From 729f5d286c5a5a03e9a95f934d25f82a6761f357 Mon Sep 17 00:00:00 2001 From: Takashi Kajinami Date: Wed, 1 Mar 2023 13:36:48 +0900 Subject: [PATCH] Replace legacy facts and use fact hash ... because the latest lint no longer allows usage of legacy facts and top scope fact. Change-Id: I6e76d095bb0f78ef4962f1150da94e4d4153a374 --- manifests/api.pp | 148 +++++++++--------- manifests/api/logging.pp | 78 ++++----- manifests/cors.pp | 24 +-- manifests/db.pp | 36 ++--- manifests/healthcheck.pp | 16 +- manifests/keystone/authtoken.pp | 116 +++++++------- manifests/keystone/notification.pp | 20 +-- manifests/params.pp | 7 +- manifests/plugins/dogtag.pp | 28 ++-- manifests/plugins/kmip.pp | 20 +-- manifests/plugins/p11_crypto.pp | 36 ++--- manifests/plugins/simple_crypto.pp | 4 +- manifests/plugins/vault.pp | 24 +-- manifests/policy.pp | 16 +- manifests/quota.pp | 20 +-- manifests/retry_scheduler.pp | 10 +- manifests/wsgi/apache.pp | 8 +- manifests/wsgi/uwsgi.pp | 6 +- spec/classes/barbican_api_logging_spec.rb | 6 +- spec/classes/barbican_api_spec.rb | 12 +- spec/classes/barbican_client_spec.rb | 6 +- spec/classes/barbican_db_mysql_spec.rb | 6 +- spec/classes/barbican_db_spec.rb | 6 +- spec/classes/barbican_db_sync_spec.rb | 5 +- spec/classes/barbican_init_spec.rb | 2 +- .../barbican_keystone_notification_spec.rb | 2 +- spec/classes/barbican_plugins_dogtag_spec.rb | 2 +- spec/classes/barbican_plugins_kmip_spec.rb | 6 +- .../barbican_plugins_p11_crypto_spec.rb | 6 +- .../barbican_plugins_simple_crypto_spec.rb | 6 +- spec/classes/barbican_plugins_vault_spec.rb | 6 +- spec/classes/barbican_quota_spec.rb | 26 ++- spec/classes/barbican_retry_scheduler_spec.rb | 4 +- spec/classes/barbican_worker_spec.rb | 2 +- spec/classes/barbican_wsgi_apache_spec.rb | 8 +- 35 files changed, 340 insertions(+), 388 deletions(-) diff --git a/manifests/api.pp b/manifests/api.pp index 52ae57ff..2c6193de 100644 --- a/manifests/api.pp +++ b/manifests/api.pp @@ -24,47 +24,47 @@ # # [*max_allowed_secret_in_bytes*] # (optional) Maximum allowed secret size to be stored. -# Defaults to $::os_service_default +# Defaults to $facts['os_service_default'] # # [*max_allowed_request_size_in_bytes*] # (optional) Maximum request size against the barbican API. -# Defaults to $::os_service_default +# Defaults to $facts['os_service_default'] # # [*default_transport_url*] # (optional) Connection url for oslo messaging backend. An example rabbit url # would be, rabbit://user:pass@host:port/virtual_host -# Defaults to $::os_service_default +# Defaults to $facts['os_service_default'] # # [*rpc_response_timeout*] # (Optional) Seconds to wait for a response from a call. -# Defaults to $::os_service_default +# Defaults to $facts['os_service_default'] # # [*control_exchange*] # (Optional) The default exchange under which topics are scoped. May be # overridden by an exchange name specified in the transport_url # option. -# Defaults to $::os_service_default +# Defaults to $facts['os_service_default'] # # [*notification_transport_url*] # (optional) Connection url for oslo messaging notifications backend. An # example rabbit url would be, rabbit://user:pass@host:port/virtual_host -# Defaults to $::os_service_default +# Defaults to $facts['os_service_default'] # # [*notification_driver*] # (optional) Driver to use for oslo messaging notifications backend. -# Defaults to $::os_service_default +# Defaults to $facts['os_service_default'] # # [*notification_topics*] # (optional) Topics to use for oslo messaging notifications backend. -# Defaults to $::os_service_default +# Defaults to $facts['os_service_default'] # # [*rabbit_use_ssl*] # (optional) Connect over SSL for RabbitMQ -# Defaults to $::os_service_default +# Defaults to $facts['os_service_default'] # # [*rabbit_ha_queues*] # (optional) Use HA queues in RabbitMQ. -# Defaults to $::os_service_default +# Defaults to $facts['os_service_default'] # # [*rabbit_heartbeat_timeout_threshold*] # (optional) Number of seconds after which the RabbitMQ broker is considered @@ -72,14 +72,14 @@ # Heartbeating helps to ensure the TCP connection to RabbitMQ isn't silently # closed, resulting in missed or lost messages from the queue. # (Requires kombu >= 3.0.7 and amqp >= 1.4.0) -# Defaults to $::os_service_default +# Defaults to $facts['os_service_default'] # # [*rabbit_heartbeat_rate*] # (optional) How often during the rabbit_heartbeat_timeout_threshold period to # check the heartbeat on RabbitMQ connection. (i.e. rabbit_heartbeat_rate=2 # when rabbit_heartbeat_timeout_threshold=60, the heartbeat will be checked # every 30 seconds. -# Defaults to $::os_service_default +# Defaults to $facts['os_service_default'] # # [*rabbit_heartbeat_in_pthread*] # (Optional) EXPERIMENTAL: Run the health check heartbeat thread @@ -89,43 +89,43 @@ # example if the parent process have monkey patched the # stdlib by using eventlet/greenlet then the heartbeat # will be run through a green thread. -# Defaults to $::os_service_default +# Defaults to $facts['os_service_default'] # # [*amqp_durable_queues*] # (optional) Define queues as "durable" to rabbitmq. -# Defaults to $::os_service_default +# Defaults to $facts['os_service_default'] # # [*enable_queue*] # (optional) Enable asynchronous queuing -# Defaults to $::os_service_default +# Defaults to $facts['os_service_default'] # # [*queue_namespace*] # (optional) Namespace for the queue -# Defaults to $::os_service_default +# Defaults to $facts['os_service_default'] # # [*queue_topic*] # (optional) Topic for the queue -# Defaults to $::os_service_default +# Defaults to $facts['os_service_default'] # # [*queue_version*] # (optional) Version for the task API -# Defaults to $::os_service_default +# Defaults to $facts['os_service_default'] # # [*queue_server_name*] # (optional) Server name for RPC service -# Defaults to $::os_service_default +# Defaults to $facts['os_service_default'] # # [*enabled_secretstore_plugins*] # (optional) Enabled secretstore plugins. Multiple plugins # are defined in a list eg. ['store_crypto', dogtag_crypto'] # Used when multiple_secret_stores_enabled is not set to true. -# Defaults to $::os_service_default +# Defaults to $facts['os_service_default'] # # [*enabled_crypto_plugins*] # (optional) Enabled crypto_plugins. Multiple plugins # are defined in a list eg. ['simple_crypto','p11_crypto'] # Used when multiple_secret_stores_enabled is not set to true. -# Defaults to $::os_service_default +# Defaults to $facts['os_service_default'] # # [*enabled_secret_stores*] # (optional) Enabled secretstores. This is the configuration @@ -142,46 +142,46 @@ # [*enabled_certificate_plugins*] # (optional) Enabled certificate plugins as a list. # e.g. ['snakeoil_ca', 'dogtag'] -# Defaults to $::os_service_default +# Defaults to $facts['os_service_default'] # # [*enabled_certificate_event_plugins*] # (optional) Enabled certificate event plugins as a list -# Defaults to $::os_service_default +# Defaults to $facts['os_service_default'] # # [*kombu_ssl_ca_certs*] # (optional) SSL certification authority file (valid only if SSL enabled). -# Defaults to $::os_service_default +# Defaults to $facts['os_service_default'] # # [*kombu_ssl_certfile*] # (optional) SSL cert file (valid only if SSL enabled). -# Defaults to $::os_service_default +# Defaults to $facts['os_service_default'] # # [*kombu_ssl_keyfile*] # (optional) SSL key file (valid only if SSL enabled). -# Defaults to $::os_service_default +# Defaults to $facts['os_service_default'] # # [*kombu_ssl_version*] # (optional) SSL version to use (valid only if SSL enabled). # Valid values are TLSv1, SSLv23 and SSLv3. SSLv2 may be # available on some distributions. -# Defaults to $::os_service_default +# Defaults to $facts['os_service_default'] # # [*kombu_reconnect_delay*] # (optional) How long to wait before reconnecting in response to an AMQP # consumer cancel notification. -# Defaults to $::os_service_default +# Defaults to $facts['os_service_default'] # # [*kombu_failover_strategy*] # (Optional) Determines how the next RabbitMQ node is chosen in case the one # we are currently connected to becomes unavailable. Takes effect only if # more than one RabbitMQ node is provided in config. (string value) -# Defaults to $::os_service_default +# Defaults to $facts['os_service_default'] # # [*kombu_compression*] # (optional) Possible values are: gzip, bz2. If not set compression will not # be used. This option may notbe available in future versions. EXPERIMENTAL. # (string value) -# Defaults to $::os_service_default +# Defaults to $facts['os_service_default'] # # [*auth_strategy*] # (optional) authentication type @@ -202,7 +202,7 @@ # [*db_auto_create*] # (optional) Barbican API server option to create the database # automatically when the server starts. -# Defaults to $::os_service_default +# Defaults to $facts['os_service_default'] # # [*service_name*] # (optional) Name of the service that will be providing the @@ -216,67 +216,67 @@ # [*enable_proxy_headers_parsing*] # (Optional) Enable paste middleware to handle SSL requests through # HTTPProxyToWSGI middleware. -# Defaults to $::os_service_default. +# Defaults to $facts['os_service_default']. # # [*max_request_body_size*] # (Optional) Set max request body size -# Defaults to $::os_service_default. +# Defaults to $facts['os_service_default']. # # [*max_limit_paging*] # (Optional) Maximum page size for the 'limit' paging URL parameter. -# Defaults to $::os_service_default +# Defaults to $facts['os_service_default'] # # [*default_limit_paging*] # (Optional) Default page size for the 'limit' paging URL parameter. -# Defaults to $::os_service_default +# Defaults to $facts['os_service_default'] # class barbican::api ( $package_ensure = 'present', $bind_host = '0.0.0.0', $bind_port = '9311', $host_href = undef, - $max_allowed_secret_in_bytes = $::os_service_default, - $max_allowed_request_size_in_bytes = $::os_service_default, - $default_transport_url = $::os_service_default, - $rpc_response_timeout = $::os_service_default, - $control_exchange = $::os_service_default, - $notification_transport_url = $::os_service_default, - $notification_driver = $::os_service_default, - $notification_topics = $::os_service_default, - $rabbit_use_ssl = $::os_service_default, - $rabbit_heartbeat_timeout_threshold = $::os_service_default, - $rabbit_heartbeat_rate = $::os_service_default, - $rabbit_heartbeat_in_pthread = $::os_service_default, - $rabbit_ha_queues = $::os_service_default, - $amqp_durable_queues = $::os_service_default, - $enable_queue = $::os_service_default, - $queue_namespace = $::os_service_default, - $queue_topic = $::os_service_default, - $queue_version = $::os_service_default, - $queue_server_name = $::os_service_default, - $enabled_secretstore_plugins = $::os_service_default, - $enabled_crypto_plugins = $::os_service_default, + $max_allowed_secret_in_bytes = $facts['os_service_default'], + $max_allowed_request_size_in_bytes = $facts['os_service_default'], + $default_transport_url = $facts['os_service_default'], + $rpc_response_timeout = $facts['os_service_default'], + $control_exchange = $facts['os_service_default'], + $notification_transport_url = $facts['os_service_default'], + $notification_driver = $facts['os_service_default'], + $notification_topics = $facts['os_service_default'], + $rabbit_use_ssl = $facts['os_service_default'], + $rabbit_heartbeat_timeout_threshold = $facts['os_service_default'], + $rabbit_heartbeat_rate = $facts['os_service_default'], + $rabbit_heartbeat_in_pthread = $facts['os_service_default'], + $rabbit_ha_queues = $facts['os_service_default'], + $amqp_durable_queues = $facts['os_service_default'], + $enable_queue = $facts['os_service_default'], + $queue_namespace = $facts['os_service_default'], + $queue_topic = $facts['os_service_default'], + $queue_version = $facts['os_service_default'], + $queue_server_name = $facts['os_service_default'], + $enabled_secretstore_plugins = $facts['os_service_default'], + $enabled_crypto_plugins = $facts['os_service_default'], $enabled_secret_stores = 'simple_crypto', $multiple_secret_stores_enabled = false, - $enabled_certificate_plugins = $::os_service_default, - $enabled_certificate_event_plugins = $::os_service_default, - $kombu_ssl_ca_certs = $::os_service_default, - $kombu_ssl_certfile = $::os_service_default, - $kombu_ssl_keyfile = $::os_service_default, - $kombu_ssl_version = $::os_service_default, - $kombu_reconnect_delay = $::os_service_default, - $kombu_failover_strategy = $::os_service_default, - $kombu_compression = $::os_service_default, + $enabled_certificate_plugins = $facts['os_service_default'], + $enabled_certificate_event_plugins = $facts['os_service_default'], + $kombu_ssl_ca_certs = $facts['os_service_default'], + $kombu_ssl_certfile = $facts['os_service_default'], + $kombu_ssl_keyfile = $facts['os_service_default'], + $kombu_ssl_version = $facts['os_service_default'], + $kombu_reconnect_delay = $facts['os_service_default'], + $kombu_failover_strategy = $facts['os_service_default'], + $kombu_compression = $facts['os_service_default'], $auth_strategy = 'keystone', $manage_service = true, $enabled = true, $sync_db = true, - $db_auto_create = $::os_service_default, + $db_auto_create = $facts['os_service_default'], $service_name = $::barbican::params::api_service_name, - $enable_proxy_headers_parsing = $::os_service_default, - $max_request_body_size = $::os_service_default, - $max_limit_paging = $::os_service_default, - $default_limit_paging = $::os_service_default, + $enable_proxy_headers_parsing = $facts['os_service_default'], + $max_request_body_size = $facts['os_service_default'], + $max_limit_paging = $facts['os_service_default'], + $default_limit_paging = $facts['os_service_default'], ) inherits barbican::params { include barbican::deps @@ -292,7 +292,7 @@ class barbican::api ( # basic service config if $host_href == undef { - $host_href_real = "http://${::fqdn}:${bind_port}" + $host_href_real = "http://${facts['networking']['fqdn']}:${bind_port}" } else { $host_href_real = $host_href } @@ -399,7 +399,7 @@ class barbican::api ( if $service_name == $::barbican::params::api_service_name { - if $::operatingsystem == 'Ubuntu' { + if $facts['os']['name'] == 'Ubuntu' { fail('With Ubuntu packages the service_name must be set to httpd as there is no eventlet init script.') } @@ -413,7 +413,7 @@ class barbican::api ( } # Debian is using UWSGI, not gunicorn - if $::operatingsystem != 'Debian' { + if $facts['os']['name'] != 'Debian' { file_line { 'Modify bind_port in gunicorn-config.py': path => '/etc/barbican/gunicorn-config.py', line => "bind = '${bind_host}:${bind_port}'", @@ -424,7 +424,7 @@ class barbican::api ( } elsif $service_name == 'httpd' { # Ubuntu packages does not have a barbican-api service - if $::operatingsystem != 'Ubuntu' { + if $facts['os']['name'] != 'Ubuntu' { service { 'barbican-api': ensure => 'stopped', name => $::barbican::params::api_service_name, diff --git a/manifests/api/logging.pp b/manifests/api/logging.pp index f07575a3..8c804a1d 100644 --- a/manifests/api/logging.pp +++ b/manifests/api/logging.pp @@ -6,72 +6,72 @@ # # [*debug*] # (Optional) Should the daemons log debug messages -# Defaults to $::os_service_default +# Defaults to $facts['os_service_default'] # # [*use_syslog*] # (Optional) Use syslog for logging. -# Defaults to $::os_service_default +# Defaults to $facts['os_service_default'] # # [*use_json*] # (Optional) Use json for logging. -# Defaults to $::os_service_default +# Defaults to $facts['os_service_default'] # # [*use_journal*] # (Optional) Use journal for logging. -# Defaults to $::os_service_default +# Defaults to $facts['os_service_default'] # # [*use_stderr*] # (Optional) Use stderr for logging -# Defaults to $::os_service_default +# Defaults to $facts['os_service_default'] # # [*log_facility*] # (Optional) Syslog facility to receive log lines. -# Defaults to $::os_service_default +# Defaults to $facts['os_service_default'] # # [*log_dir*] # (Optional) Directory where logs should be stored. -# If set to $::os_service_default, it will not log to any directory. +# If set to $facts['os_service_default'], it will not log to any directory. # Defaults to '/var/log/barbican' # # [*log_file*] # (Optional) File where logs should be stored. -# Defaults to $::os_service_default +# Defaults to $facts['os_service_default'] # # [*watch_log_file*] # (Optional) Uses logging handler designed to watch file system (boolean value). -# Defaults to $::os_service_default +# Defaults to $facts['os_service_default'] # # # [*logging_context_format_string*] # (Optional) Format string to use for log messages with context. -# Defaults to $::os_service_default +# Defaults to $facts['os_service_default'] # Example: '%(asctime)s.%(msecs)03d %(process)d %(levelname)s %(name)s\ # [%(request_id)s %(user_identity)s] %(instance)s%(message)s' # # [*logging_default_format_string*] # (Optional) Format string to use for log messages without context. -# Defaults to $::os_service_default +# Defaults to $facts['os_service_default'] # Example: '%(asctime)s.