Replace legacy facts and use fact hash

... because the latest lint no longer allows usage of legacy facts and top scope fact. Change-Id: I6e76d095bb0f78ef4962f1150da94e4d4153a374
2023-03-01 13:36:48 +09:00 · 2023-03-01 13:36:48 +09:00 · 729f5d286c
commit 729f5d286c
parent 626681f04d
35 changed files with 340 additions and 388 deletions
--- a/manifests/api.pp
+++ b/manifests/api.pp
@ -24,47 +24,47 @@
 #
 # [*max_allowed_secret_in_bytes*]
 #   (optional) Maximum allowed secret size to be stored.
-#   Defaults to $::os_service_default
+#   Defaults to $facts['os_service_default']
 #
 # [*max_allowed_request_size_in_bytes*]
 #   (optional) Maximum request size against the barbican API.
-#   Defaults to $::os_service_default
+#   Defaults to $facts['os_service_default']
 #
 # [*default_transport_url*]
 #   (optional) Connection url for oslo messaging backend. An example rabbit url
 #   would be, rabbit://user:pass@host:port/virtual_host
-#   Defaults to $::os_service_default
+#   Defaults to $facts['os_service_default']
 #
 # [*rpc_response_timeout*]
 #  (Optional) Seconds to wait for a response from a call.
-#  Defaults to $::os_service_default
+#  Defaults to $facts['os_service_default']
 #
 # [*control_exchange*]
 #   (Optional) The default exchange under which topics are scoped. May be
 #   overridden by an exchange name specified in the transport_url
 #   option.
-#   Defaults to $::os_service_default
+#   Defaults to $facts['os_service_default']
 #
 # [*notification_transport_url*]
 #   (optional) Connection url for oslo messaging notifications backend. An
 #   example rabbit url would be, rabbit://user:pass@host:port/virtual_host
-#   Defaults to $::os_service_default
+#   Defaults to $facts['os_service_default']
 #
 # [*notification_driver*]
 #   (optional) Driver to use for oslo messaging notifications backend.
-#   Defaults to $::os_service_default
+#   Defaults to $facts['os_service_default']
 #
 # [*notification_topics*]
 #   (optional) Topics to use for oslo messaging notifications backend.
-#   Defaults to $::os_service_default
+#   Defaults to $facts['os_service_default']
 #
 # [*rabbit_use_ssl*]
 #   (optional) Connect over SSL for RabbitMQ
-#   Defaults to $::os_service_default
+#   Defaults to $facts['os_service_default']
 #
 # [*rabbit_ha_queues*]
 #   (optional) Use HA queues in RabbitMQ.
-#   Defaults to $::os_service_default
+#   Defaults to $facts['os_service_default']
 #
 # [*rabbit_heartbeat_timeout_threshold*]
 #   (optional) Number of seconds after which the RabbitMQ broker is considered
@ -72,14 +72,14 @@
 #   Heartbeating helps to ensure the TCP connection to RabbitMQ isn't silently
 #   closed, resulting in missed or lost messages from the queue.
 #   (Requires kombu >= 3.0.7 and amqp >= 1.4.0)
-#   Defaults to $::os_service_default
+#   Defaults to $facts['os_service_default']
 #
 # [*rabbit_heartbeat_rate*]
 #   (optional) How often during the rabbit_heartbeat_timeout_threshold period to
 #   check the heartbeat on RabbitMQ connection.  (i.e. rabbit_heartbeat_rate=2
 #   when rabbit_heartbeat_timeout_threshold=60, the heartbeat will be checked
 #   every 30 seconds.
-#   Defaults to $::os_service_default
+#   Defaults to $facts['os_service_default']
 #
 # [*rabbit_heartbeat_in_pthread*]
 #   (Optional) EXPERIMENTAL: Run the health check heartbeat thread
@ -89,43 +89,43 @@
 #   example if the parent process have monkey patched the
 #   stdlib by using eventlet/greenlet then the heartbeat
 #   will be run through a green thread.
-#   Defaults to $::os_service_default
+#   Defaults to $facts['os_service_default']
 #
 # [*amqp_durable_queues*]
 #   (optional) Define queues as "durable" to rabbitmq.
-#   Defaults to $::os_service_default
+#   Defaults to $facts['os_service_default']
 #
 # [*enable_queue*]
 #   (optional) Enable asynchronous queuing
-#   Defaults to $::os_service_default
+#   Defaults to $facts['os_service_default']
 #
 # [*queue_namespace*]
 #   (optional) Namespace for the queue
-#   Defaults to $::os_service_default
+#   Defaults to $facts['os_service_default']
 #
 # [*queue_topic*]
 #   (optional) Topic for the queue
-#   Defaults to $::os_service_default
+#   Defaults to $facts['os_service_default']
 #
 # [*queue_version*]
 #   (optional) Version for the task API
-#   Defaults to $::os_service_default
+#   Defaults to $facts['os_service_default']
 #
 # [*queue_server_name*]
 #   (optional) Server name for RPC service
-#   Defaults to $::os_service_default
+#   Defaults to $facts['os_service_default']
 #
 # [*enabled_secretstore_plugins*]
 #   (optional) Enabled secretstore plugins. Multiple plugins
 #   are defined in a list eg. ['store_crypto', dogtag_crypto']
 #   Used when multiple_secret_stores_enabled is not set to true.
-#   Defaults to $::os_service_default
+#   Defaults to $facts['os_service_default']
 #
 # [*enabled_crypto_plugins*]
 #   (optional) Enabled crypto_plugins.  Multiple plugins
 #   are defined in a list eg. ['simple_crypto','p11_crypto']
 #   Used when multiple_secret_stores_enabled is not set to true.
-#   Defaults to $::os_service_default
+#   Defaults to $facts['os_service_default']
 #
 # [*enabled_secret_stores*]
 #   (optional) Enabled secretstores. This is the configuration
@ -142,46 +142,46 @@
 # [*enabled_certificate_plugins*]
 #   (optional) Enabled certificate plugins as a list.
 #   e.g. ['snakeoil_ca', 'dogtag']
-#   Defaults to $::os_service_default
+#   Defaults to $facts['os_service_default']
 #
 # [*enabled_certificate_event_plugins*]
 #   (optional) Enabled certificate event plugins as a list
-#   Defaults to $::os_service_default
+#   Defaults to $facts['os_service_default']
 #
 # [*kombu_ssl_ca_certs*]
 #   (optional) SSL certification authority file (valid only if SSL enabled).
-#   Defaults to $::os_service_default
+#   Defaults to $facts['os_service_default']
 #
 # [*kombu_ssl_certfile*]
 #   (optional) SSL cert file (valid only if SSL enabled).
-#   Defaults to $::os_service_default
+#   Defaults to $facts['os_service_default']
 #
 # [*kombu_ssl_keyfile*]
 #   (optional) SSL key file (valid only if SSL enabled).
-#   Defaults to $::os_service_default
+#   Defaults to $facts['os_service_default']
 #
 # [*kombu_ssl_version*]
 #   (optional) SSL version to use (valid only if SSL enabled).
 #   Valid values are TLSv1, SSLv23 and SSLv3. SSLv2 may be
 #   available on some distributions.
-#   Defaults to $::os_service_default
+#   Defaults to $facts['os_service_default']
 #
 # [*kombu_reconnect_delay*]
 #   (optional) How long to wait before reconnecting in response to an AMQP
 #   consumer cancel notification.
-#   Defaults to $::os_service_default
+#   Defaults to $facts['os_service_default']
 #
 # [*kombu_failover_strategy*]
 #   (Optional) Determines how the next RabbitMQ node is chosen in case the one
 #   we are currently connected to becomes unavailable. Takes effect only if
 #   more than one RabbitMQ node is provided in config. (string value)
-#   Defaults to $::os_service_default
+#   Defaults to $facts['os_service_default']
 #
 # [*kombu_compression*]
 #   (optional) Possible values are: gzip, bz2. If not set compression will not
 #   be used. This option may notbe available in future versions. EXPERIMENTAL.
 #   (string value)
-#   Defaults to $::os_service_default
+#   Defaults to $facts['os_service_default']
