Merge bd65c06 into 5880837

yast · Jul 23, 2020 · 8b38068 · 8b38068
2 parents 5880837 + bd65c06
commit 8b38068
Show file tree

Hide file tree

Showing 3 changed files with 29 additions and 4 deletions.
diff --git a/src/lib/y2firewall/autoyast.rb b/src/lib/y2firewall/autoyast.rb
@@ -45,20 +45,32 @@ def import(profile)
     # Return a map with current firewalld settings.
     #
     # @return [Hash] dump firewalld settings
-    def export
+    def export(target: :default)
       return {} unless firewalld.installed?
 
       {
         "enable_firewall"    => firewalld.enabled?,
         "start_firewall"     => firewalld.running?,
         "default_zone"       => firewalld.default_zone,
         "log_denied_packets" => firewalld.log_denied_packets,
-        "zones"              => firewalld.zones.map { |z| export_zone(z) }
+        "zones"              => export_zones(target.to_s)
       }
     end
 
   private
 
+    def zones_to_export(target)
+      return firewalld.modified_from_default("zones") if target == "compact"
+
+      firewalld.current_zone_names
+    end
+
+    def export_zones(target)
+      zones = zones_to_export(target)
+
+      firewalld.zones.select { |z| zones.include?(z.name) }.map { |z| export_zone(z) }
+    end
+
     def export_zone(zone)
       (zone.attributes + zone.relations)
         .each_with_object("name" => zone.name) do |field, profile|

diff --git a/src/lib/y2firewall/clients/auto.rb b/src/lib/y2firewall/clients/auto.rb
@@ -93,9 +93,11 @@ def import(profile, merge = !Yast::Mode.config)
 
       # Export the current firewalld configuration
       #
+      # @param target [Symbol] Control how much information should be exported
+      #   (e.g., :default or :compact).
       # @return [Hash] with the current firewalld configuration
-      def export
-        autoyast.export
+      def export(target:)
+        autoyast.export(target: target)
       end
 
       # Reset the current firewalld configuration.
@@ -123,6 +125,7 @@ def change
       # it again.
       def write
         return false if !firewalld.installed?
+
         import_if_needed
         return false unless imported?
 

diff --git a/test/lib/y2firewall/autoyast_test.rb b/test/lib/y2firewall/autoyast_test.rb
@@ -86,6 +86,7 @@
       allow(firewalld).to receive("running?").and_return true
       allow(firewalld).to receive("enabled?").and_return false
       allow(firewalld).to receive("installed?").and_return true
+      allow(firewalld).to receive(:modified_from_default).with("zones").and_return(["dmz"])
       firewalld.read
     end
 
@@ -109,6 +110,15 @@
       config = subject.export
       expect { subject.import(config) }.to_not raise_error
     end
+
+    context "when 'compact' export is wanted" do
+      it "exports only modified zones" do
+        config = subject.export(target: "compact")
+
+        expect(config["zones"].size).to eq(1)
+        expect(config["zones"].first["name"]) == "dmz"
+      end
+    end
   end
 
   describe "#strategy_for" do