Prepare for new lint plugins

This fixes a few lint warnings/errors detected by the following plugins
we aim to enable soon.
 - puppet-lint-file_ensure-check
 - puppet-lint-trailing_comma-check
 - puppet-lint-topscope-variable-check

Change-Id: I42a03325dec65273cf885a780343ed2929fe4230
Signed-off-by: Takashi Kajinami <kajinamit@oss.nttdata.com>

examples/apache_dropin.pp

@@ -42,5 +42,5 @@ keystone_config { 'ssl/enable': value => true }
 
 include apache
 class { 'keystone::wsgi::apache':
-  ssl => true
+  ssl => true,
 }

examples/k2k_sp_shib.pp

@@ -30,7 +30,7 @@ yumrepo { 'shibboleth':
   gpgcheck => 1,
   gpgkey   => 'http://download.opensuse.org/repositories/security:/shibboleth/CentOS_7/repodata/repomd.xml.key',
   enabled  => 1,
-  require  => Anchor['openstack_extras_redhat']
+  require  => Anchor['openstack_extras_redhat'],
 }
 
 Yumrepo['shibboleth'] -> Class['keystone::federation::shibboleth']
@@ -61,7 +61,7 @@ keystone_config { 'ssl/enable': value => true }
 
 include apache
 class { 'keystone::wsgi::apache':
-  ssl => true
+  ssl => true,
 }
 
 class { 'keystone::federation::shibboleth':

examples/ldap_backend.pp

@@ -6,7 +6,7 @@ class { 'keystone':
   debug               => true,
   enabled             => true,
   # helper for using domains
-  using_domain_config => true
+  using_domain_config => true,
 }
 
 # Ensure this matches what is in LDAP or keystone will try to recreate

examples/user_project_user_role_composite_namevar.pp

@@ -21,7 +21,7 @@ keystone_user { 'user_one::domain_one': ensure => present }
 # Note, that parameter override title paring.  So:
 keystone_user { 'user_one::domain_two':
   ensure => present,
-  domain => 'domain_one'
+  domain => 'domain_one',
 }
 
 # will create the user in the domain_one, not domain_two.
@@ -33,7 +33,7 @@ keystone_user { 'user_one::domain_two':
 keystone_user { 'meanlinglesstitle':
   ensure => present,
   user   => 'user_one',
-  domain => 'domain_one'
+  domain => 'domain_one',
 }
 
 # This works for user, project and, with a twist, for user_role, where
@@ -43,7 +43,7 @@ keystone_user { 'meanlinglesstitle':
 
 keystone_tenant { 'project_one':
   ensure => present,
-  domain => 'domain_one'
+  domain => 'domain_one',
 }
 
 # is identical to
@@ -57,13 +57,13 @@ keystone_user_role { 'user_one@project_one':
   ensure         => present,
   user_domain    => 'domain_one',
   project_domain => 'domain_two',
-  roles          => ['admin']
+  roles          => ['admin'],
 }
 
 # all the way to
 keystone_user_role { 'user_one::domain_one@project_one::domain_two':
   ensure => present,
-  roles  => ['admin']
+  roles  => ['admin'],
 }
 # and all combinations in between.
 
@@ -71,7 +71,7 @@ keystone_user_role { 'user_one::domain_one@project_one::domain_two':
 keystone_user_role { 'user_one::domain_one@project_one::domain_one':
   ensure         => present,
   project_domain => 'domain_two',
-  roles          => ['admin']
+  roles          => ['admin'],
 }
 
 # will match the project project_one::domain_two, not
@@ -84,7 +84,7 @@ keystone_user_role { 'user_one':
   user_domain    => 'domain_one',
   project        => 'project_one',
   project_domain => 'domain_two',
-  roles          => ['admin']
+  roles          => ['admin'],
 }
 
 # this will trigger an error.  You need the '::'
@@ -93,13 +93,13 @@ keystone_user_role { 'user_one':
 keystone_user_role { 'user_one@::domain':
   ensure      => present,
   user_domain => 'domain_one',
-  roles       => ['admin']
+  roles       => ['admin'],
 }
 
 # is identical to
 keystone_user_role { 'user_one::domain_one@::domain_one':
   ensure => present,
-  roles  => ['admin']
+  roles  => ['admin'],
 }
 
 # But, you cannot define:
@@ -108,7 +108,7 @@ keystone_user_role { 'meaningless_title':
   user        => 'user_one',
   user_domain => 'domain_one',
   domain      => 'domain_one',
-  roles       => ['admin']
+  roles       => ['admin'],
 }
 