 #
 # [*auth_strategy*]
 #   (optional) authentication type
@ -202,7 +202,7 @@
 # [*db_auto_create*]
 #   (optional) Barbican API server option to create the database
 #   automatically when the server starts.
-#   Defaults to $::os_service_default
+#   Defaults to $facts['os_service_default']
 #
 # [*service_name*]
 #   (optional) Name of the service that will be providing the
@ -216,67 +216,67 @@
 # [*enable_proxy_headers_parsing*]
 #   (Optional) Enable paste middleware to handle SSL requests through
 #   HTTPProxyToWSGI middleware.
-#   Defaults to $::os_service_default.
+#   Defaults to $facts['os_service_default'].
 #
 # [*max_request_body_size*]
 #   (Optional) Set max request body size
-#   Defaults to $::os_service_default.
+#   Defaults to $facts['os_service_default'].
 #
 # [*max_limit_paging*]
 #   (Optional) Maximum page size for the 'limit' paging URL parameter.
-#   Defaults to $::os_service_default
+#   Defaults to $facts['os_service_default']
 #
 # [*default_limit_paging*]
 #   (Optional) Default page size for the 'limit' paging URL parameter.
-#   Defaults to $::os_service_default
+#   Defaults to $facts['os_service_default']
 #
 class barbican::api (
  $package_ensure                                = 'present',
  $bind_host                                     = '0.0.0.0',
  $bind_port                                     = '9311',
  $host_href                                     = undef,
-  $max_allowed_secret_in_bytes                   = $::os_service_default,
-  $max_allowed_request_size_in_bytes             = $::os_service_default,
-  $default_transport_url                         = $::os_service_default,
-  $rpc_response_timeout                          = $::os_service_default,
-  $control_exchange                              = $::os_service_default,
-  $notification_transport_url                    = $::os_service_default,
-  $notification_driver                           = $::os_service_default,
-  $notification_topics                           = $::os_service_default,
-  $rabbit_use_ssl                                = $::os_service_default,
-  $rabbit_heartbeat_timeout_threshold            = $::os_service_default,
-  $rabbit_heartbeat_rate                         = $::os_service_default,
-  $rabbit_heartbeat_in_pthread                   = $::os_service_default,
-  $rabbit_ha_queues                              = $::os_service_default,
-  $amqp_durable_queues                           = $::os_service_default,
-  $enable_queue                                  = $::os_service_default,
-  $queue_namespace                               = $::os_service_default,
-  $queue_topic                                   = $::os_service_default,
-  $queue_version                                 = $::os_service_default,
-  $queue_server_name                             = $::os_service_default,
-  $enabled_secretstore_plugins                   = $::os_service_default,
-  $enabled_crypto_plugins                        = $::os_service_default,
+  $max_allowed_secret_in_bytes                   = $facts['os_service_default'],
+  $max_allowed_request_size_in_bytes             = $facts['os_service_default'],
+  $default_transport_url                         = $facts['os_service_default'],
+  $rpc_response_timeout                          = $facts['os_service_default'],
+  $control_exchange                              = $facts['os_service_default'],
+  $notification_transport_url                    = $facts['os_service_default'],
+  $notification_driver                           = $facts['os_service_default'],
+  $notification_topics                           = $facts['os_service_default'],
+  $rabbit_use_ssl                                = $facts['os_service_default'],
+  $rabbit_heartbeat_timeout_threshold            = $facts['os_service_default'],
+  $rabbit_heartbeat_rate                         = $facts['os_service_default'],
+  $rabbit_heartbeat_in_pthread                   = $facts['os_service_default'],
+  $rabbit_ha_queues                              = $facts['os_service_default'],
+  $amqp_durable_queues                           = $facts['os_service_default'],
+  $enable_queue                                  = $facts['os_service_default'],
+  $queue_namespace                               = $facts['os_service_default'],
+  $queue_topic                                   = $facts['os_service_default'],
+  $queue_version                                 = $facts['os_service_default'],
+  $queue_server_name                             = $facts['os_service_default'],
+  $enabled_secretstore_plugins                   = $facts['os_service_default'],
+  $enabled_crypto_plugins                        = $facts['os_service_default'],
  $enabled_secret_stores                         = 'simple_crypto',
  $multiple_secret_stores_enabled                = false,
-  $enabled_certificate_plugins                   = $::os_service_default,
-  $enabled_certificate_event_plugins             = $::os_service_default,
-  $kombu_ssl_ca_certs                            = $::os_service_default,
-  $kombu_ssl_certfile                            = $::os_service_default,
-  $kombu_ssl_keyfile                             = $::os_service_default,
-  $kombu_ssl_version                             = $::os_service_default,
-  $kombu_reconnect_delay                         = $::os_service_default,
-  $kombu_failover_strategy                       = $::os_service_default,
-  $kombu_compression                             = $::os_service_default,
+  $enabled_certificate_plugins                   = $facts['os_service_default'],
+  $enabled_certificate_event_plugins             = $facts['os_service_default'],
+  $kombu_ssl_ca_certs                            = $facts['os_service_default'],
+  $kombu_ssl_certfile                            = $facts['os_service_default'],
+  $kombu_ssl_keyfile                             = $facts['os_service_default'],
+  $kombu_ssl_version                             = $facts['os_service_default'],
+  $kombu_reconnect_delay                         = $facts['os_service_default'],
+  $kombu_failover_strategy                       = $facts['os_service_default'],
+  $kombu_compression                             = $facts['os_service_default'],
  $auth_strategy                                 = 'keystone',
  $manage_service                                = true,
  $enabled                                       = true,
  $sync_db                                       = true,
-  $db_auto_create                                = $::os_service_default,
+  $db_auto_create                                = $facts['os_service_default'],
  $service_name                                  = $::barbican::params::api_service_name,
-  $enable_proxy_headers_parsing                  = $::os_service_default,
-  $max_request_body_size                         = $::os_service_default,
-  $max_limit_paging                              = $::os_service_default,
-  $default_limit_paging                          = $::os_service_default,
+  $enable_proxy_headers_parsing                  = $facts['os_service_default'],
+  $max_request_body_size                         = $facts['os_service_default'],
+  $max_limit_paging                              = $facts['os_service_default'],
+  $default_limit_paging                          = $facts['os_service_default'],
 ) inherits barbican::params {

