openstack/puppet-keystone
Code Issues Proposed changes

Prepare for voxpupuli-puppet-lint-plugins

Browse Source 
Fix new lint errors detected when full of the voxpupili lint plugins
are enabled.

Change-Id: I46ab2d0a68d381ae28564110d4b200a88af64959
Signed-off-by: Takashi Kajinami <kajinamit@oss.nttdata.com>
This commit is contained in:
Takashi Kajinami
2025-08-20 00:19:07 +09:00
parent fb4897776f
commit cdd558c2f0
28 changed files with 74 additions and 110 deletions
Download Patch File Download Diff File Expand all files Collapse all files

1
examples/user_project_user_role_composite_namevar.pp
View File

@@ -145,7 +145,6 @@ keystone_user_role { 'user_one@::domain_one':
}
# is an error, and will trigger one.
# NOTE: for the all examples above to work you have to define:
keystone_domain { 'domain_one':
ensure => present,

1
examples/v3_basic.pp
View File

@@ -1,6 +1,5 @@
Exec { logoutput => 'on_failure' }
class { 'mysql::server': }
class { 'keystone::db::mysql':
password => 'keystone',

1
manifests/bootstrap.pp
View File

@@ -83,7 +83,6 @@ class keystone::bootstrap (
Boolean $bootstrap = true,
Boolean $manage_resources = true,
) inherits keystone::params {
include keystone::deps
$internal_url_real = $internal_url ? {

5
manifests/cache.pp
View File

@@ -245,7 +245,7 @@
# (Optional) Time to cache application credential data in seconds.
# Default to $facts['os_service_default']
#
class keystone::cache(
class keystone::cache (
$config_prefix = $facts['os_service_default'],
$expiration_time = $facts['os_service_default'],
$backend_expiration_time = $facts['os_service_default'],
@@ -292,8 +292,7 @@ class keystone::cache(
$application_credential_caching = $facts['os_service_default'],
$application_credential_cache_time = $facts['os_service_default'],
Boolean $manage_backend_package = true,
){
) {
include keystone::deps
if !is_service_default($memcache_servers) {

1
manifests/config.pp
View File

@@ -23,7 +23,6 @@
class keystone::config (
Hash $keystone_config = {},
) {
include keystone::deps
create_resources('keystone_config', $keystone_config)

1
manifests/cors.pp
View File

@@ -44,7 +44,6 @@ class keystone::cors (
$allow_methods = $facts['os_service_default'],
$allow_headers = $facts['os_service_default'],
) {
include keystone::deps
oslo::cors { 'keystone_config':

1
manifests/cron/fernet_rotate.pp
View File

@@ -63,7 +63,6 @@ class keystone::cron::fernet_rotate (
Integer[0] $maxdelay = 0,
$user = $keystone::params::user,
) inherits keystone::params {
include keystone::deps
if $maxdelay == 0 {

1
manifests/cron/trust_flush.pp
View File

@@ -72,7 +72,6 @@ class keystone::cron::trust_flush (
$destination = '/var/log/keystone/keystone-trustflush.log',
$user = $keystone::params::user,
) inherits keystone::params {
include keystone::deps
if $maxdelay == 0 {

1
manifests/db.pp
View File

@@ -59,7 +59,6 @@ class keystone::db (
$database_pool_timeout = $facts['os_service_default'],
$mysql_enable_ndb = $facts['os_service_default'],
) {
include keystone::deps
oslo::db { 'keystone_config':

3
manifests/db/mysql.pp
View File

@@ -33,7 +33,7 @@
# Only used with mysql modules >= 2.2.
# Defaults to 'utf8_general_ci'
#
class keystone::db::mysql(
class keystone::db::mysql (
String[1] $password,
$dbname = 'keystone',
$user = 'keystone',
@@ -42,7 +42,6 @@ class keystone::db::mysql(
$collate = 'utf8_general_ci',
$allowed_hosts = undef
) {
include keystone::deps
openstacklib::db::mysql { 'keystone':

3
manifests/db/postgresql.pp
View File

@@ -34,14 +34,13 @@
# (Optional) Privileges given to the database user.
# Default to 'ALL'
#
class keystone::db::postgresql(
class keystone::db::postgresql (
$password,
$dbname = 'keystone',
$user = 'keystone',
$encoding = undef,
$privileges = 'ALL',
) {
include keystone::deps
openstacklib::db::postgresql { 'keystone':

