Skip to content

Commit

Permalink
Makes kombu_ssl_* parameters optional when rabbit_use_ssl => true
Browse files Browse the repository at this point in the history
The kombu_ssl_* parameters should not be required when rabbit_use_ssl => true
Rather, rabbit_use_ssl must be set to true if the kombu_ssl_* parameters are
used.

Change-Id: I7664dda2c66ffb34ceb56ada722574ae0e490f8f
Closes-Bug: 1356083
  • Loading branch information
Mike Dorman committed Sep 4, 2014
1 parent 61ace07 commit 957c212
Show file tree
Hide file tree
Showing 2 changed files with 57 additions and 19 deletions.
44 changes: 32 additions & 12 deletions manifests/init.pp
Original file line number Diff line number Diff line change
Expand Up @@ -111,16 +111,17 @@

include ceilometer::params

if $rabbit_use_ssl {
if !$kombu_ssl_ca_certs {
fail('The kombu_ssl_ca_certs parameter is required when rabbit_use_ssl is set to true')
}
if !$kombu_ssl_certfile {
fail('The kombu_ssl_certfile parameter is required when rabbit_use_ssl is set to true')
}
if !$kombu_ssl_keyfile {
fail('The kombu_ssl_keyfile parameter is required when rabbit_use_ssl is set to true')
}
if $kombu_ssl_ca_certs and !$rabbit_use_ssl {
fail('The kombu_ssl_ca_certs parameter requires rabbit_use_ssl to be set to true')
}
if $kombu_ssl_certfile and !$rabbit_use_ssl {
fail('The kombu_ssl_certfile parameter requires rabbit_use_ssl to be set to true')
}
if $kombu_ssl_keyfile and !$rabbit_use_ssl {
fail('The kombu_ssl_keyfile parameter requires rabbit_use_ssl to be set to true')
}
if ($kombu_ssl_certfile and !$kombu_ssl_keyfile) or ($kombu_ssl_keyfile and !$kombu_ssl_certfile) {
fail('The kombu_ssl_certfile and kombu_ssl_keyfile parameters must be used together')
}

File {
Expand Down Expand Up @@ -189,12 +190,31 @@
}

if $rabbit_use_ssl {

if $kombu_ssl_ca_certs {
ceilometer_config { 'DEFAULT/kombu_ssl_ca_certs': value => $kombu_ssl_ca_certs; }
} else {
ceilometer_config { 'DEFAULT/kombu_ssl_ca_certs': ensure => absent; }
}

if $kombu_ssl_certfile or $kombu_ssl_keyfile {
ceilometer_config {
'DEFAULT/kombu_ssl_ca_certs': value => $kombu_ssl_ca_certs;
'DEFAULT/kombu_ssl_certfile': value => $kombu_ssl_certfile;
'DEFAULT/kombu_ssl_keyfile': value => $kombu_ssl_keyfile;
'DEFAULT/kombu_ssl_version': value => $kombu_ssl_version;
}
} else {
ceilometer_config {
'DEFAULT/kombu_ssl_certfile': ensure => absent;
'DEFAULT/kombu_ssl_keyfile': ensure => absent;
}
}

if $kombu_ssl_version {
ceilometer_config { 'DEFAULT/kombu_ssl_version': value => $kombu_ssl_version; }
} else {
ceilometer_config { 'DEFAULT/kombu_ssl_version': ensure => absent; }
}

} else {
ceilometer_config {
'DEFAULT/kombu_ssl_ca_certs': ensure => absent;
Expand Down
32 changes: 25 additions & 7 deletions spec/classes/ceilometer_init_spec.rb
Original file line number Diff line number Diff line change
Expand Up @@ -227,7 +227,7 @@
it { should contain_ceilometer_config('DEFAULT/kombu_ssl_version').with_ensure('absent') }
end

context "with SSL enabled" do
context "with SSL enabled with kombu" do
before { params.merge!(
:rabbit_use_ssl => 'true',
:kombu_ssl_ca_certs => '/path/to/ca.crt',
Expand All @@ -243,15 +243,33 @@
it { should contain_ceilometer_config('DEFAULT/kombu_ssl_version').with_value('TLSv1') }
end

context "with SSL wrongly configured" do
context "with SSL enabled without kombu" do
before { params.merge!(
:rabbit_use_ssl => 'false',
:kombu_ssl_certfile => '/path/to/cert.crt',
:kombu_ssl_keyfile => '/path/to/cert.key',
:kombu_ssl_version => 'TLSv1'
:rabbit_use_ssl => 'true'
) }

it_raises 'a Puppet::Error', /The kombu_ssl_ca_certs parameter is required when rabbit_use_ssl is set to true/
it { should contain_ceilometer_config('DEFAULT/rabbit_use_ssl').with_value('true') }
it { should contain_ceilometer_config('DEFAULT/kombu_ssl_ca_certs').with_ensure('absent') }
it { should contain_ceilometer_config('DEFAULT/kombu_ssl_certfile').with_ensure('absent') }
it { should contain_ceilometer_config('DEFAULT/kombu_ssl_keyfile').with_ensure('absent') }
it { should contain_ceilometer_config('DEFAULT/kombu_ssl_version').with_value('SSLv3') }
end

context "with SSL wrongly configured" do
context 'with kombu_ssl_ca_certs parameter' do
before { params.merge!(:kombu_ssl_ca_certs => '/path/to/ca.crt') }
it_raises 'a Puppet::Error', /The kombu_ssl_ca_certs parameter requires rabbit_use_ssl to be set to true/
end

context 'with kombu_ssl_certfile parameter' do
before { params.merge!(:kombu_ssl_certfile => '/path/to/ssl/cert/file') }
it_raises 'a Puppet::Error', /The kombu_ssl_certfile parameter requires rabbit_use_ssl to be set to true/
end

context 'with kombu_ssl_keyfile parameter' do
before { params.merge!(:kombu_ssl_keyfile => '/path/to/ssl/keyfile') }
it_raises 'a Puppet::Error', /The kombu_ssl_keyfile parameter requires rabbit_use_ssl to be set to true/
end
end
end

Expand Down

0 comments on commit 957c212

Please sign in to comment.