openstack/puppet-keystone
Code Issues Proposed changes

Clear [ssl] parameters when ssl is disabled

Browse Source 
... instead of leaving these parameters unmanaged.

Change-Id: I3154bef04c4ad91c2a17b0e945a48d3469b91125
This commit is contained in:
Takashi Kajinami
2021-11-16 09:54:00 +09:00
parent 8c671983c7
commit 46b04c3a1a
2 changed files with 22 additions and 7 deletions
Download Patch File Download Diff File Expand all files Collapse all files

19
manifests/init.pp
View File

@@ -587,16 +587,21 @@ removed in a future realse. Use keystone::db::database_max_overflow instead')
# ssl config # ssl config
if ($enable_ssl) { if ($enable_ssl) {
keystone_config { keystone_config {
'ssl/enable': value => true; 'ssl/enable': value => true;
'ssl/certfile': value => $ssl_certfile; 'ssl/certfile': value => $ssl_certfile;
'ssl/keyfile': value => $ssl_keyfile; 'ssl/keyfile': value => $ssl_keyfile;
'ssl/ca_certs': value => $ssl_ca_certs; 'ssl/ca_certs': value => $ssl_ca_certs;
'ssl/ca_key': value => $ssl_ca_key; 'ssl/ca_key': value => $ssl_ca_key;
'ssl/cert_subject': value => $ssl_cert_subject; 'ssl/cert_subject': value => $ssl_cert_subject;
} }
} else { } else {
keystone_config { keystone_config {
'ssl/enable': value => false; 'ssl/enable': value => false;
'ssl/certfile': value => $::os_service_default;
'ssl/keyfile': value => $::os_service_default;
'ssl/ca_certs': value => $::os_service_default;
'ssl/ca_key': value => $::os_service_default;
'ssl/cert_subject': value => $::os_service_default;
} }
} }

10
spec/classes/keystone_init_spec.rb
View File

@@ -41,6 +41,11 @@ describe 'keystone' do
is_expected.to contain_keystone_config('revoke/driver').with_value('<SERVICE DEFAULT>') is_expected.to contain_keystone_config('revoke/driver').with_value('<SERVICE DEFAULT>')
is_expected.to contain_keystone_config('policy/driver').with_value('<SERVICE DEFAULT>') is_expected.to contain_keystone_config('policy/driver').with_value('<SERVICE DEFAULT>')
is_expected.to contain_keystone_config('ssl/enable').with_value(false) is_expected.to contain_keystone_config('ssl/enable').with_value(false)
is_expected.to contain_keystone_config('ssl/certfile').with_value('<SERVICE DEFAULT>')
is_expected.to contain_keystone_config('ssl/keyfile').with_value('<SERVICE DEFAULT>')
is_expected.to contain_keystone_config('ssl/ca_certs').with_value('<SERVICE DEFAULT>')
is_expected.to contain_keystone_config('ssl/ca_key').with_value('<SERVICE DEFAULT>')
is_expected.to contain_keystone_config('ssl/cert_subject').with_value('<SERVICE DEFAULT>')
is_expected.to contain_keystone_config('token/revoke_by_id').with_value(true) is_expected.to contain_keystone_config('token/revoke_by_id').with_value(true)
is_expected.to contain_oslo__middleware('keystone_config').with( is_expected.to contain_oslo__middleware('keystone_config').with(
@@ -132,6 +137,11 @@ describe 'keystone' do
is_expected.to contain_keystone_config('revoke/driver').with_value('sql') is_expected.to contain_keystone_config('revoke/driver').with_value('sql')
is_expected.to contain_keystone_config('policy/driver').with_value('sql') is_expected.to contain_keystone_config('policy/driver').with_value('sql')
is_expected.to contain_keystone_config('ssl/enable').with_value(false) is_expected.to contain_keystone_config('ssl/enable').with_value(false)
is_expected.to contain_keystone_config('ssl/certfile').with_value('<SERVICE DEFAULT>')
is_expected.to contain_keystone_config('ssl/keyfile').with_value('<SERVICE DEFAULT>')
is_expected.to contain_keystone_config('ssl/ca_certs').with_value('<SERVICE DEFAULT>')
is_expected.to contain_keystone_config('ssl/ca_key').with_value('<SERVICE DEFAULT>')
is_expected.to contain_keystone_config('ssl/cert_subject').with_value('<SERVICE DEFAULT>')
is_expected.to contain_keystone_config('token/revoke_by_id').with_value(true) is_expected.to contain_keystone_config('token/revoke_by_id').with_value(true)
is_expected.to contain_oslo__middleware('keystone_config').with( is_expected.to contain_oslo__middleware('keystone_config').with(