Merge pull request #348 from wyardley/private_classes

Make private classes explicitly private, prevent setting params via rundeck::config
voxpupuli · Nov 9, 2017 · fd08aa7 · fd08aa7
2 parents dcaf259 + cac2b3f
commit fd08aa7
Show file tree

Hide file tree

Showing 8 changed files with 139 additions and 131 deletions.
diff --git a/manifests/config.pp b/manifests/config.pp
@@ -6,61 +6,63 @@
 #
 # This private class is called from `rundeck` to manage the configuration
 #
-class rundeck::config(
-  $acl_policies                 = $rundeck::acl_policies,
-  $acl_template                 = $rundeck::acl_template,
-  $api_policies                 = $rundeck::api_policies,
-  $api_template                 = $rundeck::api_template,
-  $auth_template                = $rundeck::auth_template,
-  $auth_types                   = $rundeck::auth_types,
-  $clustermode_enabled          = $rundeck::clustermode_enabled,
-  $database_config              = $rundeck::database_config,
-  $execution_mode               = $rundeck::execution_mode,
-  $file_keystorage_dir          = $rundeck::file_keystorage_dir,
-  $file_keystorage_keys         = $rundeck::file_keystorage_keys,
-  $grails_server_url            = $rundeck::grails_server_url,
-  $group                        = $rundeck::group,
-  $gui_config                   = $rundeck::gui_config,
-  $java_home                    = $rundeck::java_home,
-  $jvm_args                     = $rundeck::jvm_args,
-  $kerberos_realms              = $rundeck::kerberos_realms,
-  $key_password                 = $rundeck::key_password,
-  $key_storage_type             = $rundeck::key_storage_type,
-  $keystore                     = $rundeck::keystore,
-  $keystore_password            = $rundeck::keystore_password,
-  $log_properties_template      = $rundeck::log_properties_template,
-  $mail_config                  = $rundeck::mail_config,
-  $manage_default_admin_policy  = $rundeck::manage_default_admin_policy,
-  $manage_default_api_policy    = $rundeck::manage_default_api_policy,
-  $overrides_dir                = $rundeck::overrides_dir,
-  $preauthenticated_config      = $rundeck::preauthenticated_config,
-  $projects                     = $rundeck::projects,
-  $projects_description         = $rundeck::projects_default_desc,
-  $projects_organization        = $rundeck::projects_default_org,
-  $projects_storage_type        = $rundeck::projects_storage_type,
-  $quartz_job_threadcount       = $rundeck::quartz_job_threadcount,
-  $rd_loglevel                  = $rundeck::rd_loglevel,
-  $rd_auditlevel                = $rundeck::rd_auditlevel,
-  $rdeck_config_template        = $rundeck::rdeck_config_template,
-  $rdeck_profile_template       = $rundeck::rdeck_profile_template,
-  $realm_template               = $rundeck::realm_template,
-  $rss_enabled                  = $rundeck::rss_enabled,
-  $security_config              = $rundeck::security_config,
-  $security_role                = $rundeck::security_role,
-  $server_web_context           = $rundeck::server_web_context,
-  $service_logs_dir             = $rundeck::service_logs_dir,
-  $service_name                 = $rundeck::service_name,
-  $session_timeout              = $rundeck::session_timeout,
-  $ssl_enabled                  = $rundeck::ssl_enabled,
-  $ssl_port                     = $rundeck::ssl_port,
-  $ssl_keyfile                  = $rundeck::ssl_keyfile,
-  $ssl_certfile                 = $rundeck::ssl_certfile,
-  $truststore                   = $rundeck::truststore,
-  $truststore_password          = $rundeck::truststore_password,
-  $user                         = $rundeck::user,
-  $security_roles_array_enabled = $rundeck::security_roles_array_enabled,
-  $security_roles_array         = $rundeck::security_roles_array,
-) inherits rundeck::params {
+class rundeck::config {
+
+  assert_private()
+
+  $acl_policies                 = $rundeck::acl_policies
+  $acl_template                 = $rundeck::acl_template
+  $api_policies                 = $rundeck::api_policies
+  $api_template                 = $rundeck::api_template
+  $auth_template                = $rundeck::auth_template
+  $auth_types                   = $rundeck::auth_types
+  $clustermode_enabled          = $rundeck::clustermode_enabled
+  $database_config              = $rundeck::database_config
+  $execution_mode               = $rundeck::execution_mode
+  $file_keystorage_dir          = $rundeck::file_keystorage_dir
+  $file_keystorage_keys         = $rundeck::file_keystorage_keys
+  $grails_server_url            = $rundeck::grails_server_url
+  $group                        = $rundeck::group
+  $gui_config                   = $rundeck::gui_config
+  $java_home                    = $rundeck::java_home
+  $jvm_args                     = $rundeck::jvm_args
+  $kerberos_realms              = $rundeck::kerberos_realms
+  $key_password                 = $rundeck::key_password
+  $key_storage_type             = $rundeck::key_storage_type
+  $keystore                     = $rundeck::keystore
+  $keystore_password            = $rundeck::keystore_password
+  $log_properties_template      = $rundeck::log_properties_template
+  $mail_config                  = $rundeck::mail_config
+  $manage_default_admin_policy  = $rundeck::manage_default_admin_policy
+  $manage_default_api_policy    = $rundeck::manage_default_api_policy
+  $overrides_dir                = $rundeck::overrides_dir
+  $preauthenticated_config      = $rundeck::preauthenticated_config
+  $projects                     = $rundeck::projects
+  $projects_description         = $rundeck::projects_default_desc
+  $projects_organization        = $rundeck::projects_default_org
+  $projects_storage_type        = $rundeck::projects_storage_type
+  $quartz_job_threadcount       = $rundeck::quartz_job_threadcount
+  $rd_loglevel                  = $rundeck::rd_loglevel
+  $rd_auditlevel                = $rundeck::rd_auditlevel
+  $rdeck_config_template        = $rundeck::rdeck_config_template
+  $rdeck_profile_template       = $rundeck::rdeck_profile_template
+  $realm_template               = $rundeck::realm_template
+  $rss_enabled                  = $rundeck::rss_enabled
+  $security_config              = $rundeck::security_config
+  $security_role                = $rundeck::security_role
+  $server_web_context           = $rundeck::server_web_context
+  $service_logs_dir             = $rundeck::service_logs_dir
+  $service_name                 = $rundeck::service_name
+  $session_timeout              = $rundeck::session_timeout
+  $ssl_enabled                  = $rundeck::ssl_enabled
+  $ssl_port                     = $rundeck::ssl_port
+  $ssl_keyfile                  = $rundeck::ssl_keyfile
+  $ssl_certfile                 = $rundeck::ssl_certfile
+  $truststore                   = $rundeck::truststore
+  $truststore_password          = $rundeck::truststore_password
+  $user                         = $rundeck::user
+  $security_roles_array_enabled = $rundeck::security_roles_array_enabled
+  $security_roles_array         = $rundeck::security_roles_array
 
