From ba5e4dcfa64a36d6b6ccfe0aee899b10195a6816 Mon Sep 17 00:00:00 2001
From: Louis Charreau <louis.charreau@vadesecure.com>
Date: Tue, 19 Dec 2023 18:45:36 +0100
Subject: [PATCH 01/33] Add `elastic_stack_keystore` resource type to handle
 keystore file for both elasticsearch and kibana service

---
 .../provider/elastic_stack_keystore/ruby.rb   | 345 ++++++++++++++++++
 lib/puppet/type/elastic_stack_keystore.rb     | 104 ++++++
 2 files changed, 449 insertions(+)
 create mode 100644 lib/puppet/provider/elastic_stack_keystore/ruby.rb
 create mode 100644 lib/puppet/type/elastic_stack_keystore.rb

diff --git a/lib/puppet/provider/elastic_stack_keystore/ruby.rb b/lib/puppet/provider/elastic_stack_keystore/ruby.rb
new file mode 100644
index 0000000..a4701f4
--- /dev/null
+++ b/lib/puppet/provider/elastic_stack_keystore/ruby.rb
@@ -0,0 +1,345 @@
+# frozen_string_literal: true
+
+Puppet::Type.type(:elastic_stack_keystore).provide(
+  :elastic_stack_keystore
+) do
+  desc 'Provider for both `elasticsearch-keystore` and `kibana-keystore` based secret management.'
+
+  mk_resource_methods
+
+  def self.defaults_dir
+    @defaults_dir ||= case Facter.value('osfamily')
+                      when 'RedHat'
+                        '/etc/sysconfig'
+                      else
+                        '/etc/default'
+                      end
+  end
+
+  def self.root_dir
+    @root_dir ||= case Facter.value('osfamily')
+                  when 'OpenBSD'
+                    '/usr/local'
+                  else
+                    '/usr/share'
+                  end
+  end
+
+  def self.home_dir_kibana
+    @home_dir_kibana ||= File.join(root_dir, 'kibana')
+  end
+
+  def self.home_dir_elasticsearch
+    @home_dir_elasticsearch ||= File.join(root_dir, 'elasticsearch')
+  end
+
+  def self.elastic_keystore_password_file
+    keystore_env = get_envvar('elasticsearch', 'ES_KEYSTORE_PASSPHRASE_FILE')
+    if keystore_env.empty?
+      @elastic_keystore_password_file ||= "#{configdir('elasticsearch')}/.elasticsearch-keystore-password"
+    else
+      @elastic_keystore_password_file ||= keystore_env 
+    end
+  end
+
+  def self.elastic_keystore_password(password = '')
+    if File.file?(elastic_keystore_password_file)
+      @elastic_keystore_password ||= File.open(elastic_keystore_password_file, &:readline).strip
+    else
+      @elastic_keystore_password = password.empty? ? @elastic_keystore_password : password
+    end
+  end
+
+  def self.elastic_keystore_password_file_bak
+    @elastic_keystore_password_file_bak ||= "#{elastic_keystore_password_file}.puppet-bak"
+  end
+
+  def self.elastic_keystore_password_bak
+    if File.file?(elastic_keystore_password_file_bak)
+      @elastic_keystore_password_bak ||= File.open(elastic_keystore_password_file_bak, &:readline).strip
+    else
+      @elastic_keystore_password_bak ||= ''
+    end
+  end
+
+  attr_accessor :defaults_dir, :root_dir, :home_dir_kibana, :home_dir_elasticsearch, :elastic_keystore_password_file, :elastic_keystore_password, :elastic_keystore_password_file_bak, :elastic_keystore_password_bak
+
+  optional_commands kibana_keystore: "#{home_dir_kibana}/bin/kibana-keystore"
+  optional_commands elasticsearch_keystore: "#{home_dir_elasticsearch}/bin/elasticsearch-keystore"
+
+  def self.run_keystore(args, service, stdin = nil)
+    options = {
+      uid: service.to_s,
+      gid: service.to_s,
+      failonfail: true
+    }
+
+    password = case service
+               when "elasticsearch"
+                 File.file?(elastic_keystore_password_file_bak) ? elastic_keystore_password_bak : elastic_keystore_password
+               else
+                 ''
+               end
+
+    cmd = [command("#{service}_keystore")]
+    if args[0] == "create" || args[0] == "has-passwd"
+      options[:failonfail] = false
+      options[:combine] = true
+    elsif args[0] == "passwd"
+      options[:combine] = true
+      if File.file?(elastic_keystore_password_file_bak)
+        stdin = "#{elastic_keystore_password_bak}\n#{elastic_keystore_password}\n#{elastic_keystore_password}"
+      else
+        stdin = "#{elastic_keystore_password}\n#{elastic_keystore_password}"
+      end
+    end
+
+    if service == "elasticsearch"
+      unless args[0] == "passwd" || args[0] == "has-passwd"
+        if has_passwd?(service)
+          unless password.strip.empty?
+            if stdin.nil?
+              stdin = "#{password}"
+            else
+              stdin = "#{password}\n#{stdin}"
+            end
+          end
+        end
+      end
+    end
+
+    unless stdin.nil?
+      stdinfile = Tempfile.new("#{service}-keystore")
+      stdinfile << stdin
+      stdinfile.flush
+      options[:stdinfile] = stdinfile.path
+    end
+
+    begin
+      stdout = execute(cmd + args, options)
+    ensure
+      unless stdin.nil?
+        stdinfile.close
+        stdinfile.unlink
+      end
+    end
+
+    if stdout.exitstatus.zero?
+      stdout
+    else
+      options[:failonfail] ? raise(Puppet::Error, stdout) : stdout
+    end
+  end
+
+  def self.present_keystores(configdir, service, password = '')
+    keystore_file = File.join(configdir, "#{service}.keystore")
+    if File.file?(keystore_file)
+      current_password = case service
+                         when "elasticsearch"
+                           if has_passwd?(service)
+			     File.file?(elastic_keystore_password_file_bak) ? elastic_keystore_password_bak : elastic_keystore_password(password.value)
+                           else
+			     elastic_keystore_password(password.value)
+                             ''
+                           end
+                         else
+                           ''
+                         end
+      settings = {}
+      run_keystore(['list'], service).split("\n").each do |setting|
+        if service == "kibana"
+          settings[setting] = ''
+        else
+          settings[setting] = run_keystore(['show', setting], service)
+        end
+      end
+      [{
+        name: service,
+        ensure: :present,
+        provider: name,
+        settings: settings,
+        password: current_password,
+      }]
+    else
+      []
+    end
+  end
+
+  def self.configdir(service)
+    dir = get_envvar(service, '(ES|KBN)_PATH_CONF')
+    if dir.empty?
+      File.join("/etc", service)
+    else      
+      dir
+    end
+  end
+
+  def self.get_envvar(service, env)
+    defaults_file = File.join(defaults_dir, service)
+    val = ''
+    if File.file?(defaults_file)
+      File.readlines(defaults_file).each do |line|
+        next if line =~ /^#/
+        key,value = line.split "="
+        if key =~ /#{env}/
+          val = value.gsub(/"/, '').strip
+        end
+      end
+    end
+    val
+  end
+
+  def self.instances(password = '')
+    keystores = []
+    ['kibana','elasticsearch'].each do |service|
+      keystores = keystores.concat(present_keystores(configdir(service), service, password))
+    end
+    keystores.map do |keystore|
+      new keystore
+    end
+  end
+
+  def self.has_passwd?(service)
+    has_passwd = run_keystore(['has-passwd'], service).split("\n").last
+    has_passwd.match? /^Keystore is password-protected/
+  end
+
+  def self.keystore_password_management(service)
+    if has_passwd?(service)
+      unless elastic_keystore_password_bak.strip.empty?
+        run_keystore(['passwd'], service) if elastic_keystore_password != elastic_keystore_password_bak
+      end
+    else
+      run_keystore(['passwd'], service) unless elastic_keystore_password.empty?
+    end
+  end
+
+  def self.prefetch(resources)
+    password = resources.key?(:elasticsearch) ? resources[:elasticsearch].parameters[:password] : ''
+    keystores = instances(password)
+    resources.each_key do |name|
+      provider = keystores.find { |keystore| keystore.name.to_sym == name }
+      resources[name].provider = provider if provider
+    end
+  end
+
+  def initialize(value = {})
+    super(value)
+    @property_flush = {}
+  end
+
+  def flush
+    configdir = self.class.configdir(resource[:service].to_s)
+    service = resource[:service].to_s
+
+    case @property_flush[:ensure]
+    when :present
+      debug(self.class.run_keystore(['create', '-s'], service, 'N'))
+      @property_flush[:settings] = resource[:settings]
+    when :absent
+      File.delete(File.join([
+                              configdir, "#{resource[:service]}.keystore"
+                            ]))
+      return
+    end
+
+    # Note that since the property is :array_matching => :all, we have to
+    # expect that the hash is wrapped in an array.
+    if @property_flush.key?(:settings) && !(@property_flush[:settings].empty? && @property_hash.nil? && @property_hash[:settings].nil?)
+      # Flush properties that _should_ be present
+      @property_flush[:settings].each do |setting, value|
+        next if @property_hash.key?(:settings) && @property_hash[:settings].key?(setting) \
+          && @property_hash[:settings][setting] == value
+
+        args = ['add', '--force']
+        args << '--stdin' if service == "kibana"
+        args << setting
+        debug(self.class.run_keystore(args, service, value))
+      end
+
+      # Remove properties that are no longer present
+      if resource[:purge]
+        (@property_hash[:settings].keys.sort - @property_flush[:settings].keys.sort).each do |setting|
+          debug(self.class.run_keystore(
+                  ['remove', setting], service 
+                ))
+        end
+      end
+    end
+
+    keystore_settings = self.class.run_keystore(['list'], service).split("\n").each do |setting|
+      settings = {}
+      if service == "kibana"
+        settings[setting] = ''
+      else
+        settings[setting] = self.class.run_keystore(['show', setting], service)
+      end
+      settings
+    end
+
+    # if service == "elasticsearch" && @property_flush.key?(:password)
+    if service == "elasticsearch"
+      # set and update keystore password if needed
+      self.class.keystore_password_management(service)
+      # unlink backup file containing keystore password (synced)
+      File.unlink(self.class.elastic_keystore_password_file_bak) if File.file?(self.class.elastic_keystore_password_file_bak)
+    end
+
+    @property_hash = {
+      name: service,
+      ensure: :present,
+      provider: resource[:name],
+      settings: keystore_settings,
+      password: self.class.elastic_keystore_password,
+    }
+  end
+
+  # settings property setter
+  #
+  # @return [Hash] settings
+  def settings=(new_settings)
+    @property_flush[:settings] = new_settings
+  end
+
+  # settings property getter
+  #
+  # @return [Hash] settings
+  def settings
+    @property_hash[:settings]
+  end
+
+  # settings property setter
+  #
+  # @return [String] password
+  def password=(new_password)
+    @property_flush[:password] = new_password
+  end
+
+  # settings property getter
+  #
+  # @return [Hash] password
+  def password
+    @property_hash[:password]
+  end
+
+  # Sets the ensure property in the @property_flush hash.
+  #
+  # @return [Symbol] :present
+  def create
+    @property_flush[:ensure] = :present
+  end
+
+  # Determine whether this resource is present on the system.
+  #
+  # @return [Boolean]
+  def exists?
+    @property_hash[:ensure] == :present
+  end
+
+  # Set flushed ensure property to absent.
+  #
+  # @return [Symbol] :absent
+  def destroy
+    @property_flush[:ensure] = :absent
+  end
+end
diff --git a/lib/puppet/type/elastic_stack_keystore.rb b/lib/puppet/type/elastic_stack_keystore.rb
new file mode 100644
index 0000000..3574971
--- /dev/null
+++ b/lib/puppet/type/elastic_stack_keystore.rb
@@ -0,0 +1,104 @@
+# frozen_string_literal: false
+
+require 'puppet/parameter/boolean'
+
+Puppet::Type.newtype(:elastic_stack_keystore) do
+  desc 'Manages a keystore settings file (for either Elasticserach or Kibana service.'
+
+  ensurable
+
+  newparam(:service, namevar: true) do
+    desc 'Service that manages the keystore (either "elasticsearch" or "kibana").'
+    newvalues(:elasticsearch, :kibana)
+    defaultto 'elasticsearch'
+  end
+
+  newparam(:purge, boolean: true, parent: Puppet::Parameter::Boolean) do
+    desc <<-EOS
+      Whether to proactively remove settings that exist in the keystore but
+      are not present in this resource's settings.
+    EOS
+
+    defaultto false
+  end
+
+  newproperty(:password) do
+    desc 'Password to protect keystore.'
+
+    defaultto ''
+
+    def insync?(value)
+      if resource[:service].to_s == 'kibana'
+        true
+      else
+        value == @should.first
+      end
+    end
+  end
+
+  newproperty(:settings) do
+    desc 'A key/value hash of settings names and values.'
+
+    # The keystore utility can only retrieve a list of stored settings,
+    # so here we only compare the existing settings (sorted) with the
+    # desired settings' keys
+    def insync?(value)
+      if resource[:service].to_s == 'kibana'
+        if resource[:purge]
+          value.keys.sort == @should.first.keys.sort
+        else
+          (@should.first.keys.sort - value.keys.sort).empty?
+        end
+      else
+        if resource[:purge]
+          #value.sort == @should.first.keys.sort
+          value == @should.first
+        else
+          if (@should.first.keys.sort - value.keys.sort).empty?
+            # compare the values of keys in common
+            (@should.first.values.sort - value.values.sort).empty?
+          else
+            false
+          end
+        end
+      end
+    end
+
+    def is_to_s(value)
+      debug("into is_to_s #{value}")
+      # hide sensitive data
+      value.map { |k,v| [k, "xxxx"] }.to_h.inspect
+    end
+
+    def should_to_s(value)
+      debug("into should_to_s #{value}")
+      # hide sensitive data
+      value.map { |k,v| [k, "xxxx"] }.to_h.inspect
+    end
+
+    def change_to_s(currentvalue, newvalue)
+      ret = ''
+
+      added_settings = newvalue.keys - currentvalue.keys
+      ret << "added: #{added_settings.join(', ')} " unless added_settings.empty?
+
+      removed_settings = currentvalue.keys - newvalue.keys
+      unless removed_settings.empty?
+        ret << if resource[:purge]
+                 "removed: #{removed_settings.join(', ')} "
+               else
+                 "would have removed: #{removed_settings.join(', ')}, but purging is disabled "
+               end
+      end
+
+      changed = newvalue.map { |k,v| currentvalue[k] == v ? nil : k }.compact
+      ret << "changed: #{changed.join(', ')}" unless changed.empty?
+
+      ret
+    end
+  end
+
+  autorequire(:augeas) do
+    "defaults_#{self[:name]}"
+  end
+end

