Clear [ssl] parameters when ssl is disabled
... instead of leaving these parameters unmanaged. Change-Id: I3154bef04c4ad91c2a17b0e945a48d3469b91125
This commit is contained in:
Takashi Kajinami
@@ -587,16 +587,21 @@ removed in a future realse. Use keystone::db::database_max_overflow instead')
|
||||
# ssl config
|
||||
if ($enable_ssl) {
|
||||
keystone_config {
|
||||
'ssl/enable': value => true;
|
||||
'ssl/certfile': value => $ssl_certfile;
|
||||
'ssl/keyfile': value => $ssl_keyfile;
|
||||
'ssl/ca_certs': value => $ssl_ca_certs;
|
||||
'ssl/ca_key': value => $ssl_ca_key;
|
||||
'ssl/cert_subject': value => $ssl_cert_subject;
|
||||
'ssl/enable': value => true;
|
||||
'ssl/certfile': value => $ssl_certfile;
|
||||
'ssl/keyfile': value => $ssl_keyfile;
|
||||
'ssl/ca_certs': value => $ssl_ca_certs;
|
||||
'ssl/ca_key': value => $ssl_ca_key;
|
||||
'ssl/cert_subject': value => $ssl_cert_subject;
|
||||
}
|
||||
} else {
|
||||
keystone_config {
|
||||
'ssl/enable': value => false;
|
||||
'ssl/enable': value => false;
|
||||
'ssl/certfile': value => $::os_service_default;
|
||||
'ssl/keyfile': value => $::os_service_default;
|
||||
'ssl/ca_certs': value => $::os_service_default;
|
||||
'ssl/ca_key': value => $::os_service_default;
|
||||
'ssl/cert_subject': value => $::os_service_default;
|
||||
}
|
||||
}
|
||||
|
||||
|
||||
@@ -41,6 +41,11 @@ describe 'keystone' do
|
||||
is_expected.to contain_keystone_config('revoke/driver').with_value('<SERVICE DEFAULT>')
|
||||
is_expected.to contain_keystone_config('policy/driver').with_value('<SERVICE DEFAULT>')
|
||||
is_expected.to contain_keystone_config('ssl/enable').with_value(false)
|
||||
is_expected.to contain_keystone_config('ssl/certfile').with_value('<SERVICE DEFAULT>')
|
||||
is_expected.to contain_keystone_config('ssl/keyfile').with_value('<SERVICE DEFAULT>')
|
||||
is_expected.to contain_keystone_config('ssl/ca_certs').with_value('<SERVICE DEFAULT>')
|
||||
is_expected.to contain_keystone_config('ssl/ca_key').with_value('<SERVICE DEFAULT>')
|
||||
is_expected.to contain_keystone_config('ssl/cert_subject').with_value('<SERVICE DEFAULT>')
|
||||
is_expected.to contain_keystone_config('token/revoke_by_id').with_value(true)
|
||||
|
||||
is_expected.to contain_oslo__middleware('keystone_config').with(
|
||||
@@ -132,6 +137,11 @@ describe 'keystone' do
|
||||
is_expected.to contain_keystone_config('revoke/driver').with_value('sql')
|
||||
is_expected.to contain_keystone_config('policy/driver').with_value('sql')
|
||||
is_expected.to contain_keystone_config('ssl/enable').with_value(false)
|
||||
is_expected.to contain_keystone_config('ssl/certfile').with_value('<SERVICE DEFAULT>')
|
||||
is_expected.to contain_keystone_config('ssl/keyfile').with_value('<SERVICE DEFAULT>')
|
||||
is_expected.to contain_keystone_config('ssl/ca_certs').with_value('<SERVICE DEFAULT>')
|
||||
is_expected.to contain_keystone_config('ssl/ca_key').with_value('<SERVICE DEFAULT>')
|
||||
is_expected.to contain_keystone_config('ssl/cert_subject').with_value('<SERVICE DEFAULT>')
|
||||
is_expected.to contain_keystone_config('token/revoke_by_id').with_value(true)
|
||||
|
||||
is_expected.to contain_oslo__middleware('keystone_config').with(
|
||||
|
||||
Reference in New Issue
Block a user