Merge pull request #25 from webalexeu/array

Moving from comma separated values to array

CHANGELOG.md

@@ -2,6 +2,20 @@
 
 All notable changes to this project will be documented in this file.
 
+## Release 1.4.0 (2022-12-07)
+
+[Full Changelog](https://github.com/webalexeu/puppet-windows_firewall/compare/v1.3.4...v1.4.0)
+
+**Features**
+
+*Breaking changes*:
+ - local_port,remote_port,local_address,remote_address are now defined as string or array of strings
+ (Not supporting anymore multiple values splitted with comma)
+
+**Bugfixes**
+
+**Known Issues**
+
 ## Release 1.3.4 (2022-08-23)
 
 [Full Changelog](https://github.com/webalexeu/puppet-windows_firewall/compare/v1.3.3...v1.3.4)

README.md

@@ -122,7 +122,7 @@ windows_firewall_rule { "puppet - allow ports 1000-2000":
   direction  => "inbound",
   action     => "allow",
   protocol   => "tcp",
-  local_port => "80,443,4243,5000-5010",
+  local_port => ['80', '443', '4243', '5000-5010'],
 }
 
 ```
@@ -211,7 +211,7 @@ windows_firewall_ipsec_rule { 'test - ipsec':
   ensure            => present,
   local_port        => '9999,1900',
   local_address     => $::ipaddress,
-  remote_address    => '192.168.0.0/24,192.168.1.0/24',
+  remote_address    => ['192.168.0.0/24', '192.168.1.0/24'],
   protocol          => 'tcp',
   inbound_security  => 'require',
   outbound_security => 'require',

REFERENCE.md

@@ -32,7 +32,7 @@ Authz computer transport
 
 ##### `authzusergrp`
 
-Configures the users that are authorized to establish tunnel mode connections.
+Configures the users that are authorized to establish tunnel mode connections
 
 ##### `authzusergrptransport`
 
@@ -44,13 +44,13 @@ Boot time rule category
 
 ##### `consecrulecategory`
 
-con sec rule category
+"con sec rule category
 
 ##### `defaultexemptions`
 
 Valid values: `none`, `neighbordiscovery`, `icmp`, `dhcp`, `notconfigured`
 
-Configures the default IPsec exemptions. Default is to exempt IPv6 neighbordiscovery protocol and DHCP from IPsec.
+Configures the default IPsec exemptions. Default is to exempt IPv6 neighbordiscovery protocol and DHCP from IPsec
 
 ##### `firewallrulecategory`
 
@@ -74,7 +74,7 @@ Sets main mode key lifetime in minutes and sessions
 
 ##### `saidletimemin`
 
-Configures the security association idle time in minutes.
+Configures the security association idle time in minutes
 
 ##### `secmethods`
 
@@ -105,13 +105,19 @@ Configures how CRL checking is enforced
 The following parameters are available in the `windows_firewall_global` type.
 
 * [`name`](#name)
+* [`provider`](#provider)
 
 ##### <a name="name"></a>`name`
 
 namevar
 
 Not used (reference only)
 
+##### <a name="provider"></a>`provider`
+
+The specific backend to use for this `windows_firewall_global` resource. You will seldom need to specify this --- Puppet
+will usually discover the appropriate provider for your platform.
+
 ### <a name="windows_firewall_group"></a>`windows_firewall_group`
 
 Enable/Disable windows firewall group
@@ -133,13 +139,19 @@ Default value: `true`
 The following parameters are available in the `windows_firewall_group` type.
 
 * [`name`](#name)
+* [`provider`](#provider)
 
 ##### <a name="name"></a>`name`
 
 namevar
 
 Name of the rule group to enable/disable
 
+##### <a name="provider"></a>`provider`
+
+The specific backend to use for this `windows_firewall_group` resource. You will seldom need to specify this --- Puppet
+will usually discover the appropriate provider for your platform.
+
 ### <a name="windows_firewall_ipsec_rule"></a>`windows_firewall_ipsec_rule`
 
 Manage Windows Firewall with Puppet
@@ -196,13 +208,13 @@ Default value: `any`
 
 ##### `local_address`
 
-Specifies that network packets with matching IP addresses match this rule (hostname not allowed)
+Specifies that network packets with matching IP addresses match this rule (hostname not allowed), use an array to pass more then one
 
 Default value: `any`
 
 ##### `local_port`
 
-Specifies that network packets with matching IP port numbers match this rule
