Add type validation to all parameters

4f118df4 · Jonathan Gazeley · fe4fd491 · 4f118df4 · 4f118df4 · 4f118df4
Commit 4f118df4 authored Oct 29, 2019 by Jonathan Gazeley
--- a/manifests/attr.pp
+++ b/manifests/attr.pp
 # Install FreeRADIUS config snippets
 define freeradius::attr (
-  $source,
-  $ensure = present,
-  $key = 'User-Name',
-  $prefix = 'filter',
+  String $source,
+  Freeradius::Ensure $ensure = present,
+  Optional[String] $key      = 'User-Name',
+  Optional[String] $prefix   = 'filter',
 ) {
  $fr_package          = $::freeradius::params::fr_package
  $fr_service          = $::freeradius::params::fr_service

--- a/manifests/cert.pp
+++ b/manifests/cert.pp
 # Install FreeRADIUS certificates
 define freeradius::cert (
-  $source = undef,
-  $content = undef,
-  $type = 'key',
-  $ensure = present,
+  Optional[String] $source   = undef,
+  Optional[String] $content  = undef,
+  Optional[String] $type     = 'key',
+  Freeradius::Ensure $ensure = present,
 ) {
  $fr_package  = $::freeradius::params::fr_package
  $fr_service  = $::freeradius::params::fr_service

--- a/manifests/client.pp
+++ b/manifests/client.pp
 # Install FreeRADIUS clients (WISMs or testing servers)
 define freeradius::client (
-  $secret,
-  $shortname                     = $title,
-  $ip                            = undef,
-  $ip6                           = undef,
-  $proto                         = undef,
-  $require_message_authenticator = 'no',
-  $virtual_server                = undef,
-  $nastype                       = undef,
-  $login                         = undef,
-  $password                      = undef,
-  $coa_server                    = undef,
-  $response_window               = undef,
-  $max_connections               = undef,
-  $lifetime                      = undef,
-  $idle_timeout                  = undef,
-  $redirect                      = undef,
-  $port                          = undef,
-  $srcip                         = undef,
-  $firewall                      = false,
-  $ensure                        = present,
-  $attributes                    = [],
-  $huntgroups                    = undef,
+  String $secret,
+  Optional[String] $shortname                        = $title,
+  Optional[String] $ip                               = undef,
+  Optional[String] $ip6                              = undef,
+  Enum['*', 'udp', 'tcp'] $proto                     = undef,
+  Freeradius::Boolean $require_message_authenticator = 'no',
+  Optional[String] $virtual_server                   = undef,
+  Enum['cisco', 'computone', 'livingston', 'juniper', 'max40xx', 'multitech', 'netserver', 'pathras', 'patton', 'portslave', 'tc', 'usrhiper', 'other'] $nastype = undef,
+  Optional[String] $login                            = undef,
+  Optional[String] $password                         = undef,
+  Optional[String] $coa_server                       = undef,
+  Optional[String] $response_window                  = undef,
+  Optional[Integer] $max_connections                 = undef,
+  Optional[Integer] $lifetime                        = undef,
+  Optional[Integer] $idle_timeout                    = undef,
+  Optional[String] $redirect                         = undef,
+  Optional[Integer] $port                            = undef,
+  Optional[String] $srcip                            = undef,
+  Boolean $firewall                                  = false,
+  Freeradius::Ensure $ensure                         = present,
+  Array $attributes                    = [],
+  Optional[String] $huntgroups                    = undef,
 ) {
  $fr_package  = $::freeradius::params::fr_package
  $fr_service  = $::freeradius::params::fr_service
  $fr_basepath = $::freeradius::params::fr_basepath
  $fr_group    = $::freeradius::params::fr_group

-  if $proto {
-    unless $proto in ['*', 'udp', 'tcp'] {
-      fail('$proto must be one of udp, tcp or *')
-    }
-  }
-
-  unless $require_message_authenticator in ['yes', 'no'] {
-    fail('$require_message_authenticator must be one of yes or no')
-  }
-
-  if $nastype {
-    unless $nastype in ['cisco', 'computone', 'livingston', 'juniper', 'max40xx',
-    'multitech', 'netserver', 'pathras', 'patton', 'portslave', 'tc', 'usrhiper', 'other'] {
-      fail('$nastype must be one of cisco, computone, livingston, juniper, max40xx, multitech, netserver, pathras, patton, portslave, tc, usrhiper, other')
-    }
-  }
-
  file { "${fr_basepath}/clients.d/${shortname}.conf":
    ensure  => $ensure,
    mode    => '0640',

