puppetlabs · ekohl · Jun 15, 2022 · Jun 15, 2022 · Jun 15, 2022 · Jun 15, 2022
@@ -1800,7 +1800,7 @@
   Variant[Boolean,String] $access_log_syslog                                          = false,
   Variant[Boolean,String] $access_log_format                                          = false,
   Variant[Boolean,String] $access_log_env_var                                         = false,
-  Optional[Array] $access_logs                                                        = undef,
+  Optional[Array[Hash]] $access_logs                                                  = undef,
   Boolean $use_servername_for_filenames                                               = false,
   Boolean $use_port_for_filenames                                                     = false,
   Optional[Variant[Array[Hash],Hash,String]] $aliases                                 = undef,
@@ -1853,13 +1853,13 @@
   Optional[Variant[Array[String],String]] $redirectmatch_status                       = undef,
   Optional[Variant[Array[String],String]] $redirectmatch_regexp                       = undef,
   Optional[Variant[Array[String],String]] $redirectmatch_dest                         = undef,
-  Optional[String] $headers                                                           = undef,
-  Optional[Array[String]] $request_headers                                            = undef,
-  Optional[Array[String]] $filters                                                    = undef,
-  Optional[Array] $rewrites                                                           = undef,
-  Optional[String] $rewrite_base                                                      = undef,
-  Optional[Variant[Array[String],String]] $rewrite_rule                               = undef,
-  Optional[Variant[Array[String],String]] $rewrite_cond                               = undef,
+  Array[String[1]] $headers                                                           = [],
+  Array[String[1]] $request_headers                                                   = [],
+  Array[String[1]] $filters                                                           = [],
+  Array[Hash] $rewrites                                                               = [],
+  Optional[String[1]] $rewrite_base                                                   = undef,
+  Optional[String[1]] $rewrite_rule                                                   = undef,
+  Array[String[1]] $rewrite_cond                                                      = [],
   Boolean $rewrite_inherit                                                            = false,
   Variant[Array[String],String] $setenv                                               = [],
   Variant[Array[String],String] $setenvif                                             = [],
@@ -1954,11 +1954,11 @@
   Optional[String] $add_default_charset                                               = undef,
   Boolean $modsec_disable_vhost                                                       = false,
   Optional[Variant[Hash, Array]] $modsec_disable_ids                                  = undef,
-  Optional[Array[String]] $modsec_disable_ips                                         = undef,
+  Array[String[1]] $modsec_disable_ips                                                = [],
   Optional[Variant[Hash, Array]] $modsec_disable_msgs                                 = undef,
   Optional[Variant[Hash, Array]] $modsec_disable_tags                                 = undef,
   Optional[String] $modsec_body_limit                                                 = undef,
-  Optional[Array[Hash]] $jk_mounts                                                    = undef,
+  Array[Hash] $jk_mounts                                                              = [],
   Boolean $auth_kerb                                                                  = false,
   Enum['on', 'off'] $krb_method_negotiate                                             = 'on',
   Enum['on', 'off'] $krb_method_k5passwd                                              = 'on',
@@ -1997,13 +1997,6 @@
 
   $apache_name = $apache::apache_name
 
-  if $rewrites {
-    unless empty($rewrites) {
-      $rewrites_flattened = delete_undef_values(flatten([$rewrites]))
-      assert_type(Array[Hash], $rewrites_flattened)
-    }
-  }
-
   # Input validation begins
 
   if $access_log_file and $access_log_pipe {
@@ -2225,13 +2218,6 @@
     }
   }
 
-  # Load mod_rewrite if needed and not yet loaded
-  if $rewrites or $rewrite_cond {
-    if ! defined(Class['apache::mod::rewrite']) {
-      include apache::mod::rewrite
-    }
-  }
-
   # Load mod_alias if needed and not yet loaded
   if ($scriptalias or $scriptaliases != [])
   or ($aliases and $aliases != [])
@@ -2259,20 +2245,6 @@
     }
   }
 