From 63feb6f39e43462791a7ab2c5e5c135dd3730823 Mon Sep 17 00:00:00 2001
From: Louis Charreau <louis.charreau@vadesecure.com>
Date: Tue, 19 Dec 2023 18:47:02 +0100
Subject: [PATCH 02/33] Update REFERENCE.md

---
 REFERENCE.md | 62 ++++++++++++++++++++++++++++++++++++++++++++++++++++
 1 file changed, 62 insertions(+)

diff --git a/REFERENCE.md b/REFERENCE.md
index 550a92a..38a74e5 100644
--- a/REFERENCE.md
+++ b/REFERENCE.md
@@ -8,6 +8,10 @@
 
 * [`elastic_stack::repo`](#elastic_stack--repo): Set up the package repository for Elastic Stack components
 
+### Resource types
+
+* [`elastic_stack_keystore`](#elastic_stack_keystore): Manages a keystore settings file (for either Elasticserach or Kibana service.
+
 ## Classes
 
 ### <a name="elastic_stack--repo"></a>`elastic_stack::repo`
@@ -81,3 +85,61 @@ The base url for the repo path
 
 Default value: `undef`
 
+## Resource types
+
+### <a name="elastic_stack_keystore"></a>`elastic_stack_keystore`
+
+Manages a keystore settings file (for either Elasticserach or Kibana service.
+
+#### Properties
+
+The following properties are available in the `elastic_stack_keystore` type.
+
+##### `ensure`
+
+Valid values: `present`, `absent`
+
+The basic property that the resource should be in.
+
+Default value: `present`
+
+##### `password`
+
+Password to protect keystore.
+
+Default value: `''`
+
+##### `settings`
+
+A key/value hash of settings names and values.
+
+#### Parameters
+
+The following parameters are available in the `elastic_stack_keystore` type.
+
+* [`provider`](#-elastic_stack_keystore--provider)
+* [`purge`](#-elastic_stack_keystore--purge)
+* [`service`](#-elastic_stack_keystore--service)
+
+##### <a name="-elastic_stack_keystore--provider"></a>`provider`
+
+The specific backend to use for this `elastic_stack_keystore` resource. You will seldom need to specify this --- Puppet
+will usually discover the appropriate provider for your platform.
+
+##### <a name="-elastic_stack_keystore--purge"></a>`purge`
+
+Valid values: `true`, `false`, `yes`, `no`
+
+Whether to proactively remove settings that exist in the keystore but
+are not present in this resource's settings.
+
+Default value: `false`
+
+##### <a name="-elastic_stack_keystore--service"></a>`service`
+
+Valid values: `elasticsearch`, `kibana`
+
+Service that manages the keystore (either "elasticsearch" or "kibana").
+
+Default value: `elasticsearch`
+