--- a/manifests/config.pp
+++ b/manifests/config.pp
 # Install FreeRADIUS config snippets
 define freeradius::config (
-  $source = undef,
-  $content = undef,
-  $ensure = present,
+  Optional[String] $source   = undef,
+  Optional[String] $content  = undef,
+  Freeradius::Ensure $ensure = present,
 ) {
  $fr_package          = $::freeradius::params::fr_package
  $fr_service          = $::freeradius::params::fr_service

--- a/manifests/dictionary.pp
+++ b/manifests/dictionary.pp
 # Install FreeRADIUS custom dictionaries
 define freeradius::dictionary (
-  $source = undef,
-  $content = undef,
-  $order = 50,
-  $ensure = present,
+  Optional[String] $source   = undef,
+  Optional[String] $content  = undef,
+  Optional[Integer] $order   = 50,
+  Freeradius::Ensure $ensure = 'present',
 ) {
  $fr_package  = $::freeradius::params::fr_package
  $fr_service  = $::freeradius::params::fr_service
@@ -11,7 +11,7 @@ define freeradius::dictionary (
  $fr_group    = $::freeradius::params::fr_group

  if !$source and !$content {
-    fail('source or content parameter should be provided')
+    fail('source or content parameter must be provided')
  }

  # Install dictionary in dictionary.d

--- a/manifests/home_server.pp
+++ b/manifests/home_server.pp
 # Configure a home_server for proxy config
 define freeradius::home_server (
-  $secret,
-  $type = 'auth',
-  $ipaddr = undef,
-  $ipv6addr = undef,
-  $virtual_server = undef,
-  $port = 1812,
-  $proto = 'udp',
-  $status_check = undef,
+  String $secret,
+  Enum['auth', 'acct', 'auth+acct', 'coa'] $type         = 'auth',
+  Optional[String] $ipaddr                               = undef,
+  Optional[String] $ipv6addr                             = undef,
+  Optional[String] $virtual_server                       = undef,
+  Optional[Integer] $port                                = 1812,
+  Enum['udp', 'tcp'] $proto                              = 'udp',
+  Enum['none', 'status-server', 'request'] $status_check = 'none',
 ) {
  $fr_basepath = $::freeradius::params::fr_basepath

-  # Validate multiple choice options
-  unless $type in ['auth', 'acct', 'auth+acct', 'coa'] {
-    fail('$type must be one of auth, acct, auth+acct, coa')
-  }
-  unless $proto in ['udp', 'tcp'] {
-    fail('$type must be one of udp, tcp')
-  }
-
-  # Validate integers
-  unless is_integer($port) {
-    fail('$port must be an integer')
-  }
-
-  if $status_check {
-    unless $status_check in ['none', 'status-server', 'request'] {
-      fail('$status_check must be one of none, status-server, request')
-    }
-  }
-
  # Configure config fragment for this home server
  concat::fragment { "homeserver-${name}":
    target  => "${fr_basepath}/proxy.conf",
@@ -37,4 +18,3 @@ define freeradius::home_server (
    order   => 10,
  }
 }
-
--- a/manifests/home_server_pool.pp
+++ b/manifests/home_server_pool.pp
 # Configure home server pools
 define freeradius::home_server_pool (
-  $home_server,
-  $type = 'fail-over',
-  $virtual_server = undef,
-  $fallback = undef,
+  String $home_server,
+  Enum['fail-over', 'load-balance', 'client-balance', 'client-port-balance', 'keyed-balance'] $type = 'fail-over',
+  Optional[String] $virtual_server = undef,
+  Optional[String] $fallback       = undef,
 ) {
  $fr_basepath = $::freeradius::params::fr_basepath