  include barbican::deps
@ -292,7 +292,7 @@ class barbican::api (

  # basic service config
  if $host_href == undef {
-    $host_href_real = "http://${::fqdn}:${bind_port}"
+    $host_href_real = "http://${facts['networking']['fqdn']}:${bind_port}"
  } else {
    $host_href_real = $host_href
  }
@ -399,7 +399,7 @@ class barbican::api (

    if $service_name == $::barbican::params::api_service_name {

-      if $::operatingsystem == 'Ubuntu' {
+      if $facts['os']['name'] == 'Ubuntu' {
        fail('With Ubuntu packages the service_name must be set to httpd as there is no eventlet init script.')
      }

@ -413,7 +413,7 @@ class barbican::api (
      }

      # Debian is using UWSGI, not gunicorn
-      if $::operatingsystem != 'Debian' {
+      if $facts['os']['name'] != 'Debian' {
        file_line { 'Modify bind_port in gunicorn-config.py':
          path  => '/etc/barbican/gunicorn-config.py',
          line  => "bind = '${bind_host}:${bind_port}'",
@ -424,7 +424,7 @@ class barbican::api (

    } elsif $service_name == 'httpd' {
      # Ubuntu packages does not have a barbican-api service
-      if $::operatingsystem != 'Ubuntu' {
+      if $facts['os']['name'] != 'Ubuntu' {
        service { 'barbican-api':
          ensure => 'stopped',
          name   => $::barbican::params::api_service_name,
--- a/manifests/api/logging.pp
+++ b/manifests/api/logging.pp
@ -6,72 +6,72 @@
 #
 # [*debug*]
 #   (Optional) Should the daemons log debug messages
-#   Defaults to $::os_service_default
+#   Defaults to $facts['os_service_default']
 #
 # [*use_syslog*]
 #   (Optional) Use syslog for logging.
-#   Defaults to $::os_service_default
+#   Defaults to $facts['os_service_default']
 #
 # [*use_json*]
 #   (Optional) Use json for logging.
-#   Defaults to $::os_service_default
+#   Defaults to $facts['os_service_default']
 #
 # [*use_journal*]
 #   (Optional) Use journal for logging.
-#   Defaults to $::os_service_default
+#   Defaults to $facts['os_service_default']
 #
 # [*use_stderr*]
 #   (Optional) Use stderr for logging
-#   Defaults to $::os_service_default
+#   Defaults to $facts['os_service_default']
 #
 # [*log_facility*]
 #   (Optional) Syslog facility to receive log lines.
-#   Defaults to $::os_service_default
+#   Defaults to $facts['os_service_default']
 #
 # [*log_dir*]
 #   (Optional) Directory where logs should be stored.
-#   If set to $::os_service_default, it will not log to any directory.
+#   If set to $facts['os_service_default'], it will not log to any directory.
 #   Defaults to '/var/log/barbican'
 #
 # [*log_file*]
 #   (Optional) File where logs should be stored.
-#   Defaults to $::os_service_default
+#   Defaults to $facts['os_service_default']
 #
 # [*watch_log_file*]
 #   (Optional) Uses logging handler designed to watch file system (boolean value).
-#   Defaults to $::os_service_default
+#   Defaults to $facts['os_service_default']
 #
 #
 # [*logging_context_format_string*]
 #   (Optional) Format string to use for log messages with context.
-#   Defaults to $::os_service_default
+#   Defaults to $facts['os_service_default']
 #   Example: '%(asctime)s.%(msecs)03d %(process)d %(levelname)s %(name)s\
 #             [%(request_id)s %(user_identity)s] %(instance)s%(message)s'
 #
 # [*logging_default_format_string*]
 #   (Optional) Format string to use for log messages without context.
-#   Defaults to $::os_service_default
+#   Defaults to $facts['os_service_default']
 #   Example: '%(asctime)s.%(msecs)03d %(process)d %(levelname)s %(name)s\
 #             [-] %(instance)s%(message)s'
 #
 # [*logging_debug_format_suffix*]
 #   (Optional) Formatted data to append to log format when level is DEBUG.
-#   Defaults to $::os_service_default
+#   Defaults to $facts['os_service_default']
 #   Example: '%(funcName)s %(pathname)s:%(lineno)d'
 #
 # [*logging_exception_prefix*]
 #   (Optional) Prefix each line of exception output with this format.
-#   Defaults to $::os_service_default
+#   Defaults to $facts['os_service_default']
 #   Example: '%(asctime)s.%(msecs)03d %(process)d TRACE %(name)s %(instance)s'
 #
 # [*log_config_append*]
 #   (Optional) The name of an additional logging configuration file.
-#   Defaults to $::os_service_default
+#   Defaults to $facts['os_service_default']
 #   See https://docs.python.org/2/howto/logging.html
 #
 # [*default_log_levels*]
 #   (Optional) Hash of logger (keys) and level (values) pairs.
-#   Defaults to $::os_service_default
+#   Defaults to $facts['os_service_default']
 #   Example:
 #     { 'amqp'  => 'WARN', 'amqplib' => 'WARN', 'boto' => 'WARN',
 #          'sqlalchemy' => 'WARN', 'suds' => 'INFO',
@ -83,50 +83,50 @@
 #
 # [*publish_errors*]
 #   (Optional) Publish error events (boolean value).
-#   Defaults to $::os_service_default
+#   Defaults to $facts['os_service_default']
 #
 # [*fatal_deprecations*]
 #   (Optional) Make deprecations fatal (boolean value)
-#   Defaults to $::os_service_default
+#   Defaults to $facts['os_service_default']
 #
 # [*instance_format*]
 #   (Optional) If an instance is passed with the log message, format it
 #              like this (string value).
-#   Defaults to $::os_service_default
+#   Defaults to $facts['os_service_default']
 #   Example: '[instance: %(uuid)s] '
 #
 #  [*instance_uuid_format*]
 #    (Optional) If an instance UUID is passed with the log message, format
 #              it like this (string value).
-#    Defaults to $::os_service_default
+#    Defaults to $facts['os_service_default']
 #    Example: instance_uuid_format='[instance: %(uuid)s] '
 #
 # [*log_date_format*]
 #   (Optional) Format string for %%(asctime)s in log records.
-#   Defaults to $::os_service_default
+#   Defaults to $facts['os_service_default']
 #   Example: 'Y-%m-%d %H:%M:%S'
 #
 class barbican::api::logging(
-  $use_syslog                    = $::os_service_default,
-  $use_json                      = $::os_service_default,
-  $use_journal                   = $::os_service_default,
-  $use_stderr                    = $::os_service_default,
-  $log_facility                  = $::os_service_default,
+  $use_syslog                    = $facts['os_service_default'],
+  $use_json                      = $facts['os_service_default'],
+  $use_journal                   = $facts['os_service_default'],
+  $use_stderr                    = $facts['os_service_default'],
+  $log_facility                  = $facts['os_service_default'],
  $log_dir                       = '/var/log/barbican',
-  $log_file                      = $::os_service_default,
-  $watch_log_file                = $::os_service_default,
-  $debug                         = $::os_service_default,
-  $logging_context_format_string = $::os_service_default,
-  $logging_default_format_string = $::os_service_default,
-  $logging_debug_format_suffix   = $::os_service_default,
-  $logging_exception_prefix      = $::os_service_default,
-  $log_config_append             = $::os_service_default,
-  $default_log_levels            = $::os_service_default,
-  $publish_errors                = $::os_service_default,
-  $fatal_deprecations            = $::os_service_default,
-  $instance_format               = $::os_service_default,
-  $instance_uuid_format          = $::os_service_default,
-  $log_date_format               = $::os_service_default,
+  $log_file                      = $facts['os_service_default'],
+  $watch_log_file                = $facts['os_service_default'],
+  $debug                         = $facts['os_service_default'],
+  $logging_context_format_string = $facts['os_service_default'],
+  $logging_default_format_string = $facts['os_service_default'],
+  $logging_debug_format_suffix   = $facts['os_service_default'],
+  $logging_exception_prefix      = $facts['os_service_default'],
+  $log_config_append             = $facts['os_service_default'],
+  $default_log_levels            = $facts['os_service_default'],
+  $publish_errors                = $facts['os_service_default'],
+  $fatal_deprecations            = $facts['os_service_default'],
+  $instance_format               = $facts['os_service_default'],
+  $instance_uuid_format          = $facts['os_service_default'],
+  $log_date_format               = $facts['os_service_default'],
 ) {

  include barbican::deps
--- a/manifests/cors.pp
+++ b/manifests/cors.pp
@ -8,41 +8,41 @@
 #   (Optional) Indicate whether this resource may be shared with the domain
 #   received in the requests "origin" header.
 #   (string value)
-#   Defaults to $::os_service_default.
+#   Defaults to $facts['os_service_default'].
 #
 # [*allow_credentials*]
 #   (Optional) Indicate that the actual request can include user credentials.
 #   (boolean value)
-#   Defaults to $::os_service_default.
+#   Defaults to $facts['os_service_default'].
 #
 # [*expose_headers*]
 #   (Optional) Indicate which headers are safe to expose to the API.
 #   (list value)
-#   Defaults to $::os_service_default.
+#   Defaults to $facts['os_service_default'].
 #
 # [*max_age*]
 #   (Optional) Maximum cache age of CORS preflight requests.
 #   (integer value)
-#   Defaults to $::os_service_default.
+#   Defaults to $facts['os_service_default'].
 #
 # [*allow_methods*]
 #   (Optional) Indicate which methods can be used during the actual request.
 #   (list value)
-#   Defaults to $::os_service_default.
+#   Defaults to $facts['os_service_default'].
 #
 # [*allow_headers*]
 #   (Optional) Indicate which header field names may be used during the actual
 #   request.
 #   (list value)
-#   Defaults to $::os_service_default.
+#   Defaults to $facts['os_service_default'].
 #
 class barbican::cors (
-  $allowed_origin    = $::os_service_default,
-  $allow_credentials = $::os_service_default,
-  $expose_headers    = $::os_service_default,
-  $max_age           = $::os_service_default,
-  $allow_methods     = $::os_service_default,
-  $allow_headers     = $::os_service_default,
+  $allowed_origin    = $facts['os_service_default'],
+  $allow_credentials = $facts['os_service_default'],
+  $expose_headers    = $facts['os_service_default'],
+  $max_age           = $facts['os_service_default'],
+  $allow_methods     = $facts['os_service_default'],
+  $allow_headers     = $facts['os_service_default'],
 ) {

  include barbican::deps
--- a/manifests/db.pp
+++ b/manifests/db.pp
@ -10,59 +10,59 @@
 #
 # [*database_connection_recycle_time*]
 #   Timeout when db connections should be reaped.
-#   (Optional) Defaults to $::os_service_default
+#   (Optional) Defaults to $facts['os_service_default']
 #
 # [*database_max_retries*]
 #   Maximum number of database connection retries during startup.
 #   Setting -1 implies an infinite retry count.
 #   NOTE: This is currently NOT used until barbican correctly leverages oslo.
-#   (Optional) Defaults to $::os_service_default
+#   (Optional) Defaults to $facts['os_service_default']
 #
 # [*database_retry_interval*]
 #   Interval between retries of opening a database connection.
 #   NOTE: This is currently NOT used until barbican correctly leverages oslo.
-#   (Optional) Defaults to $::os_service_default
+#   (Optional) Defaults to $facts['os_service_default']
 #
 # [*database_max_pool_size*]
 #   Maximum number of SQL connections to keep open in a pool.
 #   NOTE: This is currently NOT used until barbican correctly leverages oslo.
-#   (Optional) Defaults to $::os_service_default
+#   (Optional) Defaults to $facts['os_service_default']
 #
 # [*database_max_overflow*]
 #   If set, use this value for max_overflow with sqlalchemy.
-#   (Optional) Defaults to $::os_service_default
+#   (Optional) Defaults to $facts['os_service_default']
 #
 # [*database_pool_size*]
 #   Number of SQL connections to keep open in a pool.
 #   NOTE: This is currently used until barbican correctly leverages oslo and
 #   will be removed during a later release.
-#   (Optional) Defaults to $::os_service_default
+#   (Optional) Defaults to $facts['os_service_default']
 #
 # [*database_db_max_retries*]
 #   (Optional) Maximum retries in case of connection error or deadlock error
 #   before error is raised. Set to -1 to specify an infinite retry count.
-#   Defaults to $::os_service_default
+#   Defaults to $facts['os_service_default']
 #
 # [*database_pool_timeout*]
 #   (Optional) If set, use this value for pool_timeout with SQLAlchemy.
-#   Defaults to $::os_service_default
+#   Defaults to $facts['os_service_default']
 #
 # [*mysql_enable_ndb*]
 #   (Optional) If True, transparently enables support for handling MySQL
 #   Cluster (NDB).
-#   Defaults to $::os_service_default
+#   Defaults to $facts['os_service_default']
 #
 class barbican::db (
  $database_connection              = 'sqlite:////var/lib/barbican/barbican.sqlite',
-  $database_connection_recycle_time = $::os_service_default,
-  $database_max_pool_size           = $::os_service_default,
-  $database_max_retries             = $::os_service_default,
-  $database_retry_interval          = $::os_service_default,
-  $database_max_overflow            = $::os_service_default,
-  $database_pool_size               = $::os_service_default,
-  $database_db_max_retries          = $::os_service_default,
-  $database_pool_timeout            = $::os_service_default,
-  $mysql_enable_ndb                 = $::os_service_default,
+  $database_connection_recycle_time = $facts['os_service_default'],
+  $database_max_pool_size           = $facts['os_service_default'],
+  $database_max_retries             = $facts['os_service_default'],
+  $database_retry_interval          = $facts['os_service_default'],
+  $database_max_overflow            = $facts['os_service_default'],
+  $database_pool_size               = $facts['os_service_default'],
+  $database_db_max_retries          = $facts['os_service_default'],
+  $database_pool_timeout            = $facts['os_service_default'],
+  $mysql_enable_ndb                 = $facts['os_service_default'],
 ) {

