site.pp classification schemes

site.pp

# OPTION A
#   - Hard failure if pp_role isn't defined.
#   - No check to see if the role exists
node default {

  # Save the trusted pp_role to a shorter variable so it's easier to work with.
  $role = $trusted['extensions']['pp_role']

  case $role {
    default: {
      include $role
    }
    undef, '': {
      fail("${trusted['certname']} does not have a pp_role trusted fact!")
    }
  }

}

# OPTION B
#   - Warning if pp_role not defined
#   - Check to see if the role exists
#   - Fall back to using the base profile
node default {

  # Save the trusted pp_role to a shorter variable so it's easier to work with.
  $role = $trusted['extensions']['pp_role']

  case $role {
    default: {

      # Check if the role class has been defined.
      # Include it if so. If not, include the base profile and a warning.
      if defined($role) {
        include $role
      } else {
        notify { "No matching role for ${role} found":
          loglevel => 'warning',
        }
        include profile::base
      }

    }
    undef, '': {
      notify { "${trusted['certname']} does not have a pp_role trusted fact!":
        loglevel => 'warning',
      }
      include profile::base
    }
  }

}

defined(Type[Class[role::foo]]) is a more specific way of checking that a class exists and can be included.

defined('role::foo') doesn't distinguish between classes and defined types.

Also of note, defined(Class[role::foo]) checks if the class has already been included in the catalog (which isn't what we want here).