From: Tom Hughes <tom@compton.nu>
Date: Sun, 14 Jun 2015 18:53:54 +0000 (+0100)
Subject: Convert fail2ban_jail to an LWRP
X-Git-Url: https://git.openstreetmap.org/chef.git/commitdiff_plain/a37b5cd0a0de895d04066f08aef048de3082257f

Convert fail2ban_jail to an LWRP
---

diff --git a/cookbooks/fail2ban/.foodcritic b/cookbooks/fail2ban/.foodcritic
index e9a7c9233..3907cff00 100644
--- a/cookbooks/fail2ban/.foodcritic
+++ b/cookbooks/fail2ban/.foodcritic
@@ -1,2 +1 @@
 ~FC001
-~FC015
diff --git a/cookbooks/fail2ban/definitions/fail2ban_jail.rb b/cookbooks/fail2ban/definitions/fail2ban_jail.rb
deleted file mode 100644
index 3c3330652..000000000
--- a/cookbooks/fail2ban/definitions/fail2ban_jail.rb
+++ /dev/null
@@ -1,33 +0,0 @@
-#
-# Cookbook Name:: networking
-# Definition:: fail2ban_jail
-#
-# Copyright 2013, OpenStreetMap Foundation
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-#     http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-#
-
-define :fail2ban_jail, :action => :create do
-  template "/etc/fail2ban/jail.d/50-#{params[:name]}.conf" do
-    source "jail.erb"
-    owner "root"
-    group "root"
-    mode 0644
-    variables params
-    if node[:lsb][:release].to_f >= 14.04
-      notifies :create, "template[/etc/fail2ban/jail.local]"
-    else
-      notifies :reload, "service[fail2ban]"
-    end
-  end
-end
diff --git a/cookbooks/fail2ban/providers/jail.rb b/cookbooks/fail2ban/providers/jail.rb
new file mode 100644
index 000000000..d0e9dd5b3
--- /dev/null
+++ b/cookbooks/fail2ban/providers/jail.rb
@@ -0,0 +1,46 @@
+#
+# Cookbook Name:: fail2ban
+# Provider:: fail2ban_jail
+#
+# Copyright 2015, OpenStreetMap Foundation
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#     http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+
+def whyrun_supported?
+  true
+end
+
+use_inline_resources
+
+action :create do
+  template "/etc/fail2ban/jail.d/50-#{new_resource.name}.conf" do
+    cookbook "fail2ban"
+    source "jail.erb"
+    owner "root"
+    group "root"
+    mode 0644
+    variables :name => new_resource.name,
+              :filter => new_resource.filter,
+              :logpath => new_resource.logpath,
+              :protocol => new_resource.protocol,
+              :ports => new_resource.ports,
+              :maxretry => new_resource.maxretry
+  end
+end
+
+action :delete do
+  file "/etc/fail2ban/jail.d/50-#{new_resource.name}.conf" do
+    action :delete
+  end
+end
diff --git a/cookbooks/fail2ban/resources/jail.rb b/cookbooks/fail2ban/resources/jail.rb
new file mode 100644
index 000000000..01d9c502c
--- /dev/null
+++ b/cookbooks/fail2ban/resources/jail.rb
@@ -0,0 +1,36 @@
+#
+# Cookbook Name:: fail2ban
+# Resource:: fail2ban_jail
+#
+# Copyright 2015, OpenStreetMap Foundation
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+
+actions :create, :delete
+default_action :create
+
+attribute :name, :kind_of => String, :name_attribute => true
+attribute :filter, :kind_of => String
+attribute :logpath, :kind_of => String
+attribute :protocol, :kind_of => String
+attribute :ports, :kind_of => Array, :default => []
+attribute :maxretry, :kind_of => Integer
+
+def after_created
+  if node[:lsb][:release].to_f >= 14.04
+    notifies :reload, "service[fail2ban]"
+  else
+    notifies :create, "template[/etc/fail2ban/jail.local]"
+  end
+end
diff --git a/cookbooks/wordpress/recipes/default.rb b/cookbooks/wordpress/recipes/default.rb
index 545025bcd..65c486abf 100644
--- a/cookbooks/wordpress/recipes/default.rb
+++ b/cookbooks/wordpress/recipes/default.rb
@@ -42,6 +42,6 @@ end
 fail2ban_jail "wordpress" do
   filter "wordpress"
   logpath "/var/log/auth.log"
-  ports 80, 443
+  ports [80, 443]
   maxretry 6
 end