Merge pull request #1110 from puppetlabs/CONT-352-Syntax_update

david22swan · web-flow · commit 9a7de7f56598 · 2023-03-08T09:57:19.000Z
(CONT-352) Syntax update
diff --git a/.puppet-lint.rc b/.puppet-lint.rc
@@ -1,5 +1 @@
 --relative
---no-relative_classname_inclusion-check
---no-parameter_types-check
---no-top_scope_facts-check
---no-legacy_facts-check
diff --git a/.sync.yml b/.sync.yml
@@ -32,9 +32,3 @@ spec/spec_helper.rb:
 .travis.yml:
   delete: true
 changelog_since_tag: 'v3.0.0'
-Rakefile:
-  extra_disabled_lint_checks:
-    - relative_classname_inclusion
-    - parameter_types
-    - top_scope_facts
-    - legacy_facts
diff --git a/Rakefile b/Rakefile
@@ -42,10 +42,6 @@ def changelog_future_release
 end
 
 PuppetLint.configuration.send('disable_relative')
-PuppetLint.configuration.send('disable_relative_classname_inclusion')
-PuppetLint.configuration.send('disable_parameter_types')
-PuppetLint.configuration.send('disable_top_scope_facts')
-PuppetLint.configuration.send('disable_legacy_facts')
 
 
 if Bundler.rubygems.find_name('github_changelog_generator').any?
diff --git a/manifests/init.pp b/manifests/init.pp
@@ -16,7 +16,7 @@
 #   Controls the state of the ipv6 iptables service on your system. Valid options: 'running' or 'stopped'.
 #
 # @param pkg_ensure
-#   Controls the state of the iptables package on your system. Valid options: 'present' or 'latest'.
+#   Controls the state of the iptables package on your system. Valid options: 'present', 'installed' or 'latest'.
 #
 # @param service_name
 #   Specify the name of the IPv4 iptables service.
@@ -31,14 +31,14 @@
 #   Controls whether puppet manages the ebtables package or not. If managed, the package will use the value of pkg_ensure.
 #
 class firewall (
-  $ensure          = running,
-  $ensure_v6       = undef,
-  $pkg_ensure      = present,
-  $service_name    = $firewall::params::service_name,
-  $service_name_v6 = $firewall::params::service_name_v6,
-  $package_name    = $firewall::params::package_name,
-  $ebtables_manage = false,
-) inherits ::firewall::params {
+  Enum[running, stopped, 'running', 'stopped']                       $ensure          = running,
+  Optional[Enum[running, stopped, 'running', 'stopped']]             $ensure_v6       = undef,
+  Enum[present, installed, latest, 'present', 'installed', 'latest'] $pkg_ensure      = present,
+  Variant[String[1], Array[String[1]]]                               $service_name    = $firewall::params::service_name,
+  Optional[String[1]]                                                $service_name_v6 = $firewall::params::service_name_v6,
+  Optional[Variant[String[1], Array[String[1]]]]                     $package_name    = $firewall::params::package_name,
+  Boolean                                                            $ebtables_manage = false,
+) inherits firewall::params {
   $_ensure_v6 = pick($ensure_v6, $ensure)
 
