saltstack/salt
1
0
Fork 0
mirror of https://github.com/saltstack/salt.git synced 2025-04-17 10:10:20 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions 2

pre-commit changes for firewalld

Browse source
This commit is contained in:
Gary T. Giesen 2021-03-05 23:06:55 -05:00 committed by Megan Wilhite
parent 8c31b47785
commit 6ac3a27ebd
1 changed files with 42 additions and 47 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

89
salt/states/firewalld.py
View file

@ -1,4 +1,3 @@
# -*- coding: utf-8 -*-
"""
Management of firewalld
@ -103,21 +102,17 @@ with an example output of:
rule service name="snmp" accept
"""
# Import Python Libs
from __future__ import absolute_import, print_function, unicode_literals
import logging
import salt.utils.path
# Import Salt Libs
from salt.exceptions import CommandExecutionError
from salt.output import nested
log = logging.getLogger(__name__)
class ForwardingMapping(object):
class ForwardingMapping:
"""
Represents a port forwarding statement mapping a local port to a remote
port for a specific protocol (TCP or UDP)
@ -309,7 +304,7 @@ def service(name, ports=None, protocols=None):
try:
_current_ports = __salt__["firewalld.get_service_ports"](name)
except CommandExecutionError as err:
ret["comment"] = "Error: {0}".format(err)
ret["comment"] = "Error: {}".format(err)
return ret
new_ports = set(ports) - set(_current_ports)
@ -320,7 +315,7 @@ def service(name, ports=None, protocols=None):
try:
__salt__["firewalld.add_service_port"](name, port)
except CommandExecutionError as err:
ret["comment"] = "Error: {0}".format(err)
ret["comment"] = "Error: {}".format(err)
return ret
for port in old_ports:
@ -328,7 +323,7 @@ def service(name, ports=None, protocols=None):
try:
__salt__["firewalld.remove_service_port"](name, port)
except CommandExecutionError as err:
ret["comment"] = "Error: {0}".format(err)
ret["comment"] = "Error: {}".format(err)
return ret
if new_ports or old_ports:
@ -339,7 +334,7 @@ def service(name, ports=None, protocols=None):
try:
_current_protocols = __salt__["firewalld.get_service_protocols"](name)
except CommandExecutionError as err:
ret["comment"] = "Error: {0}".format(err)
ret["comment"] = "Error: {}".format(err)
return ret
new_protocols = set(protocols) - set(_current_protocols)
@ -350,7 +345,7 @@ def service(name, ports=None, protocols=None):
try:
__salt__["firewalld.add_service_protocol"](name, protocol)
except CommandExecutionError as err:
ret["comment"] = "Error: {0}".format(err)
ret["comment"] = "Error: {}".format(err)
return ret
for protocol in old_protocols:
@ -358,7 +353,7 @@ def service(name, ports=None, protocols=None):
try:
__salt__["firewalld.remove_service_protocol"](name, protocol)
except CommandExecutionError as err:
ret["comment"] = "Error: {0}".format(err)
ret["comment"] = "Error: {}".format(err)
return ret
if new_protocols or old_protocols:
@ -371,15 +366,15 @@ def service(name, ports=None, protocols=None):
ret["result"] = True
if ret["changes"] == {}:
ret["comment"] = "'{0}' is already in the desired state.".format(name)
ret["comment"] = "'{}' is already in the desired state.".format(name)
return ret
if __opts__["test"]:
ret["result"] = None
ret["comment"] = "Configuration for '{0}' will change.".format(name)
ret["comment"] = "Configuration for '{}' will change.".format(name)
return ret
ret["comment"] = "'{0}' was configured.".format(name)
ret["comment"] = "'{}' was configured.".format(name)
return ret
@ -412,7 +407,7 @@ def _present(
try:
zones = __salt__["firewalld.get_zones"](permanent=True)
except CommandExecutionError as err:
ret["comment"] = "Error: {0}".format(err)
ret["comment"] = "Error: {}".format(err)
return ret
if name not in zones:
@ -420,7 +415,7 @@ def _present(
try:
__salt__["firewalld.new_zone"](name)
except CommandExecutionError as err:
ret["comment"] = "Error: {0}".format(err)