%(msecs)03d %(process)d %(levelname)s %(name)s\ # [-] %(instance)s%(message)s' # # [*logging_debug_format_suffix*] # (Optional) Formatted data to append to log format when level is DEBUG. -# Defaults to $::os_service_default +# Defaults to $facts['os_service_default'] # Example: '%(funcName)s %(pathname)s:%(lineno)d' # # [*logging_exception_prefix*] # (Optional) Prefix each line of exception output with this format. -# Defaults to $::os_service_default +# Defaults to $facts['os_service_default'] # Example: '%(asctime)s.%(msecs)03d %(process)d TRACE %(name)s %(instance)s' # # [*log_config_append*] # (Optional) The name of an additional logging configuration file. -# Defaults to $::os_service_default +# Defaults to $facts['os_service_default'] # See https://docs.python.org/2/howto/logging.html # # [*default_log_levels*] # (Optional) Hash of logger (keys) and level (values) pairs. -# Defaults to $::os_service_default +# Defaults to $facts['os_service_default'] # Example: # { 'amqp' => 'WARN', 'amqplib' => 'WARN', 'boto' => 'WARN', # 'sqlalchemy' => 'WARN', 'suds' => 'INFO', @@ -83,50 +83,50 @@ # # [*publish_errors*] # (Optional) Publish error events (boolean value). -# Defaults to $::os_service_default +# Defaults to $facts['os_service_default'] # # [*fatal_deprecations*] # (Optional) Make deprecations fatal (boolean value) -# Defaults to $::os_service_default +# Defaults to $facts['os_service_default'] # # [*instance_format*] # (Optional) If an instance is passed with the log message, format it # like this (string value). -# Defaults to $::os_service_default +# Defaults to $facts['os_service_default'] # Example: '[instance: %(uuid)s] ' # # [*instance_uuid_format*] # (Optional) If an instance UUID is passed with the log message, format # it like this (string value). -# Defaults to $::os_service_default +# Defaults to $facts['os_service_default'] # Example: instance_uuid_format='[instance: %(uuid)s] ' # # [*log_date_format*] # (Optional) Format string for %%(asctime)s in log records. -# Defaults to $::os_service_default +# Defaults to $facts['os_service_default'] # Example: 'Y-%m-%d %H:%M:%S' # class barbican::api::logging( - $use_syslog = $::os_service_default, - $use_json = $::os_service_default, - $use_journal = $::os_service_default, - $use_stderr = $::os_service_default, - $log_facility = $::os_service_default, + $use_syslog = $facts['os_service_default'], + $use_json = $facts['os_service_default'], + $use_journal = $facts['os_service_default'], + $use_stderr = $facts['os_service_default'], + $log_facility = $facts['os_service_default'], $log_dir = '/var/log/barbican', - $log_file = $::os_service_default, - $watch_log_file = $::os_service_default, - $debug = $::os_service_default, - $logging_context_format_string = $::os_service_default, - $logging_default_format_string = $::os_service_default, - $logging_debug_format_suffix = $::os_service_default, - $logging_exception_prefix = $::os_service_default, - $log_config_append = $::os_service_default, - $default_log_levels = $::os_service_default, - $publish_errors = $::os_service_default, - $fatal_deprecations = $::os_service_default, - $instance_format = $::os_service_default, - $instance_uuid_format = $::os_service_default, - $log_date_format = $::os_service_default, + $log_file = $facts['os_service_default'], + $watch_log_file = $facts['os_service_default'], + $debug = $facts['os_service_default'], + $logging_context_format_string = $facts['os_service_default'], + $logging_default_format_string = $facts['os_service_default'], + $logging_debug_format_suffix = $facts['os_service_default'], + $logging_exception_prefix = $facts['os_service_default'], + $log_config_append = $facts['os_service_default'], + $default_log_levels = $facts['os_service_default'], + $publish_errors = $facts['os_service_default'], + $fatal_deprecations = $facts['os_service_default'], + $instance_format = $facts['os_service_default'], + $instance_uuid_format = $facts['os_service_default'], + $log_date_format = $facts['os_service_default'], ) { include barbican::deps diff --git a/manifests/cors.pp b/manifests/cors.pp index 2d875226..c06d09b3 100644 --- a/manifests/cors.pp +++ b/manifests/cors.pp @@ -8,41 +8,41 @@ # (Optional) Indicate whether this resource may be shared with the domain # received in the requests "origin" header. # (string value) -# Defaults to $::os_service_default. +# Defaults to $facts['os_service_default']. # # [*allow_credentials*] # (Optional) Indicate that the actual request can include user credentials. # (boolean value) -# Defaults to $::os_service_default. +# Defaults to $facts['os_service_default']. # # [*expose_headers*] # (Optional) Indicate which headers are safe to expose to the API. # (list value) -# Defaults to $::os_service_default. +# Defaults to $facts['os_service_default']. # # [*max_age*] # (Optional) Maximum cache age of CORS preflight requests. # (integer value) -# Defaults to $::os_service_default. +# Defaults to $facts['os_service_default']. # # [*allow_methods*] # (Optional) Indicate which methods can be used during the actual request. # (list value) -# Defaults to $::os_service_default. +# Defaults to $facts['os_service_default']. # # [*allow_headers*] # (Optional) Indicate which header field names may be used during the actual # request. # (list value) -# Defaults to $::os_service_default. +# Defaults to $facts['os_service_default']. # class barbican::cors ( - $allowed_origin = $::os_service_default, - $allow_credentials = $::os_service_default, - $expose_headers = $::os_service_default, - $max_age = $::os_service_default, - $allow_methods = $::os_service_default, - $allow_headers = $::os_service_default, + $allowed_origin = $facts['os_service_default'], + $allow_credentials = $facts['os_service_default'], + $expose_headers = $facts['os_service_default'], + $max_age = $facts['os_service_default'], + $allow_methods = $facts['os_service_default'], + $allow_headers = $facts['os_service_default'], ) { include barbican::deps diff --git a/manifests/db.pp b/manifests/db.pp index 461e6218..a34362c3 100644 --- a/manifests/db.pp +++ b/manifests/db.pp @@ -10,59 +10,59 @@ # # [*database_connection_recycle_time*] # Timeout when db connections should be reaped. -# (Optional) Defaults to $::os_service_default +# (Optional) Defaults to $facts['os_service_default'] # # [*database_max_retries*] # Maximum number of database connection retries during startup. # Setting -1 implies an infinite retry count. # NOTE: This is currently NOT used until barbican correctly leverages oslo. -# (Optional) Defaults to $::os_service_default +# (Optional) Defaults to $facts['os_service_default'] # # [*database_retry_interval*] # Interval between retries of opening a database connection. # NOTE: This is currently NOT used until barbican correctly leverages oslo. -# (Optional) Defaults to $::os_service_default +# (Optional) Defaults to $facts['os_service_default'] # # [*database_max_pool_size*] # Maximum number of SQL connections to keep open in a pool. # NOTE: This is currently NOT used until barbican correctly leverages oslo. -# (Optional) Defaults to $::os_service_default +# (Optional) Defaults to $facts['os_service_default'] # # [*database_max_overflow*] # If set, use this value for max_overflow with sqlalchemy. -# (Optional) Defaults to $::os_service_default +# (Optional) Defaults to $facts['os_service_default'] # # [*database_pool_size*] # Number of SQL connections to keep open in a pool. # NOTE: This is currently used until barbican correctly leverages oslo and # will be removed during a later release. -# (Optional) Defaults to $::os_service_default +# (Optional) Defaults to $facts['os_service_default'] # # [*database_db_max_retries*] # (Optional) Maximum retries in case of connection error or deadlock error # before error is raised. Set to -1 to specify an infinite retry count. -# Defaults to $::os_service_default +# Defaults to $facts['os_service_default'] # # [*database_pool_timeout*] # (Optional) If set, use this value for pool_timeout with SQLAlchemy. -# Defaults to $::os_service_default +# Defaults to $facts['os_service_default'] # # [*mysql_enable_ndb*] # (Optional) If True, transparently enables support for handling MySQL # Cluster (NDB). -# Defaults to $::os_service_default +# Defaults to $facts['os_service_default'] # class barbican::db ( $database_connection = 'sqlite:////var/lib/barbican/barbican.sqlite', - $database_connection_recycle_time = $::os_service_default, - $database_max_pool_size = $::os_service_default, - $database_max_retries = $::os_service_default, - $database_retry_interval = $::os_service_default, - $database_max_overflow = $::os_service_default, - $database_pool_size = $::os_service_default, - $database_db_max_retries = $::os_service_default, - $database_pool_timeout = $::os_service_default, - $mysql_enable_ndb = $::os_service_default, + $database_connection_recycle_time = $facts['os_service_default'], + $database_max_pool_size = $facts['os_service_default'], + $database_max_retries = $facts['os_service_default'], + $database_retry_interval = $facts['os_service_default'], + $database_max_overflow = $facts['os_service_default'], + $database_pool_size = $facts['os_service_default'], + $database_db_max_retries = $facts['os_service_default'], + $database_pool_timeout = $facts['os_service_default'], + $mysql_enable_ndb = $facts['os_service_default'], ) { include barbican::deps diff --git a/manifests/healthcheck.pp b/manifests/healthcheck.pp index e1246be5..0198f4f0 100644 --- a/manifests/healthcheck.pp +++ b/manifests/healthcheck.pp @@ -6,28 +6,28 @@ # # [*detailed*] # (Optional) Show more detailed information as part of the response. -# Defaults to $::os_service_default +# Defaults to $facts['os_service_default'] # # [*backends*] # (Optional) Additional backends that can perform health checks and report # that information back as part of a request. -# Defaults to $::os_service_default +# Defaults to $facts['os_service_default'] # # [*disable_by_file_path*] # (Optional) Check the presence of a file to determine if an application # is running on a port. -# Defaults to $::os_service_default +# Defaults to $facts['os_service_default'] # # [*disable_by_file_paths*] # (Optional) Check the presence of a file to determine if an application # is running on a port. Expects a "port:path" list of strings. -# Defaults to $::os_service_default +# Defaults to $facts['os_service_default'] # class barbican::healthcheck ( - $detailed = $::os_service_default, - $backends = $::os_service_default, - $disable_by_file_path = $::os_service_default, - $disable_by_file_paths = $::os_service_default, + $detailed = $facts['os_service_default'], + $backends = $facts['os_service_default'], + $disable_by_file_path = $facts['os_service_default'], + $disable_by_file_paths = $facts['os_service_default'], ) { include barbican::deps diff --git a/manifests/keystone/authtoken.pp b/manifests/keystone/authtoken.pp index c407445a..c60de3e7 100644 --- a/manifests/keystone/authtoken.pp +++ b/manifests/keystone/authtoken.pp @@ -10,7 +10,7 @@ # # [*password*] # (Optional) Password to create for the service user -# Defaults to $::os_service_default +# Defaults to $facts['os_service_default'] # # [*auth_url*] # (Optional) The URL to use for authentication. @@ -30,17 +30,17 @@ # # [*system_scope*] # (Optional) Scope for system operations -# Defaults to $::os_service_default +# Defaults to $facts['os_service_default'] # # [*insecure*] # (Optional) If true, explicitly allow TLS without checking server cert # against any certificate authorities. WARNING: not recommended. Use with # caution. -# Defaults to $::os_service_default +# Defaults to $facts['os_service_default'] # # [*auth_section*] # (Optional) Config Section from which to load plugin specific options -# Defaults to $::os_service_default. +# Defaults to $facts['os_service_default']. # # [*auth_type*] # (Optional) Authentication type to load @@ -52,26 +52,26 @@ # # [*auth_version*] # (Optional) API version of the admin Identity API endpoint. -# Defaults to $::os_service_default. +# Defaults to $facts['os_service_default']. # # [*cache*] # (Optional) Env key for the swift cache. -# Defaults to $::os_service_default. +# Defaults to $facts['os_service_default']. # # [*cafile*] # (Optional) A PEM encoded Certificate Authority to use when verifying HTTPs # connections. -# Defaults to $::os_service_default. +# Defaults to $facts['os_service_default']. # # [*certfile*] # (Optional) Required if identity server requires client certificate -# Defaults to $::os_service_default. +# Defaults to $facts['os_service_default']. # # [*delay_auth_decision*] # (Optional) Do not handle authorization requests within the middleware, but # delegate the authorization decision to downstream WSGI components. Boolean # value -# Defaults to $::os_service_default. +# Defaults to $facts['os_service_default']. # # [*enforce_token_bind*] # (Optional) Used to control the use and type of token binding. Can be set @@ -81,57 +81,57 @@ # type is unknown the token will be rejected. "required" any form of token # binding is needed to be allowed. Finally the name of a binding method that # must be present in tokens. String value. -# Defaults to $::os_service_default. +# Defaults to $facts['os_service_default']. # # [*http_connect_timeout*] # (Optional) Request timeout value for communicating with Identity API # server. -# Defaults to $::os_service_default. +# Defaults to $facts['os_service_default']. # # [*http_request_max_retries*] # (Optional) How many times are we trying to reconnect when communicating # with Identity API Server. Integer value -# Defaults to $::os_service_default. +# Defaults to $facts['os_service_default']. # # [*include_service_catalog*] # (Optional) Indicate whether to set the X-Service-Catalog header. If False, # middleware will not ask for service catalog on token validation and will # not set the X-Service-Catalog header. Boolean value. -# Defaults to $::os_service_default. +# Defaults to $facts['os_service_default']. # # [*keyfile*] # (Optional) Required if identity server requires client certificate -# Defaults to $::os_service_default. +# Defaults to $facts['os_service_default']. # # [*memcache_pool_conn_get_timeout*] # (Optional) Number of seconds that an operation will wait to get a memcached # client connection from the pool. Integer value -# Defaults to $::os_service_default. +# Defaults to $facts['os_service_default']. # # [*memcache_pool_dead_retry*] # (Optional) Number of seconds memcached server is considered dead before it # is tried again. Integer value -# Defaults to $::os_service_default. +# Defaults to $facts['os_service_default']. # # [*memcache_pool_maxsize*] # (Optional) Maximum total number of open connections to every memcached # server. Integer value -# Defaults to $::os_service_default. +# Defaults to $facts['os_service_default']. # # [*memcache_pool_socket_timeout*] # (Optional) Number of seconds a connection to memcached is held unused in # the pool before it is closed. Integer value -# Defaults to $::os_service_default. +# Defaults to $facts['os_service_default']. # # [*memcache_pool_unused_timeout*] # (Optional) Number of seconds a connection to memcached is held unused in # the pool before it is closed. Integer value -# Defaults to $::os_service_default. +# Defaults to $facts['os_service_default']. # # [*memcache_secret_key*] # (Optional, mandatory if memcache_security_strategy is defined) This string # is used for key derivation. -# Defaults to $::os_service_default. +# Defaults to $facts['os_service_default']. # # [*memcache_security_strategy*] # (Optional) If defined, indicate whether token data should be authenticated @@ -139,17 +139,17 @@ # HMAC) in the cache. If ENCRYPT, token data is encrypted and authenticated in the # cache. If the value is not one of these options or empty, auth_token will # raise an exception on initialization. -# Defaults to $::os_service_default. +# Defaults to $facts['os_service_default']. # # [*memcache_use_advanced_pool*] # (Optional) Use the advanced (eventlet safe) memcached client pool. The # advanced pool will only work under python 2.x Boolean value -# Defaults to $::os_service_default. +# Defaults to $facts['os_service_default']. # # [*memcached_servers*] # (Optional) Optionally specify a list of memcached server(s) to use for # caching. If left undefined, tokens will instead be cached in-process. -# Defaults to $::os_service_default. +# Defaults to $facts['os_service_default']. # # [*manage_memcache_package*] # (Optional) Whether to install the python-memcache package. @@ -157,13 +157,13 @@ # # [*region_name*] # (Optional) The region in which the identity server can be found. -# Defaults to $::os_service_default. +# Defaults to $facts['os_service_default']. # # [*token_cache_time*] # (Optional) In order to prevent excessive effort spent validating tokens, # the middleware caches previously-seen tokens for a configurable duration # (in seconds). Set to -1 to disable caching