Add variant array

voxpupuli · Jul 31, 2024 · 4626790 · 4626790
1 parent e5fa242
commit 4626790
Show file tree

Hide file tree

Showing 5 changed files with 179 additions and 21 deletions.
diff --git a/REFERENCE.md b/REFERENCE.md
@@ -2486,7 +2486,7 @@ Default value: `[]`
 
 Represents an address expression to be used within a rule.
 
-Alias of `Variant[Stdlib::IP::Address::V6, Stdlib::IP::Address::V4, Nftables::Addr::Set]`
+Alias of `Variant[Stdlib::IP::Address::V6, Stdlib::IP::Address::V4, Nftables::Addr::Set, Array[Stdlib::IP::Address::V6], Array[Stdlib::IP::Address::V4], Array[Nftables::Addr::Set]]`
 
 ### <a name="Nftables--Addr--Set"></a>`Nftables::Addr::Set`
 

diff --git a/spec/defines/simplerule_spec.rb b/spec/defines/simplerule_spec.rb
@@ -256,6 +256,38 @@
         }
       end
 
+      describe 'with an IPV4 array address as saddr' do
+        let(:params) do
+          {
+            saddr: ['172.16.1.5', '172.16.1.10', '172.16.1.15'],
+          }
+        end
+
+        it { is_expected.to compile }
+
+        it {
+          expect(subject).to contain_nftables__rule('default_in-my_default_rule_name').with(
+            content: 'ip saddr {172.16.1.5, 172.16.1.10, 172.16.1.15} accept'
+          )
+        }
+      end
+
+      describe 'with an IPV6 array address as saddr' do
+        let(:params) do
+          {
+            saddr: ['2001:1458:0000:0000:0000:0000:0000:0003', '8896:d5d9:e6f4:dd8f:af69:f5c0:0131:264f'],
+          }
+        end
+
+        it { is_expected.to compile }
+
+        it {
+          expect(subject).to contain_nftables__rule('default_in-my_default_rule_name').with(
+            content: 'ip6 saddr {2001:1458:0000:0000:0000:0000:0000:0003, 8896:d5d9:e6f4:dd8f:af69:f5c0:0131:264f} accept'
+          )
+        }
+      end
+
       describe 'with an IPv6 set as daddr, default set_type' do
         let(:params) do
           {
@@ -289,11 +321,75 @@
         }
       end
 
-      describe 'with a IPv6 set as saddr' do
+      describe 'with an IPv6 array set as daddr, default set_type' do
+        let(:params) do
+          {
+            daddr: ['@my6_1_set', '@my6_2_set'],
+          }
+        end
+
+        it { is_expected.to compile }
+
+        it {
+          expect(subject).to contain_nftables__rule('default_in-my_default_rule_name').with(
+            content: 'ip6 daddr {@my6_1_set, @my6_2_set} accept'
+          )
+        }
+      end
+
+      describe 'with a IPv4 array set as daddr' do
+        let(:params) do
+          {
+            daddr: ['@my4_1_set', '@my4_2_set'],
+            set_type: 'ip',
+          }
+        end
+
+        it { is_expected.to compile }
+
+        it {
+          expect(subject).to contain_nftables__rule('default_in-my_default_rule_name').with(
+            content: 'ip daddr {@my4_1_set, @my4_2_set} accept'
+          )
+        }
+      end
+
+      describe 'with an IPV4 array address as daddr' do
+        let(:params) do
+          {
+            daddr: ['172.16.1.5', '172.16.1.10', '172.16.1.15'],
+          }
+        end
+
+        it { is_expected.to compile }
+
+        it {
+          expect(subject).to contain_nftables__rule('default_in-my_default_rule_name').with(
+            content: 'ip daddr {172.16.1.5, 172.16.1.10, 172.16.1.15} accept'
+          )
+        }
+      end
+
+      describe 'with an IPV6 array address as daddr' do
+        let(:params) do
+          {
+            daddr: ['2001:1458:0000:0000:0000:0000:0000:0003', '8896:d5d9:e6f4:dd8f:af69:f5c0:0131:264f'],
+          }
+        end
+
+        it { is_expected.to compile }
+
+        it {
+          expect(subject).to contain_nftables__rule('default_in-my_default_rule_name').with(
+            content: 'ip6 daddr {2001:1458:0000:0000:0000:0000:0000:0003, 8896:d5d9:e6f4:dd8f:af69:f5c0:0131:264f} accept'
+          )
+        }
+      end
+
+      describe 'with an IPv6 set as saddr, default set_type' do
         let(:params) do
           {
             saddr: '@my6_set',
-            set_type: 'ip6',
           }
         end
 
