openstack/puppet-keystone
Code Issues Proposed changes

Merge "Fix validation of memcache_security_strategy"

Browse Source
This commit is contained in:
Zuul
2021-11-17 14:54:33 +00:00
committed by Gerrit Code Review
parent 46b04c3a1a 38d3157474
commit 102f8d7fca
2 changed files with 27 additions and 6 deletions
Download Patch File Download Diff File Expand all files Collapse all files

12
manifests/resource/authtoken.pp
View File

@@ -273,12 +273,14 @@ define keystone::resource::authtoken(
validate_legacy(Boolean, 'validate_bool', $memcache_use_advanced_pool) validate_legacy(Boolean, 'validate_bool', $memcache_use_advanced_pool)
} }
if! ($memcache_security_strategy in [$::os_service_default,'MAC','ENCRYPT']) { if !is_service_default($memcache_security_strategy) {
fail('memcache_security_strategy can be set only to MAC or ENCRYPT') if !(downcase($memcache_security_strategy) in ['none', 'mac', 'encrypt']){
} fail('memcache_security_strategy can be set only to None, MAC or ENCRYPT')
}
if !is_service_default($memcache_security_strategy) and is_service_default($memcache_secret_key) { if downcase($memcache_security_strategy) != 'none' and is_service_default($memcache_secret_key) {
fail('memcache_secret_key is required when memcache_security_strategy is defined') fail('memcache_secret_key is required when memcache_security_strategy is not None')
}
} }
if !is_service_default($delay_auth_decision) { if !is_service_default($delay_auth_decision) {

21
spec/defines/keystone_resource_authtoken_spec.rb
View File

@@ -189,16 +189,35 @@ describe 'keystone::resource::authtoken' do
it { expect { is_expected.to raise_error(Puppet::Error, 'memcache_security_strategy can be set only to MAC or ENCRYPT') } } it { expect { is_expected.to raise_error(Puppet::Error, 'memcache_security_strategy can be set only to MAC or ENCRYPT') } }
end end
context 'memcache_security_strategy in lower case' do
before do
params.merge!({
:memcache_security_strategy => 'encrypt',
:memcache_secret_key => 'secret_key',
})
end
it { is_expected.to contain_keystone_config('keystone_authtoken/memcache_security_strategy').with_value( params[:memcache_security_strategy] ) }
end
context 'require memcache_secret_key when memcache_security_strategy is defined' do context 'require memcache_secret_key when memcache_security_strategy is defined' do
before do before do
params.merge!({ params.merge!({
:memcache_security_strategy => 'MAC', :memcache_security_strategy => 'MAC',
:memcache_secret_key => '<SERVICE DEFAULT>', :memcache_secret_key => '<SERVICE DEFAULT>',
}) })
end end
it { expect { is_expected.to raise_error(Puppet::Error, 'memcache_secret_key is required when memcache_security_strategy is defined') } } it { expect { is_expected.to raise_error(Puppet::Error, 'memcache_secret_key is required when memcache_security_strategy is defined') } }
end end
context 'memcache_security_strategy is None' do
before do
params.merge!({
:memcache_security_strategy => 'none',
})
end
it { is_expected.to contain_keystone_config('keystone_authtoken/memcache_security_strategy').with_value( params[:memcache_security_strategy] ) }
end
context 'when service_token_roles is an array' do context 'when service_token_roles is an array' do
before do before do
params.merge!({ params.merge!({