   case $ensure {
@@ -61,7 +61,7 @@
     }
   }
 
-  case $::kernel {
+  case $facts['kernel'] {
     'Linux': {
       class { "${title}::linux":
         ensure          => $ensure,
@@ -77,7 +77,7 @@
     'FreeBSD', 'windows': {
     }
     default: {
-      fail("${title}: Kernel '${::kernel}' is not currently supported")
+      fail("${title}: Kernel '${facts['kernel']}' is not currently supported")
     }
   }
 }
diff --git a/manifests/linux.pp b/manifests/linux.pp
@@ -7,7 +7,7 @@
 #   Controls the state of the ipv6 iptables service on your system. Valid options: 'running' or 'stopped'. Defaults to 'running'.
 #
 # @param pkg_ensure
-#   Controls the state of the iptables package on your system. Valid options: 'installed' or 'latest'. Defaults to 'latest'.
+#   Controls the state of the iptables package on your system. Valid options: 'present', 'installed' or 'latest'. Defaults to 'latest'.
 #
 # @param service_name
 #   Specify the name of the IPv4 iptables service. Defaults defined in firewall::params.
@@ -24,15 +24,15 @@
 # @api private
 #
 class firewall::linux (
-  $ensure          = running,
-  $ensure_v6       = undef,
-  $pkg_ensure      = installed,
-  $service_name    = $firewall::params::service_name,
-  $service_name_v6 = $firewall::params::service_name_v6,
-  $package_name    = $firewall::params::package_name,
-  $ebtables_manage = false,
-  $iptables_name   = $firewall::params::iptables_name,
-) inherits ::firewall::params {
+  Enum[running, stopped, 'running', 'stopped']                       $ensure          = running,
+  Optional[Enum[running, stopped, 'running', 'stopped']]             $ensure_v6       = undef,
+  Enum[present, installed, latest, 'present', 'installed', 'latest'] $pkg_ensure      = installed,
+  Variant[String[1], Array[String[1]]]                               $service_name    = $firewall::params::service_name,
+  Optional[String[1]]                                                $service_name_v6 = $firewall::params::service_name_v6,
+  Optional[Variant[String[1], Array[String[1]]]]                     $package_name    = $firewall::params::package_name,
+  Boolean                                                            $ebtables_manage = false,
+  String[1]                                                          $iptables_name   = $firewall::params::iptables_name,
+) inherits firewall::params {
   $enable = $ensure ? {
     'running' => true,
     'stopped' => false,
@@ -56,7 +56,7 @@
     }
   }
 
-  case $::operatingsystem {
+  case $facts['os']['name'] {
     'RedHat', 'CentOS', 'Fedora', 'Scientific', 'SL', 'SLC', 'Ascendos',
     'CloudLinux', 'PSBM', 'OracleLinux', 'OVS', 'OEL', 'Amazon', 'XenServer',
     'VirtuozzoLinux', 'Rocky', 'AlmaLinux': {
diff --git a/manifests/linux/archlinux.pp b/manifests/linux/archlinux.pp
@@ -19,12 +19,12 @@
 # @api private
 #
 class firewall::linux::archlinux (
-  $ensure         = 'running',
-  $enable         = true,
-  $service_name   = $firewall::params::service_name,
-  $package_name   = $firewall::params::package_name,
-  $package_ensure = $firewall::params::package_ensure,
-) inherits ::firewall::params {
+  Enum[running, stopped, 'running', 'stopped']   $ensure         = 'running',
+  Variant[Boolean, String[1]]                    $enable         = true,
+  Variant[String[1], Array[String[1]]]           $service_name   = $firewall::params::service_name,
+  Optional[Variant[String[1], Array[String[1]]]] $package_name   = $firewall::params::package_name,
+  Enum[present, latest, 'present', 'latest']     $package_ensure = $firewall::params::package_ensure,
+) inherits firewall::params {
   if $package_name {
     package { $package_name:
       ensure => $package_ensure,
diff --git a/manifests/linux/debian.pp b/manifests/linux/debian.pp
@@ -19,12 +19,12 @@
 # @api private
 #
 class firewall::linux::debian (
-  $ensure         = running,
-  $enable         = true,
-  $service_name   = $firewall::params::service_name,
-  $package_name   = $firewall::params::package_name,
-  $package_ensure = $firewall::params::package_ensure,
-) inherits ::firewall::params {
+  Enum[running, stopped, 'running', 'stopped']   $ensure         = running,
+  Variant[Boolean, String[1]]                    $enable         = true,
+  Variant[String[1], Array[String[1]]]           $service_name   = $firewall::params::service_name,
+  Optional[Variant[String[1], Array[String[1]]]] $package_name   = $firewall::params::package_name,
+  Enum[present, latest, 'present', 'latest']     $package_ensure = $firewall::params::package_ensure,
+) inherits firewall::params {
   if $package_name {
     ensure_packages([$package_name], {
         ensure  => $package_ensure
diff --git a/manifests/linux/gentoo.pp b/manifests/linux/gentoo.pp
@@ -19,12 +19,12 @@
 # @api private
 #
 class firewall::linux::gentoo (
-  $ensure         = 'running',
-  $enable         = true,
-  $service_name   = $firewall::params::service_name,
-  $package_name   = $firewall::params::package_name,
-  $package_ensure = $firewall::params::package_ensure,
-) inherits ::firewall::params {
+  Enum[running, stopped, 'running', 'stopped']   $ensure         = running,
+  Variant[Boolean, String[1]]                    $enable         = true,
+  Variant[String[1], Array[String[1]]]           $service_name   = $firewall::params::service_name,
+  Optional[Variant[String[1], Array[String[1]]]] $package_name   = $firewall::params::package_name,
+  Enum[present, latest, 'present', 'latest']     $package_ensure = $firewall::params::package_ensure,
+) inherits firewall::params {
   if $package_name {
     package { $package_name:
       ensure => $package_ensure,
diff --git a/manifests/linux/redhat.pp b/manifests/linux/redhat.pp
@@ -32,24 +32,24 @@
 # @api private
 #
 class firewall::linux::redhat (
-  $ensure           = running,
-  $ensure_v6        = undef,
-  $enable           = true,
-  $enable_v6        = undef,
-  $service_name     = $firewall::params::service_name,
-  $service_name_v6  = $firewall::params::service_name_v6,
-  $package_name     = $firewall::params::package_name,
-  $package_ensure   = $firewall::params::package_ensure,
-  $sysconfig_manage = $firewall::params::sysconfig_manage,
-  $firewalld_manage = $firewall::params::firewalld_manage,
-) inherits ::firewall::params {
+  Enum[running, stopped, 'running', 'stopped']           $ensure           = running,
+  Optional[Enum[running, stopped, 'running', 'stopped']] $ensure_v6        = undef,
+  Variant[Boolean, String[1]]                            $enable           = true,
+  Optional[Variant[Boolean, String[1]]]                  $enable_v6        = undef,
+  Variant[String[1], Array[String[1]]]                   $service_name     = $firewall::params::service_name,
+  Optional[String[1]]                                    $service_name_v6  = $firewall::params::service_name_v6,
+  Optional[Variant[String[1], Array[String[1]]]]         $package_name     = $firewall::params::package_name,
+  Enum[present, latest, 'present', 'latest']             $package_ensure   = $firewall::params::package_ensure,
+  Boolean                                                $sysconfig_manage = $firewall::params::sysconfig_manage,
+  Boolean                                                $firewalld_manage = $firewall::params::firewalld_manage,
+) inherits firewall::params {
   $_ensure_v6 = pick($ensure_v6, $ensure)
   $_enable_v6 = pick($enable_v6, $enable)
 
