Make horizon_ca optional when SSL is enabled

This allows the vhost to use the globally set CA file (in ssl.conf) if
present. Or one might just not need the CA to be set (no TLS
authentication).

Change-Id: Iba1aea34e72a0138120fa7bcb7267f73e37bf0ce
Closes-Bug: #1711280
This commit is contained in:
Juan Antonio Osorio Robles 2017-08-17 08:46:17 +03:00
parent a6df5b361d
commit 639f1cf98d
3 changed files with 6 additions and 9 deletions

View File

@ -137,10 +137,6 @@ class horizon::wsgi::apache (
include ::apache::mod::ssl
$ensure_ssl_vhost = 'present'
if $horizon_ca == undef {
fail('The horizon_ca parameter is required when listen_ssl is true')
}
if $horizon_cert == undef {
fail('The horizon_cert parameter is required when listen_ssl is true')
}

View File

@ -0,0 +1,6 @@
---
security:
- |
The horizon_ca option is now optional. This implies that you could in theory
use the CA configured in the global httpd SSL configuration (ssl.conf) or
simply not using this value.

View File

@ -145,11 +145,6 @@ describe 'horizon::wsgi::apache' do
context 'without required parameters' do
context 'without horizon_ca parameter' do
before { params.delete(:horizon_ca) }
it_raises 'a Puppet::Error', /The horizon_ca parameter is required when listen_ssl is true/
end
context 'without horizon_cert parameter' do
before { params.delete(:horizon_cert) }
it_raises 'a Puppet::Error', /The horizon_cert parameter is required when listen_ssl is true/