From 8bbac8b72cac7c6e078998f39e740a9153a61f7c Mon Sep 17 00:00:00 2001 From: Samy Mahmoudi Date: Thu, 12 Aug 2021 11:56:38 -0400 Subject: [PATCH 1/2] PVPN: Add boolean parameter 'routes_depend_on_peer' and apply relevant changes (#12173) MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit • Fix: when the parameter is set to true, do not only define several 'Destination' but also several '[Route]' sections. • New feature: when the parameter is set to false, change the 'Scope' of the routes to 'link'. --- manifests/peer.pp | 90 ++++++++++++++++++++++++++++++++--------------- 1 file changed, 62 insertions(+), 28 deletions(-) diff --git a/manifests/peer.pp b/manifests/peer.pp index 0f38863..e9bb646 100644 --- a/manifests/peer.pp +++ b/manifests/peer.pp @@ -1,18 +1,19 @@ # define wireguard::peer ( - Array[String] $allowedips, - String $iface = $title, + Array[String] $allowedips, + String $iface = $title, Optional[ Pattern[/[A-Za-z0-9+\/=]{44}/] - ] $publickey = $facts['wireguard'] ? { + ] $publickey = $facts['wireguard'] ? { undef => undef, default => $facts['wireguard'][$iface], }, - Optional[String] $presharedkey = undef, - Optional[String] $endpoint = undef, - Integer[0,65535] $persistentkeepalive = 0, # 0 == off - Array[String] $export_tags = [], - String $peername = $::fqdn, + Optional[String] $presharedkey = undef, + Optional[String] $endpoint = undef, + Integer[0,65535] $persistentkeepalive = 0, # 0 == off + Array[String] $export_tags = [], + String $peername = $::fqdn, + Optional[Boolean] $routes_depend_on_peer = true, ) { # the publickey is not optional despite the parameter specification # saying otherwise but we don't want to fail a run if it's not there @@ -54,28 +55,61 @@ tag => $export_tags, } - # routes are only meaningful if there are multiple allowedips (Destination=) - if length($allowedips) > 1 { - # [Route] - $route = inline_epp(@(EOT), $template_params) + if $routes_depend_on_peer { + # routes are only meaningful if there are multiple allowedips (Destination=) + if length($allowedips) > 1 { + # [Route] + $route = inline_epp(@(EOT), $template_params) - [Route] - <% if length($peername) > 0 { -%> - # peer: <%= $peername %> - <% } -%> - Gateway=<%= $allowedips[0] %> - <% $allowedips.each |Integer $index, String $ip| { - # skip self (first allowedips) - if $index == 0 { next() } -%> - Destination=<%= $ip %> - <% } -%> - | EOT + <% if length($peername) > 0 { -%> + # peer: <%= $peername %> + <% } -%> + <% $allowedips.each |Integer $index, String $ip| { + # skip self (first allowedips) + if $index == 0 { next() } -%> + [Route] + Gateway=<%= $allowedips[0] %> + Destination=<%= $ip %> + <% unless $index == $allowedips.length - 1 { -%> - @@concat::fragment{ "[Route]-${::fqdn}-${iface}": - order => '10', - content => $route, - target => "${iface}.network", - tag => $export_tags, + <% } -%> + <% } -%> + | EOT + + @@concat::fragment{ "[Route]-${::fqdn}-${iface}": + order => '10', + content => $route, + target => "${iface}.network", + tag => $export_tags, + } + } + } else { + # routes are only meaningful if there are multiple allowedips (Destination=) + if length($allowedips) > 1 { + # [Route] + $route = inline_epp(@(EOT), $template_params) + + <% if length($peername) > 0 { -%> + # peer: <%= $peername %> + <% } -%> + <% $allowedips.each |Integer $index, String $ip| { + # skip self (first allowedips) + if $index == 0 { next() } -%> + [Route] + Destination=<%= $ip %> + Scope=link + <% unless $index == $allowedips.length - 1 { -%> + + <% } -%> + <% } -%> + | EOT + + @@concat::fragment{ "[Route]-${::fqdn}-${iface}": + order => '10', + content => $route, + target => "${iface}.network", + tag => $export_tags, + } } } } else { From 669a01a797936a02e3cadeca91d069efec518ae4 Mon Sep 17 00:00:00 2001 From: Samy Mahmoudi Date: Fri, 4 Feb 2022 18:14:15 -0500 Subject: [PATCH 2/2] PVPN: Fix indentation in Puppet resource 'wireguard::peer' (#12660) --- manifests/peer.pp | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/manifests/peer.pp b/manifests/peer.pp index e9bb646..8346438 100644 --- a/manifests/peer.pp +++ b/manifests/peer.pp @@ -1,6 +1,6 @@ # define wireguard::peer ( - Array[String] $allowedips, + Array[String] $allowedips, String $iface = $title, Optional[ Pattern[/[A-Za-z0-9+\/=]{44}/] @@ -55,7 +55,7 @@ tag => $export_tags, } - if $routes_depend_on_peer { + if $routes_depend_on_peer { # routes are only meaningful if there are multiple allowedips (Destination=) if length($allowedips) > 1 { # [Route]