Class: Mt::Wall::Configuration

Inherits:
Object
  • Object
show all
Defined in:
lib/mt/wall/configuration.rb

Overview

Root aggregate of a firewall configuration: the in-memory desired model produced by the DSL and consumed by the Compiler. Objects and groups are keyed by name (names are unique within a configuration); rules and global policies are ordered.

GROUP MEMBERSHIP is single-sourced here. Membership may be declared group-side (‘group “x” { member “y” }`) OR host-side (`member_of` / trailing positional args on `host`); both fold into the SAME group. A group referenced only from the host side is created on demand (auto-create is host-side ONLY — groups referenced solely by rules/src/dst are resolved/validated later by the Compiler). Hosts and groups share one name space, so a host and a group may not share a name.

Constant Summary collapse

RESERVED_NAMES =

Names that may NOT be used for a host or group because they carry a reserved meaning elsewhere in the DSL. “any” is the match-all source/destination (see Compiler::ANY_REFERENCE); allowing a host/group to shadow it would make ‘rule “any”` / `to “any”` / `src: “any”` ambiguous, so declaring one fails fast.

%w[any].freeze

Instance Attribute Summary collapse

Instance Method Summary collapse

Constructor Details

#initializeConfiguration

Returns a new instance of Configuration.



27
28
29
30
31
32
33
34
35
36
37
 
# File 'lib/mt/wall/configuration.rb', line 27

def initialize
  @objects = {}         # name (String) => Model::AddressObject
  @services = {}        # name (String) => Model::Service
  @rules = []           # Array<Model::Rule>
  @devices = {}         # name (String) => Model::Device
  @global_policies = [] # Array<Model::Policy>

  @group_members = {}   # name (String) => Array<String> (ordered, unique)
  @group_comments = {}  # name (String) => String (comment)
  @declared_groups = {} # name (String) => true (explicit `group` verb)
end

Instance Attribute Details

#devicesObject (readonly)

Returns the value of attribute devices.



25
26
27
 
# File 'lib/mt/wall/configuration.rb', line 25

def devices
  @devices
end

#global_policiesObject (readonly)

Returns the value of attribute global_policies.



25
26
27
 
# File 'lib/mt/wall/configuration.rb', line 25

def global_policies
  @global_policies
end

#objectsObject (readonly)

Returns the value of attribute objects.



25
26
27
 
# File 'lib/mt/wall/configuration.rb', line 25

def objects
  @objects
end

#rulesObject (readonly)

Returns the value of attribute rules.



25
26
27
 
# File 'lib/mt/wall/configuration.rb', line 25

def rules
  @rules
end

#servicesObject (readonly)

Returns the value of attribute services.



25
26
27
 
# File 'lib/mt/wall/configuration.rb', line 25

def services
  @services
end

Instance Method Details

#add_device(device) ⇒ void

This method returns an undefined value.

Raises:



97
98
99
100
101
 
# File 'lib/mt/wall/configuration.rb', line 97

def add_device(device)
  raise ConfigurationError, "duplicate device #{device.name.inspect}" if @devices.key?(device.name)

  @devices[device.name] = device
end

#add_global_policy(policy) ⇒ void

This method returns an undefined value.



92
93
94
 
# File 'lib/mt/wall/configuration.rb', line 92

def add_global_policy(policy)
  @global_policies << policy
end

#add_membership(host_name, group_name) ⇒ void

This method returns an undefined value.

Fold a host into a group from the host side, auto-creating the group’s membership bucket on demand.



74
75
76
77
 
# File 'lib/mt/wall/configuration.rb', line 74

def add_membership(host_name, group_name)
  assert_not_reserved!(group_name)
  add_members(group_name, [host_name])
end

#add_object(object) ⇒ void

This method returns an undefined value.

Record a host (named address object).

Raises:



50
51
52
53
54
55
56
57
 
# File 'lib/mt/wall/configuration.rb', line 50

def add_object(object)
  name = object.name
  assert_not_reserved!(name)
  raise ConfigurationError, "duplicate host #{name.inspect}" if @objects.key?(name)

  assert_no_name_clash!(name)
  @objects[name] = object
end

#add_rule(rule) ⇒ void

This method returns an undefined value.



87
88
89
 
# File 'lib/mt/wall/configuration.rb', line 87

def add_rule(rule)
  @rules << rule
end

#add_service(service) ⇒ void

This method returns an undefined value.

Raises:



80
81
82
83
84
 
# File 'lib/mt/wall/configuration.rb', line 80

def add_service(service)
  raise ConfigurationError, "duplicate service #{service.name.inspect}" if @services.key?(service.name)

  @services[service.name] = service
end

#declare_group(name, members, comment = nil) ⇒ void

This method returns an undefined value.

Record an explicit group declaration (group-side membership). Merges with any host-side membership already folded into the same group.

Raises:



62
63
64
65
66
67
68
69
 
# File 'lib/mt/wall/configuration.rb', line 62

def declare_group(name, members, comment = nil)
  assert_not_reserved!(name)
  raise ConfigurationError, "name #{name.inspect} is used by both a host and a group" if @objects.key?(name)

  @declared_groups[name] = true
  @group_comments[name] = comment if comment
  add_members(name, members)
end

#groupsHash{String => Model::Group}

Materialize the accumulated group membership (group-side + host-side) into immutable Model::Group value objects keyed by name.

Returns:



42
43
44
45
46
 
# File 'lib/mt/wall/configuration.rb', line 42

def groups
  @group_members.each_with_object({}) do |(name, members), result|
    result[name] = Model::Group.new(name: name, members: members, comment: @group_comments[name])
  end
end