+Specifies that network packets with matching IP port numbers match this rule, use an array to pass more then one
 
 Default value: `any`
 
@@ -250,13 +262,13 @@ This parameter specifies the protocol for an IPsec rule
 
 ##### `remote_address`
 
-Specifies that network packets with matching IP addresses match this rule (hostname not allowed)
+Specifies that network packets with matching IP addresses match this rule (hostname not allowed), use an array to pass more then one
 
 Default value: `any`
 
 ##### `remote_port`
 
-This parameter value is the second end point of an IPsec rule
+This parameter value is the second end point of an IPsec rule, use an array to pass more then one
 
 Default value: `any`
 
@@ -265,13 +277,19 @@ Default value: `any`
 The following parameters are available in the `windows_firewall_ipsec_rule` type.
 
 * [`name`](#name)
+* [`provider`](#provider)
 
 ##### <a name="name"></a>`name`
 
 namevar
 
 Name of this rule
 
+##### <a name="provider"></a>`provider`
+
+The specific backend to use for this `windows_firewall_ipsec_rule` resource. You will seldom need to specify this ---
+Puppet will usually discover the appropriate provider for your platform.
+
 ### <a name="windows_firewall_profile"></a>`windows_firewall_profile`
 
 Enable/Disable windows firewall profile
@@ -292,7 +310,7 @@ Configures default inbound and outbound behavior
 
 Valid values: `enable`, `disable`, `notconfigured`
 
-Notify user when a program listens for inbound connections.
+Notify user when a program listens for inbound connections
 
 ##### `localconsecrules`
 
@@ -338,20 +356,26 @@ State of this firewall profile
 
 Valid values: `enable`, `disable`, `notconfigured`
 
-Control stateful unicast response to multicast.
+Control stateful unicast response to multicast
 
 #### Parameters
 
 The following parameters are available in the `windows_firewall_profile` type.
 
 * [`name`](#name)
+* [`provider`](#provider)
 
 ##### <a name="name"></a>`name`
 
 namevar
 
 Name of the profile to work on
 
+##### <a name="provider"></a>`provider`
+
+The specific backend to use for this `windows_firewall_profile` resource. You will seldom need to specify this ---
+Puppet will usually discover the appropriate provider for your platform.
+
 ### <a name="windows_firewall_rule"></a>`windows_firewall_rule`
 
 Manage Windows Firewall with Puppet
@@ -445,13 +469,13 @@ Default value: `any`
 
 ##### `local_address`
 
-the local IP the rule targets (hostname not allowed)
+the local IP the rule targets (hostname not allowed), use an array to pass more then one
 
 Default value: `any`
 
 ##### `local_port`
 
-the local port the rule targets
+the local port the rule targets, use an array to pass more then one
 
 ##### `local_user`
 
@@ -481,7 +505,7 @@ the protocol the rule targets
 
 ##### `remote_address`
 
-the remote IP the rule targets (hostname not allowed)
+the remote IP the rule targets (hostname not allowed), use an array to pass more then one
 
 Default value: `any`
 
@@ -493,7 +517,7 @@ Default value: `any`
 
 ##### `remote_port`
 
-the remote port the rule targets
+the remote port the rule targets, use an array to pass more then one
 
 Default value: `any`
 
@@ -514,10 +538,16 @@ Default value: `any`
 The following parameters are available in the `windows_firewall_rule` type.
 
 * [`name`](#name)
+* [`provider`](#provider)
 
 ##### <a name="name"></a>`name`
 
 namevar
 
 Name of this rule
 
+##### <a name="provider"></a>`provider`
+
+The specific backend to use for this `windows_firewall_rule` resource. You will seldom need to specify this --- Puppet
+will usually discover the appropriate provider for your platform.
+

lib/ps/windows_firewall/ps-bridge-ipsec.ps1

@@ -9,8 +9,8 @@
     $Profile,
     [String] $LocalAddress,
     [String] $RemoteAddress,
-    [String]    $LocalPort,
-    [String]    $RemotePort,
+    [String] $LocalPort,
+    [String] $RemotePort,
     $InterfaceType,
     $Phase1AuthSet,
     $Phase2AuthSet,
