diff --git a/functions/fw_builder.pp b/functions/fw_builder.pp
index 68f283bc1c6576f9dc68de100c7af7a72c53b6c9..81ddf574d82c42b71f9f353ba4f79b71b1e608ba 100644
--- a/functions/fw_builder.pp
+++ b/functions/fw_builder.pp
@@ -129,6 +129,16 @@ function fw_builder::fw_builder() {
content => to_yaml({fw_ipsets => $ipsets});
}
+ # emit warning if the key is deinfed and it's empty
+ #
+ ['public', 'trust'].each() |$zone| {
+ if $zone in $fw_conf and empty($fw_conf[$zone]) {
+ echo { "WARNING FW Builder zone ${zone}":
+ message => "key '${zone}' is defined but it\'s empty";
+ }
+ }
+ }
+
# this section will setup / create all the fwb rules
#
['public', 'trust'].each() |$zone| {
diff --git a/functions/fw_builder_public_ips.pp b/functions/fw_builder_public_ips.pp
index fbae5b5532a2119a1836846126eb39ba0f5f71f9..2d6004266c3c675497ff1e6c3b645acb1ef0a545 100644
--- a/functions/fw_builder_public_ips.pp
+++ b/functions/fw_builder_public_ips.pp
@@ -24,23 +24,18 @@ function fw_builder::fw_builder_public_ips(
Optional[Array] $facts_ipsets
) >> Array {
- if $facts_fw_conf =~ Undef or $facts_ipsets =~ Undef {
# when puppet runs for the first time these facts are not available
+ if $facts_fw_conf =~ Undef or $facts_ipsets =~ Undef {
$public_ipsets = []
- } elsif $facts_fw_conf['public'] =~ String {
# if public is empty it's seen as empty string
+ } elsif $facts_fw_conf['public'] =~ String or $facts_fw_conf['public'] =~ Undef {
$public_ipsets = []
} else {
+ # if public is present and contains some value
if 'public' in $facts_fw_conf {
- # this check is not needed, but it will be necessary if the
- # code of fw_builder changes and "public" can be absent
$facts_fw_conf_public = $facts_fw_conf['public']
- if $facts_fw_conf_public.length == 0 {
- fail('public is declared but it is empty. Please either delete it or add proper values')
- }
-
# create a list of lists with all the ipsets in public
$unflattened_public_ipsets = $facts_fw_conf_public.map |$app_key, $app_value| {
if 'ipset' in keys($facts_fw_conf_public[$app_key]) {