From 47b92efb88ead2bad5845b6da9c07a0a5364d930 Mon Sep 17 00:00:00 2001
From: Christos Papageorgiou <christos.papageorgioy@gmail.com>
Date: Thu, 24 Feb 2022 13:59:00 +0200
Subject: [PATCH 1/2] Use fact() function for all os.distro.* facts

* On Puppet 6 facter 3.x requires lsb-release to resolve os.distro.* facts. Using $facts hash cause errors like "Evaluation Error: Operator '[]' is not applicable to an Undef Value." because os.distro is undefined causing the catalog to fail. Use fact() to identify Undef facts and throw an error to the user.

Signed-off-by: Christos Papageorgiou <christos.papageorgioy@gmail.com>
---
 REFERENCE.md           | 20 +++++++++-----------
 manifests/backports.pp |  8 ++++++--
 manifests/ppa.pp       |  2 +-
 manifests/source.pp    |  6 +++---
 4 files changed, 19 insertions(+), 17 deletions(-)

diff --git a/REFERENCE.md b/REFERENCE.md
index 0293856408..c859365bdc 100644
--- a/REFERENCE.md
+++ b/REFERENCE.md
@@ -432,7 +432,7 @@ Default value: ``undef``
 Data type: `Optional[String]`
 
 Specifies a distribution of the Apt repository containing the backports to manage. Used in populating the `source.list` configuration file.
-Default: on Debian and Ubuntu, `${facts['os']['distro']['codename']}-backports`. We recommend keeping this default, except on other operating
+Default: on Debian and Ubuntu, `${fact('os.distro.codename')}-backports`. We recommend keeping this default, except on other operating
 systems.
 
 Default value: ``undef``
@@ -814,7 +814,7 @@ Data type: `Optional[String]`
 Specifies the operating system of your node. Valid options: a string containing a valid LSB distribution codename.
 Optional if `puppet facts show os.distro.codename` returns your correct distribution release codename.
 
-Default value: `$facts['os']['distro']['codename']`
+Default value: `fact('os.distro.codename')`
 
 ##### <a name="dist"></a>`dist`
 
@@ -935,8 +935,8 @@ The following parameters are available in the `apt::source` defined type:
 * [`pin`](#pin)
 * [`architecture`](#architecture)
 * [`allow_unsigned`](#allow_unsigned)
-* [`allow_insecure`](#allow_insecure)
 * [`notify_update`](#notify_update)
+* [`allow_insecure`](#allow_insecure)
 
 ##### <a name="location"></a>`location`
 
@@ -1037,23 +1037,21 @@ Specifies whether to authenticate packages from this release, even if the Releas
 
 Default value: ``false``
 
-##### <a name="allow_insecure"></a>`allow_insecure`
+##### <a name="notify_update"></a>`notify_update`
 
 Data type: `Boolean`
 
-Specifies whether to authenticate packages from this release, even if the Release file is not signed or the signature can't be checked.
-Unlike the `allow_unsigned` (trusted=yes) option, this should throw a warning that the interaction is insecure.  
-See [this comment](https://unix.stackexchange.com/a/480550) for a brief discussion of the difference and why this option might be preferable to `allow_unsigned`.
+Specifies whether to trigger an `apt-get update` run.
 
-Default value: ``false``
+Default value: ``true``
 
-##### <a name="notify_update"></a>`notify_update`
+##### <a name="allow_insecure"></a>`allow_insecure`
 
 Data type: `Boolean`
 
-Specifies whether to trigger an `apt-get update` run.
 
