From 97ee84e76f28289eca5884d151d85773a4052d44 Mon Sep 17 00:00:00 2001 From: Takashi Kajinami Date: Sun, 14 Jan 2024 21:57:14 +0900 Subject: [PATCH] Add support for [healthcheck] allowed_source_ranges Change-Id: Iddb38da980cf01536185c6c910ca68ac35c8a436 --- manifests/healthcheck.pp | 8 ++++++++ ...ealthcheck-allowed_source_ranges-63562e58d1a96e74.yaml | 4 ++++ spec/defines/oslo_healthcheck_spec.rb | 5 +++++ 3 files changed, 17 insertions(+) create mode 100644 releasenotes/notes/healthcheck-allowed_source_ranges-63562e58d1a96e74.yaml diff --git a/manifests/healthcheck.pp b/manifests/healthcheck.pp index 6a42a2d..704e9fe 100644 --- a/manifests/healthcheck.pp +++ b/manifests/healthcheck.pp @@ -13,6 +13,11 @@ # that information back as part of a request. # Defaults to $facts['os_service_default'] # +# [*allowed_source_ranges*] +# (Optional) A list of network addresses to limit source ip allowed to access +# healthcheck information. +# Defaults to $facts['os_service_default'] +# # [*disable_by_file_path*] # (Optional) Check the presence of a file to determine if an application # is running on a port. @@ -26,16 +31,19 @@ define oslo::healthcheck( $detailed = $facts['os_service_default'], $backends = $facts['os_service_default'], + $allowed_source_ranges = $facts['os_service_default'], $disable_by_file_path = $facts['os_service_default'], $disable_by_file_paths = $facts['os_service_default'], ) { $backends_real = join(any2array($backends), ',') + $allowed_source_ranges_real = join(any2array($allowed_source_ranges), ',') $disable_by_file_paths_real = join(any2array($disable_by_file_paths), ',') $healthcheck_options = { 'healthcheck/detailed' => { value => $detailed }, 'healthcheck/backends' => { value => $backends_real }, + 'healthcheck/allowed_source_ranges' => { value => $allowed_source_ranges_real }, 'healthcheck/disable_by_file_path' => { value => $disable_by_file_path }, 'healthcheck/disable_by_file_paths' => { value => $disable_by_file_paths_real}, } diff --git a/releasenotes/notes/healthcheck-allowed_source_ranges-63562e58d1a96e74.yaml b/releasenotes/notes/healthcheck-allowed_source_ranges-63562e58d1a96e74.yaml new file mode 100644 index 0000000..05b694b --- /dev/null +++ b/releasenotes/notes/healthcheck-allowed_source_ranges-63562e58d1a96e74.yaml @@ -0,0 +1,4 @@ +--- +features: + - | + The ``oslo::healthcheck::allowed_source_ranges`` parameter has been added. diff --git a/spec/defines/oslo_healthcheck_spec.rb b/spec/defines/oslo_healthcheck_spec.rb index 9547067..d59e7b8 100644 --- a/spec/defines/oslo_healthcheck_spec.rb +++ b/spec/defines/oslo_healthcheck_spec.rb @@ -14,6 +14,7 @@ describe 'oslo::healthcheck' do it 'configure healthcheck default params' do is_expected.to contain_keystone_config('healthcheck/detailed').with_value('') is_expected.to contain_keystone_config('healthcheck/backends').with_value('') + is_expected.to contain_keystone_config('healthcheck/allowed_source_ranges').with_value('') is_expected.to contain_keystone_config('healthcheck/disable_by_file_path').with_value('') is_expected.to contain_keystone_config('healthcheck/disable_by_file_paths').with_value('') end @@ -24,6 +25,7 @@ describe 'oslo::healthcheck' do { :detailed => true, :backends => ['disable_by_file', 'disable_by_files_ports'], + :allowed_source_ranges => ['10.0.0.0/24', '10.0.1.0/24'], :disable_by_file_path => '/etc/keystone/healthcheck/disabled', :disable_by_file_paths => [ '5000:/etc/keystone/healthcheck/public-disabled', @@ -37,6 +39,9 @@ describe 'oslo::healthcheck' do is_expected.to contain_keystone_config('healthcheck/backends').with_value( 'disable_by_file,disable_by_files_ports' ) + is_expected.to contain_keystone_config('healthcheck/allowed_source_ranges').with_value( + '10.0.0.0/24,10.0.1.0/24' + ) is_expected.to contain_keystone_config('healthcheck/disable_by_file_path').with_value( '/etc/keystone/healthcheck/disabled' )