From 0ca72d599b122230a320d3e9727f0013faa4c2d6 Mon Sep 17 00:00:00 2001
From: Louis Charreau <louis.charreau@vadesecure.com>
Date: Tue, 19 Dec 2023 22:05:21 +0100
Subject: [PATCH 03/33] Add rspec unit test for `elastic_stack_keystore` type

---
 spec/unit/type/elastic_stack_keystore_spec.rb | 104 ++++++++++++++++++
 1 file changed, 104 insertions(+)
 create mode 100644 spec/unit/type/elastic_stack_keystore_spec.rb

diff --git a/spec/unit/type/elastic_stack_keystore_spec.rb b/spec/unit/type/elastic_stack_keystore_spec.rb
new file mode 100644
index 0000000..fde942f
--- /dev/null
+++ b/spec/unit/type/elastic_stack_keystore_spec.rb
@@ -0,0 +1,104 @@
+# frozen_string_literal: true
+
+require 'spec_helper_rspec'
+require 'facter'
+
+describe Puppet::Type.type(:elastic_stack_keystore) do
+  let(:resource_name) { 'elasticsearch' }
+
+  describe 'validating attributes' do
+    %i[purge service].each do |param|
+      it "has a `#{param}` parameter" do
+        expect(described_class.attrtype(param)).to eq(:param)
+      end
+    end
+
+    %i[ensure password settings].each do |prop|
+      it "has a #{prop} property" do
+        expect(described_class.attrtype(prop)).to eq(:property)
+      end
+    end
+
+    describe 'namevar validation' do
+      it 'has :service as its namevar' do
+        expect(described_class.key_attributes).to eq([:service])
+      end
+    end
+  end
+
+  describe 'when validating values' do
+    describe 'ensure' do
+      it 'supports present as a value for ensure' do
+        expect do
+          described_class.new(
+            name: resource_name,
+            ensure: :present
+          )
+        end.not_to raise_error
+      end
+
+      it 'supports absent as a value for ensure' do
+        expect do
+          described_class.new(
+            name: resource_name,
+            ensure: :absent
+          )
+        end.not_to raise_error
+      end
+
+      it 'does not support other values' do
+        expect do
+          described_class.new(
+            name: resource_name,
+            ensure: :foo
+          )
+        end.to raise_error(Puppet::Error, %r{Invalid value})
+      end
+    end
+
+    describe 'settings' do
+      [{ 'node.name' => 'foo' }, ['node.name', 'node.data']].each do |setting|
+        it "accepts #{setting.class}s" do
+          expect do
+            described_class.new(
+              name: resource_name,
+              settings: setting
+            )
+          end.not_to raise_error
+        end
+      end
+
+      describe 'insync' do
+        it 'only checks lists or hash key membership' do
+          expect(described_class.new(
+            name: resource_name,
+            settings: { 'node.name' => 'foo', 'node.data' => 'true' }
+          ).property(:settings).insync?(
+            { 'node.name' => 'foo', 'node.data' => 'true' }
+          )).to be true
+        end
+
+        context 'purge' do
+          it 'defaults to not purge values' do
+            expect(described_class.new(
+              name: resource_name,
+              settings: { 'node.name' => 'foo', 'node.data' => 'true' }
+            ).property(:settings).insync?(
+              { 'node.name' => 'foo', 'node.data' => 'true', 'node.attr.rack' => 'true' }
+            )).to be true
+          end
+
+          it 'respects the purge parameter' do
+            expect(described_class.new(
+              name: resource_name,
+              settings: { 'node.name' => 'foo', 'node.data' => 'true' },
+              purge: true
+            ).property(:settings).insync?(
+              { 'node.name' => 'foo', 'node.data' => 'true', 'node.attr.rack' => 'true' }
+            )).to be false
+          end
+        end
+      end
+    end
+  end
+end

From 751f659a998ba4dfa38095c26e7260dc0fb4e6e2 Mon Sep 17 00:00:00 2001
From: Louis Charreau <louis.charreau@vadesecure.com>
Date: Tue, 19 Dec 2023 22:08:01 +0100
Subject: [PATCH 04/33] Remove trailing whitespaces

---
 lib/puppet/provider/elastic_stack_keystore/ruby.rb | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/lib/puppet/provider/elastic_stack_keystore/ruby.rb b/lib/puppet/provider/elastic_stack_keystore/ruby.rb
index a4701f4..9a8708e 100644
--- a/lib/puppet/provider/elastic_stack_keystore/ruby.rb
+++ b/lib/puppet/provider/elastic_stack_keystore/ruby.rb
@@ -38,7 +38,7 @@ def self.elastic_keystore_password_file
     if keystore_env.empty?
       @elastic_keystore_password_file ||= "#{configdir('elasticsearch')}/.elasticsearch-keystore-password"
     else
-      @elastic_keystore_password_file ||= keystore_env 
+      @elastic_keystore_password_file ||= keystore_env
     end
   end
 
@@ -169,7 +169,7 @@ def self.configdir(service)
     dir = get_envvar(service, '(ES|KBN)_PATH_CONF')
     if dir.empty?
       File.join("/etc", service)
-    else      
+    else
       dir
     end
   end
@@ -261,7 +261,7 @@ def flush
       if resource[:purge]
         (@property_hash[:settings].keys.sort - @property_flush[:settings].keys.sort).each do |setting|
           debug(self.class.run_keystore(
-                  ['remove', setting], service 
+                  ['remove', setting], service
                 ))
         end
       end

From 809db6c5bd81f3f84375300a6f6b01490f7ff36f Mon Sep 17 00:00:00 2001
From: Louis Charreau <louis.charreau@vadesecure.com>
Date: Wed, 20 Dec 2023 09:05:09 +0100
Subject: [PATCH 05/33] Use single-quoted strings when possible

---
 .../provider/elastic_stack_keystore/ruby.rb   | 26 +++++++++----------
 lib/puppet/type/elastic_stack_keystore.rb     |  4 +--
 2 files changed, 15 insertions(+), 15 deletions(-)

diff --git a/lib/puppet/provider/elastic_stack_keystore/ruby.rb b/lib/puppet/provider/elastic_stack_keystore/ruby.rb
index 9a8708e..53d0819 100644
--- a/lib/puppet/provider/elastic_stack_keystore/ruby.rb
+++ b/lib/puppet/provider/elastic_stack_keystore/ruby.rb
@@ -75,17 +75,17 @@ def self.run_keystore(args, service, stdin = nil)
     }
 
     password = case service
-               when "elasticsearch"
+               when 'elasticsearch'
                  File.file?(elastic_keystore_password_file_bak) ? elastic_keystore_password_bak : elastic_keystore_password
                else
                  ''
                end
 
     cmd = [command("#{service}_keystore")]
-    if args[0] == "create" || args[0] == "has-passwd"
+    if args[0] == 'create' || args[0] == 'has-passwd'
       options[:failonfail] = false
       options[:combine] = true
-    elsif args[0] == "passwd"
+    elsif args[0] == 'passwd'
       options[:combine] = true
       if File.file?(elastic_keystore_password_file_bak)
         stdin = "#{elastic_keystore_password_bak}\n#{elastic_keystore_password}\n#{elastic_keystore_password}"
@@ -94,8 +94,8 @@ def self.run_keystore(args, service, stdin = nil)
       end
     end
 
