CHANGELOG.md

@@ -2,6 +2,15 @@
 
 All notable changes to this project will be documented in this file. The format is based on [Keep a Changelog](http://keepachangelog.com/en/1.0.0/) and this project adheres to [Semantic Versioning](http://semver.org).
 
+## [v6.1.0](https://github.com/puppetlabs/puppetlabs-haproxy/tree/v6.1.0) (2021-07-06)
+
+[Full Changelog](https://github.com/puppetlabs/puppetlabs-haproxy/compare/v6.0.2...v6.1.0)
+
+### Added
+
+- allow type 'default-server' for balancermember [\#489](https://github.com/puppetlabs/puppetlabs-haproxy/pull/489) ([trefzer](https://github.com/trefzer))
+- Use Puppet-Datatype Sensitive [\#487](https://github.com/puppetlabs/puppetlabs-haproxy/pull/487) ([cocker-cc](https://github.com/cocker-cc))
+
 ## [v6.0.2](https://github.com/puppetlabs/puppetlabs-haproxy/tree/v6.0.2) (2021-06-21)
 
 [Full Changelog](https://github.com/puppetlabs/puppetlabs-haproxy/compare/v6.0.1...v6.0.2)

REFERENCE.md

@@ -665,7 +665,7 @@ Default value: `'haproxy'`
 
 ##### <a name="type"></a>`type`
 
-Data type: `Any`
+Data type: `Enum['server', 'default-server', 'server-template']`
 
 Optional. Defaults to 'server'
 
@@ -1847,7 +1847,7 @@ Default value: `$name`
 
 ##### <a name="users"></a>`users`
 
-Data type: `Any`
+Data type: `Optional[Array[Variant[String, Sensitive[String]]]]`
 
 An array of users in the userlist.
 See http://cbonte.github.io/haproxy-dconv/configuration-1.4.html#3.4-user
@@ -1856,7 +1856,7 @@ Default value: ``undef``
 
 ##### <a name="groups"></a>`groups`
 
-Data type: `Any`
+Data type: `Optional[Array[String]]`
 
 An array of groups in the userlist.
 See http://cbonte.github.io/haproxy-dconv/configuration-1.4.html#3.4-group

manifests/balancermember.pp

@@ -136,7 +136,7 @@
 #
 define haproxy::balancermember (
   $listening_service,
-  $type         = 'server',
+  Enum['server', 'default-server', 'server-template'] $type         = 'server',
   $ports        = undef,
   $port         = undef,
   $server_names = $::hostname,

manifests/userlist.pp

@@ -25,7 +25,7 @@
 #   Optional. Path of the config file where this entry will be added.
 #   Assumes that the parent directory exists.
 #   Default: $haproxy::params::config_file
-# 
+#
 # @param instance
 #   Optional. Defaults to 'haproxy'
 #
@@ -34,15 +34,26 @@
 # Jeremy Kitchen <jeremy@nationbuilder.com>
 #
 define haproxy::userlist (
-  $users = undef,
-  $groups = undef,
-  String $instance = 'haproxy',
-  String $section_name = $name,
-  Optional[Stdlib::Absolutepath] $config_file = undef,
+  Optional[Array[Variant[String, Sensitive[String]]]] $users        = undef,
+  Optional[Array[String]]                             $groups       = undef,
+  String                                              $instance     = 'haproxy',
+  String                                              $section_name = $name,
+  Optional[Stdlib::Absolutepath]                      $config_file  = undef,
 ) {
 
   include ::haproxy::params
 
+  $content = epp(
+    'haproxy/haproxy_userlist_block.epp',
+    {
+      epp_users        => $users,
+      epp_groups       => $groups,
+      epp_section_name => $section_name,
+    },
+  )
+  # we have to unwrap here, as "concat" cannot handle Sensitive Data
+  $_content = if $content =~ Sensitive { $content.unwrap } else { $content }
+
   if $instance == 'haproxy' {
     $instance_name = 'haproxy'
     $_config_file = pick($config_file, $haproxy::config_file)
@@ -51,10 +62,9 @@
     $_config_file = pick($config_file, inline_template($haproxy::params::config_file_tmpl))
   }
 
-  # Template uses $section_name, $users, $groups
   concat::fragment { "${instance_name}-${section_name}_userlist_block":
     order   => "12-${section_name}-00",
     target  => $_config_file,
-    content => template('haproxy/haproxy_userlist_block.erb'),
+    content => $_content,
   }
 }

metadata.json

@@ -1,6 +1,6 @@
 {
   "name": "puppetlabs-haproxy",
-  "version": "6.0.2",
+  "version": "6.1.0",
   "author": "puppetlabs",
   "summary": "Configures HAProxy servers and manages the configuration of backend member servers.",
   "license": "Apache-2.0",

spec/defines/userlist_spec.rb

@@ -19,7 +19,7 @@
         name: 'admins',
         users: [
           'scott insecure-password elgato',
-          'kitchen insecure-password foobar',
+          sensitive('kitchen insecure-password foobar'),
         ],
         groups: [
           'superadmins users kitchen scott',

templates/haproxy_balancermember.erb

@@ -10,4 +10,6 @@
 <% end -%>
 <% elsif @type == 'server-template' -%>
   server-template <%= @prefix %> <%= @amount %> <%= @fqdn %><%= @port ? ":#{@port}" : "" %><%= if @define_cookies then " cookie " + @fqdn end %> <%= Array(@options).sort.join(" ") %><% if @verifyhost == true %> verifyhost <%= @fqdn %><% end %><% if @weight %> weight <%= @weight %><% end %>
-<% end -%>
+<% elsif @type == 'default-server' -%>
+  default-server <%= Array(@options).join(" ") %>
+<% end -%>

templates/haproxy_userlist_block.epp

@@ -0,0 +1,26 @@
+<%- |
+  Optional[Array[Variant[String, Sensitive[String]]]] $epp_users,
+  Optional[Array[String]]                             $epp_groups,
+  String                                              $epp_section_name,
+| -%>
+
+userlist <%= $epp_section_name %>
+<%-
+  $epp_groups.each |String $group| {
+    unless $group.empty {
+-%>
+  group <%= $group %>
+<%-
+    }
+  }
+  $epp_users.each |Variant[String, Sensitive[String]] $user| {
+    # TODO: remove this Workaround, as soon as Function empty() can handle
+    # Sensitive (Pullrequest pending)
+    $user_unsensitive = if $user =~ Sensitive { $user.unwrap } else { $user }
+    unless $user_unsensitive.empty {
+-%>
+  user <%= $user_unsensitive %>
+<%-
+    }
+  }
+-%>