diff --git a/manifests/services/lbaas.pp b/manifests/services/lbaas.pp index 498c111de..180c84d0d 100644 --- a/manifests/services/lbaas.pp +++ b/manifests/services/lbaas.pp @@ -29,6 +29,21 @@ # (optional) Whether to install the lbaas driver package # Defaults to 'present' # +# [*cert_manager_type*] +# (optional) Certificate manager type to use for lbaas. +# Defaults to $::os_service_default +# Example: barbican +# +# [*cert_storage_path*] +# (optional) The location to store certificates locally. +# Defaults to $::os_service_default +# Example: /var/lib/neutron-lbaas/certificates/ +# +# [*barbican_auth*] +# (optional) Name of the barbican authentication method to use. +# Defaults to $::os_service_default +# Example: barbican_acl_auth +# # === Deprecated Parameters # # [*service_providers*] @@ -46,6 +61,9 @@ # Defaults to false # class neutron::services::lbaas ( + $cert_manager_type = $::os_service_default, + $cert_storage_path = $::os_service_default, + $barbican_auth = $::os_service_default, $ensure_lbaas_driver_package = 'present', $service_providers = $::os_service_default, # DEPRECATED @@ -61,6 +79,13 @@ class neutron::services::lbaas ( tag => ['openstack', 'neutron-package'] }) } + + neutron_config { + 'certificates/cert_manager_type': value => $cert_manager_type; + 'certificates/storage_path': value => $cert_storage_path; + 'certificates/barbican_auth': value => $barbican_auth; + } + if !is_service_default($service_providers) { warning('service_providers in neutron::services::lbaas is deprecated in newton release, please use service provider in neutron::server class') } diff --git a/releasenotes/notes/lbaas_certificates_configuration-470f7299e1ea136f.yaml b/releasenotes/notes/lbaas_certificates_configuration-470f7299e1ea136f.yaml new file mode 100644 index 000000000..241ba1b93 --- /dev/null +++ b/releasenotes/notes/lbaas_certificates_configuration-470f7299e1ea136f.yaml @@ -0,0 +1,3 @@ +--- +features: + - Add certificates configuration options for lbaas service. diff --git a/spec/classes/neutron_services_lbaas_spec.rb b/spec/classes/neutron_services_lbaas_spec.rb index 0840f45a4..d9138566d 100644 --- a/spec/classes/neutron_services_lbaas_spec.rb +++ b/spec/classes/neutron_services_lbaas_spec.rb @@ -36,6 +36,29 @@ describe 'neutron::services::lbaas' do it 'should contain python-neutron-lbaas package' do is_expected.to contain_package('python-neutron-lbaas').with({ :ensure => 'present' }) end + + it 'should set certificates options with service defaults' do + is_expected.to contain_neutron_config('certificates/cert_manager_type').with_value('') + is_expected.to contain_neutron_config('certificates/storage_path').with_value('') + is_expected.to contain_neutron_config('certificates/barbican_auth').with_value('') + end + end + + context 'with certificate manager options' do + before :each do + params.merge!( + { :cert_manager_type => 'barbican', + :cert_storage_path => '/var/lib/neutron-lbaas/certificates/', + :barbican_auth => 'barbican_acl_auth' + } + ) + + it 'should configure certificates section' do + is_expected.to contain_neutron_config('certificates/cert_manager_type').with_value('barbican') + is_expected.to contain_neutron_config('certificates/storage_path').with_value('/var/lib/neutron-lbaas/certificates/') + is_expected.to contain_neutron_config('certificates/barbican_auth').with_value('barbican_acl_auth') + end + end end context 'with multiple service providers' do