3
manifests/db/sync.pp
View File

@@ -18,12 +18,11 @@
# (Optional) Timeout for the execution of the db_sync
# Defaults to 300
#
class keystone::db::sync(
class keystone::db::sync (
$extra_params = undef,
$keystone_user = $keystone::params::user,
$db_sync_timeout = 300,
) inherits keystone::params {
include keystone::deps
exec { 'keystone-manage db_sync':

1
manifests/federation.pp
View File

@@ -18,7 +18,6 @@ class keystone::federation (
$trusted_dashboards = $facts['os_service_default'],
$remote_id_attribute = $facts['os_service_default'],
) {
include keystone::deps
keystone_config {

10
manifests/federation/identity_provider.pp
View File

@@ -78,7 +78,7 @@
#
# Copyright 2013 eNovance <licensing@enovance.com>
#
class keystone::federation::identity_provider(
class keystone::federation::identity_provider (
$idp_entity_id,
$idp_sso_endpoint,
Stdlib::Absolutepath $idp_metadata_path,
@@ -96,14 +96,13 @@ class keystone::federation::identity_provider(
$idp_contact_type = $facts['os_service_default'],
$package_ensure = present,
) inherits keystone::params {
include keystone::deps
if $keystone::service_name != 'httpd' {
fail ('Keystone need to be running under Apache for Federation work.')
}
package{ 'xmlsec1':
package { 'xmlsec1':
ensure => $package_ensure,
tag => 'keystone-support-package',
}
@@ -129,11 +128,11 @@ class keystone::federation::identity_provider(
keystone_config {
'saml/idp_contact_type': value => $idp_contact_type;
}
} else{
} else {
fail('Allowed values for idp_contact_type are: technical, support, administrative, billing and other')
}
exec {'saml_idp_metadata':
exec { 'saml_idp_metadata':
path => '/usr/bin',
user => $user,
command => "keystone-manage saml_idp_metadata > ${idp_metadata_path}",
@@ -148,5 +147,4 @@ class keystone::federation::identity_provider(
mode => '0600',
owner => $user,
}
}

3
manifests/federation/mellon.pp
View File

@@ -38,7 +38,6 @@ class keystone::federation::mellon (
$template_order = 331,
Boolean $enable_websso = false,
) {
include apache
include apache::mod::auth_mellon
include keystone::deps
@@ -66,7 +65,7 @@ Apache + Mellon SP setups, where a REMOTE_USER env variable is always set, even
'auth/methods': value => join(any2array($methods),',');
}
if($enable_websso){
if $enable_websso {
keystone_config {
'mapped/remote_id_attribute': value => 'MELLON_IDP';
}

1
manifests/federation/shibboleth.pp
View File

@@ -49,7 +49,6 @@ class keystone::federation::shibboleth (
$template_order = 331,
$yum_repo_name = 'shibboleth',
) {
include apache
include keystone::deps

1
manifests/healthcheck.pp
View File

@@ -46,7 +46,6 @@ class keystone::healthcheck (
$disable_by_file_paths = $facts['os_service_default'],
$enable_by_file_paths = $facts['os_service_default'],
) {
include keystone::deps
oslo::healthcheck { 'keystone_config':

3
manifests/init.pp
View File

@@ -396,7 +396,7 @@
#
# Copyright 2012 Puppetlabs Inc, unless otherwise noted.
#
class keystone(
class keystone (
Boolean $manage_package = true,
$package_ensure = 'present',
$catalog_driver = $facts['os_service_default'],
@@ -469,7 +469,6 @@ class keystone(
# DEPRECATED PARAMETERS
$rabbit_heartbeat_in_pthread = undef,
) inherits keystone::params {
include keystone::deps
include keystone::logging
include keystone::policy

3
manifests/ldap.pp
View File

@@ -239,7 +239,7 @@
#
# Copyright 2012 Puppetlabs Inc, unless otherwise noted.
#
class keystone::ldap(
class keystone::ldap (
$url = $facts['os_service_default'],
$user = $facts['os_service_default'],
$password = $facts['os_service_default'],
@@ -292,7 +292,6 @@ class keystone::ldap(
$package_ensure = present,
Boolean $manage_packages = true,
) inherits keystone::params {
include keystone::deps
if $manage_packages {

3
manifests/ldap_backend.pp
View File

@@ -248,7 +248,7 @@
#
# == Dependencies
# == Examples
define keystone::ldap_backend(
define keystone::ldap_backend (
$url = $facts['os_service_default'],
$user = $facts['os_service_default'],
$password = $facts['os_service_default'],
@@ -303,7 +303,6 @@ define keystone::ldap_backend(
Boolean $manage_packages = true,
Boolean $create_domain_entry = false,
) {
include keystone::deps
include keystone::params