   # RHEL 7 / CentOS 7 and later and Fedora 15 and later require the iptables-services
   # package, which provides the /usr/libexec/iptables/iptables.init used by
   # lib/puppet/util/firewall.rb.
-  if ($::operatingsystem != 'Amazon') {
+  if ($facts['os']['name'] != 'Amazon') {
     if $firewalld_manage {
       service { 'firewalld':
         ensure => stopped,
@@ -72,7 +72,7 @@
     )
   }
 
-  if ($::operatingsystem != 'Amazon') {
+  if ($facts['os']['name'] != 'Amazon') {
     if $ensure == 'running' {
       $running_command = ['/usr/bin/systemctl', 'daemon-reload']
 
@@ -86,8 +86,8 @@
     }
   }
 
-  if ($::operatingsystem == 'Amazon') and (versioncmp($::operatingsystemmajrelease, '4') >= 0)
-  or ($::operatingsystem == 'Amazon') and (versioncmp($::operatingsystemmajrelease, '2') >= 0) {
+  if ($facts['os']['name'] == 'Amazon') and (versioncmp($facts['os']['release']['major'], '4') >= 0)
+  or ($facts['os']['name'] == 'Amazon') and (versioncmp($facts['os']['release']['major'], '2') >= 0) {
     service { $service_name:
       ensure    => $ensure,
       enable    => $enable,
@@ -135,12 +135,12 @@
 
