Merge pull request #61 from sebastianrakel/fix-address-template

Fix $addresses hash needs to accept any type of v4 or v6 address
voxpupuli · Aug 22, 2022 · 78c21a4 · 78c21a4
2 parents 142aa6d + f979001
commit 78c21a4
Show file tree

Hide file tree

Showing 5 changed files with 34 additions and 4 deletions.
diff --git a/manifests/interface.pp b/manifests/interface.pp
@@ -90,7 +90,7 @@
   String[1] $input_interface = $facts['networking']['primary'],
   Boolean $manage_firewall = true,
   Array[Stdlib::IP::Address] $source_addresses = [],
-  Array[Hash[String,Variant[Stdlib::IP::Address::V4::CIDR,Stdlib::IP::Address::V6::CIDR]]] $addresses = [],
+  Array[Hash[String,Variant[Stdlib::IP::Address::V4,Stdlib::IP::Address::V6]]] $addresses = [],
   Optional[String[1]] $description = undef,
   Optional[Integer[1280, 9000]] $mtu = undef,
   Optional[String[1]] $public_key = undef,

diff --git a/manifests/provider/systemd.pp b/manifests/provider/systemd.pp
@@ -6,7 +6,7 @@
   Enum['present', 'absent'] $ensure = 'present',
   Wireguard::Peers $peers = [],
   Integer[1024, 65000] $dport = Integer(regsubst($title, '^\D+(\d+)$', '\1')),
-  Array[Hash[String,Variant[Stdlib::IP::Address::V4::CIDR,Stdlib::IP::Address::V6::CIDR]]] $addresses = [],
+  Array[Hash[String,Variant[Stdlib::IP::Address::V4,Stdlib::IP::Address::V6]]] $addresses = [],
   Optional[String[1]] $description = undef,
   Optional[Integer[1280, 9000]] $mtu = undef,
   Array[Hash[String[1], Variant[String[1], Boolean]]] $routes = [],

diff --git a/manifests/provider/wgquick.pp b/manifests/provider/wgquick.pp
@@ -6,7 +6,7 @@
   Enum['present', 'absent'] $ensure = 'present',
   Wireguard::Peers $peers = [],
   Integer[1024, 65000] $dport = Integer(regsubst($title, '^\D+(\d+)$', '\1')),
-  Array[Hash[String,Variant[Stdlib::IP::Address::V4::CIDR,Stdlib::IP::Address::V6::CIDR]]] $addresses = [],
+  Array[Hash[String,Variant[Stdlib::IP::Address::V4,Stdlib::IP::Address::V6]]] $addresses = [],
 ) {
   assert_private()
   $params = {

diff --git a/spec/defines/interface_spec.rb b/spec/defines/interface_spec.rb
@@ -336,6 +336,36 @@ class {"systemd":
         it { is_expected.to contain_file("/etc/wireguard/#{title}.conf") }
         it { is_expected.not_to contain_ferm__rule("allow_wg_#{title}") }
       end
+
+      context 'with required params and defined private key and without firewall rules and with configured addresses with dns' do
+        let :params do
+          {
+            public_key: 'blabla==',
+            private_key: 'gFYpkdIuGG3EhXKdGmuMJs/3rp/88wkFv2Go+shtu08=',
+            endpoint: 'wireguard.example.com:1234',
+            manage_firewall: false,
+            # we need to set destination_addresses to overwrite the default
+            # that would configure IPv4+IPv6, but GHA doesn't provide IPv6 for us
+            destination_addresses: [facts[:networking]['ip'],],
+            addresses: [{ 'Address' => '192.168.218.87/32', 'DNS' => '192.168.218.1', 'Peer' => '172.20.53.97/32' }, { 'Address' => 'fe80::ade1/64', },],
+          }
+        end
+
+        it { is_expected.to compile.with_all_deps }
+        it { is_expected.to contain_class('wireguard') }
+        it { is_expected.not_to contain_exec("generate private key #{title}") }
+        it { is_expected.to contain_file("/etc/wireguard/#{title}").with_content('gFYpkdIuGG3EhXKdGmuMJs/3rp/88wkFv2Go+shtu08=') }
+        it { is_expected.to contain_exec("generate public key #{title}") }
+        it { is_expected.to contain_file("/etc/wireguard/#{title}.pub") }
+        it { is_expected.to contain_systemd__network("#{title}.netdev") }
+        it { is_expected.to contain_systemd__network("#{title}.network") }
+        it { is_expected.to contain_file("/etc/systemd/network/#{title}.network").with_content(%r{[Address]}) } # rubocop:disable Lint/DuplicateRegexpCharacterClassElement
+        it { is_expected.to contain_file("/etc/systemd/network/#{title}.network").with_content(%r{Address=192.168.218.87/32}) }
+        it { is_expected.to contain_file("/etc/systemd/network/#{title}.network").with_content(%r{DNS=192.168.218.1}) }
+        it { is_expected.to contain_file("/etc/systemd/network/#{title}.network").with_content(%r{Peer=172.20.53.97/32}) }
+        it { is_expected.to contain_file("/etc/systemd/network/#{title}.network").with_content(%r{Address=fe80::ade1/64}) }
+        it { is_expected.not_to contain_ferm__rule("allow_wg_#{title}") }
+      end
     end
   end
 end
diff --git a/templates/wireguard_conf.epp b/templates/wireguard_conf.epp
@@ -7,7 +7,7 @@
 # THIS FILE IS MANAGED BY PUPPET
 [Interface]
 <% $addresses.each |$address| { -%>
-Address = <%= $address['Address'] %>
+<%= $key %>=<%= $value %>
 <% } -%>
 ListenPort = <%= $dport %>
 PostUp = wg set %i private-key /etc/wireguard/<%= $interface %>