From cec0248653d544967dd922ff0959303ddd2e079f Mon Sep 17 00:00:00 2001
From: Colleen Murphy <colleen@gazlene.net>
Date: Fri, 27 Apr 2018 22:53:36 +0200
Subject: [PATCH] Fix scope of vhost template variables

Dynamic scoping for variables in ERB templates was removed in puppet
4[1] which means that the variables defined in the
manifest cannot be found when it is referenced in
the httpd::vhost defined type and will be evaluated as nil when
puppet runs. Use the scope object instead to be explicit about the
variable's source. The scope object and scope.lookupvar return :undef
instead of nil if the variable is undefined, and we expect it to
sometimes be undefined, so handle that too.

[1] https://puppet.com/docs/puppet/4.10/lang_updating_manifests.html#dynamic-scoping-in-erb

Change-Id: Ie9d943424aafa5d1d09586dc2cb61441c6d2628b
---
 templates/etherpadlite.vhost.erb | 15 ++++++++-------
 1 file changed, 8 insertions(+), 7 deletions(-)

diff --git a/templates/etherpadlite.vhost.erb b/templates/etherpadlite.vhost.erb
index a2d3e01..03d2cca 100644
--- a/templates/etherpadlite.vhost.erb
+++ b/templates/etherpadlite.vhost.erb
@@ -38,20 +38,21 @@
   # MSIE 7 and newer should be able to use keepalive
   BrowserMatch "MSIE [17-9]" ssl-unclean-shutdown
 
-  <% if @auth_openid != nil %>
+  <% auth_openid = scope["etherpad_lite::apache::auth_openid"] %>
+  <% if ! [nil, :undef].include?(auth_openid) %>
   <Location /p/>
       AuthType OpenID
-      AuthName "<%= @auth_openid['banner'] %>"
+      AuthName "<%= auth_openid['banner'] %>"
       AuthOpenIDSecureCookie On
       AuthOpenIDCookieLifespan 3600
       AuthOpenIDTrustRoot https://<%= scope.lookupvar("etherpad_lite::apache::vhost_name") %>
       AuthOpenIDServerName https://<%= scope.lookupvar("etherpad_lite::apache::vhost_name") %>
-      AuthOpenIDSingleIdP <%= @auth_openid['singleIdp'] %>
-      AuthOpenIDTrusted <%= @auth_openid['trusted'] %>
-      <% if @auth_openid['any_valid_user'] %>
+      AuthOpenIDSingleIdP <%= auth_openid['singleIdp'] %>
+      AuthOpenIDTrusted <%= auth_openid['trusted'] %>
+      <% if auth_openid['any_valid_user'] %>
       Require valid-user
-      <% elsif !@auth_openid['users'].empty? %>
-      <% @auth_openid['users'].each do |user| -%>
+      <% elsif !auth_openid['users'].empty? %>
+      <% auth_openid['users'].each do |user| -%>
       Require user <%= user %>
       <% end -%>
       <% end %>