ret["comment"] = "Error: {}".format(err)
return ret
ret["changes"].update({name: {"old": zones, "new": name}})
@ -435,14 +430,14 @@ def _present(
name, permanent=True
)
except CommandExecutionError as err:
ret["comment"] = "Error: {0}".format(err)
ret["comment"] = "Error: {}".format(err)
return ret
if block_icmp:
try:
_valid_icmp_types = __salt__["firewalld.get_icmp_types"](permanent=True)
except CommandExecutionError as err:
ret["comment"] = "Error: {0}".format(err)
ret["comment"] = "Error: {}".format(err)
return ret
# log errors for invalid ICMP types in block_icmp input
@ -458,7 +453,7 @@ def _present(
name, icmp_type, permanent=True
)
except CommandExecutionError as err:
ret["comment"] = "Error: {0}".format(err)
ret["comment"] = "Error: {}".format(err)
return ret
if prune_block_icmp:
@ -473,7 +468,7 @@ def _present(
name, icmp_type, permanent=True
)
except CommandExecutionError as err:
ret["comment"] = "Error: {0}".format(err)
ret["comment"] = "Error: {}".format(err)
return ret
if new_icmp_types or old_icmp_types:
@ -491,21 +486,21 @@ def _present(
try:
default_zone = __salt__["firewalld.default_zone"]()
except CommandExecutionError as err:
ret["comment"] = "Error: {0}".format(err)
ret["comment"] = "Error: {}".format(err)
return ret
if name != default_zone:
if not __opts__["test"]:
try:
__salt__["firewalld.set_default_zone"](name)
except CommandExecutionError as err:
ret["comment"] = "Error: {0}".format(err)
ret["comment"] = "Error: {}".format(err)
return ret
ret["changes"].update({"default": {"old": default_zone, "new": name}})
try:
masquerade_ret = __salt__["firewalld.get_masquerade"](name, permanent=True)
except CommandExecutionError as err:
ret["comment"] = "Error: {0}".format(err)
ret["comment"] = "Error: {}".format(err)
return ret
if masquerade and not masquerade_ret:
@ -513,7 +508,7 @@ def _present(
try:
__salt__["firewalld.add_masquerade"](name, permanent=True)
except CommandExecutionError as err:
ret["comment"] = "Error: {0}".format(err)
ret["comment"] = "Error: {}".format(err)
return ret
ret["changes"].update(
{"masquerade": {"old": "", "new": "Masquerading successfully set."}}
@ -523,7 +518,7 @@ def _present(
try:
__salt__["firewalld.remove_masquerade"](name, permanent=True)
except CommandExecutionError as err:
ret["comment"] = "Error: {0}".format(err)
ret["comment"] = "Error: {}".format(err)
return ret
ret["changes"].update(
{"masquerade": {"old": "", "new": "Masquerading successfully " "disabled."}}
@ -534,7 +529,7 @@ def _present(
try:
_current_ports = __salt__["firewalld.list_ports"](name, permanent=True)
except CommandExecutionError as err:
ret["comment"] = "Error: {0}".format(err)
ret["comment"] = "Error: {}".format(err)
return ret
new_ports = set(ports) - set(_current_ports)
@ -547,7 +542,7 @@ def _present(
name, port, permanent=True, force_masquerade=False
)
except CommandExecutionError as err:
ret["comment"] = "Error: {0}".format(err)
ret["comment"] = "Error: {}".format(err)
return ret
if prune_ports:
@ -557,7 +552,7 @@ def _present(
try:
__salt__["firewalld.remove_port"](name, port, permanent=True)
except CommandExecutionError as err:
ret["comment"] = "Error: {0}".format(err)
ret["comment"] = "Error: {}".format(err)
return ret
if new_ports or old_ports:
@ -574,7 +569,7 @@ def _present(
name, permanent=True
)
except CommandExecutionError as err:
ret["comment"] = "Error: {0}".format(err)
ret["comment"] = "Error: {}".format(err)
return ret
port_fwd = [_parse_forward(fwd) for fwd in port_fwd]
@ -604,7 +599,7 @@ def _present(
force_masquerade=False,
)
except CommandExecutionError as err:
ret["comment"] = "Error: {0}".format(err)
ret["comment"] = "Error: {}".format(err)
return ret
if prune_port_fwd:
@ -621,7 +616,7 @@ def _present(
permanent=True,
)
except CommandExecutionError as err:
ret["comment"] = "Error: {0}".format(err)
ret["comment"] = "Error: {}".format(err)
