class MU::Config::FirewallRule
Basket of Kittens config schema and parser logic. See modules/mu/providers/*/firewall_rule.rb
Public Class Methods
reference()
click to toggle source
Schema block for other resources to use when referencing a sibling FirewallRule
@return [Hash]
# File modules/mu/config/firewall_rule.rb, line 94 def self.reference schema_aliases = [ { "rule_id" => "id" }, { "rule_name" => "name" } ] MU::Config::Ref.schema(schema_aliases, type: "firewall_rules") end
ruleschema()
click to toggle source
Generate schema for an individual firewall rule @return [Hash]
# File modules/mu/config/firewall_rule.rb, line 60 def self.ruleschema { "type" => "object", "description" => "Network ingress and/or egress rules.", # "additionalProperties" => false, # inline ingress_rules can have cloud-specific attributes, and this trips those up "properties" => { "port_range" => {"type" => "string"}, "port" => {"type" => "integer"}, "proto" => { "enum" => ["udp", "tcp", "icmp"], "default" => "tcp", "type" => "string" }, "ingress" => { "type" => "boolean" }, "egress" => { "type" => "boolean", "default" => false }, "comment" => { "type" => "string", "description" => "String description of this firewall rule, where supported" }, "hosts" => { "type" => "array", "items" => MU::Config::CIDR_PRIMITIVE } } } end
schema()
click to toggle source
Base configuration schema for a FirewallRule
@return [Hash]
# File modules/mu/config/firewall_rule.rb, line 22 def self.schema { "type" => "object", "required" => ["name"], "additionalProperties" => false, "description" => "Create network-level access controls.", "properties" => { "name" => {"type" => "string"}, "vpc_name" => { "type" => "string", "description" => "Backwards-compatibility means of identifying a VPC; see {MU::Config::BasketofKittens::firewall_rules::vpc}" }, "vpc_id" => { "type" => "string", "description" => "Backwards-compatibility means of identifying a VPC; see {MU::Config::BasketofKittens::firewall_rules::vpc}" }, "vpc" => MU::Config::VPC.reference(MU::Config::VPC::NO_SUBNETS, MU::Config::VPC::NO_NAT_OPTS), "tags" => MU::Config.tags_primitive, "optional_tags" => MU::Config.optional_tags_primitive, "self_referencing" => { "type" => "boolean", "default" => false }, "admin" => { "type" => "boolean", "description" => "Internal use only. Flag generic administrative firewall rulesets for use by the Mu Master", "default" => false }, "rules" => { "type" => "array", "items" => ruleschema } } } end
validate(_acl, _configurator)
click to toggle source
Generic pre-processing of {MU::Config::BasketofKittens::firewall_rules}, bare and unvalidated. @param _acl [Hash]: The resource to process and validate @param _configurator [MU::Config]: The overall deployment configurator of which this resource is a member @return [Boolean]: True if validation succeeded, False otherwise
# File modules/mu/config/firewall_rule.rb, line 106 def self.validate(_acl, _configurator) ok = true ok end