Makes kombu_ssl_* parameters optional when rabbit_use_ssl => true

The kombu_ssl_* parameters should not be required when rabbit_use_ssl => true
Rather, rabbit_use_ssl must be set to true if the kombu_ssl_* parameters are
used.

Change-Id: I7664dda2c66ffb34ceb56ada722574ae0e490f8f
Closes-Bug: 1356083

diff --git a/manifests/init.pp b/manifests/init.pp
index bc5a35b03391ef695525f776c2aa1408ac6a5f23..66aada3df88aaf4ee850bba5df6ebd98cd1bf094 100644 (file)
--- a/manifests/init.pp
+++ b/manifests/init.pp
@@ -111,16 +111,17 @@ class ceilometer(
 
   include ceilometer::params
 
-  if $rabbit_use_ssl {
-    if !$kombu_ssl_ca_certs {
-      fail('The kombu_ssl_ca_certs parameter is required when rabbit_use_ssl is set to true')
-    }
-    if !$kombu_ssl_certfile {
-      fail('The kombu_ssl_certfile parameter is required when rabbit_use_ssl is set to true')
-    }
-    if !$kombu_ssl_keyfile {
-      fail('The kombu_ssl_keyfile parameter is required when rabbit_use_ssl is set to true')
-    }
+  if $kombu_ssl_ca_certs and !$rabbit_use_ssl {
+    fail('The kombu_ssl_ca_certs parameter requires rabbit_use_ssl to be set to true')
+  }
+  if $kombu_ssl_certfile and !$rabbit_use_ssl {
+    fail('The kombu_ssl_certfile parameter requires rabbit_use_ssl to be set to true')
+  }
+  if $kombu_ssl_keyfile and !$rabbit_use_ssl {
+    fail('The kombu_ssl_keyfile parameter requires rabbit_use_ssl to be set to true')
+  }
+  if ($kombu_ssl_certfile and !$kombu_ssl_keyfile) or ($kombu_ssl_keyfile and !$kombu_ssl_certfile) {
+    fail('The kombu_ssl_certfile and kombu_ssl_keyfile parameters must be used together')
   }
 
   File {
@@ -189,12 +190,31 @@ class ceilometer(
       }
 
       if $rabbit_use_ssl {
+
+      if $kombu_ssl_ca_certs {
+        ceilometer_config { 'DEFAULT/kombu_ssl_ca_certs': value => $kombu_ssl_ca_certs; }
+      } else {
+        ceilometer_config { 'DEFAULT/kombu_ssl_ca_certs': ensure => absent; }
+      }
+
+      if $kombu_ssl_certfile or $kombu_ssl_keyfile {
         ceilometer_config {
-          'DEFAULT/kombu_ssl_ca_certs': value => $kombu_ssl_ca_certs;
           'DEFAULT/kombu_ssl_certfile': value => $kombu_ssl_certfile;
           'DEFAULT/kombu_ssl_keyfile':  value => $kombu_ssl_keyfile;
-          'DEFAULT/kombu_ssl_version':  value => $kombu_ssl_version;
         }
+      } else {
+        ceilometer_config {
+          'DEFAULT/kombu_ssl_certfile': ensure => absent;
+          'DEFAULT/kombu_ssl_keyfile':  ensure => absent;
+        }
+      }
+
+      if $kombu_ssl_version {
+        ceilometer_config { 'DEFAULT/kombu_ssl_version':  value => $kombu_ssl_version; }
+      } else {
+        ceilometer_config { 'DEFAULT/kombu_ssl_version':  ensure => absent; }
+      }
+
       } else {
         ceilometer_config {
           'DEFAULT/kombu_ssl_ca_certs': ensure => absent;

diff --git a/spec/classes/ceilometer_init_spec.rb b/spec/classes/ceilometer_init_spec.rb
index f204cb7b1d12e63125aa6b83107c7bef497e045a..a4b69188a2803a67729e83302df94630015cfe02 100644 (file)
--- a/spec/classes/ceilometer_init_spec.rb
+++ b/spec/classes/ceilometer_init_spec.rb
@@ -227,7 +227,7 @@ describe 'ceilometer' do
       it { should contain_ceilometer_config('DEFAULT/kombu_ssl_version').with_ensure('absent') }
     end
 
-    context "with SSL enabled" do
+    context "with SSL enabled with kombu" do
       before { params.merge!(
         :rabbit_use_ssl     => 'true',
         :kombu_ssl_ca_certs => '/path/to/ca.crt',
@@ -243,15 +243,33 @@ describe 'ceilometer' do
       it { should contain_ceilometer_config('DEFAULT/kombu_ssl_version').with_value('TLSv1') }
     end
 
-    context "with SSL wrongly configured" do
+    context "with SSL enabled without kombu" do
       before { params.merge!(
-        :rabbit_use_ssl     => 'false',
-        :kombu_ssl_certfile => '/path/to/cert.crt',
-        :kombu_ssl_keyfile  => '/path/to/cert.key',
-        :kombu_ssl_version  => 'TLSv1'
+        :rabbit_use_ssl     => 'true'
       ) }
 
-      it_raises 'a Puppet::Error', /The kombu_ssl_ca_certs parameter is required when rabbit_use_ssl is set to true/
+      it { should contain_ceilometer_config('DEFAULT/rabbit_use_ssl').with_value('true') }
+      it { should contain_ceilometer_config('DEFAULT/kombu_ssl_ca_certs').with_ensure('absent') }
+      it { should contain_ceilometer_config('DEFAULT/kombu_ssl_certfile').with_ensure('absent') }
+      it { should contain_ceilometer_config('DEFAULT/kombu_ssl_keyfile').with_ensure('absent') }
+      it { should contain_ceilometer_config('DEFAULT/kombu_ssl_version').with_value('SSLv3') }
+    end
+
+    context "with SSL wrongly configured" do
+      context 'with kombu_ssl_ca_certs parameter' do
+        before { params.merge!(:kombu_ssl_ca_certs => '/path/to/ca.crt') }
+        it_raises 'a Puppet::Error', /The kombu_ssl_ca_certs parameter requires rabbit_use_ssl to be set to true/
+      end
+
+      context 'with kombu_ssl_certfile parameter' do
+        before { params.merge!(:kombu_ssl_certfile => '/path/to/ssl/cert/file') }
+        it_raises 'a Puppet::Error', /The kombu_ssl_certfile parameter requires rabbit_use_ssl to be set to true/
+      end
+
+      context 'with kombu_ssl_keyfile parameter' do
+        before { params.merge!(:kombu_ssl_keyfile => '/path/to/ssl/keyfile') }
+        it_raises 'a Puppet::Error', /The kombu_ssl_keyfile parameter requires rabbit_use_ssl to be set to true/
+      end
     end
   end