From f88ced9f7dcd94df8f7bf4cfdad6b5238b311ae5 Mon Sep 17 00:00:00 2001 From: Matthias Hensler Date: Tue, 19 Sep 2023 17:41:05 +0200 Subject: [PATCH] add missing documentation --- REFERENCE.md | 114 +++++++++--------- lib/puppet/type/firewalld_custom_service.rb | 1 + lib/puppet/type/firewalld_direct_chain.rb | 1 + .../type/firewalld_direct_passthrough.rb | 1 + lib/puppet/type/firewalld_direct_purge.rb | 2 + lib/puppet/type/firewalld_direct_rule.rb | 1 + lib/puppet/type/firewalld_ipset.rb | 1 + lib/puppet/type/firewalld_policy.rb | 1 + lib/puppet/type/firewalld_port.rb | 2 + lib/puppet/type/firewalld_rich_rule.rb | 2 + lib/puppet/type/firewalld_service.rb | 2 + lib/puppet/type/firewalld_zone.rb | 1 + manifests/init.pp | 100 +++++++++++++++ 13 files changed, 175 insertions(+), 54 deletions(-) diff --git a/REFERENCE.md b/REFERENCE.md index b7c735d7..231e7aad 100644 --- a/REFERENCE.md +++ b/REFERENCE.md @@ -49,6 +49,8 @@ firewalld_rich_rule types install_gui => true, } +=== Documentation + === Authors Craig Dunn @@ -63,10 +65,10 @@ The following parameters are available in the `firewalld` class: * [`package_ensure`](#-firewalld--package_ensure) * [`package`](#-firewalld--package) +* [`service_enable`](#-firewalld--service_enable) * [`service_ensure`](#-firewalld--service_ensure) -* [`config_package`](#-firewalld--config_package) * [`install_gui`](#-firewalld--install_gui) -* [`service_enable`](#-firewalld--service_enable) +* [`config_package`](#-firewalld--config_package) * [`zones`](#-firewalld--zones) * [`policies`](#-firewalld--policies) * [`ports`](#-firewalld--ports) @@ -98,7 +100,8 @@ The following parameters are available in the `firewalld` class: Data type: `Enum['present','absent','latest','installed']` - +Define if firewalld-package should be handled +Defaults to `installed` but can be set to `absent` or `latest` Default value: `'installed'` @@ -106,47 +109,47 @@ Default value: `'installed'` Data type: `String` - +The name of the `firewalld`-package Default value: `'firewalld'` -##### `service_ensure` - -Data type: `Stdlib::Ensure::Service` - +##### `service_enable` +Data type: `Boolean` -Default value: `'running'` +If the `firewalld`-service should be enabled -##### `config_package` +Default value: `true` -Data type: `String` +##### `service_ensure` +Data type: `Stdlib::Ensure::Service` +The state that the `firewalld`-service should be in -Default value: `'firewall-config'` +Default value: `'running'` ##### `install_gui` Data type: `Boolean` - +Set to true to install the `firewall-config`-package Default value: `false` -##### `service_enable` - -Data type: `Boolean` +##### `config_package` +Data type: `String` +The name of package that is installed if `install_gui` is true -Default value: `true` +Default value: `'firewall-config'` ##### `zones` Data type: `Hash` - +A hash of `firewalld_zone`-definitions Default value: `{}` @@ -154,7 +157,7 @@ Default value: `{}` Data type: `Hash` - +A hash of `firewalld_policy`-definitions Default value: `{}` @@ -162,7 +165,7 @@ Default value: `{}` Data type: `Hash` - +A hash of `firewalld_port`-definitions Default value: `{}` @@ -170,7 +173,7 @@ Default value: `{}` Data type: `Hash` - +A hash of `firewalld_service`-definitions Default value: `{}` @@ -178,7 +181,7 @@ Default value: `{}` Data type: `Hash` - +A hash of `firewalld_rich_rule`-definitions Default value: `{}` @@ -186,7 +189,7 @@ Default value: `{}` Data type: `Hash` - +A hash of `firewalld_custom_service`-definitions Default value: `{}` @@ -194,7 +197,7 @@ Default value: `{}` Data type: `Hash` - +A hash of `firewalld_ipset`-definitions Default value: `{}` @@ -202,7 +205,7 @@ Default value: `{}` Data type: `Hash` - +A hash of `firewalld_direct_rule`-definitions Default value: `{}` @@ -210,7 +213,7 @@ Default value: `{}` Data type: `Hash` - +A hash of `firewalld_direct_chain`-definitions Default value: `{}` @@ -218,7 +221,7 @@ Default value: `{}` Data type: `Hash` - +A hash of `firewalld_direct_passthrough`-definitions Default value: `{}` @@ -226,7 +229,7 @@ Default value: `{}` Data type: `Boolean` - +If direct_rules not maintained by puppet should