From 141e65a7ddc07b682fc730bab98bffbd7d49f53f Mon Sep 17 00:00:00 2001 From: Mike Dorman Date: Tue, 12 Aug 2014 16:47:10 -0600 Subject: [PATCH] Makes kombu_ssl_* parameters optional when rabbit_use_ssl => true The kombu_ssl_* parameters should not be required when rabbit_use_ssl => true Rather, rabbit_use_ssl must be set to true if the kombu_ssl_* parameters are used. Change-Id: Ia3d71eaccdfb736068478b935e5be46719eb49db Closes-Bug: 1356083 --- manifests/init.pp | 50 +++++++++++++++++------- spec/classes/neutron_init_spec.rb | 65 +++++++++++++++++++++++-------- 2 files changed, 83 insertions(+), 32 deletions(-) diff --git a/manifests/init.pp b/manifests/init.pp index b35d3015b..23573edee 100644 --- a/manifests/init.pp +++ b/manifests/init.pp @@ -257,16 +257,17 @@ fail('The ca_file parameter requires that use_ssl to be set to true') } - if $rabbit_use_ssl { - if !$kombu_ssl_ca_certs { - fail('The kombu_ssl_ca_certs parameter is required when rabbit_use_ssl is set to true') - } - if !$kombu_ssl_certfile { - fail('The kombu_ssl_certfile parameter is required when rabbit_use_ssl is set to true') - } - if !$kombu_ssl_keyfile { - fail('The kombu_ssl_keyfile parameter is required when rabbit_use_ssl is set to true') - } + if $kombu_ssl_ca_certs and !$rabbit_use_ssl { + fail('The kombu_ssl_ca_certs parameter requires rabbit_use_ssl to be set to true') + } + if $kombu_ssl_certfile and !$rabbit_use_ssl { + fail('The kombu_ssl_certfile parameter requires rabbit_use_ssl to be set to true') + } + if $kombu_ssl_keyfile and !$rabbit_use_ssl { + fail('The kombu_ssl_keyfile parameter requires rabbit_use_ssl to be set to true') + } + if ($kombu_ssl_certfile and !$kombu_ssl_keyfile) or ($kombu_ssl_keyfile and !$kombu_ssl_certfile) { + fail('The kombu_ssl_certfile and kombu_ssl_keyfile parameters must be used together') } File { @@ -370,12 +371,31 @@ } if $rabbit_use_ssl { - neutron_config { - 'DEFAULT/kombu_ssl_ca_certs': value => $kombu_ssl_ca_certs; - 'DEFAULT/kombu_ssl_certfile': value => $kombu_ssl_certfile; - 'DEFAULT/kombu_ssl_keyfile': value => $kombu_ssl_keyfile; - 'DEFAULT/kombu_ssl_version': value => $kombu_ssl_version; + + if $kombu_ssl_ca_certs { + neutron_config { 'DEFAULT/kombu_ssl_ca_certs': value => $kombu_ssl_ca_certs; } + } else { + neutron_config { 'DEFAULT/kombu_ssl_ca_certs': ensure => absent; } + } + + if $kombu_ssl_certfile or $kombu_ssl_keyfile { + neutron_config { + 'DEFAULT/kombu_ssl_certfile': value => $kombu_ssl_certfile; + 'DEFAULT/kombu_ssl_keyfile': value => $kombu_ssl_keyfile; + } + } else { + neutron_config { + 'DEFAULT/kombu_ssl_certfile': ensure => absent; + 'DEFAULT/kombu_ssl_keyfile': ensure => absent; + } } + + if $kombu_ssl_version { + neutron_config { 'DEFAULT/kombu_ssl_version': value => $kombu_ssl_version; } + } else { + neutron_config { 'DEFAULT/kombu_ssl_version': ensure => absent; } + } + } else { neutron_config { 'DEFAULT/kombu_ssl_ca_certs': ensure => absent; diff --git a/spec/classes/neutron_init_spec.rb b/spec/classes/neutron_init_spec.rb index cd09c8429..2178b177c 100644 --- a/spec/classes/neutron_init_spec.rb +++ b/spec/classes/neutron_init_spec.rb @@ -49,9 +49,11 @@ end - it_configures 'with SSL enabled' + it_configures 'with SSL enabled with kombu' + it_configures 'with SSL enabled without kombu' it_configures 'with SSL disabled' it_configures 'with SSL wrongly configured' + it_configures 'with SSL and kombu wrongly configured' it_configures 'with SSL socket options set' it_configures 'with SSL socket options set with wrong parameters' it_configures 'with SSL socket options set to false' @@ -215,7 +217,7 @@ it { should contain_neutron_config('DEFAULT/use_syslog').with_value(false) } end - shared_examples_for 'with SSL enabled' do + shared_examples_for 'with SSL enabled with kombu' do before do params.merge!