replace validate_legacy

the validate_legacy function is marked for deprecation in
v9.0.0 from puppetlabs-stdlib.

Change-Id: I920294342c9c2c0567796f345cbfa9e39bb1f1d3

lib/puppet/functions/validate_tempauth_account.rb

@@ -0,0 +1,44 @@
+Puppet::Functions.create_function(:validate_tempauth_account) do
+  def validate_tempauth_account(*args)
+    if args.size > 1
+      raise Puppet::Error, "validate_tempauth_account takes only a single argument, #{args.size} provided"
+    end
+    arg = args[0]
+
+    if not arg.kind_of?(Hash)
+      raise Puppet::Error, "non-hash argument provided to validate_tempauth_account"
+    end
+
+    ['user', 'account', 'key'].each do |key|
+      if arg.has_key?(key)
+        key_real = key
+      elsif arg.has_key?(key.to_sym)
+        key_real = key.to_sym
+      else
+        raise Puppet::Error, "The required key #{key} is missing"
+      end
+
+      if not arg[key_real].kind_of?(String)
+        raise Puppet::Error, "The key #{key} is not a string value"
+      end
+
+      if arg[key_real].length == 0
+        raise Puppet::Error, "The key #{key} is empty"
+      end
+    end
+
+    ['groups'].each do |key|
+      if arg.has_key?(key)
+        key_real = key
+      elsif arg.has_key?(key.to_sym)
+        key_real = key.to_sym
+      else
+        raise Puppet::Error, "The required key #{key} is missing"
+      end
+
+      if not arg[key_real].kind_of?(Array)
+        raise Puppet::Error, "The key #{key} is not an array value"
+      end
+    end
+  end
+end

manifests/config.pp

@@ -46,25 +46,17 @@
 #   The value is an hash of swift_internal_client_config resources.
 #
 class swift::config (
-  $swift_config                       = {},
+  Hash $swift_config                       = {},
-  $swift_container_sync_realms_config = {},
+  Hash $swift_container_sync_realms_config = {},
-  $swift_proxy_config                 = {},
+  Hash $swift_proxy_config                 = {},
-  $swift_account_config               = {},
+  Hash $swift_account_config               = {},
-  $swift_container_config             = {},
+  Hash $swift_container_config             = {},
-  $swift_object_config                = {},
+  Hash $swift_object_config                = {},
-  $swift_internal_client_config       = {},
+  Hash $swift_internal_client_config       = {},
 ) {
 
   include swift::deps
 
-  validate_legacy(Hash, 'validate_hash', $swift_config)
-  validate_legacy(Hash, 'validate_hash', $swift_container_sync_realms_config)
-  validate_legacy(Hash, 'validate_hash', $swift_proxy_config)
-  validate_legacy(Hash, 'validate_hash', $swift_account_config)
-  validate_legacy(Hash, 'validate_hash', $swift_container_config)
-  validate_legacy(Hash, 'validate_hash', $swift_object_config)
-  validate_legacy(Hash, 'validate_hash', $swift_internal_client_config)
-
   create_resources('swift_config', $swift_config)
   create_resources('swift_container_sync_realms_config', $swift_container_sync_realms_config)
   create_resources('swift_proxy_config', $swift_proxy_config)

manifests/containerreconciler.pp

@@ -75,19 +75,19 @@
 #   Defaults to $facts['os_service_default']
 #
 class swift::containerreconciler(
-  $manage_service     = true,
+  Boolean $manage_service     = true,
-  $enabled            = true,
+  Boolean $enabled            = true,
-  $package_ensure     = 'present',
+  $package_ensure             = 'present',
-  $pipeline           = ['catch_errors', 'proxy-logging', 'proxy-server'],
+  Swift::Pipeline $pipeline   = ['catch_errors', 'proxy-logging', 'proxy-server'],
-  $interval           = $facts['os_service_default'],
+  $interval                   = $facts['os_service_default'],
-  $reclaim_age        = $facts['os_service_default'],
+  $reclaim_age                = $facts['os_service_default'],
-  $request_tries      = $facts['os_service_default'],
+  $request_tries              = $facts['os_service_default'],
-  $service_provider   = $::swift::params::service_provider,
+  $service_provider           = $::swift::params::service_provider,
-  $memcache_servers   = ['127.0.0.1:11211'],
+  $memcache_servers           = ['127.0.0.1:11211'],
-  $cache_tls_enabled  = false,
+  $cache_tls_enabled          = false,
-  $cache_tls_cafile   = $facts['os_service_default'],
+  $cache_tls_cafile           = $facts['os_service_default'],
-  $cache_tls_certfile = $facts['os_service_default'],
+  $cache_tls_certfile         = $facts['os_service_default'],
-  $cache_tls_keyfile  = $facts['os_service_default'],
+  $cache_tls_keyfile          = $facts['os_service_default'],
 ) inherits swift::params {
 
   include swift::deps

manifests/internal_client.pp

@@ -47,7 +47,7 @@
 #
 class swift::internal_client (
   $user                      = $::swift::params::user,
-  $pipeline                  = ['catch_errors', 'proxy-logging', 'cache', 'proxy-server'],
+  Swift::Pipeline $pipeline  = ['catch_errors', 'proxy-logging', 'cache', 'proxy-server'],
   $object_chunk_size         = $facts['os_service_default'],
   $client_chunk_size         = $facts['os_service_default'],
   $read_affinity             = undef,
@@ -60,9 +60,7 @@ class swift::internal_client (
 
