address pdk validation warnings

puppetlabs · h0tw1r3 · Dec 19, 2023 · Oct 8, 2023 · Dec 19, 2023 · Dec 19, 2023
commit 0f8b4f07566609c4acaff52a9c0d9badc1811378
@@ -63,6 +63,6 @@ def attempt_connection
     end
   rescue StandardError => e
     log_error(e.message)
-    return false
+    false
   end
 end
@@ -1,12 +1,12 @@
 # Private class. Grant read permissions to $database_read_only_username by default, for new tables created by
 # $database_username.
-define puppetdb::database::default_read_grant(
+define puppetdb::database::default_read_grant (
   String $database_name,
   String $schema,
   String $database_username,
   String $database_read_only_username,
 ) {
-  postgresql_psql {"grant default select permission for ${database_read_only_username}":
+  postgresql_psql { "grant default select permission for ${database_read_only_username}":
     db      => $database_name,
     command => "ALTER DEFAULT PRIVILEGES
                   FOR USER \"${database_username}\"
@@ -23,7 +23,7 @@
                 AND nspname = '${schema}'",
   }
 
-  postgresql_psql {"grant default usage permission for ${database_read_only_username}":
+  postgresql_psql { "grant default usage permission for ${database_read_only_username}":
     db      => $database_name,
     command => "ALTER DEFAULT PRIVILEGES
                   FOR USER \"${database_username}\"
@@ -40,7 +40,7 @@
                 AND nspname = '${schema}'",
   }
 
-  postgresql_psql {"grant default execute permission for ${database_read_only_username}":
+  postgresql_psql { "grant default execute permission for ${database_read_only_username}":
     db      => $database_name,
     command => "ALTER DEFAULT PRIVILEGES
                   FOR USER \"${database_username}\"

@@ -19,14 +19,13 @@
   $read_database_password      = $puppetdb::params::read_database_password,
   $read_database_host          = $puppetdb::params::read_database_host
 ) inherits puppetdb::params {
-
   if $manage_server {
-    class { '::postgresql::globals':
+    class { 'postgresql::globals':
       manage_package_repo => $manage_package_repo,
       version             => $postgres_version,
     }
     # get the pg server up and running
-    class { '::postgresql::server':
+    class { 'postgresql::server':
       ip_mask_allow_all_users => '0.0.0.0/0',
       listen_addresses        => $listen_addresses,
       port                    => scanf($database_port, '%i')[0],
@@ -35,7 +34,7 @@
     # We need to create the ssl connection for the read user, when
     # manage_database is set to true, or when read_database_host is defined.
     # Otherwise we don't create it.
-    if $manage_database or $read_database_host != undef{
+    if $manage_database or $read_database_host != undef {
       $create_read_user_rule = true
     } else {
       $create_read_user_rule = false
@@ -52,15 +51,14 @@
         postgresql_ssl_key_path     => $postgresql_ssl_key_path,
         postgresql_ssl_cert_path    => $postgresql_ssl_cert_path,
         postgresql_ssl_ca_cert_path => $postgresql_ssl_ca_cert_path,
-        create_read_user_rule       => $create_read_user_rule
+        create_read_user_rule       => $create_read_user_rule,
       }
     }
 
     # Only install pg_trgm extension, if database it is actually managed by the module
     if $manage_database {
-
       # get the pg contrib to use pg_trgm extension
-      class { '::postgresql::server::contrib': }
+      class { 'postgresql::server::contrib': }
 
       postgresql::server::extension { 'pg_trgm':
         database => $database_name,
@@ -97,7 +95,7 @@
       read_database_username => $read_database_username,
       database_name          => $database_name,
       password_hash          => postgresql::postgresql_password($read_database_username, $read_database_password),
-      database_owner         => $database_username
+      database_owner         => $database_username,
     }
 
     -> postgresql_psql { "grant ${read_database_username} role to ${database_username}":

@@ -13,7 +13,7 @@
     address     => '0.0.0.0/0',
     auth_method => 'cert',
     order       => 0,
-    auth_option => "map=${identity_map_key} clientcert=1"
+    auth_option => "map=${identity_map_key} clientcert=1",
   }
 
   postgresql::server::pg_hba_rule { "Allow certificate mapped connections to ${database_name} as ${database_username} (ipv6)":
@@ -23,7 +23,7 @@
     address     => '::0/0',
     auth_method => 'cert',
     order       => 0,
-    auth_option => "map=${identity_map_key} clientcert=1"
+    auth_option => "map=${identity_map_key} clientcert=1",
   }
 
   postgresql::server::pg_ident_rule { "Map the SSL certificate of the server as a ${database_username} user":

