Validate boolean values used in if-statement

This change ensures the parameters used in if-statement take boolean values, because usage of a different type(eg. String) can cause unexpected evaluation result. [vagrant@localhost ~]$ cat foo.pp $foo = false $bar = 'False' $baz = 'false' if $foo { warning('foo') } if $bar { warning('bar') } if $baz { warning('baz') } [vagrant@localhost ~]$ puppet apply foo.pp Warning: Scope(Class[main]): bar Warning: Scope(Class[main]): baz Notice: Compiled catalog for localhost.localdomain in environment production in 0.02 seconds Notice: Applied catalog in 0.01 seconds [vagrant@localhost ~]$ Change-Id: I5c327c37e700829ffb80b9f58d15607aa883bdc1
2022-08-09 10:47:56 +09:00 · 2022-08-09 10:47:56 +09:00 · ccc9227b12
parent d73e23c4bc
commit ccc9227b12
3 changed files with 26 additions and 7 deletions
--- a/manifests/init.pp
+++ b/manifests/init.pp
@ -85,7 +85,7 @@
 #    to the dashboard for other apps. There is no specific requirement
 #    for these apps to be for monitoring, that's just the de-facto purpose.
 #    Each app is defined in two parts, the display name, and
-#    the URIDefaults to false. Defaults to false. (no app links)
+#    the URIDefaults to false. Defaults to undef. (no app links)
 #
 #  [*keystone_url*]
 #    (optional) Full url of keystone public endpoint. (Defaults to 'http://127.0.0.1:5000')
@ -566,7 +566,7 @@ class horizon(
  $cache_tls_keyfile                   = undef,
  $cache_tls_allowed_ciphers           = undef,
  $manage_memcache_package             = true,
-  $horizon_app_links                   = false,
+  $horizon_app_links                   = undef,
  $keystone_url                        = 'http://127.0.0.1:5000',
  $keystone_default_role               = 'member',
  $django_debug                        = 'False',
@ -656,6 +656,25 @@ class horizon(

  include horizon::deps

+  # Validate boolean parameters to avoid unexpected if-statement result
+  validate_legacy(Boolean, 'validate_bool', $cache_tls_enabled)
+  validate_legacy(Boolean, 'validate_bool', $manage_memcache_package)
+  validate_legacy(Boolean, 'validate_bool', $configure_apache)
+  validate_legacy(Boolean, 'validate_bool', $listen_ssl)
+  validate_legacy(Boolean, 'validate_bool', $ssl_no_verify)
+  validate_legacy(Boolean, 'validate_bool', $ssl_redirect)
+  validate_legacy(Boolean, 'validate_bool', $compress_offline)
+  validate_legacy(Boolean, 'validate_bool', $keystone_multidomain_support)
+  validate_legacy(Boolean, 'validate_bool', $secure_cookies)
+  validate_legacy(Boolean, 'validate_bool', $password_retrieve)
+  validate_legacy(Boolean, 'validate_bool', $disable_password_reveal)
+  validate_legacy(Boolean, 'validate_bool', $enforce_password_check)
+  validate_legacy(Boolean, 'validate_bool', $enable_secure_proxy_ssl_header)
+  validate_legacy(Boolean, 'validate_bool', $disallow_iframe_embed)
+  validate_legacy(Boolean, 'validate_bool', $websso_enabled)
+  validate_legacy(Boolean, 'validate_bool', $websso_choices_hide_keystone)
+  validate_legacy(Boolean, 'validate_bool', $websso_default_redirect)
+
  if $cache_server_url and $cache_server_ip {
    fail('Only one of cache_server_url or cache_server_ip can be set.')
  }
--- a/spec/classes/horizon_init_spec.rb
+++ b/spec/classes/horizon_init_spec.rb
@ -613,13 +613,13 @@ describe 'horizon' do
    context 'with websso enabled' do
      before do
        params.merge!({
-            :websso_enabled => 'True',
+            :websso_enabled        => true,
            :websso_initial_choice => 'acme',
-            :websso_choices => [
+            :websso_choices        => [
              ['oidc', 'OpenID Connect'],
              ['saml2', 'Security Assertion Markup Language'],
            ],
-            :websso_idp_mapping => {
+            :websso_idp_mapping    => {
              'acme_oidc'  => ['acme', 'oidc'],
              'acme_saml2' => ['acme', 'saml2'],
            }
--- a/templates/local_settings.py.erb
+++ b/templates/local_settings.py.erb
@ -178,7 +178,7 @@ HORIZON_CONFIG["password_autocomplete"] = "<%= @password_autocomplete %>"
 # Setting this to True will disable the reveal button for password fields,
 # including on the login form.
 #HORIZON_CONFIG["disable_password_reveal"] = False
-<% if @disable_password_reveal == true -%>
+<% if @disable_password_reveal -%>
 HORIZON_CONFIG["disable_password_reveal"] = True
 <% end -%>

@ -186,7 +186,7 @@ HORIZON_CONFIG["disable_password_reveal"] = True
 # form to verify that it is indeed the admin logged-in who wants to change the
 # password
 #HORIZON_CONFIG["enforce_password_check"] = False
-<% if @enforce_password_check == true -%>
+<% if @enforce_password_check -%>
 HORIZON_CONFIG["enforce_password_check"] = True
 <% end -%>