3
manifests/logging.pp
View File

@@ -106,7 +106,7 @@
# Defaults to $facts['os_service_default']
# Example: 'Y-%m-%d %H:%M:%S'
#
class keystone::logging(
class keystone::logging (
$use_syslog = $facts['os_service_default'],
$use_journal = $facts['os_service_default'],
$use_json = $facts['os_service_default'],
@@ -128,7 +128,6 @@ class keystone::logging(
$instance_uuid_format = $facts['os_service_default'],
$log_date_format = $facts['os_service_default'],
) {
include keystone::deps
oslo::log { 'keystone_config':

2
manifests/policy.pp
View File

@@ -54,7 +54,6 @@ class keystone::policy (
$policy_dirs = $facts['os_service_default'],
Boolean $purge_config = false,
) {
include keystone::deps
include keystone::params
@@ -81,5 +80,4 @@ class keystone::policy (
policy_default_rule => $policy_default_rule,
policy_dirs => $policy_dirs,
}
}

82
manifests/resource/authtoken.pp
View File

@@ -228,7 +228,7 @@
# "public", "internal" or "admin".
# Defaults to $facts['os_service_default'].
#
define keystone::resource::authtoken(
define keystone::resource::authtoken (
$username,
$password,
$auth_url = 'http://127.0.0.1:5000',
@@ -268,12 +268,10 @@ define keystone::resource::authtoken(
$service_type = $facts['os_service_default'],
$interface = $facts['os_service_default'],
) {
include keystone::deps
include keystone::params
if !is_service_default($memcache_security_strategy) {
if !(downcase($memcache_security_strategy) in ['none', 'mac', 'encrypt']){
if !(downcase($memcache_security_strategy) in ['none', 'mac', 'encrypt']) {
fail('memcache_security_strategy can be set only to None, MAC or ENCRYPT')
}
@@ -282,7 +280,7 @@ define keystone::resource::authtoken(
}
}
if !is_service_default($memcached_servers) and !empty($memcached_servers){
if !is_service_default($memcached_servers) and !empty($memcached_servers) {
$memcached_servers_array = $memcached_servers ? {
String => split($memcached_servers, ','),
default => $memcached_servers
@@ -311,43 +309,43 @@ define keystone::resource::authtoken(
}
$keystonemiddleware_options = {
'keystone_authtoken/auth_section' => {'value' => $auth_section},
'keystone_authtoken/www_authenticate_uri' => {'value' => $www_authenticate_uri},
'keystone_authtoken/auth_type' => {'value' => $auth_type},
'keystone_authtoken/auth_version' => {'value' => $auth_version},
'keystone_authtoken/cache' => {'value' => $cache},
'keystone_authtoken/cafile' => {'value' => $cafile},
'keystone_authtoken/certfile' => {'value' => $certfile},
'keystone_authtoken/collect_timing' => {'value' => $collect_timing},
'keystone_authtoken/delay_auth_decision' => {'value' => $delay_auth_decision},
'keystone_authtoken/enforce_token_bind' => {'value' => $enforce_token_bind},
'keystone_authtoken/http_connect_timeout' => {'value' => $http_connect_timeout},
'keystone_authtoken/http_request_max_retries' => {'value' => $http_request_max_retries},
'keystone_authtoken/include_service_catalog' => {'value' => $include_service_catalog},
'keystone_authtoken/keyfile' => {'value' => $keyfile},
'keystone_authtoken/memcache_pool_conn_get_timeout' => {'value' => $memcache_pool_conn_get_timeout},
'keystone_authtoken/memcache_pool_dead_retry' => {'value' => $memcache_pool_dead_retry},
'keystone_authtoken/memcache_pool_maxsize' => {'value' => $memcache_pool_maxsize},
'keystone_authtoken/memcache_pool_socket_timeout' => {'value' => $memcache_pool_socket_timeout},
'keystone_authtoken/memcache_pool_unused_timeout' => {'value' => $memcache_pool_unused_timeout},
'keystone_authtoken/memcache_secret_key' => {'value' => $memcache_secret_key, 'secret' => true},
'keystone_authtoken/memcache_security_strategy' => {'value' => $memcache_security_strategy},
'keystone_authtoken/memcache_use_advanced_pool' => {'value' => $memcache_use_advanced_pool},
'keystone_authtoken/memcached_servers' => {'value' => $memcached_servers_real},
'keystone_authtoken/region_name' => {'value' => $region_name},
