From e15e71e447e6e1f50e9ef7c6fd895d13318530e7 Mon Sep 17 00:00:00 2001
From: Massimiliano Adamo <maxadamo@gmail.com>
Date: Thu, 19 Jan 2023 12:54:08 +0100
Subject: [PATCH] merge from test

---
 functions/fw_builder.pp            | 10 ++++++++++
 functions/fw_builder_public_ips.pp | 11 +++--------
 2 files changed, 13 insertions(+), 8 deletions(-)

diff --git a/functions/fw_builder.pp b/functions/fw_builder.pp
index 68f283b..81ddf57 100644
--- a/functions/fw_builder.pp
+++ b/functions/fw_builder.pp
@@ -129,6 +129,16 @@ function fw_builder::fw_builder() {
     content => to_yaml({fw_ipsets => $ipsets});
   }
 
+  # emit warning if the key is deinfed and it's empty
+  #
+  ['public', 'trust'].each() |$zone| {
+    if $zone in $fw_conf and empty($fw_conf[$zone]) {
+      echo { "WARNING FW Builder zone ${zone}":
+        message => "key '${zone}' is defined but it\'s empty";
+      }
+    }
+  }
+
   # this section will setup / create all the fwb rules
   #
   ['public', 'trust'].each() |$zone| {
diff --git a/functions/fw_builder_public_ips.pp b/functions/fw_builder_public_ips.pp
index fbae5b5..2d60042 100644
--- a/functions/fw_builder_public_ips.pp
+++ b/functions/fw_builder_public_ips.pp
@@ -24,23 +24,18 @@ function fw_builder::fw_builder_public_ips(
   Optional[Array] $facts_ipsets
 ) >> Array {
 
-  if $facts_fw_conf =~ Undef or $facts_ipsets =~ Undef {
   # when puppet runs for the first time these facts are not available
+  if $facts_fw_conf =~ Undef or $facts_ipsets =~ Undef {
     $public_ipsets = []
-  } elsif $facts_fw_conf['public'] =~ String {
   # if public is empty it's seen as empty string
+  } elsif $facts_fw_conf['public'] =~ String or  $facts_fw_conf['public'] =~ Undef {
     $public_ipsets = []
   } else {
+    # if public is present and contains some value
     if 'public' in $facts_fw_conf {
-      # this check is not needed, but it will be necessary if the
-      # code of fw_builder changes and "public" can be absent
 
       $facts_fw_conf_public = $facts_fw_conf['public']
 
-      if $facts_fw_conf_public.length == 0 {
-        fail('public is declared but it is empty. Please either delete it or add proper values')
-      }
-
       # create a list of lists with all the ipsets in public
       $unflattened_public_ipsets = $facts_fw_conf_public.map |$app_key, $app_value| {
         if 'ipset' in keys($facts_fw_conf_public[$app_key]) {
-- 
GitLab