Enable heat server to be run in SSL mode
This commit allows one to specify cert and key file to run heat server in SSL mode. Note: The flag use_ssl per se is not used in heat yet, its purpose here it to verify collateral parameters. Change-Id: I94d0b461adc752b028770aea71bf4e4612722539
This commit is contained in:
parent
85a98e13e8
commit
025b8cb830
|
@ -4,7 +4,10 @@ class heat::api (
|
|||
$enabled = true,
|
||||
$bind_host = '0.0.0.0',
|
||||
$bind_port = '8004',
|
||||
$workers = '0'
|
||||
$workers = '0',
|
||||
$use_ssl = false,
|
||||
$cert_file = false,
|
||||
$key_file = false,
|
||||
) {
|
||||
|
||||
include heat
|
||||
|
@ -15,6 +18,15 @@ class heat::api (
|
|||
Package['heat-api'] -> Heat_config<||>
|
||||
Package['heat-api'] -> Service['heat-api']
|
||||
|
||||
if $use_ssl {
|
||||
if !$cert_file {
|
||||
fail('The cert_file parameter is required when use_ssl is set to true')
|
||||
}
|
||||
if !$key_file {
|
||||
fail('The key_file parameter is required when use_ssl is set to true')
|
||||
}
|
||||
}
|
||||
|
||||
package { 'heat-api':
|
||||
ensure => installed,
|
||||
name => $::heat::params::api_package_name,
|
||||
|
@ -42,4 +54,18 @@ class heat::api (
|
|||
'heat_api/bind_port' : value => $bind_port;
|
||||
'heat_api/workers' : value => $workers;
|
||||
}
|
||||
|
||||
# SSL Options
|
||||
if $use_ssl {
|
||||
heat_config {
|
||||
'heat_api/cert_file' : value => $cert_file;
|
||||
'heat_api/key_file' : value => $key_file;
|
||||
}
|
||||
} else {
|
||||
heat_config {
|
||||
'heat_api/cert_file' : ensure => absent;
|
||||
'heat_api/key_file' : ensure => absent;
|
||||
}
|
||||
}
|
||||
|
||||
}
|
||||
|
|
|
@ -4,7 +4,10 @@ class heat::api_cfn (
|
|||
$enabled = true,
|
||||
$bind_host = '0.0.0.0',
|
||||
$bind_port = '8000',
|
||||
$workers = '0'
|
||||
$workers = '0',
|
||||
$use_ssl = false,
|
||||
$cert_file = false,
|
||||
$key_file = false,
|
||||
) {
|
||||
|
||||
include heat
|
||||
|
@ -14,6 +17,16 @@ class heat::api_cfn (
|
|||
|
||||
Package['heat-api-cfn'] -> Heat_config<||>
|
||||
Package['heat-api-cfn'] -> Service['heat-api-cfn']
|
||||
|
||||
if $use_ssl {
|
||||
if !$cert_file {
|
||||
fail('The cert_file parameter is required when use_ssl is set to true')
|
||||
}
|
||||
if !$key_file {
|
||||
fail('The key_file parameter is required when use_ssl is set to true')
|
||||
}
|
||||
}
|
||||
|
||||
package { 'heat-api-cfn':
|
||||
ensure => installed,
|
||||
name => $::heat::params::api_cfn_package_name,
|
||||
|
@ -41,4 +54,18 @@ class heat::api_cfn (
|
|||
'heat_api_cfn/bind_port' : value => $bind_port;
|
||||
'heat_api_cfn/workers' : value => $workers;
|
||||
}
|
||||
|
||||
# SSL Options
|
||||
if $use_ssl {
|
||||
heat_config {
|
||||
'heat_api_cfn/cert_file' : value => $cert_file;
|
||||
'heat_api_cfn/key_file' : value => $key_file;
|
||||
}
|
||||
} else {
|
||||
heat_config {
|
||||
'heat_api_cfn/cert_file' : ensure => absent;
|
||||
'heat_api_cfn/key_file' : ensure => absent;
|
||||
}
|
||||
}
|
||||
|
||||
}
|
||||
|
|
|
@ -4,7 +4,10 @@ class heat::api_cloudwatch (
|
|||
$enabled = true,
|
||||
$bind_host = '0.0.0.0',
|
||||
$bind_port = '8003',
|
||||
$workers = '0'
|
||||
$workers = '0',
|
||||
$use_ssl = false,
|
||||
$cert_file = false,
|
||||
$key_file = false,
|
||||
) {
|
||||
|
||||
include heat
|
||||
|
@ -14,6 +17,16 @@ class heat::api_cloudwatch (
|
|||
|
||||
Package['heat-api-cloudwatch'] -> Heat_config<||>
|
||||
Package['heat-api-cloudwatch'] -> Service['heat-api-cloudwatch']
|
||||
|
||||
if $use_ssl {
|
||||
if !$cert_file {
|
||||
fail('The cert_file parameter is required when use_ssl is set to true')
|
||||
}
|
||||
if !$key_file {
|
||||
fail('The key_file parameter is required when use_ssl is set to true')
|
||||
}
|
||||
}
|
||||
|
||||
package { 'heat-api-cloudwatch':
|
||||
ensure => installed,
|
||||
name => $::heat::params::api_cloudwatch_package_name,
|
||||
|
@ -41,4 +54,18 @@ class heat::api_cloudwatch (
|
|||
'heat_api_cloudwatch/bind_port' : value => $bind_port;
|
||||
'heat_api_cloudwatch/workers' : value => $workers;
