From 092b9e70503519d28f9c49b28d9372a1348635c0 Mon Sep 17 00:00:00 2001
From: Takashi Kajinami <tkajinam@redhat.com>
Date: Mon, 21 Mar 2022 22:12:57 +0900
Subject: [PATCH] Refactor barbican::plugins::kmip

* Use $::os_service_default instead of undef. These are effectively
  same but $::os_service_default is globally used

* Make sure the unused parameters are reset

Change-Id: Id6ce9d200a094429098257a0070dea0605fe4565
---
 manifests/plugins/kmip.pp                  | 53 ++++++++++------------
 spec/classes/barbican_plugins_kmip_spec.rb | 39 ++++++++++------
 2 files changed, 48 insertions(+), 44 deletions(-)

diff --git a/manifests/plugins/kmip.pp b/manifests/plugins/kmip.pp
index 67e00815..f70e36ac 100644
--- a/manifests/plugins/kmip.pp
+++ b/manifests/plugins/kmip.pp
@@ -12,27 +12,27 @@
 #
 # [*kmip_plugin_username*]
 #   (optional) username for KMIP device
-#   Defaults to undef
+#   Defaults to $::os_service_default
 #
 # [*kmip_plugin_password*]
 #   (optional) password for KMIP device. This parameter is required
 #   when the kmip_plugin_username parameter is set.
-#   Defaults to undef
+#   Defaults to $::os_service_default
 #
 # [*kmip_plugin_keyfile*]
 #   (optional) key file for KMIP device. This parameter is required when
 #   the kmip_plugin_username parameter is not set.
-#   Defaults to undef
+#   Defaults to $::os_service_default
 #
 # [*kmip_plugin_certfile*]
 #   (optional) cert file for KMIP device. This parameter is required when
 #   the kmip_plugin_username parameter is not set.
-#   Defaults to undef
+#   Defaults to $::os_service_default
 #
 # [*kmip_plugin_ca_certs*]
 #   (optional) ca certs file for KMIP device. This parameter is required when
 #   the kmip_plugin_username parameter is not set.
-#   Defaults to undef
+#   Defaults to $::os_service_default
 #
 # [*global_default*]
 #   (optional) set plugin as global default
@@ -41,47 +41,40 @@
 class barbican::plugins::kmip (
   $kmip_plugin_host,
   $kmip_plugin_port,
-  $kmip_plugin_username = undef,
-  $kmip_plugin_password = undef,
-  $kmip_plugin_keyfile  = undef,
-  $kmip_plugin_certfile = undef,
-  $kmip_plugin_ca_certs = undef,
+  $kmip_plugin_username = $::os_service_default,
+  $kmip_plugin_password = $::os_service_default,
+  $kmip_plugin_keyfile  = $::os_service_default,
+  $kmip_plugin_certfile = $::os_service_default,
+  $kmip_plugin_ca_certs = $::os_service_default,
   $global_default       = false,
 ) {
 
   include barbican::deps
 
-  if $kmip_plugin_username != undef {
-    if $kmip_plugin_password == undef {
+  if !is_service_default($kmip_plugin_username) {
+    if is_service_default($kmip_plugin_password) {
       fail('kmip_plugin_password must be defined if kmip_plugin_username is defined')
     }
   } else {
-    if $kmip_plugin_certfile == undef {
+    if is_service_default($kmip_plugin_certfile) {
       fail('kmip_plugin_certfile must be defined')
     }
-    if $kmip_plugin_keyfile == undef {
+    if is_service_default($kmip_plugin_keyfile) {
       fail('kmip_plugin_keyfile must be defined')
     }
-    if $kmip_plugin_ca_certs == undef {
+    if is_service_default($kmip_plugin_ca_certs) {
       fail('kmip_plugin_ca_certs must be defined')
     }
   }
 
-  if $kmip_plugin_username != undef {
-    barbican_config {
-      'kmip_plugin/username': value => $kmip_plugin_username;
-      'kmip_plugin/password': value => $kmip_plugin_password, secret => true;
-      'kmip_plugin/host':     value => $kmip_plugin_host;
-      'kmip_plugin/port':     value => $kmip_plugin_port;
-    }
-  } else {
-    barbican_config {
-      'kmip_plugin/keyfile':  value => $kmip_plugin_keyfile;
-      'kmip_plugin/certfile': value => $kmip_plugin_certfile;
-      'kmip_plugin/ca_certs': value => $kmip_plugin_ca_certs;
-      'kmip_plugin/host':     value => $kmip_plugin_host;
-      'kmip_plugin/port':     value => $kmip_plugin_port;
-    }
+  barbican_config {
+    'kmip_plugin/username': value => $kmip_plugin_username;
+    'kmip_plugin/password': value => $kmip_plugin_password, secret => true;
+    'kmip_plugin/keyfile':  value => $kmip_plugin_keyfile;
+    'kmip_plugin/certfile': value => $kmip_plugin_certfile;
+    'kmip_plugin/ca_certs': value => $kmip_plugin_ca_certs;
+    'kmip_plugin/host':     value => $kmip_plugin_host;
+    'kmip_plugin/port':     value => $kmip_plugin_port;
   }
 