-    if service == "elasticsearch"
-      unless args[0] == "passwd" || args[0] == "has-passwd"
+    if service == 'elasticsearch'
+      unless args[0] == 'passwd' || args[0] == 'has-passwd'
         if has_passwd?(service)
           unless password.strip.empty?
             if stdin.nil?
@@ -135,7 +135,7 @@ def self.present_keystores(configdir, service, password = '')
     keystore_file = File.join(configdir, "#{service}.keystore")
     if File.file?(keystore_file)
       current_password = case service
-                         when "elasticsearch"
+                         when 'elasticsearch'
                            if has_passwd?(service)
 			     File.file?(elastic_keystore_password_file_bak) ? elastic_keystore_password_bak : elastic_keystore_password(password.value)
                            else
@@ -147,7 +147,7 @@ def self.present_keystores(configdir, service, password = '')
                          end
       settings = {}
       run_keystore(['list'], service).split("\n").each do |setting|
-        if service == "kibana"
+        if service == 'kibana'
           settings[setting] = ''
         else
           settings[setting] = run_keystore(['show', setting], service)
@@ -168,7 +168,7 @@ def self.present_keystores(configdir, service, password = '')
   def self.configdir(service)
     dir = get_envvar(service, '(ES|KBN)_PATH_CONF')
     if dir.empty?
-      File.join("/etc", service)
+      File.join('/etc', service)
     else
       dir
     end
@@ -180,7 +180,7 @@ def self.get_envvar(service, env)
     if File.file?(defaults_file)
       File.readlines(defaults_file).each do |line|
         next if line =~ /^#/
-        key,value = line.split "="
+        key,value = line.split '='
         if key =~ /#{env}/
           val = value.gsub(/"/, '').strip
         end
@@ -252,7 +252,7 @@ def flush
           && @property_hash[:settings][setting] == value
 
         args = ['add', '--force']
-        args << '--stdin' if service == "kibana"
+        args << '--stdin' if service == 'kibana'
         args << setting
         debug(self.class.run_keystore(args, service, value))
       end
@@ -269,7 +269,7 @@ def flush
 
     keystore_settings = self.class.run_keystore(['list'], service).split("\n").each do |setting|
       settings = {}
-      if service == "kibana"
+      if service == 'kibana'
         settings[setting] = ''
       else
         settings[setting] = self.class.run_keystore(['show', setting], service)
@@ -277,8 +277,8 @@ def flush
       settings
     end
 
-    # if service == "elasticsearch" && @property_flush.key?(:password)
-    if service == "elasticsearch"
+    # if service == 'elasticsearch' && @property_flush.key?(:password)
+    if service == 'elasticsearch'
       # set and update keystore password if needed
       self.class.keystore_password_management(service)
       # unlink backup file containing keystore password (synced)
diff --git a/lib/puppet/type/elastic_stack_keystore.rb b/lib/puppet/type/elastic_stack_keystore.rb
index 3574971..7d4f687 100644
--- a/lib/puppet/type/elastic_stack_keystore.rb
+++ b/lib/puppet/type/elastic_stack_keystore.rb
@@ -67,13 +67,13 @@ def insync?(value)
     def is_to_s(value)
       debug("into is_to_s #{value}")
       # hide sensitive data
-      value.map { |k,v| [k, "xxxx"] }.to_h.inspect
+      value.map { |k,v| [k, 'xxxx'] }.to_h.inspect
     end
 
     def should_to_s(value)
       debug("into should_to_s #{value}")
       # hide sensitive data
-      value.map { |k,v| [k, "xxxx"] }.to_h.inspect
+      value.map { |k,v| [k, 'xxxx'] }.to_h.inspect
     end
 
     def change_to_s(currentvalue, newvalue)

From 541493567ad644a8f1168dcb607b39b3f9c81db6 Mon Sep 17 00:00:00 2001
From: Louis Charreau <louis.charreau@vadesecure.com>
Date: Wed, 20 Dec 2023 09:06:33 +0100
Subject: [PATCH 06/33] Replace the legacy fact `osfamily` (deprecated) by the
 nested `os.family`

---
 lib/puppet/provider/elastic_stack_keystore/ruby.rb | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/lib/puppet/provider/elastic_stack_keystore/ruby.rb b/lib/puppet/provider/elastic_stack_keystore/ruby.rb
index 53d0819..4ea4f3c 100644
--- a/lib/puppet/provider/elastic_stack_keystore/ruby.rb
+++ b/lib/puppet/provider/elastic_stack_keystore/ruby.rb
@@ -8,7 +8,7 @@
   mk_resource_methods
 
   def self.defaults_dir
-    @defaults_dir ||= case Facter.value('osfamily')
+    @defaults_dir ||= case #{Facter.value(:os)['family']} 
                       when 'RedHat'
                         '/etc/sysconfig'
                       else
@@ -17,7 +17,7 @@ def self.defaults_dir
   end
 
   def self.root_dir
-    @root_dir ||= case Facter.value('osfamily')
+    @root_dir ||= case #{Facter.value(:os)['family']} 
                   when 'OpenBSD'
                     '/usr/local'
                   else

From c49f5f11e240210f075ba637210ed95134e75f17 Mon Sep 17 00:00:00 2001
From: Louis Charreau <louis.charreau@vadesecure.com>
Date: Wed, 20 Dec 2023 09:08:50 +0100
Subject: [PATCH 07/33] Add space after comma

---
 lib/puppet/type/elastic_stack_keystore.rb | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/lib/puppet/type/elastic_stack_keystore.rb b/lib/puppet/type/elastic_stack_keystore.rb
index 7d4f687..6d29cfc 100644
--- a/lib/puppet/type/elastic_stack_keystore.rb
+++ b/lib/puppet/type/elastic_stack_keystore.rb
@@ -91,7 +91,7 @@ def change_to_s(currentvalue, newvalue)
                end
       end
 
-      changed = newvalue.map { |k,v| currentvalue[k] == v ? nil : k }.compact
+      changed = newvalue.map { |k, v| currentvalue[k] == v ? nil : k }.compact
       ret << "changed: #{changed.join(', ')}" unless changed.empty?
 
       ret

From da4fc038489234376c805ccc260d68e5aaa8e894 Mon Sep 17 00:00:00 2001
From: Louis Charreau <louis.charreau@vadesecure.com>
Date: Wed, 20 Dec 2023 09:09:39 +0100
Subject: [PATCH 08/33] Add space after comma

---
 lib/puppet/type/elastic_stack_keystore.rb | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/lib/puppet/type/elastic_stack_keystore.rb b/lib/puppet/type/elastic_stack_keystore.rb
index 6d29cfc..ebb84fb 100644
--- a/lib/puppet/type/elastic_stack_keystore.rb
+++ b/lib/puppet/type/elastic_stack_keystore.rb
@@ -67,13 +67,13 @@ def insync?(value)
     def is_to_s(value)
       debug("into is_to_s #{value}")
       # hide sensitive data
-      value.map { |k,v| [k, 'xxxx'] }.to_h.inspect
+      value.map { |k, v| [k, 'xxxx'] }.to_h.inspect
     end
 
     def should_to_s(value)
       debug("into should_to_s #{value}")
       # hide sensitive data
-      value.map { |k,v| [k, 'xxxx'] }.to_h.inspect
+      value.map { |k, v| [k, 'xxxx'] }.to_h.inspect
     end
 
     def change_to_s(currentvalue, newvalue)

From 6e1ad26260931402ce5bd87df4eb0f8dc441ca41 Mon Sep 17 00:00:00 2001
From: Louis Charreau <louis.charreau@vadesecure.com>
Date: Wed, 20 Dec 2023 09:10:47 +0100
Subject: [PATCH 09/33] Remove useless comment

---
 lib/puppet/type/elastic_stack_keystore.rb | 1 -
 1 file changed, 1 deletion(-)

diff --git a/lib/puppet/type/elastic_stack_keystore.rb b/lib/puppet/type/elastic_stack_keystore.rb
index ebb84fb..3bab4a5 100644
--- a/lib/puppet/type/elastic_stack_keystore.rb
+++ b/lib/puppet/type/elastic_stack_keystore.rb
@@ -51,7 +51,6 @@ def insync?(value)
         end
       else
         if resource[:purge]
-          #value.sort == @should.first.keys.sort
           value == @should.first
         else
           if (@should.first.keys.sort - value.keys.sort).empty?

