From 37f8af4b3a9c7698a8f4e031b294b9f88245b951 Mon Sep 17 00:00:00 2001
From: "Adrien \"ze\" Urban" <aur@nbs-system.com>
Date: Thu, 28 Jun 2018 13:26:01 +0000
Subject: [PATCH] vhosts/standard: rewrite, simplify code

* No more if.
* Allow lookup to set default value for all docroot
* updated pillar.example
---
 apache/vhosts/standard.sls | 8 ++------
 pillar.example             | 9 +++++++--
 2 files changed, 9 insertions(+), 8 deletions(-)

diff --git a/apache/vhosts/standard.sls b/apache/vhosts/standard.sls
index 0480a26..678f3de 100644
--- a/apache/vhosts/standard.sls
+++ b/apache/vhosts/standard.sls
@@ -26,12 +26,8 @@ include:
   file.directory:
     - name: {{ documentroot }}
     - makedirs: True
-{% if site.get('DocumentRootUser') %}
-    - user: {{ site.DocumentRootUser }}
-{% endif %}
-{% if site.get('DocumentRootGroup') %}
-    - group: {{ site.DocumentRootGroup }}
-{% endif %}
+    - user: {{ site.get('DocumentRootUser', apache.get('document_root_user'))|json }}
+    - group: {{ site.get('DocumentRootGroup', apache.get('document_root_group'))|json }}
     - allow_symlink: True
 {% endif %}
 
diff --git a/pillar.example b/pillar.example
index 9d8330b..5eb5cf2 100644
--- a/pillar.example
+++ b/pillar.example
@@ -26,6 +26,11 @@ apache:
     # Default value for AddDefaultCharset in RedHat configuration
     default_charset: 'UTF-8'
 
+    # Should we enforce DocumentRoot user/group?
+    # Default: do not enforce
+    document_root_user: www-data   # Force user if specified, leave it default if not
+    document_root_group: null      # Do not enforce group
+
   global:
     # global apache directives
     AllowEncodedSlashes: 'On'
@@ -71,8 +76,8 @@ apache:
       CustomLog: /path/to/logs/example.com-access.log # E.g.: /var/log/apache2/example.com-access.log
 
       DocumentRoot: /path/to/www/dir/example.com # E.g., /var/www/example.com
-      DocumentRootUser: www-data   # Force user if specified, leave it default if not
-      DocumentRootGroup: www-data  # Force group if specified, leave it default if not
+      DocumentRootUser: null       # do not enforce user, defaults to lookup:document_root_user
+      DocumentRootGroup: www-data  # Force group, defaults to lookup:document_root_group
 
       SSLCertificateFile: /etc/ssl/mycert.pem # if ssl is desired
       SSLCertificateKeyFile: /etc/ssl/mycert.pem.key # if key for cert is needed or in an extra file
-- 
GitLab