     # Redhat 7 selinux user context for /etc/sysconfig/iptables is set to system_u
     # Redhat 7 selinux type context for /etc/sysconfig/iptables is set to system_conf_t
-    case $::selinux {
+    case $facts['os']['selinux']['enabled'] {
       #lint:ignore:quoted_booleans
       'true',true: {
-        case $::operatingsystem {
+        case $facts['os']['name'] {
           'CentOS': {
-            case $::operatingsystemrelease {
+            case $facts['os']['release']['full'] {
               /^6\..*/: {
                 $seluser = 'unconfined_u'
                 $seltype = 'system_conf_t'
diff --git a/manifests/params.pp b/manifests/params.pp
@@ -4,9 +4,9 @@
 #
 class firewall::params {
   $package_ensure = 'present'
-  case $::osfamily {
+  case $facts['os']['family'] {
     'RedHat': {
-      case $::operatingsystem {
+      case $facts['os']['name'] {
         'Amazon': {
           $service_name = 'iptables'
           $service_name_v6 = 'ip6tables'
@@ -18,7 +18,7 @@
         'Fedora': {
           $service_name = 'iptables'
           $service_name_v6 = 'ip6tables'
-          if versioncmp($::operatingsystemrelease, '34') >= 0 {
+          if versioncmp($facts['os']['release']['full'], '34') >= 0 {
             $package_name = 'iptables-services'
             $iptables_name = 'iptables-compat'
           } else {
@@ -29,21 +29,21 @@
           $firewalld_manage = true
         }
         default: {
-          if versioncmp($::operatingsystemrelease, '9') >= 0 {
+          if versioncmp($facts['os']['release']['full'], '9') >= 0 {
             $service_name = ['nftables','iptables']
             $service_name_v6 = 'ip6tables'
             $package_name = ['iptables-services', 'nftables', 'iptables-nft-services']
             $iptables_name = 'iptables-nft'
             $sysconfig_manage = false
             $firewalld_manage = false
-          } elsif versioncmp($::operatingsystemrelease, '8.0') >= 0 {
+          } elsif versioncmp($facts['os']['release']['full'], '8.0') >= 0 {
             $service_name = ['iptables', 'nftables']
             $service_name_v6 = 'ip6tables'
             $package_name = ['iptables-services', 'nftables']
             $iptables_name = 'iptables'
             $sysconfig_manage = false
             $firewalld_manage = true
-          } elsif versioncmp($::operatingsystemrelease, '7.0') >= 0 {
+          } elsif versioncmp($facts['os']['release']['full'], '7.0') >= 0 {
             $service_name = 'iptables'
             $service_name_v6 = 'ip6tables'
             $package_name = 'iptables-services'
@@ -64,12 +64,12 @@
     'Debian': {
       $service_name_v6 = undef
       $iptables_name = 'iptables'
-      case $::operatingsystem {
+      case $facts['os']['name'] {
         'Debian': {
-          if versioncmp($::operatingsystemrelease, 'unstable') >= 0 {
+          if versioncmp($facts['os']['release']['full'], 'unstable') >= 0 {
             $service_name = 'netfilter-persistent'
             $package_name = 'netfilter-persistent'
-          } elsif versioncmp($::operatingsystemrelease, '8.0') >= 0 {
+          } elsif versioncmp($facts['os']['release']['full'], '8.0') >= 0 {
             $service_name = 'netfilter-persistent'
             $package_name = 'iptables-persistent'
           } else {
@@ -78,7 +78,7 @@
           }
         }
         'Ubuntu': {
-          if versioncmp($::operatingsystemrelease, '14.10') >= 0 {
+          if versioncmp($facts['os']['release']['full'], '14.10') >= 0 {
             $service_name = 'netfilter-persistent'
             $package_name = 'iptables-persistent'
           } else {
@@ -100,7 +100,7 @@
     default: {
       $iptables_name = 'iptables'
       $service_name_v6 = undef
-      case $::operatingsystem {
+      case $facts['os']['name'] {
         'Archlinux': {
           $service_name = ['iptables','ip6tables']
           $package_name = undef
diff --git a/spec/spec_helper_local.rb b/spec/spec_helper_local.rb
@@ -33,9 +33,11 @@ def with_debian_facts
   let :facts do
     {
       kernel: 'Linux',
-      operatingsystem: 'Debian',
-      operatingsystemrelease: '8.0',
-      osfamily: 'Debian',
+      os: {
+        name: 'Debian',
+        release: { full: '8.0' },
+        family: 'Debian',
+      },
     }
   end
 end
diff --git a/spec/unit/classes/firewall_linux_archlinux_spec.rb b/spec/unit/classes/firewall_linux_archlinux_spec.rb
@@ -5,8 +5,10 @@
 describe 'firewall::linux::archlinux', type: :class do
   let(:facts) do
     {
-      osfamily: 'Archlinux',
-      operatingsystem: 'Archlinux',
+      os: {
+        family: 'ArchLinux',
+        name: 'ArchLinux',
+      },
     }
   end
 
