openstack/puppet-nova
Code Issues Proposed changes

Make vencrypt_ca optional

Browse Source 
The [vnc] vencrypt_ca_certs is not mandatory even when vencrypt auth
scheme is used.

Change-Id: I771b53479ee993b42cbb7ac6071ce08380f62b0b
This commit is contained in:
Takashi Kajinami
2025-04-27 00:02:12 +09:00
parent a284d01e0a
commit 0d1fa4e34f
2 changed files with 18 additions and 20 deletions
Download Patch File Download Diff File Expand all files Collapse all files

9
manifests/vncproxy.pp
View File

@@ -58,8 +58,7 @@
# [*vencrypt_ca*]
# (optional) path to the certificate authority cert to use when connecting
# to VNC servers that supporting vencrypt
# Required when allow_vencrypt is true.
# Defaults to undef
# Defaults to $facts['os_service_default']
#
class nova::vncproxy(
Boolean $enabled = true,
@@ -73,7 +72,7 @@ class nova::vncproxy(
Boolean $allow_vencrypt = false,
$vencrypt_key = undef,
$vencrypt_cert = undef,
$vencrypt_ca = undef,
$vencrypt_ca = $facts['os_service_default'],
) {
include nova::deps
@@ -85,8 +84,8 @@ class nova::vncproxy(
if $allow_vencrypt {
if (!$vencrypt_ca or !$vencrypt_cert or !$vencrypt_key) {
fail('vencrypt_ca/cert/key params are required when allow_vencrypt is true')
if (!$vencrypt_cert or !$vencrypt_key) {
fail('vencrypt_cert and vencrypt_key are required when allow_vencrypt is true')
}
nova_config {
'vnc/vencrypt_ca_certs': value => $vencrypt_ca;

29
spec/classes/nova_vnc_proxy_spec.rb → spec/classes/nova_vncproxy_spec.rb
View File

@@ -2,16 +2,12 @@ require 'spec_helper'
describe 'nova::vncproxy' do
shared_examples 'nova_vnc_proxy' do
shared_examples 'nova::vncproxy' do
let :pre_condition do
'include nova'
end
let :params do
{ :enabled => true }
end
context 'with default parameters' do
it { is_expected.to contain_nova_config('vnc/novncproxy_host').with_value('0.0.0.0') }
it { is_expected.to contain_nova_config('vnc/novncproxy_port').with_value(6080) }
@@ -72,7 +68,7 @@ describe 'nova::vncproxy' do
let :params do
{
:allow_vencrypt => true,
:allow_noauth => false,
:allow_noauth => false,
:vencrypt_key => '/foo.key',
:vencrypt_cert => '/bar.pem',
:vencrypt_ca => '/baz.pem'
@@ -98,41 +94,44 @@ describe 'nova::vncproxy' do
let :params do
{
:allow_vencrypt => true,
:allow_noauth => false,
:allow_noauth => false,
:vencrypt_key => '/foo.key',
:vencrypt_cert => '/bar.pem',
}
end
it_raises 'a Puppet::Error', /vencrypt_ca\/cert\/key params are required when allow_vencrypt is true/
it { is_expected.to contain_nova_config('vnc/auth_schemes').with_value('vencrypt') }
it { is_expected.to contain_nova_config('vnc/vencrypt_client_key').with_value('/foo.key')}
it { is_expected.to contain_nova_config('vnc/vencrypt_client_cert').with_value('/bar.pem')}
it { is_expected.to contain_nova_config('vnc/vencrypt_ca_certs').with_value('<SERVICE DEFAULT>')}
end
context 'with vencrypt missing key' do
let :params do
{
:allow_vencrypt => true,
:allow_noauth => false,
:allow_noauth => false,
:vencrypt_cert => '/bar.pem',
:vencrypt_ca => '/baz.pem'
}
end
it_raises 'a Puppet::Error', /vencrypt_ca\/cert\/key params are required when allow_vencrypt is true/
it_raises 'a Puppet::Error', /vencrypt_cert and vencrypt_key are required when allow_vencrypt is true/
end
context 'with vencrypt missing cert' do
let :params do
{
:allow_vencrypt => true,
:allow_noauth => false,
:allow_noauth => false,
:vencrypt_key => '/foo.key',
:vencrypt_ca => '/baz.pem'
}
end
it_raises 'a Puppet::Error', /vencrypt_ca\/cert\/key params are required when allow_vencrypt is true/
it_raises 'a Puppet::Error', /vencrypt_cert and vencrypt_key are required when allow_vencrypt is true/
end
end
shared_examples 'nova_vnc_proxy debian package' do
shared_examples 'nova::vncproxy debian package' do
let :pre_condition do
'include nova'
end
@@ -171,10 +170,10 @@ describe 'nova::vncproxy' do
end
end
it_behaves_like 'nova_vnc_proxy'
it_behaves_like 'nova::vncproxy'
if facts[:os]['name'] == 'Debian'
it_behaves_like 'nova_vnc_proxy debian package'
it_behaves_like 'nova::vncproxy debian package'
end
end