'keystone_authtoken/token_cache_time' => {'value' => $token_cache_time},
'keystone_authtoken/auth_url' => {'value' => $auth_url},
'keystone_authtoken/username' => {'value' => $username},
'keystone_authtoken/password' => {'value' => $password, 'secret' => true},
'keystone_authtoken/user_domain_name' => {'value' => $user_domain_name},
'keystone_authtoken/project_name' => {'value' => $project_name_real},
'keystone_authtoken/project_domain_name' => {'value' => $project_domain_name_real},
'keystone_authtoken/system_scope' => {'value' => $system_scope},
'keystone_authtoken/insecure' => {'value' => $insecure},
'keystone_authtoken/service_token_roles' => {'value' => join(any2array($service_token_roles), ',')},
'keystone_authtoken/service_token_roles_required' => {'value' => $service_token_roles_required},
'keystone_authtoken/service_type' => {'value' => $service_type},
'keystone_authtoken/interface' => {'value' => $interface},
'keystone_authtoken/auth_section' => { 'value' => $auth_section },
'keystone_authtoken/www_authenticate_uri' => { 'value' => $www_authenticate_uri },
'keystone_authtoken/auth_type' => { 'value' => $auth_type },
'keystone_authtoken/auth_version' => { 'value' => $auth_version },
'keystone_authtoken/cache' => { 'value' => $cache },
'keystone_authtoken/cafile' => { 'value' => $cafile },
'keystone_authtoken/certfile' => { 'value' => $certfile },
'keystone_authtoken/collect_timing' => { 'value' => $collect_timing },
'keystone_authtoken/delay_auth_decision' => { 'value' => $delay_auth_decision },
'keystone_authtoken/enforce_token_bind' => { 'value' => $enforce_token_bind },
'keystone_authtoken/http_connect_timeout' => { 'value' => $http_connect_timeout },
'keystone_authtoken/http_request_max_retries' => { 'value' => $http_request_max_retries },
'keystone_authtoken/include_service_catalog' => { 'value' => $include_service_catalog },
'keystone_authtoken/keyfile' => { 'value' => $keyfile },
'keystone_authtoken/memcache_pool_conn_get_timeout' => { 'value' => $memcache_pool_conn_get_timeout },
'keystone_authtoken/memcache_pool_dead_retry' => { 'value' => $memcache_pool_dead_retry },
'keystone_authtoken/memcache_pool_maxsize' => { 'value' => $memcache_pool_maxsize },
'keystone_authtoken/memcache_pool_socket_timeout' => { 'value' => $memcache_pool_socket_timeout },
'keystone_authtoken/memcache_pool_unused_timeout' => { 'value' => $memcache_pool_unused_timeout },
'keystone_authtoken/memcache_secret_key' => { 'value' => $memcache_secret_key, 'secret' => true },
'keystone_authtoken/memcache_security_strategy' => { 'value' => $memcache_security_strategy },
'keystone_authtoken/memcache_use_advanced_pool' => { 'value' => $memcache_use_advanced_pool },
'keystone_authtoken/memcached_servers' => { 'value' => $memcached_servers_real },
'keystone_authtoken/region_name' => { 'value' => $region_name },
'keystone_authtoken/token_cache_time' => { 'value' => $token_cache_time },
'keystone_authtoken/auth_url' => { 'value' => $auth_url },
'keystone_authtoken/username' => { 'value' => $username },
'keystone_authtoken/password' => { 'value' => $password, 'secret' => true },
'keystone_authtoken/user_domain_name' => { 'value' => $user_domain_name },
'keystone_authtoken/project_name' => { 'value' => $project_name_real },
'keystone_authtoken/project_domain_name' => { 'value' => $project_domain_name_real },
'keystone_authtoken/system_scope' => { 'value' => $system_scope },
'keystone_authtoken/insecure' => { 'value' => $insecure },
'keystone_authtoken/service_token_roles' => { 'value' => join(any2array($service_token_roles), ',') },
'keystone_authtoken/service_token_roles_required' => { 'value' => $service_token_roles_required },
'keystone_authtoken/service_type' => { 'value' => $service_type },
'keystone_authtoken/interface' => { 'value' => $interface },
}
create_resources($name, $keystonemiddleware_options)