   File {
     owner  => $user,

diff --git a/manifests/config/global/file_keystore.pp b/manifests/config/global/file_keystore.pp
@@ -38,12 +38,14 @@
 # [*file_keystorage_dir*]
 #    The default base directory for file-based key storage
 #
-class rundeck::config::global::file_keystore (
-  $file_keystorage_dir = $::rundeck::file_keystorage_dir,
-  $group               = $::rundeck::config::group,
-  $keys                = $::rundeck::config::file_keystorage_keys,
-  $user                = $::rundeck::config::user,
-) {
+class rundeck::config::global::file_keystore {
+
+  assert_private()
+
+  $file_keystorage_dir = $::rundeck::file_keystorage_dir
+  $group               = $::rundeck::config::group
+  $keys                = $::rundeck::config::file_keystorage_keys
+  $user                = $::rundeck::config::user
 
   create_resources(rundeck::config::file_keystore, $keys, {'user' => $user, 'group' => $group})
 }
diff --git a/manifests/config/global/framework.pp b/manifests/config/global/framework.pp
@@ -6,13 +6,12 @@
 #
 # This private class is called from rundeck::config used to manage the framework properties of rundeck
 #
-class rundeck::config::global::framework(
-  $group            = $rundeck::config::group,
-  $properties_dir   = $rundeck::config::properties_dir,
-  $user             = $rundeck::config::user,
-  $ssl_enabled      = $rundeck::config::ssl_enabled,
-  $ssl_port         = $rundeck::config::ssl_port
-) {
+class rundeck::config::global::framework {
+  $group          = $rundeck::config::group
+  $properties_dir = $rundeck::config::properties_dir
+  $user           = $rundeck::config::user
+  $ssl_enabled    = $rundeck::config::ssl_enabled
+  $ssl_port       = $rundeck::config::ssl_port
 