   include swift::deps
 
-  validate_legacy(Array, 'validate_array', $pipeline)
+  if $pipeline[-1] != 'proxy-server' {
-
-  if empty($pipeline) or $pipeline[-1] != 'proxy-server' {
     fail('proxy-server must be the last element in pipeline')
   }
 

manifests/proxy.pp

@@ -157,46 +157,42 @@
 #
 class swift::proxy(
   $proxy_local_net_ip,
-  $port                       = '8080',
+  $port                             = '8080',
-  $pipeline                   = [
+  Swift::Pipeline $pipeline         = [
     'catch_errors', 'gatekeeper', 'healthcheck', 'proxy-logging', 'cache',
     'listing_formats', 'tempauth', 'copy', 'proxy-logging', 'proxy-server'],
-  $workers                    = $facts['os_workers'],
+  $workers                          = $facts['os_workers'],
-  $allow_account_management   = true,
+  Boolean $allow_account_management = true,
-  $account_autocreate         = true,
+  Boolean $account_autocreate       = true,
-  $log_headers                = 'False',
+  $log_headers                      = 'False',
-  $log_udp_host               = undef,
+  $log_udp_host                     = undef,
-  $log_udp_port               = undef,
+  $log_udp_port                     = undef,
-  $log_address                = '/dev/log',
+  $log_address                      = '/dev/log',
-  $log_level                  = 'INFO',
+  $log_level                        = 'INFO',
-  $log_facility               = 'LOG_LOCAL2',
+  $log_facility                     = 'LOG_LOCAL2',
-  $log_handoffs               = $facts['os_service_default'],
+  $log_handoffs                     = $facts['os_service_default'],
-  $log_name                   = 'proxy-server',
+  $log_name                         = 'proxy-server',
-  $cors_allow_origin          = undef,
+  $cors_allow_origin                = undef,
-  $strict_cors_mode           = true,
+  $strict_cors_mode                 = true,
-  $object_chunk_size          = $facts['os_service_default'],
+  $object_chunk_size                = $facts['os_service_default'],
-  $client_chunk_size          = $facts['os_service_default'],
+  $client_chunk_size                = $facts['os_service_default'],
-  $max_containers_per_account = $facts['os_service_default'],
+  $max_containers_per_account       = $facts['os_service_default'],
-  $max_containers_whitelist   = $facts['os_service_default'],
+  $max_containers_whitelist         = $facts['os_service_default'],
-  $read_affinity              = undef,
+  $read_affinity                    = undef,
-  $write_affinity             = undef,
+  $write_affinity                   = undef,
-  $write_affinity_node_count  = $facts['os_service_default'],
+  $write_affinity_node_count        = $facts['os_service_default'],
-  $client_timeout             = $facts['os_service_default'],
+  $client_timeout                   = $facts['os_service_default'],
-  $node_timeout               = $facts['os_service_default'],
+  $node_timeout                     = $facts['os_service_default'],
-  $recoverable_node_timeout   = $facts['os_service_default'],
+  $recoverable_node_timeout         = $facts['os_service_default'],
-  $manage_service             = true,
+  Boolean $manage_service           = true,
-  $enabled                    = true,
+  Boolean $enabled                  = true,
-  $package_ensure             = 'present',
+  $package_ensure                   = 'present',
-  $service_provider           = $::swift::params::service_provider,
+  $service_provider                 = $::swift::params::service_provider,
-  $purge_config               = false,
+  $purge_config                     = false,
 ) inherits swift::params {
 
   include swift::deps
 
-  validate_legacy(Boolean, 'validate_bool', $account_autocreate)
-  validate_legacy(Boolean, 'validate_bool', $allow_account_management)
-  validate_legacy(Array, 'validate_array', $pipeline)
-
   if (!is_service_default($write_affinity_node_count) and !$write_affinity) {
     fail('Usage of write_affinity_node_count requires write_affinity to be set')
   }
@@ -211,7 +207,7 @@ class swift::proxy(
     warning('no auth type provided in the pipeline')
   }
 
-  if empty($pipeline) or $pipeline[-1] != 'proxy-server' {
+  if $pipeline[-1] != 'proxy-server' {
     fail('proxy-server must be the last element in pipeline')
   }
 

manifests/proxy/ratelimit.pp

@@ -48,20 +48,17 @@
 # Copyright 2012 eNovance licensing@enovance.com
 #
 class swift::proxy::ratelimit(
-  $clock_accuracy              = $facts['os_service_default'],
+  $clock_accuracy                   = $facts['os_service_default'],
-  $max_sleep_time_seconds      = $facts['os_service_default'],
+  $max_sleep_time_seconds           = $facts['os_service_default'],
-  $log_sleep_time_seconds      = $facts['os_service_default'],
+  $log_sleep_time_seconds           = $facts['os_service_default'],
-  $rate_buffer_seconds         = $facts['os_service_default'],
+  $rate_buffer_seconds              = $facts['os_service_default'],
-  $account_ratelimit           = $facts['os_service_default'],
+  $account_ratelimit                = $facts['os_service_default'],
-  $container_ratelimit         = {},
+  Hash $container_ratelimit         = {},
-  $container_listing_ratelimit = {},
+  Hash $container_listing_ratelimit = {},
 ) {
 