From b4250f763acebfdf3fb2627e41c492feaff27aff Mon Sep 17 00:00:00 2001
From: Louis Charreau <louis.charreau@vadesecure.com>
Date: Wed, 20 Dec 2023 09:43:47 +0100
Subject: [PATCH 10/33] Fix typo error

---
 lib/puppet/provider/elastic_stack_keystore/ruby.rb | 10 +++-------
 1 file changed, 3 insertions(+), 7 deletions(-)

diff --git a/lib/puppet/provider/elastic_stack_keystore/ruby.rb b/lib/puppet/provider/elastic_stack_keystore/ruby.rb
index 4ea4f3c..3ac7b7e 100644
--- a/lib/puppet/provider/elastic_stack_keystore/ruby.rb
+++ b/lib/puppet/provider/elastic_stack_keystore/ruby.rb
@@ -8,7 +8,7 @@
   mk_resource_methods
 
   def self.defaults_dir
-    @defaults_dir ||= case #{Facter.value(:os)['family']} 
+    @defaults_dir ||= case Facter.value(:os)['family']
                       when 'RedHat'
                         '/etc/sysconfig'
                       else
@@ -17,7 +17,7 @@ def self.defaults_dir
   end
 
   def self.root_dir
-    @root_dir ||= case #{Facter.value(:os)['family']} 
+    @root_dir ||= case Facter.value(:os)['family']
                   when 'OpenBSD'
                     '/usr/local'
                   else
@@ -269,11 +269,7 @@ def flush
 
     keystore_settings = self.class.run_keystore(['list'], service).split("\n").each do |setting|
       settings = {}
-      if service == 'kibana'
-        settings[setting] = ''
-      else
-        settings[setting] = self.class.run_keystore(['show', setting], service)
-      end
+      settings[setting] = service == 'kibana' ? '' : self.class.run_keystore(['show', setting], service)
       settings
     end
 

From 3cfb0d2715f999c9aab8efbc5211cac1a1f7e288 Mon Sep 17 00:00:00 2001
From: Louis Charreau <louis.charreau@vadesecure.com>
Date: Wed, 20 Dec 2023 09:46:14 +0100
Subject: [PATCH 11/33] Add space missing after comma

---
 lib/puppet/provider/elastic_stack_keystore/ruby.rb | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/lib/puppet/provider/elastic_stack_keystore/ruby.rb b/lib/puppet/provider/elastic_stack_keystore/ruby.rb
index 3ac7b7e..d2f50db 100644
--- a/lib/puppet/provider/elastic_stack_keystore/ruby.rb
+++ b/lib/puppet/provider/elastic_stack_keystore/ruby.rb
@@ -180,7 +180,7 @@ def self.get_envvar(service, env)
     if File.file?(defaults_file)
       File.readlines(defaults_file).each do |line|
         next if line =~ /^#/
-        key,value = line.split '='
+        key, value = line.split '='
         if key =~ /#{env}/
           val = value.gsub(/"/, '').strip
         end
@@ -191,7 +191,7 @@ def self.get_envvar(service, env)
 
   def self.instances(password = '')
     keystores = []
-    ['kibana','elasticsearch'].each do |service|
+    ['kibana', 'elasticsearch'].each do |service|
       keystores = keystores.concat(present_keystores(configdir(service), service, password))
     end
     keystores.map do |keystore|

From 3bcf5bce867daaa5faef99ab013a0a5449d77296 Mon Sep 17 00:00:00 2001
From: Louis Charreau <louis.charreau@vadesecure.com>
Date: Wed, 20 Dec 2023 10:23:41 +0100
Subject: [PATCH 12/33] Use _ to indicate that the var won't be used

---
 lib/puppet/type/elastic_stack_keystore.rb | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/lib/puppet/type/elastic_stack_keystore.rb b/lib/puppet/type/elastic_stack_keystore.rb
index 3bab4a5..394b94d 100644
--- a/lib/puppet/type/elastic_stack_keystore.rb
+++ b/lib/puppet/type/elastic_stack_keystore.rb
@@ -66,13 +66,13 @@ def insync?(value)
     def is_to_s(value)
       debug("into is_to_s #{value}")
       # hide sensitive data
-      value.map { |k, v| [k, 'xxxx'] }.to_h.inspect
+      value.map { |k, _| [k, 'xxxx'] }.to_h.inspect
     end
 
     def should_to_s(value)
       debug("into should_to_s #{value}")
       # hide sensitive data
-      value.map { |k, v| [k, 'xxxx'] }.to_h.inspect
+      value.map { |k, _| [k, 'xxxx'] }.to_h.inspect
     end
 
     def change_to_s(currentvalue, newvalue)

From 594ec3ec65c8282de1704307554ef00946c20d74 Mon Sep 17 00:00:00 2001
From: Louis Charreau <louis.charreau@vadesecure.com>
Date: Wed, 20 Dec 2023 10:41:21 +0100
Subject: [PATCH 13/33] Convert if nested inside else to elsif

---
 lib/puppet/type/elastic_stack_keystore.rb | 10 ++++------
 1 file changed, 4 insertions(+), 6 deletions(-)

diff --git a/lib/puppet/type/elastic_stack_keystore.rb b/lib/puppet/type/elastic_stack_keystore.rb
index 394b94d..a281b56 100644
--- a/lib/puppet/type/elastic_stack_keystore.rb
+++ b/lib/puppet/type/elastic_stack_keystore.rb
@@ -52,13 +52,11 @@ def insync?(value)
       else
         if resource[:purge]
           value == @should.first
+        elsif (@should.first.keys.sort - value.keys.sort).empty?
+          # compare the values of keys in common
+          (@should.first.values.sort - value.values.sort).empty?
         else
-          if (@should.first.keys.sort - value.keys.sort).empty?
-            # compare the values of keys in common
-            (@should.first.values.sort - value.values.sort).empty?
-          else
-            false
-          end
+          false
         end
       end
     end

From 654d72e4ffb6d6e6fe2c6f014dfb6ec64bbf0b50 Mon Sep 17 00:00:00 2001
From: Louis Charreau <louis.charreau@vadesecure.com>
Date: Wed, 20 Dec 2023 11:57:02 +0100
Subject: [PATCH 14/33] Pass a block to to_h instead of calling map.to_h

---
 lib/puppet/type/elastic_stack_keystore.rb | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/lib/puppet/type/elastic_stack_keystore.rb b/lib/puppet/type/elastic_stack_keystore.rb
index a281b56..99cfb13 100644
--- a/lib/puppet/type/elastic_stack_keystore.rb
+++ b/lib/puppet/type/elastic_stack_keystore.rb
@@ -64,13 +64,13 @@ def insync?(value)
     def is_to_s(value)
       debug("into is_to_s #{value}")
       # hide sensitive data
-      value.map { |k, _| [k, 'xxxx'] }.to_h.inspect
+      value.to_h { |k, _| [k, 'xxxx'] }.inspect
     end
 
     def should_to_s(value)
       debug("into should_to_s #{value}")
       # hide sensitive data
-      value.map { |k, _| [k, 'xxxx'] }.to_h.inspect
+      value.to_h { |k, _| [k, 'xxxx'] }.inspect
     end
 
     def change_to_s(currentvalue, newvalue)

From 7b21f30e9788e5a428eee25b880b45168c3ad269 Mon Sep 17 00:00:00 2001
From: Louis Charreau <louis.charreau@vadesecure.com>
Date: Wed, 20 Dec 2023 12:14:59 +0100
Subject: [PATCH 15/33] Use ternary operator in variable assignment and
 comparison

---
 lib/puppet/provider/elastic_stack_keystore/ruby.rb | 6 +-----
 1 file changed, 1 insertion(+), 5 deletions(-)

diff --git a/lib/puppet/provider/elastic_stack_keystore/ruby.rb b/lib/puppet/provider/elastic_stack_keystore/ruby.rb
index d2f50db..8bccab2 100644
--- a/lib/puppet/provider/elastic_stack_keystore/ruby.rb
+++ b/lib/puppet/provider/elastic_stack_keystore/ruby.rb
@@ -35,11 +35,7 @@ def self.home_dir_elasticsearch
 
   def self.elastic_keystore_password_file
     keystore_env = get_envvar('elasticsearch', 'ES_KEYSTORE_PASSPHRASE_FILE')
-    if keystore_env.empty?
-      @elastic_keystore_password_file ||= "#{configdir('elasticsearch')}/.elasticsearch-keystore-password"
-    else
-      @elastic_keystore_password_file ||= keystore_env
-    end
+    @elastic_keystore_password_file ||= keystore_env.empty? ? "#{configdir('elasticsearch')}/.elasticsearch-keystore-password" : keystore_env
   end
 
   def self.elastic_keystore_password(password = '')

From 6daac95484d7b6ad78f719d540c7c93bfa563f56 Mon Sep 17 00:00:00 2001
From: Louis Charreau <louis.charreau@vadesecure.com>
Date: Wed, 20 Dec 2023 12:19:02 +0100
Subject: [PATCH 16/33] Do not interpolate string

---
 lib/puppet/provider/elastic_stack_keystore/ruby.rb | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/lib/puppet/provider/elastic_stack_keystore/ruby.rb b/lib/puppet/provider/elastic_stack_keystore/ruby.rb
index 8bccab2..b662c79 100644
--- a/lib/puppet/provider/elastic_stack_keystore/ruby.rb
+++ b/lib/puppet/provider/elastic_stack_keystore/ruby.rb
@@ -95,7 +95,7 @@ def self.run_keystore(args, service, stdin = nil)
         if has_passwd?(service)
           unless password.strip.empty?
             if stdin.nil?
-              stdin = "#{password}"
+              stdin = password
             else
               stdin = "#{password}\n#{stdin}"
             end