  include barbican::deps
--- a/manifests/healthcheck.pp
+++ b/manifests/healthcheck.pp
@ -6,28 +6,28 @@
 #
 # [*detailed*]
 #   (Optional) Show more detailed information as part of the response.
-#   Defaults to $::os_service_default
+#   Defaults to $facts['os_service_default']
 #
 # [*backends*]
 #   (Optional) Additional backends that can perform health checks and report
 #   that information back as part of a request.
-#   Defaults to $::os_service_default
+#   Defaults to $facts['os_service_default']
 #
 # [*disable_by_file_path*]
 #   (Optional) Check the presence of a file to determine if an application
 #   is running on a port.
-#   Defaults to $::os_service_default
+#   Defaults to $facts['os_service_default']
 #
 # [*disable_by_file_paths*]
 #   (Optional) Check the presence of a file to determine if an application
 #   is running on a port. Expects a "port:path" list of strings.
-#   Defaults to $::os_service_default
+#   Defaults to $facts['os_service_default']
 #
 class barbican::healthcheck (
-  $detailed              = $::os_service_default,
-  $backends              = $::os_service_default,
-  $disable_by_file_path  = $::os_service_default,
-  $disable_by_file_paths = $::os_service_default,
+  $detailed              = $facts['os_service_default'],
+  $backends              = $facts['os_service_default'],
+  $disable_by_file_path  = $facts['os_service_default'],
+  $disable_by_file_paths = $facts['os_service_default'],
 ) {

  include barbican::deps
--- a/manifests/keystone/authtoken.pp
+++ b/manifests/keystone/authtoken.pp
@ -10,7 +10,7 @@
 #
 # [*password*]
 #   (Optional) Password to create for the service user
-#   Defaults to $::os_service_default
+#   Defaults to $facts['os_service_default']
 #
 # [*auth_url*]
 #   (Optional) The URL to use for authentication.
@ -30,17 +30,17 @@
 #
 # [*system_scope*]
 #   (Optional) Scope for system operations
-#   Defaults to $::os_service_default
+#   Defaults to $facts['os_service_default']
 #
 # [*insecure*]
 #   (Optional) If true, explicitly allow TLS without checking server cert
 #   against any certificate authorities.  WARNING: not recommended.  Use with
 #   caution.
-#   Defaults to $::os_service_default
+#   Defaults to $facts['os_service_default']
 #
 # [*auth_section*]
 #   (Optional) Config Section from which to load plugin specific options
-#   Defaults to $::os_service_default.
+#   Defaults to $facts['os_service_default'].
 #
 # [*auth_type*]
 #   (Optional) Authentication type to load
@ -52,26 +52,26 @@
 #
 # [*auth_version*]
 #   (Optional) API version of the admin Identity API endpoint.
-#   Defaults to $::os_service_default.
+#   Defaults to $facts['os_service_default'].
 #
 # [*cache*]
 #   (Optional) Env key for the swift cache.
-#   Defaults to $::os_service_default.
+#   Defaults to $facts['os_service_default'].
 #
 # [*cafile*]
 #   (Optional) A PEM encoded Certificate Authority to use when verifying HTTPs
 #   connections.
-#   Defaults to $::os_service_default.
+#   Defaults to $facts['os_service_default'].
 #
 # [*certfile*]
 #   (Optional) Required if identity server requires client certificate
-#   Defaults to $::os_service_default.
+#   Defaults to $facts['os_service_default'].
 #
 # [*delay_auth_decision*]
 #   (Optional) Do not handle authorization requests within the middleware, but
 #   delegate the authorization decision to downstream WSGI components. Boolean
 #   value
-#   Defaults to $::os_service_default.
+#   Defaults to $facts['os_service_default'].
 #
 # [*enforce_token_bind*]
 #   (Optional) Used to control the use and type of token binding. Can be set
@ -81,57 +81,57 @@
 #   type is unknown the token will be rejected. "required" any form of token
 #   binding is needed to be allowed. Finally the name of a binding method that
 #   must be present in tokens. String value.
-#   Defaults to $::os_service_default.
+#   Defaults to $facts['os_service_default'].
 #
 # [*http_connect_timeout*]
 #   (Optional) Request timeout value for communicating with Identity API
 #   server.
-#   Defaults to $::os_service_default.
+#   Defaults to $facts['os_service_default'].
 #
 # [*http_request_max_retries*]
 #   (Optional) How many times are we trying to reconnect when communicating
 #   with Identity API Server. Integer value
-#   Defaults to $::os_service_default.
+#   Defaults to $facts['os_service_default'].
 #
 # [*include_service_catalog*]
 #   (Optional) Indicate whether to set the X-Service-Catalog header. If False,
 #   middleware will not ask for service catalog on token validation and will
 #   not set the X-Service-Catalog header. Boolean value.
-#   Defaults to $::os_service_default.
+#   Defaults to $facts['os_service_default'].
 #
 # [*keyfile*]
 #   (Optional) Required if identity server requires client certificate
-#   Defaults to $::os_service_default.
+#   Defaults to $facts['os_service_default'].
 #
 # [*memcache_pool_conn_get_timeout*]
 #   (Optional) Number of seconds that an operation will wait to get a memcached
 #   client connection from the pool. Integer value
-#   Defaults to $::os_service_default.
+#   Defaults to $facts['os_service_default'].
 #
 # [*memcache_pool_dead_retry*]
 #   (Optional) Number of seconds memcached server is considered dead before it
 #   is tried again. Integer value
-#   Defaults to $::os_service_default.
+#   Defaults to $facts['os_service_default'].
 #
 # [*memcache_pool_maxsize*]
 #   (Optional) Maximum total number of open connections to every memcached
 #   server. Integer value
-#   Defaults to $::os_service_default.
+#   Defaults to $facts['os_service_default'].
 #
 # [*memcache_pool_socket_timeout*]
 #   (Optional) Number of seconds a connection to memcached is held unused in
 #   the pool before it is closed. Integer value
-#   Defaults to $::os_service_default.
+#   Defaults to $facts['os_service_default'].
 #
 # [*memcache_pool_unused_timeout*]
 #   (Optional) Number of seconds a connection to memcached is held unused in
 #   the pool before it is closed. Integer value
-#   Defaults to $::os_service_default.
+#   Defaults to $facts['os_service_default'].
 #
 # [*memcache_secret_key*]
 #   (Optional, mandatory if memcache_security_strategy is defined) This string
 #   is used for key derivation.
-#   Defaults to $::os_service_default.
+#   Defaults to $facts['os_service_default'].
 #
 # [*memcache_security_strategy*]
 #   (Optional) If defined, indicate whether token data should be authenticated
@ -139,17 +139,17 @@
 #   HMAC) in the cache. If ENCRYPT, token data is encrypted and authenticated in the
 #   cache. If the value is not one of these options or empty, auth_token will
 #   raise an exception on initialization.
-#   Defaults to $::os_service_default.
+#   Defaults to $facts['os_service_default'].
 #
 # [*memcache_use_advanced_pool*]
 #   (Optional)  Use the advanced (eventlet safe) memcached client pool. The
 #   advanced pool will only work under python 2.x Boolean value
-#   Defaults to $::os_service_default.
+#   Defaults to $facts['os_service_default'].
 #
 # [*memcached_servers*]
 #   (Optional) Optionally specify a list of memcached server(s) to use for
 #   caching. If left undefined, tokens will instead be cached in-process.
-#   Defaults to $::os_service_default.
+#   Defaults to $facts['os_service_default'].
 #
 # [*manage_memcache_package*]
 #  (Optional) Whether to install the python-memcache package.
@ -157,13 +157,13 @@
 #
 # [*region_name*]
 #   (Optional) The region in which the identity server can be found.
-#   Defaults to $::os_service_default.
+#   Defaults to $facts['os_service_default'].
 #
 # [*token_cache_time*]
 #   (Optional) In order to prevent excessive effort spent validating tokens,
 #   the middleware caches previously-seen tokens for a configurable duration
 #   (in seconds). Set to -1 to disable caching completely. Integer value
-#   Defaults to $::os_service_default.
+#   Defaults to $facts['os_service_default'].
 #
 # [*service_token_roles*]
 #   (Optional) A choice of roles that must be present in a service token.
@ -173,66 +173,66 @@
 #   here are applied as an ANY check so any role in this list
 #   must be present. For backwards compatibility reasons this
 #   currently only affects the allow_expired check. (list value)
-#   Defaults to $::os_service_default.
+#   Defaults to $facts['os_service_default'].
 #
 # [*service_token_roles_required*]
 #   (optional) backwards compatibility to ensure that the service tokens are
 #   compared against a list of possible roles for validity
 #   true/false
-#   Defaults to $::os_service_default.
+#   Defaults to $facts['os_service_default'].
 #
 # [*service_type*]
 #  (Optional) The name or type of the service as it appears in the service
 #  catalog. This is used to validate tokens that have restricted access rules.
-#  Defaults to $::os_service_default.
+#  Defaults to $facts['os_service_default'].
 #
 # [*interface*]
 #  (Optional) Interface to use for the Identity API endpoint. Valid values are
 #  "public", "internal" or "admin".
-#  Defaults to $::os_service_default.
+#  Defaults to $facts['os_service_default'].
 #
 # [*params*]
 #  (Optional) Hash of additional parameters to pass through to the keystone
 #  authtoken class. Values set here override the individual parameters above.
 #
 class barbican::keystone::authtoken(
-  $password                       = $::os_service_default,
+  $password                       = $facts['os_service_default'],
  $username                       = 'barbican',
  $auth_url                       = 'http://localhost:5000',
  $project_name                   = 'services',
  $user_domain_name               = 'Default',
  $project_domain_name            = 'Default',
-  $system_scope                   = $::os_service_default,
-  $insecure                       = $::os_service_default,
-  $auth_section                   = $::os_service_default,
+  $system_scope                   = $facts['os_service_default'],
+  $insecure                       = $facts['os_service_default'],
+  $auth_section                   = $facts['os_service_default'],
  $auth_type                      = 'password',
  $www_authenticate_uri           = 'http://localhost:5000',
-  $auth_version                   = $::os_service_default,
-  $cache                          = $::os_service_default,
-  $cafile                         = $::os_service_default,
-  $certfile                       = $::os_service_default,
-  $delay_auth_decision            = $::os_service_default,
-  $enforce_token_bind             = $::os_service_default,
-  $http_connect_timeout           = $::os_service_default,
-  $http_request_max_retries       = $::os_service_default,
-  $include_service_catalog        = $::os_service_default,
-  $keyfile                        = $::os_service_default,
-  $memcache_pool_conn_get_timeout = $::os_service_default,
-  $memcache_pool_dead_retry       = $::os_service_default,
-  $memcache_pool_maxsize          = $::os_service_default,
-  $memcache_pool_socket_timeout   = $::os_service_default,
-  $memcache_pool_unused_timeout   = $::os_service_default,
-  $memcache_secret_key            = $::os_service_default,
-  $memcache_security_strategy     = $::os_service_default,
-  $memcache_use_advanced_pool     = $::os_service_default,
-  $memcached_servers              = $::os_service_default,
+  $auth_version                   = $facts['os_service_default'],
+  $cache                          = $facts['os_service_default'],
+  $cafile                         = $facts['os_service_default'],
+  $certfile                       = $facts['os_service_default'],
+  $delay_auth_decision            = $facts['os_service_default'],
+  $enforce_token_bind             = $facts['os_service_default'],
+  $http_connect_timeout           = $facts['os_service_default'],
+  $http_request_max_retries       = $facts['os_service_default'],
+  $include_service_catalog        = $facts['os_service_default'],
+  $keyfile                        = $facts['os_service_default'],
+  $memcache_pool_conn_get_timeout = $facts['os_service_default'],
+  $memcache_pool_dead_retry       = $facts['os_service_default'],
+  $memcache_pool_maxsize          = $facts['os_service_default'],
+  $memcache_pool_socket_timeout   = $facts['os_service_default'],
+  $memcache_pool_unused_timeout   = $facts['os_service_default'],
+  $memcache_secret_key            = $facts['os_service_default'],
+  $memcache_security_strategy     = $facts['os_service_default'],
+  $memcache_use_advanced_pool     = $facts['os_service_default'],
+  $memcached_servers              = $facts['os_service_default'],
  $manage_memcache_package        = false,
-  $region_name                    = $::os_service_default,
-  $token_cache_time               = $::os_service_default,
-  $service_token_roles            = $::os_service_default,
-  $service_token_roles_required   = $::os_service_default,
-  $service_type                   = $::os_service_default,
-  $interface                      = $::os_service_default,
+  $region_name                    = $facts['os_service_default'],
+  $token_cache_time               = $facts['os_service_default'],
+  $service_token_roles            = $facts['os_service_default'],
+  $service_token_roles_required   = $facts['os_service_default'],
+  $service_type                   = $facts['os_service_default'],
+  $interface                      = $facts['os_service_default'],
  $params                         = {},
 ) {

