Class: Mt::Wall::Transport::Base

Inherits:
Object
  • Object
show all
Defined in:
lib/mt/wall/transport/base.rb

Overview

Abstract transport adapter. A transport is the ONLY layer that knows how to talk to (or render for) a real device. Concrete adapters implement these operations against a device:

* #fetch(paths)             -> reads CURRENT state as a DesiredState
* #apply(operations)        -> writes Plan operations to the device
* #arm_auto_revert(...)     -> schedules a DEVICE-SIDE auto-revert
* #confirm(handle)          -> cancels the armed auto-revert

To add a transport (binary API, SSH, …), subclass Base and implement these. Credentials are read from ENV by the concrete adapter – never passed through the DSL or stored in git.

── DEVICE-SIDE COMMIT-CONFIRM (auto-revert) ───────────────────────────An apply replaces the whole filter/nat table over a session that runs THROUGH the firewall, so a bad rule can sever the manager’s own connection. RouterOS REST has NO native firewall transaction / safe-mode. A CLIENT-SIDE rollback is therefore USELESS: if the link drops mid-apply the rollback request is undeliverable. The revert MUST live ON THE DEVICE, armed BEFORE the apply, and self-fire on a timer if the manager never confirms:

handle = transport.arm_auto_revert(snapshot, timeout: 120)
begin
  transport.apply(plan.operations)   # create-before-delete; drop LAST
  # manager runs a post-apply health-check back to the device
  transport.confirm(handle)          # cancels the scheduled revert
rescue TransportError, <health-check failed / link lost>
  # do nothing: the device-side scheduler restores the backup at timeout
end

Implementation contract for ‘arm_auto_revert`: back up the managed tables ON the device (e.g. `/export` of the managed paths or an `/ip/firewall` backup) and schedule a `/system/scheduler` (or delayed `/system/script`) job that RESTORES that backup after `timeout`. `confirm` cancels/deletes that scheduled job after a successful manager-side health-check. Adapters that cannot reach a live device (offline Rsc render) implement both as no-ops.

Direct Known Subclasses

RestApi, Rsc

Instance Method Summary collapse

Instance Method Details

#apply(operations) ⇒ void

This method returns an undefined value.

Parameters:

Raises:

  • (NotImplementedError) 


55
56
57
 
# File 'lib/mt/wall/transport/base.rb', line 55

def apply(operations)
  raise NotImplementedError, "#{self.class}#apply must be implemented"
end

#arm_auto_revert(snapshot, timeout:) ⇒ Object

Back up the managed tables ON the device and schedule a device-side job that restores them after ‘timeout` unless #confirm cancels it.

Parameters:

  • snapshot (Object)

    identifier/handle for the on-device backup (e.g. the managed paths to export); transport-defined

  • timeout (Integer)

    seconds before the device self-reverts

Returns:

  • (Object)

    an opaque handle for the scheduled revert job

Raises:

  • (NotImplementedError) 


65
66
67
 
# File 'lib/mt/wall/transport/base.rb', line 65

def arm_auto_revert(snapshot, timeout:)
  raise NotImplementedError, "#{self.class}#arm_auto_revert must be implemented"
end

#confirm(handle) ⇒ void

This method returns an undefined value.

Cancel an armed device-side auto-revert after a healthy post-apply check; the new config becomes permanent.

Parameters:

Raises:

  • (NotImplementedError) 


73
74
75
 
# File 'lib/mt/wall/transport/base.rb', line 73

def confirm(handle)
  raise NotImplementedError, "#{self.class}#confirm must be implemented"
end

#fetch(paths, managed_list_names: []) ⇒ DesiredState

Parameters:

  • paths (Array<String>)

    RouterOS resource paths to read

  • managed_list_names (Array<String>) (defaults to: [])

    address-list names mt-wall owns; foreign/static lists are excluded from the fetched state

Returns:

Raises:

  • (NotImplementedError) 


49
50
51
 
# File 'lib/mt/wall/transport/base.rb', line 49

def fetch(paths, managed_list_names: [])
  raise NotImplementedError, "#{self.class}#fetch must be implemented"
end