   $framework_config_base = merge($rundeck::params::framework_config, $rundeck::framework_config)
 

diff --git a/manifests/config/global/project.pp b/manifests/config/global/project.pp
@@ -6,14 +6,16 @@
 #
 # This private class is called from rundeck::config used to manage the default project properties
 #
-class rundeck::config::global::project(
-  $group                 = $rundeck::config::group,
-  $projects_description  = $rundeck::config::projects_default_desc,
-  $projects_dir          = $rundeck::config::projects_dir,
-  $projects_organization = $rundeck::config::projects_default_org,
-  $properties_dir        = $rundeck::config::properties_dir,
-  $user                  = $rundeck::config::user,
-) {
+class rundeck::config::global::project {
+
+  assert_private()
+
+  $group                 = $rundeck::config::group
+  $projects_description  = $rundeck::config::projects_description
+  $projects_dir          = $rundeck::config::projects_dir
+  $projects_organization = $rundeck::config::projects_organization
+  $properties_dir        = $rundeck::config::properties_dir
+  $user                  = $rundeck::config::user
 
   $properties_file = "${properties_dir}/project.properties"
 

diff --git a/manifests/config/global/rundeck_config.pp b/manifests/config/global/rundeck_config.pp
@@ -6,26 +6,28 @@
 #
 # This private class is called from rundeck::config used to manage the rundeck-config properties
 #
-class rundeck::config::global::rundeck_config(
-  $clustermode_enabled     = $rundeck::config::clustermode_enabled,
-  $execution_mode          = $rundeck::config::execution_mode,
-  $file_keystorage_dir     = $rundeck::config::file_keystorage_dir,
-  $grails_server_url       = $rundeck::config::grails_server_url,
-  $group                   = $rundeck::config::group,
-  $gui_config              = $rundeck::config::gui_config,
-  $key_storage_type        = $rundeck::config::key_storage_type,
-  $mail_config             = $rundeck::config::mail_config,
-  $preauthenticated_config = $rundeck::config::preauthenticated_config,
-  $projects_storage_type   = $rundeck::config::projects_storage_type,
-  $properties_dir          = $rundeck::config::properties_dir,
-  $quartz_job_threadcount  = $rundeck::config::quartz_job_threadcount,
-  $rd_loglevel             = $rundeck::config::loglevel,
-  $rdeck_base              = $rundeck::config::rdeck_base,
-  $rdeck_config_template   = $rundeck::config::rdeck_config_template,
-  $rss_enabled             = $rundeck::config::rss_enabled,
-  $security_config         = $rundeck::config::security_config,
-  $user                    = $rundeck::config::user,
-) {
+class rundeck::config::global::rundeck_config {
+
+  assert_private()
+
+  $clustermode_enabled     = $rundeck::config::clustermode_enabled
+  $execution_mode          = $rundeck::config::execution_mode
+  $file_keystorage_dir     = $rundeck::config::file_keystorage_dir
+  $grails_server_url       = $rundeck::config::grails_server_url
+  $group                   = $rundeck::config::group
+  $gui_config              = $rundeck::config::gui_config
+  $key_storage_type        = $rundeck::config::key_storage_type
+  $mail_config             = $rundeck::config::mail_config
+  $preauthenticated_config = $rundeck::config::preauthenticated_config
+  $projects_storage_type   = $rundeck::config::projects_storage_type
+  $properties_dir          = $rundeck::config::properties_dir
+  $quartz_job_threadcount  = $rundeck::config::quartz_job_threadcount
+  $rd_loglevel             = $rundeck::config::rd_loglevel
+  $rdeck_base              = $rundeck::config::rdeck_base
+  $rdeck_config_template   = $rundeck::config::rdeck_config_template
+  $rss_enabled             = $rundeck::config::rss_enabled
+  $security_config         = $rundeck::config::security_config
+  $user                    = $rundeck::config::user
 