   include swift::deps
 
-  validate_legacy(Hash, 'validate_hash', $container_ratelimit)
-  validate_legacy(Hash, 'validate_hash', $container_listing_ratelimit)
-
   swift_proxy_config {
     'filter:ratelimit/use':                    value => 'egg:swift#ratelimit';
     'filter:ratelimit/clock_accuracy':         value => $clock_accuracy;

manifests/proxy/tempauth.pp

@@ -66,7 +66,7 @@
 #   Guilherme Maluf Balzana <guimalufb@gmail.com>
 #
 class swift::proxy::tempauth (
-  $account_user_list  = [
+  Array[Hash] $account_user_list                                 = [
     {
       'user'    => 'admin',
       'account' => 'admin',
@@ -74,41 +74,21 @@ class swift::proxy::tempauth (
       'groups'  => [ 'admin', 'reseller_admin' ],
     },
   ],
-  $reseller_prefix    = undef,
+  Optional[String[1]] $reseller_prefix                           = undef,
-  $auth_prefix        = undef,
+  Optional[Pattern[/\/(.*)+\//]] $auth_prefix                    = undef,
-  $token_life         = undef,
+  Optional[Integer[0]] $token_life                               = undef,
-  $allow_overrides    = undef,
+  Optional[Boolean] $allow_overrides                             = undef,
-  $storage_url_scheme = undef,
+  Optional[Enum['http', 'https', 'default']] $storage_url_scheme = undef,
 ) {
 
   include swift::deps
 
-  validate_legacy(Array, 'validate_array', $account_user_list)
-
   if ($reseller_prefix) {
-    validate_legacy(String, 'validate_string', $reseller_prefix)
     $reseller_prefix_upcase = upcase($reseller_prefix)
   } else {
     $reseller_prefix_upcase = $reseller_prefix
   }
 
-  if ($token_life) {
-    validate_legacy(Integer, 'validate_integer', $token_life)
-  }
-
-  if ($auth_prefix) {
-    validate_legacy(Pattern[/\/(.*)+\//], 'validate_re', $auth_prefix, ['\/(.*)+\/'])
-  }
-
-  if ($allow_overrides) {
-    validate_legacy(Boolean, 'validate_bool', $allow_overrides)
-  }
-
-  if ($storage_url_scheme) {
-    validate_legacy(Enum['http', 'https', 'default'], 'validate_re',
-      $storage_url_scheme, [['http', 'https', 'default']])
-  }
-
   swift_proxy_config {
     'filter:tempauth/use':                value => 'egg:swift#tempauth';
     'filter:tempauth/reseller_prefix':    value => $reseller_prefix_upcase;
@@ -123,7 +103,7 @@ class swift::proxy::tempauth (
   # account_data is an array with each element containing a single account string:
   # ex [user_<account>_<user>, <key> .<group1> .<groupx>]
   $account_user_list.each |$account_user| {
-    validate_legacy(Array, 'validate_array', $account_user['groups'])
+    validate_tempauth_account($account_user)
 
     $account_base = "user_${account_user['account']}_${account_user['user']}, ${account_user['key']}"
     $groups = empty($account_user) ? {

manifests/ringbuilder/create.pp

@@ -1,10 +1,13 @@
+# == Class: swift::ringbuilder::create
+#
 # Creates a swift ring using ringbuilder.
 # It creates the associated ring file as /etc/swift/${name}.builder
 # It will not create a ring if the file already exists.
 #
 # == Parameters
 #
-#  [*name*] The type of ring to create. Accepts object|container|account
+#  [*ring_type*]
+#    Optional. The type of ring to create. Accepts object|container|account
 #  [*part_power*] Number of partitions in the ring. (specified as the power of 2)
 #    Optional. Defaults to 18 (2^18)
 #  [*replicas*] Number of replicas to store.
@@ -33,24 +36,20 @@
 # Copyright 2011 Puppetlabs Inc, unless otherwise noted.
 #
 define swift::ringbuilder::create(
-  $part_power     = 18,
+  Swift::RingType $ring_type = $name,
-  $replicas       = 3,
+  $part_power                = 18,
-  $min_part_hours = 24,
+  $replicas                  = 3,
-  $user           = 'root'
+  $min_part_hours            = 24,
+  $user                      = 'root'
 ) {
 
   include swift::deps
 
-  validate_legacy(
+  exec { "create_${ring_type}":
-    Pattern[/^(object(-(\d)+)?|container|account)$/], 'validate_re', $name,
+    command => "swift-ring-builder /etc/swift/${ring_type}.builder create ${part_power} ${replicas} ${min_part_hours}",
-    ['^(object(-(\d)+)?|container|account)$']
-  )
-
-  exec { "create_${name}":
-    command => "swift-ring-builder /etc/swift/${name}.builder create ${part_power} ${replicas} ${min_part_hours}",
     path    => ['/usr/bin'],
     user    => $user,
-    creates => "/etc/swift/${name}.builder",
+    creates => "/etc/swift/${ring_type}.builder",
     before  => Anchor['swift::config::end'],
   }
 

