Merge "Add SSL parameters for rabbit"

2014-04-17 13:15:56 +00:00 · 2014-04-17 13:15:56 +00:00 · 2847d4d42f
parent 1cd2e6404f 217567fbee
commit 2847d4d42f
2 changed files with 109 additions and 0 deletions
--- a/manifests/init.pp
+++ b/manifests/init.pp
@ -28,6 +28,23 @@
 #    password to connect to the rabbit_server. Optional. Defaults to empty.
 #  [*rabbit_virtual_host*]
 #    virtual_host to use. Optional. Defaults to '/'
+#  [*rabbit_use_ssl*]
+#    (optional) Connect over SSL for RabbitMQ
+#    Defaults to false
+#  [*kombu_ssl_ca_certs*]
+#    (optional) SSL certification authority file (valid only if SSL enabled).
+#    Defaults to undef
+#  [*kombu_ssl_certfile*]
+#    (optional) SSL cert file (valid only if SSL enabled).
+#    Defaults to undef
+#  [*kombu_ssl_keyfile*]
+#    (optional) SSL key file (valid only if SSL enabled).
+#    Defaults to undef
+#  [*kombu_ssl_version*]
+#    (optional) SSL version to use (valid only if SSL enabled).
+#    Valid values are TLSv1, SSLv23 and SSLv3. SSLv2 may be
+#    available on some distributions.
+#    Defaults to 'SSLv3'
 #  [*amqp_durable_queues*]
 #    Use durable queues in amqp. Defaults to false
 #
@ -96,6 +113,11 @@ class heat(
  $rabbit_userid               = 'guest',
  $rabbit_password             = '',
  $rabbit_virtual_host         = '/',
+  $rabbit_use_ssl              = false,
+  $kombu_ssl_ca_certs          = undef,
+  $kombu_ssl_certfile          = undef,
+  $kombu_ssl_keyfile           = undef,
+  $kombu_ssl_version           = 'SSLv3',
  $amqp_durable_queues         = false,
  $qpid_hostname               = 'localhost',
  $qpid_port                   = 5672,
@ -182,8 +204,41 @@ class heat(
      'DEFAULT/rabbit_userid'          : value => $rabbit_userid;
      'DEFAULT/rabbit_password'        : value => $rabbit_password;
      'DEFAULT/rabbit_virtual_host'    : value => $rabbit_virtual_host;
+      'DEFAULT/rabbit_use_ssl'         : value => $rabbit_use_ssl;
      'DEFAULT/amqp_durable_queues'    : value => $amqp_durable_queues;
    }
+
+    if $rabbit_use_ssl {
+      heat_config { 'DEFAULT/kombu_ssl_version': value => $kombu_ssl_version }
+
+      if $kombu_ssl_ca_certs {
+        heat_config { 'DEFAULT/kombu_ssl_ca_certs': value => $kombu_ssl_ca_certs }
+      } else {
+        heat_config { 'DEFAULT/kombu_ssl_ca_certs': ensure => absent}
+      }
+
+      if $kombu_ssl_certfile {
+        heat_config { 'DEFAULT/kombu_ssl_certfile': value => $kombu_ssl_certfile }
+      } else {
+        heat_config { 'DEFAULT/kombu_ssl_certfile': ensure => absent}
+      }
+
+      if $kombu_ssl_keyfile {
+        heat_config { 'DEFAULT/kombu_ssl_keyfile': value => $kombu_ssl_keyfile }
+      } else {
+        heat_config { 'DEFAULT/kombu_ssl_keyfile': ensure => absent}
+      }
+    } else {
+      heat_config {
+        'DEFAULT/kombu_ssl_version':  ensure => absent;
+        'DEFAULT/kombu_ssl_ca_certs': ensure => absent;
+        'DEFAULT/kombu_ssl_certfile': ensure => absent;
+        'DEFAULT/kombu_ssl_keyfile':  ensure => absent;
+      }
+      if ($kombu_ssl_keyfile or $kombu_ssl_certfile or $kombu_ssl_ca_certs) {
+        notice('Configuration of certificates with $rabbit_use_ssl == false is a useless config')
+      }
+    }
  }

