Use contain to declare classes to allow relationships

[stdietrich]

This allows to create relationships between external classes and this class.

Given the following snippet to create and configure a new subpolicy:

class {'crypto_policies':
  policy => 'DEFAULT:OPENSSL-SHA1',
}

file { '/etc/crypto-policies/policies/modules/OPENSSL-SHA1.pmod':
  ensure  => file,
  owner   => 'root',
  group   => 'root',
  mode    => '0644',
  content => "hash@openssl = SHA1+\n",
  notify  => Class['crypto_policies'],
}

It won't be executed in the right order despite the notify. crypto_policies::config is executed before and fails, as the subpolicy file does not yet exist:

Notice: /Stage[main]/Crypto_policies::Config/File[/etc/crypto-policies/config]/content:
Notice: /Stage[main]/Crypto_policies::Config/File[/etc/crypto-policies/config]/content: content changed '{sha256}024afa580cbbb917b9025477ee299b1bdeb6dd7019c47304dd054d9d1fd85bb7' to '{sha256}42368cb1e9aca1bef5cb03f59ebd70399b8ff1f0d131ba7d513dd2789091cea3'
Info: /Stage[main]/Crypto_policies::Config/File[/etc/crypto-policies/config]: Scheduling refresh of Exec[update-crypto-policies]
Notice: /Stage[main]/Crypto_policies::Config/Exec[update-crypto-policies]/returns: Unknown policy `OPENSSL-SHA1`: file `OPENSSL-SHA1.pmod` not found in (., policies/modules, /etc/crypto-policies/policies/modules, /usr/share/crypto-policies/policies/modules)
Error: /Stage[main]/Crypto_policies::Config/Exec[update-crypto-policies]: Failed to call refresh: 'update-crypto-policies' returned 1 instead of one of [0]
Error: /Stage[main]/Crypto_policies::Config/Exec[update-crypto-policies]: 'update-crypto-policies' returned 1 instead of one of [0]
Info: Class[Crypto_policies::Config]: Unscheduling all events on Class[Crypto_policies::Config]
Notice: /Stage[main]/Main/File[/etc/crypto-policies/policies/modules/OPENSSL-SHA1.pmod]/ensure: defined content as '{sha256}59aa8744c5d112fc8a6e49c50a040023758d35886898c96c4463eedbd1bbc1ab'
Info: /Stage[main]/Main/File[/etc/crypto-policies/policies/modules/OPENSSL-SHA1.pmod]: Scheduling refresh of Class[Crypto_policies]
Info: Stage[main]: Unscheduling all events on Stage[main]

With contain, classes are contained and relationships work:

Notice: /Stage[main]/Main/File[/etc/crypto-policies/policies/modules/OPENSSL-SHA1.pmod]/ensure: defined content as '{sha256}59aa8744c5d112fc8a6e49c50a040023758d35886898c96c4463eedbd1bbc1ab'
Info: /Stage[main]/Main/File[/etc/crypto-policies/policies/modules/OPENSSL-SHA1.pmod]: Scheduling refresh of Class[Crypto_policies]
Info: Class[Crypto_policies]: Scheduling refresh of Class[Crypto_policies::Install]
Info: Class[Crypto_policies]: Scheduling refresh of Class[Crypto_policies::Config]
Info: Class[Crypto_policies::Install]: Scheduling refresh of Package[crypto-policies]
Notice: /Stage[main]/Crypto_policies::Install/Package[crypto-policies]: Triggered 'refresh' from 1 event
Info: Class[Crypto_policies::Install]: Scheduling refresh of Class[Crypto_policies::Config]
Info: Class[Crypto_policies::Config]: Scheduling refresh of Exec[update-crypto-policies]
Notice: /Stage[main]/Crypto_policies::Config/File[/etc/crypto-policies/config]/content:
Notice: /Stage[main]/Crypto_policies::Config/File[/etc/crypto-policies/config]/content: content changed '{sha256}024afa580cbbb917b9025477ee299b1bdeb6dd7019c47304dd054d9d1fd85bb7' to '{sha256}42368cb1e9aca1bef5cb03f59ebd70399b8ff1f0d131ba7d513dd2789091cea3'
Info: /Stage[main]/Crypto_policies::Config/File[/etc/crypto-policies/config]: Scheduling refresh of Exec[update-crypto-policies]
Notice: /Stage[main]/Crypto_policies::Config/Exec[update-crypto-policies]: Triggered 'refresh' from 2 events

An alternative would be to use notify => Class['crypto_policies::config'], but I consider the config class as private.
Swapping class and file declaration order would make it dependent on parse-order.

[traylenator]

Agreed this would be a good change.