openstack/puppet-nova
Code Issues Proposed changes

Make vencrypt_ca optional

Browse Source 
The [vnc] vencrypt_ca_certs is not mandatory even when vencrypt auth
scheme is used.

Change-Id: I771b53479ee993b42cbb7ac6071ce08380f62b0b
This commit is contained in:
Takashi Kajinami
2025-04-27 00:02:12 +09:00
parent a284d01e0a
commit 0d1fa4e34f
2 changed files with 18 additions and 20 deletions
Download Patch File Download Diff File Expand all files Collapse all files

9
manifests/vncproxy.pp
View File

@@ -58,8 +58,7 @@
# [*vencrypt_ca*] # [*vencrypt_ca*]
# (optional) path to the certificate authority cert to use when connecting # (optional) path to the certificate authority cert to use when connecting
# to VNC servers that supporting vencrypt # to VNC servers that supporting vencrypt
# Required when allow_vencrypt is true. # Defaults to $facts['os_service_default']
# Defaults to undef
# #
class nova::vncproxy( class nova::vncproxy(
Boolean $enabled = true, Boolean $enabled = true,
@@ -73,7 +72,7 @@ class nova::vncproxy(
Boolean $allow_vencrypt = false, Boolean $allow_vencrypt = false,
$vencrypt_key = undef, $vencrypt_key = undef,
$vencrypt_cert = undef, $vencrypt_cert = undef,
$vencrypt_ca = undef, $vencrypt_ca = $facts['os_service_default'],
) { ) {
include nova::deps include nova::deps
@@ -85,8 +84,8 @@ class nova::vncproxy(
if $allow_vencrypt { if $allow_vencrypt {
if (!$vencrypt_ca or !$vencrypt_cert or !$vencrypt_key) { if (!$vencrypt_cert or !$vencrypt_key) {
fail('vencrypt_ca/cert/key params are required when allow_vencrypt is true') fail('vencrypt_cert and vencrypt_key are required when allow_vencrypt is true')
} }
nova_config { nova_config {
'vnc/vencrypt_ca_certs': value => $vencrypt_ca; 'vnc/vencrypt_ca_certs': value => $vencrypt_ca;

29
spec/classes/nova_vnc_proxy_spec.rb → spec/classes/nova_vncproxy_spec.rb
View File

@@ -2,16 +2,12 @@ require 'spec_helper'
describe 'nova::vncproxy' do describe 'nova::vncproxy' do
shared_examples 'nova_vnc_proxy' do shared_examples 'nova::vncproxy' do
let :pre_condition do let :pre_condition do
'include nova' 'include nova'
end end
let :params do
{ :enabled => true }
end
context 'with default parameters' do context 'with default parameters' do
it { is_expected.to contain_nova_config('vnc/novncproxy_host').with_value('0.0.0.0') } it { is_expected.to contain_nova_config('vnc/novncproxy_host').with_value('0.0.0.0') }
it { is_expected.to contain_nova_config('vnc/novncproxy_port').with_value(6080) } it { is_expected.to contain_nova_config('vnc/novncproxy_port').with_value(6080) }
@@ -72,7 +68,7 @@ describe 'nova::vncproxy' do
let :params do let :params do
{ {
:allow_vencrypt => true, :allow_vencrypt => true,
:allow_noauth => false, :allow_noauth => false,
:vencrypt_key => '/foo.key', :vencrypt_key => '/foo.key',
:vencrypt_cert => '/bar.pem', :vencrypt_cert => '/bar.pem',
:vencrypt_ca => '/baz.pem' :vencrypt_ca => '/baz.pem'
@@ -98,41 +94,44 @@ describe 'nova::vncproxy' do
let :params do let :params do
{ {
:allow_vencrypt => true, :allow_vencrypt => true,
:allow_noauth => false, :allow_noauth => false,
:vencrypt_key => '/foo.key', :vencrypt_key => '/foo.key',
:vencrypt_cert => '/bar.pem', :vencrypt_cert => '/bar.pem',
} }
end end
it_raises 'a Puppet::Error', /vencrypt_ca\/cert\/key params are required when allow_vencrypt is true/ it { is_expected.to contain_nova_config('vnc/auth_schemes').with_value('vencrypt') }
it { is_expected.to contain_nova_config('vnc/vencrypt_client_key').with_value('/foo.key')}
it { is_expected.to contain_nova_config('vnc/vencrypt_client_cert').with_value('/bar.pem')}
it { is_expected.to contain_nova_config('vnc/vencrypt_ca_certs').with_value('<SERVICE DEFAULT>')}
end end
context 'with vencrypt missing key' do context 'with vencrypt missing key' do
let :params do let :params do
{ {
:allow_vencrypt => true, :allow_vencrypt => true,
:allow_noauth => false, :allow_noauth => false,
:vencrypt_cert => '/bar.pem', :vencrypt_cert => '/bar.pem',
:vencrypt_ca => '/baz.pem' :vencrypt_ca => '/baz.pem'
} }
end end
it_raises 'a Puppet::Error', /vencrypt_ca\/cert\/key params are required when allow_vencrypt is true/ it_raises 'a Puppet::Error', /vencrypt_cert and vencrypt_key are required when allow_vencrypt is true/
end end
context 'with vencrypt missing cert' do context 'with vencrypt missing cert' do
let :params do let :params do
{ {
:allow_vencrypt => true, :allow_vencrypt => true,
:allow_noauth => false, :allow_noauth => false,
:vencrypt_key => '/foo.key', :vencrypt_key => '/foo.key',
:vencrypt_ca => '/baz.pem' :vencrypt_ca => '/baz.pem'
} }
end end
it_raises 'a Puppet::Error', /vencrypt_ca\/cert\/key params are required when allow_vencrypt is true/ it_raises 'a Puppet::Error', /vencrypt_cert and vencrypt_key are required when allow_vencrypt is true/
end end
end end
shared_examples 'nova_vnc_proxy debian package' do shared_examples 'nova::vncproxy debian package' do
let :pre_condition do let :pre_condition do
'include nova' 'include nova'
end end
@@ -171,10 +170,10 @@ describe 'nova::vncproxy' do
end end
end end
it_behaves_like 'nova_vnc_proxy' it_behaves_like 'nova::vncproxy'
if facts[:os]['name'] == 'Debian' if facts[:os]['name'] == 'Debian'
it_behaves_like 'nova_vnc_proxy debian package' it_behaves_like 'nova::vncproxy debian package'
end end
end end