From ceb51010d76aef1139a45311147105fe07eaebc0 Mon Sep 17 00:00:00 2001 From: Robin Schneider Date: Thu, 25 Aug 2016 23:25:55 +0200 Subject: [PATCH] Deprecated `item.role`, use `item.by_role` instead Related to: https://github.com/debops/debops-playbooks/issues/296 --- CHANGES.rst | 21 +++++++++++++++------ docs/rules.rst | 7 ++++++- tasks/main.yml | 4 ++-- 3 files changed, 23 insertions(+), 9 deletions(-) diff --git a/CHANGES.rst b/CHANGES.rst index e9576bd..d0bffca 100644 --- a/CHANGES.rst +++ b/CHANGES.rst @@ -16,12 +16,6 @@ v0.2.2 *Unreleased* -- Use ``item.rule_state`` in the role defaults instead of the hereby deprecated - ``item.when`` and ``item.delete``. - See `discussion `_. - ``item.delete`` and ``item.when`` are currently still supported for backwards - compatibility. [ypid_] - Added ~~~~~ @@ -33,12 +27,27 @@ Changed - Use the `Ansible package module`_ which requires Ansible v2.0. [ypid_] +- Be more precise about the expected format of ``item.by_role`` in + :ref:`default_rules`. [ypid_] + Fixed ~~~~~ - Don’t create duplicate forward rules when an interface has both an IPv4 and an IPv6 address. [ypid_] +Deprecated +~~~~~~~~~~ + +- Use ``item.rule_state`` in the role defaults instead of the hereby deprecated + ``item.when`` and ``item.delete``. + See `discussion `_. + ``item.delete`` and ``item.when`` are currently still supported for backwards + compatibility. [ypid_] + +- Deprecated ``item.role``, use ``item.by_role`` instead. Applies for: + :ref:`default_rules`. [ypid_] + v0.2.1 ------ diff --git a/docs/rules.rst b/docs/rules.rst index 04d0267..2db2043 100644 --- a/docs/rules.rst +++ b/docs/rules.rst @@ -69,8 +69,13 @@ the following keys: Optional. Set rule name in ferm configuration file when ``item.filename`` is not set and other places where a custom rule name might be useful. +``by_role`` + Optional. Name of the Ansible role in the format ``ROLE_OWNER.ROLE_NAME`` + which is responsable for the rule. + The sanitized name will be included in the autogenerated filename. + ``role`` - Optional. Custom name used in the generated ferm rule definition file. + Deprecated. Use ``by_role`` instead. ``role_weight`` Optional. This allows to set the same ``item.weight`` for all rules of a diff --git a/tasks/main.yml b/tasks/main.yml index 6f402d3..561f072 100644 --- a/tasks/main.yml +++ b/tasks/main.yml @@ -70,7 +70,7 @@ - name: Remove ip(6)tables rules if requested file: - path: '/etc/ferm/ferm.d/{{ ferm__weight_map[item.weight_class|d()] | d(item.weight | d(ferm__default_weight)) }}_{{ item.filename | d(((item.role + "_" + ((item.role_weight + "_") if item.role_weight|d() else "")) if item.role|d() else "") + item.type + "_" + item.name | d((item.dport[0] if item.dport|d() else "rules"))) }}.conf' + dest: '/etc/ferm/ferm.d/{{ ferm__weight_map[item.weight_class|d()] | d(item.weight | d(ferm__default_weight)) }}_{{ item.filename | d((((item.by_role|d(item.role)| replace(".", "_")) + "_" + ((item.role_weight + "_") if item.role_weight|d() else "")) if (item.by_role|d(item.role)|d()) else "") + item.type + "_" + item.name | d((item.dport[0] if item.dport|d() else "rules"))) }}.conf' state: 'absent' with_flattened: - '{{ ferm_rules | d([]) | list }}' @@ -92,7 +92,7 @@ - name: Configure ip(6)tables rules template: src: 'etc/ferm/ferm.d/{{ item.type }}.conf.j2' - dest: '/etc/ferm/ferm.d/{{ ferm__weight_map[item.weight_class|d()] | d(item.weight | d(ferm__default_weight)) }}_{{ item.filename | d(((item.role + "_" + ((item.role_weight + "_") if item.role_weight|d() else "")) if item.role|d() else "") + item.type + "_" + item.name | d((item.dport[0] if item.dport|d() else "rules"))) }}.conf' + dest: '/etc/ferm/ferm.d/{{ ferm__weight_map[item.weight_class|d()] | d(item.weight | d(ferm__default_weight)) }}_{{ item.filename | d((((item.by_role|d(item.role)| replace(".", "_")) + "_" + ((item.role_weight + "_") if item.role_weight|d() else "")) if (item.by_role|d(item.role)|d()) else "") + item.type + "_" + item.name | d((item.dport[0] if item.dport|d() else "rules"))) }}.conf' owner: 'root' group: 'adm' mode: '0644'