@@ -31,25 +31,25 @@
   postgresql::server::config_entry { 'ssl':
     ensure  => present,
     value   => 'on',
-    require => [File['postgres private key'], File['postgres public key']]
+    require => [File['postgres private key'], File['postgres public key']],
   }
 
   postgresql::server::config_entry { 'ssl_cert_file':
     ensure  => present,
     value   => "${postgresql::server::datadir}/server.crt",
-    require => [File['postgres private key'], File['postgres public key']]
+    require => [File['postgres private key'], File['postgres public key']],
   }
 
   postgresql::server::config_entry { 'ssl_key_file':
     ensure  => present,
     value   => "${postgresql::server::datadir}/server.key",
-    require => [File['postgres private key'], File['postgres public key']]
+    require => [File['postgres private key'], File['postgres public key']],
   }
 
   postgresql::server::config_entry { 'ssl_ca_file':
     ensure  => present,
     value   => $postgresql_ssl_ca_cert_path,
-    require => [File['postgres private key'], File['postgres public key']]
+    require => [File['postgres private key'], File['postgres public key']],
   }
 
   puppetdb::database::postgresql_ssl_rules { "Configure postgresql ssl rules for ${database_username}":

@@ -3,10 +3,8 @@
   $version                      = 'present',
   $database                     = 'postgres',
   Stdlib::Absolutepath $puppet_confdir = $settings::confdir,
-  ) {
-
+) {
   if !(fact('os.family') in ['RedHat', 'Suse', 'Archlinux', 'Debian', 'OpenBSD', 'FreeBSD']) {
     fail("${module_name} does not support your osfamily ${fact('os.family')}")
   }
-
 }
@@ -91,8 +91,7 @@
   Integer[1] $dlo_max_age                  = $puppetdb::params::dlo_max_age,
   Optional[Stdlib::Absolutepath] $java_bin = $puppetdb::params::java_bin,
 ) inherits puppetdb::params {
-
-  class { '::puppetdb::server':
+  class { 'puppetdb::server':
     listen_address                    => $listen_address,
     listen_port                       => $listen_port,
     disable_cleartext                 => $disable_cleartext,
@@ -176,14 +175,15 @@
   }
 
   if ($database == 'postgres') {
-
     $database_before = str2bool($database_validate) ? {
-      false => Class['::puppetdb::server'],
-      default => [Class['::puppetdb::server'],
-                  Class['::puppetdb::server::validate_db']],
+      false => Class['puppetdb::server'],
+      default => [
+        Class['puppetdb::server'],
+        Class['puppetdb::server::validate_db']
+      ],
     }
 
-    class { '::puppetdb::database::postgresql':
+    class { 'puppetdb::database::postgresql':
       listen_addresses            => $database_listen_address,
       database_name               => $database_name,
       puppetdb_server             => $puppetdb_server,
@@ -201,7 +201,7 @@
       read_database_username      => $read_database_username,
       read_database_password      => $read_database_password,
       read_database_host          => $read_database_host,
-      before                      => $database_before
+      before                      => $database_before,
     }
   }
 }
@@ -2,14 +2,14 @@
 class puppetdb::master::config (
   $puppetdb_server             = fact('networking.fqdn'),
   $puppetdb_port               = defined(Class['puppetdb']) ? {
-    true    => $::puppetdb::disable_ssl ? {
+    true    => $puppetdb::disable_ssl ? {
       true => 8080,
       default => 8081,
     },
     default => 8081,
   },
   $puppetdb_disable_ssl        = defined(Class['puppetdb']) ? {
-    true    => $::puppetdb::disable_ssl,
+    true    => $puppetdb::disable_ssl,
     default => false,
   },
   $masterless                  = $puppetdb::params::masterless,
@@ -30,7 +30,6 @@
   $test_url                    = $puppetdb::params::test_url,
   $restart_puppet              = true,
 ) inherits puppetdb::params {
-
   # **WARNING**: Ugly hack to work around a yum bug with metadata parsing. This
   # should not be copied, replicated or even looked at. In short, never rename
   # your packages...
@@ -66,7 +65,6 @@
   }
 
   if ($strict_validation) {
-
     # Validate the puppetdb connection.  If we can't connect to puppetdb then we
     # *must* not perform the other configuration steps, or else
 
@@ -192,5 +190,4 @@
       Class['puppetdb::master::report_processor'] ~> Service[$puppet_service_name]
     }
   }
-
 }
@@ -12,8 +12,7 @@
     /(puppetdb-terminus)/ => true,
     default               => false,
   },
-  ) inherits puppetdb::params {
-
+) inherits puppetdb::params {
   Ini_setting {
     ensure  => present,
     section => 'main',