--- a/manifests/keystone/notification.pp
+++ b/manifests/keystone/notification.pp
@ -6,23 +6,23 @@
 #
 # [*enable_keystone_notification*]
 #   (optional) Enable keystone notification listener functionality
-#   Defaults to $::os_service_default
+#   Defaults to $facts['os_service_default']
 #
 # [*keystone_notification_control_exchange*]
 #   (optional) The default exchange under which topics are scoped.
-#   Defaults to $::os_service_default
+#   Defaults to $facts['os_service_default']
 #
 # [*keystone_notification_topic*]
 #   (optional) Keystone notification queue topic name.
-#   Defaults to $::os_service_default
+#   Defaults to $facts['os_service_default']
 #
 # [*keystone_notification_allow_requeue*]
 #   (optional) Requeues notification in case of notification processing error.
-#   Defaults to $::os_service_default
+#   Defaults to $facts['os_service_default']
 #
 # [*keystone_notification_thread_pool_size*]
 #   (optional) max threads to be used for notification server
-#   Defaults to $::os_service_default
+#   Defaults to $facts['os_service_default']
 #
 # [*package_ensure*]
 #   (Optional) The state of the barbican-keystone-listener package.
@ -33,11 +33,11 @@
 #   Defaults to true
 #
 class barbican::keystone::notification (
-  $enable_keystone_notification           = $::os_service_default,
-  $keystone_notification_control_exchange = $::os_service_default,
-  $keystone_notification_topic            = $::os_service_default,
-  $keystone_notification_allow_requeue    = $::os_service_default,
-  $keystone_notification_thread_pool_size = $::os_service_default,
+  $enable_keystone_notification           = $facts['os_service_default'],
+  $keystone_notification_control_exchange = $facts['os_service_default'],
+  $keystone_notification_topic            = $facts['os_service_default'],
+  $keystone_notification_allow_requeue    = $facts['os_service_default'],
+  $keystone_notification_thread_pool_size = $facts['os_service_default'],
  $package_ensure                         = 'present',
  $manage_service                         = true,
 ) {
--- a/manifests/params.pp
+++ b/manifests/params.pp
@ -10,7 +10,7 @@ class barbican::params {
  $group                 = 'barbican'
  $dogtag_client_package = 'pki-base'

-  case $::osfamily {
+  case $facts['os']['family'] {
    'RedHat': {
      $common_package_name            = 'openstack-barbican-common'
      $api_package_name               = 'openstack-barbican-api'
@ -38,8 +38,7 @@ class barbican::params {
      $barbican_wsgi_script_source    = '/usr/bin/barbican-wsgi-api'
    }
    default: {
-      fail("Unsupported osfamily: ${::osfamily} operating system")
+      fail("Unsupported osfamily: ${facts['os']['family']}")
    }
-
-  } # Case $::osfamily
+  }
 }
--- a/manifests/plugins/dogtag.pp
+++ b/manifests/plugins/dogtag.pp
@ -13,31 +13,31 @@
 #
 # [*dogtag_plugin_pem_path*]
 #   (optional) Path to KRA agent PEM file
-#   Defaults to $::os_service_default
+#   Defaults to $facts['os_service_default']
 #
 # [*dogtag_plugin_dogtag_host*]
 #   (optional) Host for the Dogtag server
-#   Defaults to $::os_service_default
+#   Defaults to $facts['os_service_default']
 #
 # [*dogtag_plugin_dogtag_port*]
 #   (optional) Host for the Dogtag server
-#   Defaults to $::os_service_default
+#   Defaults to $facts['os_service_default']
 #
 # [*dogtag_plugin_nss_db_path*]
 #   (optional) Path to plugin NSS DB
-#   Defaults to $::os_service_default
+#   Defaults to $facts['os_service_default']
 #
 # [*dogtag_plugin_simple_cmc_profile*]
 #   (optional) Profile for simple CMC enrollment.
-#   Defaults to $::os_service_default
+#   Defaults to $facts['os_service_default']
 #
 # [*dogtag_plugin_ca_expiration_time*]
 #   (optional) Expiration time for the Dogtag CA entry in days
-#   Defaults to $::os_service_default
+#   Defaults to $facts['os_service_default']
 #
 # [*dogtag_plugin_plugin_working_dir*]
 #   (optional) Working directory for Dogtag plugin
-#   Defaults to $::os_service_default
+#   Defaults to $facts['os_service_default']
 #
 # [*global_default*]
 #   (optional) set plugin as global default
@ -46,13 +46,13 @@
 class barbican::plugins::dogtag (
  $dogtag_plugin_nss_password,
  $dogtag_plugin_ensure_package     = 'present',
-  $dogtag_plugin_pem_path           = $::os_service_default,
-  $dogtag_plugin_dogtag_host        = $::os_service_default,
-  $dogtag_plugin_dogtag_port        = $::os_service_default,
-  $dogtag_plugin_nss_db_path        = $::os_service_default,
-  $dogtag_plugin_simple_cmc_profile = $::os_service_default,
-  $dogtag_plugin_ca_expiration_time = $::os_service_default,
-  $dogtag_plugin_plugin_working_dir = $::os_service_default,
+  $dogtag_plugin_pem_path           = $facts['os_service_default'],
+  $dogtag_plugin_dogtag_host        = $facts['os_service_default'],
+  $dogtag_plugin_dogtag_port        = $facts['os_service_default'],
+  $dogtag_plugin_nss_db_path        = $facts['os_service_default'],
+  $dogtag_plugin_simple_cmc_profile = $facts['os_service_default'],
+  $dogtag_plugin_ca_expiration_time = $facts['os_service_default'],
+  $dogtag_plugin_plugin_working_dir = $facts['os_service_default'],
  $global_default                   = false,
 ) {