-  # Validate multi-value options
-  unless $type in ['fail-over', 'load-balance', 'client-balance', 'client-port-balance', 'keyed-balance'] {
-    fail('$type must be one of fail-over, load-balance, client-balance, client-port-balance, keyed-balance')
-  }
-
  # Configure config fragment for this home server
  concat::fragment { "homeserverpool-${name}":
    target  => "${fr_basepath}/proxy.conf",

--- a/manifests/huntgroup.pp
+++ b/manifests/huntgroup.pp
 # Install FreeRADIUS huntgroups
 define freeradius::huntgroup (
-  $ensure      = present,
-  $huntgroup   = $title,
-  $conditions  = [],
-  $order       = 50,
+  Freeradius::Ensure $ensure          = present,
+  Optional[String] $huntgroup         = $title,
+  Optional[Array[String]] $conditions = [],
+  Optional[Integer] $order            = 50,
 ) {
  $fr_basepath = $::freeradius::params::fr_basepath
  $fr_service  = $::freeradius::params::fr_service

--- a/manifests/init.pp
+++ b/manifests/init.pp
 # Base class to install FreeRADIUS
 class freeradius (
-  $control_socket  = false,
-  $max_servers     = '4096',
-  $max_requests    = '4096',
-  $mysql_support   = false,
-  $pgsql_support   = false,
-  $perl_support    = false,
-  $utils_support   = false,
-  $ldap_support    = false,
-  $dhcp_support    = false,
-  $krb5_support    = false,
-  $wpa_supplicant  = false,
-  $winbind_support = false,
-  $log_destination = 'files',
-  $syslog          = false,
-  $log_auth        = 'no',
-  $preserve_mods   = true,
-  $correct_escapes = true,
-  $manage_logpath  = true,
-  $package_ensure  = 'installed',
-  $radacctdir      = $freeradius::params::radacctdir,
+  Boolean $control_socket          = false,
+  Integer $max_servers             = 4096,
+  Integer $max_requests            = 4096,
+  Boolean $mysql_support           = false,
+  Boolean $pgsql_support           = false,
+  Boolean $perl_support            = false,
+  Boolean $utils_support           = false,
+  Boolean $ldap_support            = false,
+  Boolean $dhcp_support            = false,
+  Boolean $krb5_support            = false,
+  Boolean $wpa_supplicant          = false,
+  Boolean $winbind_support         = false,
+  String $log_destination          = 'files',
+  Boolean $syslog                  = false,
+  Freeradius::Boolean $log_auth    = 'no',
+  Boolean $preserve_mods           = true,
+  Boolean $correct_escapes         = true,
+  Boolean $manage_logpath          = true,
+  Optional[String] $package_ensure = 'installed',
+  String $radacctdir               = $freeradius::params::radacctdir,
 ) inherits freeradius::params {

  if $freeradius::fr_version !~ /^3/ {
@@ -29,8 +29,6 @@ class freeradius (
  validate_re($log_destination, '^(files|syslog|stdout|stderr)$',
    "log_destination value (${log_destination}) is not a valid value")

-  validate_re($package_ensure, '^(installed|latest)$', 'package_ensure must be one of installed, latest')
-
  if $control_socket == true {
    warning('Use of the control_socket parameter in the freeradius class is deprecated. Please use the freeradius::control_socket class instead.')
  }

--- a/manifests/instantiate.pp
+++ b/manifests/instantiate.pp
 # Instantiate a module in global config
 define freeradius::instantiate (
-  $ensure = present,
+  Freeradius::Ensure $ensure = present,
 ) {
  $fr_package  = $::freeradius::params::fr_package
  $fr_service  = $::freeradius::params::fr_service

--- a/manifests/krb5.pp
+++ b/manifests/krb5.pp
 # Configure Kerberos support for FreeRADIUS
 define freeradius::krb5 (
-  $keytab,
-  $principal,
-  $start       = "\${thread[pool].start_servers}",
-  $min         = "\${thread[pool].min_spare_servers}",
-  $max         = "\${thread[pool].max_servers}",
-  $spare       = "\${thread[pool].max_spare_servers}",
-  $ensure      = 'present',
+  String $keytab,
+  String $principal,
+  Freeradius::Integer  $start = "\${thread[pool].start_servers}",
+  Freeradius::Integer  $min   = "\${thread[pool].min_spare_servers}",
+  Freeradius::Integer  $max   = "\${thread[pool].max_servers}",
+  Freeradius::Integer  $spare = "\${thread[pool].max_spare_servers}",
+  Freeradius::Ensure $ensure  = 'present',
 ) {
  $fr_package          = $::freeradius::params::fr_package
  $fr_service          = $::freeradius::params::fr_service

