From 42d2c48ed322c728cf32a3769c3b6bd1a62f5575 Mon Sep 17 00:00:00 2001
From: Yanis Guenane <yanis.guenane@enovance.com>
Date: Fri, 16 May 2014 11:48:51 -0400
Subject: [PATCH] Fail when ssl parameters are missing and rabbit_use_ssl is
 set to true

This commit causes the run to fail is rabbit_use_ssl parameter is set
to true but the ssl related parameters remains undef.

Change-Id: Idd40601fe4a632204fdde120b857d0e22b6a2aed
(cherry picked from commit 55cbdace1730a3cb0af780ab9f7be703ac873eab)
---
 manifests/init.pp                    | 40 +++++++++++--------------
 spec/classes/ceilometer_init_spec.rb | 45 ++++++++++++++--------------
 2 files changed, 40 insertions(+), 45 deletions(-)

diff --git a/manifests/init.pp b/manifests/init.pp
index 09eae73..4f46cdd 100644
--- a/manifests/init.pp
+++ b/manifests/init.pp
@@ -111,6 +111,18 @@ class ceilometer(
 
   include ceilometer::params
 
+  if $rabbit_use_ssl {
+    if !$kombu_ssl_ca_certs {
+      fail('The kombu_ssl_ca_certs parameter is required when rabbit_use_ssl is set to true')
+    }
+    if !$kombu_ssl_certfile {
+      fail('The kombu_ssl_certfile parameter is required when rabbit_use_ssl is set to true')
+    }
+    if !$kombu_ssl_keyfile {
+      fail('The kombu_ssl_keyfile parameter is required when rabbit_use_ssl is set to true')
+    }
+  }
+
   File {
     require => Package['ceilometer-common'],
   }
@@ -177,28 +189,11 @@ class ceilometer(
       }
 
       if $rabbit_use_ssl {
-        if $kombu_ssl_ca_certs {
-          ceilometer_config { 'DEFAULT/kombu_ssl_ca_certs': value => $kombu_ssl_ca_certs }
-        } else {
-          ceilometer_config { 'DEFAULT/kombu_ssl_ca_certs': ensure => absent}
-        }
-
-        if $kombu_ssl_certfile {
-          ceilometer_config { 'DEFAULT/kombu_ssl_certfile': value => $kombu_ssl_certfile }
-        } else {
-          ceilometer_config { 'DEFAULT/kombu_ssl_certfile': ensure => absent}
-        }
-
-        if $kombu_ssl_keyfile {
-          ceilometer_config { 'DEFAULT/kombu_ssl_keyfile': value => $kombu_ssl_keyfile }
-        } else {
-          ceilometer_config { 'DEFAULT/kombu_ssl_keyfile': ensure => absent}
-        }
-
-        if $kombu_ssl_version {
-          ceilometer_config { 'DEFAULT/kombu_ssl_version': value => $kombu_ssl_version }
-        } else {
-          ceilometer_config { 'DEFAULT/kombu_ssl_version': ensure => absent}
+        ceilometer_config {
+          'DEFAULT/kombu_ssl_ca_certs': value => $kombu_ssl_ca_certs;
+          'DEFAULT/kombu_ssl_certfile': value => $kombu_ssl_certfile;
+          'DEFAULT/kombu_ssl_keyfile':  value => $kombu_ssl_keyfile;
+          'DEFAULT/kombu_ssl_version':  value => $kombu_ssl_version;
         }
       } else {
         ceilometer_config {
@@ -208,6 +203,7 @@ class ceilometer(
           'DEFAULT/kombu_ssl_version':  ensure => absent;
         }
       }
+
   }
 
   if $rpc_backend == 'ceilometer.openstack.common.rpc.impl_qpid' {
diff --git a/spec/classes/ceilometer_init_spec.rb b/spec/classes/ceilometer_init_spec.rb
index 67423e6..e1a6ee7 100644
--- a/spec/classes/ceilometer_init_spec.rb
+++ b/spec/classes/ceilometer_init_spec.rb
@@ -221,33 +221,32 @@ describe 'ceilometer' do
     end
 
     context "with SSL enabled" do
-      before { params.merge!( :rabbit_use_ssl => 'true' ) }
-      it { should contain_ceilometer_config('DEFAULT/rabbit_use_ssl').with_value('true') }
-      it { should contain_ceilometer_config('DEFAULT/kombu_ssl_ca_certs').with_ensure('absent') }
-      it { should contain_ceilometer_config('DEFAULT/kombu_ssl_certfile').with_ensure('absent') }
-      it { should contain_ceilometer_config('DEFAULT/kombu_ssl_keyfile').with_ensure('absent') }
-      it { should contain_ceilometer_config('DEFAULT/kombu_ssl_version').with_value('SSLv3') }
-
-      context "with ca_certs" do
-        before { params.merge!( :kombu_ssl_ca_certs => '/path/to/ca.crt' ) }
-        it { should contain_ceilometer_config('DEFAULT/kombu_ssl_ca_certs').with_value('/path/to/ca.crt') }
-      end
+      before { params.merge!(
+        :rabbit_use_ssl     => 'true',
+        :kombu_ssl_ca_certs => '/path/to/ca.crt',
+        :kombu_ssl_certfile => '/path/to/cert.crt',
+        :kombu_ssl_keyfile  => '/path/to/cert.key',
+        :kombu_ssl_version  => 'TLSv1'
+      ) }
 
-      context "with certfile" do
-        before { params.merge!( :kombu_ssl_certfile => '/path/to/cert.crt' ) }
-        it { should contain_ceilometer_config('DEFAULT/kombu_ssl_certfile').with_value('/path/to/cert.crt') }
-      end
+      it { should contain_ceilometer_config('DEFAULT/rabbit_use_ssl').with_value('true') }
+      it { should contain_ceilometer_config('DEFAULT/kombu_ssl_ca_certs').with_value('/path/to/ca.crt') }
+      it { should contain_ceilometer_config('DEFAULT/kombu_ssl_certfile').with_value('/path/to/cert.crt') }
+      it { should contain_ceilometer_config('DEFAULT/kombu_ssl_keyfile').with_value('/path/to/cert.key') }
+      it { should contain_ceilometer_config('DEFAULT/kombu_ssl_version').with_value('TLSv1') }
+    end
 
-      context "with keyfile" do
-        before { params.merge!( :kombu_ssl_keyfile => '/path/to/cert.key' ) }
-        it { should contain_ceilometer_config('DEFAULT/kombu_ssl_keyfile').with_value('/path/to/cert.key') }
-      end
+    context "with SSL wrongly configured" do
+      before { params.merge!(
+        :rabbit_use_ssl     => 'false',
+        :kombu_ssl_certfile => '/path/to/cert.crt',
+        :kombu_ssl_keyfile  => '/path/to/cert.key',
+        :kombu_ssl_version  => 'TLSv1'
+      ) }
 
-      context "with version" do
-        before { params.merge!( :kombu_ssl_version => 'TLSv1' ) }
-        it { should contain_ceilometer_config('DEFAULT/kombu_ssl_version').with_value('TLSv1') }
-      end
+      it_raises 'a Puppet::Error', /The kombu_ssl_ca_certs parameter is required when rabbit_use_ssl is set to true/
     end
+
   end
 
   shared_examples_for 'qpid support' do
-- 
2.45.2