   $properties_file = "${properties_dir}/rundeck-config.groovy"
 

diff --git a/manifests/config/global/ssl.pp b/manifests/config/global/ssl.pp
@@ -6,19 +6,21 @@
 #
 # This private class is called from rundeck::config used to manage the ssl properties if ssl is enabled
 #
-class rundeck::config::global::ssl(
-  $group               = $rundeck::config::group,
-  $key_password        = $rundeck::config::key_password,
-  $ssl_keyfile         = $rundeck::config::ssl_keyfile,
-  $ssl_certfile        = $rundeck::config::ssl_certfile,
-  $keystore            = $rundeck::config::keystore,
-  $keystore_password   = $rundeck::config::keystore_password,
-  $properties_dir      = $rundeck::config::properties_dir,
-  $service_name        = $rundeck::service_name,
-  $truststore          = $rundeck::config::truststore,
-  $truststore_password = $rundeck::config::truststore_password,
-  $user                = $rundeck::config::user,
-) {
+class rundeck::config::global::ssl {
+
+  assert_private()
+
+  $group               = $rundeck::config::group
+  $key_password        = $rundeck::config::key_password
+  $ssl_keyfile         = $rundeck::config::ssl_keyfile
+  $ssl_certfile        = $rundeck::config::ssl_certfile
+  $keystore            = $rundeck::config::keystore
+  $keystore_password   = $rundeck::config::keystore_password
+  $properties_dir      = $rundeck::config::properties_dir
+  $service_name        = $rundeck::service_name
+  $truststore          = $rundeck::config::truststore
+  $truststore_password = $rundeck::config::truststore_password
+  $user                = $rundeck::config::user
 
   $properties_file = "${properties_dir}/ssl/ssl.properties"
 

diff --git a/manifests/install.pp b/manifests/install.pp
@@ -6,27 +6,24 @@
 #
 # This private class installs the rundeck package and it's dependencies
 #
-class rundeck::install(
-  $manage_repo        = $rundeck::manage_repo,
-  $package_ensure     = $rundeck::package_ensure,
-  $package_source     = $rundeck::package_source,
-  $rdeck_home         = $rundeck::rdeck_home
-) {
-
-  if $caller_module_name != $module_name {
-    fail("Use of private class ${name} by ${caller_module_name}")
-  }
+class rundeck::install {
+
+  assert_private()
+
+  $manage_repo    = $rundeck::manage_repo
+  $package_ensure = $rundeck::package_ensure
+  $package_source = $rundeck::package_source
+  $rdeck_home     = $rundeck::rdeck_home
 
   $framework_config = deep_merge($rundeck::params::framework_config, $rundeck::framework_config)
-  $projects_dir = $framework_config['framework.projects.dir']
-  $plugin_dir = $framework_config['framework.libext.dir']
+  $projects_dir     = $framework_config['framework.projects.dir']
+  $plugin_dir       = $framework_config['framework.libext.dir']
 
-  $user = $rundeck::user
-  $group = $rundeck::group
+  $user     = $rundeck::user
+  $group    = $rundeck::group
   $user_id  = $rundeck::user_id
   $group_id = $rundeck::group_id
 
-
   File {
     owner  => $user,
     group  => $group,

diff --git a/manifests/service.pp b/manifests/service.pp
@@ -7,13 +7,15 @@
 # This class is meant to be called from `rundeck`
 # It ensure the service is running
 #
-class rundeck::service(
-  $service_config = $rundeck::service_config,
-  $service_manage = $rundeck::service_manage,
-  $service_name   = $rundeck::service_name,
-  $service_script = $rundeck::service_script,
-  $service_ensure = $rundeck::service_ensure,
-) {
+class rundeck::service {
+
+  assert_private()
+
+  $service_config = $rundeck::service_config
+  $service_manage = $rundeck::service_manage
+  $service_name   = $rundeck::service_name
+  $service_script = $rundeck::service_script
+  $service_ensure = $rundeck::service_ensure
 
   if $caller_module_name != $module_name {
     fail("Use of private class ${name} by ${caller_module_name}")