Add variant array

voxpupuli · Jul 31, 2024 · 5581794 · 5581794
1 parent e5fa242
commit 5581794
Show file tree

Hide file tree

Showing 5 changed files with 177 additions and 5 deletions.
diff --git a/REFERENCE.md b/REFERENCE.md
@@ -2486,7 +2486,7 @@ Default value: `[]`
 
 Represents an address expression to be used within a rule.
 
-Alias of `Variant[Stdlib::IP::Address::V6, Stdlib::IP::Address::V4, Nftables::Addr::Set]`
+Alias of `Variant[Stdlib::IP::Address::V6, Stdlib::IP::Address::V4, Nftables::Addr::Set, Array[Stdlib::IP::Address::V6], Array[Stdlib::IP::Address::V4], Array[Nftables::Addr::Set]]`
 
 ### <a name="Nftables--Addr--Set"></a>`Nftables::Addr::Set`
 

diff --git a/spec/defines/simplerule_spec.rb b/spec/defines/simplerule_spec.rb
@@ -256,6 +256,38 @@
         }
       end
 
+      describe 'with an IPV4 array address as saddr' do
+        let(:params) do
+          {
+            saddr: ['172.16.1.5', '172.16.1.10', '172.16.1.15'],
+          }
+        end
+
+        it { is_expected.to compile }
+
+        it {
+          expect(subject).to contain_nftables__rule('default_in-my_default_rule_name').with(
+            content: 'ip saddr {172.16.1.5, 172.16.1.10, 172.16.1.15} accept'
+          )
+        }
+      end
+
+      describe 'with an IPV6 array address as saddr' do
+        let(:params) do
+          {
+            saddr: ['2001:1458:0000:0000:0000:0000:0000:0003', '2001:1458:0000:0000:0000:0000:0000:0006'],
+          }
+        end
+
+        it { is_expected.to compile }
+
+        it {
+          expect(subject).to contain_nftables__rule('default_in-my_default_rule_name').with(
+            content: 'ip saddr {2001:1458:0000:0000:0000:0000:0000:0003, 2001:1458:0000:0000:0000:0000:0000:0006} accept'
+          )
+        }
+      end
+
       describe 'with an IPv6 set as daddr, default set_type' do
         let(:params) do
           {
@@ -289,11 +321,75 @@
         }
       end
 
-      describe 'with a IPv6 set as saddr' do
+      describe 'with an IPv6 array set as daddr, default set_type' do
+        let(:params) do
+          {
+            daddr: ['@my6_1_set', '@my6_2_set'],
+          }
+        end
+
+        it { is_expected.to compile }
+
+        it {
+          expect(subject).to contain_nftables__rule('default_in-my_default_rule_name').with(
+            content: 'ip6 daddr {@my6_1_set, @my6_2_set} accept'
+          )
+        }
+      end
+
+      describe 'with a IPv4 array set as daddr' do
+        let(:params) do
+          {
+            daddr: ['@my4_1_set', '@my4_2_set'],
+            set_type: 'ip',
+          }
+        end
+
+        it { is_expected.to compile }
+
+        it {
+          expect(subject).to contain_nftables__rule('default_in-my_default_rule_name').with(
+            content: 'ip daddr {@my4_1_set, @my4_2_set} accept'
+          )
+        }
+      end
+
+      describe 'with an IPV4 array address as daddr' do
+        let(:params) do
+          {
+            daddr: ['172.16.1.5', '172.16.1.10', '172.16.1.15'],
+          }
+        end
+
+        it { is_expected.to compile }
+
+        it {
+          expect(subject).to contain_nftables__rule('default_in-my_default_rule_name').with(
+            content: 'ip daddr {172.16.1.5, 172.16.1.10, 172.16.1.15} accept'
+          )
+        }
+      end
+
+      describe 'with an IPV6 array address as daddr' do
+        let(:params) do
+          {
+            daddr: ['2001:1458:0000:0000:0000:0000:0000:0003', '2001:1458:0000:0000:0000:0000:0000:0006'],
+          }
+        end
+
+        it { is_expected.to compile }
+
+        it {
+          expect(subject).to contain_nftables__rule('default_in-my_default_rule_name').with(
+            content: 'ip daddr {2001:1458:0000:0000:0000:0000:0000:0003, 2001:1458:0000:0000:0000:0000:0000:0006} accept'
+          )
+        }
+      end
+
+      describe 'with an IPv6 set as saddr, default set_type' do
         let(:params) do
           {
             saddr: '@my6_set',
-            set_type: 'ip6',
           }
         end
 
