Class: Mt::Wall::Model::Device

Inherits:

Data

• Object
• Data
• Mt::Wall::Model::Device

Defined in:

lib/mt/wall/model/device.rb

Overview

A managed RouterOS device.

SECURITY: credentials are NEVER stored here or in the DSL/git. The ‘transport` names which adapter to use (e.g. :rest_api); the adapter reads its credentials from ENV at apply time.

Configures the box’s OWN firewall (Layer B): chain defaults and the input/output/forward filter rules of this specific router. The abstract access grants (Layer A, Model::Rule) are device-agnostic and live on the Configuration — the Compiler injects them into this device’s forward chain; they are NOT stored here.

NAT (Layer B, per-box): the device may also declare ‘/ip firewall nat` rules via the `nat do … end` block. These are IPv4-only for v1 (see Model::NatRule) and stored alongside the filter rules here.

MANAGEMENT PROTECTION: ‘management` records the operator’s EXPLICIT declaration of the mgmt traffic the input-chain safe preamble must keep open (so an apply can never cause lockout). It is an ARRAY of small spec Hashes ‘{ src:, service:, port: }` (any key optional), default `[]` — REPEATABLE, so a device can protect several paths at once (e.g. an SSH admin AND a REST/CI apply channel). The Compiler emits the UNION of all specs. EXPLICIT is PRIMARY and a NON-EMPTY array is REQUIRED when the device locks its input chain (`policy :input, :drop`) — the Compiler fails fast if it is empty. Transport inference (full mgmt service set, both families) is only a best-effort BACKSTOP used when the array is empty, and is never authoritative for a locked input chain. Set via DeviceBuilder#management.

Instance Attribute Summary

• #filter_rules ⇒ Object readonly

  Returns the value of attribute filter_rules.

• #host ⇒ Object readonly

  Returns the value of attribute host.

• #management ⇒ Object readonly

  Returns the value of attribute management.

• #name ⇒ Object readonly

  Returns the value of attribute name.

• #nat_rules ⇒ Object readonly

  Returns the value of attribute nat_rules.

• #options ⇒ Object readonly

  Returns the value of attribute options.

• #policies ⇒ Object readonly

  Returns the value of attribute policies.

• #transport ⇒ Object readonly

  Returns the value of attribute transport.

Instance Method Summary

• #initialize(name:, host:, transport: :rest_api, policies: [], filter_rules: [], nat_rules: [], management: [], options: {}) ⇒ Device constructor

  A new instance of Device.

• #options(value) ⇒ Object readonly

  non-secret transport options (port, verify_tls, …).

• #transport(value) ⇒ Object readonly

  transport adapter key (e.g. :rest_api, :rsc).

Constructor Details

#initialize(name:, host:, transport: :rest_api, policies: [], filter_rules: [], nat_rules: [], management: [], options: {}) ⇒ Device

Returns a new instance of Device.

# File 'lib/mt/wall/model/device.rb', line 45

def initialize(name:, host:, transport: :rest_api, policies: [], filter_rules: [],
               nat_rules: [], management: [], options: {})
  super(name: name, host: host, transport: transport,
        policies: Array(policies), filter_rules: Array(filter_rules),
        nat_rules: Array(nat_rules), management: Array(management), options: options)
end

Instance Attribute Details

#filter_rules ⇒ Object (readonly)

Returns the value of attribute filter_rules

Returns:

• (Object) —

  the current value of filter_rules

# File 'lib/mt/wall/model/device.rb', line 43

Device = Data.define(:name, :host, :transport, :policies, :filter_rules, :nat_rules,
                     :management, :options) do
  def initialize(name:, host:, transport: :rest_api, policies: [], filter_rules: [],
                 nat_rules: [], management: [], options: {})
    super(name: name, host: host, transport: transport,
          policies: Array(policies), filter_rules: Array(filter_rules),
          nat_rules: Array(nat_rules), management: Array(management), options: options)
  end
end

#host ⇒ Object (readonly)

Returns the value of attribute host

Returns:

• (Object) —

  the current value of host

# File 'lib/mt/wall/model/device.rb', line 43

Device = Data.define(:name, :host, :transport, :policies, :filter_rules, :nat_rules,
                     :management, :options) do
  def initialize(name:, host:, transport: :rest_api, policies: [], filter_rules: [],
                 nat_rules: [], management: [], options: {})
    super(name: name, host: host, transport: transport,
          policies: Array(policies), filter_rules: Array(filter_rules),
          nat_rules: Array(nat_rules), management: Array(management), options: options)
  end
end

