Snmp - Use net_cidr_map for firewall rules

Change I68e064d23ec5d43f59146d974cae604d2c5fdb52 makes
NetCidrMapValue a list of ip networks.

Iterate over the list of cidr' from the SnmpdNetwork
entry in the cidr map and create firewall rules for
each ip network.

Partial: blueprint tripleo-routed-networks-templates
Change-Id: I52080771f5ed0763f0d6a799c0c98a6dae94eafe

deployment/snmp/snmp-baremetal-puppet.yaml

@@ -66,21 +66,26 @@ outputs:
         tripleo::profile::base::snmp::snmpd_password: {get_param: SnmpdReadonlyUserPassword}
         snmp::agentaddress: {get_param: SnmpdBindHost}
         snmp::snmpd_options: {get_param: SnmpdOptions}
-        snmpd_network:
-          # TODO(hjensas): Replace with get_param: [ServiceData, net_cidr_map, {get_param: [ServiceNetMap, SnmpdNetwork]}
-          str_replace:
-            template: "%{hiera('$NETWORK_subnet')}"
-            params:
-              $NETWORK: {get_param: [ServiceNetMap, SnmpdNetwork]}
         tripleo::snmp::firewall_rules:
-          '124 snmp':
+          if:
-            dport: 161
+            - snmpd_network_unset
-            proto: 'udp'
+            - map_merge:
-            source:
+                repeat:
-              if:
+                  for_each:
-              - snmpd_network_unset
+                    <%net_cidr%>:
-              - "%{hiera('snmpd_network')}"
+                      get_param:
-              - {get_param: SnmpdIpSubnet}
+                        - ServiceData
+                        - net_cidr_map
+                        - {get_param: [ServiceNetMap, SnmpdNetwork]}
+                  template:
+                    '124 snmp <%net_cidr%>':
+                      dport: 161
+                      proto: 'udp'
+                      source: <%net_cidr%>
+            - '124 snmp':
+                dport: 161
+                proto: 'udp'
+                source: {get_param: SnmpdIpSubnet}
       step_config: |
         include ::tripleo::profile::base::snmp
       upgrade_tasks: