Skip to content

Commit

Permalink
Makes kombu_ssl_* parameters optional when rabbit_use_ssl => true
Browse files Browse the repository at this point in the history
The kombu_ssl_* parameters should not be required when rabbit_use_ssl => true
Rather, rabbit_use_ssl must be set to true if the kombu_ssl_* parameters are
used.

Change-Id: Ia3d71eaccdfb736068478b935e5be46719eb49db
Closes-Bug: 1356083
(cherry picked from commit 141e65a)
  • Loading branch information
Mike Dorman committed Sep 26, 2014
1 parent d789504 commit d747955
Show file tree
Hide file tree
Showing 2 changed files with 83 additions and 32 deletions.
50 changes: 35 additions & 15 deletions manifests/init.pp
Original file line number Diff line number Diff line change
Expand Up @@ -252,16 +252,17 @@
fail('The ca_file parameter requires that use_ssl to be set to true')
}

if $rabbit_use_ssl {
if !$kombu_ssl_ca_certs {
fail('The kombu_ssl_ca_certs parameter is required when rabbit_use_ssl is set to true')
}
if !$kombu_ssl_certfile {
fail('The kombu_ssl_certfile parameter is required when rabbit_use_ssl is set to true')
}
if !$kombu_ssl_keyfile {
fail('The kombu_ssl_keyfile parameter is required when rabbit_use_ssl is set to true')
}
if $kombu_ssl_ca_certs and !$rabbit_use_ssl {
fail('The kombu_ssl_ca_certs parameter requires rabbit_use_ssl to be set to true')
}
if $kombu_ssl_certfile and !$rabbit_use_ssl {
fail('The kombu_ssl_certfile parameter requires rabbit_use_ssl to be set to true')
}
if $kombu_ssl_keyfile and !$rabbit_use_ssl {
fail('The kombu_ssl_keyfile parameter requires rabbit_use_ssl to be set to true')
}
if ($kombu_ssl_certfile and !$kombu_ssl_keyfile) or ($kombu_ssl_keyfile and !$kombu_ssl_certfile) {
fail('The kombu_ssl_certfile and kombu_ssl_keyfile parameters must be used together')
}

File {
Expand Down Expand Up @@ -354,12 +355,31 @@
}

if $rabbit_use_ssl {
neutron_config {
'DEFAULT/kombu_ssl_ca_certs': value => $kombu_ssl_ca_certs;
'DEFAULT/kombu_ssl_certfile': value => $kombu_ssl_certfile;
'DEFAULT/kombu_ssl_keyfile': value => $kombu_ssl_keyfile;
'DEFAULT/kombu_ssl_version': value => $kombu_ssl_version;

if $kombu_ssl_ca_certs {
neutron_config { 'DEFAULT/kombu_ssl_ca_certs': value => $kombu_ssl_ca_certs; }
} else {
neutron_config { 'DEFAULT/kombu_ssl_ca_certs': ensure => absent; }
}

if $kombu_ssl_certfile or $kombu_ssl_keyfile {
neutron_config {
'DEFAULT/kombu_ssl_certfile': value => $kombu_ssl_certfile;
'DEFAULT/kombu_ssl_keyfile': value => $kombu_ssl_keyfile;
}
} else {
neutron_config {
'DEFAULT/kombu_ssl_certfile': ensure => absent;
'DEFAULT/kombu_ssl_keyfile': ensure => absent;
}
}

if $kombu_ssl_version {
neutron_config { 'DEFAULT/kombu_ssl_version': value => $kombu_ssl_version; }
} else {
neutron_config { 'DEFAULT/kombu_ssl_version': ensure => absent; }
}