be removed Default value: `false` @@ -234,7 +237,7 @@ Default value: `false` Data type: `Boolean` - +If direct_chains not maintained by puppet should be removed Default value: `false` @@ -242,7 +245,7 @@ Default value: `false` Data type: `Boolean` - +If direct_passthroughs not maintained by puppet should be removed Default value: `false` @@ -250,7 +253,7 @@ Default value: `false` Data type: `Boolean` - +If ipsets not maintained by puppet should be removed Default value: `false` @@ -258,7 +261,7 @@ Default value: `false` Data type: `Optional[String]` - +Optional string to set the default zone Default value: `undef` @@ -266,7 +269,7 @@ Default value: `undef` Data type: `Optional[Enum['off','all','unicast','broadcast','multicast']]` - +Sets the mode for which denied packets should be logged Default value: `undef` @@ -274,7 +277,7 @@ Default value: `undef` Data type: `Optional[Enum['yes', 'no']]` - +Controls the `CleanupOnExit` setting of `firewalld` Default value: `undef` @@ -282,7 +285,8 @@ Default value: `undef` Data type: `Optional[Enum['yes', 'no']]` - +Controls the `AllowZoneDrifting` setting of `firewalld` +should be `no` because zone-drifting is deprecated Default value: `undef` @@ -290,7 +294,7 @@ Default value: `undef` Data type: `Optional[Integer]` - +Controls the `MinimalMark` setting of `firewalld` Default value: `undef` @@ -298,7 +302,7 @@ Default value: `undef` Data type: `Optional[Enum['yes', 'no']]` - +Controls the `Lockdown` setting of `firewalld` Default value: `undef` @@ -306,7 +310,7 @@ Default value: `undef` Data type: `Optional[Enum['yes', 'no']]` - +Controls the `IndividualCalls` setting of `firewalld` Default value: `undef` @@ -314,7 +318,7 @@ Default value: `undef` Data type: `Optional[Enum['yes', 'no']]` - +Controls the `IPv6_rpfilter` setting of `firewalld` Default value: `undef` @@ -322,7 +326,7 @@ Default value: `undef` Data type: `Optional[Enum['iptables', 'nftables']]` - +Chooses the backend between `iptables` (deprecated) or `nftables` Default value: `undef` @@ -330,7 +334,7 @@ Default value: `undef` Data type: `Optional[String]` - +Sets the default zone for `firewalld_service` Default value: `undef` @@ -338,7 +342,7 @@ Default value: `undef` Data type: `Optional[String]` - +Sets the default zone for `firewalld_port` Default value: `undef` @@ -346,7 +350,7 @@ Default value: `undef` Data type: `Optional[String]` - +Sets the default protocol for `firewalld_port` Default value: `undef` @@ -390,7 +394,7 @@ The long description of the service Valid values: `present`, `absent` -The basic property that the resource should be in. +Manage the state of this type. Default value: `present` @@ -475,7 +479,7 @@ The following properties are available in the `firewalld_direct_chain` type. Valid values: `present`, `absent` -The basic property that the resource should be in. +Manage the state of this type. Default value: `present` @@ -539,7 +543,7 @@ The following properties are available in the `firewalld_direct_passthrough` typ Valid values: `present`, `absent` -The basic property that the resource should be in. +Manage the state of this type. Default value: `present` @@ -588,7 +592,7 @@ The following properties are available in the `firewalld_direct_purge` type. Valid values: `purgable`, `purged` -The basic property that the resource should be in. +Manage the state of this type. Default value: `purged` @@ -617,6 +621,7 @@ will usually discover the appropriate provider for your platform. Valid values: `true`, `false` +If unmaintained definitions should be purged Default value: `true` @@ -643,7 +648,7 @@ The following properties are available in the `firewalld_direct_rule` type. Valid values: `present`, `absent` -The basic property that the resource should be in. +Manage the state of this type. Default value: `present` @@ -714,7 +719,7 @@ The following properties are available in the `firewalld_ipset` type. Valid values: `present`, `absent` -The basic property that the resource should be in. +Manage the state of this type. Default value: `present` @@ -822,7 +827,7 @@ Specify the egress zones for the policy as an array of strings