Browse Source

Add TLS options to oslo.cache

This patch specifies a set of options required to build a TLS context.
The context built from those options can later on be passed to any of
the oslo.cache backends that supports TLS connections.

Depends-on: https://review.opendev.org/774119
Change-Id: I92552d013db98b972124db901f3f35a326110846
(cherry picked from commit 42d1e8567d)
changes/19/775619/1
Grzegorz Grasza 5 months ago
parent
commit
55ea15a36f
3 changed files with 62 additions and 0 deletions
  1. +43
    -0
      manifests/cache.pp
  2. +4
    -0
      releasenotes/notes/add_tls_options-e126a2206f028366.yaml
  3. +15
    -0
      spec/classes/heat_cache_spec.rb

+ 43
- 0
manifests/cache.pp View File

@ -112,6 +112,39 @@
# (Optional) TTL, in seconds, for caching in resource finder.
# Defaults to $::os_service_default
#
# [*tls_enabled*]
# (Optional) Global toggle for TLS usage when comunicating with
# the caching servers.
# Default to $::os_service_default
#
# [*tls_cafile*]
# (Optional) Path to a file of concatenated CA certificates in PEM
# format necessary to establish the caching server's authenticity.
# If tls_enabled is False, this option is ignored.
# Default to $::os_service_default
#
# [*tls_certfile*]
# (Optional) Path to a single file in PEM format containing the
# client's certificate as well as any number of CA certificates
# needed to establish the certificate's authenticity. This file
# is only required when client side authentication is necessary.
# If tls_enabled is False, this option is ignored.
# Default to $::os_service_default
#
# [*tls_keyfile*]
# (Optional) Path to a single file containing the client's private
# key in. Otherwhise the private key will be taken from the file
# specified in tls_certfile. If tls_enabled is False, this option
# is ignored.
# Default to $::os_service_default
#
# [*tls_allowed_ciphers*]
# (Optional) Set the available ciphers for sockets created with
# the TLS context. It should be a string in the OpenSSL cipher
# list format. If not specified, all OpenSSL enabled ciphers will
# be available.
# Default to $::os_service_default
#
class heat::cache (
$config_prefix = $::os_service_default,
$expiration_time = $::os_service_default,
@ -133,6 +166,11 @@ class heat::cache (
$service_extension_expiration_time = $::os_service_default,
$resource_finder_caching = $::os_service_default,
$resource_finder_expiration_time = $::os_service_default,
$tls_enabled = $::os_service_default,
$tls_cafile = $::os_service_default,
$tls_certfile = $::os_service_default,
$tls_keyfile = $::os_service_default,
$tls_allowed_ciphers = $::os_service_default,
) {
include heat::deps
@ -152,6 +190,11 @@ class heat::cache (
memcache_pool_unused_timeout => $memcache_pool_unused_timeout,
memcache_pool_connection_get_timeout => $memcache_pool_connection_get_timeout,
manage_backend_package => $manage_backend_package,
tls_enabled => $tls_enabled,
tls_cafile => $tls_cafile,
tls_certfile => $tls_certfile,
tls_keyfile => $tls_keyfile,
tls_allowed_ciphers => $tls_allowed_ciphers,
}
heat_config {


+ 4
- 0
releasenotes/notes/add_tls_options-e126a2206f028366.yaml View File

@ -0,0 +1,4 @@
---
features:
- |
Add TLS options to oslo.cache

+ 15
- 0
spec/classes/heat_cache_spec.rb View File

@ -23,6 +23,11 @@ describe 'heat::cache' do
is_expected.to contain_heat_config('cache/memcache_pool_maxsize').with_value('<SERVICE DEFAULT>')
is_expected.to contain_heat_config('cache/memcache_pool_unused_timeout').with_value('<SERVICE DEFAULT>')
is_expected.to contain_heat_config('cache/memcache_pool_connection_get_timeout').with_value('<SERVICE DEFAULT>')
is_expected.to contain_heat_config('cache/tls_enabled').with_value('<SERVICE DEFAULT>')
is_expected.to contain_heat_config('cache/tls_cafile').with_value('<SERVICE DEFAULT>')
is_expected.to contain_heat_config('cache/tls_certfile').with_value('<SERVICE DEFAULT>')
is_expected.to contain_heat_config('cache/tls_keyfile').with_value('<SERVICE DEFAULT>')
is_expected.to contain_heat_config('cache/tls_allowed_ciphers').with_value('<SERVICE DEFAULT>')
is_expected.to contain_oslo__cache('heat_config').with_manage_backend_package(true)
is_expected.to contain_heat_config('constraint_validation_cache/caching').with_value('<SERVICE DEFAULT>')
is_expected.to contain_heat_config('constraint_validation_cache/expiration_time').with_value('<SERVICE DEFAULT>')
@ -48,6 +53,11 @@ describe 'heat::cache' do
:memcache_pool_maxsize => '10',
:memcache_pool_unused_timeout => '120',
:memcache_pool_connection_get_timeout => '360',
:tls_enabled => false,
:tls_cafile => nil,
:tls_certfile => nil,
:tls_keyfile => nil,
:tls_allowed_ciphers => nil,
:manage_backend_package => false,
:constraint_validation_caching => true,
:constraint_validation_expiration_time => '3600',
@ -72,6 +82,11 @@ describe 'heat::cache' do
is_expected.to contain_heat_config('cache/memcache_pool_maxsize').with_value('10')
is_expected.to contain_heat_config('cache/memcache_pool_unused_timeout').with_value('120')
is_expected.to contain_heat_config('cache/memcache_pool_connection_get_timeout').with_value('360')
is_expected.to contain_heat_config('cache/tls_enabled').with_value('false')
is_expected.to contain_heat_config('cache/tls_cafile').with_value('nil')
is_expected.to contain_heat_config('cache/tls_certfile').with_value('nil')
is_expected.to contain_heat_config('cache/tls_keyfile').with_value('nil')
is_expected.to contain_heat_config('cache/tls_allowed_ciphers').with_value('nil')
is_expected.to contain_oslo__cache('heat_config').with_manage_backend_package(false)
is_expected.to contain_heat_config('constraint_validation_cache/caching').with_value('true')
is_expected.to contain_heat_config('constraint_validation_cache/expiration_time').with_value('3600')


Loading…
Cancel
Save