firewalld-formula
firewalld-formula copied to clipboard
Published
20 hours ago •
saltstack-formulas
saltstack-formulas
Add service include feature
PR progress checklist (to be filled in by reviewers)
- [x] Changes to documentation are appropriate (or tick if not required)
- [ ] Changes to tests are appropriate (or tick if not required)
- [ ] Reviews completed
What type of PR is this?
Primary type
- [ ]
[build]Changes related to the build system - [ ]
[chore]Changes to the build process or auxiliary tools and libraries such as documentation generation - [ ]
[ci]Changes to the continuous integration configuration - [x]
[feat]A new feature - [ ]
[fix]A bug fix - [ ]
[perf]A code change that improves performance - [ ]
[refactor]A code change that neither fixes a bug nor adds a feature - [ ]
[revert]A change used to revert a previous commit - [ ]
[style]Changes that do not affect the meaning of the code (white-space, formatting, missing semi-colons, etc.)
Secondary type
- [ ]
[docs]Documentation changes - [ ]
[test]Adding missing or correcting existing tests
Does this PR introduce a BREAKING CHANGE?
No.
Related issues and/or pull requests
Describe the changes you're proposing
At the moment the formula doesn't support service includes. These are useful if a service requires ports that are already defined in existing services. Don't repeat, just include them. For example:
firewall-cmd --info-service=confluent -v
confluent
summary: Confluent service
description: Confluent and depending services
ports: 4005/tcp 13001/tcp 427/udp 1900/udp 4011/udp
protocols:
source-ports:
modules:
destination: ipv4:172.18.48.0/20
includes: dhcp http https tftp
helpers:
By adding items to the list includes, such as dhcp then these are added to the service XML file.
Pillar / config required to test the proposed changes
services:
confluent:
short: Confluent service
description: >-
Confluent and depending services
ports:
tcp:
- 4005
- 13001
udp:
- 427
- 1900
- 4011
destinations:
ipv4:
- 172.18.48.0/20
includes:
- dhcp
- http
- https
- tftp
Debug log showing how the proposed changes work
Which then add it to the service XML file:
ID: /etc/firewalld/services/confluent.xml
Function: file.managed
Result: True
Comment: File /etc/firewalld/services/confluent.xml updated
Started: 08:55:30.968921
Duration: 20.97 ms
Changes:
----------
diff:
---
+++
@@ -13,4 +13,8 @@
<port port="1900" protocol="udp" />
<port port="4011" protocol="udp" />
<destination ipv4="172.18.48.0/20" />
+ <include service="dhcp" />
+ <include service="http" />
+ <include service="https" />
+ <include service="tftp" />
</service>
Documentation checklist
- [ ] Updated the
README(e.g.Available states). - [x] Updated
pillar.example.
Testing checklist
- [ ] Included in Kitchen (i.e. under
state_top). - [ ] Covered by new/existing tests (e.g. InSpec, Serverspec, etc.).
- [ ] Updated the relevant test pillar.
