From e46c62466b2950c6c1b4b6802c728f3b556cd8c1 Mon Sep 17 00:00:00 2001
From: Steffen Zieger <me@saz.sh>
Date: Wed, 27 Mar 2024 11:09:00 +0100
Subject: [PATCH] add parameter to exclude interfaces with a regex

---
 lib/puppet/functions/ssh/ipaddresses.rb |  7 +++++--
 manifests/hostkeys.pp                   | 17 +++++++++--------
 spec/functions/ssh/ipaddresses_spec.rb  | 24 ++++++++++++++++++------
 3 files changed, 32 insertions(+), 16 deletions(-)

diff --git a/lib/puppet/functions/ssh/ipaddresses.rb b/lib/puppet/functions/ssh/ipaddresses.rb
index 01f6a6de..624b71fc 100644
--- a/lib/puppet/functions/ssh/ipaddresses.rb
+++ b/lib/puppet/functions/ssh/ipaddresses.rb
@@ -8,12 +8,14 @@
 Puppet::Functions.create_function(:'ssh::ipaddresses') do
   dispatch :ipaddresses do
     # @param excluded_interfaces An array of interface names to be excluded.
+    param 'Array[String[1]]', :excluded_interfaces
+    # @param excluded_interfaces_re An array of regexp matching interface names to be excluded.
+    param 'Array[Regexp]', :excluded_interfaces_re
     # @return The IP addresses found.
-    optional_param 'Array[String[1]]', :excluded_interfaces
     return_type 'Array[Stdlib::IP::Address]'
   end
 
-  def ipaddresses(excluded_interfaces = [])
+  def ipaddresses(excluded_interfaces, excluded_interfaces_re)
     facts = closure_scope['facts']
 
     # always exclude loopback interface
@@ -36,6 +38,7 @@ def ipaddresses(excluded_interfaces = [])
     interfaces.each do |iface, data|
       # skip excluded interfaces
       next if excluded_interfaces.include?(iface)
+      next if excluded_interfaces_re.any? { |pattern| pattern.match?(iface) }
 
       %w[bindings bindings6].each do |binding_type|
         next unless data.key?(binding_type)
diff --git a/manifests/hostkeys.pp b/manifests/hostkeys.pp
index 28463d44..8be7075c 100644
--- a/manifests/hostkeys.pp
+++ b/manifests/hostkeys.pp
@@ -23,13 +23,14 @@
 #   Array of custom tags
 #
 class ssh::hostkeys (
-  Boolean                    $export_ipaddresses  = true,
-  Optional[String[1]]        $storeconfigs_group  = undef,
-  Array                      $extra_aliases       = [],
-  Array                      $exclude_interfaces  = [],
-  Array                      $exclude_ipaddresses = [],
-  Boolean                    $use_trusted_facts   = false,
-  Optional[Array[String[1]]] $tags                = undef,
+  Boolean                    $export_ipaddresses    = true,
+  Optional[String[1]]        $storeconfigs_group    = undef,
+  Array                      $extra_aliases         = [],
+  Array                      $exclude_interfaces    = [],
+  Array[Regexp]              $exclude_interfaces_re = [],
+  Array                      $exclude_ipaddresses   = [],
+  Boolean                    $use_trusted_facts     = false,
+  Optional[Array[String[1]]] $tags                  = undef,
 ) {
   if $use_trusted_facts {
     $fqdn_real = $trusted['certname']
@@ -41,7 +42,7 @@
   }
 
   if $export_ipaddresses == true {
-    $ipaddresses = ssh::ipaddresses($exclude_interfaces)
+    $ipaddresses = ssh::ipaddresses($exclude_interfaces, $exclude_interfaces_re)
     $ipaddresses_real = $ipaddresses - $exclude_ipaddresses
     $host_aliases = sort(unique(flatten([$fqdn_real, $hostname_real, $extra_aliases, $ipaddresses_real])))
   } else {
diff --git a/spec/functions/ssh/ipaddresses_spec.rb b/spec/functions/ssh/ipaddresses_spec.rb
index fe5c2dd4..7490ac77 100644
--- a/spec/functions/ssh/ipaddresses_spec.rb
+++ b/spec/functions/ssh/ipaddresses_spec.rb
@@ -14,19 +14,31 @@
 
     describe 'without parameters' do
       it 'returns all IPs other than localhost' do
-        is_expected.to run.and_return(['172.17.0.1', '10.13.42.61', '10.0.0.110', '10.0.0.104', '10.0.0.109'])
+        is_expected.to run.with_params([], []).and_return(['172.17.0.1', '10.13.42.61', '10.0.0.110', '10.0.0.104', '10.0.0.109'])
       end
     end
 
     describe 'with excluded interface' do
       it 'doesn\'t return the IPs of excluded interface' do
-        is_expected.to run.with_params(['docker0']).and_return(['10.13.42.61', '10.0.0.110', '10.0.0.104', '10.0.0.109'])
+        is_expected.to run.with_params(['docker0'], []).and_return(['10.13.42.61', '10.0.0.110', '10.0.0.104', '10.0.0.109'])
       end
     end
 
     describe 'with excluded interfaces' do
       it 'doesn\'t return the IPs of those interfaces' do
-        is_expected.to run.with_params(%w[docker0 eno1]).and_return([])
+        is_expected.to run.with_params(%w[docker0 eno1], []).and_return([])
+      end
+    end
+
+    describe 'with excluded re interface' do
+      it 'doesn\'t return the IPs of excluded interface' do
+        is_expected.to run.with_params([], [%r{^docker}]).and_return(['10.13.42.61', '10.0.0.110', '10.0.0.104', '10.0.0.109'])
+      end
+    end
+
+    describe 'with excluded re interfaces' do
+      it 'doesn\'t return the IPs of those interfaces' do
+        is_expected.to run.with_params([], [%r{docker0}, %r{no1$}]).and_return([])
       end
     end
   end
@@ -44,19 +56,19 @@
 
     describe 'without parameters' do
       it 'returns all IPs other than localhost' do
-        is_expected.to run.and_return(['172.17.0.1', '10.13.42.61'])
+        is_expected.to run.with_params([], []).and_return(['172.17.0.1', '10.13.42.61'])
       end
     end
 
     describe 'with excluded interface' do
       it 'doesn\'t return the IPs of excluded interface' do
-        is_expected.to run.with_params(['docker0']).and_return(['10.13.42.61'])
+        is_expected.to run.with_params(['docker0'], []).and_return(['10.13.42.61'])
       end
     end
 
     describe 'with excluded interfaces' do
       it 'doesn\'t return the IPs of those interfaces' do
-        is_expected.to run.with_params(%w[docker0 eno1]).and_return([])
+        is_expected.to run.with_params(%w[docker0 eno1], []).and_return([])
       end
     end
   end