manifests/ringbuilder/policy_ring.pp

@@ -1,18 +1,26 @@
 # Used to build an additional object ring for a storage policy.
 # The namevar/name of this class must be an integer.
 #
-#
 # Specifies the following relationship:
 #  Rings should be created before any devices are added to them
 #  Rings should be rebalanced if anything changes
-# == Parameters
-#  [*title*] required. Title must be a positive integer. Title of this class
-#  is used to denote the storage policy ID for the object ring.
 #
-#  [*part_power*] The total number of partitions that should exist in the ring.
+# == Parameters
+#  [*policy_id*]
+#    (required) The id must be a positive integer. This is used to denote
+#    the storage policy ID for the object ring.
+#    Defaults to $name
+#
+#  [*part_power*]
+#    (optional) The total number of partitions that should exist in the ring.
 #    This is expressed as a power of 2.
-#  [*replicas*] Number of replicas that should be maintained of each stored object.
+#
-#  [*min_part_hours*] Minimum amount of time before partitions can be moved.
+#  [*replicas*]
+#    (optional) Number of replicas that should be maintained of each stored
+#    object.
+#
+#  [*min_part_hours*]
+#    (optional) Minimum amount of time before partitions can be moved.
 #
 # == Dependencies
 #
@@ -30,20 +38,19 @@
 # Copyright 2011 Puppetlabs Inc, unless otherwise noted.
 #
 define swift::ringbuilder::policy_ring(
-  $part_power     = undef,
+  Pattern[/^\d+$/] $policy_id = $name,
-  $replicas       = undef,
+  $part_power                 = undef,
-  $min_part_hours = undef,
+  $replicas                   = undef,
+  $min_part_hours             = undef,
 ) {
 
-  validate_legacy(Pattern[/^\d+$/], 'validate_re', $title, ['^\d+$'])
-
   include swift::deps
-  Class['swift'] -> Swift::Ringbuilder::Policy_ring[$title]
+  Class['swift'] -> Swift::Ringbuilder::Policy_ring[$policy_id]
 
-  if $title == '0' {
+  if $policy_id == '0' {
     $ring_builder = 'object'
   } else {
-    $ring_builder = "object-${title}"
+    $ring_builder = "object-${policy_id}"
   }
 
   swift::ringbuilder::create{ $ring_builder :

manifests/ringbuilder/rebalance.pp

@@ -1,30 +1,26 @@
-# Swift::Ring::Rebalance
+# == Class: swift::ringbuilder::rebalance
+#
 #   Reblances the specified ring. Assumes that the ring already exists
 #   and is stored at /etc/swift/${name}.builder
 #
 # == Parameters
 #
-# [*name*] Type of ring to rebalance. The ring file is assumed to be at the path
+# [*ring_type*]
-#   /etc/swift/${name}.builder
+#   Optional. Type of ring to rebalance. The ring file is assumed to be at
+#   the path /etc/swift/${ring_type}.builder
+#
+# [*seed*]
+#   Optional. Seed value used to seed pythons pseudo-random for ringbuilding.
 #
-# [*seed*] Optional. Seed value used to seed pythons pseudo-random for ringbuilding.
 define swift::ringbuilder::rebalance(
-  $seed = undef
+  Swift::RingType $ring_type                            = $name,
+  Optional[Variant[Integer[0], Pattern[/^\d+$/]]] $seed = undef
 ) {
 
   include swift::deps
 
-  validate_legacy(
+  exec { "rebalance_${ring_type}":
-    Pattern[/^(object(-(\d)+)?|container|account)$/], 'validate_re', $name,
+    command     => strip("swift-ring-builder /etc/swift/${ring_type}.builder rebalance ${seed}"),
-    ['^(object(-(\d)+)?|container|account)$']
-  )
-
-  if $seed and !($seed =~ Integer) {
-    validate_legacy(Pattern[/^\d+$/], 'validate_re', $seed, ['^\d+$'])
-  }
-
-  exec { "rebalance_${name}":
-    command     => strip("swift-ring-builder /etc/swift/${name}.builder rebalance ${seed}"),
     path        => ['/usr/bin'],
     refreshonly => true,
     before      => Anchor['swift::config::end'],

manifests/ringsync.pp

@@ -2,16 +2,19 @@
 #
 # [*ring_server*]
 #   (required) IP or hostname of ring servers
+# [*ring_type*]
+#   (optional) The type of ring to create. Accepts object|container|account
 #
 define swift::ringsync(
-  $ring_server
+  String[1] $ring_server,
+  Swift::RingType $ring_type = $name,
 ) {
 
   include swift::deps
 
   Exec { path => '/usr/bin' }
 
-  rsync::get { "/etc/swift/${name}.ring.gz":
+  rsync::get { "/etc/swift/${ring_type}.ring.gz":
-    source  => "rsync://${ring_server}/swift_server/${name}.ring.gz",
+    source  => "rsync://${ring_server}/swift_server/${ring_type}.ring.gz",
   }
 }