   barbican_config {
diff --git a/spec/classes/barbican_plugins_kmip_spec.rb b/spec/classes/barbican_plugins_kmip_spec.rb
index 83f5adb4..1363be95 100644
--- a/spec/classes/barbican_plugins_kmip_spec.rb
+++ b/spec/classes/barbican_plugins_kmip_spec.rb
@@ -26,23 +26,29 @@ describe 'barbican::plugins::kmip' do
     describe 'with kmip plugin with username' do
       let :params do
         {
-          :kmip_plugin_username      => 'kmip_user',
-          :kmip_plugin_password      => 'kmip_password',
-          :kmip_plugin_host          => 'kmip_host',
-          :kmip_plugin_port          => 9000,
-          :global_default            => true
+          :kmip_plugin_username => 'kmip_user',
+          :kmip_plugin_password => 'kmip_password',
+          :kmip_plugin_host     => 'kmip_host',
+          :kmip_plugin_port     => 9000,
+          :global_default       => true
         }
       end
 
       it 'is_expected.to set kmip parameters' do
-        is_expected.to contain_barbican_config('kmip_plugin/host')\
-          .with_value(params[:kmip_plugin_host])
-        is_expected.to contain_barbican_config('kmip_plugin/port')\
-          .with_value(params[:kmip_plugin_port])
         is_expected.to contain_barbican_config('kmip_plugin/username')\
           .with_value(params[:kmip_plugin_username])
         is_expected.to contain_barbican_config('kmip_plugin/password')\
           .with_value(params[:kmip_plugin_password]).with_secret(true)
+        is_expected.to contain_barbican_config('kmip_plugin/keyfile')\
+          .with_value('<SERVICE DEFAULT>')
+        is_expected.to contain_barbican_config('kmip_plugin/certfile')\
+          .with_value('<SERVICE DEFAULT>')
+        is_expected.to contain_barbican_config('kmip_plugin/ca_certs')\
+          .with_value('<SERVICE DEFAULT>')
+        is_expected.to contain_barbican_config('kmip_plugin/host')\
+          .with_value(params[:kmip_plugin_host])
+        is_expected.to contain_barbican_config('kmip_plugin/port')\
+          .with_value(params[:kmip_plugin_port])
         is_expected.to contain_barbican_config(
           'secretstore:kmip/secret_store_plugin') \
           .with_value('kmip_plugin')
@@ -55,15 +61,19 @@ describe 'barbican::plugins::kmip' do
     describe 'with kmip plugin with certificate' do
       let :params do
         {
-          :kmip_plugin_keyfile       => 'key_file',
-          :kmip_plugin_certfile      => 'cert_file',
-          :kmip_plugin_ca_certs      => 'ca_cert_file',
-          :kmip_plugin_host          => 'kmip_host',
-          :kmip_plugin_port          => 9000,
+          :kmip_plugin_keyfile  => 'key_file',
+          :kmip_plugin_certfile => 'cert_file',
+          :kmip_plugin_ca_certs => 'ca_cert_file',
+          :kmip_plugin_host     => 'kmip_host',
+          :kmip_plugin_port     => 9000,
         }
       end
 
       it 'is_expected.to set kmip parameters' do
+        is_expected.to contain_barbican_config('kmip_plugin/username')\
+          .with_value('<SERVICE DEFAULT>')
+        is_expected.to contain_barbican_config('kmip_plugin/password')\
+          .with_value('<SERVICE DEFAULT>').with_secret(true)
         is_expected.to contain_barbican_config('kmip_plugin/keyfile')\
           .with_value(params[:kmip_plugin_keyfile])
         is_expected.to contain_barbican_config('kmip_plugin/certfile')\
@@ -83,6 +93,7 @@ describe 'barbican::plugins::kmip' do
       end
     end
   end
+
   on_supported_os({
     :supported_os   => OSDefaults.get_supported_os
   }).each do |os,facts|