Ensure catalog compiles when endpoint is missing

Usually we parse the src port for incoming packets / the dst port for outgoing packets from the $endpoint param The param is optional, in case you want to create a passive endpoint for clients with dynamic ip addresses In those cases we still need to create firewall rules, but without src port for incoming packets / the dst port To make this all a bit easier, we also added a new parameter, $endpoint_port, which takes precedence over parsing $endpoint. Previously the catalog compilation failed with: ``` Evaluation Error: Left match operand must result in a String value. Got an Undef Value. ``` Because of: `if $endpoint =~ /:(\d+)$/ {` This test verifes that the current code is broken.
voxpupuli · Jan 1, 2024 · 2e0e3f8 · 2e0e3f8
1 parent d522e67
commit 2e0e3f8
Showing 1 changed file with 28 additions and 10 deletions.
diff --git a/spec/defines/interface_spec.rb b/spec/defines/interface_spec.rb
@@ -11,16 +11,6 @@
         os_facts
       end
 
-      context 'with only default values and manage_firewall=true it wont work' do
-        let :params do
-          {
-            manage_firewall: true
-          }
-        end
-
-        it { is_expected.not_to compile }
-      end
-
       context 'with only default values and manage_firewall=false it wont work' do
         let :params do
           {
@@ -546,6 +536,34 @@
         it { is_expected.to contain_nftables__simplerule('allow_out_wg_as1234-0') }
         it { is_expected.to contain_nftables__simplerule('allow_out_wg_as1234-1') }
       end
+
+
+      # Usually we parse the src port for incoming packets / the dst port for outgoing packets from the $endpoint param
+      # The param is optional, in case you want to create a passive endpoint for clients with dynamic ip addresses
+      # In those cases we still need to create firewall rules, but without src port for incoming packets / the dst port
+      # To make this all a bit easier, we also added a new parameter, $endpoint_port, which takes precedence over parsing $endpoint
+      context '' do
+        let :pre_condition do
+          'class {"systemd":
+            manage_networkd => true
+          }'
+        end
+        let :params do
+          {
+            public_key: 'blabla==',
+            manage_firewall: true,
+            destination_addresses: [],
+            addresses: [{ 'Address' => '192.0.2.1/24' }],
+            source_addresses: ['fe80::1', '127.0.0.1'],
+          }
+        end
+
+        it { is_expected.to compile.with_all_deps }
+        it { is_expected.to contain_nftables__simplerule('allow_in_wg_as1234-0').without_sport.with_dport(1234) }
+        it { is_expected.to contain_nftables__simplerule('allow_in_wg_as1234-1').without_sport.with_dport(1234) }
+        it { is_expected.to contain_nftables__simplerule('allow_out_wg_as1234-0').without_dport.with_sport(1234) }
+        it { is_expected.to contain_nftables__simplerule('allow_out_wg_as1234-1').without_dport.with_sport(1234) }
+      end
     end
   end
 end