From 448f8bc996b4e797ef463b1c2b89710374d9fd19 Mon Sep 17 00:00:00 2001
From: Chris Price <chris@puppetlabs.com>
Date: Wed, 16 Jan 2013 17:52:11 -0800
Subject: [PATCH 1/3] Fix deprecation warnings around manage_redhat_firewall

---
 manifests/init.pp            |  3 ++-
 manifests/params.pp          |  4 ++--
 manifests/server/firewall.pp | 12 +++++++++---
 3 files changed, 13 insertions(+), 6 deletions(-)

diff --git a/manifests/init.pp b/manifests/init.pp
index 9529824..cead445 100644
--- a/manifests/init.pp
+++ b/manifests/init.pp
@@ -89,7 +89,7 @@ class puppetdb(
   $confdir                   = $puppetdb::params::confdir
 ) inherits puppetdb::params {
 
-  if ($manage_redhat_firewall) {
+  if ($manage_redhat_firewall != undef) {
     notify {'Deprecation notice: `$manage_redhat_firewall` has been deprecated in `puppetdb` class and will be removed in a future versions. Use $open_ssl_listen_port and $open_postgres_port instead.':}
   }
 
@@ -117,6 +117,7 @@ class puppetdb(
       manage_redhat_firewall => $manage_redhat_firewall ? {
         true                 => $manage_redhat_firewall,
         false                => $open_postgres_port,
+        undef                => $open_postgres_port,
       },
       listen_addresses       => $postgres_listen_addresses,
       before                 => Class['puppetdb::server']
diff --git a/manifests/params.pp b/manifests/params.pp
index b01d692..bd964aa 100644
--- a/manifests/params.pp
+++ b/manifests/params.pp
@@ -16,7 +16,7 @@ class puppetdb::params {
   $open_listen_port          = false
   $ssl_listen_address        = $::clientcert
   $ssl_listen_port           = '8081'
-  $open_ssl_listen_port      = true
+  $open_ssl_listen_port      = undef
   $postgres_listen_addresses = 'localhost'
   $open_postgres_port        = true
 
@@ -32,7 +32,7 @@ class puppetdb::params {
   $puppetdb_version       = 'present'
 
   # TODO: figure out a way to make this not platform-specific
-  $manage_redhat_firewall = false
+  $manage_redhat_firewall = undef
 
   $gc_interval            = '60'
 
diff --git a/manifests/server/firewall.pp b/manifests/server/firewall.pp
index c0cfc39..8ff3985 100644
--- a/manifests/server/firewall.pp
+++ b/manifests/server/firewall.pp
@@ -11,10 +11,10 @@ class puppetdb::server::firewall(
   # TODO: the firewall module should be able to handle this itself
   if ($puppetdb::params::firewall_supported) {
 
-    if ($manage_redhat_firewall) {
+    if ($manage_redhat_firewall != undef) {
       notify {'Deprecation notice: `$manage_redhat_firewall` is deprecated in the `puppetdb::service::firewall` class and will be removed in a future version. Use `open_http_port` and `open_ssl_port` instead.':}
 
-      if ($open_ssl_port) {
+      if ($open_ssl_port != undef) {
         fail('`$manage_redhat_firewall` and `$open_ssl_port` cannot both be specified.')
       }
     }
@@ -42,7 +42,13 @@ class puppetdb::server::firewall(
         proto  => 'tcp',
         action => 'accept',
       }
-    } 
+    }
+
+    if ($open_ssl_port != undef) {
+      $final_open_ssl_port = $open_ssl_port
+    } else {
+      $final_open_ssl_port = true
+    }
 
     if ($open_ssl_port or $manage_redhat_firewall) {
       if ($ssl_port) {

From de20b441016a57402251821b0e8687672beedda0 Mon Sep 17 00:00:00 2001
From: Chris Price <chris@puppetlabs.com>
Date: Thu, 17 Jan 2013 09:56:01 -0800
Subject: [PATCH 2/3] Fix backward compatibility of `manage_redhat_firewall`
 parameter

Prior to this commit, the deprecated `manage_redhat_firewall` param
was not actually backward compatible because there were several
cases where we couldn't tell the difference between the user
explicitly specifying `false` for that parameter as opposed to
not specifying it at all.  This commit is a bit ugly because it
sets some defaults to `undef` in order to allow us to tell the
difference between the two cases, but it should resolve backwards
compatibility issues.
---
 manifests/database/postgresql.pp | 17 +++++++++++++++--
 manifests/init.pp                |  2 +-
 manifests/params.pp              | 14 +++++++++++++-
 manifests/server/firewall.pp     |  6 ++++++
 4 files changed, 35 insertions(+), 4 deletions(-)

diff --git a/manifests/database/postgresql.pp b/manifests/database/postgresql.pp
index c5c1685..0863d5a 100644
--- a/manifests/database/postgresql.pp
+++ b/manifests/database/postgresql.pp
@@ -34,16 +34,29 @@
 class puppetdb::database::postgresql(
   # TODO: expose more of the parameters from `inkling/postgresql`!
   $listen_addresses       = $puppetdb::params::database_host,
-  $manage_redhat_firewall = $puppetdb::params::manage_redhat_firewall,
+  $manage_redhat_firewall = $puppetdb::params::open_postgres_port,
 ) inherits puppetdb::params {
 
