diff --git a/manifests/vhost.pp b/manifests/vhost.pp index ad0c312146..ea3376ecd0 100644 --- a/manifests/vhost.pp +++ b/manifests/vhost.pp @@ -1800,7 +1800,7 @@ Variant[Boolean,String] $access_log_syslog = false, Variant[Boolean,String] $access_log_format = false, Variant[Boolean,String] $access_log_env_var = false, - Optional[Array] $access_logs = undef, + Optional[Array[Hash]] $access_logs = undef, Boolean $use_servername_for_filenames = false, Boolean $use_port_for_filenames = false, Optional[Variant[Array[Hash],Hash,String]] $aliases = undef, @@ -1853,13 +1853,13 @@ Optional[Variant[Array[String],String]] $redirectmatch_status = undef, Optional[Variant[Array[String],String]] $redirectmatch_regexp = undef, Optional[Variant[Array[String],String]] $redirectmatch_dest = undef, - Optional[String] $headers = undef, - Optional[Array[String]] $request_headers = undef, - Optional[Array[String]] $filters = undef, - Optional[Array] $rewrites = undef, - Optional[String] $rewrite_base = undef, - Optional[Variant[Array[String],String]] $rewrite_rule = undef, - Optional[Variant[Array[String],String]] $rewrite_cond = undef, + Array[String[1]] $headers = [], + Array[String[1]] $request_headers = [], + Array[String[1]] $filters = [], + Array[Hash] $rewrites = [], + Optional[String[1]] $rewrite_base = undef, + Optional[String[1]] $rewrite_rule = undef, + Array[String[1]] $rewrite_cond = [], Boolean $rewrite_inherit = false, Variant[Array[String],String] $setenv = [], Variant[Array[String],String] $setenvif = [], @@ -1954,11 +1954,11 @@ Optional[String] $add_default_charset = undef, Boolean $modsec_disable_vhost = false, Optional[Variant[Hash, Array]] $modsec_disable_ids = undef, - Optional[Array[String]] $modsec_disable_ips = undef, + Array[String[1]] $modsec_disable_ips = [], Optional[Variant[Hash, Array]] $modsec_disable_msgs = undef, Optional[Variant[Hash, Array]] $modsec_disable_tags = undef, Optional[String] $modsec_body_limit = undef, - Optional[Array[Hash]] $jk_mounts = undef, + Array[Hash] $jk_mounts = [], Boolean $auth_kerb = false, Enum['on', 'off'] $krb_method_negotiate = 'on', Enum['on', 'off'] $krb_method_k5passwd = 'on', @@ -1997,13 +1997,6 @@ $apache_name = $apache::apache_name - if $rewrites { - unless empty($rewrites) { - $rewrites_flattened = delete_undef_values(flatten([$rewrites])) - assert_type(Array[Hash], $rewrites_flattened) - } - } - # Input validation begins if $access_log_file and $access_log_pipe { @@ -2225,13 +2218,6 @@ } } - # Load mod_rewrite if needed and not yet loaded - if $rewrites or $rewrite_cond { - if ! defined(Class['apache::mod::rewrite']) { - include apache::mod::rewrite - } - } - # Load mod_alias if needed and not yet loaded if ($scriptalias or $scriptaliases != []) or ($aliases and $aliases != []) @@ -2259,20 +2245,6 @@ } } - # Check if mod_headers is required to process $headers/$request_headers - if $headers or $request_headers { - if ! defined(Class['apache::mod::headers']) { - include apache::mod::headers - } - } - - # Check if mod_filter is required to process $filters - if $filters { - if ! defined(Class['apache::mod::filter']) { - include apache::mod::filter - } - } - # Check if mod_env is required and not yet loaded. # create an expression to simplify the conditional check $use_env_mod = $setenv and ! empty($setenv) @@ -2487,13 +2459,12 @@ } # Template uses: - # - $access_log + # - $_access_logs # - $_access_log_env_var # - $access_log_destination # - $_access_log_format # - $_access_log_env_var - # - $access_logs - if $access_log or $access_logs { + if !empty($_access_logs) { concat::fragment { "${name}-access_log": target => "${priority_real}${filename}.conf", order => 100, @@ -2534,7 +2505,9 @@ # Template uses: # - $headers - if $headers and ! empty($headers) { + if ! empty($headers) and $ensure == 'present' { + include apache::mod::headers + concat::fragment { "${name}-header": target => "${priority_real}${filename}.conf", order => 140, @@ -2544,7 +2517,9 @@ # Template uses: # - $request_headers - if $request_headers and ! empty($request_headers) { + if ! empty($request_headers) and $ensure == 'present' { + include apache::mod::headers + concat::fragment { "${name}-requestheader": target => "${priority_real}${filename}.conf", order => 150, @@ -2613,7 +2588,9 @@ # - $rewrite_rule # - $rewrite_cond # - $rewrite_map - if $rewrites or $rewrite_rule { + if (! empty($rewrites) or $rewrite_rule) and $ensure == 'present' { + include apache::mod::rewrite + concat::fragment { "${name}-rewrite": target => "${priority_real}${filename}.conf", order => 190, @@ -2899,7 +2876,7 @@ # - $modsec_disable_tags # - $modsec_body_limit # - $modsec_audit_log_destination - if $modsec_disable_vhost or $modsec_disable_ids or $modsec_disable_ips or $modsec_disable_msgs or $modsec_disable_tags or $modsec_audit_log_destination { + if $modsec_disable_vhost or $modsec_disable_ids or !empty($modsec_disable_ips) or $modsec_disable_msgs or $modsec_disable_tags or $modsec_audit_log_destination { concat::fragment { "${name}-security": target => "${priority_real}${filename}.conf", order => 320, @@ -2909,7 +2886,9 @@ # Template uses: # - $filters - if $filters and ! empty($filters) { + if ! empty($filters) and $ensure == 'present' { + include apache::mod::filter + concat::fragment { "${name}-filters": target => "${priority_real}${filename}.conf", order => 330, @@ -2919,7 +2898,9 @@ # Template uses: # - $jk_mounts - if $jk_mounts and ! empty($jk_mounts) { + if !empty($jk_mounts) and $ensure == 'present' { + include apache::mod::jk + concat::fragment { "${name}-jk_mounts": target => "${priority_real}${filename}.conf", order => 340, diff --git a/spec/defines/vhost_spec.rb b/spec/defines/vhost_spec.rb index f79fb4065e..3a408977cc 100644 --- a/spec/defines/vhost_spec.rb +++ b/spec/defines/vhost_spec.rb @@ -385,7 +385,7 @@ 'redirectmatch_status' => ['404'], 'redirectmatch_regexp' => ['\.git$'], 'redirectmatch_dest' => ['http://www.example.com'], - 'headers' => 'Set X-Robots-Tag "noindex, noarchive, nosnippet"', + 'headers' => ['Set X-Robots-Tag "noindex, noarchive, nosnippet"'], 'request_headers' => ['append MirrorID "mirror 12"'], 'rewrites' => [ { @@ -403,7 +403,7 @@ ], 'rewrite_base' => '/', 'rewrite_rule' => '^index\.html$ welcome.html', - 'rewrite_cond' => '%{HTTP_USER_AGENT} ^MSIE', + 'rewrite_cond' => ['%{HTTP_USER_AGENT} ^MSIE'], 'rewrite_inherit' => true, 'setenv' => ['FOO=/bin/true'], 'setenvif' => 'Request_URI "\.gif$" object_is_image=gif', diff --git a/templates/vhost/_filters.erb b/templates/vhost/_filters.erb index b862597349..bb36fc3914 100644 --- a/templates/vhost/_filters.erb +++ b/templates/vhost/_filters.erb @@ -1,10 +1,8 @@ -<% if @filters and ! @filters.empty? -%> +<% unless @filters.empty? -%> ## Filter module rules ## as per http://httpd.apache.org/docs/2.2/mod/mod_filter.html - <%- Array(@filters).each do |filter| -%> - <%- if filter != '' -%> + <%- @filters.each do |filter| -%> <%= filter %> - <%- end -%> <%- end -%> <% end -%> diff --git a/templates/vhost/_header.erb b/templates/vhost/_header.erb index c0f68c8257..54f84cac5a 100644 --- a/templates/vhost/_header.erb +++ b/templates/vhost/_header.erb @@ -1,10 +1,8 @@ -<% if @headers and ! @headers.empty? -%> +<% unless @headers.empty? -%> ## Header rules - ## as per http://httpd.apache.org/docs/2.2/mod/mod_headers.html#header - <%- Array(@headers).each do |header_statement| -%> - <%- if header_statement != '' -%> + ## as per http://httpd.apache.org/docs/2.4/mod/mod_headers.html#header + <%- @headers.each do |header_statement| -%> Header <%= header_statement %> - <%- end -%> <%- end -%> <% end -%> diff --git a/templates/vhost/_jk_mounts.erb b/templates/vhost/_jk_mounts.erb index 8cb1d116bb..3bd5a721a6 100644 --- a/templates/vhost/_jk_mounts.erb +++ b/templates/vhost/_jk_mounts.erb @@ -1,12 +1,10 @@ -<% if @jk_mounts and not @jk_mounts.empty? -%> +<% unless @jk_mounts.empty? -%> <%- @jk_mounts.each do |jk| -%> - <%- if jk.is_a?(Hash) -%> - <%- if jk.has_key?('mount') and jk.has_key?('worker') -%> + <%- if jk.has_key?('mount') and jk.has_key?('worker') -%> JkMount <%= jk['mount'] %> <%= jk['worker'] %> - <%- elsif jk.has_key?('unmount') and jk.has_key?('worker') -%> + <%- elsif jk.has_key?('unmount') and jk.has_key?('worker') -%> JkUnMount <%= jk['unmount'] %> <%= jk['worker'] %> - <%- end -%> <%- end -%> <%- end -%> <% end -%> diff --git a/templates/vhost/_requestheader.erb b/templates/vhost/_requestheader.erb index 9f175052b5..56ee68b299 100644 --- a/templates/vhost/_requestheader.erb +++ b/templates/vhost/_requestheader.erb @@ -1,10 +1,8 @@ -<% if @request_headers and ! @request_headers.empty? -%> +<% unless @request_headers.empty? -%> ## Request header rules - ## as per http://httpd.apache.org/docs/2.2/mod/mod_headers.html#requestheader - <%- Array(@request_headers).each do |request_statement| -%> - <%- if request_statement != '' -%> + ## as per http://httpd.apache.org/docs/2.4/mod/mod_headers.html#requestheader + <%- @request_headers.each do |request_statement| -%> RequestHeader <%= request_statement %> - <%- end -%> <%- end -%> <% end -%> diff --git a/templates/vhost/_rewrite.erb b/templates/vhost/_rewrite.erb index 282733757c..f4ac5a3174 100644 --- a/templates/vhost/_rewrite.erb +++ b/templates/vhost/_rewrite.erb @@ -8,7 +8,7 @@ RewriteBase <%= @rewrite_base %> <%- end -%> - <%- [@rewrites].flatten.compact.each do |rewrite_details| -%> + <%- @rewrites.each do |rewrite_details| -%> <%- if rewrite_details['comment'] -%> #<%= rewrite_details['comment'] %> <%- end -%> @@ -44,10 +44,8 @@ <%- if @rewrite_base -%> RewriteBase <%= @rewrite_base %> <%- end -%> - <%- if @rewrite_cond -%> - <%- Array(@rewrite_cond).each do |cond| -%> + <%- @rewrite_cond.each do |cond| -%> RewriteCond <%= cond %> - <%- end -%> <%- end -%> RewriteRule <%= @rewrite_rule %> <%- end -%> diff --git a/templates/vhost/_security.erb b/templates/vhost/_security.erb index dc35c78af1..a7e02e6c59 100644 --- a/templates/vhost/_security.erb +++ b/templates/vhost/_security.erb @@ -14,9 +14,8 @@ <% end -%> <% end -%> -<% ips = Array(@modsec_disable_ips).join(',') %> -<% if ips != '' %> - SecRule REMOTE_ADDR "<%= ips %>" "nolog,allow,id:1234123455" +<% unless @modsec_disable_ips.empty? %> + SecRule REMOTE_ADDR "<%= @modsec_disable_ips.join(',') %>" "nolog,allow,id:1234123455" SecAction "phase:2,pass,nolog,id:1234123456" <% end -%> <% if @_modsec_disable_msgs.is_a?(Hash) -%>