Supporting documentation for sous-chefs/ufw#28

.kitchen.yml

driver:
  name: vagrant

provisioner:
  name: chef_zero
  deprecations_as_errors: true
  log_level: debug

verifier:
  name: inspec

platforms:
  - name: debian-7.11
  - name: debian-8.7
  - name: ubuntu-14.04
  - name: ubuntu-16.04

suites:
  - name: default
    run_list:
      - recipe[ufw::default]
    attributes:
      firewall:
        rules:
          - tftp: { }
          - http: { port: 80 }
          - block tomcat from 192.168.1.0/24: { port: 8080, source: 192.168.1.0/24, action: deny }
          - Allow access to udp 1.2.3.4 port 5469 from 1.2.3.5 port 5469: { protocol: udp, port: 5469, source: 1.2.3.4, destination: 1.2.3.5, dest_port: 5469 }
          - allow to tcp ports 8000-8010 from 192.168.1.0/24: { port_range: 8000..8010, source: 192.168.1.0/24, protocol: tcp }

Snippet of Test Kitchen output

       [2017-06-28T19:03:31+00:00] DEBUG: ufw:rule "{"block tomcat from 192.168.1.0/24"=>{"port"=>8080, "source"=>"192.168.1.0/24", "action"=>"deny"}}"
       [2017-06-28T19:03:31+00:00] DEBUG: ufw:rule "{"block tomcat from 192.168.1.0/24"=>{"port"=>8080, "source"=>"192.168.1.0/24", "action"=>"deny"}}"
       [2017-06-28T19:03:31+00:00] DEBUG: ufw:rule:name "block tomcat from 192.168.1.0/24"
       [2017-06-28T19:03:31+00:00] DEBUG: ufw:rule:name "block tomcat from 192.168.1.0/24"
       [2017-06-28T19:03:31+00:00] DEBUG: ufw:rule:parameters "{"port"=>8080, "source"=>"192.168.1.0/24", "action"=>"deny"}"
       [2017-06-28T19:03:31+00:00] DEBUG: ufw:rule:parameters "{"port"=>8080, "source"=>"192.168.1.0/24", "action"=>"deny"}"
       [2017-06-28T19:03:31+00:00] DEBUG: ufw:rule:port 8080
       [2017-06-28T19:03:31+00:00] DEBUG: ufw:rule:port 8080
       [2017-06-28T19:03:31+00:00] DEBUG: ufw:rule:source 192.168.1.0/24
       [2017-06-28T19:03:31+00:00] DEBUG: ufw:rule:source 192.168.1.0/24
       [2017-06-28T19:03:31+00:00] DEBUG: ufw:rule:action :deny
       [2017-06-28T19:03:31+00:00] DEBUG: ufw:rule:action :deny
       [2017-06-28T19:03:31+00:00] DEBUG: Resources for generic firewall_rule resource enabled on node include: [Chef::Resource::FirewallRule]
       [2017-06-28T19:03:31+00:00] DEBUG: Resources for generic firewall_rule resource enabled on node include: [Chef::Resource::FirewallRule]
       [2017-06-28T19:03:31+00:00] DEBUG: Resource for firewall_rule is Chef::Resource::FirewallRule
       [2017-06-28T19:03:31+00:00] DEBUG: Resource for firewall_rule is Chef::Resource::FirewallRule
       [2017-06-28T19:03:31+00:00] DEBUG: Filtered backtrace of compile error: /tmp/kitchen/cache/cookbooks/ufw/recipes/default.rb:68:in `block (3 levels) in from_file',/tmp/kitchen/cache/cookbooks/ufw/recipes/default.rb:53:in `block (2 levels) in from_file',/tmp/kitchen/cache/cookbooks/ufw/recipes/default.rb:34:in `each',/tmp/kitchen/cache/cookbooks/ufw/recipes/default.rb:34:in `block in from_file',/tmp/kitchen/cache/cookbooks/ufw/recipes/default.rb:32:in `each',/tmp/kitchen/cache/cookbooks/ufw/recipes/default.rb:32:in `from_file'
       [2017-06-28T19:03:31+00:00] DEBUG: Filtered backtrace of compile error: /tmp/kitchen/cache/cookbooks/ufw/recipes/default.rb:68:in `block (3 levels) in from_file',/tmp/kitchen/cache/cookbooks/ufw/recipes/default.rb:53:in `block (2 levels) in from_file',/tmp/kitchen/cache/cookbooks/ufw/recipes/default.rb:34:in `each',/tmp/kitchen/cache/cookbooks/ufw/recipes/default.rb:34:in `block in from_file',/tmp/kitchen/cache/cookbooks/ufw/recipes/default.rb:32:in `each',/tmp/kitchen/cache/cookbooks/ufw/recipes/default.rb:32:in `from_file'
       [2017-06-28T19:03:31+00:00] DEBUG: Backtrace entry for compile error: '/tmp/kitchen/cache/cookbooks/ufw/recipes/default.rb:68:in `block (3 levels) in from_file''
       [2017-06-28T19:03:31+00:00] DEBUG: Backtrace entry for compile error: '/tmp/kitchen/cache/cookbooks/ufw/recipes/default.rb:68:in `block (3 levels) in from_file''
       [2017-06-28T19:03:31+00:00] DEBUG: Line number of compile error: '68'
       [2017-06-28T19:03:31+00:00] DEBUG: Line number of compile error: '68'
       
       ================================================================================
       Recipe Compile Error in /tmp/kitchen/cache/cookbooks/ufw/recipes/default.rb
       ================================================================================
       
       Chef::Exceptions::ValidationFailed
       ----------------------------------
       Option action must be equal to one of: nothing, create!  You passed :deny.
       
       Cookbook Trace:
       ---------------
         /tmp/kitchen/cache/cookbooks/ufw/recipes/default.rb:68:in `block (3 levels) in from_file'
         /tmp/kitchen/cache/cookbooks/ufw/recipes/default.rb:53:in `block (2 levels) in from_file'
         /tmp/kitchen/cache/cookbooks/ufw/recipes/default.rb:34:in `each'
         /tmp/kitchen/cache/cookbooks/ufw/recipes/default.rb:34:in `block in from_file'
         /tmp/kitchen/cache/cookbooks/ufw/recipes/default.rb:32:in `each'
         /tmp/kitchen/cache/cookbooks/ufw/recipes/default.rb:32:in `from_file'
       
       Relevant File Content:
       ----------------------
       /tmp/kitchen/cache/cookbooks/ufw/recipes/default.rb:
       
        61:          ends = params['port_range'].split('..').map { |d| Integer(d) }
        62:          port_range ends[0]..ends[1]
        63:        end
        64:        source params['source'] if params['source']
        65:        destination params['destination'] if params['destination']
        66:        dest_port params['dest_port'].to_i if params['dest_port']
        67:        position params['position'].to_i if params['position']
        68>>       action act
        69:      end
        70:    end
        71:  end
        72:  
       
       System Info:
       ------------
       chef_version=13.1.31
       platform=ubuntu
       platform_version=14.04
       ruby=ruby 2.4.1p111 (2017-03-22 revision 58053) [x86_64-linux]
       program_name=chef-client worker: ppid=1592;start=19:03:28;
       executable=/opt/chef/bin/chef-client