|
||||
}
|
||||
|
||||
# SSL Options
|
||||
if $use_ssl {
|
||||
heat_config {
|
||||
'heat_api_cloudwatch/cert_file' : value => $cert_file;
|
||||
'heat_api_cloudwatch/key_file' : value => $key_file;
|
||||
}
|
||||
} else {
|
||||
heat_config {
|
||||
'heat_api_cloudwatch/cert_file' : ensure => absent;
|
||||
'heat_api_cloudwatch/key_file' : ensure => absent;
|
||||
}
|
||||
}
|
||||
|
||||
}
|
||||
|
|
|
@ -25,4 +25,41 @@ describe 'heat::api_cfn' do
|
|||
|
||||
end
|
||||
|
||||
context 'with SSL socket options set' do
|
||||
let :params do
|
||||
{
|
||||
:use_ssl => true,
|
||||
:cert_file => '/path/to/cert',
|
||||
:key_file => '/path/to/key'
|
||||
}
|
||||
end
|
||||
|
||||
it { should contain_heat_config('heat_api_cfn/cert_file').with_value('/path/to/cert') }
|
||||
it { should contain_heat_config('heat_api_cfn/key_file').with_value('/path/to/key') }
|
||||
end
|
||||
|
||||
context 'with SSL socket options set with wrong parameters' do
|
||||
let :params do
|
||||
{
|
||||
:use_ssl => true,
|
||||
:key_file => '/path/to/key'
|
||||
}
|
||||
end
|
||||
|
||||
it_raises 'a Puppet::Error', /The cert_file parameter is required when use_ssl is set to true/
|
||||
end
|
||||
|
||||
context 'with SSL socket options set to false' do
|
||||
let :params do
|
||||
{
|
||||
:use_ssl => false,
|
||||
:cert_file => false,
|
||||
:key_file => false
|
||||
}
|
||||
end
|
||||
|
||||
it { should contain_heat_config('heat_api_cfn/cert_file').with_ensure('absent') }
|
||||
it { should contain_heat_config('heat_api_cfn/key_file').with_ensure('absent') }
|
||||
end
|
||||
|
||||
end
|
||||
|
|
|
@ -25,4 +25,41 @@ describe 'heat::api_cloudwatch' do
|
|||
|
||||
end
|
||||
|
||||
context 'with SSL socket options set' do
|
||||
let :params do
|
||||
{
|
||||
:use_ssl => true,
|
||||
:cert_file => '/path/to/cert',
|
||||
:key_file => '/path/to/key'
|
||||
}
|
||||
end
|
||||
|
||||
it { should contain_heat_config('heat_api_cloudwatch/cert_file').with_value('/path/to/cert') }
|
||||
it { should contain_heat_config('heat_api_cloudwatch/key_file').with_value('/path/to/key') }
|
||||
end
|
||||
|
||||
context 'with SSL socket options set with wrong parameters' do
|
||||
let :params do
|
||||
{
|
||||
:use_ssl => true,
|
||||
:key_file => '/path/to/key'
|
||||
}
|
||||
end
|
||||
|
||||
it_raises 'a Puppet::Error', /The cert_file parameter is required when use_ssl is set to true/
|
||||
end
|
||||
|
||||
context 'with SSL socket options set to false' do
|
||||
let :params do
|
||||
{
|
||||
:use_ssl => false,
|
||||
:cert_file => false,
|
||||
:key_file => false
|
||||
}
|
||||
end
|
||||
|
||||
it { should contain_heat_config('heat_api_cloudwatch/cert_file').with_ensure('absent') }
|
||||
it { should contain_heat_config('heat_api_cloudwatch/key_file').with_ensure('absent') }
|
||||
end
|
||||
|
||||
end
|
||||
|
|
|
@ -25,4 +25,41 @@ describe 'heat::api' do
|
|||
|
||||
end
|
||||
|
||||
context 'with SSL socket options set' do
|
||||
let :params do
|
||||
{
|
||||
:use_ssl => true,
|
||||
:cert_file => '/path/to/cert',
|
||||
:key_file => '/path/to/key'
|
||||
}
|
||||
end
|
||||
|
||||
it { should contain_heat_config('heat_api/cert_file').with_value('/path/to/cert') }
|
||||
it { should contain_heat_config('heat_api/key_file').with_value('/path/to/key') }
|
||||
end
|
||||
|
||||
context 'with SSL socket options set with wrong parameters' do
|
||||
let :params do
|
||||
{
|
||||
:use_ssl => true,
|
||||
:key_file => '/path/to/key'
|
||||
}
|
||||
end
|
||||
|
||||
it_raises 'a Puppet::Error', /The cert_file parameter is required when use_ssl is set to true/
|
||||
end
|
||||
|
||||
context 'with SSL socket options set to false' do
|
||||
let :params do
|
||||
{
|
||||
:use_ssl => false,
|
||||
:cert_file => false,
|
||||
:key_file => false
|
||||
}
|
||||
end
|
||||
|
||||
it { should contain_heat_config('heat_api/cert_file').with_ensure('absent') }
|
||||
it { should contain_heat_config('heat_api/key_file').with_ensure('absent') }
|
||||
end
|
||||
|
||||
end
|
||||
|
|
Loading…
Reference in New Issue