+  # This technically defaults to 'true', but in order to preserve backwards
+  # compatibility with the deprecated 'manage_redhat_firewall' parameter, we
+  # had to specify 'undef' as the default so that we could tell whether or
+  # not the user explicitly specified a value. Here's where we're resolving
+  # that and setting the 'real' default.  We should be able to get rid of
+  # this block when we remove `manage_redhat_firewall`.
+  if ($manage_redhat_firewall != undef) {
+    $final_manage_redhat_firewall = $manage_redhat_firewall
+  } else {
+    $final_manage_redhat_firewall = true
+  }
+
+
   # get the pg server up and running
   class { '::postgresql::server':
     config_hash => {
       # TODO: make this stuff configurable
       'ip_mask_allow_all_users' => '0.0.0.0/0',
       'listen_addresses'        => $listen_addresses,
-      'manage_redhat_firewall'  => $manage_redhat_firewall,
+      'manage_redhat_firewall'  => $final_manage_redhat_firewall,
     },
   }
 
diff --git a/manifests/init.pp b/manifests/init.pp
index cead445..20e5e2f 100644
--- a/manifests/init.pp
+++ b/manifests/init.pp
@@ -116,7 +116,7 @@ class puppetdb(
     class { 'puppetdb::database::postgresql':
       manage_redhat_firewall => $manage_redhat_firewall ? {
         true                 => $manage_redhat_firewall,
-        false                => $open_postgres_port,
+        false                => $manage_redhat_firewall,
         undef                => $open_postgres_port,
       },
       listen_addresses       => $postgres_listen_addresses,
diff --git a/manifests/params.pp b/manifests/params.pp
index bd964aa..eb7b241 100644
--- a/manifests/params.pp
+++ b/manifests/params.pp
@@ -16,9 +16,21 @@ class puppetdb::params {
   $open_listen_port          = false
   $ssl_listen_address        = $::clientcert
   $ssl_listen_port           = '8081'
+  # This technically defaults to 'true', but in order to preserve backwards
+  # compatibility with the deprecated 'manage_redhat_firewall' parameter, we
+  # need to specify 'undef' as the default so that we can tell whether or
+  # not the user explicitly specified a value.  See implementation in
+  # `firewall.pp`.  We should change this back to `true` when we get rid
+  # of `manage_redhat_firewall`.
   $open_ssl_listen_port      = undef
   $postgres_listen_addresses = 'localhost'
-  $open_postgres_port        = true
+  # This technically defaults to 'true', but in order to preserve backwards
+  # compatibility with the deprecated 'manage_redhat_firewall' parameter, we
+  # need to specify 'undef' as the default so that we can tell whether or
+  # not the user explicitly specified a value.  See implementation in
+  # `postgresql.pp`.  We should change this back to `true` when we get rid
+  # of `manage_redhat_firewall`.
+  $open_postgres_port        = undef
 
   $database                  = 'postgres'
 
diff --git a/manifests/server/firewall.pp b/manifests/server/firewall.pp
index 8ff3985..a377c1f 100644
--- a/manifests/server/firewall.pp
+++ b/manifests/server/firewall.pp
@@ -44,6 +44,12 @@ class puppetdb::server::firewall(
       }
     }
 
+    # This technically defaults to 'true', but in order to preserve backwards
+    # compatibility with the deprecated 'manage_redhat_firewall' parameter, we
+    # had to specify 'undef' as the default so that we could tell whether or
+    # not the user explicitly specified a value. Here's where we're resolving
+    # that and setting the 'real' default.  We should be able to get rid of
+    # this block when we remove `manage_redhat_firewall`.
     if ($open_ssl_port != undef) {
       $final_open_ssl_port = $open_ssl_port
     } else {

From d54f51ebea1ed1d11cc1fcff3c087ef76018bc7f Mon Sep 17 00:00:00 2001
From: Chris Price <chris@puppetlabs.com>
Date: Thu, 17 Jan 2013 10:11:46 -0800
Subject: [PATCH 3/3] Update Modulefile and CHANGELOG for 1.1.4 release

---
 CHANGELOG  | 13 +++++++++++++
 Modulefile |  2 +-
 2 files changed, 14 insertions(+), 1 deletion(-)

diff --git a/CHANGELOG b/CHANGELOG
index 966d032..c2f5361 100644
--- a/CHANGELOG
+++ b/CHANGELOG
@@ -1,3 +1,16 @@
+1.1.4
+========
+
+This is a bugfix release, mostly around fixing backward-compatibility for the
+deprecated `manage_redhat_firewall` parameter.  It wasn't actually entirely
+backwards-compatible in the 1.1.3 release.
+
+2013-01-17 - Chris Price <chris@puppetlabs.com>
+ * Fix backward compatibility of `manage_redhat_firewall` parameter (de20b44)
+
+2013-01-16 - Chris Price <chris@puppetlabs.com>
+ * Fix deprecation warnings around manage_redhat_firewall (448f8bc)
+
 1.1.3
 ========
 
diff --git a/Modulefile b/Modulefile
index 44516c8..b2aa3d6 100644
--- a/Modulefile
+++ b/Modulefile
@@ -1,5 +1,5 @@
 name 'puppetlabs-puppetdb'
-version '1.1.3'
+version '1.1.4'
 source 'git://github.com/puppetlabs-puppet/puppetlabs-puppetdb.git'
 author 'Puppet Labs'
 description 'PuppetDB resource types'