5
manifests/resource/service_identity.pp
View File

@@ -109,7 +109,7 @@
# (Optional) Domain for $tenant (project)
# Defaults to undef (use the keystone server default domain)
#
define keystone::resource::service_identity(
define keystone::resource::service_identity (
Enum['present', 'absent'] $ensure = 'present',
Optional[Keystone::EndpointUrl] $admin_url = undef,
Optional[Keystone::EndpointUrl] $internal_url = undef,
@@ -133,7 +133,6 @@ define keystone::resource::service_identity(
Optional[String[1]] $user_domain = $default_domain,
Optional[String[1]] $project_domain = $default_domain,
) {
include keystone::deps
$user_domain_real = $user_domain ? {
@@ -169,11 +168,9 @@ define keystone::resource::service_identity(
'email' => $email,
'domain' => $user_domain_real,
})
}
if $configure_user_role {
if $ensure == 'present' {
# NOTE(jaosorior): We only handle ensure 'present' here, since deleting a
# role might be conflicting in some cases. e.g. the deployer removing a

36
manifests/resource/service_user.pp
View File

@@ -73,7 +73,7 @@
# (Optional) The region in which the identity server can be found.
# Defaults to $facts['os_service_default'].
#
define keystone::resource::service_user(
define keystone::resource::service_user (
$username,
$password,
$auth_url = 'http://127.0.0.1:5000',
@@ -90,10 +90,6 @@ define keystone::resource::service_user(
$keyfile = $facts['os_service_default'],
$region_name = $facts['os_service_default'],
) {
include keystone::params
include keystone::deps
if is_service_default($system_scope) {
$project_name_real = $project_name
$project_domain_name_real = $project_domain_name
@@ -105,21 +101,21 @@ define keystone::resource::service_user(
}
$service_user_options = {
'service_user/auth_type' => {'value' => $auth_type},
'service_user/auth_version' => {'value' => $auth_version},
'service_user/cafile' => {'value' => $cafile},
'service_user/certfile' => {'value' => $certfile},
'service_user/keyfile' => {'value' => $keyfile},
'service_user/region_name' => {'value' => $region_name},
'service_user/auth_url' => {'value' => $auth_url},
'service_user/username' => {'value' => $username},
'service_user/password' => {'value' => $password, 'secret' => true},
'service_user/user_domain_name' => {'value' => $user_domain_name},
'service_user/project_name' => {'value' => $project_name_real},
'service_user/project_domain_name' => {'value' => $project_domain_name_real},
'service_user/system_scope' => {'value' => $system_scope},
'service_user/send_service_user_token' => {'value' => $send_service_user_token},
'service_user/insecure' => {'value' => $insecure},
'service_user/auth_type' => { 'value' => $auth_type },
'service_user/auth_version' => { 'value' => $auth_version },
'service_user/cafile' => { 'value' => $cafile },
'service_user/certfile' => { 'value' => $certfile },
'service_user/keyfile' => { 'value' => $keyfile },
'service_user/region_name' => { 'value' => $region_name },
'service_user/auth_url' => { 'value' => $auth_url },
'service_user/username' => { 'value' => $username },
'service_user/password' => { 'value' => $password, 'secret' => true },
'service_user/user_domain_name' => { 'value' => $user_domain_name },
'service_user/project_name' => { 'value' => $project_name_real },
'service_user/project_domain_name' => { 'value' => $project_domain_name_real },
'service_user/system_scope' => { 'value' => $system_scope },
'service_user/send_service_user_token' => { 'value' => $send_service_user_token },
'service_user/insecure' => { 'value' => $insecure },
}
create_resources($name, $service_user_options)

3
manifests/security_compliance.pp
View File

@@ -74,7 +74,7 @@
# (Optional) Number of characters of hash of invalid password to be returned.
# Defaults to $facts['os_service_default']
#
class keystone::security_compliance(
class keystone::security_compliance (
$change_password_upon_first_use = $facts['os_service_default'],
$disable_user_account_days_inactive = $facts['os_service_default'],
$lockout_duration = $facts['os_service_default'],
@@ -89,7 +89,6 @@ class keystone::security_compliance(
$invalid_password_hash_function = $facts['os_service_default'],
$invalid_password_hash_max_chars = $facts['os_service_default'],
) {
include keystone::deps
keystone_config {

1
manifests/wsgi/apache.pp
View File

@@ -180,7 +180,6 @@ class keystone::wsgi::apache (
$vhost_custom_fragment = undef,
$custom_wsgi_process_options = {},
) {
include keystone::deps
include keystone::params

5
manifests/wsgi/uwsgi.pp
View File

@@ -25,11 +25,10 @@ class keystone::wsgi::uwsgi (
$processes = $facts['os_workers'],
$threads = 32,
$listen_queue_size = 100,
){
) {
include keystone::deps
if $facts['os']['name'] != 'Debian'{
if $facts['os']['name'] != 'Debian' {
warning('This class is only valid for Debian, as other operating systems are not using uwsgi by default.')
}