Makes ca_file parameter optional when use_ssl => true

The ca_file parameter should not be required when use_ssl => true. Rather, use_ssl must be true when ca_file is specified. Change-Id: Ifb4b5acccdce0be63e763b4d837eb452827cd6d4 Closes-Bug: 1356089 (cherry picked from commit 70ef4af)
redhat-openstack · Sep 26, 2014 · d789504 · d789504
1 parent 0a7e0f1
commit d789504
Show file tree

Hide file tree

Showing 2 changed files with 35 additions and 4 deletions.
diff --git a/manifests/init.pp b/manifests/init.pp
@@ -243,14 +243,15 @@
     if !$cert_file {
       fail('The cert_file parameter is required when use_ssl is set to true')
     }
-    if !$ca_file {
-      fail('The ca_file parameter is required when use_ssl is set to true')
-    }
     if !$key_file {
       fail('The key_file parameter is required when use_ssl is set to true')
     }
   }
 
+  if $ca_file and !$use_ssl {
+    fail('The ca_file parameter requires that use_ssl to be set to true')
+  }
+
   if $rabbit_use_ssl {
     if !$kombu_ssl_ca_certs {
       fail('The kombu_ssl_ca_certs parameter is required when rabbit_use_ssl is set to true')
@@ -394,7 +395,11 @@
     neutron_config {
       'DEFAULT/ssl_cert_file' : value => $cert_file;
       'DEFAULT/ssl_key_file'  : value => $key_file;
-      'DEFAULT/ssl_ca_file'   : value => $ca_file;
+    }
+    if $ca_file {
+      neutron_config { 'DEFAULT/ssl_ca_file'   : value => $ca_file; }
+    } else {
+      neutron_config { 'DEFAULT/ssl_ca_file'   : ensure => absent; }
     }
   } else {
     neutron_config {

diff --git a/spec/classes/neutron_init_spec.rb b/spec/classes/neutron_init_spec.rb
@@ -183,6 +183,32 @@
     it { should contain_neutron_config('DEFAULT/ssl_ca_file').with_ensure('absent') }
   end
 
+  shared_examples_for 'with SSL socket options set and no ca_file' do
+    before do
+      params.merge!(
+        :use_ssl         => true,
+        :cert_file       => '/path/to/cert',
+        :key_file        => '/path/to/key'
+      )
+    end
+
+    it { should contain_neutron_config('DEFAULT/use_ssl').with_value('true') }
+    it { should contain_neutron_config('DEFAULT/ssl_cert_file').with_value('/path/to/cert') }
+    it { should contain_neutron_config('DEFAULT/ssl_key_file').with_value('/path/to/key') }
+    it { should contain_neutron_config('DEFAULT/ssl_ca_file').with_ensure('absent') }
+  end
+
+  shared_examples_for 'with SSL socket options disabled with ca_file' do
+    before do
+      params.merge!(
+        :use_ssl         => false,
+        :ca_file         => '/path/to/ca'
+      )
+    end
+
+    it_raises 'a Puppet::Error', /The ca_file parameter requires that use_ssl to be set to true/
+  end
+
   shared_examples_for 'with syslog disabled' do
     it { should contain_neutron_config('DEFAULT/use_syslog').with_value(false) }
   end