@@ -77,12 +77,12 @@ function show {
                 Profile             = $firewallRule.Profile.toString()
                 DisplayGroup        = $firewallRule.DisplayGroup
                 Mode                = $firewallRule.Mode.toString()
-                # Address Filter (Newer powershell versions return a hash)
-                LocalAddress        = if ($af.LocalAddress -is [object]) { ($af.LocalAddress | ForEach-Object {Convert-IpAddressToMaskLength $_} | Sort-Object) -join ","  } else { Convert-IpAddressToMaskLength $af.LocalAddress }
-                RemoteAddress       = if ($af.RemoteAddress -is [object]) { ($af.RemoteAddress | ForEach-Object {Convert-IpAddressToMaskLength $_} | Sort-Object) -join ","  } else { Convert-IpAddressToMaskLength $af.RemoteAddress }
-                # Port Filter (Newer powershell versions return a hash)
-                LocalPort           = if ($pf.LocalPort -is [object]) { $pf.LocalPort -join "," } else { $pf.LocalPort }
-                RemotePort          = if ($pf.RemotePort -is [object]) { $pf.RemotePort -join "," } else { $pf.RemotePort }
+                # Address Filter (Newer powershell versions return a hash) - Return are sorted to be displayed properly in resources output
+                LocalAddress        = if ($af.LocalAddress -is [object]) { ($af.LocalAddress | ForEach-Object {Convert-IpAddressToMaskLength $_} | Sort-Object) } else { Convert-IpAddressToMaskLength $af.LocalAddress.toString() }
+                RemoteAddress       = if ($af.RemoteAddress -is [object]) { ($af.RemoteAddress | ForEach-Object {Convert-IpAddressToMaskLength $_} | Sort-Object) } else { Convert-IpAddressToMaskLength $af.RemoteAddress.toString() }
+                # Port Filter (Newer powershell versions return a hash) - Return are sorted to be displayed properly in resources output
+                LocalPort           = if ($pf.LocalPort -is [object]) { $pf.LocalPort | Sort-Object } else { $pf.LocalPort.toString() }
+                RemotePort          = if ($pf.RemotePort -is [object]) { $pf.RemotePort | Sort-Object } else { $pf.RemotePort.toString() }
                 Protocol            = $pf.Protocol
                 # Interface Filter
                 InterfaceType       = $if.InterfaceType.toString()
@@ -127,8 +127,7 @@ function create {
 
     # `$LocalPort` and `$RemotePort` will always be strings since we were
     # invoked with `powershell -File`, rather then refactor the loader to use
-    # `-Command`, just do a simple string split. The firewall GUI will sort any
-    # passed port ranges but the PS API does not
+    # `-Command`, just do a simple string split
     if ($LocalPort) {
         $params.Add("LocalPort", ($LocalPort -split ','))
     }
@@ -144,6 +143,9 @@ function create {
     }
 
     # Host filter
+    # `$LocalAddress` and `$RemoteAddress` will always be strings since we were
+    # invoked with `powershell -File`, rather then refactor the loader to use
+    # `-Command`, just do a simple string split
     if ($LocalAddress) {
         $params.Add("LocalAddress", ($LocalAddress -split ','))
     }
@@ -226,8 +228,7 @@ function update {
 
     # `$LocalPort` and `$RemotePort` will always be strings since we were
     # invoked with `powershell -File`, rather then refactor the loader to use
-    # `-Command`, just do a simple string split. The firewall GUI will sort any
-    # passed port ranges but the PS API does not
+    # `-Command`, just do a simple string split
     if ($LocalPort) {
         $params.Add("LocalPort", ($LocalPort -split ','))
     }
@@ -243,6 +244,9 @@ function update {
     }
 
     # Host filter
+    # `$LocalAddress` and `$RemoteAddress` will always be strings since we were
+    # invoked with `powershell -File`, rather then refactor the loader to use
+    # `-Command`, just do a simple string split
     if ($LocalAddress) {
         $params.Add("LocalAddress", ($LocalAddress -split ','))
     }

lib/ps/windows_firewall/ps-bridge.ps1

@@ -90,12 +90,12 @@ function Show {