Valid values: `present`, `absent` -The basic property that the resource should be in. +Manage the state of this type. Default value: `present` @@ -930,7 +935,7 @@ The following properties are available in the `firewalld_port` type. Valid values: `present`, `absent` -The basic property that the resource should be in. +Manage the state of this type. Default value: `present` @@ -1002,7 +1007,7 @@ The following properties are available in the `firewalld_rich_rule` type. Valid values: `present`, `absent` -The basic property that the resource should be in. +Manage the state of this type. Default value: `present` @@ -1032,6 +1037,7 @@ The following parameters are available in the `firewalld_rich_rule` type. ##### `action` +Specify the action fo this rule ##### `audit` @@ -1148,7 +1154,7 @@ The following properties are available in the `firewalld_service` type. Valid values: `present`, `absent` -The basic property that the resource should be in. +Manage the state of this type. Default value: `present` @@ -1222,7 +1228,7 @@ The following properties are available in the `firewalld_zone` type. Valid values: `present`, `absent` -The basic property that the resource should be in. +Manage the state of this type. Default value: `present` diff --git a/lib/puppet/type/firewalld_custom_service.rb b/lib/puppet/type/firewalld_custom_service.rb index 05f0e698..a56c390e 100644 --- a/lib/puppet/type/firewalld_custom_service.rb +++ b/lib/puppet/type/firewalld_custom_service.rb @@ -18,6 +18,7 @@ DOC ensurable do + desc 'Manage the state of this type.' defaultvalues defaultto(:present) end diff --git a/lib/puppet/type/firewalld_direct_chain.rb b/lib/puppet/type/firewalld_direct_chain.rb index 81b962d8..bde31eb0 100644 --- a/lib/puppet/type/firewalld_direct_chain.rb +++ b/lib/puppet/type/firewalld_direct_chain.rb @@ -17,6 +17,7 @@ " ensurable do + desc 'Manage the state of this type.' defaultvalues defaultto :present end diff --git a/lib/puppet/type/firewalld_direct_passthrough.rb b/lib/puppet/type/firewalld_direct_passthrough.rb index a5eab941..3550e715 100644 --- a/lib/puppet/type/firewalld_direct_passthrough.rb +++ b/lib/puppet/type/firewalld_direct_passthrough.rb @@ -22,6 +22,7 @@ " ensurable do + desc 'Manage the state of this type.' defaultvalues defaultto :present end diff --git a/lib/puppet/type/firewalld_direct_purge.rb b/lib/puppet/type/firewalld_direct_purge.rb index ba5781a1..f375c4c5 100644 --- a/lib/puppet/type/firewalld_direct_purge.rb +++ b/lib/puppet/type/firewalld_direct_purge.rb @@ -21,6 +21,7 @@ " ensurable do + desc 'Manage the state of this type.' defaultto(:purged) newvalue(:purgable) newvalue(:purged) do @@ -43,6 +44,7 @@ def generate end newparam(:purge) do + desc 'If unmaintained definitions should be purged' newvalues(:true, :false) defaultto(:true) end diff --git a/lib/puppet/type/firewalld_direct_rule.rb b/lib/puppet/type/firewalld_direct_rule.rb index 65d8e963..d16062e6 100644 --- a/lib/puppet/type/firewalld_direct_rule.rb +++ b/lib/puppet/type/firewalld_direct_rule.rb @@ -19,6 +19,7 @@ " ensurable do + desc 'Manage the state of this type.' defaultvalues defaultto :present end diff --git a/lib/puppet/type/firewalld_ipset.rb b/lib/puppet/type/firewalld_ipset.rb index ee0c972b..2cca10d7 100644 --- a/lib/puppet/type/firewalld_ipset.rb +++ b/lib/puppet/type/firewalld_ipset.rb @@ -20,6 +20,7 @@ def po2?(num) end ensurable do + desc 'Manage the state of this type.' defaultvalues defaultto :present end diff --git a/lib/puppet/type/firewalld_policy.rb b/lib/puppet/type/firewalld_policy.rb index 0ef7defa..8f3a2732 100644 --- a/lib/puppet/type/firewalld_policy.rb +++ b/lib/puppet/type/firewalld_policy.rb @@ -34,6 +34,7 @@ DOC ensurable do + desc 'Manage the state of this type.' defaultvalues defaultto :present end diff --git a/lib/puppet/type/firewalld_port.rb b/lib/puppet/type/firewalld_port.rb index 478217fd..e5b72591 100644 --- a/lib/puppet/type/firewalld_port.rb +++ b/lib/puppet/type/firewalld_port.rb @@ -20,6 +20,8 @@ " ensurable do + desc 'Manage the state of this type.' + newvalue(:present) do @resource.provider.create end diff --git