Merge "Fix validation of memcache_security_strategy"

2021-11-17 14:54:33 +00:00 · 2021-11-17 14:54:33 +00:00 · 102f8d7fca
commit 102f8d7fca
parent 46b04c3a1a 38d3157474
2 changed files with 27 additions and 6 deletions
--- a/manifests/resource/authtoken.pp
+++ b/manifests/resource/authtoken.pp
@ -273,12 +273,14 @@ define keystone::resource::authtoken(
    validate_legacy(Boolean, 'validate_bool', $memcache_use_advanced_pool)
  }

-  if! ($memcache_security_strategy in [$::os_service_default,'MAC','ENCRYPT']) {
-    fail('memcache_security_strategy can be set only to MAC or ENCRYPT')
-  }
+  if !is_service_default($memcache_security_strategy) {
+    if !(downcase($memcache_security_strategy) in ['none', 'mac', 'encrypt']){
+      fail('memcache_security_strategy can be set only to None, MAC or ENCRYPT')
+    }

-  if !is_service_default($memcache_security_strategy) and is_service_default($memcache_secret_key) {
-    fail('memcache_secret_key is required when memcache_security_strategy is defined')
+    if downcase($memcache_security_strategy) != 'none' and is_service_default($memcache_secret_key) {
+      fail('memcache_secret_key is required when memcache_security_strategy is not None')
+    }
  }

  if !is_service_default($delay_auth_decision) {
--- a/spec/defines/keystone_resource_authtoken_spec.rb
+++ b/spec/defines/keystone_resource_authtoken_spec.rb
@ -189,16 +189,35 @@ describe 'keystone::resource::authtoken' do
      it { expect { is_expected.to raise_error(Puppet::Error, 'memcache_security_strategy can be set only to MAC or ENCRYPT') } }
    end

+    context 'memcache_security_strategy in lower case' do
+      before do
+        params.merge!({
+          :memcache_security_strategy => 'encrypt',
+          :memcache_secret_key        => 'secret_key',
+        })
+      end
+      it { is_expected.to contain_keystone_config('keystone_authtoken/memcache_security_strategy').with_value( params[:memcache_security_strategy] ) }
+    end
+
    context 'require memcache_secret_key when memcache_security_strategy is defined' do
      before do
        params.merge!({
          :memcache_security_strategy => 'MAC',
-          :memcache_secret_key => '<SERVICE DEFAULT>',
+          :memcache_secret_key        => '<SERVICE DEFAULT>',
        })
      end
      it { expect { is_expected.to raise_error(Puppet::Error, 'memcache_secret_key is required when memcache_security_strategy is defined') } }
    end

+    context 'memcache_security_strategy is None' do
+      before do
+        params.merge!({
+          :memcache_security_strategy => 'none',
+        })
+      end
+      it { is_expected.to contain_keystone_config('keystone_authtoken/memcache_security_strategy').with_value( params[:memcache_security_strategy] ) }
+    end
+
    context 'when service_token_roles is an array' do
      before do
        params.merge!({