diff --git a/manifests/init.pp b/manifests/init.pp index c9707eb..b113e06 100644 --- a/manifests/init.pp +++ b/manifests/init.pp @@ -34,7 +34,7 @@ # # [*listener_auth_peer*] # (optional) -# Defaults to 'no' +# Defaults to false # # [*listener_idle_timeout*] # (optional) @@ -51,11 +51,11 @@ # # [*listener_require_encrypt*] # (optional) Require the connection to the peer to be encrypted -# Defaults to 'no' +# Defaults to false # # [*listener_require_ssl*] # (optional) Require the use of SSL or TLS on the connection -# Defaults to 'no' +# Defaults to false # # [*listener_sasl_mech*] # (optional) List of accepted SASL auth mechanisms @@ -157,12 +157,12 @@ class qdr( $enable_service = true, $extra_listeners = [], $listener_addr = '127.0.0.1', - $listener_auth_peer = 'no', + $listener_auth_peer = false, $listener_idle_timeout = '16', $listener_max_frame_size = '16384', $listener_port = '5672', - $listener_require_encrypt = 'no', - $listener_require_ssl = 'no', + $listener_require_encrypt = false, + $listener_require_ssl = false, $listener_sasl_mech = 'ANONYMOUS', $listener_ssl_cert_db = undef, $listener_ssl_cert_file = undef, @@ -196,9 +196,12 @@ class qdr( validate_legacy(String, 'validate_string', $router_id) validate_legacy(String, 'validate_string', $listener_addr) validate_legacy(Integer, 'validate_re', $listener_port, ['\d+']) - validate_legacy(Enum['yes', 'no'], 'validate_re', $listener_auth_peer, ['^(yes$|no$)']) validate_legacy(String, 'validate_string', $listener_sasl_mech) + $listener_auth_peer_bool = qdr::fixTruthy($listener_auth_peer) + $listener_require_encrypt_bool = qdr::fixTruthy($listener_require_encrypt) + $listener_require_ssl_bool = qdr::fixTruthy($listener_require_ssl) + # TODO (ansmith) - manage repo via openstack-extras # if $::operatingsystem == 'Ubuntu' { # include apt @@ -217,3 +220,17 @@ class qdr( -> Class['::qdr::service'] } + +function qdr::fixTruthy($truthyvar) >> Boolean { + if $truthyvar.is_a(String) { + validate_legacy(Enum['yes', 'no'], 'validate_re', $truthyvar, ['^(yes$|no$)']) + if $truthyvar == 'yes' { + return true + } elsif $truthyvar == 'no' { + return false + } + } else { + validate_legacy(Boolean, 'validate_bool', $truthyvar) + return $truthyvar + } +} diff --git a/spec/classes/qdr_init_spec.rb b/spec/classes/qdr_init_spec.rb index c05f712..00bdfbd 100644 --- a/spec/classes/qdr_init_spec.rb +++ b/spec/classes/qdr_init_spec.rb @@ -75,7 +75,7 @@ describe 'qdr' do should contain_file('qdrouterd.conf').with_content(/workerThreads: 8/) should contain_file('qdrouterd.conf').with_content(/host: 127.0.0.1/) should contain_file('qdrouterd.conf').with_content(/port: 5672/) - should contain_file('qdrouterd.conf').with_content(/authenticatePeer: no/) + should contain_file('qdrouterd.conf').with_content(/authenticatePeer: false/) should contain_file('qdrouterd.conf').with_content(/saslMechanisms: ANONYMOUS/) should contain_file('qdrouterd.conf').without_content(/sslProfile {/) should contain_file('qdrouterd.conf').without_content(/connector {/) @@ -90,7 +90,7 @@ describe 'qdr' do :router_worker_threads => '4', :listener_addr => '10.1.1.1', :listener_port => '5671', - :listener_auth_peer => 'yes', + :listener_auth_peer => true, :listener_sasl_mech => 'ANONYMOUS DIGEST-MD5 EXTERNAL PLAIN', :connectors => [{'role' => 'inter-router'}], :extra_listeners => [{'mode' => 'interior'}], @@ -102,7 +102,7 @@ describe 'qdr' do should contain_file('qdrouterd.conf').with_content(/workerThreads: 4/) should contain_file('qdrouterd.conf').with_content(/host: 10.1.1.1/) should contain_file('qdrouterd.conf').with_content(/port: 5671/) - should contain_file('qdrouterd.conf').with_content(/authenticatePeer: yes/) + should contain_file('qdrouterd.conf').with_content(/authenticatePeer: true/) should contain_file('qdrouterd.conf').with_content(/saslMechanisms: ANONYMOUS DIGEST-MD5 EXTERNAL PLAIN/) should contain_file('qdrouterd.conf').with_content(/role: inter-router/) should contain_file('qdrouterd.conf').with_content(/mode: interior/) @@ -113,6 +113,25 @@ describe 'qdr' do context 'with qdr ssl enabled' do + let :params do + { + :listener_require_ssl => true, + :listener_ssl_cert_db => '/etc/ssl/certs/ca-bundle.crt', + :listener_ssl_cert_file => '/etc/pki/ca-trust/source/anchors/puppet_qdr.pem', + :listener_ssl_key_file => '/etc/qpid-dispatch/ssl/puppet_qdr.pem', + } + end + + it do + should contain_file('qdrouterd.conf').with_content(/sslProfile {/) + should contain_file('qdrouterd.conf').with_content(/certDb: \/etc\/ssl\/certs\/ca-bundle.crt/) + should contain_file('qdrouterd.conf').with_content(/certFile: \/etc\/pki\/ca-trust\/source\/anchors\/puppet_qdr.pem/) + should contain_file('qdrouterd.conf').with_content(/keyFile: \/etc\/qpid-dispatch\/ssl\/puppet_qdr.pem/) + end + end + + context 'with qdr ssl enabled using backwards compatible truthy string' do + let :params do { :listener_require_ssl => 'yes', @@ -130,6 +149,21 @@ describe 'qdr' do end end + context 'with qdr ssl disabled using backwards compatible truthy string' do + + let :params do + { + :listener_require_ssl => 'no', + :listener_ssl_cert_file => 'SHOULDNOTSHOWUP', + } + end + + it do + + should contain_file('qdrouterd.conf').without_content(/SHOULDNOTSHOWUP/) + end + end + end on_supported_os({ diff --git a/templates/qdrouterd.conf.erb b/templates/qdrouterd.conf.erb index eea5473..932e13f 100644 --- a/templates/qdrouterd.conf.erb +++ b/templates/qdrouterd.conf.erb @@ -29,7 +29,7 @@ router { saslConfigName: <%= @router_sasl_name %> } -<%- if @listener_require_ssl == 'yes' -%> +<%- if @listener_require_ssl_bool -%> sslProfile { name: <%= @router_id %> certDb: <%= @listener_ssl_cert_db %> @@ -50,10 +50,10 @@ sslProfile { listener { host: <%= @listener_addr %> port: <%= @listener_port %> -<%- if @listener_require_ssl == 'yes' -%> +<%- if @listener_require_ssl_bool -%> sslProfile: <%= @router_id %> <%- end -%> - authenticatePeer: <%= @listener_auth_peer %> + authenticatePeer: <%= @listener_auth_peer_bool %> saslMechanisms: <%= @listener_sasl_mech %> }