Fixes ordering for ipsets so that ipsets are defined

before they are used. Confirm autorequires for rich_rules and ipsets. Make sure the ipset autorequires is actually for :firewalld_ipset. Code error. Code error. Ensure the custom service name is correctly formed for rich rule autorequire. Ensure ipsets are created before they are used. Updated ordering for other resource types as well. Updated ordering for port resources as well.
voxpupuli · Jun 25, 2024 · 333ccbd · 333ccbd
1 parent 8d3ca02
commit 333ccbd
Show file tree

Hide file tree

Showing 2 changed files with 28 additions and 22 deletions.
diff --git a/lib/puppet/type/firewalld_rich_rule.rb b/lib/puppet/type/firewalld_rich_rule.rb
@@ -165,15 +165,19 @@ def elements
     self[:policy] if self[:policy] != :unset
   end
 
-  autorequire(:ipset) do
+  autorequire(:firewalld_ipset) do
     self[:source]['ipset'] if self[:source].is_a?(Hash)
   end
 
-  autorequire(:ipset) do
+  autorequire(:firewalld_ipset) do
     self[:dest]['ipset'] if self[:dest].is_a?(Hash)
   end
 
   autorequire(:service) do
     ['firewalld']
   end
+
+  autorequire(:firewalld_custom_service) do
+    self[:service]&.gsub(%r{[^\w-]}, '_')
+  end
 end
diff --git a/manifests/init.pp b/manifests/init.pp
@@ -182,14 +182,11 @@
     enable => $service_enable,
   }
 
-  # create ports
-  Firewalld_port {
-    zone      => $default_port_zone,
-    protocol  => $default_port_protocol,
-  }
 
-  $ports.each |String $key, Hash $attrs| {
-    firewalld_port { $key:
+
+  #...ipsets
+  $ipsets.each | String $key, Hash $attrs| {
+    firewalld_ipset { $key:
       *       => $attrs,
     }
   }
@@ -208,22 +205,21 @@
     }
   }
 
-  #...services
-  Firewalld_service {
-    zone      => $default_service_zone,
+  # create ports
+  Firewalld_port {
+    zone      => $default_port_zone,
+    protocol  => $default_port_protocol,
   }
 
-  $services.each | String $key, Hash $attrs| {
-    firewalld_service { $key:
+  $ports.each |String $key, Hash $attrs| {
+    firewalld_port { $key:
       *       => $attrs,
     }
   }
 
-  #...rich rules
-  $rich_rules.each | String $key, Hash $attrs| {
-    firewalld_rich_rule { $key:
-      *       => $attrs,
-    }
+  #...services
+  Firewalld_service {
+    zone      => $default_service_zone,
   }
 
   #...custom services
@@ -233,9 +229,8 @@
     }
   }
 
-  #...ipsets
-  $ipsets.each | String $key, Hash $attrs| {
-    firewalld_ipset { $key:
+  $services.each | String $key, Hash $attrs| {
+    firewalld_service { $key:
       *       => $attrs,
     }
   }
@@ -259,6 +254,13 @@
     }
   }
 
+  #...rich rules
+  $rich_rules.each | String $key, Hash $attrs| {
+    firewalld_rich_rule { $key:
+      *       => $attrs,
+    }
+  }
+
   Firewalld_direct_purge {
     notify => Class['firewalld::reload'],
   }