From 6e79ee1b7d3d1c46dcf4beebc262c547ea914d63 Mon Sep 17 00:00:00 2001
From: Tim Meusel <tim@bastelfreak.de>
Date: Tue, 26 Nov 2024 14:26:21 +0100
Subject: [PATCH] Harden the datatypes

Co-authored-by: Tim Meusel <tim@bastelfreak.de>
Co-authored-by: Garrett Honeycutt <code@garretthoneycutt.com>
---
 manifests/init.pp | 140 +++++++++++++++++++++++-----------------------
 1 file changed, 70 insertions(+), 70 deletions(-)

diff --git a/manifests/init.pp b/manifests/init.pp
index 9e09ac8..4ad122b 100644
--- a/manifests/init.pp
+++ b/manifests/init.pp
@@ -253,9 +253,9 @@
 class patroni (
 
   # Global Settings
-  String $scope,
-  String $namespace = '/service/',
-  String $hostname = $facts['networking']['hostname'],
+  String[1] $scope,
+  String[1] $namespace = '/service/',
+  String[1] $hostname = $facts['networking']['hostname'],
 
   # Bootstrap Settings
   Integer $dcs_loop_wait = 10,
@@ -271,40 +271,40 @@
   Hash $dcs_postgresql_parameters = {},
   String[1] $bootstrap_method = 'initdb',
   Boolean $initdb_data_checksums = true,
-  String $initdb_encoding = 'UTF8',
-  String $initdb_locale = 'en_US.utf8',
-  Array[String] $bootstrap_pg_hba = [
+  String[1] $initdb_encoding = 'UTF8',
+  String[1] $initdb_locale = 'en_US.utf8',
+  Array[String[1]] $bootstrap_pg_hba = [
     'host all all 0.0.0.0/0 md5',
     'host replication rep_user 0.0.0.0/0 md5',
   ],
   Hash $bootstrap_users = {},
-  Variant[Undef,String] $bootstrap_post_bootstrap = undef,
-  Variant[Undef,String] $bootstrap_post_init = undef,
+  Variant[Undef,String[1]] $bootstrap_post_bootstrap = undef,
+  Variant[Undef,String[1]] $bootstrap_post_init = undef,
   Boolean $is_standby = false,
-  String $standby_cluster_host = '127.0.0.1',
+  Stdlib::Host $standby_cluster_host = '127.0.0.1',
   Stdlib::Port $standby_cluster_port = 5432,
-  Optional[String] $standby_cluster_primary_slot_name = 'patroni',
+  Optional[String[1]] $standby_cluster_primary_slot_name = 'patroni',
 
   # PostgreSQL Settings
-  String $superuser_username = 'postgres',
-  String $superuser_password = 'changeme',
-  String $replication_username = 'rep_user',
-  String $replication_password = 'changeme',
-  Variant[Undef,String] $callback_on_reload = undef,
-  Variant[Undef,String] $callback_on_restart = undef,
-  Variant[Undef,String] $callback_on_role_change = undef,
-  Variant[Undef,String] $callback_on_start = undef,
-  Variant[Undef,String] $callback_on_stop = undef,
-  String $pgsql_connect_address = "${facts['networking']['fqdn']}:5432",
-  Array[String] $pgsql_create_replica_methods = ['basebackup'],
+  String[1] $superuser_username = 'postgres',
+  String[1] $superuser_password = 'changeme',
+  String[1] $replication_username = 'rep_user',
+  String[1] $replication_password = 'changeme',
+  Variant[Undef,String[1]] $callback_on_reload = undef,
+  Variant[Undef,String[1]] $callback_on_restart = undef,
+  Variant[Undef,String[1]] $callback_on_role_change = undef,
+  Variant[Undef,String[1]] $callback_on_start = undef,
+  Variant[Undef,String[1]] $callback_on_stop = undef,
+  String[1] $pgsql_connect_address = "${facts['networking']['fqdn']}:5432",
+  Array[String[1]] $pgsql_create_replica_methods = ['basebackup'],
   Optional[Stdlib::Unixpath] $pgsql_data_dir = undef,
-  Variant[Undef,String] $pgsql_config_dir = undef,
-  Variant[Undef,String] $pgsql_bin_dir = undef,
-  String $pgsql_listen = '0.0.0.0:5432',
+  Variant[Undef,String[1]] $pgsql_config_dir = undef,
+  Variant[Undef,String[1]] $pgsql_bin_dir = undef,
+  String[1] $pgsql_listen = '0.0.0.0:5432',
   Boolean $pgsql_use_unix_socket = false,
-  String $pgsql_pgpass_path = '/tmp/pgpass0',
+  String[1] $pgsql_pgpass_path = '/tmp/pgpass0',
   Hash $pgsql_recovery_conf = {},
-  Variant[Undef,String]  $pgsql_custom_conf = undef,
+  Variant[Undef,String[1]]  $pgsql_custom_conf = undef,
   Hash $pgsql_parameters = {},
   Array[String] $pgsql_pg_hba = [],
   Integer $pgsql_pg_ctl_timeout = 60,
@@ -315,34 +315,34 @@
 
