Accept list value for ciphers

The [ssl] ciphers option accepts cipher list. Accept a list value and format it in openssl cipher list format (one or more string separated by colons). Change-Id: Ic3f87023af0577412d29d2047b6ae140053f2c8a
2024-10-07 23:52:58 +09:00 · 2024-10-07 23:52:58 +09:00 · 6da102955d
commit 6da102955d
parent ebdef74a82
2 changed files with 12 additions and 1 deletions
--- a/manifests/service/ssl.pp
+++ b/manifests/service/ssl.pp
@ -47,7 +47,7 @@ define oslo::service::ssl (
  $service_options = {
    'ssl/ca_file'   => { value => $ca_file },
    'ssl/cert_file' => { value => $cert_file },
-    'ssl/ciphers'   => { value => $ciphers },
+    'ssl/ciphers'   => { value => join(any2array($ciphers), ':') },
    'ssl/key_file'  => { value => $key_file },
    'ssl/version'   => { value => $version },
  }
--- a/spec/defines/oslo_service_ssl_spec.rb
+++ b/spec/defines/oslo_service_ssl_spec.rb
@ -59,6 +59,17 @@ describe 'oslo::service::ssl' do
        should raise_error(Puppet::Error)
      end
    end
+
+    context 'with list values' do
+      let :params do
+        {
+          :ciphers => ['HIGH', '!RC4', '!MD5', '!aNULL', '!eNULL', '!EXP', '!LOW', '!MEDIUM'],
+        }
+      end
+      it 'configures ssl parameters' do
+        is_expected.to contain_keystone_config('ssl/ciphers').with_value('HIGH:!RC4:!MD5:!aNULL:!eNULL:!EXP:!LOW:!MEDIUM')
+      end
+    end
  end

  on_supported_os({