      if @new_resource.direction
  47
+        ufw_command << "on #{@new_resource.interface} "
  48
+      else
  49
+        ufw_command << "in on #{@new_resource.interface} "
  50
+      end
  51
+    end
  52
+    ufw_command << logging
  53
+    ufw_command << "proto #{@new_resource.protocol} " if @new_resource.protocol
  54
+    if @new_resource.source
  55
+      ufw_command << "from #{@new_resource.source} "
  56
+    else
  57
+      ufw_command << "from any "
  58
+    end
  59
+    ufw_command << "port #{@new_resource.dest_port} " if @new_resource.dest_port
  60
+    if @new_resource.destination
  61
+      ufw_command << "to #{@new_resource.destination} "
  62
+    else
  63
+      ufw_command << "to any "
  64
+    end
  65
+    ufw_command << "port #{@new_resource.port} " if @new_resource.port
  66
+
  67
+    Chef::Log.debug("ufw: #{ufw_command}")
  68
+    shell_out!(ufw_command)
  69
+
  70
+    Chef::Log.info("#{@new_resource} #{type} rule added")
  71
+    shell_out!("ufw status verbose") # purely for the Chef::Log.debug output
  72
+    @new_resource.updated_by_last_action(true)
  73
+  else
  74
+    Chef::Log.debug("#{@new_resource} #{type} rule exists..skipping.")
  75
+  end
  76
+end
  77
+
  78
+def logging
  79
+  case @new_resource.logging
  80
+  when :connections
  81
+    "log "
  82
+  when :packets
  83
+    "log-all "
  84
+  else
  85
+    ""
  86
+  end
  87
+end
  88
+
  89
+def port_and_proto
  90
+  (@new_resource.protocol) ? "#{@new_resource.port}/#{@new_resource.protocol}" : @new_resource.port
  91
+end
  92
+
  93
+# TODO currently only works when firewall is enabled
  94
+def rule_exists?
  95
+  # To                         Action      From
  96
+  # --                         ------      ----
  97
+  # 22                         ALLOW       Anywhere
  98
+  # 192.168.0.1 25/tcp         DENY        10.0.0.0/8
  99
+  shell_out!("ufw status").stdout =~ /^(#{@new_resource.destination}\s)?#{port_and_proto}\s.*(#{@new_resource.action.to_s})\s.*#{@new_resource.source || 'Anywhere'}$/i
  100
+end
  101
+
53  firewall/providers/ufw.rb
... ...
@@ -0,0 +1,53 @@
  1
+#
  2
+# Author:: Seth Chisamore (<schisamo@opscode.com>)
  3
+# Cookbook Name:: firwall
  4
+# Provider:: ufw
  5
+#
  6
+# Copyright:: 2011, Opscode, Inc.
  7
+#
  8
+# Licensed under the Apache License, Version 2.0 (the "License");
  9
+# you may not use this file except in compliance with the License.
  10
+# You may obtain a copy of the License at
  11
+#
  12
+#     http://www.apache.org/licenses/LICENSE-2.0
  13
+#
  14
+# Unless required by applicable law or agreed to in writing, software
  15
+# distributed under the License is distributed on an "AS IS" BASIS,
  16
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
  17
+# See the License for the specific language governing permissions and
  18
+# limitations under the License.
  19
+#
  20
+
  21
+include Chef::Mixin::ShellOut
  22
+
  23
+action :enable do
  24
+  unless active?
  25
+    shell_out!("echo yes | ufw enable")
  26
+    Chef::Log.info("#{@new_resource} enabled")
  27
+    if @new_resource.log_level
  28
+      shell_out!("ufw logging #{@new_resource.log_level}") 
  29
+      Chef::Log.info("#{@new_resource} logging enabled at '#{@new_resource.log_level}' level")
  30
+    end
  31
+    @new_resource.updated_by_last_action(true)
  32
+  else
  33
+    Chef::Log.debug("#{@new_resource} already enabled.")
  34
+  end
  35
+end
  36
+
  37
+action :disable do
  38
+  if active?
  39
+    shell_out!("ufw disable")
  40
+    Chef::Log.info("#{@new_resource} disabled")
  41
+    @new_resource.updated_by_last_action(true)
  42
+  else
  43
+    Chef::Log.debug("#{@new_resource} already disabled.")
  44
+  end
  45
+end
  46
+  
  47
+private
  48
+def active?
  49
+  @active ||= begin
  50
+    cmd = shell_out!("ufw status")
  51
+    cmd.stdout =~ /^Status:\sactive/
  52
+  end
  53
+end
37  firewall/libraries/resource_ufw_firewall.rb → firewall/resources/default.rb
... ...
@@ -1,14 +1,16 @@
1 1
 #
2 2
 # Author:: Seth Chisamore (<schisamo@opscode.com>)
3  
-# Copyright:: Copyright (c) 2011 Opscode, Inc.
4  
-# License:: Apache License, Version 2.0
  3
+# Cookbook Name:: firwall
  4
+# Resource:: default
  5
+#
  6
+# Copyright:: 2011, Opscode, Inc.
5 7
 #
6 8
 # Licensed under the Apache License, Version 2.0 (the "License");
7 9
 # you may not use this file except in compliance with the License.
8 10
 # You may obtain a copy of the License at
9  
-# 
  11
+#
10 12
 #     http://www.apache.org/licenses/LICENSE-2.0
11  
-# 
  13
+#
12 14
 # Unless required by applicable law or agreed to in writing, software
13 15
 # distributed under the License is distributed on an "AS IS" BASIS,
14 16
 # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
@@ -16,19 +18,20 @@
16 18
 # limitations under the License.
17 19
 #
18 20
 
