From 8e97414369d2284a2163d72f6cd461aa792a2db0 Mon Sep 17 00:00:00 2001
From: =?utf8?q?Fran=C3=A7ois=20Charlier?= <francois.charlier@enovance.com>
Date: Sat, 20 Apr 2013 04:29:00 +0200
Subject: [PATCH] Ensure passwords/secrets are specified by user

---
 manifests/db/mysql.pp                         | 6 +++---
 manifests/init.pp                             | 4 ++--
 manifests/keystone/auth.pp                    | 4 ++--
 spec/classes/ceilometer_api_spec.rb           | 5 +++++
 spec/classes/ceilometer_db_mysql_spec.rb      | 5 +++++
 spec/classes/ceilometer_init_spec.rb          | 5 +++++
 spec/classes/ceilometer_keystone_auth_spec.rb | 5 +++++
 7 files changed, 27 insertions(+), 7 deletions(-)

diff --git a/manifests/db/mysql.pp b/manifests/db/mysql.pp
index 82b4182..643c556 100644
--- a/manifests/db/mysql.pp
+++ b/manifests/db/mysql.pp
@@ -17,7 +17,7 @@
 #    Optional. Defaults to 'latin1'
 
 class ceilometer::db::mysql(
-  $password      = undef,
+  $password      = false,
   $dbname        = 'ceilometer',
   $user          = 'ceilometer',
   $host          = 'localhost',
@@ -25,12 +25,12 @@ class ceilometer::db::mysql(
   $charset       = 'latin1',
 ) {
 
+  validate_string($password)
+
   Class['mysql::server'] -> Class['ceilometer::db::mysql']
   Class['ceilometer::db::mysql'] -> Exec<| title == 'ceilometer-dbsync' |>
   Mysql::Db[$dbname] ~> Exec<| title == 'ceilometer-dbsync' |>
 
-  #FIXME: ensure password is not empty
-
   mysql::db { $dbname:
     user         => $user,
     password     => $password,
diff --git a/manifests/init.pp b/manifests/init.pp
index e581e49..3251991 100644
--- a/manifests/init.pp
+++ b/manifests/init.pp
@@ -26,7 +26,7 @@
 #     Optional. Defaults to '/'
 #
 class ceilometer(
-  $metering_secret    = undef,
+  $metering_secret    = false,
   $package_ensure     = 'present',
   $verbose            = 'False',
   $debug              = 'False',
@@ -38,7 +38,7 @@ class ceilometer(
   $rabbit_virtualhost = '/',
 ) {
 
-  #FIXME: ensure metering_secret is non-empty
+  validate_string($metering_secret)
 
   include ceilometer::params
 
diff --git a/manifests/keystone/auth.pp b/manifests/keystone/auth.pp
index c5b2a14..37cf32f 100644
--- a/manifests/keystone/auth.pp
+++ b/manifests/keystone/auth.pp
@@ -29,7 +29,7 @@
 #    Optional. Defaults to true
 #
 class ceilometer::keystone::auth(
-  $password           = undef,
+  $password           = false,
   $email              = 'ceilometer@localhost',
   $auth_name          = 'ceilometer',
   $service_type       = 'metering',
@@ -45,7 +45,7 @@ class ceilometer::keystone::auth(
   $configure_endpoint = true
 ) {
 
-  #FIXME: ensure $password is not empty
+  validate_string($password)
 
   Keystone_user_role["${auth_name}@${tenant}"] ~>
     Service <| name == 'ceilometer' |>
diff --git a/spec/classes/ceilometer_api_spec.rb b/spec/classes/ceilometer_api_spec.rb
index c50a3af..fc86640 100644
--- a/spec/classes/ceilometer_api_spec.rb
+++ b/spec/classes/ceilometer_api_spec.rb
@@ -19,6 +19,11 @@ describe 'ceilometer::api' do
 
   shared_examples_for 'ceilometer-api' do
 
+    context 'without required parameter keystone_password' do
+      before { params.delete(:keystone_password) }
+      it { expect { should raise_error(Puppet::Error) } }
+    end
+
     it { should include_class('ceilometer::params') }
 
     it 'installs ceilometer-api package' do
diff --git a/spec/classes/ceilometer_db_mysql_spec.rb b/spec/classes/ceilometer_db_mysql_spec.rb
index d6d150c..f0c02b3 100644
--- a/spec/classes/ceilometer_db_mysql_spec.rb
+++ b/spec/classes/ceilometer_db_mysql_spec.rb
@@ -17,6 +17,11 @@ describe 'ceilometer::db::mysql' do
 
   shared_examples_for 'ceilometer mysql database' do
 
+    context 'when omiting the required parameter password' do
+      before { params.delete(:password) }
+      it { expect { should raise_error(Puppet::Error) } }
+    end
+
     it 'creates a mysql database' do
       should contain_mysql__db( params[:dbname] ).with(
         :user     => params[:user],
diff --git a/spec/classes/ceilometer_init_spec.rb b/spec/classes/ceilometer_init_spec.rb
index f006878..54a194f 100644
--- a/spec/classes/ceilometer_init_spec.rb
+++ b/spec/classes/ceilometer_init_spec.rb
@@ -93,6 +93,11 @@ describe 'ceilometer' do
       should contain_ceilometer_config('DEFAULT/metering_secret').with_value('metering-s3cr3t')
     end
 
+    context 'without the required metering_secret' do
+      before { params.delete(:metering_secret) }
+      it { expect { should raise_error(Puppet::Error) } }
+    end
+
     it 'configures rabbit' do
       should contain_ceilometer_config('DEFAULT/rabbit_userid').with_value( params[:rabbit_userid] )
       should contain_ceilometer_config('DEFAULT/rabbit_password').with_value( params[:rabbit_password] )
diff --git a/spec/classes/ceilometer_keystone_auth_spec.rb b/spec/classes/ceilometer_keystone_auth_spec.rb
index 1e090d4..efe9545 100644
--- a/spec/classes/ceilometer_keystone_auth_spec.rb
+++ b/spec/classes/ceilometer_keystone_auth_spec.rb
@@ -20,6 +20,11 @@ describe 'ceilometer::keystone::auth' do
 
   shared_examples_for 'ceilometer keystone auth' do
 
+    context 'without the required password parameter' do
+      before { params.delete(:password) }
+      it { expect { should raise_error(Puppet::Error) } }
+    end
+
     it 'configures ceilometer user' do
       should contain_keystone_user( params[:auth_name] ).with(
         :ensure   => 'present',
-- 
2.45.2