openstack/puppet-magnum
Code Issues Proposed changes

Add SSL support for magnum::api

Browse Source 
Change-Id: I120a52cfd1e29b1a6899112f1b950cd0eb0d60f0
This commit is contained in:
David Moreau-Simard 2016-09-07 17:22:13 -04:00 committed by David Moreau Simard
parent 987e53f94d
commit 0a3695ebd0
3 changed files with 56 additions and 6 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

36
manifests/api.pp
View File

@ -33,6 +33,20 @@
# (optional) Type of authentication to be used.
# Defaults to 'keystone'
#
# [*enabled_ssl*]
# (Optional) Whether to use ssl or not.
# Defaults to 'false'.
#
# [*ssl_cert_file*]
# (Optional) Location of the SSL certificate file to use for SSL mode.
# Required when $enabled_ssl is set to 'true'.
# Defaults to $::os_service_default.
#
# [*ssl_key_file*]
# (Optional) Location of the SSL key file to use for enabling SSL mode.
# Required when $enabled_ssl is set to 'true'.
# Defaults to $::os_service_default.
#
class magnum::api(
$package_ensure = 'present',
$enabled = true,
@ -41,11 +55,23 @@ class magnum::api(
$max_limit = '1000',
$sync_db = true,
$auth_strategy = 'keystone',
$enabled_ssl = false,
$ssl_cert_file = $::os_service_default,
$ssl_key_file = $::os_service_default,
) {
include ::magnum::params
include ::magnum::policy
if $enabled_ssl {
if is_service_default($ssl_cert_file) {
fail('The ssl_cert_file parameter is required when enabled_ssl is true')
}
if is_service_default($ssl_key_file) {
fail('The ssl_key_file parameter is required when enabled_ssl is true')
}
}
if $sync_db {
include ::magnum::db::sync
}
@ -55,9 +81,12 @@ class magnum::api(
# Configure API conf
magnum_config {
'api/port' : value => $port;
'api/host' : value => $host;
'api/max_limit' : value => $max_limit;
'api/port' : value => $port;
'api/host' : value => $host;
'api/max_limit' : value => $max_limit;
'api/enabled_ssl': value => $enabled_ssl;
'api/ssl_cert_file': value => $ssl_cert_file;
'api/ssl_key_file': value => $ssl_key_file;
}
# Install package
@ -89,5 +118,4 @@ class magnum::api(
if $auth_strategy == 'keystone' {
include ::magnum::keystone::authtoken
}
}

3
releasenotes/notes/ssl-api-74d254dc2a0250ce.yaml Normal file
View File

@ -0,0 +1,3 @@
---
features:
- magnum::api now supports SSL parameters to secure the API endpoint

23
spec/classes/magnum_api_spec.rb
View File

@ -16,6 +16,9 @@ describe 'magnum::api' do
:host => '127.0.0.1',
:max_limit => '1000',
:sync_db => 'true',
:enabled_ssl => 'false',
:ssl_cert_file => '<SERVICE DEFAULT>',
:ssl_key_file => '<SERVICE DEFAULT>',
}
end
@ -40,19 +43,22 @@ describe 'magnum::api' do
)
is_expected.to contain_package('magnum-api').with_before(/Service\[magnum-api\]/)
end
end
end
it 'ensures magnum api service is running' do
is_expected.to contain_service('magnum-api').with(
'hasstatus' => true,
'tag' => ['magnum-service', 'magnum-db-sync-service']
)
end
end
it 'configures magnum.conf' do
is_expected.to contain_magnum_config('api/port').with_value(p[:port])
is_expected.to contain_magnum_config('api/host').with_value(p[:host])
is_expected.to contain_magnum_config('api/max_limit').with_value(p[:max_limit])
is_expected.to contain_magnum_config('api/enabled_ssl').with_value(p[:enabled_ssl])
is_expected.to contain_magnum_config('api/ssl_cert_file').with_value('<SERVICE DEFAULT>')
is_expected.to contain_magnum_config('api/ssl_key_file').with_value('<SERVICE DEFAULT>')
end
context 'when overriding parameters' do
@ -71,6 +77,19 @@ describe 'magnum::api' do
end
end
context 'with SSL enabled' do
let :params do
{
:enabled_ssl => true,
:ssl_cert_file => '/path/to/cert',
:ssl_key_file => '/path/to/key'
}
end
it { is_expected.to contain_magnum_config('api/enabled_ssl').with_value(p[:enabled_ssl]) }
it { is_expected.to contain_magnum_config('api/ssl_cert_file').with_value(p[:ssl_cert_file]) }
it { is_expected.to contain_magnum_config('api/ssl_key_file').with_value(p[:ssl_key_file]) }
end
end
on_supported_os({