--- a/manifests/plugins/kmip.pp
+++ b/manifests/plugins/kmip.pp
@ -12,27 +12,27 @@
 #
 # [*kmip_plugin_username*]
 #   (optional) username for KMIP device
-#   Defaults to $::os_service_default
+#   Defaults to $facts['os_service_default']
 #
 # [*kmip_plugin_password*]
 #   (optional) password for KMIP device. This parameter is required
 #   when the kmip_plugin_username parameter is set.
-#   Defaults to $::os_service_default
+#   Defaults to $facts['os_service_default']
 #
 # [*kmip_plugin_keyfile*]
 #   (optional) key file for KMIP device. This parameter is required when
 #   the kmip_plugin_username parameter is not set.
-#   Defaults to $::os_service_default
+#   Defaults to $facts['os_service_default']
 #
 # [*kmip_plugin_certfile*]
 #   (optional) cert file for KMIP device. This parameter is required when
 #   the kmip_plugin_username parameter is not set.
-#   Defaults to $::os_service_default
+#   Defaults to $facts['os_service_default']
 #
 # [*kmip_plugin_ca_certs*]
 #   (optional) ca certs file for KMIP device. This parameter is required when
 #   the kmip_plugin_username parameter is not set.
-#   Defaults to $::os_service_default
+#   Defaults to $facts['os_service_default']
 #
 # [*global_default*]
 #   (optional) set plugin as global default
@ -41,11 +41,11 @@
 class barbican::plugins::kmip (
  $kmip_plugin_host,
  $kmip_plugin_port,
-  $kmip_plugin_username = $::os_service_default,
-  $kmip_plugin_password = $::os_service_default,
-  $kmip_plugin_keyfile  = $::os_service_default,
-  $kmip_plugin_certfile = $::os_service_default,
-  $kmip_plugin_ca_certs = $::os_service_default,
+  $kmip_plugin_username = $facts['os_service_default'],
+  $kmip_plugin_password = $facts['os_service_default'],
+  $kmip_plugin_keyfile  = $facts['os_service_default'],
+  $kmip_plugin_certfile = $facts['os_service_default'],
+  $kmip_plugin_ca_certs = $facts['os_service_default'],
  $global_default       = false,
 ) {

--- a/manifests/plugins/p11_crypto.pp
+++ b/manifests/plugins/p11_crypto.pp
@ -21,46 +21,46 @@
 #
 # [*p11_crypto_plugin_token_serial_number*]
 #   (optional) Serial number to identify PKCS#11 token
-#   Defaults to $::os_service_default
+#   Defaults to $facts['os_service_default']
 #
 # [*p11_crypto_plugin_token_labels*]
 #   (optional) List of comma-separated labels to identify
 #   PKCS#11 tokens to be used.
-#   Defaults to $::os_service_default
+#   Defaults to $facts['os_service_default']
 #
 # [*p11_crypto_plugin_slot_id*]
 #   (optional) HSM Slot id
-#   Defaults to $::os_service_default
+#   Defaults to $facts['os_service_default']
 #
 # [*p11_crypto_plugin_encryption_mechanism*]
 #   (optional) PKCS#11 Mechanism used for encryption
-#   Defaults to $::os_service_default
+#   Defaults to $facts['os_service_default']
 #
 # [*p11_crypto_plugin_hmac_key_type*]
 #   (optional) PKCS#11 Key Type for key used in HMAC
 #   operations.
-#   Defaults to $::os_service_default
+#   Defaults to $facts['os_service_default']
 #
 # [*p11_crypto_plugin_hmac_keygen_mechanism*]
 #   (optional) PKCS#11 Mechanism used to generate HMAC Key
-#   Defaults to $::os_service_default
+#   Defaults to $facts['os_service_default']
 #
 # [*p11_crypto_plugin_aes_gcm_generate_iv*]
 #   (optional) When using the CKM_AES_GCM mechanism, this option
 #   specifies whether the IV should be generated by Barbican.
 #   Setting this to false will defer IV generation to the HSM
 #   which is not standard but is required for some HSMs.
-#   Defaults to $::os_service_default
+#   Defaults to $facts['os_service_default']
 #
 # [*p11_crypto_plugin_os_locking_ok*]
 #   (optional) Enable CKF_OS_LOCKING_OK flag when initializing
 #   the PKCS#11 client library.
-#   Defaults to $::os_service_default
+#   Defaults to $facts['os_service_default']
 #
 # [*p11_crypto_plugin_always_set_cka_sensitive*]
 #   (optional) Always set CKA_SENSITIVE when generating keys.
 #   In some HSMs extractable keys cannot be marked sensitive.
-#   Defaults to $::os_service_default
+#   Defaults to $facts['os_service_default']
 #
 # [*global_default*]
 #   (optional) set plugin as global default
@ -72,15 +72,15 @@ class barbican::plugins::p11_crypto (
  $p11_crypto_plugin_mkek_label,
  $p11_crypto_plugin_mkek_length,
  $p11_crypto_plugin_hmac_label,
-  $p11_crypto_plugin_token_serial_number      = $::os_service_default,
-  $p11_crypto_plugin_token_labels             = $::os_service_default,
-  $p11_crypto_plugin_slot_id                  = $::os_service_default,
-  $p11_crypto_plugin_encryption_mechanism     = $::os_service_default,
-  $p11_crypto_plugin_hmac_key_type            = $::os_service_default,
-  $p11_crypto_plugin_hmac_keygen_mechanism    = $::os_service_default,
-  $p11_crypto_plugin_aes_gcm_generate_iv      = $::os_service_default,
-  $p11_crypto_plugin_os_locking_ok            = $::os_service_default,
-  $p11_crypto_plugin_always_set_cka_sensitive = $::os_service_default,
+  $p11_crypto_plugin_token_serial_number      = $facts['os_service_default'],
+  $p11_crypto_plugin_token_labels             = $facts['os_service_default'],
+  $p11_crypto_plugin_slot_id                  = $facts['os_service_default'],
+  $p11_crypto_plugin_encryption_mechanism     = $facts['os_service_default'],
+  $p11_crypto_plugin_hmac_key_type            = $facts['os_service_default'],
+  $p11_crypto_plugin_hmac_keygen_mechanism    = $facts['os_service_default'],
+  $p11_crypto_plugin_aes_gcm_generate_iv      = $facts['os_service_default'],
+  $p11_crypto_plugin_os_locking_ok            = $facts['os_service_default'],
+  $p11_crypto_plugin_always_set_cka_sensitive = $facts['os_service_default'],
  $global_default                             = false,
 ) {

--- a/manifests/plugins/simple_crypto.pp
+++ b/manifests/plugins/simple_crypto.pp
@ -6,14 +6,14 @@
 #
 # [*simple_crypto_plugin_kek*]
 #   (optional) Key encryption key to be used by Simple Crypto Plugin.
-#   Defaults to $::os_service_default
+#   Defaults to $facts['os_service_default']
 #
 # [*global_default*]
 #   (optional) set plugin as global default
 #   Defaults to false
 #
 class barbican::plugins::simple_crypto (
-  $simple_crypto_plugin_kek = $::os_service_default,
+  $simple_crypto_plugin_kek = $facts['os_service_default'],
  $global_default           = false,
 ) {

--- a/manifests/plugins/vault.pp
+++ b/manifests/plugins/vault.pp
@ -6,23 +6,23 @@
 #
 # [*vault_url*]
 #   (optional) The Vault URL.
-#   Defaults to $::os_service_default
+#   Defaults to $facts['os_service_default']
 #
 # [*root_token_id*]
 #   (optional) Vault Root Token ID.
-#   Defaults to $::os_service_default
+#   Defaults to $facts['os_service_default']
 #
 # [*approle_role_id*]
 #   (optional) Set the approle role ID.
-#   Defaults to $::os_service_default
+#   Defaults to $facts['os_service_default']
 #
 # [*approle_secret_id*]
 #   (optional) Set the approle secret ID.
-#   Defaults to $::os_service_default
+#   Defaults to $facts['os_service_default']
 #
 # [*kv_mountpoint*]
 #   (optional) Set the mountpoint of the KV.
-#   Defaults to $::os_service_default
+#   Defaults to $facts['os_service_default']
 #
 # [*use_ssl*]
 #   (optional) Enable or disable SSL
@ -30,20 +30,20 @@
 #
 # [*ssl_ca_crt_file*]
 #   (optional) Set the ssl CA cert file
-#   Defaults to $::os_service_default
+#   Defaults to $facts['os_service_default']
 #
 # [*global_default*]
 #   (optional) set plugin as global default
 #   Defaults to false
 #
 class barbican::plugins::vault (
-  $vault_url         = $::os_service_default,
-  $root_token_id     = $::os_service_default,
-  $approle_role_id   = $::os_service_default,
-  $approle_secret_id = $::os_service_default,
-  $kv_mountpoint     = $::os_service_default,
+  $vault_url         = $facts['os_service_default'],
+  $root_token_id     = $facts['os_service_default'],
+  $approle_role_id   = $facts['os_service_default'],
+  $approle_secret_id = $facts['os_service_default'],
+  $kv_mountpoint     = $facts['os_service_default'],
  $use_ssl           = false,
-  $ssl_ca_crt_file   = $::os_service_default,
+  $ssl_ca_crt_file   = $facts['os_service_default'],
  $global_default    = false,
 ) {