From 1ab124401090f343a5370ec7a1e5bced97d26f63 Mon Sep 17 00:00:00 2001
From: Louis Charreau <louis.charreau@vadesecure.com>
Date: Wed, 20 Dec 2023 12:24:02 +0100
Subject: [PATCH 17/33] Remove tabs

---
 lib/puppet/provider/elastic_stack_keystore/ruby.rb | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/lib/puppet/provider/elastic_stack_keystore/ruby.rb b/lib/puppet/provider/elastic_stack_keystore/ruby.rb
index b662c79..a69e192 100644
--- a/lib/puppet/provider/elastic_stack_keystore/ruby.rb
+++ b/lib/puppet/provider/elastic_stack_keystore/ruby.rb
@@ -133,9 +133,9 @@ def self.present_keystores(configdir, service, password = '')
       current_password = case service
                          when 'elasticsearch'
                            if has_passwd?(service)
-			     File.file?(elastic_keystore_password_file_bak) ? elastic_keystore_password_bak : elastic_keystore_password(password.value)
+                             File.file?(elastic_keystore_password_file_bak) ? elastic_keystore_password_bak : elastic_keystore_password(password.value)
                            else
-			     elastic_keystore_password(password.value)
+                             elastic_keystore_password(password.value)
                              ''
                            end
                          else

From fad2d79712d9545477edab763e554777f7a51f12 Mon Sep 17 00:00:00 2001
From: Louis Charreau <louis.charreau@vadesecure.com>
Date: Wed, 20 Dec 2023 12:26:16 +0100
Subject: [PATCH 18/33] Rename has_passwd? to passwd?

---
 lib/puppet/provider/elastic_stack_keystore/ruby.rb | 8 ++++----
 1 file changed, 4 insertions(+), 4 deletions(-)

diff --git a/lib/puppet/provider/elastic_stack_keystore/ruby.rb b/lib/puppet/provider/elastic_stack_keystore/ruby.rb
index a69e192..817fdf0 100644
--- a/lib/puppet/provider/elastic_stack_keystore/ruby.rb
+++ b/lib/puppet/provider/elastic_stack_keystore/ruby.rb
@@ -92,7 +92,7 @@ def self.run_keystore(args, service, stdin = nil)
 
     if service == 'elasticsearch'
       unless args[0] == 'passwd' || args[0] == 'has-passwd'
-        if has_passwd?(service)
+        if passwd?(service)
           unless password.strip.empty?
             if stdin.nil?
               stdin = password
@@ -132,7 +132,7 @@ def self.present_keystores(configdir, service, password = '')
     if File.file?(keystore_file)
       current_password = case service
                          when 'elasticsearch'
-                           if has_passwd?(service)
+                           if passwd?(service)
                              File.file?(elastic_keystore_password_file_bak) ? elastic_keystore_password_bak : elastic_keystore_password(password.value)
                            else
                              elastic_keystore_password(password.value)
@@ -195,13 +195,13 @@ def self.instances(password = '')
     end
   end
 
-  def self.has_passwd?(service)
+  def self.passwd?(service)
     has_passwd = run_keystore(['has-passwd'], service).split("\n").last
     has_passwd.match? /^Keystore is password-protected/
   end
 
   def self.keystore_password_management(service)
-    if has_passwd?(service)
+    if passwd?(service)
       unless elastic_keystore_password_bak.strip.empty?
         run_keystore(['passwd'], service) if elastic_keystore_password != elastic_keystore_password_bak
       end

From 22b0820a0bab8f5032207e92fb579075d3748a3c Mon Sep 17 00:00:00 2001
From: Louis Charreau <louis.charreau@vadesecure.com>
Date: Wed, 20 Dec 2023 12:27:39 +0100
Subject: [PATCH 19/33] Use %w for an array of words

---
 lib/puppet/provider/elastic_stack_keystore/ruby.rb | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/lib/puppet/provider/elastic_stack_keystore/ruby.rb b/lib/puppet/provider/elastic_stack_keystore/ruby.rb
index 817fdf0..6be1b67 100644
--- a/lib/puppet/provider/elastic_stack_keystore/ruby.rb
+++ b/lib/puppet/provider/elastic_stack_keystore/ruby.rb
@@ -187,7 +187,7 @@ def self.get_envvar(service, env)
 
   def self.instances(password = '')
     keystores = []
-    ['kibana', 'elasticsearch'].each do |service|
+    %w[kibana elasticsearch].each do |service|
       keystores = keystores.concat(present_keystores(configdir(service), service, password))
     end
     keystores.map do |keystore|

From b8c48ebf683907dea12320a10aa0dadea2a7c7f4 Mon Sep 17 00:00:00 2001
From: Louis Charreau <louis.charreau@vadesecure.com>
Date: Wed, 20 Dec 2023 12:28:22 +0100
Subject: [PATCH 20/33] Redundant self assignment detected. Method concat
 modifies its receiver in place.

---
 lib/puppet/provider/elastic_stack_keystore/ruby.rb | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/lib/puppet/provider/elastic_stack_keystore/ruby.rb b/lib/puppet/provider/elastic_stack_keystore/ruby.rb
index 6be1b67..1480973 100644
--- a/lib/puppet/provider/elastic_stack_keystore/ruby.rb
+++ b/lib/puppet/provider/elastic_stack_keystore/ruby.rb
@@ -188,7 +188,7 @@ def self.get_envvar(service, env)
   def self.instances(password = '')
     keystores = []
     %w[kibana elasticsearch].each do |service|
-      keystores = keystores.concat(present_keystores(configdir(service), service, password))
+      keystores.concat(present_keystores(configdir(service), service, password))
     end
     keystores.map do |keystore|
       new keystore

From 0fb187b572528c7c0a05b89c69463c42c9e87d4a Mon Sep 17 00:00:00 2001
From: Louis Charreau <louis.charreau@vadesecure.com>
Date: Wed, 20 Dec 2023 14:24:11 +0100
Subject: [PATCH 21/33] Simplify with a ternary operator

---
 lib/puppet/provider/elastic_stack_keystore/ruby.rb | 6 +-----
 1 file changed, 1 insertion(+), 5 deletions(-)

diff --git a/lib/puppet/provider/elastic_stack_keystore/ruby.rb b/lib/puppet/provider/elastic_stack_keystore/ruby.rb
index 1480973..90a7f36 100644
--- a/lib/puppet/provider/elastic_stack_keystore/ruby.rb
+++ b/lib/puppet/provider/elastic_stack_keystore/ruby.rb
@@ -51,11 +51,7 @@ def self.elastic_keystore_password_file_bak
   end
 
   def self.elastic_keystore_password_bak
-    if File.file?(elastic_keystore_password_file_bak)
-      @elastic_keystore_password_bak ||= File.open(elastic_keystore_password_file_bak, &:readline).strip
-    else
-      @elastic_keystore_password_bak ||= ''
-    end
+    @elastic_keystore_password_bak ||= File.file?(elastic_keystore_password_file_bak) ? File.open(elastic_keystore_password_file_bak, &:readline).strip : ''
   end
 
   attr_accessor :defaults_dir, :root_dir, :home_dir_kibana, :home_dir_elasticsearch, :elastic_keystore_password_file, :elastic_keystore_password, :elastic_keystore_password_file_bak, :elastic_keystore_password_bak

From 04caeb7deab847a149026dd311dec73f66915e1d Mon Sep 17 00:00:00 2001
From: Louis Charreau <louis.charreau@vadesecure.com>
Date: Wed, 20 Dec 2023 14:31:55 +0100
Subject: [PATCH 22/33] Use ternary operator to avoid if block