#management ⇒ Object (readonly)

Returns the value of attribute management

Returns:

• (Object) —

  the current value of management

# File 'lib/mt/wall/model/device.rb', line 43

Device = Data.define(:name, :host, :transport, :policies, :filter_rules, :nat_rules,
                     :management, :options) do
  def initialize(name:, host:, transport: :rest_api, policies: [], filter_rules: [],
                 nat_rules: [], management: [], options: {})
    super(name: name, host: host, transport: transport,
          policies: Array(policies), filter_rules: Array(filter_rules),
          nat_rules: Array(nat_rules), management: Array(management), options: options)
  end
end

#name ⇒ Object (readonly)

Returns the value of attribute name

Returns:

• (Object) —

  the current value of name

# File 'lib/mt/wall/model/device.rb', line 43

Device = Data.define(:name, :host, :transport, :policies, :filter_rules, :nat_rules,
                     :management, :options) do
  def initialize(name:, host:, transport: :rest_api, policies: [], filter_rules: [],
                 nat_rules: [], management: [], options: {})
    super(name: name, host: host, transport: transport,
          policies: Array(policies), filter_rules: Array(filter_rules),
          nat_rules: Array(nat_rules), management: Array(management), options: options)
  end
end

#nat_rules ⇒ Object (readonly)

Returns the value of attribute nat_rules

Returns:

• (Object) —

  the current value of nat_rules

# File 'lib/mt/wall/model/device.rb', line 43

Device = Data.define(:name, :host, :transport, :policies, :filter_rules, :nat_rules,
                     :management, :options) do
  def initialize(name:, host:, transport: :rest_api, policies: [], filter_rules: [],
                 nat_rules: [], management: [], options: {})
    super(name: name, host: host, transport: transport,
          policies: Array(policies), filter_rules: Array(filter_rules),
          nat_rules: Array(nat_rules), management: Array(management), options: options)
  end
end

#options ⇒ Object (readonly)

Returns the value of attribute options

Returns:

• (Object) —

  the current value of options

# File 'lib/mt/wall/model/device.rb', line 43

def options
  @options
end

#policies ⇒ Object (readonly)

Returns the value of attribute policies

Returns:

• (Object) —

  the current value of policies

# File 'lib/mt/wall/model/device.rb', line 43

Device = Data.define(:name, :host, :transport, :policies, :filter_rules, :nat_rules,
                     :management, :options) do
  def initialize(name:, host:, transport: :rest_api, policies: [], filter_rules: [],
                 nat_rules: [], management: [], options: {})
    super(name: name, host: host, transport: transport,
          policies: Array(policies), filter_rules: Array(filter_rules),
          nat_rules: Array(nat_rules), management: Array(management), options: options)
  end
end

#transport ⇒ Object (readonly)

Returns the value of attribute transport

Returns:

• (Object) —

  the current value of transport

# File 'lib/mt/wall/model/device.rb', line 43

def transport
  @transport
end

Instance Method Details

#options=(value) ⇒ Object (readonly)

non-secret transport options (port, verify_tls, …)

# File 'lib/mt/wall/model/device.rb', line 43

Device = Data.define(:name, :host, :transport, :policies, :filter_rules, :nat_rules,
                     :management, :options) do
  def initialize(name:, host:, transport: :rest_api, policies: [], filter_rules: [],
                 nat_rules: [], management: [], options: {})
    super(name: name, host: host, transport: transport,
          policies: Array(policies), filter_rules: Array(filter_rules),
          nat_rules: Array(nat_rules), management: Array(management), options: options)
  end
end

#transport=(value) ⇒ Object (readonly)

transport adapter key (e.g. :rest_api, :rsc)

# File 'lib/mt/wall/model/device.rb', line 43

Device = Data.define(:name, :host, :transport, :policies, :filter_rules, :nat_rules,
                     :management, :options) do
  def initialize(name:, host:, transport: :rest_api, policies: [], filter_rules: [],
                 nat_rules: [], management: [], options: {})
    super(name: name, host: host, transport: transport,
          policies: Array(policies), filter_rules: Array(filter_rules),
          nat_rules: Array(nat_rules), management: Array(management), options: options)
  end
end