--- a/manifests/ldap.pp
+++ b/manifests/ldap.pp
 # Configure LDAP support for FreeRADIUS
 define freeradius::ldap (
-  $identity,
-  $password,
-  $basedn,
-  $server      = ['localhost'],
-  $port        = 389,
-  $uses        = 0,
-  $idle        = 60,
-  $probes      = 3,
-  $interval    = 3,
-  $timeout     = 10,
-  $start       = "\${thread[pool].start_servers}",
-  $min         = "\${thread[pool].min_spare_servers}",
-  $max         = "\${thread[pool].max_servers}",
-  $spare       = "\${thread[pool].max_spare_servers}",
-  $ensure      = 'present',
-  $starttls    = 'no',
-  $cafile      = undef,
-  $certfile    = undef,
-  $keyfile     = undef,
+  String $identity,
+  String $password,
+  String $basedn,
+  Array[String] $server         = ['localhost'],
+  Integer $port                 = 389,
+  Integer $uses                 = 0,
+  Integer $idle                 = 60,
+  Integer $probes               = 3,
+  Integer $interval             = 3,
+  Integer $timeout              = 10,
+  Freeradius::Integer $start    = "\${thread[pool].start_servers}",
+  Freeradius::Integer $min      = "\${thread[pool].min_spare_servers}",
+  Freeradius::Integer $max      = "\${thread[pool].max_servers}",
+  Freeradius::Integer $spare    = "\${thread[pool].max_spare_servers}",
+  Freeradius::Ensure $ensure    = 'present',
+  Freeradius::Boolean $starttls = 'no',
+  Optional[String] $cafile      = undef,
+  Optional[String] $certfile    = undef,
+  Optional[String] $keyfile     = undef,
  $requirecert = 'allow',
 ) {
  warning('The use of freeradius::ldap is deprecated. You must use freeradius::module::ldap instead')

--- a/manifests/listen.pp
+++ b/manifests/listen.pp
 # == Define freeradius::listen
 #
 define freeradius::listen (
-  $ensure                  = 'present',
+  Freeradius::Ensure $ensure                                = 'present',
  Enum['auth','acct','proxy','detail','status','coa'] $type = 'auth',
-  $ip                      = undef,
-  $ip6                     = undef,
-  Integer $port            = 0,
-  $interface               = undef,
-  Array $clients           = [],
-  Integer $max_connections = 16,
-  Integer $lifetime        = 0,
-  Integer $idle_timeout    = 30,
+  Optional[String] $ip                                      = undef,
+  Optional[String] $ip6                                     = undef,
+  Integer $port                                             = 0,
+  String $interface                                         = undef,
+  Array[String] $clients                                    = [],
+  Integer $max_connections                                  = 16,
+  Integer $lifetime                                         = 0,
+  Integer $idle_timeout                                     = 30,
 ) {
  $fr_package  = $::freeradius::params::fr_package
  $fr_service  = $::freeradius::params::fr_service
  $fr_basepath = $::freeradius::params::fr_basepath
  $fr_group    = $::freeradius::params::fr_group

-  #
-  # Parameters' validation
+  # Parameter validation
  if $ip and $ip != '*' and !is_ip_address($ip) {
    fail('ip must be a valid IP address or \'*\'')
  }
@@ -28,7 +27,7 @@ define freeradius::listen (
  }

  if $ip and $ip6 {
-    fail('Only of ip and ip6 can be used')
+    fail('Only one of ip or ip6 can be used')
  }

  file { "${fr_basepath}/listen.d/${name}.conf":

--- a/manifests/module.pp
+++ b/manifests/module.pp
 # Install FreeRADIUS modules
 define freeradius::module (
-  $source = undef,
-  $content = undef,
-  $ensure = present,
-  $preserve = false,
+  Optional[String] $source   = undef,
+  Optional[String] $content  = undef,
+  Freeradius::Ensure $ensure = present,
+  Boolean $preserve          = false,
 ) {
  $fr_package  = $::freeradius::params::fr_package
  $fr_service  = $::freeradius::params::fr_service