-  # Check if mod_headers is required to process $headers/$request_headers
-  if $headers or $request_headers {
-    if ! defined(Class['apache::mod::headers']) {
-      include apache::mod::headers
-    }
-  }
-
-  # Check if mod_filter is required to process $filters
-  if $filters {
-    if ! defined(Class['apache::mod::filter']) {
-      include apache::mod::filter
-    }
-  }
-
   # Check if mod_env is required and not yet loaded.
   # create an expression to simplify the conditional check
   $use_env_mod = $setenv and ! empty($setenv)
@@ -2487,13 +2459,12 @@
   }
 
   # Template uses:
-  # - $access_log
+  # - $_access_logs
   # - $_access_log_env_var
   # - $access_log_destination
   # - $_access_log_format
   # - $_access_log_env_var
-  # - $access_logs
-  if $access_log or $access_logs {
+  if !empty($_access_logs) {
     concat::fragment { "${name}-access_log":
       target  => "${priority_real}${filename}.conf",
       order   => 100,
@@ -2534,7 +2505,9 @@
 
   # Template uses:
   # - $headers
-  if $headers and ! empty($headers) {
+  if ! empty($headers) and $ensure == 'present' {
+    include apache::mod::headers
+
     concat::fragment { "${name}-header":
       target  => "${priority_real}${filename}.conf",
       order   => 140,
@@ -2544,7 +2517,9 @@
 
   # Template uses:
   # - $request_headers
-  if $request_headers and ! empty($request_headers) {
+  if ! empty($request_headers) and $ensure == 'present' {
+    include apache::mod::headers
+
     concat::fragment { "${name}-requestheader":
       target  => "${priority_real}${filename}.conf",
       order   => 150,
@@ -2613,7 +2588,9 @@
   # - $rewrite_rule
   # - $rewrite_cond
   # - $rewrite_map
-  if $rewrites or $rewrite_rule {
+  if (! empty($rewrites) or $rewrite_rule) and $ensure == 'present' {
+    include apache::mod::rewrite
+
     concat::fragment { "${name}-rewrite":
       target  => "${priority_real}${filename}.conf",
       order   => 190,
@@ -2899,7 +2876,7 @@
   # - $modsec_disable_tags
   # - $modsec_body_limit
   # - $modsec_audit_log_destination
-  if $modsec_disable_vhost or $modsec_disable_ids or $modsec_disable_ips or $modsec_disable_msgs or $modsec_disable_tags or $modsec_audit_log_destination {
+  if $modsec_disable_vhost or $modsec_disable_ids or !empty($modsec_disable_ips) or $modsec_disable_msgs or $modsec_disable_tags or $modsec_audit_log_destination {
     concat::fragment { "${name}-security":
       target  => "${priority_real}${filename}.conf",
       order   => 320,
@@ -2909,7 +2886,9 @@
 
   # Template uses:
   # - $filters
-  if $filters and ! empty($filters) {
+  if ! empty($filters) and $ensure == 'present' {
+    include apache::mod::filter
+
     concat::fragment { "${name}-filters":
       target  => "${priority_real}${filename}.conf",
       order   => 330,
@@ -2919,7 +2898,9 @@
 
   # Template uses:
   # - $jk_mounts
-  if $jk_mounts and ! empty($jk_mounts) {
+  if !empty($jk_mounts) and $ensure == 'present' {
+    include apache::mod::jk
+
     concat::fragment { "${name}-jk_mounts":
       target  => "${priority_real}${filename}.conf",
       order   => 340,

@@ -385,7 +385,7 @@
               'redirectmatch_status'        => ['404'],
               'redirectmatch_regexp'        => ['\.git$'],
               'redirectmatch_dest'          => ['http://www.example.com'],
-              'headers'                     => 'Set X-Robots-Tag "noindex, noarchive, nosnippet"',
+              'headers'                     => ['Set X-Robots-Tag "noindex, noarchive, nosnippet"'],
               'request_headers'             => ['append MirrorID "mirror 12"'],
               'rewrites'                    => [
                 {
@@ -403,7 +403,7 @@
               ],
               'rewrite_base'                => '/',
               'rewrite_rule'                => '^index\.html$ welcome.html',
-              'rewrite_cond'                => '%{HTTP_USER_AGENT} ^MSIE',
+              'rewrite_cond'                => ['%{HTTP_USER_AGENT} ^MSIE'],
               'rewrite_inherit'             => true,
               'setenv'                      => ['FOO=/bin/true'],
               'setenvif'                    => 'Request_URI "\.gif$" object_is_image=gif',

