Use EPP for plugin templates

You can hand EPP a context and it can validate data types. This gives a
higher certainty that a template is rendered correctly. It is also able
to deal with Sensitive data types natively.

manifests/module.pp

@@ -19,10 +19,14 @@
 # @param template_path
 #   An optional template path
 #
+# @param config_context
+#   Context to pass to the template
+#
 define foreman_proxy::module (
   Boolean $enabled = false,
   Foreman_proxy::ListenOn $listen_on = 'https',
   Optional[String] $template_path = undef,
+  Hash[String, Any] $config_context = {},
   String $feature = upcase($title),
 ) {
   if $enabled {
@@ -39,7 +43,7 @@
   }
 
   foreman_proxy::settings_file { $name:
-    module_enabled => $module_enabled,
     template_path  => $template_path,
+    config_context => $config_context + {'module_enabled' => $module_enabled},
   }
 }

manifests/plugin/abrt.pp

@@ -43,9 +43,22 @@
   Optional[Stdlib::Absolutepath] $faf_server_ssl_cert = undef,
   Optional[Stdlib::Absolutepath] $faf_server_ssl_key = undef,
 ) {
+  $context = {
+    abrt_send_log_file      => $abrt_send_log_file,
+    abrt_send_log_file      => $abrt_send_log_file,
+    spooldir                => $spooldir,
+    aggregate_reports       => $aggregate_reports,
+    send_period             => $send_period,
+    faf_server_url          => $faf_server_url,
+    faf_server_ssl_noverify => $faf_server_ssl_noverify,
+    faf_server_ssl_cert     => $faf_server_ssl_cert,
+    faf_server_ssl_key      => $faf_server_ssl_key,
+  }
+
   foreman_proxy::plugin::module { 'abrt':
-    version   => $version,
-    listen_on => $listen_on,
-    enabled   => $enabled,
+    version        => $version,
+    listen_on      => $listen_on,
+    enabled        => $enabled,
+    config_context => $context,
   }
 }

manifests/plugin/module.pp

@@ -22,22 +22,27 @@
 # @param template_path
 #   An optional template path
 #
+# @param config_context
+#   Context to pass to the template
+#
 define foreman_proxy::plugin::module (
   Optional[String] $version = undef,
   Optional[String] $package = undef,
   Boolean $enabled = false,
   Optional[Foreman_proxy::ListenOn] $listen_on = undef,
-  String $template_path = "foreman_proxy/plugin/${title}.yml.erb",
+  String $template_path = "foreman_proxy/plugin/${title}.yml.epp",
   String $feature = $title.capitalize(),
+  Hash[String, Any] $config_context = {},
 ) {
   foreman_proxy::plugin { $title:
     version => $version,
     package => $package,
   }
   -> foreman_proxy::module { $name:
-    enabled       => $enabled,
-    feature       => $feature,
-    listen_on     => $listen_on,
-    template_path => $template_path,
+    enabled        => $enabled,
+    feature        => $feature,
+    listen_on      => $listen_on,
+    template_path  => $template_path,
+    config_context => $config_context,
   }
 }

manifests/settings_file.pp

@@ -3,9 +3,6 @@
 # @param ensure
 #   Whether the config file should be a file or absent
 #
-# @param module_enabled
-#   If module is enabled or not. Only relevant when it's a module.
-#
 # @param path
 #   Path to module's settings file
 #
@@ -23,18 +20,18 @@
 #
 define foreman_proxy::settings_file (
   Enum['file', 'absent'] $ensure = 'file',
-  String $module_enabled = 'false',
   Stdlib::Absolutepath $path = "${foreman_proxy::params::config_dir}/settings.d/${title}.yml",
   String $owner = 'root',
   String $group = $foreman_proxy::params::user,
   Stdlib::Filemode $mode = '0640',
   String $template_path = "foreman_proxy/${title}.yml.erb",
+  Hash[String, Any] $config_context = {},
 ) {
   if $ensure == 'absent' {
     $content = undef
   } else {
     $content = if $template_path.match(/\.epp$/) {
-      epp($template_path)
+      epp($template_path, $config_context)
     } elsif $template_path.match(/\.erb$/) {
       template($template_path)
     } else {

templates/plugin/abrt.yml.epp

@@ -0,0 +1,40 @@
+<%- |
+  String $module_enabled,
+  Stdlib::Absolutepath $abrt_send_log_file,
+  Stdlib::Absolutepath $spooldir,
+  Boolean $aggregate_reports,
+  Integer[0] $send_period = 600,
+  Optional[String] $faf_server_url = undef,
+  Boolean $faf_server_ssl_noverify = true,
+  Optional[Stdlib::Absolutepath] $faf_server_ssl_cert = undef,
+  Optional[Stdlib::Absolutepath] $faf_server_ssl_key = undef,
+| -%>
+---
+:enabled: <%= $module_enabled %>
+# Log file for the forwarding script.
+:abrt_send_log_file: <%= $abrt_send_log_file %>
+# Directory where uReports are stored before they are sent
+:spooldir: <%= $spooldir %>
+# Merge duplicate reports before sending (requires the satyr gem)
+:aggregate_reports: <%= $aggregate_reports %>
+# Period (in seconds) after which collected reports are forwarded. Meaningful
+# only if smart-proxy-abrt-send is run as a daemon (not from cron).
+:send_period: <%= $send_period %>
+# FAF server instance the reports will be forwarded to (optional)
+<% if $faf_server_url { -%>
+:server_url: <%= $faf_server_url %>
+# Set to true if FAF server uses self-signed certificate
+:server_ssl_noverify: <%= $faf_server_ssl_noverify %>
+<% } else { %>
+#:server_url: 
+# Set to true if FAF server uses self-signed certificate
+#:server_ssl_noverify: 
+<% } %>
+# Following two options enable client authentication to FAF server
+<% if $faf_server_ssl_cert and $faf_server_ssl_key { -%>
+:server_ssl_cert: <%= $faf_server_ssl_cert %>
+:server_ssl_key: <%= $faf_server_ssl_key %>
+<% } else { %>
+#:server_ssl_cert: 
+#:server_ssl_key: 
+<% } %>