Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Add service include feature #60

Open
wants to merge 3 commits into
base: master
Choose a base branch
from
Open

Add service include feature #60

wants to merge 3 commits into from

Conversation

kees-closed
Copy link

@kees-closed kees-closed commented May 7, 2024
edited
Loading

PR progress checklist (to be filled in by reviewers)

  • Changes to documentation are appropriate (or tick if not required)
  • Changes to tests are appropriate (or tick if not required)
  • Reviews completed

What type of PR is this?

Primary type

  • [build] Changes related to the build system
  • [chore] Changes to the build process or auxiliary tools and libraries such as documentation generation
  • [ci] Changes to the continuous integration configuration
  • [feat] A new feature
  • [fix] A bug fix
  • [perf] A code change that improves performance
  • [refactor] A code change that neither fixes a bug nor adds a feature
  • [revert] A change used to revert a previous commit
  • [style] Changes that do not affect the meaning of the code (white-space, formatting, missing semi-colons, etc.)

Secondary type

  • [docs] Documentation changes
  • [test] Adding missing or correcting existing tests

Does this PR introduce a BREAKING CHANGE?

No.

Related issues and/or pull requests

Describe the changes you're proposing

At the moment the formula doesn't support service includes. These are useful if a service requires ports that are already defined in existing services. Don't repeat, just include them. For example:

firewall-cmd --info-service=confluent -v
confluent
  summary: Confluent service
  description: Confluent and depending services
  ports: 4005/tcp 13001/tcp 427/udp 1900/udp 4011/udp
  protocols: 
  source-ports: 
  modules: 
  destination: ipv4:172.18.48.0/20
  includes: dhcp http https tftp
  helpers:

By adding items to the list includes, such as dhcp then these are added to the service XML file.

Pillar / config required to test the proposed changes

  services:
    confluent:
      short: Confluent service
      description: >-
        Confluent and depending services
      ports:
        tcp:
          - 4005
          - 13001
        udp:
          - 427
          - 1900
          - 4011
      destinations:
        ipv4:
          - 172.18.48.0/20
      includes:
        - dhcp
        - http
        - https
        - tftp

Debug log showing how the proposed changes work

Which then add it to the service XML file:

          ID: /etc/firewalld/services/confluent.xml                                                                                                                                                                                            
    Function: file.managed                                                                                                                                                                                                                     
      Result: True                                                                                                                                                                                                                             
     Comment: File /etc/firewalld/services/confluent.xml updated                                                                                                                                                                               
     Started: 08:55:30.968921                                                                                                                                                                                                                  
    Duration: 20.97 ms                                                                                                                                                                                                                         
     Changes:        
              ----------       
              diff:          
                  ---  
                  +++ 
                  @@ -13,4 +13,8 @@                                                                                                                                                                                                            
                     <port port="1900" protocol="udp" />
                     <port port="4011" protocol="udp" />
                     <destination ipv4="172.18.48.0/20" />
                  +  <include service="dhcp" />
                  +  <include service="http" />                                                                                                                                                                                                
                  +  <include service="https" />
                  +  <include service="tftp" />      
                   </service>

Documentation checklist

  • Updated the README (e.g. Available states).
  • Updated pillar.example.

Testing checklist

  • Included in Kitchen (i.e. under state_top).
  • Covered by new/existing tests (e.g. InSpec, Serverspec, etc.).
  • Updated the relevant test pillar.

Additional context

@kees-closed
Copy link
Author

I can't run Kitchen because my system relies on Podman.

@kees-closed
Copy link
Author

Can someone have a look at this one? The failed tests seem to be unrelated to my changes and have more to do with an unmaintained test pipeline?

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
1 participant
@kees-closed