a/lib/puppet/type/firewalld_rich_rule.rb b/lib/puppet/type/firewalld_rich_rule.rb index b03e8e57..1ae38820 100644 --- a/lib/puppet/type/firewalld_rich_rule.rb +++ b/lib/puppet/type/firewalld_rich_rule.rb @@ -20,6 +20,7 @@ " ensurable do + desc 'Manage the state of this type.' defaultvalues defaultto :present end @@ -121,6 +122,7 @@ end newparam(:action) do + desc 'Specify the action fo this rule' def _validate_action(value) raise Puppet::Error, "Authorized action values are `accept`, `reject`, `drop` or `mark`, got #{value}" unless %w[accept drop reject mark].include? value end diff --git a/lib/puppet/type/firewalld_service.rb b/lib/puppet/type/firewalld_service.rb index 639a341f..de9b63cd 100644 --- a/lib/puppet/type/firewalld_service.rb +++ b/lib/puppet/type/firewalld_service.rb @@ -24,6 +24,8 @@ DOC ensurable do + desc 'Manage the state of this type.' + newvalue(:present) do @resource.provider.create end diff --git a/lib/puppet/type/firewalld_zone.rb b/lib/puppet/type/firewalld_zone.rb index 3cda734e..50e1b6e3 100644 --- a/lib/puppet/type/firewalld_zone.rb +++ b/lib/puppet/type/firewalld_zone.rb @@ -34,6 +34,7 @@ DOC ensurable do + desc 'Manage the state of this type.' defaultvalues defaultto :present end diff --git a/manifests/init.pp b/manifests/init.pp index 38ad5a3c..efdc0208 100644 --- a/manifests/init.pp +++ b/manifests/init.pp @@ -17,6 +17,106 @@ # install_gui => true, # } # +# === Documentation +# +# @param package_ensure +# Define if firewalld-package should be handled +# Defaults to `installed` but can be set to `absent` or `latest` +# +# @param package +# The name of the `firewalld`-package +# +# @param service_enable +# If the `firewalld`-service should be enabled +# +# @param service_ensure +# The state that the `firewalld`-service should be in +# +# @param install_gui +# Set to true to install the `firewall-config`-package +# +# @param config_package +# The name of package that is installed if `install_gui` is true +# +# @param zones +# A hash of `firewalld_zone`-definitions +# +# @param policies +# A hash of `firewalld_policy`-definitions +# +# @param ports +# A hash of `firewalld_port`-definitions +# +# @param services +# A hash of `firewalld_service`-definitions +# +# @param rich_rules +# A hash of `firewalld_rich_rule`-definitions +# +# @param custom_services +# A hash of `firewalld_custom_service`-definitions +# +# @param ipsets +# A hash of `firewalld_ipset`-definitions +# +# @param direct_rules +# A hash of `firewalld_direct_rule`-definitions +# +# @param direct_chains +# A hash of `firewalld_direct_chain`-definitions +# +# @param direct_passthroughs +# A hash of `firewalld_direct_passthrough`-definitions +# +# @param purge_direct_rules +# If direct_rules not maintained by puppet should be removed +# +# @param purge_direct_chains +# If direct_chains not maintained by puppet should be removed +# +# @param purge_direct_passthroughs +# If direct_passthroughs not maintained by puppet should be removed +# +# @param purge_unknown_ipsets +# If ipsets not maintained by puppet should be removed +# +# @param default_zone +# Optional string to set the default zone +# +# @param log_denied +# Sets the mode for which denied packets should be logged +# +# @param cleanup_on_exit +# Controls the `CleanupOnExit` setting of `firewalld` +# +# @param zone_drifting +# Controls the `AllowZoneDrifting` setting of `firewalld` +# should be `no` because zone-drifting is deprecated +# +# @param minimal_mark +# Controls the `MinimalMark` setting of `firewalld` +# +# @param lockdown +# Controls the `Lockdown` setting of `firewalld` +# +# @param individual_calls +# Controls the `IndividualCalls` setting of `firewalld` +# +# @param ipv6_rpfilter +# Controls the `IPv6_rpfilter` setting of `firewalld` +# +# @param firewall_backend +# Chooses the backend between `iptables` (deprecated) or `nftables` +# +# @param default_service_zone +# Sets the default zone for `firewalld_service` +# +# @param default_port_zone +# Sets the default zone for `firewalld_port` +# +# @param default_port_protocol +# Sets the default protocol for `firewalld_port` +# # === Authors # # Craig Dunn