---
 lib/puppet/provider/elastic_stack_keystore/ruby.rb | 7 ++-----
 1 file changed, 2 insertions(+), 5 deletions(-)

diff --git a/lib/puppet/provider/elastic_stack_keystore/ruby.rb b/lib/puppet/provider/elastic_stack_keystore/ruby.rb
index 90a7f36..b011acb 100644
--- a/lib/puppet/provider/elastic_stack_keystore/ruby.rb
+++ b/lib/puppet/provider/elastic_stack_keystore/ruby.rb
@@ -79,11 +79,7 @@ def self.run_keystore(args, service, stdin = nil)
       options[:combine] = true
     elsif args[0] == 'passwd'
       options[:combine] = true
-      if File.file?(elastic_keystore_password_file_bak)
-        stdin = "#{elastic_keystore_password_bak}\n#{elastic_keystore_password}\n#{elastic_keystore_password}"
-      else
-        stdin = "#{elastic_keystore_password}\n#{elastic_keystore_password}"
-      end
+      stdin = File.file?(elastic_keystore_password_file_bak) ? "#{elastic_keystore_password_bak}\n#{elastic_keystore_password}\n#{elastic_keystore_password}" : "#{elastic_keystore_password}\n#{elastic_keystore_password}"
     end
 
     if service == 'elasticsearch'
@@ -172,6 +168,7 @@ def self.get_envvar(service, env)
     if File.file?(defaults_file)
       File.readlines(defaults_file).each do |line|
         next if line =~ /^#/
+
         key, value = line.split '='
         if key =~ /#{env}/
           val = value.gsub(/"/, '').strip

From 5bd9f68ec5e2b6f6c21dbca11486459b11a01e42 Mon Sep 17 00:00:00 2001
From: Louis Charreau <louis.charreau@vadesecure.com>
Date: Wed, 20 Dec 2023 15:03:14 +0100
Subject: [PATCH 23/33] Simplify with a single-line (`unless` statement)

---
 lib/puppet/provider/elastic_stack_keystore/ruby.rb | 4 +---
 1 file changed, 1 insertion(+), 3 deletions(-)

diff --git a/lib/puppet/provider/elastic_stack_keystore/ruby.rb b/lib/puppet/provider/elastic_stack_keystore/ruby.rb
index b011acb..a0511a7 100644
--- a/lib/puppet/provider/elastic_stack_keystore/ruby.rb
+++ b/lib/puppet/provider/elastic_stack_keystore/ruby.rb
@@ -195,9 +195,7 @@ def self.passwd?(service)
 
   def self.keystore_password_management(service)
     if passwd?(service)
-      unless elastic_keystore_password_bak.strip.empty?
-        run_keystore(['passwd'], service) if elastic_keystore_password != elastic_keystore_password_bak
-      end
+      run_keystore(['passwd'], service) unless elastic_keystore_password_bak.strip.empty? || elastic_keystore_password == elastic_keystore_password_bak
     else
       run_keystore(['passwd'], service) unless elastic_keystore_password.empty?
     end

From 78dd24157199d87621d413f0a0cb1df01873fe98 Mon Sep 17 00:00:00 2001
From: Louis Charreau <louis.charreau@vadesecure.com>
Date: Wed, 20 Dec 2023 15:54:13 +0100
Subject: [PATCH 24/33] Simplify if statement

---
 lib/puppet/provider/elastic_stack_keystore/ruby.rb | 12 +++---------
 1 file changed, 3 insertions(+), 9 deletions(-)

diff --git a/lib/puppet/provider/elastic_stack_keystore/ruby.rb b/lib/puppet/provider/elastic_stack_keystore/ruby.rb
index a0511a7..df8cbe0 100644
--- a/lib/puppet/provider/elastic_stack_keystore/ruby.rb
+++ b/lib/puppet/provider/elastic_stack_keystore/ruby.rb
@@ -84,14 +84,8 @@ def self.run_keystore(args, service, stdin = nil)
 
     if service == 'elasticsearch'
       unless args[0] == 'passwd' || args[0] == 'has-passwd'
-        if passwd?(service)
-          unless password.strip.empty?
-            if stdin.nil?
-              stdin = password
-            else
-              stdin = "#{password}\n#{stdin}"
-            end
-          end
+        if passwd?(service) && !password.strip.empty?
+          stdin = stdin.nil? ? password : "#{password}\n#{stdin}"
         end
       end
     end
@@ -190,7 +184,7 @@ def self.instances(password = '')
 
   def self.passwd?(service)
     has_passwd = run_keystore(['has-passwd'], service).split("\n").last
-    has_passwd.match? /^Keystore is password-protected/
+    has_passwd.match?(/^Keystore is password-protected/)
   end
 
   def self.keystore_password_management(service)

From 9a4f983edbed179ce80b4bbcb1d488381bcabc4a Mon Sep 17 00:00:00 2001
From: Louis Charreau <louis.charreau@vadesecure.com>
Date: Wed, 20 Dec 2023 16:01:31 +0100
Subject: [PATCH 25/33] Simplify if statement

---
 lib/puppet/provider/elastic_stack_keystore/ruby.rb | 4 +---
 1 file changed, 1 insertion(+), 3 deletions(-)

diff --git a/lib/puppet/provider/elastic_stack_keystore/ruby.rb b/lib/puppet/provider/elastic_stack_keystore/ruby.rb
index df8cbe0..b4b7bab 100644
--- a/lib/puppet/provider/elastic_stack_keystore/ruby.rb
+++ b/lib/puppet/provider/elastic_stack_keystore/ruby.rb
@@ -164,9 +164,7 @@ def self.get_envvar(service, env)
         next if line =~ /^#/
 
         key, value = line.split '='
-        if key =~ /#{env}/
-          val = value.gsub(/"/, '').strip
-        end
+        val = value.gsub(/"/, '').strip if key =~ /#{env}/
       end
     end
     val

From bfdc0065053781bc89c1c892d50d6708b935c676 Mon Sep 17 00:00:00 2001
From: Louis Charreau <louis.charreau@vadesecure.com>
Date: Wed, 20 Dec 2023 16:08:05 +0100
Subject: [PATCH 26/33] Simplify if statement using ternary operator

---
 lib/puppet/provider/elastic_stack_keystore/ruby.rb | 6 +-----
 1 file changed, 1 insertion(+), 5 deletions(-)

diff --git a/lib/puppet/provider/elastic_stack_keystore/ruby.rb b/lib/puppet/provider/elastic_stack_keystore/ruby.rb
index b4b7bab..3170ce4 100644
--- a/lib/puppet/provider/elastic_stack_keystore/ruby.rb
+++ b/lib/puppet/provider/elastic_stack_keystore/ruby.rb
@@ -129,11 +129,7 @@ def self.present_keystores(configdir, service, password = '')
                          end
       settings = {}
       run_keystore(['list'], service).split("\n").each do |setting|
-        if service == 'kibana'
-          settings[setting] = ''
-        else
-          settings[setting] = run_keystore(['show', setting], service)
-        end
+        settings[setting] = service == 'kibana' ? '' : run_keystore(['show', setting], service)
       end
       [{
         name: service,

From e5a950188b8745d21e26a2a16109441cfe5a1e72 Mon Sep 17 00:00:00 2001
From: Louis Charreau <louis.charreau@vadesecure.com>
Date: Wed, 20 Dec 2023 16:57:08 +0100
Subject: [PATCH 27/33] Use %r around regular expression

---
 lib/puppet/provider/elastic_stack_keystore/ruby.rb | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/lib/puppet/provider/elastic_stack_keystore/ruby.rb b/lib/puppet/provider/elastic_stack_keystore/ruby.rb
index 3170ce4..9c8814f 100644
--- a/lib/puppet/provider/elastic_stack_keystore/ruby.rb
+++ b/lib/puppet/provider/elastic_stack_keystore/ruby.rb
@@ -157,10 +157,10 @@ def self.get_envvar(service, env)
     val = ''
     if File.file?(defaults_file)
       File.readlines(defaults_file).each do |line|
-        next if line =~ /^#/
+        next if line =~ %r{^#}
 
         key, value = line.split '='
-        val = value.gsub(/"/, '').strip if key =~ /#{env}/
+        val = value.gsub(%r{"}, '').strip if key =~ %r{#{env}}
       end
     end
     val
@@ -178,7 +178,7 @@ def self.instances(password = '')
 
   def self.passwd?(service)
     has_passwd = run_keystore(['has-passwd'], service).split("\n").last
-    has_passwd.match?(/^Keystore is password-protected/)
+    has_passwd.match?(%r{^Keystore is password-protected})
   end
 
   def self.keystore_password_management(service)

From 0619a4eb86007c2ceef65f701b295f167450eaf5 Mon Sep 17 00:00:00 2001
From: Louis Charreau <louis.charreau@vadesecure.com>
Date: Wed, 20 Dec 2023 18:21:48 +0100
Subject: [PATCH 28/33] Merging nested conditions

