Merge "Configure server_certs_key_passphrase for Octavia"
This commit is contained in:
commit
79b672a3f2
|
@ -28,6 +28,11 @@
|
|||
# (Optional) Path for private key used to sign certificates
|
||||
# Defaults to $::os_service_default
|
||||
#
|
||||
# [*server_certs_key_passphrase*]
|
||||
# (Optional) Passphrase for encrypting Amphora Certificates and Private Keys.
|
||||
# Defaults to $::os_service_default
|
||||
#
|
||||
#
|
||||
# [*ca_private_key_passphrase*]
|
||||
# (Optional) CA password used to sign certificates
|
||||
# Defaults to $::os_service_default
|
||||
|
@ -75,6 +80,7 @@ class octavia::certificates (
|
|||
$endpoint_type = $::os_service_default,
|
||||
$ca_certificate = $::os_service_default,
|
||||
$ca_private_key = $::os_service_default,
|
||||
$server_certs_key_passphrase = $::os_service_default,
|
||||
$ca_private_key_passphrase = $::os_service_default,
|
||||
$client_ca = undef,
|
||||
$client_cert = $::os_service_default,
|
||||
|
@ -97,6 +103,7 @@ class octavia::certificates (
|
|||
'certificates/endpoint_type' : value => $endpoint_type;
|
||||
'certificates/ca_certificate' : value => $ca_certificate;
|
||||
'certificates/ca_private_key' : value => $ca_private_key;
|
||||
'certificates/server_certs_key_passphrase' : value => $server_certs_key_passphrase;
|
||||
'certificates/ca_private_key_passphrase' : value => $ca_private_key_passphrase;
|
||||
'controller_worker/client_ca' : value => $client_ca_real;
|
||||
'haproxy_amphora/client_cert' : value => $client_cert;
|
||||
|
|
|
@ -0,0 +1,4 @@
|
|||
---
|
||||
features:
|
||||
- The passphrase for config option 'server_certs_key_passphrase', that was
|
||||
recently added to Octavia, will now be auto-generated.
|
|
@ -11,6 +11,7 @@ describe 'octavia::certificates' do
|
|||
is_expected.to contain_octavia_config('certificates/endpoint_type').with_value('<SERVICE DEFAULT>')
|
||||
is_expected.to contain_octavia_config('certificates/ca_certificate').with_value('<SERVICE DEFAULT>')
|
||||
is_expected.to contain_octavia_config('certificates/ca_private_key').with_value('<SERVICE DEFAULT>')
|
||||
is_expected.to contain_octavia_config('certificates/server_certs_key_passphrase').with_value('<SERVICE DEFAULT>')
|
||||
is_expected.to contain_octavia_config('certificates/ca_private_key_passphrase').with_value('<SERVICE DEFAULT>')
|
||||
end
|
||||
|
||||
|
@ -29,6 +30,7 @@ describe 'octavia::certificates' do
|
|||
:endpoint_type => 'internalURL',
|
||||
:ca_certificate => '/etc/octavia/ca.pem',
|
||||
:ca_private_key => '/etc/octavia/key.pem',
|
||||
:server_certs_key_passphrase => 'secure123',
|
||||
:ca_private_key_passphrase => 'secure123',
|
||||
:client_cert => '/etc/octavia/client.pem'
|
||||
}
|
||||
|
@ -41,6 +43,7 @@ describe 'octavia::certificates' do
|
|||
is_expected.to contain_octavia_config('certificates/endpoint_type').with_value('internalURL')
|
||||
is_expected.to contain_octavia_config('certificates/ca_certificate').with_value('/etc/octavia/ca.pem')
|
||||
is_expected.to contain_octavia_config('certificates/ca_private_key').with_value('/etc/octavia/key.pem')
|
||||
is_expected.to contain_octavia_config('certificates/server_certs_key_passphrase').with_value('secure123')
|
||||
is_expected.to contain_octavia_config('certificates/ca_private_key_passphrase').with_value('secure123')
|
||||
end
|
||||
|
||||
|
@ -55,6 +58,7 @@ describe 'octavia::certificates' do
|
|||
let :params do
|
||||
{ :ca_certificate => '/etc/octavia/ca.pem',
|
||||
:ca_private_key => '/etc/octavia/key.pem',
|
||||
:server_certs_key_passphrase => 'secure123',
|
||||
:ca_private_key_passphrase => 'secure123',
|
||||
:client_cert => '/etc/octavia/client.pem',
|
||||
:ca_certificate_data => 'on_my_authority_this_is_a_certificate',
|
||||
|
@ -66,6 +70,7 @@ describe 'octavia::certificates' do
|
|||
it 'configures octavia certificate manager' do
|
||||
is_expected.to contain_octavia_config('certificates/ca_certificate').with_value('/etc/octavia/ca.pem')
|
||||
is_expected.to contain_octavia_config('certificates/ca_private_key').with_value('/etc/octavia/key.pem')
|
||||
is_expected.to contain_octavia_config('certificates/server_certs_key_passphrase').with_value('secure123')
|
||||
is_expected.to contain_octavia_config('certificates/ca_private_key_passphrase').with_value('secure123')
|
||||
end
|
||||
|
||||
|
@ -120,6 +125,7 @@ describe 'octavia::certificates' do
|
|||
let :params do
|
||||
{ :ca_certificate => '/etc/octavia/ca.pem',
|
||||
:ca_private_key => '/etc/octavia1/key.pem',
|
||||
:server_certs_key_passphrase => 'secure123',
|
||||
:ca_private_key_passphrase => 'secure123',
|
||||
:client_cert => '/etc/octavia2/client.pem',
|
||||
:ca_certificate_data => 'on_my_authority_this_is_a_certificate',
|
||||
|
@ -131,6 +137,7 @@ describe 'octavia::certificates' do
|
|||
it 'configures octavia certificate manager' do
|
||||
is_expected.to contain_octavia_config('certificates/ca_certificate').with_value('/etc/octavia/ca.pem')
|
||||
is_expected.to contain_octavia_config('certificates/ca_private_key').with_value('/etc/octavia1/key.pem')
|
||||
is_expected.to contain_octavia_config('certificates/server_certs_key_passphrase').with_value('secure123')
|
||||
is_expected.to contain_octavia_config('certificates/ca_private_key_passphrase').with_value('secure123')
|
||||
end
|
||||
|
||||
|
|
Loading…
Reference in New Issue