   # Consul Settings
   Boolean $use_consul = false,
-  String $consul_host = 'localhost',
-  Variant[Undef,String] $consul_url = undef,
+  String[1] $consul_host = 'localhost',
+  Variant[Undef,String[1]] $consul_url = undef,
   Stdlib::Port $consul_port = 8500,
   Enum['http','https'] $consul_scheme = 'http',
-  Variant[Undef,String] $consul_token = undef,
+  Variant[Undef,String[1]] $consul_token = undef,
   Boolean $consul_verify = false,
   Optional[Boolean] $consul_register_service = undef,
-  Optional[String] $consul_service_check_interval = undef,
+  Optional[String[1]] $consul_service_check_interval = undef,
   Optional[Enum['default', 'consistent', 'stale']] $consul_consistency = undef,
-  Variant[Undef,String] $consul_cacert = undef,
-  Variant[Undef,String] $consul_cert = undef,
-  Variant[Undef,String] $consul_key = undef,
-  Variant[Undef,String] $consul_dc = undef,
-  Variant[Undef,String] $consul_checks = undef,
+  Variant[Undef,String[1]] $consul_cacert = undef,
+  Variant[Undef,String[1]] $consul_cert = undef,
+  Variant[Undef,String[1]] $consul_key = undef,
+  Variant[Undef,String[1]] $consul_dc = undef,
+  Variant[Undef,String[1]] $consul_checks = undef,
 
   # Etcd Settings
   Boolean $use_etcd = false,
-  String $etcd_host = '127.0.0.1:2379',
+  String[1] $etcd_host = '127.0.0.1:2379',
   Array[String] $etcd_hosts = [],
-  Variant[Undef,String] $etcd_url = undef,
-  Variant[Undef,String] $etcd_proxyurl = undef,
-  Variant[Undef,String] $etcd_srv = undef,
+  Variant[Undef,String[1]] $etcd_url = undef,
+  Variant[Undef,String[1]] $etcd_proxyurl = undef,
+  Variant[Undef,String[1]] $etcd_srv = undef,
   Enum['http','https'] $etcd_protocol = 'http',
-  Variant[Undef,String] $etcd_username = undef,
-  Variant[Undef,String] $etcd_password = undef,
-  Variant[Undef,String] $etcd_cacert = undef,
-  Variant[Undef,String] $etcd_cert = undef,
-  Variant[Undef,String] $etcd_key = undef,
+  Variant[Undef,String[1]] $etcd_username = undef,
+  Variant[Undef,String[1]] $etcd_password = undef,
+  Variant[Undef,String[1]] $etcd_cacert = undef,
+  Variant[Undef,String[1]] $etcd_cert = undef,
+  Variant[Undef,String[1]] $etcd_key = undef,
 
