openstack/puppet-octavia
Code Issues Proposed changes

Set show_diff to false on certificates

Browse Source 
Certificate should be considered secrets
and we should not output the diffs.

Also fixes up the testing to test all the
parameters set on the file resources.

Closes-Bug: 1804884
Change-Id: I0db84f4b9d97bf22d06478ded126a1f209c9b69a
This commit is contained in:
Tobias Urdin 2018-11-23 21:18:38 +01:00
parent 0ea4e10dd3
commit 45ecee290b
3 changed files with 104 additions and 80 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
manifests/certificates.pp
View File

@ -123,6 +123,7 @@ class octavia::certificates (
owner => $file_permission_group,
mode => '0755',
replace => true,
show_diff => false,
tag => 'octavia-certificate',
}
}
@ -144,6 +145,7 @@ class octavia::certificates (
owner => $file_permission_group,
mode => '0755',
replace => true,
show_diff => false,
tag => 'octavia-certificate',
}
}
@ -162,6 +164,7 @@ class octavia::certificates (
owner => $file_permission_group,
mode => '0755',
replace => true,
show_diff => false,
tag => 'octavia-certificate',
}
}
@ -183,6 +186,7 @@ class octavia::certificates (
owner => $file_permission_group,
mode => '0755',
replace => true,
show_diff => false,
tag => 'octavia-certificate',
}
}

8
releasenotes/notes/certificate-no-diff-4e4d156963752b6d.yaml Normal file
View File

@ -0,0 +1,8 @@
---
security:
- |
Certificate changes no longer shows diffs in output.
fixes:
- |
Fixed a bug where certificate changes would show the diffs.
Certificate are now considered secrets and not displayed.

54
spec/classes/octavia_certificates_spec.rb
View File

@ -78,35 +78,32 @@ describe 'octavia::certificates' do
it 'populates certificate files' do
is_expected.to contain_file('/etc/octavia/ca.pem').with({
'ensure' => 'file',
'owner' => 'octavia',
'group' => 'octavia',
'mode' => '0755',
'tag' => 'octavia-certificate',
})
is_expected.to contain_file('/etc/octavia/ca.pem').with({
'content' => 'on_my_authority_this_is_a_certificate',
'owner' => 'octavia',
'group' => 'octavia',
'mode' => '0755',
'replace' => true,
'show_diff' => false,
'tag' => 'octavia-certificate',
})
is_expected.to contain_file('/etc/octavia/key.pem').with({
'ensure' => 'file',
'owner' => 'octavia',
'group' => 'octavia',
'mode' => '0755',
'tag' => 'octavia-certificate',
})
is_expected.to contain_file('/etc/octavia/key.pem').with({
'content' => 'this_is_my_private_key_woot_woot',
'owner' => 'octavia',
'group' => 'octavia',
'mode' => '0755',
'replace' => true,
'show_diff' => false,
'tag' => 'octavia-certificate',
})
is_expected.to contain_file('/etc/octavia/client.pem').with({
'ensure' => 'file',
'content' => 'certainly_for_the_client',
'owner' => 'octavia',
'group' => 'octavia',
'mode' => '0755',
'tag' => 'octavia-certificate',
})
is_expected.to contain_file('/etc/octavia/client.pem').with({
'content' => 'certainly_for_the_client',
'replace' => true,
'show_diff' => false,
'tag' => 'octavia-certificate',
})
is_expected.to contain_file('/etc/octavia').with({
@ -146,25 +143,34 @@ describe 'octavia::certificates' do
it 'populates certificate files' do
is_expected.to contain_file('/etc/octavia/ca.pem').with({
'ensure' => 'file',
'content' => 'on_my_authority_this_is_a_certificate',
'owner' => 'octavia',
'group' => 'octavia',
'mode' => '0755',
'replace' => true,
'show_diff' => false,
'tag' => 'octavia-certificate',
})
is_expected.to contain_file('/etc/octavia/ca.pem').with_content('on_my_authority_this_is_a_certificate')
is_expected.to contain_file('/etc/octavia1/key.pem').with({
'ensure' => 'file',
'content' => 'this_is_my_private_key_woot_woot',
'owner' => 'octavia',
'group' => 'octavia',
'mode' => '0755',
'replace' => true,
'show_diff' => false,
'tag' => 'octavia-certificate',
})
is_expected.to contain_file('/etc/octavia1/key.pem').with_content('this_is_my_private_key_woot_woot')
is_expected.to contain_file('/etc/octavia2/client.pem').with({
'ensure' => 'file',
'content' => 'certainly_for_the_client',
'owner' => 'octavia',
'group' => 'octavia',
'mode' => '0755',
'replace' => true,
'show_diff' => false,
'tag' => 'octavia-certificate',
})
is_expected.to contain_file('/etc/octavia2/client.pem').with_content('certainly_for_the_client')
is_expected.to contain_file('/etc/octavia').with({
'ensure' => 'directory',
'owner' => 'octavia',
@ -256,18 +262,24 @@ describe 'octavia::certificates' do
it 'populates certificate files' do
is_expected.to contain_file('/etc/octavia/ca.pem').with({
'ensure' => 'file',
'content' => 'my_ca_certificate',
'owner' => 'octavia',
'group' => 'octavia',
'mode' => '0755',
'replace' => true,
'show_diff' => false,
'tag' => 'octavia-certificate',
})
is_expected.to contain_file('/etc/octavia/ca.pem').with_content('my_ca_certificate')
is_expected.to contain_file('/etc/octavia/client_ca.pem').with({
'ensure' => 'file',
'content' => 'my_client_ca',
'owner' => 'octavia',
'group' => 'octavia',
'mode' => '0755',
'replace' => true,
'show_diff' => false,
'tag' => 'octavia-certificate',
})
is_expected.to contain_file('/etc/octavia/client_ca.pem').with_content('my_client_ca')
is_expected.to contain_file('/etc/octavia').with({
'ensure' => 'directory',
'owner' => 'octavia',