I have the following resource declared in a Puppet define. There are some parameters beginning with auth_* that control authentication. I'd like to be able to pass that block of parameters, or not pass them, based on the value of a boolean variable i.e. $use_authentication.
It seems that an if statement won't work here, and I don't think that a "selector" will do so either. Felix Frank had a really useful answer in the very closely related question "conditional within define in puppet", but I don't think that strategy will work here, because the parameters that need to be elided are nested two layers deep.
apache::vhost { "$name-non-ssl":
servername => $vhost_name,
docroot => $document_root,
port => 80,
access_log_file => 'access.log',
access_log_format => 'vhost_common',
error_log_file => 'error.log',
directories => [
{path => $document_root,
auth_type => 'Basic',
auth_name => "$name",
auth_user_file => '/somefile.pwd',
auth_require => 'valid-user',
rewrites => [
{
comment => "rule1",
rewrite_base => "/",
rewrite_rule => ['^index\.html$ - [L]']
},
{
comment => "rule2",
rewrite_cond => ['%{REQUEST_FILENAME} !-f', '%{REQUEST_FILENAME} !-d'],
rewrite_rule => ['. /index.html [L]']
}
]}
],
}
The following gives a syntax error: Syntax error at 'if'; expected '}'
apache::vhost { "$name-non-ssl":
... same as previous ...
directories => [
{path => $document_root,
if $use_authentication {
auth_type => 'Basic',
auth_name => "$name",
auth_user_file => '/somefile.pwd',
auth_require => 'valid-user',
}
rewrites => [
...same as before...
]}
],
}
This is tough to handle because you want to dynamically fill in some key/value pairs in a hash that is an element of an array which is a parameter value.
$auth_settings = {
auth_type => 'Basic',
auth_name => "$name",
auth_user_file => '/somefile.pwd',
auth_require => 'valid-user',
}
$base_dir1 = {path => $document_root,
rewrites => [
{
comment => "rule1",
rewrite_base => "/",
rewrite_rule => ['^index\.html$ - [L]']
},
{
comment => "rule2",
rewrite_cond => ['%{REQUEST_FILENAME} !-f', '%{REQUEST_FILENAME} !-d'],
rewrite_rule => ['. /index.html [L]']
}
]
}
if $use_authentication {
$real_dir1 = merge($base_dir1, $auth_settings)
}
else {
$real_dir1 = $base_dir1
}
apache::vhost { "$name-non-ssl":
servername => $vhost_name,
docroot => $document_root,
port => 80,
access_log_file => 'access.log',
access_log_format => 'vhost_common',
error_log_file => 'error.log',
directories => [ $real_dir1 ],
}
Granted, it goes a little wild with the variables.
Write a function that takes what is $base_dir1 above and the boolean value for $use_authentication, and returns the merged hash if appropriate.
apache::vhost { "$name-non-ssl":
servername => $vhost_name,
docroot => $document_root,
port => 80,
access_log_file => 'access.log',
access_log_format => 'vhost_common',
error_log_file => 'error.log',
directories => [ add_auth($use_authentication, { ... }) ],
}
You can nonchalantly do the merge right in the resource declaration. Use a selector to decide what to merge. Readability is out the window with this one.
apache::vhost { "$name-non-ssl":
servername => $vhost_name,
docroot => $document_root,
port => 80,
access_log_file => 'access.log',
access_log_format => 'vhost_common',
error_log_file => 'error.log',
directories => [ merge({path => $document_root,
rewrites => [
{
comment => "rule1",
rewrite_base => "/",
rewrite_rule => ['^index\.html$ - [L]']
},
{
comment => "rule2",
rewrite_cond => ['%{REQUEST_FILENAME} !-f', '%{REQUEST_FILENAME} !-d'],
rewrite_rule => ['. /index.html [L]']
}
]
}, $use_authentication ? {
true => {
auth_type => 'Basic',
auth_name => "$name",
auth_user_file => '/somefile.pwd',
auth_require => 'valid-user',
},
default => {}
}
)
],
}
I didn't bother testing this monster. Not even sure the braces line up.
You might get away with a compromise between (1) and (3), but please lean towards the former.