--- a/manifests/module/ippool.pp
+++ b/manifests/module/ippool.pp
@@ -4,7 +4,7 @@ define freeradius::module::ippool (
  String $range_start,
  String $range_stop,
  String $netmask,
-  $ensure                       = 'present',
+  Freeradius::Ensure $ensure    = 'present',
  Optional[Integer] $cache_size = undef,
  String $filename              = "\${db_dir}/db.${name}",
  String $ip_index              = "\${db_dir}/db.${name}.index",

--- a/manifests/module/ldap.pp
+++ b/manifests/module/ldap.pp
 # Configure LDAP support for FreeRADIUS
 define freeradius::module::ldap (
  String $basedn,
-  Enum['present','absent'] $ensure                                    = 'present',
-  $server                                                             = ['localhost'],
+  Freeradius::Ensure $ensure                                         = 'present',
+  Array[String] $server                                               = ['localhost'],
  Integer $port                                                       = 389,
  Optional[String] $identity                                          = undef,
  Optional[String] $password                                          = undef,
@@ -70,19 +70,13 @@ define freeradius::module::ldap (
  $fr_group            = $::freeradius::params::fr_group

  # Validate our inputs
-  # Hostnames
-  $serverarray = any2array($server)
-  unless is_array($serverarray) {
-    fail('$server must be an array of hostnames or IP addresses')
-  }
-
  # FR3.0 format server = 'ldap1.example.com, ldap1.example.com, ldap1.example.com'
  # FR3.1 format server = 'ldap1.example.com'
  #              server = 'ldap2.example.com'
  #              server = 'ldap3.example.com'
  $serverconcatarray = $::freeradius_version ? {
-    /^3\.0\./ => any2array(join($serverarray, ',')),
-    default   => $serverarray,
+    /^3\.0\./ => any2array(join($server, ',')),
+    default   => $server,
  }

  # Generate a module config, based on ldap.conf

--- a/manifests/module/perl.pp
+++ b/manifests/module/perl.pp
@@ -3,7 +3,7 @@
 # Create the perl module configuration for FreeRADIUS
 #
 define freeradius::module::perl (
-  $ensure                                        = file,
+  Optional[String] $ensure                       = file,
  String $moddir                                 = "${fr_moduleconfigpath}/perl",
  Optional[String] $perl_filename                = undef,
  Optional[String] $path                         = undef,

--- a/manifests/policy.pp
+++ b/manifests/policy.pp
 # Install FreeRADIUS policies
 define freeradius::policy (
-  $source,
-  $order = 50,
-  $ensure = present,
+  Optional[String] $source,
+  Optional[Integer] $order   = 50,
+  Freeradius::Ensure $ensure = present,
 ) {
  $fr_package  = $::freeradius::params::fr_package
  $fr_service  = $::freeradius::params::fr_service

--- a/manifests/realm.pp
+++ b/manifests/realm.pp
 # Set up proxy realms
 define freeradius::realm (
-  $virtual_server = undef,
-  $auth_pool = undef,
-  $acct_pool = undef,
-  $pool = undef,
-  $nostrip = false,
-  $order = 30,
+  Optional[String] $virtual_server = undef,
+  Optional[String] $auth_pool      = undef,
+  Optional[String] $acct_pool      = undef,
+  Optional[String] $pool           = undef,
+  Optional[Boolean] $nostrip       = false,
+  Optional[Integer] $order         = 30,
 ) {
  $fr_basepath = $::freeradius::params::fr_basepath

-  # Validate bools
-  unless is_bool($nostrip) {
-    fail('nostrip must be true or false')
-  }
-
  # Configure config fragment for this realm
  concat::fragment { "realm-${name}":
    target  => "${fr_basepath}/proxy.conf",

--- a/manifests/script.pp
+++ b/manifests/script.pp
 # Install FreeRADIUS helper scripts
 define freeradius::script (
-  $source,
-  $ensure = present,
+  String $source,
+  Freeradius::Ensure $ensure = present,
 ) {
  $fr_package  = $::freeradius::params::fr_package
  $fr_service  = $::freeradius::params::fr_service