datatype difference for bantime, datatype erroneous restriction for findtime

REFERENCE.md

@@ -21,6 +21,10 @@
 * [`fail2ban::define`](#fail2ban--define): == Define: fail2ban::define
 * [`fail2ban::jail`](#fail2ban--jail): Handles the jails.
 
+### Data types
+
+* [`Fail2ban::Time`](#Fail2ban--Time): Describes time format allowed for bantime and findtime The time entries in fail2ban configuration (like findtime or bantime) can be provided 
+
 ### Tasks
 
 * [`banip`](#banip): Ban IPs in a jail
@@ -271,9 +275,9 @@ Default value: `'action_mb'`
 
 ##### <a name="-fail2ban--bantime"></a>`bantime`
 
-Data type: `Variant[Integer[0], String[1]]`
+Data type: `Fail2ban::Time`
 
-Determines how many seconds ip addresses will be banned.
+Determines how many time (second or hour or week) ip addresses will be banned.
 
 Default value: `432000`
 
@@ -607,15 +611,15 @@ Default value: `$fail2ban::maxretry`
 
 ##### <a name="-fail2ban--jail--findtime"></a>`findtime`
 
-Data type: `Optional[Integer]`
+Data type: `Optional[Fail2ban::Time]`
 
 
 
 Default value: `undef`
 
 ##### <a name="-fail2ban--jail--bantime"></a>`bantime`
 
-Data type: `Integer`
+Data type: `Fail2ban::Time`
 
 
 
@@ -709,6 +713,36 @@ Data type: `Optional[String]`
 
 Default value: `$fail2ban::config_file_require`
 
+## Data types
+
+### <a name="Fail2ban--Time"></a>`Fail2ban::Time`
+
+Describes time format allowed for bantime and findtime
+The time entries in fail2ban configuration (like findtime or bantime)
+can be provided as integer in seconds or as string using special abbreviation
+format (e. g. 600 is the same as 10m).
+
+Abbreviation tokens:
+
+  years?, yea?, yy?
+  months?, mon?
+  weeks?, wee?, ww?
+  days?, da, dd?
+  hours?, hou?, hh?
+  minutes?, min?, mm?
+  seconds?, sec?, ss?
+
+  The question mark (?) means the optional character, so day as well as days can be used.
+
+You can combine multiple tokens in format (separated with space resp. without separator), e. g.: 1y 6mo or 1d12h30m.
+Note that tokens m as well as mm means minutes, for month use abbreviation mo or mon.
+
+The time format can be tested using fail2ban-client:
+
+       fail2ban-client --str2sec 1d12h
+
+Alias of `Variant[Integer[0], Pattern['^\d.*$']]`
+
 ## Tasks
 
 ### <a name="banip"></a>`banip`

manifests/init.pp

@@ -27,7 +27,7 @@
 # @param service_name Determines the name of service to manage.
 # @param service_enable Determines if the service should be enabled at boot.
 # @param action Determines how banned ip addresses should be reported.
-# @param bantime Determines how many seconds ip addresses will be banned.
+# @param bantime Determines how many time (second or hour or week) ip addresses will be banned.
 # @param email Determines which email address should be notified about restricted hosts and suspicious logins.
 # @param sender Determines which email address should notify about restricted hosts and suspicious logins.
 # @param iptables_chain Determines chain where jumps will to be added in iptables-\* actions.
@@ -72,7 +72,7 @@
   Boolean $service_enable = true,
 
   String[1] $action = 'action_mb',
-  Variant[Integer[0], String[1]] $bantime = 432000,
+  Fail2ban::Time $bantime = 432000,
   String[1] $email = "fail2ban@${facts['networking']['domain']}",
   String[1] $sender = "fail2ban@${facts['networking']['fqdn']}",
   String[1] $iptables_chain = 'INPUT',

manifests/jail.pp

@@ -12,8 +12,8 @@
   String $filter = $title,
   Optional[String[1]] $logpath = undef,
   Integer $maxretry = $fail2ban::maxretry,
-  Optional[Integer] $findtime = undef,
-  Integer $bantime = $fail2ban::bantime,
+  Optional[Fail2ban::Time] $findtime = undef,
+  Fail2ban::Time $bantime = $fail2ban::bantime,
   Optional[String] $port = undef,
   Optional[String] $backend = undef,
   Optional[String[1]] $journalmatch = undef,

spec/type_aliases/time_spec.rb

@@ -0,0 +1,23 @@
+# frozen_string_literal: true
+
+require 'spec_helper'
+
+describe 'Fail2ban::Time' do
+  [
+    0,
+    1252,
+    '42h',
+    '42h',
+    '1w',
+    '1y',
+    '1d12h',
+  ].each do |allowed_value|
+    it { is_expected.to allow_value(allowed_value) }
+  end
+
+  [
+    'mistake',
+  ].each do |invalid_value|
+    it { is_expected.not_to allow_value(invalid_value) }
+  end
+end

types/time.pp

@@ -0,0 +1,28 @@
+# Describes time format allowed for bantime and findtime
+# The time entries in fail2ban configuration (like findtime or bantime)
+# can be provided as integer in seconds or as string using special abbreviation
+# format (e. g. 600 is the same as 10m).
+# 
+# Abbreviation tokens:
+# 
+#   years?, yea?, yy?
+#   months?, mon?
+#   weeks?, wee?, ww?
+#   days?, da, dd?
+#   hours?, hou?, hh?
+#   minutes?, min?, mm?
+#   seconds?, sec?, ss?
+# 
+#   The question mark (?) means the optional character, so day as well as days can be used.
+# 
+# You can combine multiple tokens in format (separated with space resp. without separator), e. g.: 1y 6mo or 1d12h30m.
+# Note that tokens m as well as mm means minutes, for month use abbreviation mo or mon.
+# 
+# The time format can be tested using fail2ban-client:
+# 
+#        fail2ban-client --str2sec 1d12h
+#
+type Fail2ban::Time = Variant[
+  Integer[0],
+  Pattern['^\d.*$'],
+]