Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Refactor for v9.0.0 #128

Open
wants to merge 21 commits into
base: main
Choose a base branch
from
Open

Refactor for v9.0.0 #128

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
21 commits
Select commit Hold shift + click to select a range
47ce1ec
Remove legacy code
bmhughes Mar 7, 2021
e549b4a
Switch CentOS 8 testing to centos-stream-8 dokken
bmhughes Mar 7, 2021
3156e49
Refactor rule and chain resources
bmhughes Mar 7, 2021
cc7537b
Refactor package and service resources
bmhughes Mar 7, 2021
7b83fe0
Update chefspec to match refactoring
bmhughes Mar 7, 2021
f0051a8
Update kitchen tests to match refactoring
bmhughes Mar 7, 2021
208a80d
Update CHANGELOG
bmhughes Mar 7, 2021
ee81606
Documentation update
bmhughes Mar 7, 2021
3aecee4
Add CentOS 8 stream as a kitchen/CI platform
bmhughes Mar 8, 2021
9f01444
Use Chef Infra Client name in template headers
bmhughes Mar 8, 2021
c7389a2
Add seperate cookbook source for sysconfig file template
bmhughes Mar 9, 2021
6382244
Documentation formatting fixes
bmhughes Mar 9, 2021
651db21
Kitchen test fixup
bmhughes Mar 9, 2021
ed53e4a
Remove recipes
bmhughes May 5, 2021
1232f8f
Unified mode for Chef 17
bmhughes May 5, 2021
76a4529
Correct find_resource calls
bmhughes May 6, 2021
79c8700
Correct default packages for Fedora >= 34
bmhughes May 6, 2021
7996c14
Update CI platforms
bmhughes May 28, 2021
9ec9eeb
Add debug step to action
bmhughes Jun 16, 2021
7b64755
Allow multiple matches to specified per rule
bmhughes Aug 16, 2021
cc494b3
Migrate to sous CI config
bmhughes Aug 16, 2021
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
46 changes: 35 additions & 11 deletions .github/workflows/ci.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,26 +1,42 @@
---
name: ci

on:
"on":
pull_request:
push:
branches:
- master
- main

jobs:
delivery:
runs-on: ubuntu-latest
steps:
- name: Check out code
uses: actions/checkout@master
uses: actions/checkout@main
- name: Run Chef Delivery
uses: actionshub/chef-delivery@main
env:
CHEF_LICENSE: accept-no-persist

dokken:
needs: [delivery]
yamllint:
runs-on: ubuntu-latest
steps:
- name: Check out code
uses: actions/checkout@main
- name: Run yaml Lint
uses: actionshub/yamllint@main

mdl:
runs-on: ubuntu-latest
steps:
- name: Check out code
uses: actions/checkout@main
- name: Run Markdown Lint
uses: actionshub/markdownlint@main

integration:
needs: [mdl, yamllint, delivery]
runs-on: macos-latest
strategy:
matrix:
os:
Expand All @@ -30,10 +46,11 @@ jobs:
- 'centos-6'
- 'centos-7'
- 'centos-8'
- 'centos-stream-8'
- 'fedora-latest'
- 'ubuntu-1604'
- 'ubuntu-1804'

- 'ubuntu-2004'
suite:
- 'all-tables'
- 'install-and-remove'
Expand All @@ -44,14 +61,21 @@ jobs:

steps:
- name: Check out code
uses: actions/checkout@master
uses: actions/checkout@v2
- name: Install Chef
uses: actionshub/chef-install@master
- name: Dokken
uses: actionshub/kitchen-dokken@master
uses: actionshub/chef-install@main
- name: test-kitchen
uses: actionshub/test-kitchen@main
env:
CHEF_LICENSE: accept-no-persist
KITCHEN_LOCAL_YAML: kitchen.dokken.yml
with:
suite: ${{ matrix.suite }}
os: ${{ matrix.os }}
- name: Print debug output on failure
if: ${{ failure() }}
run: |
set -x
sudo journalctl -l --since today
sudo docker version
sudo docker info
KITCHEN_LOCAL_YAML=kitchen.dokken.yml /usr/bin/kitchen exec ${{ matrix.suite }}-${{ matrix.os }} -c "journalctl -l"
13 changes: 13 additions & 0 deletions CHANGELOG.md
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -2,6 +2,19 @@

This file is used to list changes made in each version of the iptables cookbook.

