Automanage firewall indices #362
Draft
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
lkubb
force-pushed
the
ruleset-resource
branch
2 times, most recently
from
34b8765
to
9e807fd
Compare
|
@paultyng @joshuaspence Any chance of getting a new |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Currently, it's a very error-prone and manual process to ensure firewall rules are applied in a specific order (unless I'm missing something – always happy to learn :)).
This PR
a) allows the rule index to not be specified and attempts to autodiscover an unoccupied one
b) introduces a new resource (
unifi_firewall_ruleset) that manages the ordering of firewall rules.I'm not sure if this is the best approach, but I did not think a substantial change to how firewall rules are managed currently would be worth the trouble.
This resource is virtual and will be auto-imported during creation. There can only be a single resource per site + ruleset combination. It requires all rule IDs that are present in the ruleset to be specified and disallows managing rule indices if it discovers unknown rules.
Fixes: #361
This requires paultyng/go-unifi#127, I will need to update this PR when that one is released.