Prepare for Puppet 7 / stdlib 9

Gemfile

@@ -1,26 +1,18 @@
 source 'https://rubygems.org'
 
-if puppetversion = ENV['PUPPET_GEM_VERSION']
-  gem 'puppet', puppetversion, :require => false
-else
-  gem 'puppet', :require => false
-end
+gem "rake"
+gem "puppet", ENV['PUPPET_VERSION'] || '~> 7.25'
 
-if facterversion = ENV['FACTER_GEM_VERSION']
-  gem 'facter', facterversion, :require => false
-else
-  gem 'facter', :require => false
+group :lint do
+  gem "puppet-lint", "~> 4.0"
+  gem "puppet-syntax", "~> 3.3"
+  gem "metadata-json-lint", "~> 3.0"
 end
 
-group :development, :test do
-  gem 'rake', '< 11',             :require => false
-  # https://github.com/rspec/rspec-core/issues/1864
-  gem 'rspec', '< 3.2.0', {"platforms"=>["ruby_18"]}
-  gem 'puppetlabs_spec_helper',   :require => false
-  gem 'puppet-lint', '>= 1.1.0',  :require => false
-  gem 'puppet-syntax',            :require => false
-  gem 'rspec-puppet', '~> 2.1.0', :require => false
-  gem 'metadata-json-lint',       :require => false
+group :test do
+  gem "rspec-puppet", "~> 3.0"
+  gem "puppetlabs_spec_helper", "~> 6.0.1"
+  gem "semantic_puppet", "~> 1.1.0"
 end
 
 group :beaker do

Rakefile

@@ -2,18 +2,57 @@ require 'puppetlabs_spec_helper/rake_tasks'
 require 'puppet-syntax/tasks/puppet-syntax'
 require 'puppet-lint/tasks/puppet-lint'
 
-PuppetSyntax.exclude_paths = ['spec/fixtures/**/*']
+exclude_paths = [
+  'spec/fixtures/**/*',
+  "pkg/**/*",
+  "vendor/**/*",
+  "spec/**/*",
+]
 
-PuppetLint.configuration.send('disable_class_inherits_from_params_class')
-PuppetLint.configuration.send('disable_80chars')
+PuppetSyntax::RakeTask.new
+PuppetSyntax.exclude_paths = exclude_paths
+PuppetSyntax.fail_on_deprecation_notices = true
 
+# Puppet-Lint 1.1.0
+Rake::Task[:lint].clear
 PuppetLint::RakeTask.new :lint do |config|
-  config.pattern          = 'manifests/**/*.pp'
+
+  # Pattern of files to ignore
+  config.ignore_paths = exclude_paths
+
+  # List of checks to disable
+  config.disable_checks = [
+      '80chars',
+      '140chars',
+      'documentation',
+      'class_inherits_from_params_class',
+      'arrow_on_right_operand_line',
+      'autoloader_layout',
+    ]
+
+  # Should puppet-lint prefix it's output with the file being checked,
+  # defaults to true
+  config.with_filename = false
+
+  # Should the task fail if there were any warnings, defaults to false
   config.fail_on_warnings = true
+
+  # Format string for puppet-lint's output (see the puppet-lint help output
+  # for details
+  config.log_format = '%{path}:%{line}: [%{KIND}] (%{check}) %{message}'
+
+  # Print out the context for the problem, defaults to false
+  config.with_context = true
+
+  # Enable automatic fixing of problems, defaults to false
+  config.fix = false
+
+  # Show ignored problems in the output, defaults to false
+  config.show_ignored = true
 end
 
-task :default => [
-  :validate,
-  :lint,
-  :spec,
-]
+task :metadata do
+  sh "metadata-json-lint --no-strict-license metadata.json"
+end
+
+task :default => [:syntax, :lint, :metadata]

manifests/admin/ssl.pp

@@ -14,7 +14,7 @@
   # note that the nickname is all lowercase, unlike for the slapd instances
   $nickname = 'server-cert'
 
