Allow the client $port to be an array as well as an integer

djjudas21 · May 13, 2021 · 5da59ea · 5da59ea
1 parent 1e1bd7c
commit 5da59ea
Show file tree

Hide file tree

Showing 2 changed files with 91 additions and 3 deletions.
diff --git a/manifests/client.pp b/manifests/client.pp
@@ -30,7 +30,7 @@
   Optional[Integer] $lifetime                        = undef,
   Optional[Integer] $idle_timeout                    = undef,
   Optional[String] $redirect                         = undef,
-  Optional[Integer] $port                            = undef,
+  Optional[Variant[Integer,Array[Integer]]] $port    = undef,
   Optional[String] $srcip                            = undef,
   Boolean $firewall                                  = false,
   Freeradius::Ensure $ensure                         = present,
@@ -53,16 +53,22 @@
   }
 
   if ($firewall and $ensure == 'present') {
+    if $port =~ Array {
+      $port_description = $port.join(',')
+    } else {
+      $port_description = $port
+    }
+
     if $port {
       if $ip {
-        firewall { "100 ${shortname} ${port} v4":
+        firewall { "100 ${shortname} ${port_description} v4":
           proto  => 'udp',
           dport  => $port,
           action => 'accept',
           source => $ip,
         }
       } elsif $ip6 {
-        firewall { "100 ${shortname} ${port} v6":
+        firewall { "100 ${shortname} ${port_description} v6":
           proto    => 'udp',
           dport    => $port,
           action   => 'accept',

diff --git a/spec/defines/client_spec.rb b/spec/defines/client_spec.rb
@@ -24,4 +24,86 @@
       .that_requires('File[/etc/raddb/clients.d]')
       .that_requires('Group[radiusd]')
   end
+
+  context 'with firewall' do
+    let(:params) do
+      super().merge(
+        firewall: true,
+      )
+    end
+
+    it do
+      is_expected.to compile.and_raise_error(%r{Must specify \$port if you specify \$firewall})
+    end
+
+    context 'with integer port' do
+      let(:params) do
+        super().merge(
+          port: 1234,
+        )
+      end
+
+      it do
+        is_expected.to contain_firewall('100 test_short 1234 v4')
+          .with_proto('udp')
+          .with_dport(1234)
+          .with_action('accept')
+          .with_source('1.2.3.4')
+      end
+
+      context 'with ipv6' do
+        let(:params) do
+          super().reject { |k, _| k == :ip }.merge(
+            ip6: '2001:db8::100',
+          )
+        end
+
+        it do
+          is_expected.not_to contain_firewall('100 test_short 1234 v4')
+
+          is_expected.to contain_firewall('100 test_short 1234 v6')
+            .with_proto('udp')
+            .with_dport(1234)
+            .with_action('accept')
+            .with_source('2001:db8::100')
+            .with_provider('ip6tables')
+        end
+      end
+    end
+
+    context 'with array port' do
+      let(:params) do
+        super().merge(
+          port: [1234, 4321],
+        )
+      end
+
+      it do
+        is_expected.to contain_firewall('100 test_short 1234,4321 v4')
+          .with_proto('udp')
+          .with_dport([1234, 4321])
+          .with_action('accept')
+          .with_source('1.2.3.4')
+      end
+
+      context 'with ipv6' do
+        let(:params) do
+          super().reject { |k, _| k == :ip }.merge(
+            ip6: '2001:db8::100',
+          )
+        end
+
+        it do
+          is_expected.not_to contain_firewall('100 test_short 1234,4321 v4')
+
+          is_expected.to contain_firewall('100 test_short 1234,4321 v6')
+            .with_proto('udp')
+            .with_dport([1234, 4321])
+            .with_action('accept')
+            .with_source('2001:db8::100')
+            .with_provider('ip6tables')
+        end
+      end
+    end
+  end
 end