openstack/puppet-nova
Code Issues Proposed changes

Merge "Make vencrypt_ca optional"

Browse Source
This commit is contained in:
Zuul 2025-04-28 15:28:53 +00:00 committed by Gerrit Code Review
commit 0f8f043ee6
2 changed files with 18 additions and 20 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

9
manifests/vncproxy.pp
View File

@ -58,8 +58,7 @@
# [*vencrypt_ca*]
# (optional) path to the certificate authority cert to use when connecting
# to VNC servers that supporting vencrypt
# Required when allow_vencrypt is true.
# Defaults to undef
# Defaults to $facts['os_service_default']
#
class nova::vncproxy(
Boolean $enabled = true,
@ -73,7 +72,7 @@ class nova::vncproxy(
Boolean $allow_vencrypt = false,
$vencrypt_key = undef,
$vencrypt_cert = undef,
$vencrypt_ca = undef,
$vencrypt_ca = $facts['os_service_default'],
) {
include nova::deps
@ -85,8 +84,8 @@ class nova::vncproxy(
if $allow_vencrypt {
if (!$vencrypt_ca or !$vencrypt_cert or !$vencrypt_key) {
fail('vencrypt_ca/cert/key params are required when allow_vencrypt is true')
if (!$vencrypt_cert or !$vencrypt_key) {
fail('vencrypt_cert and vencrypt_key are required when allow_vencrypt is true')
}
nova_config {
'vnc/vencrypt_ca_certs': value => $vencrypt_ca;

29
spec/classes/nova_vnc_proxy_spec.rb → spec/classes/nova_vncproxy_spec.rb
View File

@ -2,16 +2,12 @@ require 'spec_helper'
describe 'nova::vncproxy' do
shared_examples 'nova_vnc_proxy' do
shared_examples 'nova::vncproxy' do
let :pre_condition do
'include nova'
end
let :params do
{ :enabled => true }
end
context 'with default parameters' do
it { is_expected.to contain_nova_config('vnc/novncproxy_host').with_value('0.0.0.0') }
it { is_expected.to contain_nova_config('vnc/novncproxy_port').with_value(6080) }
@ -72,7 +68,7 @@ describe 'nova::vncproxy' do
let :params do
{
:allow_vencrypt => true,
:allow_noauth => false,
:allow_noauth => false,
:vencrypt_key => '/foo.key',
:vencrypt_cert => '/bar.pem',
:vencrypt_ca => '/baz.pem'
@ -98,41 +94,44 @@ describe 'nova::vncproxy' do
let :params do
{
:allow_vencrypt => true,
:allow_noauth => false,
:allow_noauth => false,
:vencrypt_key => '/foo.key',
:vencrypt_cert => '/bar.pem',
}
end
it_raises 'a Puppet::Error', /vencrypt_ca\/cert\/key params are required when allow_vencrypt is true/
it { is_expected.to contain_nova_config('vnc/auth_schemes').with_value('vencrypt') }
it { is_expected.to contain_nova_config('vnc/vencrypt_client_key').with_value('/foo.key')}
it { is_expected.to contain_nova_config('vnc/vencrypt_client_cert').with_value('/bar.pem')}
it { is_expected.to contain_nova_config('vnc/vencrypt_ca_certs').with_value('<SERVICE DEFAULT>')}
end
context 'with vencrypt missing key' do
let :params do
{
:allow_vencrypt => true,
:allow_noauth => false,
:allow_noauth => false,
:vencrypt_cert => '/bar.pem',
:vencrypt_ca => '/baz.pem'
}
end
it_raises 'a Puppet::Error', /vencrypt_ca\/cert\/key params are required when allow_vencrypt is true/
it_raises 'a Puppet::Error', /vencrypt_cert and vencrypt_key are required when allow_vencrypt is true/
end
context 'with vencrypt missing cert' do
let :params do
{
:allow_vencrypt => true,
:allow_noauth => false,
:allow_noauth => false,
:vencrypt_key => '/foo.key',
:vencrypt_ca => '/baz.pem'
}
end
it_raises 'a Puppet::Error', /vencrypt_ca\/cert\/key params are required when allow_vencrypt is true/
it_raises 'a Puppet::Error', /vencrypt_cert and vencrypt_key are required when allow_vencrypt is true/
end
end
shared_examples 'nova_vnc_proxy debian package' do
shared_examples 'nova::vncproxy debian package' do
let :pre_condition do
'include nova'
end
@ -171,10 +170,10 @@ describe 'nova::vncproxy' do
end
end
it_behaves_like 'nova_vnc_proxy'
it_behaves_like 'nova::vncproxy'
if facts[:os]['name'] == 'Debian'
it_behaves_like 'nova_vnc_proxy debian package'
it_behaves_like 'nova::vncproxy debian package'
end
end