@@ -306,6 +402,56 @@
         }
       end
 
+      describe 'with a IPv4 set as saddr' do
+        let(:params) do
+          {
+            saddr: '@my4_set',
+            set_type: 'ip',
+          }
+        end
+
+        it { is_expected.to compile }
+
+        it {
+          expect(subject).to contain_nftables__rule('default_in-my_default_rule_name').with(
+            content: 'ip saddr @my4_set accept'
+          )
+        }
+      end
+
+      describe 'with an IPv6 array set as saddr, default set_type' do
+        let(:params) do
+          {
+            saddr: ['@my6_1_set', '@my6_2_set'],
+          }
+        end
+
+        it { is_expected.to compile }
+
+        it {
+          expect(subject).to contain_nftables__rule('default_in-my_default_rule_name').with(
+            content: 'ip6 saddr {@my6_1_set, @my6_2_set} accept'
+          )
+        }
+      end
+
+      describe 'with a IPv4 array set as saddr' do
+        let(:params) do
+          {
+            saddr: ['@my4_1_set', '@my4_2_set'],
+            set_type: 'ip',
+          }
+        end
+
+        it { is_expected.to compile }
+
+        it {
+          expect(subject).to contain_nftables__rule('default_in-my_default_rule_name').with(
+            content: 'ip saddr {@my4_1_set, @my4_2_set} accept'
+          )
+        }
+      end
+
       describe 'with counter enabled' do
         let(:params) do
           {

diff --git a/spec/type_aliases/nftables_addr_spec.rb b/spec/type_aliases/nftables_addr_spec.rb
@@ -8,7 +8,12 @@
   it { is_expected.to allow_value('2001:1458::/32') }
   it { is_expected.to allow_value('2001:1458::3') }
   it { is_expected.to allow_value('@set_name') }
+  it { is_expected.to allow_value(['127.0.0.1']) }
+  it { is_expected.to allow_value(['172.16.1.0/24']) }
+  it { is_expected.to allow_value(['2001:1458::/32']) }
+  it { is_expected.to allow_value(['2001:1458::3']) }
+  it { is_expected.to allow_value(['@set_name']) }
+  it { is_expected.to allow_value(['@set_name', '@set_name2']) }
   it { is_expected.not_to allow_value('anything') }
   it { is_expected.not_to allow_value(43) }
-  it { is_expected.not_to allow_value(['127.0.0.1']) }
 end
diff --git a/templates/simplerule.epp b/templates/simplerule.epp
@@ -28,6 +28,15 @@
     $_dst_hosts = "ip6 daddr ${daddr}"
   } elsif $daddr =~ Stdlib::IP::Address::V4 {
     $_dst_hosts = "ip daddr ${daddr}"
+  } elsif $daddr =~ Array[Stdlib::IP::Address::V6] {
+    $_dst_hosts = "ip6 daddr {${Array($daddr, true).join(', ')}}"
+  } elsif $daddr =~ Array[Stdlib::IP::Address::V4] {
+    $_dst_hosts = "ip daddr {${Array($daddr, true).join(', ')}}"
+  } elsif $daddr =~ Array {
+    $_dst_hosts = $set_type ? {
+      'ip'  => "ip daddr {${Array($daddr, true).join(', ')}}",
+      'ip6' => "ip6 daddr {${Array($daddr, true).join(', ')}}",
+    }
   } else {
     $_dst_hosts = $set_type ? {
       'ip'  => "ip daddr ${daddr}",
@@ -42,6 +51,15 @@
     $_src_hosts = "ip6 saddr ${saddr}"
   } elsif $saddr =~ Stdlib::IP::Address::V4 {
     $_src_hosts = "ip saddr ${saddr}"
+  } elsif $saddr =~ Array[Stdlib::IP::Address::V6] {
+    $_src_hosts = "ip6 saddr {${Array($saddr, true).join(', ')}}"
+  } elsif $saddr =~ Array[Stdlib::IP::Address::V4] {
+    $_src_hosts = "ip saddr {${Array($saddr, true).join(', ')}}"
+  } elsif $saddr =~ Array {
+    $_src_hosts = $set_type ? {
+      'ip'  => "ip saddr {${Array($saddr, true).join(', ')}}",
+      'ip6' => "ip6 saddr {${Array($saddr, true).join(', ')}}",
+    }
   } else {
     $_src_hosts = $set_type ? {
       'ip'  => "ip saddr ${saddr}",

diff --git a/types/addr.pp b/types/addr.pp
@@ -3,5 +3,8 @@
 type Nftables::Addr = Variant[
   Stdlib::IP::Address::V6,
   Stdlib::IP::Address::V4,
-  Nftables::Addr::Set
+  Nftables::Addr::Set,
+  Array[Stdlib::IP::Address::V6],
+  Array[Stdlib::IP::Address::V4],
+  Array[Nftables::Addr::Set]
 ]