class Chef::Resource::WindowsFirewallRule

Public Instance Methods

define_resource_requirements() click to toggle source
# File lib/chef/resource/windows_firewall_rule.rb, line 258
def define_resource_requirements
  requirements.assert(:create) do |a|
    a.assertion do
      if new_resource.icmp_type.is_a?(String)
        !new_resource.icmp_type.empty?
      elsif new_resource.icmp_type.is_a?(Integer)
        !new_resource.icmp_type.nil?
      end
    end
    a.failure_message("The :icmp_type property can not be empty in #{new_resource.rule_name}")
  end

  requirements.assert(:create) do |a|
    a.assertion do
      if new_resource.icmp_type.is_a?(Integer)
        new_resource.protocol.start_with?("ICMP")
      elsif new_resource.icmp_type.is_a?(String) && !new_resource.protocol.start_with?("ICMP")
        new_resource.icmp_type == "Any"
      else
        true
      end
    end
    a.failure_message("The :icmp_type property has a value of #{new_resource.icmp_type} set, but is not allowed for :protocol #{new_resource.protocol} in #{new_resource.rule_name}")
  end

  requirements.assert(:create) do |a|
    a.assertion do
      if new_resource.icmp_type.is_a?(Integer)
        (0..255).cover?(new_resource.icmp_type)
      elsif new_resource.icmp_type.is_a?(String) && !new_resource.icmp_type.include?(":") && new_resource.protocol.start_with?("ICMP")
        (0..255).cover?(new_resource.icmp_type.to_i)
      elsif new_resource.icmp_type.is_a?(String) && new_resource.icmp_type.include?(":") && new_resource.protocol.start_with?("ICMP")
        new_resource.icmp_type.split(":").all? { |type| (0..255).cover?(type.to_i) }
      else
        true
      end
    end
    a.failure_message("Can not set :icmp_type to #{new_resource.icmp_type} as one value is out of range (0 to 255) in #{new_resource.rule_name}")
  end
end
firewall_command(cmdlet_type) click to toggle source

build the command to create a firewall rule based on new_resource values @return [String] firewall create command

# File lib/chef/resource/windows_firewall_rule.rb, line 235
def firewall_command(cmdlet_type)
  cmd = "#{cmdlet_type}-NetFirewallRule -Name '#{new_resource.rule_name}'"
  cmd << " -DisplayName '#{new_resource.displayname}'" if new_resource.displayname && cmdlet_type == "New"
  cmd << " -NewDisplayName '#{new_resource.displayname}'" if new_resource.displayname && cmdlet_type == "Set"
  cmd << " -Group '#{new_resource.group}'" if new_resource.group && cmdlet_type == "New"
  cmd << " -Description '#{new_resource.description}'" if new_resource.description
  cmd << " -LocalAddress '#{new_resource.local_address}'" if new_resource.local_address
  cmd << " -LocalPort '#{new_resource.local_port.join("', '")}'" if new_resource.local_port
  cmd << " -RemoteAddress '#{new_resource.remote_address.join("', '")}'" if new_resource.remote_address
  cmd << " -RemotePort '#{new_resource.remote_port.join("', '")}'" if new_resource.remote_port
  cmd << " -Direction '#{new_resource.direction}'" if new_resource.direction
  cmd << " -Protocol '#{new_resource.protocol}'" if new_resource.protocol
  cmd << " -IcmpType '#{new_resource.icmp_type}'"
  cmd << " -Action '#{new_resource.firewall_action}'" if new_resource.firewall_action
  cmd << " -Profile '#{new_resource.profile.join("', '")}'" if new_resource.profile
  cmd << " -Program '#{new_resource.program}'" if new_resource.program
  cmd << " -Service '#{new_resource.service}'" if new_resource.service
  cmd << " -InterfaceType '#{new_resource.interface_type}'" if new_resource.interface_type
  cmd << " -Enabled '#{new_resource.enabled}'"

  cmd
end

Private Instance Methods

load_firewall_state(rule_name) click to toggle source

build the command to load the current resource @return [String] current firewall state

# File lib/chef/resource/windows_firewall_rule.rb, line 304
      def load_firewall_state(rule_name)
        <<-EOH
          Remove-TypeData System.Array # workaround for PS bug here: https://bit.ly/2SRMQ8M
          $rule = Get-NetFirewallRule -Name '#{rule_name}'
          $addressFilter = $rule | Get-NetFirewallAddressFilter
          $portFilter = $rule | Get-NetFirewallPortFilter
          $applicationFilter = $rule | Get-NetFirewallApplicationFilter
          $serviceFilter = $rule | Get-NetFirewallServiceFilter
          $interfaceTypeFilter = $rule | Get-NetFirewallInterfaceTypeFilter
          ([PSCustomObject]@{
            rule_name = $rule.Name
            description = $rule.Description
            displayname = $rule.DisplayName
            group = $rule.Group
            local_address = $addressFilter.LocalAddress
            local_port = $portFilter.LocalPort
            remote_address = $addressFilter.RemoteAddress
            remote_port = $portFilter.RemotePort
            direction = $rule.Direction.ToString()
            protocol = $portFilter.Protocol
            icmp_type = $portFilter.IcmpType
            firewall_action = $rule.Action.ToString()
            profile = $rule.Profile.ToString()
            program = $applicationFilter.Program
            service = $serviceFilter.Service
            interface_type = $interfaceTypeFilter.InterfaceType.ToString()
            enabled = [bool]::Parse($rule.Enabled.ToString())
          })
        EOH
      end