Skip to content

Commit

Permalink
Fail when ssl parameters are missing and rabbit_use_ssl is set to true
Browse files Browse the repository at this point in the history 
This commit causes the run to fail is rabbit_use_ssl parameter is set
to true but the ssl related parameters remains undef.

Change-Id: I3784839dca59a06c1155e845df5e62625ea668f0
  • Loading branch information
@Spredzy
Spredzy committed May 16, 2014
1 parent 0249428 commit 99bf46d
Show file tree
Hide file tree
Showing 2 changed files with 132 additions and 136 deletions.
39 changes: 17 additions & 22 deletions manifests/init.pp
View file
Original file line number Diff line number Diff line change
Expand Up @@ -299,6 +299,18 @@
warning('The nova_cluster_id parameter is deprecated and has no effect.')
}

if $rabbit_use_ssl {
if !$kombu_ssl_ca_certs {
fail('The kombu_ssl_ca_certs parameter is required when rabbit_use_ssl is set to true')
}
if !$kombu_ssl_certfile {
fail('The kombu_ssl_certfile parameter is required when rabbit_use_ssl is set to true')
}
if !$kombu_ssl_keyfile {
fail('The kombu_ssl_keyfile parameter is required when rabbit_use_ssl is set to true')
}
}

group { 'nova':
ensure => present,
system => true,
Expand Down Expand Up @@ -483,28 +495,11 @@
}

if $rabbit_use_ssl {
if $kombu_ssl_ca_certs {
nova_config { 'DEFAULT/kombu_ssl_ca_certs': value => $kombu_ssl_ca_certs }
} else {
nova_config { 'DEFAULT/kombu_ssl_ca_certs': ensure => absent}
}

if $kombu_ssl_certfile {
nova_config { 'DEFAULT/kombu_ssl_certfile': value => $kombu_ssl_certfile }
} else {
nova_config { 'DEFAULT/kombu_ssl_certfile': ensure => absent}
}

if $kombu_ssl_keyfile {
nova_config { 'DEFAULT/kombu_ssl_keyfile': value => $kombu_ssl_keyfile }
} else {
nova_config { 'DEFAULT/kombu_ssl_keyfile': ensure => absent}
}

if $kombu_ssl_version {
nova_config { 'DEFAULT/kombu_ssl_version': value => $kombu_ssl_version }
} else {
nova_config { 'DEFAULT/kombu_ssl_version': ensure => absent}
nova_config {
'DEFAULT/kombu_ssl_ca_certs': value => $kombu_ssl_ca_certs;
'DEFAULT/kombu_ssl_certfile': value => $kombu_ssl_certfile;
'DEFAULT/kombu_ssl_keyfile': value => $kombu_ssl_keyfile;
'DEFAULT/kombu_ssl_version': value => $kombu_ssl_version;
}
} else {
nova_config {
Expand Down
229 changes: 115 additions & 114 deletions spec/classes/nova_init_spec.rb
View file
Original file line number Diff line number Diff line change
Expand Up @@ -329,27 +329,7 @@
end
end

context 'with rabbit_use_ssl parameter' do
let :params do
{ :rabbit_hosts => ['rabbit:5673'],
:rabbit_use_ssl => 'true' }
end

it 'configures rabbit' do
should_not contain_nova_config('DEFAULT/rabbit_host')
should_not contain_nova_config('DEFAULT/rabbit_port')
should contain_nova_config('DEFAULT/rabbit_hosts').with_value('rabbit:5673')
should contain_nova_config('DEFAULT/rabbit_ha_queues').with_value(true)
should contain_nova_config('DEFAULT/rabbit_use_ssl').with_value(true)
should contain_nova_config('DEFAULT/amqp_durable_queues').with_value(false)
should contain_nova_config('DEFAULT/kombu_ssl_ca_certs').with_ensure('absent')
should contain_nova_config('DEFAULT/kombu_ssl_certfile').with_ensure('absent')
should contain_nova_config('DEFAULT/kombu_ssl_keyfile').with_ensure('absent')
should contain_nova_config('DEFAULT/kombu_ssl_version').with_value('SSLv3')
end
end

context 'with amqp ssl parameters' do
context 'with rabbit ssl enabled' do
let :params do
{ :rabbit_hosts => ['rabbit:5673'],
:rabbit_use_ssl => 'true',
Expand All @@ -368,6 +348,27 @@
end
end

context 'with rabbit ssl disabled' do
let :params do
{
:rabbit_password => 'pass',
:rabbit_use_ssl => false,
:kombu_ssl_ca_certs => 'undef',
:kombu_ssl_certfile => 'undef',
:kombu_ssl_keyfile => 'undef',
:kombu_ssl_version => 'SSLv3',
}
end

it 'configures rabbit' do
should contain_nova_config('DEFAULT/rabbit_use_ssl').with_value('false')
should contain_nova_config('DEFAULT/kombu_ssl_ca_certs').with_ensure('absent')
should contain_nova_config('DEFAULT/kombu_ssl_certfile').with_ensure('absent')
should contain_nova_config('DEFAULT/kombu_ssl_keyfile').with_ensure('absent')
should contain_nova_config('DEFAULT/kombu_ssl_version').with_ensure('absent')
end
end

