Switch last templates to EPP

A lot of work was done to convert the module templates form ERB to EPP, but a few templates where still to be converted. Along with various benefits, EPP templates offer better detection for access to undefined variables. This refactoring therefore fix a few issues that where reported while converting. Also a bunch of outdated comments about which template use which variable where removed no that this usage is explicit. The extensive test suite helped ensure the conversion was not introducing regressions.
puppetlabs · May 5, 2024 · 832f318 · 832f318
1 parent 675fb82
commit 832f318
Show file tree

Hide file tree

Showing 39 changed files with 1,051 additions and 2,398 deletions.
diff --git a/manifests/mod/php.pp b/manifests/mod/php.pp
@@ -32,7 +32,7 @@
   Optional[String] $path         = undef,
   Array $extensions              = ['.php'],
   Optional[String] $content      = undef,
-  String $template               = 'apache/mod/php.conf.erb',
+  String $template               = 'apache/mod/php.conf.epp',
   Optional[String] $source       = undef,
   Optional[String] $root_group   = $apache::params::root_group,
   Optional[String] $php_version  = $apache::params::php_version,
@@ -63,9 +63,9 @@
     fail('apache::mod::php requires apache::mod::prefork or apache::mod::itk; please enable mpm_module => \'prefork\' or mpm_module => \'itk\' on Class[\'apache\']')
   }
 
-  if $source and ($content or $template != 'apache/mod/php.conf.erb') {
+  if $source and ($content or $template != 'apache/mod/php.conf.epp') {
     warning('source and content or template parameters are provided. source parameter will be used')
-  } elsif $content and $template != 'apache/mod/php.conf.erb' {
+  } elsif $content and $template != 'apache/mod/php.conf.epp' {
     warning('content and template parameters are provided. content parameter will be used')
   }
 

diff --git a/manifests/mod/security.pp b/manifests/mod/security.pp
@@ -316,49 +316,30 @@
   }
 
   if $manage_security_crs {
-    # Template uses:
-    # - $_secdefaultaction
-    # - $critical_anomaly_score
-    # - $error_anomaly_score
-    # - $warning_anomaly_score
-    # - $notice_anomaly_score
-    # - $inbound_anomaly_threshold
-    # - $outbound_anomaly_threshold
-    # - $paranoia_level
-    # - $executing_paranoia_level
-    # - $allowed_methods
-    # - $content_types
-    # - $restricted_extensions
-    # - $restricted_headers
-    # - $secrequestmaxnumargs
-    # - $enable_dos_protection
-    # - $dos_burst_time_slice
-    # - $dos_counter_threshold
-    # - $dos_block_timeout
     $security_crs_parameters = {
-      '_secdefaultaction'           => $_secdefaultaction,
-      'critical_anomaly_score'      => $critical_anomaly_score,
-      'error_anomaly_score'         => $error_anomaly_score,
-      'warning_anomaly_score'       => $warning_anomaly_score,
-      'notice_anomaly_score'        => $notice_anomaly_score,
-      'inbound_anomaly_threshold'   => $inbound_anomaly_threshold,
-      'outbound_anomaly_threshold'  => $outbound_anomaly_threshold,
-      'secrequestmaxnumargs'        => $secrequestmaxnumargs,
-      'allowed_methods'             => $allowed_methods,
-      'content_types'               => $content_types,
-      'restricted_extensions'       => $restricted_extensions,
-      'restricted_headers'          => $restricted_headers,
-      'paranoia_level'              => $paranoia_level,
-      'executing_paranoia_level'    => $executing_paranoia_level,
-      'enable_dos_protection'       => $enable_dos_protection,
-      'dos_burst_time_slice'        => $dos_burst_time_slice,
-      'dos_counter_threshold'       => $dos_counter_threshold,
-      'dos_block_timeout'           => $dos_block_timeout,
+      '_secdefaultaction'          => $_secdefaultaction,
+      'critical_anomaly_score'     => $critical_anomaly_score,
+      'error_anomaly_score'        => $error_anomaly_score,
+      'warning_anomaly_score'      => $warning_anomaly_score,
+      'notice_anomaly_score'       => $notice_anomaly_score,
+      'inbound_anomaly_threshold'  => $inbound_anomaly_threshold,
+      'outbound_anomaly_threshold' => $outbound_anomaly_threshold,
+      'secrequestmaxnumargs'       => $secrequestmaxnumargs,
+      'allowed_methods'            => $allowed_methods,
+      'content_types'              => $content_types,
+      'restricted_extensions'      => $restricted_extensions,
+      'restricted_headers'         => $restricted_headers,
+      'paranoia_level'             => $paranoia_level,
+      'executing_paranoia_level'   => $executing_paranoia_level,
+      'enable_dos_protection'      => $enable_dos_protection,
+      'dos_burst_time_slice'       => $dos_burst_time_slice,
+      'dos_counter_threshold'      => $dos_counter_threshold,
+      'dos_block_timeout'          => $dos_block_timeout,
     }
 
     file { "${modsec_dir}/security_crs.conf":
       ensure  => file,
-      content => template('apache/mod/security_crs.conf.erb'),
+      content => epp('apache/mod/security_crs.conf.epp', $security_crs_parameters),
       require => File[$modsec_dir],
       notify  => Class['apache::service'],
     }

diff --git a/manifests/mod/status.pp b/manifests/mod/status.pp
@@ -40,11 +40,17 @@
   $requires_defaults = 'ip 127.0.0.1 ::1'
 
   # Template uses $extended_status, $status_path
+  $status_params = {
+    'extended_status'   => $extended_status,
+    'status_path'       => $status_path,
+    'requires'          => $requires,
+    'requires_defaults' => $requires_defaults,
+  }
   file { 'status.conf':
     ensure  => file,
     path    => "${apache::mod_dir}/status.conf",
     mode    => $apache::file_mode,
-    content => template('apache/mod/status.conf.erb'),
+    content => epp('apache/mod/status.conf.epp', $status_params),
     require => Exec["mkdir ${apache::mod_dir}"],
     before  => File[$apache::mod_dir],
     notify  => Class['apache::service'],