From e3e7b9a56f96fa31d29747916bf5d375766321d2 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Samuli=20Sepp=C3=A4nen?= <samuli@openvpn.net>
Date: Fri, 29 Sep 2017 12:15:35 +0000
Subject: [PATCH 1/2] Migrate to validate_legacy functions

---
 manifests/validate_params.pp | 22 ++++++----------------
 1 file changed, 6 insertions(+), 16 deletions(-)

diff --git a/manifests/validate_params.pp b/manifests/validate_params.pp
index 543192e3..19e0d527 100644
--- a/manifests/validate_params.pp
+++ b/manifests/validate_params.pp
@@ -9,10 +9,7 @@
   }
 
   if $easy_ipa::ip_address != '' {
-    # TODO: validate_legacy
-    if !is_ipv4_address($easy_ipa::ip_address) {
-      fail('The parameter ip_address must pass validation as an IPv4 address.')
-    }
+    validate_legacy('String', 'validate_ip_address', $easy_ipa::ip_address)
   }
 
   if $easy_ipa::manage_host_entry {
@@ -25,15 +22,8 @@
     fail('Parameter "idstart" must be an integer greater than 10000.')
   }
 
-  # TODO: validate_legacy
-  if ! is_domain_name($easy_ipa::domain) {
-    fail('The parameter \'domain\' must pass validation as a domain name.')
-  }
-
-  # TODO: validate_legacy
-  if ! is_domain_name($easy_ipa::final_realm) {
-    fail('The parameter \'realm\' must pass validation as a domain name.')
-  }
+  validate_legacy('String', 'validate_domain_name', $easy_ipa::domain)
+  validate_legacy('String', 'validate_domain_name', $easy_ipa::final_realm)
 
   if $easy_ipa::ipa_role == 'master' {
     if length($easy_ipa::admin_password) < 8 {
@@ -53,12 +43,12 @@
     # TODO: validate_legacy
     if $easy_ipa::ipa_master_fqdn == ''{
       fail("When creating a ${easy_ipa::ipa_role} the parameter named ipa_master_fqdn cannot be empty.")
-    } elsif !is_domain_name($easy_ipa::ipa_master_fqdn) {
-      fail('The parameter \'ipa_master_fqdn\' must pass validation as a domain name.')
     }
 
+    validate_legacy('String', 'validate_domain_name', $easy_ipa::ipa_master_fqdn)
+
     if $easy_ipa::final_domain_join_password == '' {
       fail("When creating a ${easy_ipa::ipa_role} the parameter named domain_join_password cannot be empty.")
     }
   }
-}
\ No newline at end of file
+}

From 0a61c29b0e4ad6359efeddb7de91d87191c8c142 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Samuli=20Sepp=C3=A4nen?= <samuli@openvpn.net>
Date: Fri, 29 Sep 2017 12:37:23 +0000
Subject: [PATCH 2/2] Correctly detect Apache Location directive

Previously the "after" parameter in file_line matches two lines: the real
Location entry and one that had been commented out.
---
 manifests/config/webui.pp | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/manifests/config/webui.pp b/manifests/config/webui.pp
index 75a78d7b..cd345d39 100644
--- a/manifests/config/webui.pp
+++ b/manifests/config/webui.pp
@@ -48,7 +48,7 @@
       path   => '/etc/httpd/conf.d/ipa.conf',
       line   => "  <If \"%{HTTP_HOST} != '${proxy_server_external_fqdn_and_port}'\">",
       notify => Service['httpd'],
-      after  => '<Location\ "/ipa">',
+      after  => '^<Location\ "/ipa">',
     }
 
     file_line{'disable_kerberos_via_if_2':
@@ -59,4 +59,4 @@
       after  => 'ErrorDocument\ 401\ /ipa/errors/unauthorized.html',
     }
   }
-}
\ No newline at end of file
+}