Add SSL options
Refer to the following link, there are SSL options in barbican.conf, so we can configure them. http://git.openstack.org/cgit/openstack/barbican/tree/etc/barbican/barbican.conf Change-Id: Id0ad701bab2f4ad5de75a3d72c991b8c838d5146
This commit is contained in:
parent
2fe454b511
commit
64e9e1e599
|
@ -221,6 +221,22 @@
|
|||
# to make barbican-api be a web app using apache mod_wsgi.
|
||||
# Defaults to 'barbican-api'
|
||||
#
|
||||
# [*use_ssl*]
|
||||
# (optional) Enable SSL on the API server
|
||||
# Defaults to false, not set
|
||||
#
|
||||
# [*cert_file*]
|
||||
# (optinal) Certificate file to use when starting API server securely
|
||||
# Defaults to $::os_service_default
|
||||
#
|
||||
# [*key_file*]
|
||||
# (optional) Private key file to use when starting API server securely
|
||||
# Defaults to $::os_service_default
|
||||
#
|
||||
# [*ca_file*]
|
||||
# (optional) CA certificate file to use to verify connecting clients
|
||||
# Defaults to $::os_service_default
|
||||
#
|
||||
class barbican::api (
|
||||
$ensure_package = 'present',
|
||||
$client_package_ensure = 'present',
|
||||
|
@ -269,6 +285,10 @@ class barbican::api (
|
|||
$enabled = true,
|
||||
$sync_db = true,
|
||||
$db_auto_create = $::os_service_default,
|
||||
$use_ssl = false,
|
||||
$ca_file = $::os_service_default,
|
||||
$cert_file = $::os_service_default,
|
||||
$key_file = $::os_service_default,
|
||||
$service_name = 'barbican-api',
|
||||
) inherits barbican::params {
|
||||
|
||||
|
@ -424,6 +444,22 @@ class barbican::api (
|
|||
# instead of using db_sync
|
||||
barbican_config { 'DEFAULT/db_auto_create': value => $db_auto_create }
|
||||
|
||||
if $use_ssl {
|
||||
if is_service_default($cert_file) {
|
||||
fail('The cert_file parameter is required when use_ssl is set to true')
|
||||
}
|
||||
if is_service_default($key_file) {
|
||||
fail('The key_file parameter is required when use_ssl is set to true')
|
||||
}
|
||||
}
|
||||
|
||||
# SSL Options
|
||||
barbican_config {
|
||||
'DEFAULT/cert_file' : value => $cert_file;
|
||||
'DEFAULT/key_file' : value => $key_file;
|
||||
'DEFAULT/ca_file' : value => $ca_file;
|
||||
}
|
||||
|
||||
if $sync_db {
|
||||
include ::barbican::db::sync
|
||||
}
|
||||
|
|
|
@ -172,6 +172,48 @@ describe 'barbican::api' do
|
|||
end
|
||||
end
|
||||
|
||||
describe 'with SSL socket options set' do
|
||||
let :params do
|
||||
{
|
||||
:use_ssl => true,
|
||||
:cert_file => '/path/to/cert',
|
||||
:ca_file => '/path/to/ca',
|
||||
:key_file => '/path/to/key',
|
||||
:keystone_password => 'foobar',
|
||||
}
|
||||
end
|
||||
|
||||
it { is_expected.to contain_barbican_config('DEFAULT/ca_file').with_value('/path/to/ca') }
|
||||
it { is_expected.to contain_barbican_config('DEFAULT/cert_file').with_value('/path/to/cert') }
|
||||
it { is_expected.to contain_barbican_config('DEFAULT/key_file').with_value('/path/to/key') }
|
||||
end
|
||||
|
||||
describe 'with SSL socket options left by default' do
|
||||
let :params do
|
||||
{
|
||||
:use_ssl => false,
|
||||
:keystone_password => 'foobar',
|
||||
}
|
||||
end
|
||||
|
||||
it { is_expected.to contain_barbican_config('DEFAULT/ca_file').with_value('<SERVICE DEFAULT>') }
|
||||
it { is_expected.to contain_barbican_config('DEFAULT/cert_file').with_value('<SERVICE DEFAULT>') }
|
||||
it { is_expected.to contain_barbican_config('DEFAULT/key_file').with_value('<SERVICE DEFAULT>') }
|
||||
end
|
||||
|
||||
describe 'with SSL socket options set wrongly configured' do
|
||||
let :params do
|
||||
{
|
||||
:use_ssl => true,
|
||||
:ca_file => '/path/to/ca',
|
||||
:key_file => '/path/to/key',
|
||||
:keystone_password => 'foobar',
|
||||
}
|
||||
end
|
||||
|
||||
it_raises 'a Puppet::Error', /The cert_file parameter is required when use_ssl is set to true/
|
||||
end
|
||||
|
||||
describe 'with keystone auth' do
|
||||
let :params do
|
||||
{
|
||||
|
|
Loading…
Reference in New Issue