Switch last templates to EPP

A lot of work was done to convert the module templates form ERB to EPP, but a few templates where still to be converted. Along with various benefits, EPP templates offer better detection for access to undefined variables. This refactoring therefore fix a few issues that where reported while converting. Also a bunch of outdated comments about which template use which variable where removed no that this usage is explicit. The extensive test suite helped ensure the conversion was not introducing regressions.
puppetlabs · smortex · May 5, 2024 · May 3, 2024 · May 4, 2024 · May 5, 2024
commit adb5b1a82faca05bed3a514047815903df2d8bf3
@@ -32,7 +32,7 @@
   Optional[String] $path         = undef,
   Array $extensions              = ['.php'],
   Optional[String] $content      = undef,
-  String $template               = 'apache/mod/php.conf.erb',
+  String $template               = 'apache/mod/php.conf.epp',
   Optional[String] $source       = undef,
   Optional[String] $root_group   = $apache::params::root_group,
   Optional[String] $php_version  = $apache::params::php_version,
@@ -63,9 +63,9 @@
     fail('apache::mod::php requires apache::mod::prefork or apache::mod::itk; please enable mpm_module => \'prefork\' or mpm_module => \'itk\' on Class[\'apache\']')
   }
 
-  if $source and ($content or $template != 'apache/mod/php.conf.erb') {
+  if $source and ($content or $template != 'apache/mod/php.conf.epp') {
     warning('source and content or template parameters are provided. source parameter will be used')
-  } elsif $content and $template != 'apache/mod/php.conf.erb' {
+  } elsif $content and $template != 'apache/mod/php.conf.epp' {
     warning('content and template parameters are provided. content parameter will be used')
   }
 

@@ -316,49 +316,30 @@
   }
 
   if $manage_security_crs {
-    # Template uses:
-    # - $_secdefaultaction
-    # - $critical_anomaly_score
-    # - $error_anomaly_score
-    # - $warning_anomaly_score
-    # - $notice_anomaly_score
-    # - $inbound_anomaly_threshold
-    # - $outbound_anomaly_threshold
-    # - $paranoia_level
-    # - $executing_paranoia_level
-    # - $allowed_methods
-    # - $content_types
-    # - $restricted_extensions
-    # - $restricted_headers
-    # - $secrequestmaxnumargs
-    # - $enable_dos_protection
-    # - $dos_burst_time_slice
-    # - $dos_counter_threshold
-    # - $dos_block_timeout
     $security_crs_parameters = {
-      '_secdefaultaction'           => $_secdefaultaction,
-      'critical_anomaly_score'      => $critical_anomaly_score,
-      'error_anomaly_score'         => $error_anomaly_score,
-      'warning_anomaly_score'       => $warning_anomaly_score,
-      'notice_anomaly_score'        => $notice_anomaly_score,
-      'inbound_anomaly_threshold'   => $inbound_anomaly_threshold,
-      'outbound_anomaly_threshold'  => $outbound_anomaly_threshold,
-      'secrequestmaxnumargs'        => $secrequestmaxnumargs,
-      'allowed_methods'             => $allowed_methods,
-      'content_types'               => $content_types,
-      'restricted_extensions'       => $restricted_extensions,
-      'restricted_headers'          => $restricted_headers,
-      'paranoia_level'              => $paranoia_level,
-      'executing_paranoia_level'    => $executing_paranoia_level,
-      'enable_dos_protection'       => $enable_dos_protection,
-      'dos_burst_time_slice'        => $dos_burst_time_slice,
-      'dos_counter_threshold'       => $dos_counter_threshold,
-      'dos_block_timeout'           => $dos_block_timeout,
+      '_secdefaultaction'          => $_secdefaultaction,
-      '_secdefaultaction'          => $_secdefaultaction,
+      'secdefaultaction'          => $_secdefaultaction,
-      '_secdefaultaction'          => $_secdefaultaction,
+      'secdefaultaction'          => $_secdefaultaction,
+      'critical_anomaly_score'     => $critical_anomaly_score,
+      'error_anomaly_score'        => $error_anomaly_score,
+      'warning_anomaly_score'      => $warning_anomaly_score,
+      'notice_anomaly_score'       => $notice_anomaly_score,
+      'inbound_anomaly_threshold'  => $inbound_anomaly_threshold,
+      'outbound_anomaly_threshold' => $outbound_anomaly_threshold,
+      'secrequestmaxnumargs'       => $secrequestmaxnumargs,
+      'allowed_methods'            => $allowed_methods,
+      'content_types'              => $content_types,
+      'restricted_extensions'      => $restricted_extensions,
+      'restricted_headers'         => $restricted_headers,
+      'paranoia_level'             => $paranoia_level,
+      'executing_paranoia_level'   => $executing_paranoia_level,
+      'enable_dos_protection'      => $enable_dos_protection,
+      'dos_burst_time_slice'       => $dos_burst_time_slice,
+      'dos_counter_threshold'      => $dos_counter_threshold,
+      'dos_block_timeout'          => $dos_block_timeout,
     }
 
     file { "${modsec_dir}/security_crs.conf":
       ensure  => file,
-      content => template('apache/mod/security_crs.conf.erb'),
+      content => epp('apache/mod/security_crs.conf.epp', $security_crs_parameters),
       require => File[$modsec_dir],
       notify  => Class['apache::service'],
     }

@@ -39,12 +39,17 @@
 
   $requires_defaults = 'ip 127.0.0.1 ::1'
 
-  # Template uses $extended_status, $status_path
+  $status_params = {
+    'extended_status'   => $extended_status,
+    'status_path'       => $status_path,
+    'requires'          => $requires,
+    'requires_defaults' => $requires_defaults,
+  }
   file { 'status.conf':
     ensure  => file,
     path    => "${apache::mod_dir}/status.conf",
     mode    => $apache::file_mode,
-    content => template('apache/mod/status.conf.erb'),
+    content => epp('apache/mod/status.conf.epp', $status_params),
     require => Exec["mkdir ${apache::mod_dir}"],
     before  => File[$apache::mod_dir],
     notify  => Class['apache::service'],