Tighten apache::vhost::directories parameter

ekohl · ekohl · commit d1d8bc410bb9 · 2022-06-22T12:48:08.000+02:00
This tightens the data type to a simple array of hashes (as the
parameter documentation suggests). This allows the logic to be simpler.
Because of this, it is now fairly easy to include the correct modules if
needed. Some examples (auth_gssapi, headers, proxy, rewrite and setenv)
are implemented but there are more which could be automatically
included.
diff --git a/manifests/vhost.pp b/manifests/vhost.pp
@@ -428,12 +428,14 @@
 #     krb_method_negotiate   => 'on',
 #     krb_auth_realms        => ['EXAMPLE.ORG'],
 #     krb_local_user_mapping => 'on',
-#     directories            => {
-#       path         => '/var/www/html',
-#       auth_name    => 'Kerberos Login',
-#       auth_type    => 'Kerberos',
-#       auth_require => 'valid-user',
-#     },
+#     directories            => [
+#       {
+#         path         => '/var/www/html',
+#         auth_name    => 'Kerberos Login',
+#         auth_type    => 'Kerberos',
+#         auth_require => 'valid-user',
+#       },
+#     ],
 #   }
 #   ```
 # 
@@ -1163,9 +1165,12 @@
 #     suphp_addhandler => 'x-httpd-php',
 #     suphp_engine     => 'on',
 #     suphp_configpath => '/etc/php5/apache2',
-#     directories      => { path => '/home/appuser/myphpapp',
-#       'suphp'        => { user => 'myappuser', group => 'myappgroup' },
-#     }
+#     directories      => [
+#       {
+#         'path'  => '/home/appuser/myphpapp',
+#         'suphp' => { user => 'myappuser', group => 'myappgroup' },
+#       },
+#     ],
 #   }
 #   ```
 #
@@ -1180,9 +1185,12 @@
 #     suphp_addhandler => 'x-httpd-php',
 #     suphp_engine     => 'on',
 #     suphp_configpath => '/etc/php5/apache2',
-#     directories      => { path => '/home/appuser/myphpapp',
-#       'suphp'        => { user => 'myappuser', group => 'myappgroup' },
-#     }
+#     directories      => [
+#       {
+#         'path'  => '/home/appuser/myphpapp',
+#         'suphp' => { user => 'myappuser', group => 'myappgroup' },
+#       },
+#     ],
 #   }
 #   ```
 #
@@ -1197,9 +1205,12 @@
 #     suphp_addhandler => 'x-httpd-php',
 #     suphp_engine     => 'on',
 #     suphp_configpath => '/etc/php5/apache2',
-#     directories      => { path => '/home/appuser/myphpapp',
-#       'suphp'        => { user => 'myappuser', group => 'myappgroup' },
-#     }
+#     directories      => [
+#       {
+#         'path'  => '/home/appuser/myphpapp',
+#         'suphp' => { user => 'myappuser', group => 'myappgroup' },
+#       },
+#     ],
 #   }
 #   ```
 #
@@ -1407,10 +1418,12 @@
 #   ``` puppet
 #   apache::vhost { 'sample.example.net':
 #     docroot     => '/path/to/directory',
-#     directories => {
-#       path    => '/path/to/directory',
-#       headers => 'Set X-Robots-Tag "noindex, noarchive, nosnippet"',
-#     },
+#     directories => [
+#       {
+#         path    => '/path/to/directory',
+#         headers => 'Set X-Robots-Tag "noindex, noarchive, nosnippet"',
+#       },
+#     ],
 #   }
 #   ```
 # 
@@ -1457,7 +1470,6 @@
 # @param gssapi
 #  Specfies mod_auth_gssapi parameters for particular directories in a virtual host directory
 #  ```puppet
-#   include apache::mod::auth_gssapi
 #   apache::vhost { 'sample.example.net':
 #     docroot     => '/path/to/directory',
 #     directories => [
@@ -1804,7 +1816,7 @@
   Boolean $use_servername_for_filenames                                               = false,
   Boolean $use_port_for_filenames                                                     = false,
   Array[Hash] $aliases                                                                = [],
-  Optional[Variant[Hash, Array[Variant[Array,Hash]]]] $directories                    = undef,
+  Optional[Array[Hash]] $directories                                                  = undef,
   Boolean $error_log                                                                  = true,
   Optional[String] $error_log_file                                                    = undef,
   Optional[String] $error_log_pipe                                                    = undef,
@@ -2353,7 +2365,29 @@
   # - $apache_version
   # - $suphp_engine
   # - $shibboleth_enabled
-  if $_directories and ! empty($_directories) {
+  if $_directories and ! empty($_directories) and $ensure == 'present' {
+    $_directories.each |Hash $directory| {
+      if 'gssapi' in $directory {
+        include apache::mod::auth_gssapi
+      }
+
+      if $directory['provider'] =~ 'location' and ('proxy_pass' in $directory or 'proxy_pass_match' in $directory) {
+        include apache::mod::proxy_http
+      }
+
+      if 'request_headers' in $directory {
+        include apache::mod::headers
+      }
+
+      if 'rewrites' in $directory {
+        include apache::mod::rewrite
+      }
+
+      if 'setenv' in $directory {
+        include apache::mod::setenv
+      }
+    }
+
     concat::fragment { "${name}-directories":
       target  => "${priority_real}${filename}.conf",
       order   => 60,
diff --git a/templates/vhost/_directories.erb b/templates/vhost/_directories.erb
@@ -1,8 +1,7 @@
-<% if @_directories and ! @_directories.empty? -%>
 
   <%- scope.setvar('_template_scope', {}) -%>
   ## Directories, there should at least be a declaration for <%= @docroot %>
-  <%- [@_directories].flatten.compact.each do |directory| -%>
+  <%- @_directories.each do |directory| -%>
     <%- if scope.function_versioncmp([@apache_version, '2.4']) >= 0 -%>
       <%- if directory['allow'] and ! [ false, 'false', '' ].include?(directory['allow']) -%>
         <%- scope.function_warning(["Apache::Vhost: Using allow is deprecated in your Apache version"]) -%>
@@ -520,4 +519,3 @@
   </<%= provider %>>
     <%- end -%>
   <%- end -%>
-<%- end -%>
