Can I accumulate an array of values in puppet from a collector

I need to instantiate a firewall related class which takes an array of the hosts allowed to access a database port on a db server. What's in that list depends on which of various web apps are turned on, on which hosts.

I'd like to put something amongst the logic for the app that says 'make sure the ip of this server is in the list of which ones can access the db', but without being able to re-declare variables, I'm not sure how to accumulate that info.

This is sort of like what concat does, though that would at best get me a file I could @include in the firewall rules. I could rewrite the firewall module so I can do it that way, but it's pretty messy, and I'm hoping to avoid this.

Defining virtual resources in the app logic and then collecting them seems like a nicer way to go, but I'm not sure though how I would get from a collector instantiating a bunch of resources of a given type to having an array of some value from each of those resources?

WebApp::FirewallHole <| dbhost == $fqdn |>

$app_hosts = ???

Firewall::Hole {'mysql':
  proto => 'tcp',
  dport => '3306',
  saddr=> $app_hosts,
}

In this code, WebApp::FirewallHole existst purely for pulling this information in, and can be defined in any way that helps. Firewall::Hole has for current purposes a fixed interface.

The above glosses over some of the details of the firewall logic. I can't just instantiate the Firewall::Hole class repeatedly here, and changing the interface to allow that would just push the problem further down into the firewall logic, so the question is about how I can construct an array of the values from a set of collected resources.