                 Profile             = $firewallRule.Profile.toString()
                 # If display group is empty, return 'None' (Required for windows_firewall_group)
                 DisplayGroup        = if ($null -ne $firewallRule.DisplayGroup) { $firewallRule.DisplayGroup } else { 'None' }
-                # Address Filter (Newer powershell versions return a hash)
-                LocalAddress        = if ($af.LocalAddress -is [object]) { ($af.LocalAddress | ForEach-Object {Convert-IpAddressToMaskLength $_} | Sort-Object) -join ","  } else { Convert-IpAddressToMaskLength $af.LocalAddress }
-                RemoteAddress       = if ($af.RemoteAddress -is [object]) { ($af.RemoteAddress | ForEach-Object {Convert-IpAddressToMaskLength $_} | Sort-Object) -join ","  } else { Convert-IpAddressToMaskLength $af.RemoteAddress }
-                # Port Filter (Newer powershell versions return a hash)
-                LocalPort           = if ($pf.LocalPort -is [object]) { $pf.LocalPort -join "," } else { $pf.LocalPort }
-                RemotePort          = if ($pf.RemotePort -is [object]) { $pf.RemotePort -join "," } else { $pf.RemotePort }
+                # Address Filter (Newer powershell versions return a hash) - Return are sorted to be displayed properly in resources output
+                LocalAddress        = if ($af.LocalAddress -is [object]) { ($af.LocalAddress | ForEach-Object {Convert-IpAddressToMaskLength $_} | Sort-Object) } else { Convert-IpAddressToMaskLength $af.LocalAddress.toString() }
+                RemoteAddress       = if ($af.RemoteAddress -is [object]) { ($af.RemoteAddress | ForEach-Object {Convert-IpAddressToMaskLength $_} | Sort-Object) } else { Convert-IpAddressToMaskLength $af.RemoteAddress.toString() }
+                # Port Filter (Newer powershell versions return a hash) - Return are sorted to be displayed properly in resources output
+                LocalPort           = if ($pf.LocalPort -is [object]) { $pf.LocalPort | Sort-Object } else { $pf.LocalPort.toString() }
+                RemotePort          = if ($pf.RemotePort -is [object]) { $pf.RemotePort | Sort-Object } else { $pf.RemotePort.toString() }
                 Protocol            = $pf.Protocol
                 IcmpType            = $pf.IcmpType
                 # Application Filter
@@ -171,8 +171,7 @@ function create {
     }
     # `$LocalPort` and `$RemotePort` will always be strings since we were
     # invoked with `powershell -File`, rather then refactor the loader to use
-    # `-Command`, just do a simple string split. The firewall GUI will sort any
-    # passed port ranges but the PS API does not
+    # `-Command`, just do a simple string split
     if ($LocalPort) {
         $params.Add("LocalPort", ($LocalPort -split ','))
     }
@@ -195,6 +194,9 @@ function create {
     }
 
     # Host filter
+    # `$LocalAddress` and `$RemoteAddress` will always be strings since we were
+    # invoked with `powershell -File`, rather then refactor the loader to use
+    # `-Command`, just do a simple string split
     if ($LocalAddress) {
         $params.Add("LocalAddress", ($LocalAddress -split ','))
     }
@@ -270,8 +272,7 @@ function update {
     }
     # `$LocalPort` and `$RemotePort` will always be strings since we were
     # invoked with `powershell -File`, rather then refactor the loader to use
-    # `-Command`, just do a simple string split. The firewall GUI will sort any
-    # passed port ranges but the PS API does not
+    # `-Command`, just do a simple string split
     if ($LocalPort) {
         $params.Add("LocalPort", ($LocalPort -split ','))
     }
@@ -294,6 +295,9 @@ function update {
     }
 
     # Host filter
+    # `$LocalAddress` and `$RemoteAddress` will always be strings since we were
+    # invoked with `powershell -File`, rather then refactor the loader to use
+    # `-Command`, just do a simple string split
     if ($LocalAddress) {
         $params.Add("LocalAddress", ($LocalAddress -split ','))
     }