From a567a8fdcc6f933286a6ce3e497fc0cfb87ec971 Mon Sep 17 00:00:00 2001 From: Kilian Engelhardt Date: Mon, 29 Jul 2019 10:27:43 +0200 Subject: allow arrays for saddr and daddr check for data type IP address when using arrays add debug output when it's failing --- manifests/rule.pp | 26 +++++++++++++++++++++----- 1 file changed, 21 insertions(+), 5 deletions(-) (limited to 'manifests') diff --git a/manifests/rule.pp b/manifests/rule.pp index b8ae29a..bd17245 100644 --- a/manifests/rule.pp +++ b/manifests/rule.pp @@ -17,8 +17,8 @@ define ferm::rule ( String $comment = $name, Optional[Variant[Stdlib::Port,String[1]]] $dport = undef, Optional[Variant[Stdlib::Port,String[1]]] $sport = undef, - Optional[String[1]] $saddr = undef, - Optional[String[1]] $daddr = undef, + Optional[Variant[Array, String[1]]] $saddr = undef, + Optional[Variant[Array, String[1]]] $daddr = undef, Optional[String[1]] $proto_options = undef, Optional[String[1]] $interface = undef, Enum['absent','present'] $ensure = 'present', @@ -33,13 +33,29 @@ define ferm::rule ( undef => '', default => "sport ${sport}", } + if $saddr =~ Array { + assert_type(Array[Stdlib::IP::Address], flatten($saddr)) |$expected, $actual| { + fail( "The data type should be \'${expected}\', not \'${actual}\'. The data is ${flatten($saddr)}." ) + '' + } + } $saddr_real = $saddr ? { undef => '', - default => "saddr @ipfilter(${saddr})", + Array => "saddr @ipfilter((${join(flatten($saddr).unique, ' ')}))", + String => "saddr @ipfilter((${saddr}))", + default => '', + } + if $daddr =~ Array { + assert_type(Array[Stdlib::IP::Address], flatten($daddr)) |$expected, $actual| { + fail( "The data type should be \'${expected}\', not \'${actual}\'. The data is ${flatten($daddr)}." ) + '' + } } $daddr_real = $daddr ? { - undef => '', - default => "daddr @ipfilter(${daddr})" + undef => '', + Array => "daddr @ipfilter((${join(flatten($daddr).unique, ' ')}))", + String => "daddr @ipfilter((${daddr}))", + default => '', } $proto_options_real = $proto_options ? { undef => '', -- cgit v1.2.3