@@ -1,10 +1,8 @@
-<% if @filters and ! @filters.empty? -%>
+<% unless @filters.empty? -%>
 
   ## Filter module rules
   ## as per http://httpd.apache.org/docs/2.2/mod/mod_filter.html
-  <%- Array(@filters).each do |filter| -%>
-    <%- if filter != '' -%>
+  <%- @filters.each do |filter| -%>
   <%= filter %>
-    <%- end -%>
   <%- end -%>
 <% end -%>
@@ -1,10 +1,8 @@
-<% if @headers and ! @headers.empty? -%>
+<% unless @headers.empty? -%>
 
   ## Header rules
-  ## as per http://httpd.apache.org/docs/2.2/mod/mod_headers.html#header
-  <%- Array(@headers).each do |header_statement| -%>
-    <%- if header_statement != '' -%>
+  ## as per http://httpd.apache.org/docs/2.4/mod/mod_headers.html#header
+  <%- @headers.each do |header_statement| -%>
   Header <%= header_statement %>
-    <%- end -%>
   <%- end -%>
 <% end -%>
@@ -1,12 +1,10 @@
-<% if @jk_mounts and not @jk_mounts.empty? -%>
+<% unless @jk_mounts.empty? -%>
 
   <%- @jk_mounts.each do |jk| -%>
-    <%- if jk.is_a?(Hash) -%>
-      <%- if jk.has_key?('mount') and jk.has_key?('worker') -%>
+    <%- if jk.has_key?('mount') and jk.has_key?('worker') -%>
   JkMount   <%= jk['mount'] %> <%= jk['worker'] %>
-      <%- elsif jk.has_key?('unmount') and jk.has_key?('worker') -%>
+    <%- elsif jk.has_key?('unmount') and jk.has_key?('worker') -%>
   JkUnMount <%= jk['unmount'] %> <%= jk['worker'] %>
-      <%- end -%>
     <%- end -%>
   <%- end -%>
 <% end -%>
@@ -1,10 +1,8 @@
-<% if @request_headers and ! @request_headers.empty? -%>
+<% unless @request_headers.empty? -%>
 
   ## Request header rules
-  ## as per http://httpd.apache.org/docs/2.2/mod/mod_headers.html#requestheader
-  <%- Array(@request_headers).each do |request_statement| -%>
-    <%- if request_statement != '' -%>
+  ## as per http://httpd.apache.org/docs/2.4/mod/mod_headers.html#requestheader
+  <%- @request_headers.each do |request_statement| -%>
   RequestHeader <%= request_statement %>
-    <%- end -%>
   <%- end -%>
 <% end -%>
@@ -8,7 +8,7 @@
   RewriteBase <%= @rewrite_base %>
   <%- end -%>
 
-  <%- [@rewrites].flatten.compact.each do |rewrite_details| -%>
+  <%- @rewrites.each do |rewrite_details| -%>
     <%- if rewrite_details['comment'] -%>
   #<%= rewrite_details['comment'] %>
     <%- end -%>
@@ -44,10 +44,8 @@
   <%- if @rewrite_base -%>
   RewriteBase <%= @rewrite_base %>
   <%- end -%>
-  <%- if @rewrite_cond -%>
-    <%- Array(@rewrite_cond).each do |cond| -%>
+    <%- @rewrite_cond.each do |cond| -%>
   RewriteCond <%= cond %>
-    <%- end -%>
   <%- end -%>
   RewriteRule <%= @rewrite_rule %>
 <%- end -%>
@@ -14,9 +14,8 @@
   </LocationMatch>
 <%   end -%>
 <% end -%>
-<% ips = Array(@modsec_disable_ips).join(',') %>
-<% if ips != '' %>
-  SecRule REMOTE_ADDR "<%= ips %>" "nolog,allow,id:1234123455"
+<% unless @modsec_disable_ips.empty? %>
+  SecRule REMOTE_ADDR "<%= @modsec_disable_ips.join(',') %>" "nolog,allow,id:1234123455"
   SecAction  "phase:2,pass,nolog,id:1234123456"
 <% end -%>
 <% if @_modsec_disable_msgs.is_a?(Hash) -%>