Fail when ssl parameters are missing and rabbit_use_ssl is set to true

This commit causes the run to fail is rabbit_use_ssl parameter is set to true but the ssl related parameters remains undef. Change-Id: Idd40601fe4a632204fdde120b857d0e22b6a2aed (cherry picked from commit 55cbdac)
redhat-openstack · Sep 29, 2014 · 42d2c48 · 42d2c48
1 parent cd988a6
commit 42d2c48
Show file tree

Hide file tree

Showing 2 changed files with 40 additions and 45 deletions.
diff --git a/manifests/init.pp b/manifests/init.pp
@@ -111,6 +111,18 @@
 
   include ceilometer::params
 
+  if $rabbit_use_ssl {
+    if !$kombu_ssl_ca_certs {
+      fail('The kombu_ssl_ca_certs parameter is required when rabbit_use_ssl is set to true')
+    }
+    if !$kombu_ssl_certfile {
+      fail('The kombu_ssl_certfile parameter is required when rabbit_use_ssl is set to true')
+    }
+    if !$kombu_ssl_keyfile {
+      fail('The kombu_ssl_keyfile parameter is required when rabbit_use_ssl is set to true')
+    }
+  }
+
   File {
     require => Package['ceilometer-common'],
   }
@@ -177,28 +189,11 @@
       }
 
       if $rabbit_use_ssl {
-        if $kombu_ssl_ca_certs {
-          ceilometer_config { 'DEFAULT/kombu_ssl_ca_certs': value => $kombu_ssl_ca_certs }
-        } else {
-          ceilometer_config { 'DEFAULT/kombu_ssl_ca_certs': ensure => absent}
-        }
-
-        if $kombu_ssl_certfile {
-          ceilometer_config { 'DEFAULT/kombu_ssl_certfile': value => $kombu_ssl_certfile }
-        } else {
-          ceilometer_config { 'DEFAULT/kombu_ssl_certfile': ensure => absent}
-        }
-
-        if $kombu_ssl_keyfile {
-          ceilometer_config { 'DEFAULT/kombu_ssl_keyfile': value => $kombu_ssl_keyfile }
-        } else {
-          ceilometer_config { 'DEFAULT/kombu_ssl_keyfile': ensure => absent}
-        }
-
-        if $kombu_ssl_version {
-          ceilometer_config { 'DEFAULT/kombu_ssl_version': value => $kombu_ssl_version }
-        } else {
-          ceilometer_config { 'DEFAULT/kombu_ssl_version': ensure => absent}
+        ceilometer_config {
+          'DEFAULT/kombu_ssl_ca_certs': value => $kombu_ssl_ca_certs;
+          'DEFAULT/kombu_ssl_certfile': value => $kombu_ssl_certfile;
+          'DEFAULT/kombu_ssl_keyfile':  value => $kombu_ssl_keyfile;
+          'DEFAULT/kombu_ssl_version':  value => $kombu_ssl_version;
         }
       } else {
         ceilometer_config {
@@ -208,6 +203,7 @@
           'DEFAULT/kombu_ssl_version':  ensure => absent;
         }
       }
+
   }
 
   if $rpc_backend == 'ceilometer.openstack.common.rpc.impl_qpid' {

diff --git a/spec/classes/ceilometer_init_spec.rb b/spec/classes/ceilometer_init_spec.rb
@@ -221,33 +221,32 @@
     end
 
     context "with SSL enabled" do
-      before { params.merge!( :rabbit_use_ssl => 'true' ) }
-      it { should contain_ceilometer_config('DEFAULT/rabbit_use_ssl').with_value('true') }
-      it { should contain_ceilometer_config('DEFAULT/kombu_ssl_ca_certs').with_ensure('absent') }
-      it { should contain_ceilometer_config('DEFAULT/kombu_ssl_certfile').with_ensure('absent') }
-      it { should contain_ceilometer_config('DEFAULT/kombu_ssl_keyfile').with_ensure('absent') }
-      it { should contain_ceilometer_config('DEFAULT/kombu_ssl_version').with_value('SSLv3') }
-
-      context "with ca_certs" do
-        before { params.merge!( :kombu_ssl_ca_certs => '/path/to/ca.crt' ) }
-        it { should contain_ceilometer_config('DEFAULT/kombu_ssl_ca_certs').with_value('/path/to/ca.crt') }
-      end
+      before { params.merge!(
+        :rabbit_use_ssl     => 'true',
+        :kombu_ssl_ca_certs => '/path/to/ca.crt',
+        :kombu_ssl_certfile => '/path/to/cert.crt',
+        :kombu_ssl_keyfile  => '/path/to/cert.key',
+        :kombu_ssl_version  => 'TLSv1'
+      ) }
 
-      context "with certfile" do
-        before { params.merge!( :kombu_ssl_certfile => '/path/to/cert.crt' ) }
-        it { should contain_ceilometer_config('DEFAULT/kombu_ssl_certfile').with_value('/path/to/cert.crt') }
-      end
+      it { should contain_ceilometer_config('DEFAULT/rabbit_use_ssl').with_value('true') }
+      it { should contain_ceilometer_config('DEFAULT/kombu_ssl_ca_certs').with_value('/path/to/ca.crt') }
+      it { should contain_ceilometer_config('DEFAULT/kombu_ssl_certfile').with_value('/path/to/cert.crt') }
+      it { should contain_ceilometer_config('DEFAULT/kombu_ssl_keyfile').with_value('/path/to/cert.key') }
+      it { should contain_ceilometer_config('DEFAULT/kombu_ssl_version').with_value('TLSv1') }
+    end
 
-      context "with keyfile" do
-        before { params.merge!( :kombu_ssl_keyfile => '/path/to/cert.key' ) }
-        it { should contain_ceilometer_config('DEFAULT/kombu_ssl_keyfile').with_value('/path/to/cert.key') }
-      end
+    context "with SSL wrongly configured" do
+      before { params.merge!(
+        :rabbit_use_ssl     => 'false',
+        :kombu_ssl_certfile => '/path/to/cert.crt',
+        :kombu_ssl_keyfile  => '/path/to/cert.key',
+        :kombu_ssl_version  => 'TLSv1'
+      ) }
 
-      context "with version" do
-        before { params.merge!( :kombu_ssl_version => 'TLSv1' ) }
-        it { should contain_ceilometer_config('DEFAULT/kombu_ssl_version').with_value('TLSv1') }
-      end
+      it_raises 'a Puppet::Error', /The kombu_ssl_ca_certs parameter is required when rabbit_use_ssl is set to true/
     end
+
   end
 
   shared_examples_for 'qpid support' do