newparam(:name, :namevar => true) do
desc 'Section/setting name to manage from ceilometer.conf'
- newvalues(/\S+\/\S+/)
+ validate do |value|
+ unless value =~ /\S+\/\S+/
+ fail("Invalid ceilometer_config #{value}, entries without sections are no longer supported, please add an explicit section (probably DEFAULT) to all ceilometer_config resources")
+ end
+ end
end
newproperty(:value) do
value.capitalize! if value =~ /^(true|false)$/i
value
end
+ newvalues(/^[\S ]*$/)
+
+ def is_to_s( currentvalue )
+ if resource.secret?
+ return '[old secret redacted]'
+ else
+ return currentvalue
+ end
+ end
+
+ def should_to_s( newvalue )
+ if resource.secret?
+ return '[new secret redacted]'
+ else
+ return newvalue
+ end
+ end
+ end
+
+ newparam(:secret, :boolean => true) do
+ desc 'Whether to hide the value from Puppet logs. Defaults to `false`.'
+
+ newvalues(:true, :false)
+
+ defaultto false
+ end
+
+ validate do
+ if self[:ensure] == :present
+ if self[:value].nil?
+ raise Puppet::Error, "Property value must be set for #{self[:name]} when ensure is present"
+ end
+ end
end
end
'service_credentials/os_auth_url' : value => $auth_url;
'service_credentials/os_region_name' : value => $auth_region;
'service_credentials/os_username' : value => $auth_user;
- 'service_credentials/os_password' : value => $auth_password;
+ 'service_credentials/os_password' : value => $auth_password, secret => true;
'service_credentials/os_tenant_name' : value => $auth_tenant_name;
}
'keystone_authtoken/auth_protocol' : value => $keystone_protocol;
'keystone_authtoken/admin_tenant_name' : value => $keystone_tenant;
'keystone_authtoken/admin_user' : value => $keystone_user;
- 'keystone_authtoken/admin_password' : value => $keystone_password;
+ 'keystone_authtoken/admin_password' : value => $keystone_password, secret => true;
'api/host' : value => $host;
'api/port' : value => $port;
}
}
ceilometer_config {
- 'database/connection': value => $database_connection;
+ 'database/connection': value => $database_connection, secret => true;
}
Ceilometer_config['database/connection'] ~> Exec['ceilometer-dbsync']
ceilometer_config {
'DEFAULT/rabbit_userid' : value => $rabbit_userid;
- 'DEFAULT/rabbit_password' : value => $rabbit_password;
+ 'DEFAULT/rabbit_password' : value => $rabbit_password, secret => true;
'DEFAULT/rabbit_virtual_host' : value => $rabbit_virtual_host;
'DEFAULT/rabbit_use_ssl' : value => $rabbit_use_ssl;
}
'DEFAULT/qpid_hostname' : value => $qpid_hostname;
'DEFAULT/qpid_port' : value => $qpid_port;
'DEFAULT/qpid_username' : value => $qpid_username;
- 'DEFAULT/qpid_password' : value => $qpid_password;
+ 'DEFAULT/qpid_password' : value => $qpid_password, secret => true;
'DEFAULT/qpid_heartbeat' : value => $qpid_heartbeat;
'DEFAULT/qpid_protocol' : value => $qpid_protocol;
'DEFAULT/qpid_tcp_nodelay' : value => $qpid_tcp_nodelay;
# Once we got here, we can act as an honey badger on the rpc used.
ceilometer_config {
'DEFAULT/rpc_backend' : value => $rpc_backend;
- 'publisher/metering_secret' : value => $metering_secret;
+ 'publisher/metering_secret' : value => $metering_secret, secret => true;
'DEFAULT/debug' : value => $debug;
'DEFAULT/verbose' : value => $verbose;
'DEFAULT/notification_topics' : value => join($notification_topics, ',');
should contain_ceilometer_config('service_credentials/os_region_name').with_value('RegionOne')
should contain_ceilometer_config('service_credentials/os_username').with_value('ceilometer')
should contain_ceilometer_config('service_credentials/os_password').with_value('password')
+ should contain_ceilometer_config('service_credentials/os_password').with_value(params[:auth_password]).with_secret(true)
should contain_ceilometer_config('service_credentials/os_tenant_name').with_value('services')
should contain_ceilometer_config('service_credentials/os_cacert').with(:ensure => 'absent')
end
should contain_ceilometer_config('keystone_authtoken/admin_tenant_name').with_value( params[:keystone_tenant] )
should contain_ceilometer_config('keystone_authtoken/admin_user').with_value( params[:keystone_user] )
should contain_ceilometer_config('keystone_authtoken/admin_password').with_value( params[:keystone_password] )
+ should contain_ceilometer_config('keystone_authtoken/admin_password').with_value( params[:keystone_password] ).with_secret(true)
should contain_ceilometer_config('keystone_authtoken/auth_admin_prefix').with_ensure('absent')
should contain_ceilometer_config('keystone_authtoken/auth_uri').with_value( params[:keystone_protocol] + "://" + params[:keystone_host] + ":5000/" )
should contain_ceilometer_config('api/host').with_value( params[:host] )
:ensure => 'present',
:name => 'python-pymongo')