manifests/storage/drive_audit.pp

@@ -89,7 +89,7 @@
 # [*regex_pattern*]
 #   (Optional) Regular expression patterns to be used to locate device blocks
 #   with errors in the log file.
-#   Defaults to $facts['os_service_default'].
+#   Defaults to {}
 #
 #  [*purge_config*]
 #   (Optional) Whether to set only the specified config options in the drive
@@ -98,36 +98,34 @@
 #
 class swift::storage::drive_audit(
   # cron options
-  $user                  = $::swift::params::user,
+  $user                                     = $::swift::params::user,
-  $minute                = 1,
+  $minute                                   = 1,
-  $hour                  = 0,
+  $hour                                     = 0,
-  $monthday              = '*',
+  $monthday                                 = '*',
-  $month                 = '*',
+  $month                                    = '*',
-  $weekday               = '*',
+  $weekday                                  = '*',
-  $maxdelay              = 0,
+  $maxdelay                                 = 0,
   # drive-audit.conf options
-  $log_facility          = 'LOG_LOCAL2',
+  $log_facility                             = 'LOG_LOCAL2',
-  $log_level             = 'INFO',
+  $log_level                                = 'INFO',
-  $log_address           = '/dev/log',
+  $log_address                              = '/dev/log',
-  $log_name              = 'drive-audit',
+  $log_name                                 = 'drive-audit',
-  $log_udp_host          = undef,
+  $log_udp_host                             = undef,
-  $log_udp_port          = undef,
+  $log_udp_port                             = undef,
-  $device_dir            = '/srv/node',
+  $device_dir                               = '/srv/node',
-  $minutes               = $facts['os_service_default'],
+  $minutes                                  = $facts['os_service_default'],
-  $error_limit           = $facts['os_service_default'],
+  $error_limit                              = $facts['os_service_default'],
-  $recon_cache_path      = $facts['os_service_default'],
+  $recon_cache_path                         = $facts['os_service_default'],
-  $log_file_pattern      = $facts['os_service_default'],
+  $log_file_pattern                         = $facts['os_service_default'],
-  $log_file_encoding     = $facts['os_service_default'],
+  $log_file_encoding                        = $facts['os_service_default'],
-  $log_to_console        = $facts['os_service_default'],
+  $log_to_console                           = $facts['os_service_default'],
-  $unmount_failed_device = $facts['os_service_default'],
+  $unmount_failed_device                    = $facts['os_service_default'],
-  $regex_pattern         = {},
+  Hash[String[1], String[1]] $regex_pattern = {},
-  $purge_config          = false,
+  $purge_config                             = false,
 ) inherits swift::params {
 
   include swift::deps
 
-  validate_legacy(Hash, 'validate_hash', $regex_pattern)
-
   resources { 'swift_drive_audit_config':
     purge => $purge_config,
   }

manifests/storage/generic.pp

@@ -2,6 +2,9 @@
 # needed to deploy each type of storage server.
 #
 # == Parameters
+#  [*type*]
+#    (optional) The type of device, e.g. account, object, or container.
+#
 #  [*enabled*]
 #    (optional) Should the service be enabled to start
 #    at boot. Defaults to true
@@ -31,28 +34,26 @@
 #  Requires Class[swift::storage]
 #
 define swift::storage::generic(
-  $manage_service   = true,
+  Swift::StorageServerType $type = $name,
-  $enabled          = true,
+  Boolean $manage_service        = true,
-  $package_ensure   = 'present',
+  Boolean $enabled               = true,
-  $config_file_name = "${name}-server.conf",
+  $package_ensure                = 'present',
-  $service_provider = $::swift::params::service_provider
+  $config_file_name              = "${name}-server.conf",
+  $service_provider              = $::swift::params::service_provider
 ) {
 
   include swift::deps
   include swift::params
 
-  Class['swift::storage'] -> Swift::Storage::Generic[$name]
+  Class['swift::storage'] -> Swift::Storage::Generic[$type]
 
-  validate_legacy(Enum['object', 'container', 'account'], 'validate_re',
+  package { "swift-${type}":
-    $name, ['^object|container|account$'])
-
-  package { "swift-${name}":
     ensure => $package_ensure,
-    name   => getvar("::swift::params::${name}_package_name"),
+    name   => getvar("::swift::params::${type}_package_name"),
     tag    => ['openstack', 'swift-package'],
   }
 
-  file { "/etc/swift/${name}-server/":
+  file { "/etc/swift/${type}-server/":
     ensure  => directory,
     owner   => $::swift::params::user,
     group   => $::swift::params::group,
@@ -67,24 +68,24 @@ define swift::storage::generic(
       $service_ensure = 'stopped'
     }
 
-    swift::service { "swift-${name}-server":
+    swift::service { "swift-${type}-server":
-      os_family_service_name => getvar("::swift::params::${name}_server_service_name"),
+      os_family_service_name => getvar("::swift::params::${type}_server_service_name"),
       service_ensure         => $service_ensure,
       enabled                => $enabled,
       config_file_name       => $config_file_name,
       service_provider       => $service_provider,
     }
 
-    swift::service { "swift-${name}-replicator":
+    swift::service { "swift-${type}-replicator":
-      os_family_service_name => getvar("::swift::params::${name}_replicator_service_name"),
+      os_family_service_name => getvar("::swift::params::${type}_replicator_service_name"),
       service_ensure         => $service_ensure,
       enabled                => $enabled,
       config_file_name       => $config_file_name,
       service_provider       => $service_provider,
     }
 