context 'with qpid rpc_backend' do
let :params do
{ :rpc_backend => 'nova.openstack.common.rpc.impl_qpid' }
Expand Down Expand Up @@ -415,124 +416,124 @@
end

context 'with ssh public key' do
let :params do
{
:nova_public_key => {'type' => 'ssh-rsa',
'key' => 'keydata'}
}
end
let :params do
{
:nova_public_key => {'type' => 'ssh-rsa',
'key' => 'keydata'}
}
end

it 'should install ssh public key' do
should contain_ssh_authorized_key('nova-migration-public-key').with(
:ensure => 'present',
:key => 'keydata',
:type => 'ssh-rsa'
)
end
it 'should install ssh public key' do
should contain_ssh_authorized_key('nova-migration-public-key').with(
:ensure => 'present',
:key => 'keydata',
:type => 'ssh-rsa'
)
end
end

context 'with ssh public key missing key type' do
let :params do
{
:nova_public_key => {'type' => '',
'key' => 'keydata'}
}
end
let :params do
{
:nova_public_key => {'type' => '',
'key' => 'keydata'}
}
end

it 'should raise an error' do
expect {
should contain_ssh_authorized_key('nova-migration-public-key').with(
:ensure => 'present',
:key => 'keydata',
:type => ''
)
}.to raise_error Puppet::Error, /You must provide both a key type and key data./
end
it 'should raise an error' do
expect {
should contain_ssh_authorized_key('nova-migration-public-key').with(
:ensure => 'present',
:key => 'keydata',
:type => ''
)
}.to raise_error Puppet::Error, /You must provide both a key type and key data./
end
end

context 'with ssh public key missing key data' do
let :params do
{
:nova_public_key => {'type' => 'ssh-rsa',
'key' => ''}
}
end
let :params do
{
:nova_public_key => {'type' => 'ssh-rsa',
'key' => ''}
}
end

it 'should raise an error' do
expect {
should contain_ssh_authorized_key('nova-migration-public-key').with(
:ensure => 'present',
:key => 'keydata',
:type => ''
)
}.to raise_error Puppet::Error, /You must provide both a key type and key data./
end
it 'should raise an error' do
expect {
should contain_ssh_authorized_key('nova-migration-public-key').with(
:ensure => 'present',
:key => 'keydata',
:type => ''
)
}.to raise_error Puppet::Error, /You must provide both a key type and key data./
end
end

context 'with ssh private key' do
let :params do
{
:nova_private_key => {'type' => 'ssh-rsa',
'key' => 'keydata'}
}
end
let :params do
{
:nova_private_key => {'type' => 'ssh-rsa',
'key' => 'keydata'}
}
end

it 'should install ssh private key' do
should contain_file('/var/lib/nova/.ssh/id_rsa').with(
:content => 'keydata'
)
end
it 'should install ssh private key' do
should contain_file('/var/lib/nova/.ssh/id_rsa').with(
:content => 'keydata'
)
end
end

context 'with ssh private key missing key type' do
let :params do
{
:nova_private_key => {'type' => '',
'key' => 'keydata'}
}
end
let :params do
{
:nova_private_key => {'type' => '',
'key' => 'keydata'}
}
end

it 'should raise an error' do
expect {
should contain_file('/var/lib/nova/.ssh/id_rsa').with(
:content => 'keydata'
)
}.to raise_error Puppet::Error, /You must provide both a key type and key data./
end
it 'should raise an error' do
expect {
should contain_file('/var/lib/nova/.ssh/id_rsa').with(
:content => 'keydata'
)
}.to raise_error Puppet::Error, /You must provide both a key type and key data./
end
end

context 'with ssh private key having incorrect key type' do
let :params do
{
:nova_private_key => {'type' => 'invalid',
'key' => 'keydata'}
}
end
let :params do
{
:nova_private_key => {'type' => 'invalid',
'key' => 'keydata'}
}
end

it 'should raise an error' do
expect {
should contain_file('/var/lib/nova/.ssh/id_rsa').with(
:content => 'keydata'
)
}.to raise_error Puppet::Error, /Unable to determine name of private key file./
end
it 'should raise an error' do
expect {
should contain_file('/var/lib/nova/.ssh/id_rsa').with(
:content => 'keydata'
)
}.to raise_error Puppet::Error, /Unable to determine name of private key file./
end
end

context 'with ssh private key missing key data' do
let :params do
{
:nova_private_key => {'type' => 'ssh-rsa',
'key' => ''}
}
end
let :params do
{
:nova_private_key => {'type' => 'ssh-rsa',
'key' => ''}
}
end

it 'should raise an error' do
expect {
should contain_file('/var/lib/nova/.ssh/id_rsa').with(
:content => 'keydata'
)
}.to raise_error Puppet::Error, /You must provide both a key type and key data./
end
it 'should raise an error' do
expect {
should contain_file('/var/lib/nova/.ssh/id_rsa').with(
:content => 'keydata'
)
}.to raise_error Puppet::Error, /You must provide both a key type and key data./
end
end

end
Expand Down

0 comments on commit 99bf46d

Please sign in to comment.