   # Exhibitor Settings
   Boolean $use_exhibitor = false,
@@ -352,23 +352,23 @@
 
   # Kubernetes Settings
   Boolean $use_kubernetes = false,
-  String $kubernetes_namespace = 'default',
+  String[1] $kubernetes_namespace = 'default',
   Hash $kubernetes_labels = {},
-  Variant[Undef,String] $kubernetes_scope_label = undef,
-  Variant[Undef,String] $kubernetes_role_label = undef,
+  Variant[Undef,String[1]] $kubernetes_scope_label = undef,
+  Variant[Undef,String[1]] $kubernetes_role_label = undef,
   Boolean $kubernetes_use_endpoints = false,
-  Variant[Undef,String] $kubernetes_pod_ip = undef,
-  Variant[Undef,String] $kubernetes_ports = undef,
+  Variant[Undef,String[1]] $kubernetes_pod_ip = undef,
+  Variant[Undef,String[1]] $kubernetes_ports = undef,
 
   # REST API Settings
-  Optional[String] $restapi_ciphers = undef,
-  String $restapi_connect_address = "${facts['networking']['fqdn']}:8008",
-  String $restapi_listen = '0.0.0.0:8008',
-  Variant[Undef,String] $restapi_username = undef,
-  Variant[Undef,String] $restapi_password = undef,
-  Variant[Undef,String] $restapi_certfile = undef,
-  Variant[Undef,String] $restapi_keyfile = undef,
-  Optional[String] $restapi_cafile = undef,
+  Optional[String[1]] $restapi_ciphers = undef,
+  String[1] $restapi_connect_address = "${facts['networking']['fqdn']}:8008",
+  String[1] $restapi_listen = '0.0.0.0:8008',
+  Variant[Undef,String[1]] $restapi_username = undef,
+  Variant[Undef,String[1]] $restapi_password = undef,
+  Variant[Undef,String[1]] $restapi_certfile = undef,
+  Variant[Undef,String[1]] $restapi_keyfile = undef,
+  Optional[String[1]] $restapi_cafile = undef,
   Optional[Enum['none','optional','required']] $restapi_verify_client = undef,
 
   # ZooKeeper Settings
@@ -377,27 +377,27 @@
 
   # Watchdog Settings
   Enum['off','automatic','required'] $watchdog_mode = 'automatic',
-  String $watchdog_device = '/dev/watchdog',
+  Stdlib::Absolutepath $watchdog_device = '/dev/watchdog',
   Integer $watchdog_safety_margin = 5,
 
   # Module Specific Settings
   Boolean $manage_postgresql = true,
-  Optional[String] $postgresql_version = undef,
-  String $package_name = 'patroni',
-  String $version = 'present',
-  Array $install_dependencies = [],
+  Optional[String[1]] $postgresql_version = undef,
+  String[1] $package_name = 'patroni',
+  String[1] $version = 'present',
+  Array[String] $install_dependencies = [],
   Boolean $manage_python = true,
   Enum['package','pip'] $install_method = 'pip',
   Stdlib::Absolutepath $install_dir = '/opt/app/patroni',
-  String $python_class_version = '36',
-  String $python_venv_version = '3.6',
+  String[1] $python_class_version = '36',
+  String[1] $python_venv_version = '3.6',
   Boolean $manage_venv_package = true,
-  String $config_path = '/opt/app/patroni/etc/postgresql.yml',
-  String $config_owner = 'postgres',
-  String $config_group = 'postgres',
-  String $config_mode = '0600',
-  String $service_name = 'patroni',
-  String $service_ensure = 'running',
+  Stdlib::Absolutepath $config_path = '/opt/app/patroni/etc/postgresql.yml',
+  String[1] $config_owner = 'postgres',
+  String[1] $config_group = 'postgres',
+  Stdlib::Filemode $config_mode = '0600',
+  String[1] $service_name = 'patroni',
+  Enum['running', 'stopped'] $service_ensure = 'running',
   Boolean $service_enable = true,
   Optional[String[1]] $custom_pip_provider = undef,
 ) {