Enforce use_ssl flag

Setting the certificate and key in heat's configuration has the
effect of enabling SSL. So, one can actually enable SSL using those
and ignore the use_ssl flag.

This commit enforces that flag, so if the flag is not set, then those
parameters shouldn't be persisted in Heat's configuration.

A unit test was removed for each of the correspondent API's because they no
longer apply. If ssl is not enabled, then heat_config resources containing
those configurations are not present in the resource catalog.

Change-Id: I87fb234943829d7f0d8786e98e90b81e9a71c8ef
This commit is contained in:
Juan Antonio Osorio Robles 2016-06-15 14:49:01 +03:00
parent 0efd487d94
commit f55c866119
6 changed files with 19 additions and 40 deletions

View File

@ -99,8 +99,12 @@ class heat::api (
'heat_api/bind_host': value => $bind_host;
'heat_api/bind_port': value => $bind_port;
'heat_api/workers': value => $workers;
}
if $use_ssl {
heat_config {
'heat_api/cert_file': value => $cert_file;
'heat_api/key_file': value => $key_file;
}
}
}

View File

@ -102,8 +102,13 @@ class heat::api_cfn (
'heat_api_cfn/bind_host': value => $bind_host;
'heat_api_cfn/bind_port': value => $bind_port;
'heat_api_cfn/workers': value => $workers;
}
if $use_ssl {
heat_config {
'heat_api_cfn/cert_file': value => $cert_file;
'heat_api_cfn/key_file': value => $key_file;
}
}
}

View File

@ -101,8 +101,12 @@ class heat::api_cloudwatch (
'heat_api_cloudwatch/bind_host': value => $bind_host;
'heat_api_cloudwatch/bind_port': value => $bind_port;
'heat_api_cloudwatch/workers': value => $workers;
}
if $use_ssl {
heat_config {
'heat_api_cloudwatch/cert_file': value => $cert_file;
'heat_api_cloudwatch/key_file': value => $key_file;
}
}
}

View File

@ -48,17 +48,6 @@ describe 'heat::api_cfn' do
it_raises 'a Puppet::Error', /The cert_file parameter is required when use_ssl is set to true/
end
context 'with SSL socket options set to false' do
let :params do
{
:use_ssl => false,
}
end
it { is_expected.to contain_heat_config('heat_api_cfn/cert_file').with_value('<SERVICE DEFAULT>') }
it { is_expected.to contain_heat_config('heat_api_cfn/key_file').with_value('<SERVICE DEFAULT>') }
end
[{:enabled => true}, {:enabled => false}].each do |param_hash|
context "when service should be #{param_hash[:enabled] ? 'enabled' : 'disabled'}" do
before do

View File

@ -48,17 +48,6 @@ describe 'heat::api_cloudwatch' do
it_raises 'a Puppet::Error', /The cert_file parameter is required when use_ssl is set to true/
end
context 'with SSL socket options set to false' do
let :params do
{
:use_ssl => false,
}
end
it { is_expected.to contain_heat_config('heat_api_cloudwatch/cert_file').with_value('<SERVICE DEFAULT>') }
it { is_expected.to contain_heat_config('heat_api_cloudwatch/key_file').with_value('<SERVICE DEFAULT>') }
end
[{:enabled => true}, {:enabled => false}].each do |param_hash|
context "when service should be #{param_hash[:enabled] ? 'enabled' : 'disabled'}" do
before do

View File

@ -48,18 +48,6 @@ describe 'heat::api' do
it_raises 'a Puppet::Error', /The cert_file parameter is required when use_ssl is set to true/
end
context 'with SSL socket options set to false' do
let :params do
{
:use_ssl => false,
}
end
it { is_expected.to contain_heat_config('heat_api/cert_file').with_value('<SERVICE DEFAULT>') }
it { is_expected.to contain_heat_config('heat_api/key_file').with_value('<SERVICE DEFAULT>') }
end
[{:enabled => true}, {:enabled => false}].each do |param_hash|
context "when service should be #{param_hash[:enabled] ? 'enabled' : 'disabled'}" do
before do