should contain_ceilometer_config('database/connection').with_value('mongodb://localhost:1234/ceilometer')
+ should contain_ceilometer_config('database/connection').with_value( params[:database_connection] ).with_secret(true)
end
it 'runs ceilometer-dbsync' do
:ensure => 'present',
:name => 'python-pymongo')
should contain_ceilometer_config('database/connection').with_value('mongodb://localhost:1234/ceilometer')
+ should contain_ceilometer_config('database/connection').with_value( params[:database_connection] ).with_secret(true)
end
it 'runs ceilometer-dbsync' do
:ensure => 'present',
:name => 'python-sqlite2')
should contain_ceilometer_config('database/connection').with_value('sqlite:///var/lib/ceilometer.db')
+ should contain_ceilometer_config('database/connection').with_value( params[:database_connection] ).with_secret(true)
end
it 'runs ceilometer-dbsync' do
it 'configures required metering_secret' do
should contain_ceilometer_config('publisher/metering_secret').with_value('metering-s3cr3t')
+ should contain_ceilometer_config('publisher/metering_secret').with_value( params[:metering_secret] ).with_secret(true)
end
context 'without the required metering_secret' do
it 'configures rabbit' do
should contain_ceilometer_config('DEFAULT/rabbit_userid').with_value( params[:rabbit_userid] )
should contain_ceilometer_config('DEFAULT/rabbit_password').with_value( params[:rabbit_password] )
+ should contain_ceilometer_config('DEFAULT/rabbit_password').with_value( params[:rabbit_password] ).with_secret(true)
should contain_ceilometer_config('DEFAULT/rabbit_virtual_host').with_value( params[:rabbit_virtual_host] )
end
it { should contain_ceilometer_config('DEFAULT/rabbit_port').with_value( params[:rabbit_port] ) }
it { should contain_ceilometer_config('DEFAULT/rabbit_hosts').with_value( "#{params[:rabbit_host]}:#{params[:rabbit_port]}" ) }
it { should contain_ceilometer_config('DEFAULT/rabbit_ha_queues').with_value('false') }
+
end
shared_examples_for 'rabbit without HA support (without backward compatibility)' do
it 'configures rabbit' do
should contain_ceilometer_config('DEFAULT/rabbit_userid').with_value( params[:rabbit_userid] )
should contain_ceilometer_config('DEFAULT/rabbit_password').with_value( params[:rabbit_password] )
+ should contain_ceilometer_config('DEFAULT/rabbit_password').with_value( params[:rabbit_password] ).with_secret(true)
should contain_ceilometer_config('DEFAULT/rabbit_virtual_host').with_value( params[:rabbit_virtual_host] )
end
it { should contain_ceilometer_config('DEFAULT/rabbit_port').with_ensure('absent') }
it { should contain_ceilometer_config('DEFAULT/rabbit_hosts').with_value( params[:rabbit_hosts].join(',') ) }
it { should contain_ceilometer_config('DEFAULT/rabbit_ha_queues').with_value('false') }
+
end
shared_examples_for 'rabbit with HA support' do
it 'configures rabbit' do
should contain_ceilometer_config('DEFAULT/rabbit_userid').with_value( params[:rabbit_userid] )
should contain_ceilometer_config('DEFAULT/rabbit_password').with_value( params[:rabbit_password] )
+ should contain_ceilometer_config('DEFAULT/rabbit_password').with_value( params[:rabbit_password] ).with_secret(true)
should contain_ceilometer_config('DEFAULT/rabbit_virtual_host').with_value( params[:rabbit_virtual_host] )
end
it { should contain_ceilometer_config('DEFAULT/rabbit_port').with_ensure('absent') }
it { should contain_ceilometer_config('DEFAULT/rabbit_hosts').with_value( params[:rabbit_hosts].join(',') ) }
it { should contain_ceilometer_config('DEFAULT/rabbit_ha_queues').with_value('true') }
+
end
shared_examples_for 'rabbit with SSL support' do
it_raises 'a Puppet::Error', /The kombu_ssl_ca_certs parameter is required when rabbit_use_ssl is set to true/
end
-
end
shared_examples_for 'qpid support' do
it { should contain_ceilometer_config('DEFAULT/qpid_heartbeat').with_value('60') }
it { should contain_ceilometer_config('DEFAULT/qpid_protocol').with_value('tcp') }
it { should contain_ceilometer_config('DEFAULT/qpid_tcp_nodelay').with_value(true) }
- end
+ end
context("with mandatory parameters set") do
it { should contain_ceilometer_config('DEFAULT/rpc_backend').with_value('ceilometer.openstack.common.rpc.impl_qpid') }
it { should contain_ceilometer_config('DEFAULT/qpid_port').with_value( params[:qpid_port] ) }
it { should contain_ceilometer_config('DEFAULT/qpid_username').with_value( params[:qpid_username]) }
it { should contain_ceilometer_config('DEFAULT/qpid_password').with_value(params[:qpid_password]) }
+ it { should contain_ceilometer_config('DEFAULT/qpid_password').with_value( params[:qpid_password] ).with_secret(true) }
end
context("failing if the rpc_backend is not present") do
Code Review / puppet-modules / puppet-ceilometer.git / commitdiff