-Default value: ``true``
+
+Default value: ``false``
 
 ## Resource types
 
diff --git a/manifests/backports.pp b/manifests/backports.pp
index 080c83dd35..0dcecbe09a 100644
--- a/manifests/backports.pp
+++ b/manifests/backports.pp
@@ -21,7 +21,7 @@
 #
 # @param release
 #   Specifies a distribution of the Apt repository containing the backports to manage. Used in populating the `source.list` configuration file.
-#   Default: on Debian and Ubuntu, `${facts['os']['distro']['codename']}-backports`. We recommend keeping this default, except on other operating
+#   Default: on Debian and Ubuntu, `${fact('os.distro.codename')}-backports`. We recommend keeping this default, except on other operating
 #   systems.
 #
 # @param repos
@@ -79,7 +79,11 @@
     $_location = $::apt::backports['location']
   }
   unless $release {
-    $_release = "${facts['os']['distro']['codename']}-backports"
+    if fact('os.distro.codename') {
+      $_release = "${fact('os.distro.codename')}-backports"
+    } else {
+      fail('os.distro.codename fact not available: release parameter required')
+    }
   }
   unless $repos {
     $_repos = $::apt::backports['repos']
diff --git a/manifests/ppa.pp b/manifests/ppa.pp
index accf0fc4bc..0d3c7b734c 100644
--- a/manifests/ppa.pp
+++ b/manifests/ppa.pp
@@ -26,7 +26,7 @@
 define apt::ppa(
   String $ensure                 = 'present',
   Optional[String] $options      = $::apt::ppa_options,
-  Optional[String] $release      = $facts['os']['distro']['codename'],
+  Optional[String] $release      = fact('os.distro.codename'),
   Optional[String] $dist         = $facts['os']['name'],
   Optional[String] $package_name = $::apt::ppa_package,
   Boolean $package_manage        = false,
diff --git a/manifests/source.pp b/manifests/source.pp
index c178bd2e4b..3bcbe8255d 100644
--- a/manifests/source.pp
+++ b/manifests/source.pp
@@ -79,8 +79,8 @@
   $_before = Apt::Setting["list-${title}"]
 
   if !$release {
-    if $facts['os']['distro']['codename'] {
-      $_release = $facts['os']['distro']['codename']
+    if fact('os.distro.codename') {
+      $_release = fact('os.distro.codename')
     } else {
       fail('os.distro.codename fact not available: release parameter required')
     }
@@ -100,7 +100,7 @@
     }
     # Newer oses, do not need the package for HTTPS transport.
     $_transport_https_releases = [ 'wheezy', 'jessie', 'stretch', 'trusty', 'xenial' ]
-    if ($facts['os']['distro']['codename'] in $_transport_https_releases) and $_location =~ /(?i:^https:\/\/)/ {
+    if (fact('os.distro.codename') in $_transport_https_releases) and $_location =~ /(?i:^https:\/\/)/ {
       ensure_packages('apt-transport-https')
       Package['apt-transport-https'] -> Class['apt::update']
     }

From 24f3aba9328a628b0248ad682a16c249ad06b5ea Mon Sep 17 00:00:00 2001
From: Christos Papageorgiou <christos.papageorgioy@gmail.com>
Date: Tue, 15 Mar 2022 14:00:56 +0200
Subject: [PATCH 2/2] Switch using os.release.major for apt-transport-https

Signed-off-by: Christos Papageorgiou <christos.papageorgioy@gmail.com>
---
 manifests/source.pp | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/manifests/source.pp b/manifests/source.pp
index 3bcbe8255d..da01ef1319 100644
--- a/manifests/source.pp
+++ b/manifests/source.pp
@@ -99,8 +99,8 @@
       $_location = $location
     }
     # Newer oses, do not need the package for HTTPS transport.
-    $_transport_https_releases = [ 'wheezy', 'jessie', 'stretch', 'trusty', 'xenial' ]
-    if (fact('os.distro.codename') in $_transport_https_releases) and $_location =~ /(?i:^https:\/\/)/ {
+    $_transport_https_releases = [ '7', '8', '9', '14.04', '16.04' ]
+    if (fact('os.release.major') in $_transport_https_releases) and $_location =~ /(?i:^https:\/\/)/ {
       ensure_packages('apt-transport-https')
       Package['apt-transport-https'] -> Class['apt::update']
     }