Make vencrypt_ca optional

The [vnc] vencrypt_ca_certs is not mandatory even when vencrypt auth
scheme is used.

Change-Id: I771b53479ee993b42cbb7ac6071ce08380f62b0b

manifests/vncproxy.pp

@@ -58,8 +58,7 @@
 # [*vencrypt_ca*]
 #   (optional) path to the certificate authority cert to use when connecting
 #   to VNC servers that supporting vencrypt
-#   Required when allow_vencrypt is true.
+#   Defaults to $facts['os_service_default']
-#   Defaults to undef
 #
 class nova::vncproxy(
   Boolean $enabled                         = true,
@@ -73,7 +72,7 @@ class nova::vncproxy(
   Boolean $allow_vencrypt                  = false,
   $vencrypt_key                            = undef,
   $vencrypt_cert                           = undef,
-  $vencrypt_ca                             = undef,
+  $vencrypt_ca                             = $facts['os_service_default'],
 ) {
 
   include nova::deps
@@ -85,8 +84,8 @@ class nova::vncproxy(
 
   if $allow_vencrypt {
 
-    if (!$vencrypt_ca or !$vencrypt_cert or !$vencrypt_key) {
+    if (!$vencrypt_cert or !$vencrypt_key) {
-      fail('vencrypt_ca/cert/key params are required when allow_vencrypt is true')
+      fail('vencrypt_cert and vencrypt_key are required when allow_vencrypt is true')
     }
     nova_config {
       'vnc/vencrypt_ca_certs':    value => $vencrypt_ca;

spec/classes/nova_vncproxy_spec.rb

@@ -2,16 +2,12 @@ require 'spec_helper'
 
 describe 'nova::vncproxy' do
 
-  shared_examples 'nova_vnc_proxy' do
+  shared_examples 'nova::vncproxy' do
 
     let :pre_condition do
       'include nova'
     end
 
-    let :params do
-      { :enabled => true }
-    end
-
     context 'with default parameters' do
       it { is_expected.to contain_nova_config('vnc/novncproxy_host').with_value('0.0.0.0') }
       it { is_expected.to contain_nova_config('vnc/novncproxy_port').with_value(6080) }
@@ -103,7 +99,10 @@ describe 'nova::vncproxy' do
           :vencrypt_cert  => '/bar.pem',
         }
       end
-      it_raises 'a Puppet::Error', /vencrypt_ca\/cert\/key params are required when allow_vencrypt is true/
+      it { is_expected.to contain_nova_config('vnc/auth_schemes').with_value('vencrypt') }
+      it { is_expected.to contain_nova_config('vnc/vencrypt_client_key').with_value('/foo.key')}
+      it { is_expected.to contain_nova_config('vnc/vencrypt_client_cert').with_value('/bar.pem')}
+      it { is_expected.to contain_nova_config('vnc/vencrypt_ca_certs').with_value('<SERVICE DEFAULT>')}
     end
 
     context 'with vencrypt missing key' do
@@ -115,7 +114,7 @@ describe 'nova::vncproxy' do
           :vencrypt_ca    => '/baz.pem'
         }
       end
-      it_raises 'a Puppet::Error', /vencrypt_ca\/cert\/key params are required when allow_vencrypt is true/
+      it_raises 'a Puppet::Error', /vencrypt_cert and vencrypt_key are required when allow_vencrypt is true/
     end
 
     context 'with vencrypt missing cert' do
@@ -127,12 +126,12 @@ describe 'nova::vncproxy' do
           :vencrypt_ca    => '/baz.pem'
         }
       end
-      it_raises 'a Puppet::Error', /vencrypt_ca\/cert\/key params are required when allow_vencrypt is true/
+      it_raises 'a Puppet::Error', /vencrypt_cert and vencrypt_key are required when allow_vencrypt is true/
     end
 
   end
 
-  shared_examples 'nova_vnc_proxy debian package' do
+  shared_examples 'nova::vncproxy debian package' do
     let :pre_condition do
       'include nova'
     end
@@ -171,10 +170,10 @@ describe 'nova::vncproxy' do
         end
       end
 
-      it_behaves_like 'nova_vnc_proxy'
+      it_behaves_like 'nova::vncproxy'
 
       if facts[:os]['name'] == 'Debian'
-        it_behaves_like 'nova_vnc_proxy debian package'
+        it_behaves_like 'nova::vncproxy debian package'
       end
 
     end