api: Deprecate unused ssl parameters
These parameters are used by oslo.service library but Barbican does not provide wsgi servce based on the library. Change-Id: Ie035ec4a4dbce089e9911e11f91c2c013998192b
This commit is contained in:
parent
3af0df5bb4
commit
109ea49acb
|
@ -213,22 +213,6 @@
|
|||
# to make barbican-api be a web app using apache mod_wsgi.
|
||||
# Defaults to $::barbican::params::api_service_name
|
||||
#
|
||||
# [*use_ssl*]
|
||||
# (optional) Enable SSL on the API server
|
||||
# Defaults to false, not set
|
||||
#
|
||||
# [*cert_file*]
|
||||
# (optinal) Certificate file to use when starting API server securely
|
||||
# Defaults to $::os_service_default
|
||||
#
|
||||
# [*key_file*]
|
||||
# (optional) Private key file to use when starting API server securely
|
||||
# Defaults to $::os_service_default
|
||||
#
|
||||
# [*ca_file*]
|
||||
# (optional) CA certificate file to use to verify connecting clients
|
||||
# Defaults to $::os_service_default
|
||||
#
|
||||
# [*enable_proxy_headers_parsing*]
|
||||
# (Optional) Enable paste middleware to handle SSL requests through
|
||||
# HTTPProxyToWSGI middleware.
|
||||
|
@ -261,6 +245,22 @@
|
|||
# accepts latest or specific versions.
|
||||
# Defaults to undef
|
||||
#
|
||||
# [*use_ssl*]
|
||||
# (optional) Enable SSL on the API server
|
||||
# Defaults to undef
|
||||
#
|
||||
# [*cert_file*]
|
||||
# (optinal) Certificate file to use when starting API server securely
|
||||
# Defaults to undef
|
||||
#
|
||||
# [*key_file*]
|
||||
# (optional) Private key file to use when starting API server securely
|
||||
# Defaults to undef
|
||||
#
|
||||
# [*ca_file*]
|
||||
# (optional) CA certificate file to use to verify connecting clients
|
||||
# Defaults to undef
|
||||
#
|
||||
class barbican::api (
|
||||
$package_ensure = 'present',
|
||||
$bind_host = '0.0.0.0',
|
||||
|
@ -303,10 +303,6 @@ class barbican::api (
|
|||
$enabled = true,
|
||||
$sync_db = true,
|
||||
$db_auto_create = $::os_service_default,
|
||||
$use_ssl = false,
|
||||
$ca_file = $::os_service_default,
|
||||
$cert_file = $::os_service_default,
|
||||
$key_file = $::os_service_default,
|
||||
$service_name = $::barbican::params::api_service_name,
|
||||
$enable_proxy_headers_parsing = $::os_service_default,
|
||||
$max_request_body_size = $::os_service_default,
|
||||
|
@ -316,6 +312,10 @@ class barbican::api (
|
|||
$retry_scheduler_initial_delay_seconds = undef,
|
||||
$retry_scheduler_periodic_interval_max_seconds = undef,
|
||||
$client_package_ensure = undef,
|
||||
$use_ssl = undef,
|
||||
$ca_file = undef,
|
||||
$cert_file = undef,
|
||||
$key_file = undef,
|
||||
) inherits barbican::params {
|
||||
|
||||
include barbican::deps
|
||||
|
@ -441,20 +441,16 @@ class barbican::api (
|
|||
# instead of using db_sync
|
||||
barbican_config { 'DEFAULT/db_auto_create': value => $db_auto_create }
|
||||
|
||||
if $use_ssl {
|
||||
if is_service_default($cert_file) {
|
||||
fail('The cert_file parameter is required when use_ssl is set to true')
|
||||
}
|
||||
if is_service_default($key_file) {
|
||||
fail('The key_file parameter is required when use_ssl is set to true')
|
||||
[ 'use_ssl', 'cert_file', 'key_file', 'ca_file' ].each |String $ssl_opt| {
|
||||
if getvar($ssl_opt) != undef {
|
||||
warning("The ${ssl_opt} parameter has been deprecated and has no effect.")
|
||||
}
|
||||
}
|
||||
|
||||
# SSL Options
|
||||
barbican_config {
|
||||
'DEFAULT/cert_file': value => $cert_file;
|
||||
'DEFAULT/key_file': value => $key_file;
|
||||
'DEFAULT/ca_file': value => $ca_file;
|
||||
'DEFAULT/cert_file': ensure => absent;
|
||||
'DEFAULT/key_file': ensure => absent;
|
||||
'DEFAULT/ca_file': ensure => absent;
|
||||
}
|
||||
|
||||
if $sync_db {
|
||||
|
|
|
@ -0,0 +1,10 @@
|
|||
---
|
||||
deprecations:
|
||||
- |
|
||||
The following parameters of the ``barbican::api`` class have been
|
||||
deprecated and have no effect now.
|
||||
|
||||
- ``use_ssl``
|
||||
- ``cert_file``
|
||||
- ``key_file``
|
||||
- ``ca_file``
|
|
@ -241,60 +241,6 @@ describe 'barbican::api' do
|
|||
)}
|
||||
end
|
||||
|
||||
describe 'with SSL socket options set' do
|
||||
let :pre_condition do
|
||||
'class { "barbican::keystone::authtoken": password => "secret", }
|
||||
include apache'
|
||||
end
|
||||
|
||||
let :params do
|
||||
default_params.merge({
|
||||
:use_ssl => true,
|
||||
:cert_file => '/path/to/cert',
|
||||
:ca_file => '/path/to/ca',
|
||||
:key_file => '/path/to/key',
|
||||
})
|
||||
end
|
||||
|
||||
it { is_expected.to contain_barbican_config('DEFAULT/ca_file').with_value('/path/to/ca') }
|
||||
it { is_expected.to contain_barbican_config('DEFAULT/cert_file').with_value('/path/to/cert') }
|
||||
it { is_expected.to contain_barbican_config('DEFAULT/key_file').with_value('/path/to/key') }
|
||||
end
|
||||
|
||||
describe 'with SSL socket options left by default' do
|
||||
let :pre_condition do
|
||||
'class { "barbican::keystone::authtoken": password => "secret", }
|
||||
include apache'
|
||||
end
|
||||
|
||||
let :params do
|
||||
default_params.merge({
|
||||
:use_ssl => false,
|
||||
})
|
||||
end
|
||||
|
||||
it { is_expected.to contain_barbican_config('DEFAULT/ca_file').with_value('<SERVICE DEFAULT>') }
|
||||
it { is_expected.to contain_barbican_config('DEFAULT/cert_file').with_value('<SERVICE DEFAULT>') }
|
||||
it { is_expected.to contain_barbican_config('DEFAULT/key_file').with_value('<SERVICE DEFAULT>') }
|
||||
end
|
||||
|
||||
describe 'with SSL socket options set wrongly configured' do
|
||||
let :pre_condition do
|
||||
'class { "barbican::keystone::authtoken": password => "secret", }
|
||||
include apache'
|
||||
end
|
||||
|
||||
let :params do
|
||||
default_params.merge({
|
||||
:use_ssl => true,
|
||||
:ca_file => '/path/to/ca',
|
||||
:key_file => '/path/to/key',
|
||||
})
|
||||
end
|
||||
|
||||
it_raises 'a Puppet::Error', /The cert_file parameter is required when use_ssl is set to true/
|
||||
end
|
||||
|
||||
describe 'with keystone auth' do
|
||||
let :pre_condition do
|
||||
'class { "barbican::keystone::authtoken": password => "secret", }
|
||||
|
|
Loading…
Reference in New Issue