Makes kombu_ssl_* parameters optional when rabbit_use_ssl => true

The kombu_ssl_* parameters should not be required when rabbit_use_ssl => true Rather, rabbit_use_ssl must be set to true if the kombu_ssl_* parameters are used. Change-Id: I7664dda2c66ffb34ceb56ada722574ae0e490f8f Closes-Bug: 1356083
2014-09-04 13:49:30 -06:00 · 2014-09-04 13:49:30 -06:00 · 957c2120d0
parent 61ace074e3
commit 957c2120d0
2 changed files with 57 additions and 19 deletions
--- a/manifests/init.pp
+++ b/manifests/init.pp
@ -111,16 +111,17 @@ class ceilometer(

  include ceilometer::params

-  if $rabbit_use_ssl {
-    if !$kombu_ssl_ca_certs {
-      fail('The kombu_ssl_ca_certs parameter is required when rabbit_use_ssl is set to true')
-    }
-    if !$kombu_ssl_certfile {
-      fail('The kombu_ssl_certfile parameter is required when rabbit_use_ssl is set to true')
-    }
-    if !$kombu_ssl_keyfile {
-      fail('The kombu_ssl_keyfile parameter is required when rabbit_use_ssl is set to true')
-    }
+  if $kombu_ssl_ca_certs and !$rabbit_use_ssl {
+    fail('The kombu_ssl_ca_certs parameter requires rabbit_use_ssl to be set to true')
+  }
+  if $kombu_ssl_certfile and !$rabbit_use_ssl {
+    fail('The kombu_ssl_certfile parameter requires rabbit_use_ssl to be set to true')
+  }
+  if $kombu_ssl_keyfile and !$rabbit_use_ssl {
+    fail('The kombu_ssl_keyfile parameter requires rabbit_use_ssl to be set to true')
+  }
+  if ($kombu_ssl_certfile and !$kombu_ssl_keyfile) or ($kombu_ssl_keyfile and !$kombu_ssl_certfile) {
+    fail('The kombu_ssl_certfile and kombu_ssl_keyfile parameters must be used together')
  }

  File {
@ -189,12 +190,31 @@ class ceilometer(
      }

      if $rabbit_use_ssl {
+
+      if $kombu_ssl_ca_certs {
+        ceilometer_config { 'DEFAULT/kombu_ssl_ca_certs': value => $kombu_ssl_ca_certs; }
+      } else {
+        ceilometer_config { 'DEFAULT/kombu_ssl_ca_certs': ensure => absent; }
+      }
+
+      if $kombu_ssl_certfile or $kombu_ssl_keyfile {
        ceilometer_config {
-          'DEFAULT/kombu_ssl_ca_certs': value => $kombu_ssl_ca_certs;
          'DEFAULT/kombu_ssl_certfile': value => $kombu_ssl_certfile;
          'DEFAULT/kombu_ssl_keyfile':  value => $kombu_ssl_keyfile;
-          'DEFAULT/kombu_ssl_version':  value => $kombu_ssl_version;
        }
+      } else {
+        ceilometer_config {
+          'DEFAULT/kombu_ssl_certfile': ensure => absent;
+          'DEFAULT/kombu_ssl_keyfile':  ensure => absent;
+        }
+      }
+
+      if $kombu_ssl_version {
+        ceilometer_config { 'DEFAULT/kombu_ssl_version':  value => $kombu_ssl_version; }
+      } else {
+        ceilometer_config { 'DEFAULT/kombu_ssl_version':  ensure => absent; }
+      }
+
      } else {
        ceilometer_config {
          'DEFAULT/kombu_ssl_ca_certs': ensure => absent;
--- a/spec/classes/ceilometer_init_spec.rb
+++ b/spec/classes/ceilometer_init_spec.rb
@ -227,7 +227,7 @@ describe 'ceilometer' do
      it { should contain_ceilometer_config('DEFAULT/kombu_ssl_version').with_ensure('absent') }
    end

-    context "with SSL enabled" do
+    context "with SSL enabled with kombu" do
      before { params.merge!(
        :rabbit_use_ssl     => 'true',
        :kombu_ssl_ca_certs => '/path/to/ca.crt',
@ -243,15 +243,33 @@ describe 'ceilometer' do
      it { should contain_ceilometer_config('DEFAULT/kombu_ssl_version').with_value('TLSv1') }
    end

-    context "with SSL wrongly configured" do
+    context "with SSL enabled without kombu" do
      before { params.merge!(
-        :rabbit_use_ssl     => 'false',
-        :kombu_ssl_certfile => '/path/to/cert.crt',
-        :kombu_ssl_keyfile  => '/path/to/cert.key',
-        :kombu_ssl_version  => 'TLSv1'
+        :rabbit_use_ssl     => 'true'
      ) }

-      it_raises 'a Puppet::Error', /The kombu_ssl_ca_certs parameter is required when rabbit_use_ssl is set to true/
+      it { should contain_ceilometer_config('DEFAULT/rabbit_use_ssl').with_value('true') }
+      it { should contain_ceilometer_config('DEFAULT/kombu_ssl_ca_certs').with_ensure('absent') }
+      it { should contain_ceilometer_config('DEFAULT/kombu_ssl_certfile').with_ensure('absent') }
+      it { should contain_ceilometer_config('DEFAULT/kombu_ssl_keyfile').with_ensure('absent') }
+      it { should contain_ceilometer_config('DEFAULT/kombu_ssl_version').with_value('SSLv3') }
+    end
+
+    context "with SSL wrongly configured" do
+      context 'with kombu_ssl_ca_certs parameter' do
+        before { params.merge!(:kombu_ssl_ca_certs => '/path/to/ca.crt') }
+        it_raises 'a Puppet::Error', /The kombu_ssl_ca_certs parameter requires rabbit_use_ssl to be set to true/
+      end
+
+      context 'with kombu_ssl_certfile parameter' do
+        before { params.merge!(:kombu_ssl_certfile => '/path/to/ssl/cert/file') }
+        it_raises 'a Puppet::Error', /The kombu_ssl_certfile parameter requires rabbit_use_ssl to be set to true/
+      end
+
+      context 'with kombu_ssl_keyfile parameter' do
+        before { params.merge!(:kombu_ssl_keyfile => '/path/to/ssl/keyfile') }
+        it_raises 'a Puppet::Error', /The kombu_ssl_keyfile parameter requires rabbit_use_ssl to be set to true/
+      end
    end
  end