John, thank you very much for the most informative reply.
On 2014-04-08 16:31, jcbollinger wrote:
> Actually, no, sorting the keys is a primary concern because otherwise
> the computed content may not be stable, which could cause Puppet to
> needlessly update the file.
By that statement I meant that I am aware that we should sort hash keys
before using them, and I usually know how to do it :)
> So, here's an attempt at an ERB template to produce that output from the
> given input:
>
> strongswan.conf.erb:
> -----------------------------
> <%
> default_handler = Proc.new do |v|
> %> = <%= v.to_s %>
> <%
> end
>
> hash_handler = Proc,new do |v|
> %> {
> <%
> v.sort_by { |k,v| k }.each do |pair|
> %><%= pair[0] %><%
> (v.is_a? Hash ? hash_handler : default_handler).call(v)
> end
> %>
> }
> <%
> end
> -%>
> charon <%
> hash_handler.call(@charon_config)
> %>
> ----
Thanks very much for this, I'll get to work on it as soon as we dealt
with the ramifications of CVE-2014-0160.
> I've never tried using procs inside an ERB before, but I think it will
> work, and I haven't come up with another means to handle recursion
> inside a template. Do note, however, that the template is almost all
> Ruby. That's a good sign that you would be better off writing it as a
> custom function
> (http://docs.puppetlabs.com/guides/custom_functions.html) to generate
> the output.
A colleague suggested the same, sounds like a good approach.
> Note, too, that the above ERB, if it works, leaves indentation as an
> exercise for the reader. :-)
I think we can manage that :)
Thanks again!
Andreas
signature.asc
Description: OpenPGP digital signature