 # this will trigger an error, you need the '::@'
@@ -122,7 +122,7 @@ keystone_user_role { 'meaningless::meaningless':
   user_domain    => 'domain_one',
   project        => 'project_one',
   project_domain => 'domain_one',
-  roles          => ['admin']
+  roles          => ['admin'],
 }
 
 # 2: user role to domain
@@ -131,7 +131,7 @@ keystone_user_role { 'meaningless::@meaningless':
   user        => 'user_one',
   user_domain => 'domain_one',
   domain      => 'project_one',
-  roles       => ['admin']
+  roles       => ['admin'],
 }
 
 # Finally it should be noted that specifying an domain and a project
@@ -141,16 +141,16 @@ keystone_user_role { 'user_one@::domain_one':
   user_domain    => 'domain_one',
   project        => 'project_one',
   project_domain => 'domain_two',
-  roles          => ['admin']
+  roles          => ['admin'],
 }
 # is an error, and will trigger one.
 
 
 # NOTE: for the all examples above to work you have to define:
 keystone_domain { 'domain_one':
-  ensure => present
+  ensure => present,
 }
 
 keystone_domain { 'domain_two':
-  ensure => present
+  ensure => present,
 }

manifests/bootstrap.pp

@@ -91,10 +91,10 @@ class keystone::bootstrap (
     default => $internal_url
   }
 
-  if defined('$::keystone::keystone_user') {
+  if defined('$keystone::keystone_user') {
-    $keystone_user = $::keystone::keystone_user
+    $keystone_user = $keystone::keystone_user
   } else {
-    $keystone_user = $::keystone::params::user
+    $keystone_user = $keystone::params::user
   }
 
   if $bootstrap {

manifests/cron/fernet_rotate.pp

@@ -51,7 +51,7 @@
 #
 # [*user*]
 #   (Optional) Allow to run the crontab on behalf any user.
-#   Defaults to $::keystone::params::user
+#   Defaults to $keystone::params::user
 #
 class keystone::cron::fernet_rotate (
   Enum['present', 'absent'] $ensure = present,
@@ -61,7 +61,7 @@ class keystone::cron::fernet_rotate (
   $month                            = '*',
   $weekday                          = '*',
   Integer[0] $maxdelay              = 0,
-  $user                             = $::keystone::params::user,
+  $user                             = $keystone::params::user,
 ) inherits keystone::params {
 
   include keystone::deps

manifests/cron/trust_flush.pp

@@ -58,7 +58,7 @@
 #
 # [*user*]
 #   (Optional) Allow to run the crontab on behalf any user.
-#   Defaults to $::keystone::params::user
+#   Defaults to $keystone::params::user
 #
 class keystone::cron::trust_flush (
   Enum['present', 'absent'] $ensure = present,
@@ -70,7 +70,7 @@ class keystone::cron::trust_flush (
   Integer[0] $maxdelay              = 0,
   Integer[0] $age                   = 0,
   $destination                      = '/var/log/keystone/keystone-trustflush.log',
-  $user                             = $::keystone::params::user,
+  $user                             = $keystone::params::user,
 ) inherits keystone::params {
 
   include keystone::deps

manifests/db/sync.pp

@@ -12,7 +12,7 @@
 #
 # [*keystone_user*]
 #   (Optional) Specify the keystone system user to be used with keystone-manage.
-#   Defaults to $::keystone::params::user
+#   Defaults to $keystone::params::user
 #
 # [*db_sync_timeout*]
 #   (Optional) Timeout for the execution of the db_sync
@@ -20,7 +20,7 @@
 #
 class keystone::db::sync(
   $extra_params    = undef,
-  $keystone_user   = $::keystone::params::user,
+  $keystone_user   = $keystone::params::user,
   $db_sync_timeout = 300,
 ) inherits keystone::params {
 
@@ -41,6 +41,6 @@ class keystone::db::sync(
       Anchor['keystone::dbsync::begin']
     ],
     notify      => Anchor['keystone::dbsync::end'],
-    tag         => ['keystone-exec', 'openstack-db']
+    tag         => ['keystone-exec', 'openstack-db'],
   }
 }

