class MU::Config::FirewallRule

Basket of Kittens config schema and parser logic. See modules/mu/providers/*/firewall_rule.rb

Public Class Methods

reference() click to toggle source

Schema block for other resources to use when referencing a sibling FirewallRule @return [Hash]

# File modules/mu/config/firewall_rule.rb, line 94
def self.reference
  schema_aliases = [
    { "rule_id" => "id" },
    { "rule_name" => "name" }
  ]
  MU::Config::Ref.schema(schema_aliases, type: "firewall_rules")
end
ruleschema() click to toggle source

Generate schema for an individual firewall rule @return [Hash]

# File modules/mu/config/firewall_rule.rb, line 60
      def self.ruleschema
        {
          "type" => "object",
          "description" => "Network ingress and/or egress rules.",
#          "additionalProperties" => false, # inline ingress_rules can have cloud-specific attributes, and this trips those up
          "properties" => {
            "port_range" => {"type" => "string"},
            "port" => {"type" => "integer"},
            "proto" => {
              "enum" => ["udp", "tcp", "icmp"],
              "default" => "tcp",
              "type" => "string"
            },
            "ingress" => {
              "type" => "boolean"
            },
            "egress" => {
              "type" => "boolean",
              "default" => false
            },
            "comment" => {
              "type" => "string",
              "description" => "String description of this firewall rule, where supported"
            },
            "hosts" => {
              "type" => "array",
              "items" => MU::Config::CIDR_PRIMITIVE
            }
          }
        }
      end
schema() click to toggle source

Base configuration schema for a FirewallRule @return [Hash]

# File modules/mu/config/firewall_rule.rb, line 22
def self.schema
  {
    "type" => "object",
    "required" => ["name"],
    "additionalProperties" => false,
    "description" => "Create network-level access controls.",
    "properties" => {
      "name" => {"type" => "string"},
      "vpc_name" => {
          "type" => "string",
          "description" => "Backwards-compatibility means of identifying a VPC; see {MU::Config::BasketofKittens::firewall_rules::vpc}"
      },
      "vpc_id" => {
          "type" => "string",
          "description" => "Backwards-compatibility means of identifying a VPC; see {MU::Config::BasketofKittens::firewall_rules::vpc}"
      },
      "vpc" => MU::Config::VPC.reference(MU::Config::VPC::NO_SUBNETS, MU::Config::VPC::NO_NAT_OPTS),
      "tags" => MU::Config.tags_primitive,
      "optional_tags" => MU::Config.optional_tags_primitive,
      "self_referencing" => {
          "type" => "boolean",
          "default" => false
      },
      "admin" => {
        "type" => "boolean",
        "description" => "Internal use only. Flag generic administrative firewall rulesets for use by the Mu Master",
        "default" => false
      },
      "rules" => {
        "type" => "array",
        "items" => ruleschema
      }
    }
  }
end
validate(_acl, _configurator) click to toggle source

Generic pre-processing of {MU::Config::BasketofKittens::firewall_rules}, bare and unvalidated. @param _acl [Hash]: The resource to process and validate @param _configurator [MU::Config]: The overall deployment configurator of which this resource is a member @return [Boolean]: True if validation succeeded, False otherwise

# File modules/mu/config/firewall_rule.rb, line 106
def self.validate(_acl, _configurator)
  ok = true
  ok
end