completely. Integer value -# Defaults to $::os_service_default. +# Defaults to $facts['os_service_default']. # # [*service_token_roles*] # (Optional) A choice of roles that must be present in a service token. @@ -173,66 +173,66 @@ # here are applied as an ANY check so any role in this list # must be present. For backwards compatibility reasons this # currently only affects the allow_expired check. (list value) -# Defaults to $::os_service_default. +# Defaults to $facts['os_service_default']. # # [*service_token_roles_required*] # (optional) backwards compatibility to ensure that the service tokens are # compared against a list of possible roles for validity # true/false -# Defaults to $::os_service_default. +# Defaults to $facts['os_service_default']. # # [*service_type*] # (Optional) The name or type of the service as it appears in the service # catalog. This is used to validate tokens that have restricted access rules. -# Defaults to $::os_service_default. +# Defaults to $facts['os_service_default']. # # [*interface*] # (Optional) Interface to use for the Identity API endpoint. Valid values are # "public", "internal" or "admin". -# Defaults to $::os_service_default. +# Defaults to $facts['os_service_default']. # # [*params*] # (Optional) Hash of additional parameters to pass through to the keystone # authtoken class. Values set here override the individual parameters above. # class barbican::keystone::authtoken( - $password = $::os_service_default, + $password = $facts['os_service_default'], $username = 'barbican', $auth_url = 'http://localhost:5000', $project_name = 'services', $user_domain_name = 'Default', $project_domain_name = 'Default', - $system_scope = $::os_service_default, - $insecure = $::os_service_default, - $auth_section = $::os_service_default, + $system_scope = $facts['os_service_default'], + $insecure = $facts['os_service_default'], + $auth_section = $facts['os_service_default'], $auth_type = 'password', $www_authenticate_uri = 'http://localhost:5000', - $auth_version = $::os_service_default, - $cache = $::os_service_default, - $cafile = $::os_service_default, - $certfile = $::os_service_default, - $delay_auth_decision = $::os_service_default, - $enforce_token_bind = $::os_service_default, - $http_connect_timeout = $::os_service_default, - $http_request_max_retries = $::os_service_default, - $include_service_catalog = $::os_service_default, - $keyfile = $::os_service_default, - $memcache_pool_conn_get_timeout = $::os_service_default, - $memcache_pool_dead_retry = $::os_service_default, - $memcache_pool_maxsize = $::os_service_default, - $memcache_pool_socket_timeout = $::os_service_default, - $memcache_pool_unused_timeout = $::os_service_default, - $memcache_secret_key = $::os_service_default, - $memcache_security_strategy = $::os_service_default, - $memcache_use_advanced_pool = $::os_service_default, - $memcached_servers = $::os_service_default, + $auth_version = $facts['os_service_default'], + $cache = $facts['os_service_default'], + $cafile = $facts['os_service_default'], + $certfile = $facts['os_service_default'], + $delay_auth_decision = $facts['os_service_default'], + $enforce_token_bind = $facts['os_service_default'], + $http_connect_timeout = $facts['os_service_default'], + $http_request_max_retries = $facts['os_service_default'], + $include_service_catalog = $facts['os_service_default'], + $keyfile = $facts['os_service_default'], + $memcache_pool_conn_get_timeout = $facts['os_service_default'], + $memcache_pool_dead_retry = $facts['os_service_default'], + $memcache_pool_maxsize = $facts['os_service_default'], + $memcache_pool_socket_timeout = $facts['os_service_default'], + $memcache_pool_unused_timeout = $facts['os_service_default'], + $memcache_secret_key = $facts['os_service_default'], + $memcache_security_strategy = $facts['os_service_default'], + $memcache_use_advanced_pool = $facts['os_service_default'], + $memcached_servers = $facts['os_service_default'], $manage_memcache_package = false, - $region_name = $::os_service_default, - $token_cache_time = $::os_service_default, - $service_token_roles = $::os_service_default, - $service_token_roles_required = $::os_service_default, - $service_type = $::os_service_default, - $interface = $::os_service_default, + $region_name = $facts['os_service_default'], + $token_cache_time = $facts['os_service_default'], + $service_token_roles = $facts['os_service_default'], + $service_token_roles_required = $facts['os_service_default'], + $service_type = $facts['os_service_default'], + $interface = $facts['os_service_default'], $params = {}, ) { diff --git a/manifests/keystone/notification.pp b/manifests/keystone/notification.pp index 86abd76f..fc33b081 100644 --- a/manifests/keystone/notification.pp +++ b/manifests/keystone/notification.pp @@ -6,23 +6,23 @@ # # [*enable_keystone_notification*] # (optional) Enable keystone notification listener functionality -# Defaults to $::os_service_default +# Defaults to $facts['os_service_default'] # # [*keystone_notification_control_exchange*] # (optional) The default exchange under which topics are scoped. -# Defaults to $::os_service_default +# Defaults to $facts['os_service_default'] # # [*keystone_notification_topic*] # (optional) Keystone notification queue topic name. -# Defaults to $::os_service_default +# Defaults to $facts['os_service_default'] # # [*keystone_notification_allow_requeue*] # (optional) Requeues notification in case of notification processing error. -# Defaults to $::os_service_default +# Defaults to $facts['os_service_default'] # # [*keystone_notification_thread_pool_size*] # (optional) max threads to be used for notification server -# Defaults to $::os_service_default +# Defaults to $facts['os_service_default'] # # [*package_ensure*] # (Optional) The state of the barbican-keystone-listener package. @@ -33,11 +33,11 @@ # Defaults to true # class barbican::keystone::notification ( - $enable_keystone_notification = $::os_service_default, - $keystone_notification_control_exchange = $::os_service_default, - $keystone_notification_topic = $::os_service_default, - $keystone_notification_allow_requeue = $::os_service_default, - $keystone_notification_thread_pool_size = $::os_service_default, + $enable_keystone_notification = $facts['os_service_default'], + $keystone_notification_control_exchange = $facts['os_service_default'], + $keystone_notification_topic = $facts['os_service_default'], + $keystone_notification_allow_requeue = $facts['os_service_default'], + $keystone_notification_thread_pool_size = $facts['os_service_default'], $package_ensure = 'present', $manage_service = true, ) { diff --git a/manifests/params.pp b/manifests/params.pp index 10d40ec5..d4719bfd 100644 --- a/manifests/params.pp +++ b/manifests/params.pp @@ -10,7 +10,7 @@ class barbican::params { $group = 'barbican' $dogtag_client_package = 'pki-base' - case $::osfamily { + case $facts['os']['family'] { 'RedHat': { $common_package_name = 'openstack-barbican-common' $api_package_name = 'openstack-barbican-api' @@ -38,8 +38,7 @@ class barbican::params { $barbican_wsgi_script_source = '/usr/bin/barbican-wsgi-api' } default: { - fail("Unsupported osfamily: ${::osfamily} operating system") + fail("Unsupported osfamily: ${facts['os']['family']}") } - - } # Case $::osfamily + } } diff --git a/manifests/plugins/dogtag.pp b/manifests/plugins/dogtag.pp index 5c156ba9..78db92cb 100644 --- a/manifests/plugins/dogtag.pp +++ b/manifests/plugins/dogtag.pp @@ -13,31 +13,31 @@ # # [*dogtag_plugin_pem_path*] # (optional) Path to KRA agent PEM file -# Defaults to $::os_service_default +# Defaults to $facts['os_service_default'] # # [*dogtag_plugin_dogtag_host*] # (optional) Host for the Dogtag server -# Defaults to $::os_service_default +# Defaults to $facts['os_service_default'] # # [*dogtag_plugin_dogtag_port*] # (optional) Host for the Dogtag server -# Defaults to $::os_service_default +# Defaults to $facts['os_service_default'] # # [*dogtag_plugin_nss_db_path*] # (optional) Path to plugin NSS DB -# Defaults to $::os_service_default +# Defaults to $facts['os_service_default'] # # [*dogtag_plugin_simple_cmc_profile*] # (optional) Profile for simple CMC enrollment. -# Defaults to $::os_service_default +# Defaults to $facts['os_service_default'] # # [*dogtag_plugin_ca_expiration_time*] # (optional) Expiration time for the Dogtag CA entry in days -# Defaults to $::os_service_default +# Defaults to $facts['os_service_default'] # # [*dogtag_plugin_plugin_working_dir*] # (optional) Working