From: Mike Dorman <mdorman@godaddy.com>
Date: Thu, 4 Sep 2014 19:49:30 +0000 (-0600)
Subject: Makes kombu_ssl_* parameters optional when rabbit_use_ssl => true
X-Git-Tag: 4.2.0~3
X-Git-Url: https://review.fuel-infra.org/gitweb?a=commitdiff_plain;h=aa3933ccde8a4f8d39736a2d503cb085d4fae998;p=puppet-modules%2Fpuppet-ceilometer.git

Makes kombu_ssl_* parameters optional when rabbit_use_ssl => true

The kombu_ssl_* parameters should not be required when rabbit_use_ssl => true
Rather, rabbit_use_ssl must be set to true if the kombu_ssl_* parameters are
used.

Change-Id: I7664dda2c66ffb34ceb56ada722574ae0e490f8f
Closes-Bug: 1356083
(cherry picked from commit 957c2120d0ee0b9db08bfddcce996686ba61d97d)
---

diff --git a/manifests/init.pp b/manifests/init.pp
index 4f46cdd..c5bd7f5 100644
--- a/manifests/init.pp
+++ b/manifests/init.pp
@@ -111,16 +111,17 @@ class ceilometer(
 
   include ceilometer::params
 
-  if $rabbit_use_ssl {
-    if !$kombu_ssl_ca_certs {
-      fail('The kombu_ssl_ca_certs parameter is required when rabbit_use_ssl is set to true')
-    }
-    if !$kombu_ssl_certfile {
-      fail('The kombu_ssl_certfile parameter is required when rabbit_use_ssl is set to true')
-    }
-    if !$kombu_ssl_keyfile {
-      fail('The kombu_ssl_keyfile parameter is required when rabbit_use_ssl is set to true')
-    }
+  if $kombu_ssl_ca_certs and !$rabbit_use_ssl {
+    fail('The kombu_ssl_ca_certs parameter requires rabbit_use_ssl to be set to true')
+  }
+  if $kombu_ssl_certfile and !$rabbit_use_ssl {
+    fail('The kombu_ssl_certfile parameter requires rabbit_use_ssl to be set to true')
+  }
+  if $kombu_ssl_keyfile and !$rabbit_use_ssl {
+    fail('The kombu_ssl_keyfile parameter requires rabbit_use_ssl to be set to true')
+  }
+  if ($kombu_ssl_certfile and !$kombu_ssl_keyfile) or ($kombu_ssl_keyfile and !$kombu_ssl_certfile) {
+    fail('The kombu_ssl_certfile and kombu_ssl_keyfile parameters must be used together')
   }
 
   File {
@@ -189,12 +190,31 @@ class ceilometer(
       }
 
       if $rabbit_use_ssl {
+
+      if $kombu_ssl_ca_certs {
+        ceilometer_config { 'DEFAULT/kombu_ssl_ca_certs': value => $kombu_ssl_ca_certs; }
+      } else {
+        ceilometer_config { 'DEFAULT/kombu_ssl_ca_certs': ensure => absent; }
+      }
+
+      if $kombu_ssl_certfile or $kombu_ssl_keyfile {
         ceilometer_config {
-          'DEFAULT/kombu_ssl_ca_certs': value => $kombu_ssl_ca_certs;
           'DEFAULT/kombu_ssl_certfile': value => $kombu_ssl_certfile;
           'DEFAULT/kombu_ssl_keyfile':  value => $kombu_ssl_keyfile;
-          'DEFAULT/kombu_ssl_version':  value => $kombu_ssl_version;
         }
+      } else {
+        ceilometer_config {
+          'DEFAULT/kombu_ssl_certfile': ensure => absent;
+          'DEFAULT/kombu_ssl_keyfile':  ensure => absent;
+        }
+      }
+
+      if $kombu_ssl_version {
+        ceilometer_config { 'DEFAULT/kombu_ssl_version':  value => $kombu_ssl_version; }
+      } else {
+        ceilometer_config { 'DEFAULT/kombu_ssl_version':  ensure => absent; }
+      }
+
       } else {
         ceilometer_config {
           'DEFAULT/kombu_ssl_ca_certs': ensure => absent;
diff --git a/spec/classes/ceilometer_init_spec.rb b/spec/classes/ceilometer_init_spec.rb
index e1a6ee7..0bcfced 100644
--- a/spec/classes/ceilometer_init_spec.rb
+++ b/spec/classes/ceilometer_init_spec.rb
@@ -220,7 +220,7 @@ describe 'ceilometer' do
       it { should contain_ceilometer_config('DEFAULT/kombu_ssl_version').with_ensure('absent') }
     end
 
-    context "with SSL enabled" do
+    context "with SSL enabled with kombu" do
       before { params.merge!(
         :rabbit_use_ssl     => 'true',
         :kombu_ssl_ca_certs => '/path/to/ca.crt',
@@ -236,15 +236,33 @@ describe 'ceilometer' do
       it { should contain_ceilometer_config('DEFAULT/kombu_ssl_version').with_value('TLSv1') }
     end
 
-    context "with SSL wrongly configured" do
+    context "with SSL enabled without kombu" do
       before { params.merge!(
-        :rabbit_use_ssl     => 'false',
-        :kombu_ssl_certfile => '/path/to/cert.crt',
-        :kombu_ssl_keyfile  => '/path/to/cert.key',
-        :kombu_ssl_version  => 'TLSv1'
+        :rabbit_use_ssl     => 'true'
       ) }
 
-      it_raises 'a Puppet::Error', /The kombu_ssl_ca_certs parameter is required when rabbit_use_ssl is set to true/
+      it { should contain_ceilometer_config('DEFAULT/rabbit_use_ssl').with_value('true') }
+      it { should contain_ceilometer_config('DEFAULT/kombu_ssl_ca_certs').with_ensure('absent') }
+      it { should contain_ceilometer_config('DEFAULT/kombu_ssl_certfile').with_ensure('absent') }
+      it { should contain_ceilometer_config('DEFAULT/kombu_ssl_keyfile').with_ensure('absent') }
+      it { should contain_ceilometer_config('DEFAULT/kombu_ssl_version').with_value('SSLv3') }
+    end
+
+    context "with SSL wrongly configured" do
+      context 'with kombu_ssl_ca_certs parameter' do
+        before { params.merge!(:kombu_ssl_ca_certs => '/path/to/ca.crt') }
+        it_raises 'a Puppet::Error', /The kombu_ssl_ca_certs parameter requires rabbit_use_ssl to be set to true/
+      end
+
+      context 'with kombu_ssl_certfile parameter' do
+        before { params.merge!(:kombu_ssl_certfile => '/path/to/ssl/cert/file') }
+        it_raises 'a Puppet::Error', /The kombu_ssl_certfile parameter requires rabbit_use_ssl to be set to true/
+      end
+
+      context 'with kombu_ssl_keyfile parameter' do
+        before { params.merge!(:kombu_ssl_keyfile => '/path/to/ssl/keyfile') }
+        it_raises 'a Puppet::Error', /The kombu_ssl_keyfile parameter requires rabbit_use_ssl to be set to true/
+      end
     end
 
   end