@@ -5,7 +5,6 @@
   $masterless  = $puppetdb::params::masterless,
   $enable      = false
 ) inherits puppetdb::params {
-
   if $masterless {
     $puppet_conf_section = 'main'
   } else {

@@ -5,7 +5,6 @@
   $masterless     = $puppetdb::params::masterless,
   $routes         = undef,
 ) inherits puppetdb::params {
-
   if $masterless {
     $routes_real = {
       'apply' => {
@@ -16,8 +15,8 @@
         'facts'   => {
           'terminus' => 'facter',
           'cache'    => 'puppetdb_apply',
-        }
-      }
+        },
+      },
     }
   } elsif $routes {
     $routes_real = $routes
@@ -32,8 +31,8 @@
         'facts' => {
           'terminus' => 'puppetdb',
           'cache'    => $default_fact_cache,
-        }
-      }
+        },
+      },
     }
   }
 

@@ -5,7 +5,6 @@
   $masterless  = $puppetdb::params::masterless,
   $enable      = true,
 ) inherits puppetdb::params {
-
   if $masterless {
     $puppet_conf_section = 'main'
   } else {

@@ -208,7 +208,7 @@
 
   $certificate_whitelist_file = "${etcdir}/certificate-whitelist"
   # the default is free access for now
-  $certificate_whitelist      = [ ]
+  $certificate_whitelist      = []
   # change to this to only allow access by the puppet master by default:
   #$certificate_whitelist      = [ $::servername ]
 

@@ -81,7 +81,6 @@
   Integer[1] $dlo_max_age                  = $puppetdb::params::dlo_max_age,
   Optional[Stdlib::Absolutepath] $java_bin = $puppetdb::params::java_bin,
 ) inherits puppetdb::params {
-
   # Apply necessary suffix if zero is specified.
   # Can we drop this in the next major release?
   if $node_ttl == '0' {
@@ -263,21 +262,21 @@
 
   if $postgresql_ssl_on {
     exec { $ssl_key_pk8_path:
-      path    => [ '/opt/puppetlabs/puppet/bin', $facts['path'] ],
+      path    => ['/opt/puppetlabs/puppet/bin', $facts['path']],
       command => "openssl pkcs8 -topk8 -inform PEM -outform DER -in ${ssl_key_path} -out ${ssl_key_pk8_path} -nocrypt",
       # Generate a .pk8 key if one doesn't exist or is older than the .pem input.
       # NOTE: bash file time checks, like -ot, can't always discern sub-second
       # differences.
       onlyif  => "test ! -e '${ssl_key_pk8_path}' -o '${ssl_key_pk8_path}' -ot '${ssl_key_path}'",
-      before  => File[$ssl_key_pk8_path]
+      before  => File[$ssl_key_pk8_path],
     }
 
     file { $ssl_key_pk8_path:
-      ensure => present,
+      ensure => file,
       owner  => $puppetdb_user,
       group  => $puppetdb_group,
       mode   => '0600',
-      notify => Service[$puppetdb_service]
+      notify => Service[$puppetdb_service],
     }
   }
 
@@ -324,7 +323,7 @@
             setting           => 'JAVA_ARGS',
             require           => Package[$puppetdb_package],
             notify            => Service[$puppetdb_service],
-          }))
+      }))
     } else {
       ini_setting { 'java_args':
         ensure  => present,
@@ -357,14 +356,14 @@
       # https://puppet.com/docs/puppetdb/5.2/maintain_and_tune.html#clean-up-the-dead-letter-office
       systemd::unit_file { 'puppetdb-dlo-cleanup.service':
         content => epp("${module_name}/puppetdb-DLO-cleanup.service.epp", {
-          'puppetdb_user'  => $puppetdb_user,
-          'puppetdb_group' => $puppetdb_group,
-          'vardir'         => $vardir,
-          'dlo_max_age'    => $dlo_max_age
+            'puppetdb_user'  => $puppetdb_user,
+            'puppetdb_group' => $puppetdb_group,
+            'vardir'         => $vardir,
+            'dlo_max_age'    => $dlo_max_age
         }),
       }
       -> systemd::unit_file { 'puppetdb-dlo-cleanup.timer':
-        content => epp("${module_name}/puppetdb-DLO-cleanup.timer.epp", {'cleanup_timer_interval' => $cleanup_timer_interval }),
+        content => epp("${module_name}/puppetdb-DLO-cleanup.timer.epp", { 'cleanup_timer_interval' => $cleanup_timer_interval }),
         enable  => true,
         active  => true,
       }

@@ -6,7 +6,6 @@
   $temp_usage        = $puppetdb::params::temp_usage,
   $confdir           = $puppetdb::params::confdir,
 ) inherits puppetdb::params {
-
   $config_ini = "${confdir}/config.ini"
 
   # Set the defaults