  if $rpc_backend == 'heat.openstack.common.rpc.impl_qpid' {
--- a/spec/classes/heat_init_spec.rb
+++ b/spec/classes/heat_init_spec.rb
@ -157,6 +157,11 @@ describe 'heat' do
      should contain_heat_config('DEFAULT/rabbit_userid').with_value( params[:rabbit_userid] )
      should contain_heat_config('DEFAULT/rabbit_password').with_value( params[:rabbit_password] )
      should contain_heat_config('DEFAULT/rabbit_virtual_host').with_value( params[:rabbit_virtual_host] )
+      should contain_heat_config('DEFAULT/rabbit_use_ssl').with_value(false)
+      should contain_heat_config('DEFAULT/kombu_ssl_ca_certs').with_ensure('absent')
+      should contain_heat_config('DEFAULT/kombu_ssl_certfile').with_ensure('absent')
+      should contain_heat_config('DEFAULT/kombu_ssl_keyfile').with_ensure('absent')
+      should contain_heat_config('DEFAULT/kombu_ssl_version').with_ensure('absent')
    end
    it { should contain_heat_config('DEFAULT/rabbit_host').with_value( params[:rabbit_host] ) }
    it { should contain_heat_config('DEFAULT/rabbit_port').with_value( params[:rabbit_port] ) }
@ -170,6 +175,11 @@ describe 'heat' do
      should contain_heat_config('DEFAULT/rabbit_userid').with_value( params[:rabbit_userid] )
      should contain_heat_config('DEFAULT/rabbit_password').with_value( params[:rabbit_password] )
      should contain_heat_config('DEFAULT/rabbit_virtual_host').with_value( params[:rabbit_virtual_host] )
+      should contain_heat_config('DEFAULT/rabbit_use_ssl').with_value(false)
+      should contain_heat_config('DEFAULT/kombu_ssl_ca_certs').with_ensure('absent')
+      should contain_heat_config('DEFAULT/kombu_ssl_certfile').with_ensure('absent')
+      should contain_heat_config('DEFAULT/kombu_ssl_keyfile').with_ensure('absent')
+      should contain_heat_config('DEFAULT/kombu_ssl_version').with_ensure('absent')
    end
    it { should contain_heat_config('DEFAULT/rabbit_host').with_ensure('absent') }
    it { should contain_heat_config('DEFAULT/rabbit_port').with_ensure('absent') }
@ -183,6 +193,11 @@ describe 'heat' do
      should contain_heat_config('DEFAULT/rabbit_userid').with_value( params[:rabbit_userid] )
      should contain_heat_config('DEFAULT/rabbit_password').with_value( params[:rabbit_password] )
      should contain_heat_config('DEFAULT/rabbit_virtual_host').with_value( params[:rabbit_virtual_host] )
+      should contain_heat_config('DEFAULT/rabbit_use_ssl').with_value(false)
+      should contain_heat_config('DEFAULT/kombu_ssl_ca_certs').with_ensure('absent')
+      should contain_heat_config('DEFAULT/kombu_ssl_certfile').with_ensure('absent')
+      should contain_heat_config('DEFAULT/kombu_ssl_keyfile').with_ensure('absent')
+      should contain_heat_config('DEFAULT/kombu_ssl_version').with_ensure('absent')
    end
    it { should contain_heat_config('DEFAULT/rabbit_host').with_ensure('absent') }
    it { should contain_heat_config('DEFAULT/rabbit_port').with_ensure('absent') }
@ -287,6 +302,45 @@ describe 'heat' do
    end
  end

+  context 'with rabbit_use_ssl parameter' do
+    let :facts do
+      { :osfamily => 'Debian' }
+    end
+    let :params do
+      { :rabbit_use_ssl => 'true' }
+    end
+
+    it 'configures rabbit' do
+      should contain_heat_config('DEFAULT/rabbit_use_ssl').with_value(true)
+      should contain_heat_config('DEFAULT/amqp_durable_queues').with_value(false)
+      should contain_heat_config('DEFAULT/kombu_ssl_ca_certs').with_ensure('absent')
+      should contain_heat_config('DEFAULT/kombu_ssl_certfile').with_ensure('absent')
+      should contain_heat_config('DEFAULT/kombu_ssl_keyfile').with_ensure('absent')
+      should contain_heat_config('DEFAULT/kombu_ssl_version').with_value('SSLv3')
+    end
+  end
+
+  context 'with amqp ssl parameters' do
+    let :facts do
+      { :osfamily => 'Debian' }
+    end
+    let :params do
+      { :rabbit_use_ssl     => 'true',
+        :kombu_ssl_ca_certs => '/etc/ca.cert',
+        :kombu_ssl_certfile => '/etc/certfile',
+        :kombu_ssl_keyfile  => '/etc/key',
+        :kombu_ssl_version  => 'TLSv1', }
+    end
+
+    it 'configures rabbit' do
+      should contain_heat_config('DEFAULT/rabbit_use_ssl').with_value(true)
+      should contain_heat_config('DEFAULT/kombu_ssl_ca_certs').with_value('/etc/ca.cert')
+      should contain_heat_config('DEFAULT/kombu_ssl_certfile').with_value('/etc/certfile')
+      should contain_heat_config('DEFAULT/kombu_ssl_keyfile').with_value('/etc/key')
+      should contain_heat_config('DEFAULT/kombu_ssl_version').with_value('TLSv1')
+    end
+  end
+
  context 'on Debian platforms' do
    let :facts do
      { :osfamily => 'Debian' }