From 98e52892a8d30cd245d2e910cfec0a8377de3c14 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Romain=20Tarti=C3=A8re?= Date: Sat, 4 May 2024 18:18:18 -1000 Subject: [PATCH] Fix CI A required variable in the template does not exist in the class parameters. Maybe nobody use this and we can just ignore this for the next few weeks RedHat 7 (the only OS exercising this code path) is supported? --- templates/mod/security_crs.conf.epp | 18 ++++++++++++++++++ 1 file changed, 18 insertions(+) diff --git a/templates/mod/security_crs.conf.epp b/templates/mod/security_crs.conf.epp index 653fca6466..8f168e4fbf 100644 --- a/templates/mod/security_crs.conf.epp +++ b/templates/mod/security_crs.conf.epp @@ -154,6 +154,24 @@ SecAction \ "id:'900004', \ phase:1, \ t:none, \ + <%- + # We are here in a section that in only evaluated on RedHat 7 and older. + # + # The apache::mod::security class does not have an $anomaly_score_blocking + # parameter, the ERP template was therefore using an undefined variable, + # interpreted as `nil` and which resulted in an empty string. + # + # With the conversion to EPP, Puppet now raise an error when an undefined + # variable is used. In order to unbreak the test suite, we set this + # variable to "on" statically bellow. Maybe this is not what you want and + # a proper fix is welcome. The fact that RedHat 7 reach EOL in a few weeks + # at the time this comment is written, I refrained for a proper fix because + # nobody complained it was broken, and consequently this whole code seems + # not to be used. We will be happy to see it vanish when support for + # RedHat 7 will be removed. + warning("Congratulation! You use a code path that has always been broken, check the code for fixing this!") + $anomaly_score_blocking = 'on' + -%> setvar:tx.anomaly_score_blocking=<%= $anomaly_score_blocking -%>, \ nolog, \ pass"