Clear [ssl] parameters when ssl is disabled

... instead of leaving these parameters unmanaged. Change-Id: I3154bef04c4ad91c2a17b0e945a48d3469b91125
2021-11-16 09:54:00 +09:00
parent 8c671983c7
commit 46b04c3a1a
2 changed files with 22 additions and 7 deletions
--- a/manifests/init.pp
+++ b/manifests/init.pp
@@ -597,6 +597,11 @@ removed in a future realse. Use keystone::db::database_max_overflow instead')
  } else {
    keystone_config {
      'ssl/enable':       value  => false;
+      'ssl/certfile':     value  => $::os_service_default;
+      'ssl/keyfile':      value  => $::os_service_default;
+      'ssl/ca_certs':     value  => $::os_service_default;
+      'ssl/ca_key':       value  => $::os_service_default;
+      'ssl/cert_subject': value  => $::os_service_default;
    }
  }

--- a/spec/classes/keystone_init_spec.rb
+++ b/spec/classes/keystone_init_spec.rb
@@ -41,6 +41,11 @@ describe 'keystone' do
        is_expected.to contain_keystone_config('revoke/driver').with_value('<SERVICE DEFAULT>')
        is_expected.to contain_keystone_config('policy/driver').with_value('<SERVICE DEFAULT>')
        is_expected.to contain_keystone_config('ssl/enable').with_value(false)
+        is_expected.to contain_keystone_config('ssl/certfile').with_value('<SERVICE DEFAULT>')
+        is_expected.to contain_keystone_config('ssl/keyfile').with_value('<SERVICE DEFAULT>')
+        is_expected.to contain_keystone_config('ssl/ca_certs').with_value('<SERVICE DEFAULT>')
+        is_expected.to contain_keystone_config('ssl/ca_key').with_value('<SERVICE DEFAULT>')
+        is_expected.to contain_keystone_config('ssl/cert_subject').with_value('<SERVICE DEFAULT>')
        is_expected.to contain_keystone_config('token/revoke_by_id').with_value(true)

        is_expected.to contain_oslo__middleware('keystone_config').with(
@@ -132,6 +137,11 @@ describe 'keystone' do
        is_expected.to contain_keystone_config('revoke/driver').with_value('sql')
        is_expected.to contain_keystone_config('policy/driver').with_value('sql')
        is_expected.to contain_keystone_config('ssl/enable').with_value(false)
+        is_expected.to contain_keystone_config('ssl/certfile').with_value('<SERVICE DEFAULT>')
+        is_expected.to contain_keystone_config('ssl/keyfile').with_value('<SERVICE DEFAULT>')
+        is_expected.to contain_keystone_config('ssl/ca_certs').with_value('<SERVICE DEFAULT>')
+        is_expected.to contain_keystone_config('ssl/ca_key').with_value('<SERVICE DEFAULT>')
+        is_expected.to contain_keystone_config('ssl/cert_subject').with_value('<SERVICE DEFAULT>')
        is_expected.to contain_keystone_config('token/revoke_by_id').with_value(true)

        is_expected.to contain_oslo__middleware('keystone_config').with(