directory for Dogtag plugin -# Defaults to $::os_service_default +# Defaults to $facts['os_service_default'] # # [*global_default*] # (optional) set plugin as global default @@ -46,13 +46,13 @@ class barbican::plugins::dogtag ( $dogtag_plugin_nss_password, $dogtag_plugin_ensure_package = 'present', - $dogtag_plugin_pem_path = $::os_service_default, - $dogtag_plugin_dogtag_host = $::os_service_default, - $dogtag_plugin_dogtag_port = $::os_service_default, - $dogtag_plugin_nss_db_path = $::os_service_default, - $dogtag_plugin_simple_cmc_profile = $::os_service_default, - $dogtag_plugin_ca_expiration_time = $::os_service_default, - $dogtag_plugin_plugin_working_dir = $::os_service_default, + $dogtag_plugin_pem_path = $facts['os_service_default'], + $dogtag_plugin_dogtag_host = $facts['os_service_default'], + $dogtag_plugin_dogtag_port = $facts['os_service_default'], + $dogtag_plugin_nss_db_path = $facts['os_service_default'], + $dogtag_plugin_simple_cmc_profile = $facts['os_service_default'], + $dogtag_plugin_ca_expiration_time = $facts['os_service_default'], + $dogtag_plugin_plugin_working_dir = $facts['os_service_default'], $global_default = false, ) { diff --git a/manifests/plugins/kmip.pp b/manifests/plugins/kmip.pp index f70e36ac..a08a1770 100644 --- a/manifests/plugins/kmip.pp +++ b/manifests/plugins/kmip.pp @@ -12,27 +12,27 @@ # # [*kmip_plugin_username*] # (optional) username for KMIP device -# Defaults to $::os_service_default +# Defaults to $facts['os_service_default'] # # [*kmip_plugin_password*] # (optional) password for KMIP device. This parameter is required # when the kmip_plugin_username parameter is set. -# Defaults to $::os_service_default +# Defaults to $facts['os_service_default'] # # [*kmip_plugin_keyfile*] # (optional) key file for KMIP device. This parameter is required when # the kmip_plugin_username parameter is not set. -# Defaults to $::os_service_default +# Defaults to $facts['os_service_default'] # # [*kmip_plugin_certfile*] # (optional) cert file for KMIP device. This parameter is required when # the kmip_plugin_username parameter is not set. -# Defaults to $::os_service_default +# Defaults to $facts['os_service_default'] # # [*kmip_plugin_ca_certs*] # (optional) ca certs file for KMIP device. This parameter is required when # the kmip_plugin_username parameter is not set. -# Defaults to $::os_service_default +# Defaults to $facts['os_service_default'] # # [*global_default*] # (optional) set plugin as global default @@ -41,11 +41,11 @@ class barbican::plugins::kmip ( $kmip_plugin_host, $kmip_plugin_port, - $kmip_plugin_username = $::os_service_default, - $kmip_plugin_password = $::os_service_default, - $kmip_plugin_keyfile = $::os_service_default, - $kmip_plugin_certfile = $::os_service_default, - $kmip_plugin_ca_certs = $::os_service_default, + $kmip_plugin_username = $facts['os_service_default'], + $kmip_plugin_password = $facts['os_service_default'], + $kmip_plugin_keyfile = $facts['os_service_default'], + $kmip_plugin_certfile = $facts['os_service_default'], + $kmip_plugin_ca_certs = $facts['os_service_default'], $global_default = false, ) { diff --git a/manifests/plugins/p11_crypto.pp b/manifests/plugins/p11_crypto.pp index 254bf380..caf0f6f5 100644 --- a/manifests/plugins/p11_crypto.pp +++ b/manifests/plugins/p11_crypto.pp @@ -21,46 +21,46 @@ # # [*p11_crypto_plugin_token_serial_number*] # (optional) Serial number to identify PKCS#11 token -# Defaults to $::os_service_default +# Defaults to $facts['os_service_default'] # # [*p11_crypto_plugin_token_labels*] # (optional) List of comma-separated labels to identify # PKCS#11 tokens to be used. -# Defaults to $::os_service_default +# Defaults to $facts['os_service_default'] # # [*p11_crypto_plugin_slot_id*] # (optional) HSM Slot id -# Defaults to $::os_service_default +# Defaults to $facts['os_service_default'] # # [*p11_crypto_plugin_encryption_mechanism*] # (optional) PKCS#11 Mechanism used for encryption -# Defaults to $::os_service_default +# Defaults to $facts['os_service_default'] # # [*p11_crypto_plugin_hmac_key_type*] # (optional) PKCS#11 Key Type for key used in HMAC # operations. -# Defaults to $::os_service_default +# Defaults to $facts['os_service_default'] # # [*p11_crypto_plugin_hmac_keygen_mechanism*] # (optional) PKCS#11 Mechanism used to generate HMAC Key -# Defaults to $::os_service_default +# Defaults to $facts['os_service_default'] # # [*p11_crypto_plugin_aes_gcm_generate_iv*] # (optional) When using the CKM_AES_GCM mechanism, this option # specifies whether the IV should be generated by Barbican. # Setting this to false will defer IV generation to the HSM # which is not standard but is required for some HSMs. -# Defaults to $::os_service_default +# Defaults to $facts['os_service_default'] # # [*p11_crypto_plugin_os_locking_ok*] # (optional) Enable CKF_OS_LOCKING_OK flag when initializing # the PKCS#11 client library. -# Defaults to $::os_service_default +# Defaults to $facts['os_service_default'] # # [*p11_crypto_plugin_always_set_cka_sensitive*] # (optional) Always set CKA_SENSITIVE when generating keys. # In some HSMs extractable keys cannot be marked sensitive. -# Defaults to $::os_service_default +# Defaults to $facts['os_service_default'] # # [*global_default*] # (optional) set plugin as global default @@ -72,15 +72,15 @@ class barbican::plugins::p11_crypto ( $p11_crypto_plugin_mkek_label, $p11_crypto_plugin_mkek_length, $p11_crypto_plugin_hmac_label, - $p11_crypto_plugin_token_serial_number = $::os_service_default, - $p11_crypto_plugin_token_labels = $::os_service_default, - $p11_crypto_plugin_slot_id = $::os_service_default, - $p11_crypto_plugin_encryption_mechanism = $::os_service_default, - $p11_crypto_plugin_hmac_key_type = $::os_service_default, - $p11_crypto_plugin_hmac_keygen_mechanism = $::os_service_default, - $p11_crypto_plugin_aes_gcm_generate_iv = $::os_service_default, - $p11_crypto_plugin_os_locking_ok = $::os_service_default, - $p11_crypto_plugin_always_set_cka_sensitive = $::os_service_default, + $p11_crypto_plugin_token_serial_number = $facts['os_service_default'], + $p11_crypto_plugin_token_labels = $facts['os_service_default'], + $p11_crypto_plugin_slot_id = $facts['os_service_default'], + $p11_crypto_plugin_encryption_mechanism = $facts['os_service_default'], + $p11_crypto_plugin_hmac_key_type = $facts['os_service_default'], + $p11_crypto_plugin_hmac_keygen_mechanism = $facts['os_service_default'], + $p11_crypto_plugin_aes_gcm_generate_iv = $facts['os_service_default'], + $p11_crypto_plugin_os_locking_ok = $facts['os_service_default'], + $p11_crypto_plugin_always_set_cka_sensitive = $facts['os_service_default'], $global_default = false, ) { diff --git a/manifests/plugins/simple_crypto.pp b/manifests/plugins/simple_crypto.pp index f4dc3e03..783569b3 100644 --- a/manifests/plugins/simple_crypto.pp +++ b/manifests/plugins/simple_crypto.pp @@ -6,14 +6,14 @@ # # [*simple_crypto_plugin_kek*] # (optional) Key encryption key to be used by Simple Crypto Plugin. -# Defaults to $::os_service_default +# Defaults to $facts['os_service_default'] # # [*global_default*] # (optional) set plugin as global default # Defaults to false # class barbican::plugins::simple_crypto ( - $simple_crypto_plugin_kek = $::os_service_default, + $simple_crypto_plugin_kek = $facts['os_service_default'], $global_default = false, ) { diff --git a/manifests/plugins/vault.pp b/manifests/plugins/vault.pp index 74989b37..a26291fe 100644 --- a/manifests/plugins/vault.pp +++ b/manifests/plugins/vault.pp @@ -6,23 +6,23 @@ # # [*vault_url*] # (optional) The Vault URL. -# Defaults to $::os_service_default +# Defaults to $facts['os_service_default'] # # [*root_token_id*] # (optional) Vault Root Token ID. -# Defaults to $::os_service_default +# Defaults to $facts['os_service_default'] # # [*approle_role_id*] # (optional) Set the approle role ID. -# Defaults to $::os_service_default +# Defaults to $facts['os_service_default'] # # [*approle_secret_id*] # (optional) Set the approle secret ID. -# Defaults to $::os_service_default +# Defaults to $facts['os_service_default'] # # [*kv_mountpoint*] # (optional) Set the mountpoint of the KV. -# Defaults to $::os_service_default +# Defaults to $facts['os_service_default'] # # [*use_ssl*] # (optional) Enable or disable SSL @@ -30,20 +30,20 @@ # # [*ssl_ca_crt_file*] # (optional) Set the ssl CA cert file -# Defaults to $::os_service_default +# Defaults to $facts['os_service_default'] # # [*global_default*] # (optional) set plugin as global default # Defaults to false # class barbican::plugins::vault ( - $vault_url = $::os_service_default, - $root_token_id = $::os_service_default, - $approle_role_id = $::os_service_default, - $approle_secret_id = $::os_service_default, - $kv_mountpoint = $::os_service_default, + $vault_url = $facts['os_service_default'], + $root_token_id = $facts['os_service_default'], + $approle_role_id = $facts['os_service_default'], + $approle_secret_id = $facts['os_service_default'], + $kv_mountpoint = $facts['os_service_default'], $use_ssl = false, - $ssl_ca_crt_file = $::os_service_default, + $ssl_ca_crt_file = $facts['os_service_default'], $global_default = false, ) { diff --git a/manifests/policy.pp b/manifests/policy.pp index bcf8cfbf..0e561d86 100644 --- a/manifests/policy.pp +++ b/manifests/policy.pp @@ -6,12 +6,12 @@ # # [*enforce_scope*] # (Optional) Whether or not to enforce scope when evaluating policies. -# Defaults to $::os_service_default. +# Defaults to $facts['os_service_default']. # # [*enforce_new_defaults*] # (Optional) Whether or not to use old deprecated defaults when evaluating # policies. -# Defaults to $::os_service_default. +# Defaults to $facts['os_service_default']. # # [*policies*] # (Optional) Set of policies to configure for barbican @@ -34,11 +34,11 @@ # # [*policy_default_rule*] # (Optional) Default rule. Enforced when a requested rule is not found. -# Defaults to $::os_service_default. +# Defaults to $facts['os_service_default']. # # [*policy_dirs*] # (Optional) Path to the barbican policy folder -# Defaults to $::os_service_default +# Defaults to $facts['os_service_default'] # # [*purge_config*] # (optional) Whether to set only the specified policy rules in the policy @@ -46,12 +46,12 @@ # Defaults to false. # class barbican::policy ( - $enforce_scope = $::os_service_default, - $enforce_new_defaults = $::os_service_default, + $enforce_scope = $facts['os_service_default'], + $enforce_new_defaults = $facts['os_service_default'], $policies = {}, $policy_path = '/etc/barbican/policy.yaml', - $policy_default_rule = $::os_service_default, - $policy_dirs = $::os_service_default, + $policy_default_rule = $facts['os_service_default'], + $policy_dirs = $facts['os_service_default'], $purge_config = false, ) { diff --git a/manifests/quota.pp b/manifests/quota.pp index 2618aee5..94fce676 100644 --- a/manifests/quota.pp +++ b/manifests/quota.pp @@ -6,30 +6,30 @@ # # [*quota_secrets*] # (optional) default number of secrets allowed per project -# Defaults to $::os_service_default +# Defaults to $facts['os_service_default'] # # [*quota_orders*] # (optional) default number of orders allowed per project -# Defaults to $::os_service_default +# Defaults to $facts['os_service_default'] # # [*quota_containers*] # (optional) default number of containers allowed per project -# Defaults to $::os_service_default +# Defaults to $facts['os_service_default'] # # [*quota_consumers*] # (optional) default number of consumers allowed per project -# Defaults to $::os_service_default +# Defaults to $facts['os_service_default'] # # [*quota_cas*] # (optional) default number of CAs allowed per project -# Defaults to $::os_service_default +# Defaults to $facts['os_service_default'] # class barbican::quota ( - $quota_secrets = $::os_service_default, - $quota_orders = $::os_service_default, - $quota_containers = $::os_service_default, - $quota_consumers = $::os_service_default, - $quota_cas = $::os_service_default, + $quota_secrets = $facts['os_service_default'], + $quota_orders = $facts['os_service_default'], + $quota_containers = $facts['os_service_default'], + $quota_consumers = $facts['os_service_default'], + $quota_cas = $facts['os_service_default'], ) { include barbican::deps diff --git a/manifests/retry_scheduler.pp b/manifests/retry_scheduler.pp index 1dafd547..0a2d292f 100644 --- a/manifests/retry_scheduler.pp +++ b/manifests/retry_scheduler.pp @@ -18,18 +18,18 @@ # # [*initial_delay_seconds*] # (optional) Seconds (float) to wait before starting retry scheduler -# Defaults to $::os_service_default +# Defaults to $facts['os_service_default'] # # [*periodic_interval_max_seconds*] # (optional) Seconds (float) to wait between starting retry scheduler -# Defaults to $::os_service_default +# Defaults to $facts['os_service_default'] # class barbican::retry_scheduler ( $package_ensure = 'present', $manage_service = true, $enabled = true, - $initial_delay_seconds = $::os_service_default, - $periodic_interval_max_seconds = $::os_service_default, + $initial_delay_seconds = $facts['os_service_default'], + $periodic_interval_max_seconds = $facts['os_service_default'], ){ include barbican::deps @@ -40,7 +40,7 @@ class barbican::retry_scheduler ( 'retry_scheduler/periodic_interval_max_seconds': value => $periodic_interval_max_seconds; } - case $::osfamily { + case $facts['os']['family'] { 'RedHat': { package { 'barbican-retry': ensure => $package_ensure, diff --git a/manifests/wsgi/apache.pp b/manifests/wsgi/apache.pp index f24c9835..aca1d968 100644 --- a/manifests/wsgi/apache.pp +++ b/manifests/wsgi/apache.pp @@ -11,7 +11,7 @@ # # [*servername*] # (Optional) The servername for the virtualhost. -# Defaults to $::fqdn +# Defaults to $facts['networking']['fqdn'] # # [*port*] # (Optional) The port. @@ -31,7 +31,7 @@ # # [*workers*] # (Optional) Number of WSGI workers to spawn. -# Defaults to $::os_workers +# Defaults to $facts['os_workers'] # # [*priority*] # (Optional) The priority for the vhost. @@ -115,12 +115,12 @@ # Copyright 2015 Red Hat Inc. # class barbican::wsgi::apache ( - $servername = $::fqdn, + $servername = $facts['networking']['fqdn'], $port = 9311, $bind_host = undef, $path = '/', $ssl = false, - $workers = $::os_workers, + $workers = $facts['os_workers'], $ssl_cert = undef, $ssl_key = undef, $ssl_chain = undef, diff --git a/manifests/wsgi/uwsgi.pp b/manifests/wsgi/uwsgi.pp index 7bf28d73..1e454aef 100644 --- a/manifests/wsgi/uwsgi.pp +++ b/manifests/wsgi/uwsgi.pp @@ -11,7 +11,7 @@ # # [*processes*] # (Optional) Number of processes. -# Defaults to $::os_workers. +# Defaults to $facts['os_workers']. # # [*threads*] # (Optional) Number of threads. @@ -22,14 +22,14 @@ # Defaults to 100 # class barbican::wsgi::uwsgi ( - $processes = $::os_workers, + $processes = $facts['os_workers'], $threads = 32, $listen_queue_size = 100, ){ include barbican::deps - if $::operatingsystem != 'Debian'{ + if $facts['os']['name'] != 'Debian'{ warning('This class is only valid for Debian, as other operating systems are not using uwsgi by default.') } diff --git a/spec/classes/barbican_api_logging_spec.rb b/spec/classes/barbican_api_logging_spec.rb index 83d44658..b5793872 100644 --- a/spec/classes/barbican_api_logging_spec.rb +++ b/spec/classes/barbican_api_logging_spec.rb @@ -146,11 +146,7 @@ describe 'barbican::api::logging' do }).each do |os,facts| context "on #{os}" do let (:facts) do - facts.merge(OSDefaults.get_facts({ - :processorcount => 8, - :fqdn => 'some.host.tld', - :concat_basedir => '/var/lib/puppet/concat', - })) + facts.merge(OSDefaults.get_facts()) end it_configures 'barbican-api-logging' diff --git a/spec/classes/barbican_api_spec.rb b/spec/classes/barbican_api_spec.rb index f39013f5..3bcc131e 100644 --- a/spec/classes/barbican_api_spec.rb +++ b/spec/classes/barbican_api_spec.rb @@ -129,10 +129,6 @@ describe 'barbican::api' do default_params.merge(param_set) end - let :host_ref do - "http://${::fqdn}:$param_hash[:bind_port]" - end - it { is_expected.to contain_class('barbican::deps') } it { is_expected.to contain_class('barbican::db') } it { is_expected.to contain_class('barbican::policy') } @@ -295,14 +291,10 @@ describe 'barbican::api' do }).each do |os,facts| context "on #{os}" do let (:facts) do - facts.merge(OSDefaults.get_facts({ - :processorcount => 7, - :fqdn => 'some.host.tld', - :concat_basedir => '/var/lib/puppet/concat', - })) + facts.merge(OSDefaults.get_facts()) end - case facts[:osfamily] + case facts[:os]['family'] when 'RedHat' let (:platform_params) do { :service_name => 'openstack-barbican-api' } diff --git a/spec/classes/barbican_client_spec.rb b/spec/classes/barbican_client_spec.rb index a1082124..c24bb6ed 100644 --- a/spec/classes/barbican_client_spec.rb +++ b/spec/classes/barbican_client_spec.rb @@ -53,13 +53,11 @@ describe 'barbican::client' do }).each do |os,facts| context "on #{os}" do let (:facts) do - facts.merge(OSDefaults.get_facts({ - :fqdn => 'some.host.tld', - })) + facts.merge(OSDefaults.get_facts()) end let(:platform_params) do - case facts[:osfamily] + case