## Unreleased

- Refactor cookbook [@bmhughes](https://github.com/bmhughes)
- Remove legacy code
- Refactor chain and rule resources
- Complex logic moved to helper libraries
- Allow multiple matches per rule
- Refactor service resource
- Add the full set of service actions
- Create a default configuration to ensure starting on Redhat platform families
- Refactor package resource
- Add the full set of package actions

## 8.0.0 (2021-05-26)

- Cookstyle Bot Auto Corrections with Cookstyle 6.17.6 - [@cookstyle](https://github.com/cookstyle)
Expand Down
1 change: 1 addition & 0 deletions UPGRADING.md
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -46,3 +46,4 @@ This document will give you help on upgrading major versions of iptables
- Property `match` now prefixes the `String` passed in with `-m` so you only need to pass in the match provider name, e.g: `tcp`
- Property `target` has been deprecated please use property `jump`
- Recipe `iptables::default` now gets it's iptables config file path from a helper library
- Resource `iptables_packages` renamed to `iptables_package`
39 changes: 0 additions & 39 deletions attributes/default.rb
View file
Open in desktop

This file was deleted.

35 changes: 18 additions & 17 deletions documentation/iptables_chain.md
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,9 +1,7 @@
[back to resource list](https://github.com/chef-cookbooks/iptables#resources)

---

# iptables_chain

[Back to resource list](https://github.com/chef-cookbooks/iptables/tree/master/README.md#resources)

The `iptables_chain` resource can be used to manage configuration of chains for iptables.

More information available at <hhttps://linux.die.net/man/8/iptables>
Expand All @@ -12,21 +10,24 @@ As this is an accumalator pattern resource not declaring a chain will have it re

## Actions

`:create`
- `:create`
- `:delete`

## Properties

| Name | Type | Default | Description | Allowed Values |
--------------------------------- | ----------- | -------- | ----------- | -------------- |
| `table` | `Symbol` | `:filter` | The table the chain should exist on | `:filter`, `:mangle`, `:nat`, `:raw`, `:security` |
| `chain` | `Symbol` | `nil` | The name of the Chain | |
| `value` | `String` | `ACCEPT [0:0]` | The default action and the Packets : Bytes count | |
| `ip_version` | `Symbol` | `:ipv4` | The IP version | `:ipv4`, `:ipv6` |
| `file_mode` | `String` | `0644` | Permissions on the saved output file | |
| `source_template` | `source_template` | `iptables.erb` | Source template to use to create the rules | |
| `cookbook` | `String` | `iptables` | Source cookbook to find the template in | |
| `sensitive` | `true, false` | `false` | mark the resource as senstive | |
| `config_file` | `String` | The default location on disk of the config file, see resource for details | The full path to find the rules on disk | |
| Name | Type | Default | Description | Allowed Values |
| ------------- | ------------------ | -------------- | ------------------------------------------------ | ------------------------------------------------- |
| `config_file` | `String` | | Platform dependant | The full path to find the rules on disk |
| `owner` | `String` | `root` | Owner of the saved output file | |
| `group` | `String` | `root` | Group of the saved output file | |
| `mode` | `String` | `0644` | Permissions on the saved output file | |
| `template` | `source_template` | `iptables.erb` | Source template to use to create the rules | |
| `cookbook` | `String` | `iptables` | Source cookbook to find the template in | |
| `sensitive` | `true, false` | `false` | mark the resource as senstive | |
| `ip_version` | `Symbol`, `String` | `:ipv4` | The IP version | `:ipv4`, `:ipv6` |
| `table` | `Symbol` | `:filter` | The table the chain should exist on | `:filter`, `:mangle`, `:nat`, `:raw`, `:security` |
| `chain` | `Symbol` | `nil` | The name of the Chain | |
| `value` | `String` | `ACCEPT [0:0]` | The default action and the Packets : Bytes count | |

## Examples

Expand All @@ -43,7 +44,7 @@ Create a custom chain
```ruby
iptables_chain 'filter' do
table :filter
chain :LOGGIMG
chain :LOGGING
value '- [0:0]'
end
```
19 changes: 10 additions & 9 deletions documentation/iptables_packages.md
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,21 +1,22 @@
[back to resource list](https://github.com/chef-cookbooks/iptables#resources)

---

# iptables_packages

[Back to resource list](https://github.com/chef-cookbooks/iptables/tree/master/README.md#resources)

The `iptables_packages` resource can be used to install the required packages for iptables.

## Actions

`:install`
`:remove`
- `:install`
- `:purge`
- `:reconfig`
- `:remove`
- `:upgrade`

## Properties

| Name | Type | Default | Description | Allowed Values |
--------------------------------- | ----------- | -------- | ----------- | -------------- |
| `package_names` | `Array` | Correct packages for platfrom | List of packages required for this cookbook to work | |
| Name | Type | Default | Description | Allowed Values |
| --------------- | ------- | ------------------ | --------------------------------------------------- | -------------- |
| `package_names` | `Array` | Platform dependant | List of packages required for this cookbook to work | |

## Examples

Expand Down
Loading