Browse Source

Merge "Add TLS options to oslo.cache" into stable/ussuri

stable/ussuri
Zuul 1 month ago
committed by Gerrit Code Review
parent
commit
9253486976
3 changed files with 62 additions and 0 deletions
  1. +43
    -0
      manifests/cache.pp
  2. +4
    -0
      releasenotes/notes/add_tls_options-8ed38a82af2f378f.yaml
  3. +15
    -0
      spec/classes/keystone_cache_spec.rb

+ 43
- 0
manifests/cache.pp View File

@ -89,6 +89,39 @@
# cache_backend, cache_enabled and cache_memcache_servers is set.
# Default to $::os_service_default
#
# [*tls_enabled*]
# (Optional) Global toggle for TLS usage when comunicating with
# the caching servers.
# Default to $::os_service_default
#
# [*tls_cafile*]
# (Optional) Path to a file of concatenated CA certificates in PEM
# format necessary to establish the caching server's authenticity.
# If tls_enabled is False, this option is ignored.
# Default to $::os_service_default
#
# [*tls_certfile*]
# (Optional) Path to a single file in PEM format containing the
# client's certificate as well as any number of CA certificates
# needed to establish the certificate's authenticity. This file
# is only required when client side authentication is necessary.
# If tls_enabled is False, this option is ignored.
# Default to $::os_service_default
#
# [*tls_keyfile*]
# (Optional) Path to a single file containing the client's private
# key in. Otherwhise the private key will be taken from the file
# specified in tls_certfile. If tls_enabled is False, this option
# is ignored.
# Default to $::os_service_default
#
# [*tls_allowed_ciphers*]
# (Optional) Set the available ciphers for sockets created with
# the TLS context. It should be a string in the OpenSSL cipher
# list format. If not specified, all OpenSSL enabled ciphers will
# be available.
# Default to $::os_service_default
#
class keystone::cache(
$config_prefix = $::os_service_default,
$expiration_time = $::os_service_default,
@ -105,6 +138,11 @@ class keystone::cache(
$memcache_pool_connection_get_timeout = $::os_service_default,
$manage_backend_package = true,
$token_caching = $::os_service_default,
$tls_enabled = $::os_service_default,
$tls_cafile = $::os_service_default,
$tls_certfile = $::os_service_default,
$tls_keyfile = $::os_service_default,
$tls_allowed_ciphers = $::os_service_default,
){
include keystone::deps
@ -160,6 +198,11 @@ class keystone::cache(
memcache_pool_unused_timeout => $memcache_pool_unused_timeout_real,
memcache_pool_connection_get_timeout => $memcache_pool_connection_get_timeout_real,
manage_backend_package => $manage_backend_package_real,
tls_enabled => $tls_enabled,
tls_cafile => $tls_cafile,
tls_certfile => $tls_certfile,
tls_keyfile => $tls_keyfile,
tls_allowed_ciphers => $tls_allowed_ciphers,
}
}

+ 4
- 0
releasenotes/notes/add_tls_options-8ed38a82af2f378f.yaml View File

@ -0,0 +1,4 @@
---
features:
- |
Add TLS options to oslo.cache

+ 15
- 0
spec/classes/keystone_cache_spec.rb View File

@ -27,6 +27,11 @@ describe 'keystone::cache' do
is_expected.to contain_keystone_config('cache/memcache_socket_timeout').with_value('<SERVICE DEFAULT>')
is_expected.to contain_keystone_config('cache/memcache_pool_unused_timeout').with_value('<SERVICE DEFAULT>')
is_expected.to contain_keystone_config('cache/memcache_servers').with_value('<SERVICE DEFAULT>')
is_expected.to contain_keystone_config('cache/tls_enabled').with_value('<SERVICE DEFAULT>')
is_expected.to contain_keystone_config('cache/tls_cafile').with_value('<SERVICE DEFAULT>')
is_expected.to contain_keystone_config('cache/tls_certfile').with_value('<SERVICE DEFAULT>')
is_expected.to contain_keystone_config('cache/tls_keyfile').with_value('<SERVICE DEFAULT>')
is_expected.to contain_keystone_config('cache/tls_allowed_ciphers').with_value('<SERVICE DEFAULT>')
is_expected.to contain_oslo__cache('keystone_config').with_manage_backend_package(true)
end
@ -50,6 +55,11 @@ describe 'keystone::cache' do
:memcache_pool_connection_get_timeout => '360',
:manage_backend_package => false,
:token_caching => 'true',
:tls_enabled => 'false',
:tls_cafile => nil,
:tls_certfile => nil,
:tls_keyfile => nil,
:tls_allowed_ciphers => nil,
}
end
@ -72,6 +82,11 @@ describe 'keystone::cache' do
is_expected.to contain_keystone_config('cache/memcache_socket_timeout').with_value('300.0')
is_expected.to contain_keystone_config('cache/memcache_pool_maxsize').with_value('10')
is_expected.to contain_keystone_config('cache/memcache_pool_unused_timeout').with_value('120')
is_expected.to contain_keystone_config('cache/tls_enabled').with_value('false')
is_expected.to contain_keystone_config('cache/tls_cafile').with_value('nil')
is_expected.to contain_keystone_config('cache/tls_certfile').with_value('nil')
is_expected.to contain_keystone_config('cache/tls_keyfile').with_value('nil')
is_expected.to contain_keystone_config('cache/tls_allowed_ciphers').with_value('nil')
is_expected.to contain_oslo__cache('keystone_config').with_manage_backend_package(false)
end


Loading…
Cancel
Save