Extend firewall customizations to add sources

Signed-off-by: Antonio Murdaca <runcom@linux.com> Co-authored-by: Irene Diez <idiez@redhat.com>
2022-10-10 12:47:19 +02:00 · 2022-10-10 12:47:19 +02:00 · 80a6b1bd23
commit 80a6b1bd23
parent 4380e70973
5 changed files with 39 additions and 9 deletions
--- a/internal/blueprint/customizations.go
+++ b/internal/blueprint/customizations.go
@ -74,6 +74,12 @@ type LocaleCustomization struct {
 type FirewallCustomization struct {
 	Ports    []string                       `json:"ports,omitempty" toml:"ports,omitempty"`
 	Services *FirewallServicesCustomization `json:"services,omitempty" toml:"services,omitempty"`
+	Sources  []FirewallSourceCustomization  `json:"sources,omitempty" toml:"sources,omitempty"`
+}
+
+type FirewallSourceCustomization struct {
+	Zone    string   `json:"zone,omitempty" toml:"zone,omitempty"`
+	Sources []string `json:"sources,omitempty" toml:"sources,omitempty"`
 }

 type FirewallServicesCustomization struct {
@ -162,8 +168,8 @@ func (e *CustomizationError) Error() string {
 	return e.Message
 }

-//CheckCustomizations returns an error of type `CustomizationError`
-//if `c` has any customizations not specified in `allowed`
+// CheckCustomizations returns an error of type `CustomizationError`
+// if `c` has any customizations not specified in `allowed`
 func (c *Customizations) CheckAllowed(allowed ...string) error {
 	if c == nil {
 		return nil
--- a/internal/distro/rhel8/pipelines.go
+++ b/internal/distro/rhel8/pipelines.go
@ -200,8 +200,8 @@ func tarPipelines(t *imageType, customizations *blueprint.Customizations, option
 	return pipelines, nil
 }

-//makeISORootPath return a path that can be used to address files and folders in
-//the root of the iso
+// makeISORootPath return a path that can be used to address files and folders in
+// the root of the iso
 func makeISORootPath(p string) string {
 	fullpath := path.Join("/run/install/repo", p)
 	return fmt.Sprintf("file://%s", fullpath)
@ -497,11 +497,12 @@ func osPipeline(t *imageType,
 		// merge the user-provided firewall config with the default one
 		if fwStageOptions != nil {
 			fwStageOptions = &osbuild.FirewallStageOptions{
-				// Prefer the firewall ports and services settings provided
+				// Prefer the firewall ports, services and sources settings provided
 				// via BP customization.
 				Ports:            fwStageOptions.Ports,
 				EnabledServices:  fwStageOptions.EnabledServices,
 				DisabledServices: fwStageOptions.DisabledServices,
+				Sources:          fwStageOptions.Sources,
 				// Default zone can not be set using BP customizations, therefore
 				// default to the one provided in the default image configuration.
 				DefaultZone: firewallConfig.DefaultZone,
--- a/internal/distro/rhel8/stage_options.go
+++ b/internal/distro/rhel8/stage_options.go
@ -76,6 +76,15 @@ func firewallStageOptions(firewall *blueprint.FirewallCustomization) *osbuild.Fi
 		options.DisabledServices = firewall.Services.Disabled
 	}

+	if len(firewall.Sources) != 0 {
+		for _, s := range firewall.Sources {
+			options.Sources = append(options.Sources, osbuild.FirewallSource{
+				Zone:    s.Zone,
+				Sources: s.Sources,
+			})
+		}
+	}
+
 	return &options
 }

--- a/internal/distro/rhel9/images.go
+++ b/internal/distro/rhel9/images.go
@ -74,6 +74,14 @@ func osCustomizations(
 			options.EnabledServices = fw.Services.Enabled
 			options.DisabledServices = fw.Services.Disabled
 		}
+		if fw.Sources != nil {
+			for _, s := range fw.Sources {
+				options.Sources = append(options.Sources, osbuild.FirewallSource{
+					Zone:    s.Zone,
+					Sources: s.Sources,
+				})
+			}
+		}
 		osc.Firewall = &options
 	}

--- a/internal/osbuild/firewall_stage.go
+++ b/internal/osbuild/firewall_stage.go
@ -1,10 +1,16 @@
 package osbuild

 type FirewallStageOptions struct {
-	Ports            []string `json:"ports,omitempty"`
-	EnabledServices  []string `json:"enabled_services,omitempty"`
-	DisabledServices []string `json:"disabled_services,omitempty"`
-	DefaultZone      string   `json:"default_zone,omitempty"`
+	Ports            []string         `json:"ports,omitempty"`
+	EnabledServices  []string         `json:"enabled_services,omitempty"`
+	DisabledServices []string         `json:"disabled_services,omitempty"`
+	DefaultZone      string           `json:"default_zone,omitempty"`
+	Sources          []FirewallSource `json:"sources,omitempty"`
+}
+
+type FirewallSource struct {
+	Zone    string   `json:"zone,omitempty"`
+	Sources []string `json:"sources,omitempty"`
 }

 func (FirewallStageOptions) isStageOptions() {}