facts[:os]['family'] when 'Debian' { :client_package_name => 'python3-barbicanclient' } when 'RedHat' diff --git a/spec/classes/barbican_db_mysql_spec.rb b/spec/classes/barbican_db_mysql_spec.rb index 53478ba0..47b9840c 100644 --- a/spec/classes/barbican_db_mysql_spec.rb +++ b/spec/classes/barbican_db_mysql_spec.rb @@ -81,11 +81,7 @@ describe 'barbican::db::mysql' do }).each do |os,facts| context "on #{os}" do let (:facts) do - facts.merge(OSDefaults.get_facts({ - :processorcount => 8, - :fqdn => 'some.host.tld', - :concat_basedir => '/var/lib/puppet/concat', - })) + facts.merge(OSDefaults.get_facts()) end it_configures 'barbican db mysql' diff --git a/spec/classes/barbican_db_spec.rb b/spec/classes/barbican_db_spec.rb index da478385..f71a3f74 100644 --- a/spec/classes/barbican_db_spec.rb +++ b/spec/classes/barbican_db_spec.rb @@ -74,11 +74,7 @@ describe 'barbican::db' do }).each do |os,facts| context "on #{os}" do let (:facts) do - facts.merge(OSDefaults.get_facts({ - :processorcount => 8, - :fqdn => 'some.host.tld', - :concat_basedir => '/var/lib/puppet/concat', - })) + facts.merge(OSDefaults.get_facts()) end it_behaves_like 'barbican::db' diff --git a/spec/classes/barbican_db_sync_spec.rb b/spec/classes/barbican_db_sync_spec.rb index 1c711e15..8d2fdda5 100644 --- a/spec/classes/barbican_db_sync_spec.rb +++ b/spec/classes/barbican_db_sync_spec.rb @@ -89,10 +89,7 @@ describe 'barbican::db::sync' do }).each do |os,facts| context "on #{os}" do let (:facts) do - facts.merge(OSDefaults.get_facts({ - :os_workers => 8, - :concat_basedir => '/var/lib/puppet/concat' - })) + facts.merge(OSDefaults.get_facts()) end it_configures 'barbican-dbsync' diff --git a/spec/classes/barbican_init_spec.rb b/spec/classes/barbican_init_spec.rb index ceccf25b..6a905594 100644 --- a/spec/classes/barbican_init_spec.rb +++ b/spec/classes/barbican_init_spec.rb @@ -36,7 +36,7 @@ describe 'barbican' do end let(:platform_params) do - case facts[:osfamily] + case facts[:os]['family'] when 'Debian' { :barbican_common_package => 'barbican-common' } when 'RedHat' diff --git a/spec/classes/barbican_keystone_notification_spec.rb b/spec/classes/barbican_keystone_notification_spec.rb index db05f476..72c083f2 100644 --- a/spec/classes/barbican_keystone_notification_spec.rb +++ b/spec/classes/barbican_keystone_notification_spec.rb @@ -108,7 +108,7 @@ describe 'barbican::keystone::notification' do end let (:platform_params) do - case facts[:osfamily] + case facts[:os]['family'] when 'RedHat' { :keystone_listener_package_name => 'openstack-barbican-keystone-listener', diff --git a/spec/classes/barbican_plugins_dogtag_spec.rb b/spec/classes/barbican_plugins_dogtag_spec.rb index d5494a73..3a5832c3 100644 --- a/spec/classes/barbican_plugins_dogtag_spec.rb +++ b/spec/classes/barbican_plugins_dogtag_spec.rb @@ -86,7 +86,7 @@ describe 'barbican::plugins::dogtag' do }).each do |os,facts| context "on #{os}" do let (:facts) do - facts.merge!(OSDefaults.get_facts( :os_workers => '7' )) + facts.merge!(OSDefaults.get_facts()) end it_behaves_like 'barbican::plugins::dogtag' diff --git a/spec/classes/barbican_plugins_kmip_spec.rb b/spec/classes/barbican_plugins_kmip_spec.rb index 1363be95..4f502606 100644 --- a/spec/classes/barbican_plugins_kmip_spec.rb +++ b/spec/classes/barbican_plugins_kmip_spec.rb @@ -99,11 +99,7 @@ describe 'barbican::plugins::kmip' do }).each do |os,facts| context "on #{os}" do let (:facts) do - facts.merge(OSDefaults.get_facts({ - :processorcount => 8, - :fqdn => 'some.host.tld', - :concat_basedir => '/var/lib/puppet/concat', - })) + facts.merge(OSDefaults.get_facts()) end it_configures 'barbican plugins kmip' diff --git a/spec/classes/barbican_plugins_p11_crypto_spec.rb b/spec/classes/barbican_plugins_p11_crypto_spec.rb index 14fa77f7..83ccbab0 100644 --- a/spec/classes/barbican_plugins_p11_crypto_spec.rb +++ b/spec/classes/barbican_plugins_p11_crypto_spec.rb @@ -101,11 +101,7 @@ describe 'barbican::plugins::p11_crypto' do }).each do |os,facts| context "on #{os}" do let (:facts) do - facts.merge(OSDefaults.get_facts({ - :processorcount => 8, - :fqdn => 'some.host.tld', - :concat_basedir => '/var/lib/puppet/concat', - })) + facts.merge(OSDefaults.get_facts()) end it_configures 'barbican plugins p11_crypto' diff --git a/spec/classes/barbican_plugins_simple_crypto_spec.rb b/spec/classes/barbican_plugins_simple_crypto_spec.rb index 5af714e8..e5af18e5 100644 --- a/spec/classes/barbican_plugins_simple_crypto_spec.rb +++ b/spec/classes/barbican_plugins_simple_crypto_spec.rb @@ -73,11 +73,7 @@ describe 'barbican::plugins::simple_crypto' do }).each do |os,facts| context "on #{os}" do let (:facts) do - facts.merge(OSDefaults.get_facts({ - :processorcount => 8, - :fqdn => 'some.host.tld', - :concat_basedir => '/var/lib/puppet/concat', - })) + facts.merge(OSDefaults.get_facts()) end it_configures 'barbican plugins simple_crypto' diff --git a/spec/classes/barbican_plugins_vault_spec.rb b/spec/classes/barbican_plugins_vault_spec.rb index b9af54bb..ca14b38b 100644 --- a/spec/classes/barbican_plugins_vault_spec.rb +++ b/spec/classes/barbican_plugins_vault_spec.rb @@ -109,11 +109,7 @@ describe 'barbican::plugins::vault' do }).each do |os,facts| context "on #{os}" do let (:facts) do - facts.merge(OSDefaults.get_facts({ - :processorcount => 8, - :fqdn => 'some.host.tld', - :concat_basedir => '/var/lib/puppet/concat', - })) + facts.merge(OSDefaults.get_facts()) end it_configures 'barbican plugins vault' diff --git a/spec/classes/barbican_quota_spec.rb b/spec/classes/barbican_quota_spec.rb index 06dc3437..37cfbd2d 100644 --- a/spec/classes/barbican_quota_spec.rb +++ b/spec/classes/barbican_quota_spec.rb @@ -24,21 +24,21 @@ describe 'barbican::quota' do shared_examples_for 'barbican quota' do let :default_params do { - :quota_secrets => '', - :quota_orders => '', - :quota_containers => '', - :quota_consumers => '', - :quota_cas => '', + :quota_secrets => '', + :quota_orders => '', + :quota_containers => '', + :quota_consumers => '', + :quota_cas => '', } end [{}, { - :quota_secrets => 100, - :quota_orders => 100, - :quota_containers => 100, - :quota_consumers => 100, - :quota_cas => 10, + :quota_secrets => 100, + :quota_orders => 100, + :quota_containers => 100, + :quota_consumers => 100, + :quota_cas => 10, } ].each do |param_set| @@ -72,11 +72,7 @@ describe 'barbican::quota' do }).each do |os,facts| context "on #{os}" do let (:facts) do - facts.merge(OSDefaults.get_facts({ - :processorcount => 8, - :fqdn => 'some.host.tld', - :concat_basedir => '/var/lib/puppet/concat', - })) + facts.merge(OSDefaults.get_facts()) end it_configures 'barbican quota' diff --git a/spec/classes/barbican_retry_scheduler_spec.rb b/spec/classes/barbican_retry_scheduler_spec.rb index 393f87fc..9ff632ab 100644 --- a/spec/classes/barbican_retry_scheduler_spec.rb +++ b/spec/classes/barbican_retry_scheduler_spec.rb @@ -61,7 +61,7 @@ describe 'barbican::retry_scheduler' do end let(:platform_params) do - case facts[:osfamily] + case facts[:os]['family'] when 'Debian' {} when 'RedHat' @@ -73,7 +73,7 @@ describe 'barbican::retry_scheduler' do end it_behaves_like 'barbican::retry_scheduler' - if facts[:osfamily] == 'RedHat' + if facts[:os]['family'] == 'RedHat' it_behaves_like 'barbican::retry_scheduler in RedHat' end end diff --git a/spec/classes/barbican_worker_spec.rb b/spec/classes/barbican_worker_spec.rb index 7b52fa7b..92304006 100644 --- a/spec/classes/barbican_worker_spec.rb +++ b/spec/classes/barbican_worker_spec.rb @@ -76,7 +76,7 @@ describe 'barbican::worker' do facts.merge(OSDefaults.get_facts()) end - case facts[:osfamily] + case facts[:os]['family'] when 'RedHat' let (:platform_params) do { diff --git a/spec/classes/barbican_wsgi_apache_spec.rb b/spec/classes/barbican_wsgi_apache_spec.rb index 5bdedad4..f160a89b 100644 --- a/spec/classes/barbican_wsgi_apache_spec.rb +++ b/spec/classes/barbican_wsgi_apache_spec.rb @@ -29,7 +29,7 @@ describe 'barbican::wsgi::apache' do :group => 'barbican', :path => '/', :priority => 10, - :servername => facts[:fqdn], + :servername => 'foo.example.com', :ssl => false, :threads => 1, :user => 'barbican', @@ -165,14 +165,12 @@ describe 'barbican::wsgi::apache' do }).each do |os,facts| let (:facts) do facts.merge!(OSDefaults.get_facts({ - :os_workers => 8, - :concat_basedir => '/var/lib/puppet/concat', - :fqdn => 'some.host.tld' + :os_workers => 8, })) end let(:platform_params) do - case facts[:osfamily] + case facts[:os]['family'] when 'Debian' { :wsgi_script_path => '/usr/lib/cgi-bin/barbican',