( :rabbit_use_ssl => true, @@ -235,13 +237,26 @@ end end + shared_examples_for 'with SSL enabled without kombu' do + before do + params.merge!( + :rabbit_use_ssl => true + ) + end + + it do + should contain_neutron_config('DEFAULT/rabbit_use_ssl').with_value('true') + should contain_neutron_config('DEFAULT/kombu_ssl_ca_certs').with_ensure('absent') + should contain_neutron_config('DEFAULT/kombu_ssl_certfile').with_ensure('absent') + should contain_neutron_config('DEFAULT/kombu_ssl_keyfile').with_ensure('absent') + should contain_neutron_config('DEFAULT/kombu_ssl_version').with_value('SSLv3') + end + end + shared_examples_for 'with SSL disabled' do before do params.merge!( :rabbit_use_ssl => false, - :kombu_ssl_ca_certs => 'undef', - :kombu_ssl_certfile => 'undef', - :kombu_ssl_keyfile => 'undef', :kombu_ssl_version => 'SSLv3' ) end @@ -258,28 +273,44 @@ shared_examples_for 'with SSL wrongly configured' do before do params.merge!( - :rabbit_use_ssl => true, - :kombu_ssl_ca_certs => 'undef', - :kombu_ssl_certfile => 'undef', - :kombu_ssl_keyfile => 'undef' + :rabbit_use_ssl => false ) end - context 'without required parameters' do + context 'with SSL disabled' do + + context 'with kombu_ssl_ca_certs parameter' do + before { params.merge!(:kombu_ssl_ca_certs => '/path/to/ssl/ca/certs') } + it_raises 'a Puppet::Error', /The kombu_ssl_ca_certs parameter requires rabbit_use_ssl to be set to true/ + end - context 'without kombu_ssl_ca_certs parameter' do - before { params.delete(:kombu_ssl_ca_certs) } - it_raises 'a Puppet::Error', /The kombu_ssl_ca_certs parameter is required when rabbit_use_ssl is set to true/ + context 'with kombu_ssl_certfile parameter' do + before { params.merge!(:kombu_ssl_certfile => '/path/to/ssl/cert/file') } + it_raises 'a Puppet::Error', /The kombu_ssl_certfile parameter requires rabbit_use_ssl to be set to true/ end - context 'without kombu_ssl_certfile parameter' do - before { params.delete(:kombu_ssl_certfile) } - it_raises 'a Puppet::Error', /The kombu_ssl_certfile parameter is required when rabbit_use_ssl is set to true/ + context 'with kombu_ssl_keyfile parameter' do + before { params.merge!(:kombu_ssl_keyfile => '/path/to/ssl/keyfile') } + it_raises 'a Puppet::Error', /The kombu_ssl_keyfile parameter requires rabbit_use_ssl to be set to true/ end + end + + end + + shared_examples_for 'with SSL and kombu wrongly configured' do + before do + params.merge!( + :rabbit_use_ssl => true, + :kombu_ssl_certfile => '/path/to/ssl/cert/file', + :kombu_ssl_keyfile => '/path/to/ssl/keyfile' + ) + end + + context 'without required parameters' do context 'without kombu_ssl_keyfile parameter' do before { params.delete(:kombu_ssl_keyfile) } - it_raises 'a Puppet::Error', /The kombu_ssl_keyfile parameter is required when rabbit_use_ssl is set to true/ + it_raises 'a Puppet::Error', /The kombu_ssl_certfile and kombu_ssl_keyfile parameters must be used together/ end end