Class: Mt::Wall::DSL::RuleBuilder

Inherits:

Object

Object
Mt::Wall::DSL::RuleBuilder

show all

Defined in:: lib/mt/wall/dsl/rule_builder.rb

Overview

Block context for the ‘rule` verb. The source is fixed for the whole block (passed in); each `to` call adds one grant from that source to a destination, producing a Model::Rule.

rule "admin" do
  to "edge-1-mgmt", "ssh"          # allow (default action)
  to "edge-2-mgmt", "ssh", :deny   # explicit action
end

‘to` takes a destination host/group, an optional service name (omitted

:any), and an optional action (:allow / :deny, default :allow). Action

is positional and last, so to set it you must give a service (or :any): ‘to “x”, :any, :deny`. The DSL action maps to RouterOS accept/drop in the resulting Model::Rule.

Constant Summary collapse

ACTIONS = DSL actions, and the tokens that trigger the service-slot footgun.

%i[allow deny].freeze

ACTION_TOKENS =

[:allow, :deny, "allow", "deny"].freeze

ACTION_MAP = DSL action -> RouterOS / Model::Rule action.

{ allow: :accept, deny: :drop }.freeze

Instance Attribute Summary collapse

#rules ⇒ Array<Model::Rule> readonly

The Model::Rule list collected from this block.

Instance Method Summary collapse

#initialize(source) ⇒ RuleBuilder constructor

A new instance of RuleBuilder.
#to(destination, service = :any, action = :allow, comment: nil, **flags) ⇒ void

One grant: @source -> destination, optional service, optional action.

Constructor Details

#initialize(source) ⇒ `RuleBuilder`

Returns a new instance of RuleBuilder.

# File 'lib/mt/wall/dsl/rule_builder.rb', line 27

def initialize(source)
  @source = source
  @rules = []
end

Instance Attribute Details

#rules ⇒ `Array<Model::Rule>` (readonly)

The Model::Rule list collected from this block.

Returns:

(Array<Model::Rule>)



64
65
66

# File 'lib/mt/wall/dsl/rule_builder.rb', line 64

def rules
  @rules
end

Instance Method Details

#to(destination, service = :any, action = :allow, comment: nil, **flags) ⇒ `void`

This method returns an undefined value.

One grant: @source -> destination, optional service, optional action.

FAIL-FAST on the positional footgun: ‘action` MUST be one of :deny. If the SERVICE slot (arg 2) is given as `:allow` or `:deny`, that is treated as the ACTION (service defaults to :any) so `to “x”, :deny` cannot silently degrade into “service named :deny”. Any other non-:allow,:deny symbol/string in the action slot raises ConfigurationError with a clear message.

‘log:`/`log_prefix:` enable RouterOS logging on the emitted rule(s); `disabled:` keeps the grant in git but inactive. Both are rule attributes (excluded from the identity tag, so a toggle is an :update).

Parameters:

destination (String) —

name of the destination host/group
service (String, Symbol) (defaults to: :any) —

service name, or :any
action (Symbol) (defaults to: :allow) —

:allow or :deny
log (Boolean) —

log matched packets (log=yes)
log_prefix (String, nil) —

optional log-prefix label
disabled (Boolean) —

emit the rule(s) disabled

# File 'lib/mt/wall/dsl/rule_builder.rb', line 52

def to(destination, service = :any, action = :allow, comment: nil, **flags)
  Validators.validate_name!(destination, label: "destination")
  service, action = resolve_service_and_action(service, action)
  service_name = service == :any ? nil : Validators.validate_name!(service, label: "service")

  @rules << Model::Rule.new(source: @source, destination: destination.to_s,
                            service: service_name, action: ACTION_MAP.fetch(action),
                            comment: comment, **Validators.rule_flags(**flags))
end