diff --git a/manifests/api.pp b/manifests/api.pp index ec2702d..d62a2e8 100755 --- a/manifests/api.pp +++ b/manifests/api.pp @@ -33,6 +33,20 @@ # (optional) Type of authentication to be used. # Defaults to 'keystone' # +# [*enabled_ssl*] +# (Optional) Whether to use ssl or not. +# Defaults to 'false'. +# +# [*ssl_cert_file*] +# (Optional) Location of the SSL certificate file to use for SSL mode. +# Required when $enabled_ssl is set to 'true'. +# Defaults to $::os_service_default. +# +# [*ssl_key_file*] +# (Optional) Location of the SSL key file to use for enabling SSL mode. +# Required when $enabled_ssl is set to 'true'. +# Defaults to $::os_service_default. +# class magnum::api( $package_ensure = 'present', $enabled = true, @@ -41,11 +55,23 @@ class magnum::api( $max_limit = '1000', $sync_db = true, $auth_strategy = 'keystone', + $enabled_ssl = false, + $ssl_cert_file = $::os_service_default, + $ssl_key_file = $::os_service_default, ) { include ::magnum::params include ::magnum::policy + if $enabled_ssl { + if is_service_default($ssl_cert_file) { + fail('The ssl_cert_file parameter is required when enabled_ssl is true') + } + if is_service_default($ssl_key_file) { + fail('The ssl_key_file parameter is required when enabled_ssl is true') + } + } + if $sync_db { include ::magnum::db::sync } @@ -55,9 +81,12 @@ class magnum::api( # Configure API conf magnum_config { - 'api/port' : value => $port; - 'api/host' : value => $host; - 'api/max_limit' : value => $max_limit; + 'api/port' : value => $port; + 'api/host' : value => $host; + 'api/max_limit' : value => $max_limit; + 'api/enabled_ssl': value => $enabled_ssl; + 'api/ssl_cert_file': value => $ssl_cert_file; + 'api/ssl_key_file': value => $ssl_key_file; } # Install package @@ -89,5 +118,4 @@ class magnum::api( if $auth_strategy == 'keystone' { include ::magnum::keystone::authtoken } - } diff --git a/releasenotes/notes/ssl-api-74d254dc2a0250ce.yaml b/releasenotes/notes/ssl-api-74d254dc2a0250ce.yaml new file mode 100644 index 0000000..f743a97 --- /dev/null +++ b/releasenotes/notes/ssl-api-74d254dc2a0250ce.yaml @@ -0,0 +1,3 @@ +--- +features: + - magnum::api now supports SSL parameters to secure the API endpoint \ No newline at end of file diff --git a/spec/classes/magnum_api_spec.rb b/spec/classes/magnum_api_spec.rb index 66b5c3b..fe3aff4 100755 --- a/spec/classes/magnum_api_spec.rb +++ b/spec/classes/magnum_api_spec.rb @@ -16,6 +16,9 @@ describe 'magnum::api' do :host => '127.0.0.1', :max_limit => '1000', :sync_db => 'true', + :enabled_ssl => 'false', + :ssl_cert_file => '', + :ssl_key_file => '', } end @@ -40,19 +43,22 @@ describe 'magnum::api' do ) is_expected.to contain_package('magnum-api').with_before(/Service\[magnum-api\]/) end - end + end it 'ensures magnum api service is running' do is_expected.to contain_service('magnum-api').with( 'hasstatus' => true, 'tag' => ['magnum-service', 'magnum-db-sync-service'] ) - end + end it 'configures magnum.conf' do is_expected.to contain_magnum_config('api/port').with_value(p[:port]) is_expected.to contain_magnum_config('api/host').with_value(p[:host]) is_expected.to contain_magnum_config('api/max_limit').with_value(p[:max_limit]) + is_expected.to contain_magnum_config('api/enabled_ssl').with_value(p[:enabled_ssl]) + is_expected.to contain_magnum_config('api/ssl_cert_file').with_value('') + is_expected.to contain_magnum_config('api/ssl_key_file').with_value('') end context 'when overriding parameters' do @@ -71,6 +77,19 @@ describe 'magnum::api' do end end + context 'with SSL enabled' do + let :params do + { + :enabled_ssl => true, + :ssl_cert_file => '/path/to/cert', + :ssl_key_file => '/path/to/key' + } + end + + it { is_expected.to contain_magnum_config('api/enabled_ssl').with_value(p[:enabled_ssl]) } + it { is_expected.to contain_magnum_config('api/ssl_cert_file').with_value(p[:ssl_cert_file]) } + it { is_expected.to contain_magnum_config('api/ssl_key_file').with_value(p[:ssl_key_file]) } + end end on_supported_os({