-  port389::certs{ 'admin':
+  port389::certs { 'admin':
     certdir      => $certdir,
     nss_password => $::port389::server_admin_pwd,
     ssl_cert     => $::port389::ssl_cert,

manifests/certs.pp

@@ -1,19 +1,12 @@
 # private type
 define port389::certs (
-  $certdir,
-  $nss_password,
-  $ssl_nickname,
-  $ssl_cert,
-  $ssl_key,
-  $ssl_ca_certs,
+  Stdlib::Absolutepath $certdir,
+  String $nss_password,
+  String $ssl_nickname,
+  Stdlib::Absolutepath $ssl_cert,
+  Stdlib::Absolutepath $ssl_key,
+  Hash $ssl_ca_certs,
 ) {
-  validate_absolute_path($certdir)
-  validate_string($nss_password)
-  validate_absolute_path($ssl_cert)
-  validate_string($ssl_nickname)
-  validate_absolute_path($ssl_key)
-  validate_hash($ssl_ca_certs)
-
   if $caller_module_name != $module_name {
     fail("Use of private class ${name} by ${caller_module_name}")
   }

manifests/init.pp

@@ -7,67 +7,32 @@
 # include port389
 #
 class port389(
-  $ensure                     = 'present',
-  $package_ensure             = $::port389::params::package_ensure,
-  $package_name               = $::port389::params::package_name,
-  $enable_tuning              = $::port389::params::enable_tuning,
-  $user                       = $::port389::params::user,
-  $group                      = $::port389::params::group,
-  $admin_domain               = $::port389::params::admin_domain,
-  $config_directory_admin_id  = $::port389::params::config_directory_admin_id,
-  $config_directory_admin_pwd = $::port389::params::config_directory_admin_pwd,
-  $config_directory_ldap_url  = $::port389::params::config_directory_ldap_url,
-  $full_machine_name          = $::port389::params::full_machine_name,
-  $server_admin_port          = $::port389::params::server_admin_port,
-  $server_admin_id            = $::port389::params::server_admin_id,
-  $server_admin_pwd           = $::port389::params::server_admin_pwd,
-  $server_ipaddress           = $::port389::params::server_ipaddress,
-  $root_dn                    = $::port389::params::root_dn,
-  $root_dn_pwd                = $::port389::params::root_dn_pwd,
-  $server_port                = $::port389::params::server_port,
-  $setup_dir                  = $::port389::params::setup_dir,
-  $enable_ssl                 = $::port389::params::enable_ssl,
-  $enable_server_admin_ssl    = $::port389::params::enable_server_admin_ssl,
-  $ssl_server_port            = $::port389::params::ssl_server_port,
-  $ssl_cert                   = $::port389::params::ssl_cert,
-  $ssl_key                    = $::port389::params::ssl_key,
-  $ssl_ca_certs               = $::port389::params::ssl_ca_certs,
+  Enum['present', 'absent', 'latest', 'purged'] $ensure = 'present',
+  Variant[String, Array] $package_ensure = $::port389::params::package_ensure,
+  Variant[String, Array] $package_name = $::port389::params::package_name,
+  Boolean $enable_tuning = $::port389::params::enable_tuning,
+  String $user = $::port389::params::user,
+  String $group = $::port389::params::group,
+  String $admin_domain = $::port389::params::admin_domain,
+  String $config_directory_admin_id = $::port389::params::config_directory_admin_id,
+  String $config_directory_admin_pwd = $::port389::params::config_directory_admin_pwd,
+  String $config_directory_ldap_url = $::port389::params::config_directory_ldap_url,
+  String $full_machine_name = $::port389::params::full_machine_name,
+  String $server_admin_port = $::port389::params::server_admin_port,
+  String $server_admin_id = $::port389::params::server_admin_id,
+  String $server_admin_pwd = $::port389::params::server_admin_pwd,
+  String $server_ipaddress = $::port389::params::server_ipaddress,
+  String $root_dn = $::port389::params::root_dn,
+  String $root_dn_pwd = $::port389::params::root_dn_pwd,
+  String $server_port = $::port389::params::server_port,
+  String $setup_dir = $::port389::params::setup_dir,
+  Boolean $enable_ssl = $::port389::params::enable_ssl,
+  Boolean $enable_server_admin_ssl = $::port389::params::enable_server_admin_ssl,
+  Optional[String] $ssl_server_port = $::port389::params::ssl_server_port,
+  Optional[Stdlib::Absolutepath] $ssl_cert = $::port389::params::ssl_cert,
+  Optional[Stdlib::Absolutepath] $ssl_key = $::port389::params::ssl_key,
+  Optional[Hash] $ssl_ca_certs = $::port389::params::ssl_ca_certs,
 ) inherits port389::params {
-  validate_re($ensure, '^present$|^absent$|^latest$|^purged$')
-  if !(is_string($package_ensure) or is_array($package_ensure)) {
-    fail('package_ensure must be a string or an array')
-  }
-  if !(is_string($package_name) or is_array($package_name)) {
-    fail('package_name must be a string or an array')
-  }
-  validate_bool($enable_tuning)
-  validate_string($user)
-  validate_string($group)
-  validate_string($admin_domain)
-  validate_string($config_directory_admin_id)
-  validate_string($config_directory_admin_pwd)
-  validate_string($config_directory_ldap_url)
-  validate_string($full_machine_name)
-  validate_string($server_admin_port)
-  validate_string($server_admin_id)
-  validate_string($server_admin_pwd)
-  validate_string($server_ipaddress)
-  validate_string($root_dn)
-  validate_string($root_dn_pwd)
-  validate_string($server_port)
-  validate_string($setup_dir)
-  # ssl
-  validate_bool($enable_ssl)
-  validate_bool($enable_server_admin_ssl)
-  # don't validate ssl_* params unless $enable_ssl or enable_server_admin_ssl
-  # == true
-  if $enable_ssl or $enable_server_admin_ssl {
-    validate_string($ssl_server_port)
-    validate_absolute_path($ssl_cert)
-    validate_absolute_path($ssl_key)
-    validate_hash($ssl_ca_certs)
-  }
-
   anchor { 'port389::begin': }
 