19  
-require 'chef/resource'
20  
-require File.join(File.dirname(__FILE__), 'resource_firewall')
  21
+actions :enable, :disable
21 22
 
22  
-class Chef
23  
-  class Resource
24  
-    class UfwFirewall < Chef::Resource::Firewall
  23
+attribute :log_level, :kind_of => Symbol, :equal_to => [:low, :medium, :high, :full], :default => :low
25 24
 
26  
-      def initialize(name, run_context=nil)
27  
-        super
28  
-        @resource_name = :ufw_firewall
29  
-        @provider = Chef::Provider::Firewall::Ufw
30  
-      end
31  
-
32  
-    end
33  
-  end
  25
+def initialize(name, run_context=nil)
  26
+  super
  27
+  set_platform_default_providers
34 28
 end
  29
+
  30
+private
  31
+def set_platform_default_providers
  32
+  Chef::Platform.set(
  33
+    :platform => :ubuntu,
  34
+    :resource => :firewall,
  35
+    :provider => Chef::Provider::FirewallUfw
  36
+  )
  37
+end
47  firewall/resources/rule.rb
... ...
@@ -0,0 +1,47 @@
  1
+#
  2
+# Author:: Seth Chisamore (<schisamo@opscode.com>)
  3
+# Cookbook Name:: firwall
  4
+# Resource:: rule
  5
+#
  6
+# Copyright:: 2011, Opscode, Inc.
  7
+#
  8
+# Licensed under the Apache License, Version 2.0 (the "License");
  9
+# you may not use this file except in compliance with the License.
  10
+# You may obtain a copy of the License at
  11
+#
  12
+#     http://www.apache.org/licenses/LICENSE-2.0
  13
+#
  14
+# Unless required by applicable law or agreed to in writing, software
  15
+# distributed under the License is distributed on an "AS IS" BASIS,
  16
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
  17
+# See the License for the specific language governing permissions and
  18
+# limitations under the License.
  19
+#
  20
+
  21
+IP_CIDR_VALID_REGEX = /\b(?:\d{1,3}\.){3}\d{1,3}\b(\/[0-3]?[0-9])?/
  22
+
  23
+actions :allow, :deny, :reject
  24
+
  25
+attribute :port, :kind_of => Integer
  26
+attribute :protocol, :kind_of => Symbol, :equal_to => [ :udp, :tcp ]
  27
+attribute :direction, :kind_of => Symbol, :equal_to => [ :in, :out ]
  28
+attribute :interface, :kind_of => String
  29
+attribute :logging, :kind_of => Symbol, :equal_to => [ :connections, :packets ]
  30
+attribute :source, :regex => IP_CIDR_VALID_REGEX
  31
+attribute :destination, :regex => IP_CIDR_VALID_REGEX
  32
+attribute :dest_port, :kind_of => Integer
  33
+attribute :position, :kind_of => Integer
  34
+
  35
+def initialize(name, run_context=nil)
  36
+  super
  37
+  set_platform_default_providers
  38
+end
  39
+
  40
+private
  41
+def set_platform_default_providers
  42
+  Chef::Platform.set(
  43
+    :platform => :ubuntu,
  44
+    :resource => :firewall_rule,
  45
+    :provider => Chef::Provider::FirewallRuleUfw
  46
+  )
  47
+end
12  windows/libraries/windows_privileged.rb
@@ -30,12 +30,12 @@
30 30
 #helpers for Windows API calls that require privilege adjustments
31 31
 class Chef
32 32
   class WindowsPrivileged
33  
-
34  
-    include Windows::Error
35  
-    include Windows::Registry
36  
-    include Windows::Process
37  
-    include Windows::Security
38  
-
  33
+    if RUBY_PLATFORM =~ /mswin|mingw32|windows/
  34
+      include Windows::Error
  35
+      include Windows::Registry
  36
+      include Windows::Process
  37
+      include Windows::Security
  38
+    end
39 39
     #File -> Load Hive... in regedit.exe
40 40
     def reg_load_key(name, file)
41 41
       run(SE_BACKUP_NAME, SE_RESTORE_NAME) do

0 notes on commit 5cc5aa9

Please sign in to comment.
Something went wrong with that request. Please try again.