-    swift::service { "swift-${name}-auditor":
+    swift::service { "swift-${type}-auditor":
-      os_family_service_name => getvar("::swift::params::${name}_auditor_service_name"),
+      os_family_service_name => getvar("::swift::params::${type}_auditor_service_name"),
       service_ensure         => $service_ensure,
       enabled                => $enabled,
       config_file_name       => $config_file_name,

manifests/storage/mount.pp

@@ -23,9 +23,9 @@
 #
 define swift::storage::mount(
   $device,
-  $mnt_base_dir = '/srv/node',
+  Stdlib::Absolutepath $mnt_base_dir = '/srv/node',
-  $loopback     = false,
+  Boolean $loopback                  = false,
-  $fstype       = 'xfs'
+  String[1] $fstype                  = 'xfs'
 ) {
 
   include swift::deps

manifests/storage/node.pp

@@ -43,7 +43,7 @@
 #    Defaults to undef
 define swift::storage::node(
   $mnt_base_dir,
-  $zone,
+  Variant[Integer, Pattern[/^\d+$/]] $zone,
   $weight               = 1,
   $owner                = undef,
   $group                = undef,
@@ -54,11 +54,6 @@ define swift::storage::node(
 
   include swift::deps
 
-  if ! $zone =~ Integer {
-    validate_legacy(Pattern[/^\d+$/], 'validate_re', $zone,
-      ['^\d+$', 'The zone parameter must be an integer'])
-  }
-
   Swift::Storage::Server {
     storage_local_net_ip => $storage_local_net_ip,
     devices              => $mnt_base_dir,

manifests/storage/server.pp

@@ -4,16 +4,17 @@
 #
 # === Parameters:
 #
-# [*title*] The port the server will be exposed to
-#   Mandatory. Usually 6000, 6001 and 6002 for respectively
-#   object, container and account.
-#
 # [*type*]
 #   (required) The type of device, e.g. account, object, or container.
 #
 # [*storage_local_net_ip*]
 #   (required) This is the ip that the storage service will bind to when it starts.
 #
+# [*bind_port*]
+#   (optional) The port the server will be exposed to Usually 6000, 6001 and
+#   6002 for respectively object, container and account.
+#   Defaults to $name
+#
 # [*devices*]
 #   (optional) The directory where the physical storage device will be mounted.
 #   Defaults to '/srv/node'.
@@ -224,58 +225,59 @@
 #   Default to $facts['os_service_default'].
 #
 define swift::storage::server(
-  $type,
+  Swift::StorageServerType $type,
   $storage_local_net_ip,
-  $devices                        = '/srv/node',
+  Pattern[/^\d+$/] $bind_port                            = $name,
-  $rsync_module_per_device        = false,
+  $devices                                               = '/srv/node',
-  $device_names                   = [],
+  Boolean $rsync_module_per_device                       = false,
-  $owner                          = undef,
+  Array[String[1]] $device_names                         = [],
-  $group                          = undef,
+  $owner                                                 = undef,
-  $max_connections                = 25,
+  $group                                                 = undef,
-  $hosts_allow                    = undef,
+  $max_connections                                       = 25,
-  $hosts_deny                     = undef,
+  $hosts_allow                                           = undef,
-  $incoming_chmod                 = 'Du=rwx,g=rx,o=rx,Fu=rw,g=r,o=r',
+  $hosts_deny                                            = undef,
-  $outgoing_chmod                 = 'Du=rwx,g=rx,o=rx,Fu=rw,g=r,o=r',
+  $incoming_chmod                                        = 'Du=rwx,g=rx,o=rx,Fu=rw,g=r,o=r',
-  $pipeline                       = ["${type}-server"],
+  $outgoing_chmod                                        = 'Du=rwx,g=rx,o=rx,Fu=rw,g=r,o=r',
-  $mount_check                    = true,
+  Swift::Pipeline $pipeline                              = ["${type}-server"],
-  $disable_fallocate              = $facts['os_service_default'],
+  $mount_check                                           = true,
-  $fallocate_reserve              = $facts['os_service_default'],
+  $disable_fallocate                                     = $facts['os_service_default'],
-  $server_fallocate_reserve       = $facts['os_service_default'],
+  $fallocate_reserve                                     = $facts['os_service_default'],
-  $servers_per_port               = $facts['os_service_default'],
+  $server_fallocate_reserve                              = $facts['os_service_default'],
-  $user                           = undef,
+  $servers_per_port                                      = $facts['os_service_default'],
-  $workers                        = $facts['os_workers'],
+  $user                                                  = undef,
-  $replicator_concurrency         = 1,
+  $workers                                               = $facts['os_workers'],
-  $replicator_interval            = $facts['os_service_default'],
+  $replicator_concurrency                                = 1,
-  $updater_concurrency            = 1,
+  $replicator_interval                                   = $facts['os_service_default'],
-  $reaper_concurrency             = 1,
+  $updater_concurrency                                   = 1,
-  $log_facility                   = 'LOG_LOCAL2',
+  $reaper_concurrency                                    = 1,
-  $log_level                      = 'INFO',
+  $log_facility                                          = 'LOG_LOCAL2',
-  $log_address                    = '/dev/log',
+  $log_level                                             = 'INFO',
-  $log_name                       = "${type}-server",
+  $log_address                                           = '/dev/log',
-  $log_udp_host                   = undef,
+  $log_name                                              = "${type}-server",
-  $log_udp_port                   = undef,
+  $log_udp_host                                          = undef,
-  $log_requests                   = true,
+  $log_udp_port                                          = undef,
+  $log_requests                                          = true,
   # this parameters needs to be specified after type and name
-  $config_file_path               = "${type}-server.conf",
+  $config_file_path                                      = "${type}-server.conf",
-  $statsd_enabled                 = false,
+  Boolean $statsd_enabled                                = false,
-  $log_statsd_host                = 'localhost',
+  $log_statsd_host                                       = 'localhost',
-  $log_statsd_port                = $facts['os_service_default'],
+  $log_statsd_port                                       = $facts['os_service_default'],
-  $log_statsd_default_sample_rate = $facts['os_service_default'],
+  $log_statsd_default_sample_rate                        = $facts['os_service_default'],
-  $log_statsd_sample_rate_factor  = $facts['os_service_default'],
+  $log_statsd_sample_rate_factor                         = $facts['os_service_default'],
-  $log_statsd_metric_prefix       = $facts['os_service_default'],
+  $log_statsd_metric_prefix                              = $facts['os_service_default'],
-  $network_chunk_size             = $facts['os_service_default'],
+  $network_chunk_size                                    = $facts['os_service_default'],
-  $disk_chunk_size                = $facts['os_service_default'],
+  $disk_chunk_size                                       = $facts['os_service_default'],
-  $client_timeout                 = $facts['os_service_default'],
+  $client_timeout                                        = $facts['os_service_default'],
-  $auditor_disk_chunk_size        = $facts['os_service_default'],
+  $auditor_disk_chunk_size                               = $facts['os_service_default'],
-  $rsync_timeout                  = $facts['os_service_default'],
+  $rsync_timeout                                         = $facts['os_service_default'],
-  $rsync_bwlimit                  = $facts['os_service_default'],
+  $rsync_bwlimit                                         = $facts['os_service_default'],
-  $splice                         = $facts['os_service_default'],
+  Variant[Openstacklib::ServiceDefault, Boolean] $splice = $facts['os_service_default'],
-  $object_server_mb_per_sync      = $facts['os_service_default'],
+  $object_server_mb_per_sync                             = $facts['os_service_default'],
   # These parameters only apply to container-server.conf,
   # and define options for the container-sharder service.
-  $container_sharder_auto_shard   = $facts['os_service_default'],
+  $container_sharder_auto_shard                          = $facts['os_service_default'],
-  $container_sharder_concurrency  = $facts['os_service_default'],
+  $container_sharder_concurrency                         = $facts['os_service_default'],
-  $container_sharder_interval     = $facts['os_service_default'],
+  $container_sharder_interval                            = $facts['os_service_default'],
 ){
 
