feat(service): added an include feature for services

[kees-closed]

PR progress checklist (to be filled in by reviewers)

• Changes to documentation are appropriate (or tick if not required)
• Changes to tests are appropriate (or tick if not required)
• Reviews completed

---

What type of PR is this?

Primary type

• [build] Changes related to the build system
• [chore] Changes to the build process or auxiliary tools and libraries such as documentation generation
• [ci] Changes to the continuous integration configuration
• [feat] A new feature
• [fix] A bug fix
• [perf] A code change that improves performance
• [refactor] A code change that neither fixes a bug nor adds a feature
• [revert] A change used to revert a previous commit
• [style] Changes that do not affect the meaning of the code (white-space, formatting, missing semi-colons, etc.)

Secondary type

• [docs] Documentation changes
• [test] Adding missing or correcting existing tests

Does this PR introduce a BREAKING CHANGE?

No.

Related issues and/or pull requests

Describe the changes you're proposing

At the moment the formula doesn't support service includes. These are useful if a service requires ports that are already defined in existing services. Don't repeat, just include them. For example:

firewall-cmd --info-service=confluent -v
confluent
  summary: Confluent service
  description: Confluent and depending services
  ports: 4005/tcp 13001/tcp 427/udp 1900/udp 4011/udp
  protocols: 
  source-ports: 
  modules: 
  destination: ipv4:172.18.48.0/20
  includes: dhcp http https tftp
  helpers: 

By adding items to the list includes, such as dhcp then these are added to the service XML file.

Pillar / config required to test the proposed changes

  services:
    confluent:
      short: Confluent service
      description: >-
        Confluent and depending services
      ports:
        tcp:
          - 4005
          - 13001
        udp:
          - 427
          - 1900
          - 4011
      destinations:
        ipv4:
          - 172.18.48.0/20
      includes:
        - dhcp
        - http
        - https
        - tftp

Debug log showing how the proposed changes work

Which then add it to the service XML file:

          ID: /etc/firewalld/services/confluent.xml                                                                                                                                                                                            
    Function: file.managed                                                                                                                                                                                                                     
      Result: True                                                                                                                                                                                                                             
     Comment: File /etc/firewalld/services/confluent.xml updated                                                                                                                                                                               
     Started: 08:55:30.968921                                                                                                                                                                                                                  
    Duration: 20.97 ms                                                                                                                                                                                                                         
     Changes:        
              ----------       
              diff:          
                  ---  
                  +++ 
                  @@ -13,4 +13,8 @@                                                                                                                                                                                                            
                     <port port="1900" protocol="udp" />
                     <port port="4011" protocol="udp" />
                     <destination ipv4="172.18.48.0/20" />
                  +  <include service="dhcp" />
                  +  <include service="http" />                                                                                                                                                                                                
                  +  <include service="https" />
                  +  <include service="tftp" />      
                   </service> 

Cannot test it in Salt Kitchen, for some reason my dependencies are not resolved. I'm using Fedora 38. Already installed a few ruby dev packages, no change. Never used kitchen before, it's also not packaged for Fedora.

Fetching unf_ext 0.0.8.2
Installing unf_ext 0.0.8.2 with native extensions
Gem::Ext::BuildError: ERROR: Failed to build gem native extension.

    current directory: /home/user/.gem/ruby/3.2.0/gems/unf_ext-0.0.8.2/ext/unf_ext
/usr/bin/ruby -I/usr/share/rubygems extconf.rb
mkmf.rb can't find header files for ruby at /usr/share/include/ruby.h

You might have to install separate package for the ruby development
environment, ruby-dev or ruby-devel for example.

extconf failed, exit code 1

Gem files will remain installed in /home/user/.gem/ruby/3.2.0/gems/unf_ext-0.0.8.2 for inspection.
Results logged to /home/user/.gem/ruby/3.2.0/extensions/x86_64-linux/3.2.0/unf_ext-0.0.8.2/gem_make.out

An error occurred while installing unf_ext (0.0.8.2), and Bundler cannot continue.
Make sure that `gem install unf_ext -v '0.0.8.2' --source 'https://rubygems.org/'` succeeds before bundling.

In Gemfile:
  kitchen-inspec was resolved to 2.6.1, which depends on
    inspec was resolved to 5.18.15, which depends on
      train was resolved to 3.10.1, which depends on
        azure_graph_rbac was resolved to 0.17.2, which depends on
          ms_rest_azure was resolved to 0.12.0, which depends on
            faraday-cookie_jar was resolved to 0.0.7, which depends on
              http-cookie was resolved to 1.0.5, which depends on
                domain_name was resolved to 0.5.20190701, which depends on
                  unf was resolved to 0.1.4, which depends on
                    unf_ext

Documentation checklist

• Updated the README (e.g. Available states).
• Updated pillar.example.

Testing checklist

• Included in Kitchen (i.e. under state_top).
• Covered by new/existing tests (e.g. InSpec, Serverspec, etc.).
• Updated the relevant test pillar.

Additional context

[baby-gnu]

Hello @kees-closed, could you rewrite the commit messages to match the commit message formatting policy?

Regards.

[kees-closed]

Hello @kees-closed, could you rewrite the commit messages to match the commit message formatting policy?

Regards.

I suppose the commits will be squashed? So only the title of this MR needs to match the requirement? If not, could you please clarify a bit further? Thanks.

[baby-gnu]

I suppose the commits will be squashed? So only the title of this MR needs to match the requirement? If not, could you please clarify a bit further? Thanks.

No, the MR title is of no use in the commitlint check, each commit title must conform to the policy.

You could rewrite:

• the first commit to

  feat(service): support include services
  

• the second to

  test(pillar.example): add `includes`
  

Note that the pillar.example is used for tests.

Regards.