Merge "When listen_ssl is true, enable the SSL engine and set a cert/…

…key"
xbezdick · Oct 29, 2013 · 632af6f · 632af6f
2 parents a9e842b + e3dd951
commit 632af6f
Show file tree

Hide file tree

Showing 2 changed files with 89 additions and 0 deletions.
diff --git a/manifests/init.pp b/manifests/init.pp
@@ -83,6 +83,9 @@
   $log_level               = 'DEBUG',
   $can_set_mount_point     = 'True',
   $listen_ssl              = false,
+  $horizon_cert            = undef,
+  $horizon_key             = undef,
+  $horizon_ca              = undef,
   $local_settings_template = 'horizon/local_settings.py.erb'
 ) {
 
@@ -141,13 +144,53 @@
   }
 
   if $listen_ssl {
+    include apache::mod::ssl
+
+    if $horizon_ca == undef or $horizon_cert == undef or $horizon_key == undef {
+      fail('The horizon CA, cert and key are all required.')
+    }
+
     file_line { 'httpd_listen_on_bind_address_443':
       path    => $::horizon::params::httpd_listen_config_file,
       match   => '^Listen (.*):?443$',
       line    => "Listen ${bind_address}:443",
       require => Package['horizon'],
       notify  => Service[$::horizon::params::http_service],
     }
+
+    # Enable SSL Engine
+    file_line{'httpd_sslengine_on':
+      path    => $::horizon::params::httpd_listen_config_file,
+      match   => '^SSLEngine ',
+      line    => 'SSLEngine on',
+      notify  => Service[$::horizon::params::http_service],
+      require => Class['apache::mod::ssl'],
+    }
+
+    # set the name of the ssl cert and key file
+    file_line{'httpd_sslcert_path':
+      path    => $::horizon::params::httpd_listen_config_file,
+      match   => '^SSLCertificateFile ',
+      line    => "SSLCertificateFile ${horizon_cert}",
+      notify  => Service[$::horizon::params::http_service],
+      require => Class['apache::mod::ssl'],
+    }
+
+    file_line{'httpd_sslkey_path':
+      path    => $::horizon::params::httpd_listen_config_file,
+      match   => '^SSLCertificateKeyFile ',
+      line    => "SSLCertificateKeyFile ${horizon_key}",
+      notify  => Service[$::horizon::params::http_service],
+      require => Class['apache::mod::ssl'],
+    }
+
+    file_line{'httpd_sslca_path':
+      path    => $::horizon::params::httpd_listen_config_file,
+      match   => '^SSLCACertificateFile ',
+      line    => "SSLCACertificateFile ${horizon_ca}",
+      notify  => Service[$::horizon::params::http_service],
+      require => Class['apache::mod::ssl'],
+    }
   }
 
   $django_wsgi = '/usr/share/openstack-dashboard/openstack_dashboard/wsgi/django.wsgi'

diff --git a/spec/classes/horizon_init_spec.rb b/spec/classes/horizon_init_spec.rb
@@ -29,6 +29,31 @@
 
     it { should contain_service('httpd').with_name('httpd') }
     it { should contain_file('/etc/httpd/conf.d/openstack-dashboard.conf') }
+    describe 'with default parameters' do
+      it { should contain_package('horizon').with_ensure('present') }
+      it { should contain_file_line('horizon_redirect_rule').with(
+         :line => "RedirectMatch permanent ^/$ \/dashboard/"
+      )}
+    end
+
+    describe 'when ssl is enabled' do
+      before do
+        params.merge!({
+          :listen_ssl => true,
+          :horizon_cert => '/etc/pki/tls/certs/httpd.crt',
+          :horizon_key => '/etc/pki/tls/private/httpd.key',
+          :horizon_ca => '/etc/pki/tls/certs/ca.crt',
+        })
+      end
+
+      it { should contain_file_line('httpd_sslcert_path').with(
+         :line => "SSLCertificateFile /etc/pki/tls/certs/httpd.crt"
+      )}
+      it { should contain_file_line('httpd_sslkey_path').with(
+         :line => "SSLCertificateKeyFile /etc/pki/tls/private/httpd.key"
+      )}
+    end
+
   end
 
   describe 'on Debian platforms' do
@@ -44,6 +69,9 @@
 
     describe 'with default parameters' do
       it { should contain_package('horizon').with_ensure('present') }
+      it { should contain_file_line('horizon_redirect_rule').with(
+         :line => "RedirectMatch permanent ^/$ /horizon/"
+      )}
       it 'generates local_settings.py' do
         verify_contents(subject, '/etc/openstack-dashboard/local_settings.py', [
           'DEBUG = False',
@@ -104,5 +132,23 @@
         ])
       end
     end
+
+    describe 'when ssl is enabled' do
+      before do
+        params.merge!({
+          :listen_ssl => true,
+          :horizon_cert => '/etc/ssl/localcerts/apache.crt',
+          :horizon_key => '/etc/ssl/localcerts/apache.key',
+          :horizon_ca => '/etc/ssl/localcerts/ca.crt',
+        })
+      end
+
+      it { should contain_file_line('httpd_sslcert_path').with(
+         :line => "SSLCertificateFile /etc/ssl/localcerts/apache.crt"
+      )}
+      it { should contain_file_line('httpd_sslkey_path').with(
+         :line => "SSLCertificateKeyFile /etc/ssl/localcerts/apache.key"
+      )}
+    end
   end
 end