--- a/manifests/policy.pp
+++ b/manifests/policy.pp
@ -6,12 +6,12 @@
 #
 # [*enforce_scope*]
 #  (Optional) Whether or not to enforce scope when evaluating policies.
-#  Defaults to $::os_service_default.
+#  Defaults to $facts['os_service_default'].
 #
 # [*enforce_new_defaults*]
 #  (Optional) Whether or not to use old deprecated defaults when evaluating
 #  policies.
-#  Defaults to $::os_service_default.
+#  Defaults to $facts['os_service_default'].
 #
 # [*policies*]
 #   (Optional) Set of policies to configure for barbican
@ -34,11 +34,11 @@
 #
 # [*policy_default_rule*]
 #   (Optional) Default rule. Enforced when a requested rule is not found.
-#   Defaults to $::os_service_default.
+#   Defaults to $facts['os_service_default'].
 #
 # [*policy_dirs*]
 #   (Optional) Path to the barbican policy folder
-#   Defaults to $::os_service_default
+#   Defaults to $facts['os_service_default']
 #
 # [*purge_config*]
 #   (optional) Whether to set only the specified policy rules in the policy
@ -46,12 +46,12 @@
 #    Defaults to false.
 #
 class barbican::policy (
-  $enforce_scope        = $::os_service_default,
-  $enforce_new_defaults = $::os_service_default,
+  $enforce_scope        = $facts['os_service_default'],
+  $enforce_new_defaults = $facts['os_service_default'],
  $policies             = {},
  $policy_path          = '/etc/barbican/policy.yaml',
-  $policy_default_rule  = $::os_service_default,
-  $policy_dirs          = $::os_service_default,
+  $policy_default_rule  = $facts['os_service_default'],
+  $policy_dirs          = $facts['os_service_default'],
  $purge_config         = false,
 ) {

--- a/manifests/quota.pp
+++ b/manifests/quota.pp
@ -6,30 +6,30 @@
 #
 # [*quota_secrets*]
 #   (optional) default number of secrets allowed per project
-#   Defaults to $::os_service_default
+#   Defaults to $facts['os_service_default']
 #
 # [*quota_orders*]
 #   (optional) default number of orders allowed per project
-#   Defaults to $::os_service_default
+#   Defaults to $facts['os_service_default']
 #
 # [*quota_containers*]
 #   (optional) default number of containers allowed per project
-#   Defaults to $::os_service_default
+#   Defaults to $facts['os_service_default']
 #
 # [*quota_consumers*]
 #   (optional) default number of consumers allowed per project
-#   Defaults to $::os_service_default
+#   Defaults to $facts['os_service_default']
 #
 # [*quota_cas*]
 #   (optional) default number of CAs allowed per project
-#   Defaults to $::os_service_default
+#   Defaults to $facts['os_service_default']
 #
 class barbican::quota (
-  $quota_secrets    = $::os_service_default,
-  $quota_orders     = $::os_service_default,
-  $quota_containers = $::os_service_default,
-  $quota_consumers  = $::os_service_default,
-  $quota_cas        = $::os_service_default,
+  $quota_secrets    = $facts['os_service_default'],
+  $quota_orders     = $facts['os_service_default'],
+  $quota_containers = $facts['os_service_default'],
+  $quota_consumers  = $facts['os_service_default'],
+  $quota_cas        = $facts['os_service_default'],
 ) {

  include barbican::deps
--- a/manifests/retry_scheduler.pp
+++ b/manifests/retry_scheduler.pp
@ -18,18 +18,18 @@
 #
 # [*initial_delay_seconds*]
 #   (optional) Seconds (float) to wait before starting retry scheduler
-#   Defaults to $::os_service_default
+#   Defaults to $facts['os_service_default']
 #
 # [*periodic_interval_max_seconds*]
 #   (optional) Seconds (float) to wait between starting retry scheduler
-#   Defaults to $::os_service_default
+#   Defaults to $facts['os_service_default']
 #
 class barbican::retry_scheduler (
  $package_ensure                = 'present',
  $manage_service                = true,
  $enabled                       = true,
-  $initial_delay_seconds         = $::os_service_default,
-  $periodic_interval_max_seconds = $::os_service_default,
+  $initial_delay_seconds         = $facts['os_service_default'],
+  $periodic_interval_max_seconds = $facts['os_service_default'],
 ){

  include barbican::deps
@ -40,7 +40,7 @@ class barbican::retry_scheduler (
    'retry_scheduler/periodic_interval_max_seconds': value => $periodic_interval_max_seconds;
  }

-  case $::osfamily {
+  case $facts['os']['family'] {
    'RedHat': {
      package { 'barbican-retry':
        ensure => $package_ensure,
--- a/manifests/wsgi/apache.pp
+++ b/manifests/wsgi/apache.pp
@ -11,7 +11,7 @@
 #
 # [*servername*]
 #   (Optional) The servername for the virtualhost.
-#   Defaults to $::fqdn
+#   Defaults to $facts['networking']['fqdn']
 #
 # [*port*]
 #   (Optional) The port.
@ -31,7 +31,7 @@
 #
 # [*workers*]
 #   (Optional) Number of WSGI workers to spawn.
-#   Defaults to $::os_workers
+#   Defaults to $facts['os_workers']
 #
 # [*priority*]
 #   (Optional) The priority for the vhost.
@ -115,12 +115,12 @@
 #   Copyright 2015 Red Hat Inc. <licensing@redhat.com>
 #
 class barbican::wsgi::apache (
-  $servername                  = $::fqdn,
+  $servername                  = $facts['networking']['fqdn'],
  $port                        = 9311,
  $bind_host                   = undef,
  $path                        = '/',
  $ssl                         = false,
-  $workers                     = $::os_workers,
+  $workers                     = $facts['os_workers'],
  $ssl_cert                    = undef,
  $ssl_key                     = undef,
  $ssl_chain                   = undef,
--- a/manifests/wsgi/uwsgi.pp
+++ b/manifests/wsgi/uwsgi.pp
@ -11,7 +11,7 @@
 #
 # [*processes*]
 #   (Optional) Number of processes.
-#   Defaults to $::os_workers.
+#   Defaults to $facts['os_workers'].
 #
 # [*threads*]
 #   (Optional) Number of threads.
@ -22,14 +22,14 @@
 #   Defaults to 100
 #
 class barbican::wsgi::uwsgi (
-  $processes         = $::os_workers,
+  $processes         = $facts['os_workers'],
  $threads           = 32,
  $listen_queue_size = 100,
 ){

  include barbican::deps

-  if $::operatingsystem != 'Debian'{
+  if $facts['os']['name'] != 'Debian'{
    warning('This class is only valid for Debian, as other operating systems are not using uwsgi by default.')
  }

--- a/spec/classes/barbican_api_logging_spec.rb
+++ b/spec/classes/barbican_api_logging_spec.rb
@ -146,11 +146,7 @@ describe 'barbican::api::logging' do
  }).each do |os,facts|
    context "on #{os}" do
      let (:facts) do
-        facts.merge(OSDefaults.get_facts({
-          :processorcount => 8,
-          :fqdn           => 'some.host.tld',
-          :concat_basedir => '/var/lib/puppet/concat',
-        }))
+        facts.merge(OSDefaults.get_facts())
      end

      it_configures 'barbican-api-logging'
--- a/spec/classes/barbican_api_spec.rb
+++ b/spec/classes/barbican_api_spec.rb
@ -129,10 +129,6 @@ describe 'barbican::api' do
          default_params.merge(param_set)
        end

-        let :host_ref do
-          "http://${::fqdn}:$param_hash[:bind_port]"
-        end
-
        it { is_expected.to contain_class('barbican::deps') }
        it { is_expected.to contain_class('barbican::db') }
        it { is_expected.to contain_class('barbican::policy') }
@ -295,14 +291,10 @@ describe 'barbican::api' do
  }).each do |os,facts|
    context "on #{os}" do
      let (:facts) do
-        facts.merge(OSDefaults.get_facts({
-          :processorcount => 7,
-          :fqdn           => 'some.host.tld',
-          :concat_basedir => '/var/lib/puppet/concat',
-        }))
+        facts.merge(OSDefaults.get_facts())
      end