manifests/federation/identity_provider.pp

@@ -61,7 +61,7 @@
 #
 # [*user*]
 #  (Optional) User with access to keystone files. (string value)
-#  Defaults to $::keystone::params::user.
+#  Defaults to $keystone::params::user.
 #
 # [*package_ensure*]
 #   (optional) Desired ensure state of packages.
@@ -84,7 +84,7 @@ class keystone::federation::identity_provider(
   Stdlib::Absolutepath $idp_metadata_path,
   $certfile                      = $facts['os_service_default'],
   $keyfile                       = $facts['os_service_default'],
-  $user                          = $::keystone::params::user,
+  $user                          = $keystone::params::user,
   $idp_organization_name         = $facts['os_service_default'],
   $idp_organization_display_name = $facts['os_service_default'],
   $idp_organization_url          = $facts['os_service_default'],
@@ -99,7 +99,7 @@ class keystone::federation::identity_provider(
 
   include keystone::deps
 
-  if $::keystone::service_name != 'httpd' {
+  if $keystone::service_name != 'httpd' {
     fail ('Keystone need to be running under Apache for Federation work.')
   }
 
@@ -144,7 +144,7 @@ class keystone::federation::identity_provider(
   }
 
   file { $idp_metadata_path:
-    ensure => present,
+    ensure => file,
     mode   => '0600',
     owner  => $user,
   }

manifests/federation/shibboleth.pp

@@ -96,7 +96,7 @@ Apache + Shibboleth SP setups, where a REMOTE_USER env variable is always set, e
         warning('The platform is not officially supported, use at your own risk.  Check manifest documentation for more.')
         apache::mod { 'shib2':
           id   => 'mod_shib',
-          path => '/usr/lib64/shibboleth/mod_shib_24.so'
+          path => '/usr/lib64/shibboleth/mod_shib_24.so',
         }
 
         apache::vhost::fragment { 'configure_shibboleth_keystone':

manifests/init.pp

@@ -234,7 +234,7 @@
 #   web service.  After calling class {'keystone'...}
 #   use class { 'keystone::wsgi::apache'...} to make keystone be
 #   a web app using apache mod_wsgi.
-#   Defaults to '$::keystone::params::service_name'
+#   Defaults to '$keystone::params::service_name'
 #
 # [*max_token_size*]
 #   (Optional) maximum allowable Keystone token size
@@ -344,11 +344,11 @@
 #
 # [*keystone_user*]
 #   (Optional) Specify the keystone system user to be used with keystone-manage.
-#   Defaults to $::keystone::params::user
+#   Defaults to $keystone::params::user
 #
 # [*keystone_group*]
 #   (Optional) Specify the keystone system group to be used with keystone-manage.
-#   Defaults to $::keystone::params::group
+#   Defaults to $keystone::params::group
 #
 # [*manage_policyrcd*]
 #   (Optional) Whether to manage the policy-rc.d on debian based systems to
@@ -441,7 +441,7 @@ class keystone(
   $control_exchange                               = $facts['os_service_default'],
   $executor_thread_pool_size                      = $facts['os_service_default'],
   $rpc_response_timeout                           = $facts['os_service_default'],
-  $service_name                                   = $::keystone::params::service_name,
+  $service_name                                   = $keystone::params::service_name,
   $max_token_size                                 = $facts['os_service_default'],
   $list_limit                                     = $facts['os_service_default'],
   $max_db_limit                                   = $facts['os_service_default'],
@@ -458,8 +458,8 @@ class keystone(
   $policy_driver                                  = $facts['os_service_default'],
   Boolean $using_domain_config                    = false,
   Stdlib::Absolutepath $domain_config_directory   = '/etc/keystone/domains',
-  $keystone_user                                  = $::keystone::params::user,
+  $keystone_user                                  = $keystone::params::user,
-  $keystone_group                                 = $::keystone::params::group,
+  $keystone_group                                 = $keystone::params::group,
   Boolean $manage_policyrcd                       = false,
   $enable_proxy_headers_parsing                   = $facts['os_service_default'],
   $max_request_body_size                          = $facts['os_service_default'],
@@ -493,7 +493,7 @@ class keystone(
   if $manage_package {
     package { 'keystone':
       ensure => $package_ensure,
-      name   => $::keystone::params::package_name,
+      name   => $keystone::params::package_name,
       tag    => ['openstack', 'keystone-package'],
     }
     include openstacklib::openstackclient
@@ -596,13 +596,13 @@ class keystone(
     }
 
     case $service_name {
-      $::keystone::params::service_name: {
+      $keystone::params::service_name: {
         if $facts['os']['name'] != 'Debian' {
           # TODO(tkajinam): Make this hard-fail
           warning('Keystone under Eventlet is no longer supported by this operating system')
         }
 