   case $ensure {

manifests/install.pp

@@ -1,24 +1,16 @@
 # private class
 class port389::install (
-  $ensure         = 'present',
-  $package_ensure = $port389::package_ensure,
-  $package_name   = $port389::package_name,
+  Enum['present', 'absent', 'latest', 'purged'] $ensure = 'present',
+  Variant[String, Array] $package_ensure = $port389::package_ensure,
+  Variant[String, Array] $package_name = $port389::package_name,
 ) {
-  validate_re($ensure, '^present$|^absent$|^latest$|^purged$')
-  if !(is_string($package_ensure) or is_array($package_ensure)) {
-    fail('package_ensure must be a string or an array')
-  }
-  if !(is_string($package_name) or is_array($package_name)) {
-    fail('package_name must be a string or an array')
-  }
-
   if $caller_module_name != $module_name {
     fail("Use of private class ${name} by ${caller_module_name}")
   }
 
   # As of puppet 3.4.2, the yum provider for the package type does not handle
   # 'purged' correctly and shows activity on every run.
-  if $::osfamily == 'RedHat' {
+  if $facts['os']['family'] == 'RedHat' {
     $safe_ensure = $ensure ? {
       'purged' => 'absent',
       default  => $ensure,
@@ -33,7 +25,7 @@
 
   case $ensure {
     'present', 'latest': {
-      ensure_packages(any2array($package_ensure))
+      stdlib::ensure_packages(any2array($package_ensure))
     }
     'purged': {
       exec { $::port389::purge_commands:

manifests/instance.pp

@@ -1,42 +1,21 @@
 # port389::instance
 define port389::instance (
-  $admin_domain               = $::port389::admin_domain,
-  $config_directory_admin_id  = $::port389::config_directory_admin_id,
-  $config_directory_admin_pwd = $::port389::config_directory_admin_pwd,
-  $config_directory_ldap_url  = $::port389::config_directory_ldap_url,
-  $root_dn                    = $::port389::root_dn,
-  $root_dn_pwd                = $::port389::root_dn_pwd,
-  $server_port                = $::port389::server_port,
-  $enable_ssl                 = $::port389::enable_ssl,
-  $ssl_server_port            = $::port389::ssl_server_port,
-  $ssl_cert                   = $::port389::ssl_cert,
-  $ssl_key                    = $::port389::ssl_key,
-  $ssl_ca_certs               = $::port389::ssl_ca_certs,
-  $schema_file                = undef,
-  $suffix                     = port389_domain2dn($::port389::admin_domain),
+  Stdlib::Fqdn $admin_domain = $::port389::admin_domain,
+  String $config_directory_admin_id = $::port389::config_directory_admin_id,
+  String $config_directory_admin_pwd = $::port389::config_directory_admin_pwd,
+  String $config_directory_ldap_url = $::port389::config_directory_ldap_url,
+  String $root_dn = $::port389::root_dn,
+  String $root_dn_pwd = $::port389::root_dn_pwd,
+  String $server_port = $::port389::server_port,
+  Boolean $enable_ssl = $::port389::enable_ssl,
+  Optional[String] $ssl_server_port = $::port389::ssl_server_port,
+  Optional[Stdlib::Absolutepath] $ssl_cert = $::port389::ssl_cert,
+  Optional[Stdlib::Absolutepath] $ssl_key = $::port389::ssl_key,
+  Optional[Hash] $ssl_ca_certs = $::port389::ssl_ca_certs,
+  Optional[String] $schema_file = undef,
+  String $suffix = port389_domain2dn($::port389::admin_domain),
 ) {
   # follow the same server identifier validation rules as setup-ds-admin.pl
-  validate_re($title, '^[\w#%:@-]*$', "The ServerIdentifier '${title}' contains invalid characters.\
-It must contain only alphanumeric characters and the following: #%:@_-")
-  validate_string($admin_domain)
-  validate_string($config_directory_admin_id)
-  validate_string($config_directory_admin_pwd)
-  validate_string($config_directory_ldap_url)
-  validate_string($root_dn)
-  validate_string($root_dn_pwd)
-  validate_string($server_port)
-  # ssl
-  validate_bool($enable_ssl)
-  # don't validate ssl_* params unless $enable_ssl == true
-  if $enable_ssl {
-    validate_string($ssl_server_port)
-    validate_absolute_path($ssl_cert)
-    validate_absolute_path($ssl_key)
-    validate_hash($ssl_ca_certs)
-  }
-  # schema_file may be undef
-  validate_string($suffix)
-
   $setup_inf_name = "setup_${title}.inf"
   $setup_inf_path = "${::port389::setup_dir}/${setup_inf_name}"
 

manifests/instance/ssl.pp

@@ -1,21 +1,13 @@
 # private type
 define port389::instance::ssl (
-  $root_dn,
-  $root_dn_pwd,
-  $server_port,
-  $ssl_server_port,
-  $ssl_cert,
-  $ssl_key,
-  $ssl_ca_certs,
+  String $root_dn,
+  String $root_dn_pwd,
+  String $server_port,
+  String $ssl_server_port,
+  Stdlib::Absolutepath $ssl_cert,
+  Stdlib::Absolutepath $ssl_key,
+  Hash $ssl_ca_certs,
 ) {
-  validate_string($root_dn)
-  validate_string($root_dn_pwd)
-  validate_string($server_port)
-  validate_string($ssl_server_port)
-  validate_absolute_path($ssl_cert)
-  validate_absolute_path($ssl_key)
-  validate_hash($ssl_ca_certs)
-
   if $caller_module_name != $module_name {
     fail("Use of private type ${name} by ${caller_module_name}")
   }
@@ -78,7 +70,7 @@
     content => "Internal (Software) Token:${root_dn_pwd}",
   }
 
-  port389::certs{ $name:
+  port389::certs { $name:
     certdir      => $certdir,
     nss_password => $root_dn_pwd,
     ssl_nickname => 'Server-Cert',