   include swift::deps
@@ -283,31 +285,17 @@ define swift::storage::server(
 
   $user_real = pick($user, $::swift::params::user)
 
-  # Warn if ${type-server} isn't included in the pipeline
+  # Fail if ${type-server} isn't included in the pipeline
-  $pipeline_array = any2array($pipeline)
+  if $pipeline[-1] != "${type}-server" {
-  if empty($pipeline_array) or $pipeline_array[-1] != "${type}-server" {
     fail("${type}-server must be the last element in pipeline")
   }
 
-
   if ($log_udp_port and !$log_udp_host) {
     fail ('log_udp_port requires log_udp_host to be set')
   }
 
   include "::swift::storage::${type}"
 
-  validate_legacy(Pattern[/^\d+$/], 'validate_re', $name, ['^\d+$'])
-  validate_legacy(Enum['object', 'container', 'account'], 'validate_re',
-    $type, ['^object|container|account$'])
-  validate_legacy(Array, 'validate_array', $pipeline)
-  validate_legacy(Array, 'validate_array', $device_names)
-
-  if ! is_service_default($splice) {
-    validate_legacy(Boolean, 'validate_bool', $splice)
-  }
-
-  $bind_port = $name
-
   # rsync::server should be included before rsync::server::module
   include swift::storage
   if $rsync_module_per_device {
@@ -348,7 +336,6 @@ define swift::storage::server(
 
   $config_file_full_path = "/etc/swift/${config_file_path}"
 
-
   $required_middlewares = split(
     inline_template(
       "<%=

manifests/storage/xfs.pp

@@ -42,12 +42,12 @@
 # it already has an XFS FS, and mounts de FS in /srv/node/sdX
 #
 define swift::storage::xfs(
-  $device            = '',
+  $device                            = '',
-  $byte_size         = '1024',
+  $byte_size                         = '1024',
-  $mnt_base_dir      = '/srv/node',
+  Stdlib::Absolutepath $mnt_base_dir = '/srv/node',
-  $loopback          = false,
+  Boolean $loopback                  = false,
-  $mount_type        = 'path',
+  $mount_type                        = 'path',
-  $manage_filesystem = true,
+  Boolean $manage_filesystem         = true,
 ) {
 
   include swift::deps
@@ -107,6 +107,4 @@ define swift::storage::xfs(
     mnt_base_dir => $mnt_base_dir,
     loopback     => $loopback,
   }
-
-
 }