-        $service_name_real = $::keystone::params::service_name
+        $service_name_real = $keystone::params::service_name
 
         service { 'keystone':
           ensure     => $service_ensure,
@@ -618,13 +618,13 @@ class keystone(
       }
       'httpd': {
         include apache::params
-        $service_name_real = $::apache::params::service_name
+        $service_name_real = $apache::params::service_name
         Service <| title == 'httpd' |> { tag +> 'keystone-service' }
 
         if $facts['os']['name'] == 'Debian' {
           service { 'keystone':
             ensure => 'stopped',
-            name   => $::keystone::params::service_name,
+            name   => $keystone::params::service_name,
             enable => false,
             tag    => 'keystone-service',
           }

manifests/ldap.pp

@@ -305,7 +305,7 @@ class keystone::ldap(
 
   if ! is_service_default($tls_cacertdir) {
     file { $tls_cacertdir:
-      ensure => directory
+      ensure => directory,
     }
   }
 

manifests/ldap_backend.pp

@@ -311,7 +311,7 @@ define keystone::ldap_backend(
     fail('The keystone class should be included before this class')
   }
 
-  if ! $::keystone::using_domain_config {
+  if ! $keystone::using_domain_config {
     fail('Domain specific drivers are not enabled. Set keystone::using_domain_config to true.')
   }
 
@@ -330,10 +330,10 @@ define keystone::ldap_backend(
   }
 
   file { "${keystone::domain_config_directory}/keystone.${domain}.conf":
-    ensure  => 'present',
+    ensure  => file,
     mode    => '0640',
     owner   => 'root',
-    group   => $::keystone::params::group,
+    group   => $keystone::params::group,
     require => Anchor['keystone::config::begin'],
     before  => Anchor['keystone::config::end']
   }
@@ -395,7 +395,7 @@ define keystone::ldap_backend(
     keystone_domain { $domain :
       ensure  => 'present',
       enabled => true,
-      tag     => 'domain-specific-ldap'
+      tag     => 'domain-specific-ldap',
     }
     Keystone_domain[$domain] ~> Exec<| title == 'restart_keystone' |>
   }

manifests/policy.pp

@@ -62,7 +62,7 @@ class keystone::policy (
     policies     => $policies,
     policy_path  => $policy_path,
     file_user    => 'root',
-    file_group   => $::keystone::params::group,
+    file_group   => $keystone::params::group,
     file_format  => 'yaml',
     purge_config => $purge_config,
   }

manifests/resource/authtoken.pp

@@ -292,7 +292,7 @@ define keystone::resource::authtoken(
     if $manage_memcache_package {
       ensure_packages('python-memcache', {
         ensure => present,
-        name   => $::keystone::params::python_memcache_package_name,
+        name   => $keystone::params::python_memcache_package_name,
         tag    => ['openstack'],
       })
     }

manifests/wsgi/apache.pp

@@ -190,11 +190,11 @@ class keystone::wsgi::apache (
     servername                  => $servername,
     bind_host                   => $bind_host,
     bind_port                   => $port,
-    group                       => $::keystone::params::group,
+    group                       => $keystone::params::group,
     path                        => $path,
     workers                     => $workers,
     threads                     => $threads,
-    user                        => $::keystone::params::user,
+    user                        => $keystone::params::user,
     priority                    => $priority,
     ssl                         => $ssl,
     ssl_cert                    => $ssl_cert,
@@ -207,7 +207,7 @@ class keystone::wsgi::apache (
     wsgi_daemon_process         => 'keystone',
     wsgi_process_display_name   => $wsgi_process_display_name,
     wsgi_process_group          => 'keystone',
-    wsgi_script_dir             => $::keystone::params::keystone_wsgi_script_path,
+    wsgi_script_dir             => $keystone::params::keystone_wsgi_script_path,
     wsgi_script_file            => 'keystone',
     wsgi_script_source          => $wsgi_script_source,
     wsgi_application_group      => $wsgi_application_group,

spec/classes/keystone_federation_identity_provider_spec.rb

@@ -55,7 +55,7 @@ describe 'keystone::federation::identity_provider' do
       )}
 
       it { is_expected.to contain_file("#{params[:idp_metadata_path]}").with(
-        :ensure => 'present',
+        :ensure => 'file',
         :mode   => '0600',
         :owner  => 'keystone',
       )}

spec/defines/keystone_ldap_backend_spec.rb

@@ -76,7 +76,7 @@ describe 'keystone::ldap_backend' do
         }
         it 'should prepare the config file' do
           is_expected.to contain_file('/etc/keystone/domains/keystone.Default.conf').with(
-            :ensure => 'present',
+            :ensure => 'file',
             :mode   => '0640',
             :owner  => 'root',
             :group  => 'keystone'