@@ -306,6 +402,56 @@
         }
       end
 
+      describe 'with a IPv4 set as saddr' do
+        let(:params) do
+          {
+            saddr: '@my4_set',
+            set_type: 'ip',
+          }
+        end
+
+        it { is_expected.to compile }
+
+        it {
+          expect(subject).to contain_nftables__rule('default_in-my_default_rule_name').with(
+            content: 'ip saddr @my4_set accept'
+          )
+        }
+      end
+
+      describe 'with an IPv6 array set as saddr, default set_type' do
+        let(:params) do
+          {
+            saddr: ['@my6_1_set', '@my6_2_set'],
+          }
+        end
+
+        it { is_expected.to compile }
+
+        it {
+          expect(subject).to contain_nftables__rule('default_in-my_default_rule_name').with(
+            content: 'ip6 saddr {@my6_1_set, @my6_2_set} accept'
+          )
+        }
+      end
+
+      describe 'with a IPv4 array set as saddr' do
+        let(:params) do
+          {
+            saddr: ['@my4_1_set', '@my4_2_set'],
+            set_type: 'ip',
+          }
+        end
+
+        it { is_expected.to compile }
+
+        it {
+          expect(subject).to contain_nftables__rule('default_in-my_default_rule_name').with(
+            content: 'ip saddr {@my4_1_set, @my4_2_set} accept'
+          )
+        }
+      end
+
       describe 'with counter enabled' do
         let(:params) do
           {

diff --git a/spec/type_aliases/nftables_addr_spec.rb b/spec/type_aliases/nftables_addr_spec.rb
@@ -8,7 +8,12 @@
   it { is_expected.to allow_value('2001:1458::/32') }
   it { is_expected.to allow_value('2001:1458::3') }
   it { is_expected.to allow_value('@set_name') }
+  it { is_expected.to allow_value(['127.0.0.1']) }
+  it { is_expected.to allow_value(['172.16.1.0/24']) }
+  it { is_expected.to allow_value(['2001:1458::/32']) }
+  it { is_expected.to allow_value(['2001:1458::3']) }
+  it { is_expected.to allow_value(['@set_name']) }
+  it { is_expected.to allow_value(['@set_name', '@set_name2']) }
   it { is_expected.not_to allow_value('anything') }
   it { is_expected.not_to allow_value(43) }
-  it { is_expected.not_to allow_value(['127.0.0.1']) }
 end
diff --git a/templates/simplerule.epp b/templates/simplerule.epp
@@ -24,30 +24,34 @@
   $_ip_version_filter = undef
 } -%>
 <%- if $daddr {
-  if $daddr =~ Stdlib::IP::Address::V6 {
-    $_dst_hosts = "ip6 daddr ${daddr}"
-  } elsif $daddr =~ Stdlib::IP::Address::V4 {
-    $_dst_hosts = "ip daddr ${daddr}"
+  $_daddr = ($daddr =~ Array) ? {
+    true    => "{${$daddr.join(', ')}}",
+    default => $daddr,
+  }
+  if $daddr =~ Stdlib::IP::Address::V6 or $daddr =~ Array[Stdlib::IP::Address::V6] {
+    $_daddr_type = 'ip6'
+  } elsif $daddr =~ Stdlib::IP::Address::V4 or $daddr =~ Array[Stdlib::IP::Address::V4] {
+    $_daddr_type = 'ip'
   } else {
-    $_dst_hosts = $set_type ? {
-      'ip'  => "ip daddr ${daddr}",
-      'ip6' => "ip6 daddr ${daddr}",
-    }
+    $_daddr_type = $set_type # ip or ip6
   }
+  $_dst_hosts = "${_daddr_type} daddr ${_daddr}"
 } else {
   $_dst_hosts = undef
 } -%>
 <%- if $saddr {
-  if $saddr =~ Stdlib::IP::Address::V6 {
-    $_src_hosts = "ip6 saddr ${saddr}"
-  } elsif $saddr =~ Stdlib::IP::Address::V4 {
-    $_src_hosts = "ip saddr ${saddr}"
+  $_saddr = ($saddr =~ Array) ? {
+    true    => "{${$saddr.join(', ')}}",
+    default => $saddr,
+  }
+  if $saddr =~ Stdlib::IP::Address::V6 or $saddr =~ Array[Stdlib::IP::Address::V6] {
+    $_saddr_type = 'ip6'
+  } elsif $saddr =~ Stdlib::IP::Address::V4 or $saddr =~ Array[Stdlib::IP::Address::V4] {
+    $_saddr_type = 'ip'
   } else {
-    $_src_hosts = $set_type ? {
-      'ip'  => "ip saddr ${saddr}",
-      'ip6' => "ip6 saddr ${saddr}",
-    }
+    $_saddr_type = $set_type # ip or ip6
   }
+  $_src_hosts = "${_saddr_type} saddr ${_saddr}"
 } else {
   $_src_hosts = undef
 } -%>

diff --git a/types/addr.pp b/types/addr.pp
@@ -3,5 +3,8 @@
 type Nftables::Addr = Variant[
   Stdlib::IP::Address::V6,
   Stdlib::IP::Address::V4,
-  Nftables::Addr::Set
+  Nftables::Addr::Set,
+  Array[Stdlib::IP::Address::V6],
+  Array[Stdlib::IP::Address::V4],
+  Array[Nftables::Addr::Set]
 ]