Support more [certificats] parameters
Change-Id: Iabcc22e9fae5b510086370b53c3baa39b589712e
This commit is contained in:
Takashi Kajinami
@@ -49,6 +49,14 @@
|
||||
# (Optional) CA password used to sign certificates
|
||||
# Defaults to $::os_service_default
|
||||
#
|
||||
# [*signing_digest*]
|
||||
# (Optional) Certificate signing digest.
|
||||
# Defaults to $::os_service_default
|
||||
#
|
||||
# [*cert_validity_time*]
|
||||
# (Optional) The validity time for the Amphora Certificates (in seconds).
|
||||
# Defaults to $::os_service_default
|
||||
#
|
||||
# [*client_ca*]
|
||||
# (Optional) Path to the client CA certificate.
|
||||
# This option is not needed unless you want to separate the
|
||||
@@ -97,6 +105,8 @@ class octavia::certificates (
|
||||
$ca_private_key = $::os_service_default,
|
||||
$server_certs_key_passphrase = 'insecure-key-do-not-use-this-key',
|
||||
$ca_private_key_passphrase = $::os_service_default,
|
||||
$signing_digest = $::os_service_default,
|
||||
$cert_validity_time = $::os_service_default,
|
||||
$client_ca = undef,
|
||||
$client_cert = $::os_service_default,
|
||||
$ca_certificate_data = undef,
|
||||
@@ -123,6 +133,8 @@ class octavia::certificates (
|
||||
'certificates/ca_private_key' : value => $ca_private_key;
|
||||
'certificates/server_certs_key_passphrase' : value => $server_certs_key_passphrase;
|
||||
'certificates/ca_private_key_passphrase' : value => $ca_private_key_passphrase;
|
||||
'certificates/signing_digest' : value => $signing_digest;
|
||||
'certificates/cert_validity_time' : value => $cert_validity_time;
|
||||
'controller_worker/client_ca' : value => $client_ca_real;
|
||||
'haproxy_amphora/client_cert' : value => $client_cert;
|
||||
'haproxy_amphora/server_ca' : value => $ca_certificate;
|
||||
|
||||
@@ -0,0 +1,8 @@
|
||||
---
|
||||
features:
|
||||
- |
|
||||
The ``octavia::certificates`` class now supports the following two new
|
||||
parameters.
|
||||
|
||||
- ``signing_digest``
|
||||
- ``cert_validity_time``
|
||||
@@ -15,6 +15,8 @@ describe 'octavia::certificates' do
|
||||
is_expected.to contain_octavia_config('certificates/ca_certificate').with_value('<SERVICE DEFAULT>')
|
||||
is_expected.to contain_octavia_config('certificates/ca_private_key').with_value('<SERVICE DEFAULT>')
|
||||
is_expected.to contain_octavia_config('certificates/ca_private_key_passphrase').with_value('<SERVICE DEFAULT>')
|
||||
is_expected.to contain_octavia_config('certificates/signing_digest').with_value('<SERVICE DEFAULT>')
|
||||
is_expected.to contain_octavia_config('certificates/cert_validity_time').with_value('<SERVICE DEFAULT>')
|
||||
end
|
||||
|
||||
it 'configures octavia authentication credentials' do
|
||||
@@ -37,6 +39,8 @@ describe 'octavia::certificates' do
|
||||
:ca_private_key => '/etc/octavia/key.pem',
|
||||
:server_certs_key_passphrase => 'insecure-key-do-not-use-this-key',
|
||||
:ca_private_key_passphrase => 'secure123',
|
||||
:signing_digest => 'sha256',
|
||||
:cert_validity_time => 2592000,
|
||||
:client_cert => '/etc/octavia/client.pem'
|
||||
}
|
||||
end
|
||||
@@ -53,6 +57,8 @@ describe 'octavia::certificates' do
|
||||
is_expected.to contain_octavia_config('certificates/ca_private_key').with_value('/etc/octavia/key.pem')
|
||||
is_expected.to contain_octavia_config('certificates/server_certs_key_passphrase').with_value('insecure-key-do-not-use-this-key')
|
||||
is_expected.to contain_octavia_config('certificates/ca_private_key_passphrase').with_value('secure123')
|
||||
is_expected.to contain_octavia_config('certificates/signing_digest').with_value('sha256')
|
||||
is_expected.to contain_octavia_config('certificates/cert_validity_time').with_value(2592000)
|
||||
end
|
||||
|
||||
it 'configures octavia authentication credentials' do
|
||||
|
||||
Reference in New Issue
Block a user