} else {
neutron_config {
'DEFAULT/kombu_ssl_ca_certs': ensure => absent;
Expand Down
65 changes: 48 additions & 17 deletions spec/classes/neutron_init_spec.rb
Original file line number Diff line number Diff line change
Expand Up @@ -49,9 +49,11 @@

end

it_configures 'with SSL enabled'
it_configures 'with SSL enabled with kombu'
it_configures 'with SSL enabled without kombu'
it_configures 'with SSL disabled'
it_configures 'with SSL wrongly configured'
it_configures 'with SSL and kombu wrongly configured'
it_configures 'with SSL socket options set'
it_configures 'with SSL socket options set with wrong parameters'
it_configures 'with SSL socket options set to false'
Expand Down Expand Up @@ -213,7 +215,7 @@
it { should contain_neutron_config('DEFAULT/use_syslog').with_value(false) }
end

shared_examples_for 'with SSL enabled' do
shared_examples_for 'with SSL enabled with kombu' do
before do
params.merge!(
:rabbit_use_ssl => true,
Expand All @@ -233,13 +235,26 @@
end
end

shared_examples_for 'with SSL enabled without kombu' do
before do
params.merge!(
:rabbit_use_ssl => true
)
end

it do
should contain_neutron_config('DEFAULT/rabbit_use_ssl').with_value('true')
should contain_neutron_config('DEFAULT/kombu_ssl_ca_certs').with_ensure('absent')
should contain_neutron_config('DEFAULT/kombu_ssl_certfile').with_ensure('absent')
should contain_neutron_config('DEFAULT/kombu_ssl_keyfile').with_ensure('absent')
should contain_neutron_config('DEFAULT/kombu_ssl_version').with_value('SSLv3')
end
end

shared_examples_for 'with SSL disabled' do
before do
params.merge!(
:rabbit_use_ssl => false,
:kombu_ssl_ca_certs => 'undef',
:kombu_ssl_certfile => 'undef',
:kombu_ssl_keyfile => 'undef',
:kombu_ssl_version => 'SSLv3'
)
end
Expand All @@ -256,28 +271,44 @@
shared_examples_for 'with SSL wrongly configured' do
before do
params.merge!(
:rabbit_use_ssl => true,
:kombu_ssl_ca_certs => 'undef',
:kombu_ssl_certfile => 'undef',
:kombu_ssl_keyfile => 'undef'
:rabbit_use_ssl => false
)
end

context 'without required parameters' do
context 'with SSL disabled' do

context 'with kombu_ssl_ca_certs parameter' do
before { params.merge!(:kombu_ssl_ca_certs => '/path/to/ssl/ca/certs') }
it_raises 'a Puppet::Error', /The kombu_ssl_ca_certs parameter requires rabbit_use_ssl to be set to true/
end

context 'without kombu_ssl_ca_certs parameter' do
before { params.delete(:kombu_ssl_ca_certs) }
it_raises 'a Puppet::Error', /The kombu_ssl_ca_certs parameter is required when rabbit_use_ssl is set to true/
context 'with kombu_ssl_certfile parameter' do
before { params.merge!(:kombu_ssl_certfile => '/path/to/ssl/cert/file') }
it_raises 'a Puppet::Error', /The kombu_ssl_certfile parameter requires rabbit_use_ssl to be set to true/
end

context 'without kombu_ssl_certfile parameter' do
before { params.delete(:kombu_ssl_certfile) }
it_raises 'a Puppet::Error', /The kombu_ssl_certfile parameter is required when rabbit_use_ssl is set to true/
context 'with kombu_ssl_keyfile parameter' do
before { params.merge!(:kombu_ssl_keyfile => '/path/to/ssl/keyfile') }
it_raises 'a Puppet::Error', /The kombu_ssl_keyfile parameter requires rabbit_use_ssl to be set to true/
end
end

end

shared_examples_for 'with SSL and kombu wrongly configured' do
before do
params.merge!(
:rabbit_use_ssl => true,
:kombu_ssl_certfile => '/path/to/ssl/cert/file',
:kombu_ssl_keyfile => '/path/to/ssl/keyfile'
)
end

context 'without required parameters' do

context 'without kombu_ssl_keyfile parameter' do
before { params.delete(:kombu_ssl_keyfile) }
it_raises 'a Puppet::Error', /The kombu_ssl_keyfile parameter is required when rabbit_use_ssl is set to true/
it_raises 'a Puppet::Error', /The kombu_ssl_certfile and kombu_ssl_keyfile parameters must be used together/
end
end

Expand Down

0 comments on commit d747955

Please sign in to comment.