return ret
if new_port_fwd or old_port_fwd:
@ -645,7 +640,7 @@ def _present(
name, permanent=True
)
except CommandExecutionError as err:
ret["comment"] = "Error: {0}".format(err)
ret["comment"] = "Error: {}".format(err)
return ret
new_services = set(services) - set(_current_services)
@ -656,7 +651,7 @@ def _present(
try:
__salt__["firewalld.add_service"](new_service, name, permanent=True)
except CommandExecutionError as err:
ret["comment"] = "Error: {0}".format(err)
ret["comment"] = "Error: {}".format(err)
return ret
if prune_services:
@ -668,7 +663,7 @@ def _present(
old_service, name, permanent=True
)
except CommandExecutionError as err:
ret["comment"] = "Error: {0}".format(err)
ret["comment"] = "Error: {}".format(err)
return ret
if new_services or old_services:
@ -687,7 +682,7 @@ def _present(
name, permanent=True
)
except CommandExecutionError as err:
ret["comment"] = "Error: {0}".format(err)
ret["comment"] = "Error: {}".format(err)
return ret
new_interfaces = set(interfaces) - set(_current_interfaces)
@ -698,7 +693,7 @@ def _present(
try:
__salt__["firewalld.add_interface"](name, interface, permanent=True)
except CommandExecutionError as err:
ret["comment"] = "Error: {0}".format(err)
ret["comment"] = "Error: {}".format(err)
return ret
if prune_interfaces:
@ -710,7 +705,7 @@ def _present(
name, interface, permanent=True
)
except CommandExecutionError as err:
ret["comment"] = "Error: {0}".format(err)
ret["comment"] = "Error: {}".format(err)
return ret
if new_interfaces or old_interfaces:
@ -727,7 +722,7 @@ def _present(
try:
_current_sources = __salt__["firewalld.get_sources"](name, permanent=True)
except CommandExecutionError as err:
ret["comment"] = "Error: {0}".format(err)
ret["comment"] = "Error: {}".format(err)
return ret
new_sources = set(sources) - set(_current_sources)
@ -738,7 +733,7 @@ def _present(
try:
__salt__["firewalld.add_source"](name, source, permanent=True)
except CommandExecutionError as err:
ret["comment"] = "Error: {0}".format(err)
ret["comment"] = "Error: {}".format(err)
return ret
if prune_sources:
@ -750,7 +745,7 @@ def _present(
name, source, permanent=True
)
except CommandExecutionError as err:
ret["comment"] = "Error: {0}".format(err)
ret["comment"] = "Error: {}".format(err)
return ret
if new_sources or old_sources:
@ -769,7 +764,7 @@ def _present(
name, permanent=True
)
except CommandExecutionError as err:
ret["comment"] = "Error: {0}".format(err)
ret["comment"] = "Error: {}".format(err)
return ret
new_rich_rules = set(rich_rules) - set(_current_rich_rules)
@ -780,7 +775,7 @@ def _present(
try:
__salt__["firewalld.add_rich_rule"](name, rich_rule, permanent=True)
except CommandExecutionError as err:
ret["comment"] = "Error: {0}".format(err)
ret["comment"] = "Error: {}".format(err)
return ret
if prune_rich_rules:
@ -792,7 +787,7 @@ def _present(
name, rich_rule, permanent=True
)
except CommandExecutionError as err:
ret["comment"] = "Error: {0}".format(err)
ret["comment"] = "Error: {}".format(err)
return ret
if new_rich_rules or old_rich_rules:
@ -807,7 +802,7 @@ def _present(
# No changes
if ret["changes"] == {}:
ret["result"] = True
ret["comment"] = "'{0}' is already in the desired state.".format(name)
ret["comment"] = "'{}' is already in the desired state.".format(name)
return ret
# test=True and changes predicted
@ -816,7 +811,7 @@ def _present(
# build comment string
nested.__opts__ = __opts__
comment = []
comment.append("Configuration for '{0}' will change:".format(name))
comment.append("Configuration for '{}' will change:".format(name))
comment.append(nested.output(ret["changes"]).rstrip())
ret["comment"] = "\n".join(comment)
ret["changes"] = {}
@ -824,5 +819,5 @@ def _present(
# Changes were made successfully
ret["result"] = True
ret["comment"] = "'{0}' was configured.".format(name)
ret["comment"] = "'{}' was configured.".format(name)
return ret