---
 lib/puppet/provider/elastic_stack_keystore/ruby.rb | 14 +++++++-------
 1 file changed, 7 insertions(+), 7 deletions(-)

diff --git a/lib/puppet/provider/elastic_stack_keystore/ruby.rb b/lib/puppet/provider/elastic_stack_keystore/ruby.rb
index 9c8814f..d63fdd9 100644
--- a/lib/puppet/provider/elastic_stack_keystore/ruby.rb
+++ b/lib/puppet/provider/elastic_stack_keystore/ruby.rb
@@ -82,11 +82,9 @@ def self.run_keystore(args, service, stdin = nil)
       stdin = File.file?(elastic_keystore_password_file_bak) ? "#{elastic_keystore_password_bak}\n#{elastic_keystore_password}\n#{elastic_keystore_password}" : "#{elastic_keystore_password}\n#{elastic_keystore_password}"
     end
 
-    if service == 'elasticsearch'
-      unless args[0] == 'passwd' || args[0] == 'has-passwd'
-        if passwd?(service) && !password.strip.empty?
-          stdin = stdin.nil? ? password : "#{password}\n#{stdin}"
-        end
+    unless args[0] == 'passwd' || args[0] == 'has-passwd'
+      if service == 'elasticsearch' && passwd?(service) && !password.strip.empty?
+        stdin = stdin.nil? ? password : "#{password}\n#{stdin}"
       end
     end
 
@@ -118,8 +116,10 @@ def self.present_keystores(configdir, service, password = '')
     if File.file?(keystore_file)
       current_password = case service
                          when 'elasticsearch'
-                           if passwd?(service)
-                             File.file?(elastic_keystore_password_file_bak) ? elastic_keystore_password_bak : elastic_keystore_password(password.value)
+                           if passwd?(service) && File.file?(elastic_keystore_password_file_bak)
+                             elastic_keystore_password_bak
+                           elsif passwd?(service)
+                             elastic_keystore_password(password.value)
                            else
                              elastic_keystore_password(password.value)
                              ''

From b3221918f67576f62a9bb0de7d480f8241c99f17 Mon Sep 17 00:00:00 2001
From: Louis Charreau <louis.charreau@vadesecure.com>
Date: Wed, 20 Dec 2023 18:29:19 +0100
Subject: [PATCH 29/33] Merging nested conditions into outer unless conditions

---
 lib/puppet/provider/elastic_stack_keystore/ruby.rb | 6 ++----
 1 file changed, 2 insertions(+), 4 deletions(-)

diff --git a/lib/puppet/provider/elastic_stack_keystore/ruby.rb b/lib/puppet/provider/elastic_stack_keystore/ruby.rb
index d63fdd9..6150b46 100644
--- a/lib/puppet/provider/elastic_stack_keystore/ruby.rb
+++ b/lib/puppet/provider/elastic_stack_keystore/ruby.rb
@@ -82,10 +82,8 @@ def self.run_keystore(args, service, stdin = nil)
       stdin = File.file?(elastic_keystore_password_file_bak) ? "#{elastic_keystore_password_bak}\n#{elastic_keystore_password}\n#{elastic_keystore_password}" : "#{elastic_keystore_password}\n#{elastic_keystore_password}"
     end
 
-    unless args[0] == 'passwd' || args[0] == 'has-passwd'
-      if service == 'elasticsearch' && passwd?(service) && !password.strip.empty?
-        stdin = stdin.nil? ? password : "#{password}\n#{stdin}"
-      end
+    if service == 'elasticsearch' && passwd?(service) && !password.strip.empty? && args[0] != 'passwd' && args[0] != 'has-passwd'
+      stdin = stdin.nil? ? password : "#{password}\n#{stdin}"
     end
 
     unless stdin.nil?

From f7f4935cadc4b48cc33be722899bea0f2e8b7864 Mon Sep 17 00:00:00 2001
From: Louis Charreau <louis.charreau@vadesecure.com>
Date: Wed, 20 Dec 2023 19:13:29 +0100
Subject: [PATCH 30/33] Fix error when running Puppet: "stack level too deep"

---
 lib/puppet/provider/elastic_stack_keystore/ruby.rb | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/lib/puppet/provider/elastic_stack_keystore/ruby.rb b/lib/puppet/provider/elastic_stack_keystore/ruby.rb
index 6150b46..4ae15b6 100644
--- a/lib/puppet/provider/elastic_stack_keystore/ruby.rb
+++ b/lib/puppet/provider/elastic_stack_keystore/ruby.rb
@@ -82,7 +82,7 @@ def self.run_keystore(args, service, stdin = nil)
       stdin = File.file?(elastic_keystore_password_file_bak) ? "#{elastic_keystore_password_bak}\n#{elastic_keystore_password}\n#{elastic_keystore_password}" : "#{elastic_keystore_password}\n#{elastic_keystore_password}"
     end
 
-    if service == 'elasticsearch' && passwd?(service) && !password.strip.empty? && args[0] != 'passwd' && args[0] != 'has-passwd'
+    unless args[0] == 'passwd' || args[0] == 'has-passwd'
       stdin = stdin.nil? ? password : "#{password}\n#{stdin}"
     end
 

From fb62c40d2fdad70ffb9575acc26e37da10aac2df Mon Sep 17 00:00:00 2001
From: Louis Charreau <louis.charreau@vadesecure.com>
Date: Wed, 20 Dec 2023 19:19:42 +0100
Subject: [PATCH 31/33] Convert if nested inside else to elsif

---
 lib/puppet/type/elastic_stack_keystore.rb | 14 ++++++--------
 1 file changed, 6 insertions(+), 8 deletions(-)

diff --git a/lib/puppet/type/elastic_stack_keystore.rb b/lib/puppet/type/elastic_stack_keystore.rb
index 99cfb13..783d26b 100644
--- a/lib/puppet/type/elastic_stack_keystore.rb
+++ b/lib/puppet/type/elastic_stack_keystore.rb
@@ -49,15 +49,13 @@ def insync?(value)
         else
           (@should.first.keys.sort - value.keys.sort).empty?
         end
+      elsif resource[:purge]
+        value == @should.first
+      elsif (@should.first.keys.sort - value.keys.sort).empty?
+        # compare the values of keys in common
+        (@should.first.values.sort - value.values.sort).empty?
       else
-        if resource[:purge]
-          value == @should.first
-        elsif (@should.first.keys.sort - value.keys.sort).empty?
-          # compare the values of keys in common
-          (@should.first.values.sort - value.values.sort).empty?
-        else
-          false
-        end
+        false
       end
     end
 

From 2ff3981bed711ea071a2321734ebcd31e9b6f14e Mon Sep 17 00:00:00 2001
From: Louis Charreau <louis.charreau@vadesecure.com>
Date: Wed, 20 Dec 2023 19:27:18 +0100
Subject: [PATCH 32/33] Fix variable `settings` used in void context

---
 lib/puppet/provider/elastic_stack_keystore/ruby.rb | 7 +++----
 1 file changed, 3 insertions(+), 4 deletions(-)

diff --git a/lib/puppet/provider/elastic_stack_keystore/ruby.rb b/lib/puppet/provider/elastic_stack_keystore/ruby.rb
index 4ae15b6..cdf890b 100644
--- a/lib/puppet/provider/elastic_stack_keystore/ruby.rb
+++ b/lib/puppet/provider/elastic_stack_keystore/ruby.rb
@@ -240,10 +240,9 @@ def flush
       end
     end
 
-    keystore_settings = self.class.run_keystore(['list'], service).split("\n").each do |setting|
-      settings = {}
-      settings[setting] = service == 'kibana' ? '' : self.class.run_keystore(['show', setting], service)
-      settings
+    keystore_settings = {}
+    self.class.run_keystore(['list'], service).split("\n").each do |setting|
+      keystore_settings[setting] = service == 'kibana' ? '' : self.class.run_keystore(['show', setting], service)
     end
 
     # if service == 'elasticsearch' && @property_flush.key?(:password)

From a39018375dd98205ba85096ba56c180ae5e2fb76 Mon Sep 17 00:00:00 2001
From: Louis Charreau <louis.charreau@vadesecure.com>
Date: Wed, 20 Dec 2023 19:39:47 +0100
Subject: [PATCH 33/33] Require `spec_helper` (instead of `spec_helper_rspec`)

---
 spec/unit/type/elastic_stack_keystore_spec.rb | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/spec/unit/type/elastic_stack_keystore_spec.rb b/spec/unit/type/elastic_stack_keystore_spec.rb
index fde942f..581763d 100644
--- a/spec/unit/type/elastic_stack_keystore_spec.rb
+++ b/spec/unit/type/elastic_stack_keystore_spec.rb
@@ -1,6 +1,6 @@
 # frozen_string_literal: true
 
-require 'spec_helper_rspec'
+require 'spec_helper'
 require 'facter'
 
 describe Puppet::Type.type(:elastic_stack_keystore) do