-      case facts[:osfamily]
+      case facts[:os]['family']
      when 'RedHat'
        let (:platform_params) do
          { :service_name => 'openstack-barbican-api' }
--- a/spec/classes/barbican_client_spec.rb
+++ b/spec/classes/barbican_client_spec.rb
@ -53,13 +53,11 @@ describe 'barbican::client' do
  }).each do |os,facts|
    context "on #{os}" do
      let (:facts) do
-        facts.merge(OSDefaults.get_facts({
-          :fqdn           => 'some.host.tld',
-        }))
+        facts.merge(OSDefaults.get_facts())
      end

      let(:platform_params) do
-        case facts[:osfamily]
+        case facts[:os]['family']
        when 'Debian'
          { :client_package_name => 'python3-barbicanclient' }
        when 'RedHat'
--- a/spec/classes/barbican_db_mysql_spec.rb
+++ b/spec/classes/barbican_db_mysql_spec.rb
@ -81,11 +81,7 @@ describe 'barbican::db::mysql' do
  }).each do |os,facts|
    context "on #{os}" do
      let (:facts) do
-        facts.merge(OSDefaults.get_facts({
-          :processorcount => 8,
-          :fqdn           => 'some.host.tld',
-          :concat_basedir => '/var/lib/puppet/concat',
-        }))
+        facts.merge(OSDefaults.get_facts())
      end

      it_configures 'barbican db mysql'
--- a/spec/classes/barbican_db_spec.rb
+++ b/spec/classes/barbican_db_spec.rb
@ -74,11 +74,7 @@ describe 'barbican::db' do
  }).each do |os,facts|
    context "on #{os}" do
      let (:facts) do
-        facts.merge(OSDefaults.get_facts({
-          :processorcount => 8,
-          :fqdn           => 'some.host.tld',
-          :concat_basedir => '/var/lib/puppet/concat',
-        }))
+        facts.merge(OSDefaults.get_facts())
      end

      it_behaves_like 'barbican::db'
--- a/spec/classes/barbican_db_sync_spec.rb
+++ b/spec/classes/barbican_db_sync_spec.rb
@ -89,10 +89,7 @@ describe 'barbican::db::sync' do
  }).each do |os,facts|
    context "on #{os}" do
      let (:facts) do
-        facts.merge(OSDefaults.get_facts({
-          :os_workers     => 8,
-          :concat_basedir => '/var/lib/puppet/concat'
-        }))
+        facts.merge(OSDefaults.get_facts())
      end

      it_configures 'barbican-dbsync'
--- a/spec/classes/barbican_init_spec.rb
+++ b/spec/classes/barbican_init_spec.rb
@ -36,7 +36,7 @@ describe 'barbican' do
      end

      let(:platform_params) do
-        case facts[:osfamily]
+        case facts[:os]['family']
        when 'Debian'
          { :barbican_common_package => 'barbican-common' }
        when 'RedHat'
--- a/spec/classes/barbican_keystone_notification_spec.rb
+++ b/spec/classes/barbican_keystone_notification_spec.rb
@ -108,7 +108,7 @@ describe 'barbican::keystone::notification' do
      end

      let (:platform_params) do
-        case facts[:osfamily]
+        case facts[:os]['family']
        when 'RedHat'
          {
            :keystone_listener_package_name => 'openstack-barbican-keystone-listener',
--- a/spec/classes/barbican_plugins_dogtag_spec.rb
+++ b/spec/classes/barbican_plugins_dogtag_spec.rb
@ -86,7 +86,7 @@ describe 'barbican::plugins::dogtag' do
  }).each do |os,facts|
    context "on #{os}" do
      let (:facts) do
-        facts.merge!(OSDefaults.get_facts( :os_workers => '7' ))
+        facts.merge!(OSDefaults.get_facts())
      end

      it_behaves_like 'barbican::plugins::dogtag'
--- a/spec/classes/barbican_plugins_kmip_spec.rb
+++ b/spec/classes/barbican_plugins_kmip_spec.rb
@ -99,11 +99,7 @@ describe 'barbican::plugins::kmip' do
  }).each do |os,facts|
    context "on #{os}" do
      let (:facts) do
-        facts.merge(OSDefaults.get_facts({
-          :processorcount => 8,
-          :fqdn           => 'some.host.tld',
-          :concat_basedir => '/var/lib/puppet/concat',
-        }))
+        facts.merge(OSDefaults.get_facts())
      end

      it_configures 'barbican plugins kmip'
--- a/spec/classes/barbican_plugins_p11_crypto_spec.rb
+++ b/spec/classes/barbican_plugins_p11_crypto_spec.rb
@ -101,11 +101,7 @@ describe 'barbican::plugins::p11_crypto' do
  }).each do |os,facts|
    context "on #{os}" do
      let (:facts) do
-        facts.merge(OSDefaults.get_facts({
-          :processorcount => 8,
-          :fqdn           => 'some.host.tld',
-          :concat_basedir => '/var/lib/puppet/concat',
-        }))
+        facts.merge(OSDefaults.get_facts())
      end

      it_configures 'barbican plugins p11_crypto'
--- a/spec/classes/barbican_plugins_simple_crypto_spec.rb
+++ b/spec/classes/barbican_plugins_simple_crypto_spec.rb
@ -73,11 +73,7 @@ describe 'barbican::plugins::simple_crypto' do
  }).each do |os,facts|
    context "on #{os}" do
      let (:facts) do
-        facts.merge(OSDefaults.get_facts({
-          :processorcount => 8,
-          :fqdn           => 'some.host.tld',
-          :concat_basedir => '/var/lib/puppet/concat',
-        }))
+        facts.merge(OSDefaults.get_facts())
      end

      it_configures 'barbican plugins simple_crypto'
--- a/spec/classes/barbican_plugins_vault_spec.rb
+++ b/spec/classes/barbican_plugins_vault_spec.rb
@ -109,11 +109,7 @@ describe 'barbican::plugins::vault' do
  }).each do |os,facts|
    context "on #{os}" do
      let (:facts) do
-        facts.merge(OSDefaults.get_facts({
-          :processorcount => 8,
-          :fqdn           => 'some.host.tld',
-          :concat_basedir => '/var/lib/puppet/concat',
-        }))
+        facts.merge(OSDefaults.get_facts())
      end

      it_configures 'barbican plugins vault'
--- a/spec/classes/barbican_quota_spec.rb
+++ b/spec/classes/barbican_quota_spec.rb
@ -24,21 +24,21 @@ describe 'barbican::quota' do
  shared_examples_for 'barbican quota' do
    let :default_params do
      {
-        :quota_secrets                      => '<SERVICE DEFAULT>',
-        :quota_orders                       => '<SERVICE DEFAULT>',
-        :quota_containers                   => '<SERVICE DEFAULT>',
-        :quota_consumers                    => '<SERVICE DEFAULT>',
-        :quota_cas                          => '<SERVICE DEFAULT>',
+        :quota_secrets    => '<SERVICE DEFAULT>',
+        :quota_orders     => '<SERVICE DEFAULT>',
+        :quota_containers => '<SERVICE DEFAULT>',
+        :quota_consumers  => '<SERVICE DEFAULT>',
+        :quota_cas        => '<SERVICE DEFAULT>',
      }
    end

    [{},
      {
-         :quota_secrets                      => 100,
-         :quota_orders                       => 100,
-         :quota_containers                   => 100,
-         :quota_consumers                    => 100,
-         :quota_cas                          => 10,
+         :quota_secrets    => 100,
+         :quota_orders     => 100,
+         :quota_containers => 100,
+         :quota_consumers  => 100,
+         :quota_cas        => 10,
      }
    ].each do |param_set|

@ -72,11 +72,7 @@ describe 'barbican::quota' do
  }).each do |os,facts|
    context "on #{os}" do
      let (:facts) do
-        facts.merge(OSDefaults.get_facts({
-          :processorcount => 8,
-          :fqdn           => 'some.host.tld',
-          :concat_basedir => '/var/lib/puppet/concat',
-        }))
+        facts.merge(OSDefaults.get_facts())
      end

      it_configures 'barbican quota'
--- a/spec/classes/barbican_retry_scheduler_spec.rb
+++ b/spec/classes/barbican_retry_scheduler_spec.rb
@ -61,7 +61,7 @@ describe 'barbican::retry_scheduler' do
      end

      let(:platform_params) do
-        case facts[:osfamily]
+        case facts[:os]['family']
        when 'Debian'
          {}
        when 'RedHat'
@ -73,7 +73,7 @@ describe 'barbican::retry_scheduler' do
      end

      it_behaves_like 'barbican::retry_scheduler'
-      if facts[:osfamily] == 'RedHat'
+      if facts[:os]['family'] == 'RedHat'
        it_behaves_like 'barbican::retry_scheduler in RedHat'
      end
    end
--- a/spec/classes/barbican_worker_spec.rb
+++ b/spec/classes/barbican_worker_spec.rb
@ -76,7 +76,7 @@ describe 'barbican::worker' do
        facts.merge(OSDefaults.get_facts())
      end

-      case facts[:osfamily]
+      case facts[:os]['family']
      when 'RedHat'
        let (:platform_params) do
          {
--- a/spec/classes/barbican_wsgi_apache_spec.rb
+++ b/spec/classes/barbican_wsgi_apache_spec.rb
@ -29,7 +29,7 @@ describe 'barbican::wsgi::apache' do
        :group                       => 'barbican',
        :path                        => '/',
        :priority                    => 10,
-        :servername                  => facts[:fqdn],
+        :servername                  => 'foo.example.com',
        :ssl                         => false,
        :threads                     => 1,
        :user                        => 'barbican',
@ -165,14 +165,12 @@ describe 'barbican::wsgi::apache' do
  }).each do |os,facts|
    let (:facts) do
      facts.merge!(OSDefaults.get_facts({
-        :os_workers     => 8,
-        :concat_basedir => '/var/lib/puppet/concat',
-        :fqdn           => 'some.host.tld'
+        :os_workers => 8,
      }))
    end

    let(:platform_params) do
-      case facts[:osfamily]
+      case facts[:os]['family']
      when 'Debian'
        {
          :wsgi_script_path => '/usr/lib/cgi-bin/barbican',