From 9f233e6b19e26c90dbdcf9995b5b508ebc9c1993 Mon Sep 17 00:00:00 2001
From: Ryan Rotter <rrotter@users.noreply.github.com>
Date: Tue, 5 Nov 2024 17:09:30 -0500
Subject: [PATCH] use firewall v8 semantics for exported resources

`s/action/state/`, but only for exported resources, and only for the
non-prefixed-tag version.

Not yet actually collecting the firewall v8 resources, just adding them
so they are present when we upgrade the firewall module.
---
 manifests/profile/haproxy.pp                  |  2 +-
 manifests/profile/prometheus.pp               | 10 ++++++----
 manifests/profile/prometheus/exporter/node.pp |  2 +-
 manifests/unison/client.pp                    |  2 +-
 4 files changed, 9 insertions(+), 7 deletions(-)

diff --git a/manifests/profile/haproxy.pp b/manifests/profile/haproxy.pp
index 44b445148..df6c28810 100644
--- a/manifests/profile/haproxy.pp
+++ b/manifests/profile/haproxy.pp
@@ -135,7 +135,7 @@
     dport  => [80, 443],
     source => $::ipaddress,
     state  => 'NEW',
-    action => 'accept',
+    jump   => 'accept',
     tag    => 'haproxy'
   }
 
diff --git a/manifests/profile/prometheus.pp b/manifests/profile/prometheus.pp
index ed95fbe05..c7cee274b 100644
--- a/manifests/profile/prometheus.pp
+++ b/manifests/profile/prometheus.pp
@@ -231,7 +231,7 @@
         proto  => 'tcp',
         source => $address,
         state  => 'NEW',
-        action => 'accept',
+        jump   => 'accept',
       ;
 
       "010 prometheus public node exporter ${::hostname} ${address}":
@@ -247,11 +247,13 @@
       "010 prometheus public node exporter firewall6 ${::hostname} ${address}":
         tag    => "firewall6-${::datacenter}_prometheus_public_node_exporter",
         dport  => 9100,
+        action => 'accept',
       ;
 
       "010 prometheus public ipmi exporter firewall6 ${::hostname} ${address}":
         tag    => "firewall6-${::datacenter}_prometheus_public_ipmi_exporter",
         dport  => 9290,
+        action => 'accept',
       ;
     }
   }
@@ -262,7 +264,7 @@
         proto  => 'tcp',
         source => $address,
         state  => 'NEW',
-        action => 'accept',
+        jump   => 'accept',
       ;
 
       "010 prometheus private node exporter ${::hostname} ${address}":
@@ -302,7 +304,7 @@
     dport  => 9101,
     source => $::ipaddress,
     state  => 'NEW',
-    action => 'accept',
+    jump   => 'accept',
   }
 
   @@firewall { "010 prometheus firewall6 haproxy exporter ${::hostname}":
@@ -320,7 +322,7 @@
     dport  => 9104,
     source => $::ipaddress,
     state  => 'NEW',
-    action => 'accept',
+    jump   => 'accept',
   }
 
   @@firewall { "010 prometheus firewall6 mysql exporter ${::hostname}":
diff --git a/manifests/profile/prometheus/exporter/node.pp b/manifests/profile/prometheus/exporter/node.pp
index 188d6e16c..b7b949b6f 100644
--- a/manifests/profile/prometheus/exporter/node.pp
+++ b/manifests/profile/prometheus/exporter/node.pp
@@ -155,7 +155,7 @@
       dport  => 9091,
       source => $address,
       state  => 'NEW',
-      action => 'accept',
+      jump   => 'accept',
     }
 
     @@firewall { "300 pushgateway firewall6 ${::hostname} ${address}":
diff --git a/manifests/unison/client.pp b/manifests/unison/client.pp
index 1c88918e4..ef8010e17 100644
--- a/manifests/unison/client.pp
+++ b/manifests/unison/client.pp
@@ -39,7 +39,7 @@
     dport  => [$port],
     source => $::ipaddress,
     state  => 'NEW',
-    action => 'accept',
+    jump   => 'accept',
     tag    =>  "unison-client-${title}"
   }