Enforce use_ssl flag

Setting the certificate and key in heat's configuration has the effect of enabling SSL. So, one can actually enable SSL using those and ignore the use_ssl flag. This commit enforces that flag, so if the flag is not set, then those parameters shouldn't be persisted in Heat's configuration. A unit test was removed for each of the correspondent API's because they no longer apply. If ssl is not enabled, then heat_config resources containing those configurations are not present in the resource catalog. Change-Id: I87fb234943829d7f0d8786e98e90b81e9a71c8ef
2016-06-15 14:49:01 +03:00 · 2016-06-15 14:49:01 +03:00 · f55c866119
parent 0efd487d94
commit f55c866119
6 changed files with 19 additions and 40 deletions
--- a/manifests/api.pp
+++ b/manifests/api.pp
@ -99,8 +99,12 @@ class heat::api (
    'heat_api/bind_host': value => $bind_host;
    'heat_api/bind_port': value => $bind_port;
    'heat_api/workers':   value => $workers;
-    'heat_api/cert_file': value => $cert_file;
-    'heat_api/key_file':  value => $key_file;
  }

+  if $use_ssl {
+    heat_config {
+      'heat_api/cert_file': value => $cert_file;
+      'heat_api/key_file':  value => $key_file;
+    }
+  }
 }
--- a/manifests/api_cfn.pp
+++ b/manifests/api_cfn.pp
@ -102,8 +102,13 @@ class heat::api_cfn (
    'heat_api_cfn/bind_host': value => $bind_host;
    'heat_api_cfn/bind_port': value => $bind_port;
    'heat_api_cfn/workers':   value => $workers;
-    'heat_api_cfn/cert_file': value => $cert_file;
-    'heat_api_cfn/key_file':  value => $key_file;
+  }
+
+  if $use_ssl {
+    heat_config {
+      'heat_api_cfn/cert_file': value => $cert_file;
+      'heat_api_cfn/key_file':  value => $key_file;
+    }
  }

 }
--- a/manifests/api_cloudwatch.pp
+++ b/manifests/api_cloudwatch.pp
@ -101,8 +101,12 @@ class heat::api_cloudwatch (
    'heat_api_cloudwatch/bind_host': value => $bind_host;
    'heat_api_cloudwatch/bind_port': value => $bind_port;
    'heat_api_cloudwatch/workers':   value => $workers;
-    'heat_api_cloudwatch/cert_file': value => $cert_file;
-    'heat_api_cloudwatch/key_file':  value => $key_file;
  }

+  if $use_ssl {
+    heat_config {
+      'heat_api_cloudwatch/cert_file': value => $cert_file;
+      'heat_api_cloudwatch/key_file':  value => $key_file;
+    }
+  }
 }
--- a/spec/classes/heat_api_cfn_spec.rb
+++ b/spec/classes/heat_api_cfn_spec.rb
@ -48,17 +48,6 @@ describe 'heat::api_cfn' do
      it_raises 'a Puppet::Error', /The cert_file parameter is required when use_ssl is set to true/
    end

-    context 'with SSL socket options set to false' do
-      let :params do
-        {
-          :use_ssl   => false,
-        }
-      end
-
-      it { is_expected.to contain_heat_config('heat_api_cfn/cert_file').with_value('<SERVICE DEFAULT>') }
-      it { is_expected.to contain_heat_config('heat_api_cfn/key_file').with_value('<SERVICE DEFAULT>') }
-    end
-
    [{:enabled => true}, {:enabled => false}].each do |param_hash|
      context "when service should be #{param_hash[:enabled] ? 'enabled' : 'disabled'}" do
        before do
--- a/spec/classes/heat_api_cloudwatch_spec.rb
+++ b/spec/classes/heat_api_cloudwatch_spec.rb
@ -48,17 +48,6 @@ describe 'heat::api_cloudwatch' do
      it_raises 'a Puppet::Error', /The cert_file parameter is required when use_ssl is set to true/
    end

-    context 'with SSL socket options set to false' do
-      let :params do
-        {
-          :use_ssl   => false,
-        }
-      end
-
-      it { is_expected.to contain_heat_config('heat_api_cloudwatch/cert_file').with_value('<SERVICE DEFAULT>') }
-      it { is_expected.to contain_heat_config('heat_api_cloudwatch/key_file').with_value('<SERVICE DEFAULT>') }
-    end
-
    [{:enabled => true}, {:enabled => false}].each do |param_hash|
      context "when service should be #{param_hash[:enabled] ? 'enabled' : 'disabled'}" do
        before do
--- a/spec/classes/heat_api_spec.rb
+++ b/spec/classes/heat_api_spec.rb
@ -48,18 +48,6 @@ describe 'heat::api' do
      it_raises 'a Puppet::Error', /The cert_file parameter is required when use_ssl is set to true/
    end

-    context 'with SSL socket options set to false' do
-      let :params do
-        {
-          :use_ssl   => false,
-        }
-      end
-
-      it { is_expected.to contain_heat_config('heat_api/cert_file').with_value('<SERVICE DEFAULT>') }
-      it { is_expected.to contain_heat_config('heat_api/key_file').with_value('<SERVICE DEFAULT>') }
-    end
-
-
    [{:enabled => true}, {:enabled => false}].each do |param_hash|
      context "when service should be #{param_hash[:enabled] ? 'enabled' : 'disabled'}" do
        before do