class Chef::Resource::WindowsFirewallRule
Public Instance Methods
Source
# File lib/chef/resource/windows_firewall_rule.rb, line 258 def define_resource_requirements requirements.assert(:create) do |a| a.assertion do if new_resource.icmp_type.is_a?(String) !new_resource.icmp_type.empty? elsif new_resource.icmp_type.is_a?(Integer) !new_resource.icmp_type.nil? end end a.failure_message("The :icmp_type property can not be empty in #{new_resource.rule_name}") end requirements.assert(:create) do |a| a.assertion do if new_resource.icmp_type.is_a?(Integer) new_resource.protocol.start_with?("ICMP") elsif new_resource.icmp_type.is_a?(String) && !new_resource.protocol.start_with?("ICMP") new_resource.icmp_type == "Any" else true end end a.failure_message("The :icmp_type property has a value of #{new_resource.icmp_type} set, but is not allowed for :protocol #{new_resource.protocol} in #{new_resource.rule_name}") end requirements.assert(:create) do |a| a.assertion do if new_resource.icmp_type.is_a?(Integer) (0..255).cover?(new_resource.icmp_type) elsif new_resource.icmp_type.is_a?(String) && !new_resource.icmp_type.include?(":") && new_resource.protocol.start_with?("ICMP") (0..255).cover?(new_resource.icmp_type.to_i) elsif new_resource.icmp_type.is_a?(String) && new_resource.icmp_type.include?(":") && new_resource.protocol.start_with?("ICMP") new_resource.icmp_type.split(":").all? { |type| (0..255).cover?(type.to_i) } else true end end a.failure_message("Can not set :icmp_type to #{new_resource.icmp_type} as one value is out of range (0 to 255) in #{new_resource.rule_name}") end end
Source
# File lib/chef/resource/windows_firewall_rule.rb, line 235 def firewall_command(cmdlet_type) cmd = "#{cmdlet_type}-NetFirewallRule -Name '#{new_resource.rule_name}'" cmd << " -DisplayName '#{new_resource.displayname}'" if new_resource.displayname && cmdlet_type == "New" cmd << " -NewDisplayName '#{new_resource.displayname}'" if new_resource.displayname && cmdlet_type == "Set" cmd << " -Group '#{new_resource.group}'" if new_resource.group && cmdlet_type == "New" cmd << " -Description '#{new_resource.description}'" if new_resource.description cmd << " -LocalAddress '#{new_resource.local_address}'" if new_resource.local_address cmd << " -LocalPort '#{new_resource.local_port.join("', '")}'" if new_resource.local_port cmd << " -RemoteAddress '#{new_resource.remote_address.join("', '")}'" if new_resource.remote_address cmd << " -RemotePort '#{new_resource.remote_port.join("', '")}'" if new_resource.remote_port cmd << " -Direction '#{new_resource.direction}'" if new_resource.direction cmd << " -Protocol '#{new_resource.protocol}'" if new_resource.protocol cmd << " -IcmpType '#{new_resource.icmp_type}'" cmd << " -Action '#{new_resource.firewall_action}'" if new_resource.firewall_action cmd << " -Profile '#{new_resource.profile.join("', '")}'" if new_resource.profile cmd << " -Program '#{new_resource.program}'" if new_resource.program cmd << " -Service '#{new_resource.service}'" if new_resource.service cmd << " -InterfaceType '#{new_resource.interface_type}'" if new_resource.interface_type cmd << " -Enabled '#{new_resource.enabled}'" cmd end
build the command to create a firewall rule based on new_resource values @return [String] firewall create command
Private Instance Methods
Source
# File lib/chef/resource/windows_firewall_rule.rb, line 304 def load_firewall_state(rule_name) <<-EOH Remove-TypeData System.Array # workaround for PS bug here: https://bit.ly/2SRMQ8M $rule = Get-NetFirewallRule -Name '#{rule_name}' $addressFilter = $rule | Get-NetFirewallAddressFilter $portFilter = $rule | Get-NetFirewallPortFilter $applicationFilter = $rule | Get-NetFirewallApplicationFilter $serviceFilter = $rule | Get-NetFirewallServiceFilter $interfaceTypeFilter = $rule | Get-NetFirewallInterfaceTypeFilter ([PSCustomObject]@{ rule_name = $rule.Name description = $rule.Description displayname = $rule.DisplayName group = $rule.Group local_address = $addressFilter.LocalAddress local_port = $portFilter.LocalPort remote_address = $addressFilter.RemoteAddress remote_port = $portFilter.RemotePort direction = $rule.Direction.ToString() protocol = $portFilter.Protocol icmp_type = $portFilter.IcmpType firewall_action = $rule.Action.ToString() profile = $rule.Profile.ToString() program = $applicationFilter.Program service = $serviceFilter.Service interface_type = $interfaceTypeFilter.InterfaceType.ToString() enabled = [bool]::Parse($rule.Enabled.ToString()) }) EOH end
build the command to load the current resource @return [String] current firewall state