spec/functions/validate_tempauth_account_spec.rb

@@ -0,0 +1,133 @@
+require 'spec_helper'
+
+describe 'validate_tempauth_account' do
+  it 'exists' do
+    is_expected.not_to eq(nil)
+  end
+
+  it 'works with valid entries (string keys)' do
+    is_expected.to run.with_params({
+      'user'    => 'swiftuser',
+      'account' => 'swiftaccount',
+      'key'     => 'secret',
+      'groups'  => ['swiftgroup'],
+    })
+  end
+
+  it 'works with valid entries (sym keys)' do
+    is_expected.to run.with_params({
+      :user    => 'swiftuser',
+      :account => 'swiftaccount',
+      :key     => 'secret',
+      :groups  => ['swiftgroup'],
+    })
+  end
+
+  it 'throws error with more than one argument' do
+    is_expected.to run.with_params({
+      :user    => 'swiftuser',
+      :account => 'swiftaccount',
+      :key     => 'secret',
+      :groups  => ['swiftgroup'],
+    }, {
+      :user    => 'swiftuser',
+      :account => 'swiftaccount',
+      :key     => 'secret',
+      :groups  => ['swiftgroup'],
+    }).and_raise_error(Puppet::Error)
+  end
+
+  it 'fails with no arguments' do
+    is_expected.to run.with_params.and_raise_error(Puppet::Error)
+  end
+
+  # missing keys
+  it 'fails when user is missing' do
+    is_expected.to run.with_params({
+      :account => 'swiftaccount',
+      :key     => 'secret',
+      :groups  => ['swiftgroup'],
+    }).and_raise_error(Puppet::Error)
+  end
+  it 'fails when account is missing' do
+    is_expected.to run.with_params({
+      :user    => 'swiftuser',
+      :key     => 'secret',
+      :groups  => ['swiftgroup'],
+    }).and_raise_error(Puppet::Error)
+  end
+  it 'fails when key is missing' do
+    is_expected.to run.with_params({
+      :user    => 'swiftuser',
+      :account => 'swiftaccount',
+      :groups  => ['swiftgroup'],
+    }).and_raise_error(Puppet::Error)
+  end
+  it 'fails when groups is missing' do
+    is_expected.to run.with_params({
+      :user    => 'swiftuser',
+      :account => 'swiftaccount',
+      :key     => 'secret',
+    }).and_raise_error(Puppet::Error)
+  end
+
+  # wrong type
+  it 'fails when user is not a string' do
+    is_expected.to run.with_params({
+      :user    => ['swiftuser'],
+      :account => 'swiftaccount',
+      :key     => 'secret',
+      :groups  => ['swiftgroup'],
+    }).and_raise_error(Puppet::Error)
+  end
+  it 'fails when account is not a string' do
+    is_expected.to run.with_params({
+      :user    => 'swiftuser',
+      :account => ['swiftaccount'],
+      :key     => 'secret',
+      :groups  => ['swiftgroup'],
+    }).and_raise_error(Puppet::Error)
+  end
+  it 'fails when key is not a string' do
+    is_expected.to run.with_params({
+      :user    => 'swiftuser',
+      :account => 'swiftaccount',
+      :key     => ['secret'],
+      :groups  => ['swiftgroup'],
+    }).and_raise_error(Puppet::Error)
+  end
+  it 'fails when group is not an array' do
+    is_expected.to run.with_params({
+      :user    => 'swiftuser',
+      :account => 'swiftaccount',
+      :key     => 'secret',
+      :groups  => 'swiftgroup',
+    }).and_raise_error(Puppet::Error)
+  end
+
+  # empty
+  it 'fails when user is empty' do
+    is_expected.to run.with_params({
+      :user    => '',
+      :account => 'swiftaccount',
+      :key     => 'secret',
+      :groups  => ['swiftgroup'],
+    }).and_raise_error(Puppet::Error)
+  end
+  it 'fails when account is empty' do
+    is_expected.to run.with_params({
+      :user    => 'swiftuser',
+      :account => '',
+      :key     => 'secret',
+      :groups  => ['swiftgroup'],
+    }).and_raise_error(Puppet::Error)
+  end
+  it 'fails when key is empty' do
+    is_expected.to run.with_params({
+      :user    => 'swiftuser',
+      :account => 'swiftaccount',
+      :key     => '',
+      :groups  => ['swiftgroup'],
+    }).and_raise_error(Puppet::Error)
+  end
+end

spec/type_aliases/ringtype_spec.rb

@@ -0,0 +1,29 @@
+require 'spec_helper'
+
+describe 'Swift::RingType' do
+  describe 'valid types' do
+    context 'with valid types' do
+      [
+        'account',
+        'container',
+        'object',
+        'object-0',
+        'object-10'
+      ].each do |value|
+        it { is_expected.to allow_value(value) }
+      end
+    end
+  end
+
+  describe 'invalid types' do
+    context 'with invalid types' do
+      [
+        'foo',
+        'object-',
+        'object-a'
+      ].each do |value|
+        it { is_expected.not_to allow_value(value) }
+      end
+    end
+  end
+end

spec/type_aliases/storageservertype_spec.rb

@@ -0,0 +1,27 @@
+require 'spec_helper'
+
+describe 'Swift::StorageServerType' do
+  describe 'valid types' do
+    context 'with valid types' do
+      [
+        'account',
+        'container',
+        'object',
+      ].each do |value|
+        it { is_expected.to allow_value(value) }
+      end
+    end
+  end
+
+  describe 'invalid types' do
+    context 'with invalid types' do
+      [
+        'foo',
+        'object-',
+        'object-0'
+      ].each do |value|
+        it { is_expected.not_to allow_value(value) }
+      end
+    end
+  end
+end

types/pipeline.pp

@@ -0,0 +1 @@
+type Swift::Pipeline = Array[String[1], 1]

types/ringtype.pp

@@ -0,0 +1,8 @@
+type Swift::RingType = Variant[
+  Enum[
+    'account',
+    'container',
+    'object'
+  ],
+  Pattern[/^object-\d+$/]
+]

types/storageservertype.pp

@@ -0,0 +1,5 @@
+type Swift::StorageServerType = Enum[
+  'account',
+  'container',
+  'object'
+]