diff --git a/spec/unit/classes/firewall_linux_debian_spec.rb b/spec/unit/classes/firewall_linux_debian_spec.rb
diff --git a/spec/unit/classes/firewall_linux_redhat_spec.rb b/spec/unit/classes/firewall_linux_redhat_spec.rb
diff --git a/spec/unit/classes/firewall_linux_spec.rb b/spec/unit/classes/firewall_linux_spec.rb

Original file line number	Diff line number	Diff line change
`@@ -16,7 +16,7 @@`
`16`	`16`	`# Controls the state of the ipv6 iptables service on your system. Valid options: 'running' or 'stopped'.`
`17`	`17`	`#`
`18`	`18`	`# @param pkg_ensure`
`19`		`-# Controls the state of the iptables package on your system. Valid options: 'present' or 'latest'.`
	`19`	`+# Controls the state of the iptables package on your system. Valid options: 'present', 'installed' or 'latest'.`
`20`	`20`	`#`
`21`	`21`	`# @param service_name`
`22`	`22`	`# Specify the name of the IPv4 iptables service.`
`@@ -31,14 +31,14 @@`
`31`	`31`	`# Controls whether puppet manages the ebtables package or not. If managed, the package will use the value of pkg_ensure.`
`32`	`32`	`#`
`33`	`33`	`class firewall (`
`34`		`- $ensure = running,`
`35`		`- $ensure_v6 = undef,`
`36`		`- $pkg_ensure = present,`
`37`		`- $service_name = $firewall::params::service_name,`
`38`		`- $service_name_v6 = $firewall::params::service_name_v6,`
`39`		`- $package_name = $firewall::params::package_name,`
`40`		`- $ebtables_manage = false,`
`41`		`-) inherits ::firewall::params {`
	`34`	`+ Enum[running, stopped, 'running', 'stopped'] $ensure = running,`
	`35`	`+ Optional[Enum[running, stopped, 'running', 'stopped']] $ensure_v6 = undef,`
	`36`	`+ Enum[present, installed, latest, 'present', 'installed', 'latest'] $pkg_ensure = present,`
	`37`	`+ Variant[String[1], Array[String[1]]] $service_name = $firewall::params::service_name,`
	`38`	`+ Optional[String[1]] $service_name_v6 = $firewall::params::service_name_v6,`
	`39`	`+ Optional[Variant[String[1], Array[String[1]]]] $package_name = $firewall::params::package_name,`
	`40`	`+ Boolean $ebtables_manage = false,`
	`41`	`+) inherits firewall::params {`
`42`	`42`	`$_ensure_v6 = pick($ensure_v6, $ensure)`
`43`	`43`
`44`	`44`	`case $ensure {`
`@@ -61,7 +61,7 @@`
`61`	`61`	`}`
`62`	`62`	`}`
`63`	`63`
`64`		`- case $::kernel {`
	`64`	`+ case $facts['kernel'] {`
`65`	`65`	`'Linux': {`
`66`	`66`	`class { "${title}::linux":`
`67`	`67`	`ensure => $ensure,`
`@@ -77,7 +77,7 @@`
`77`	`77`	`'FreeBSD', 'windows': {`
`78`	`78`	`}`
`79`	`79`	`default: {`
`80`		`- fail("${title}: Kernel '${::kernel}' is not currently supported")`
	`80`	`+ fail("${title}: Kernel '${facts['kernel']}' is not currently supported")`
`81`	`81`	`}`
`82`	`82`	`}`
`83`	`83`	`}`