Makes kombu_ssl_* parameters optional when rabbit_use_ssl => true

Mike Dorman · Mike Dorman · commit aa3933ccde8a · 2014-09-29T16:15:20.000-06:00
The kombu_ssl_* parameters should not be required when rabbit_use_ssl => true Rather, rabbit_use_ssl must be set to true if the kombu_ssl_* parameters are used. Change-Id: I7664dda2c66ffb34ceb56ada722574ae0e490f8f Closes-Bug: 1356083 (cherry picked from commit 957c212)
diff --git a/manifests/init.pp b/manifests/init.pp
@@ -111,16 +111,17 @@
 
   include ceilometer::params
 
-  if $rabbit_use_ssl {
-    if !$kombu_ssl_ca_certs {
-      fail('The kombu_ssl_ca_certs parameter is required when rabbit_use_ssl is set to true')
-    }
-    if !$kombu_ssl_certfile {
-      fail('The kombu_ssl_certfile parameter is required when rabbit_use_ssl is set to true')
-    }
-    if !$kombu_ssl_keyfile {
-      fail('The kombu_ssl_keyfile parameter is required when rabbit_use_ssl is set to true')
-    }
+  if $kombu_ssl_ca_certs and !$rabbit_use_ssl {
+    fail('The kombu_ssl_ca_certs parameter requires rabbit_use_ssl to be set to true')
+  }
+  if $kombu_ssl_certfile and !$rabbit_use_ssl {
+    fail('The kombu_ssl_certfile parameter requires rabbit_use_ssl to be set to true')
+  }
+  if $kombu_ssl_keyfile and !$rabbit_use_ssl {
+    fail('The kombu_ssl_keyfile parameter requires rabbit_use_ssl to be set to true')
+  }
+  if ($kombu_ssl_certfile and !$kombu_ssl_keyfile) or ($kombu_ssl_keyfile and !$kombu_ssl_certfile) {
+    fail('The kombu_ssl_certfile and kombu_ssl_keyfile parameters must be used together')
   }
 
   File {
@@ -189,12 +190,31 @@
       }
 
       if $rabbit_use_ssl {
+
+      if $kombu_ssl_ca_certs {
+        ceilometer_config { 'DEFAULT/kombu_ssl_ca_certs': value => $kombu_ssl_ca_certs; }
+      } else {
+        ceilometer_config { 'DEFAULT/kombu_ssl_ca_certs': ensure => absent; }
+      }
+
+      if $kombu_ssl_certfile or $kombu_ssl_keyfile {
         ceilometer_config {
-          'DEFAULT/kombu_ssl_ca_certs': value => $kombu_ssl_ca_certs;
           'DEFAULT/kombu_ssl_certfile': value => $kombu_ssl_certfile;
           'DEFAULT/kombu_ssl_keyfile':  value => $kombu_ssl_keyfile;
-          'DEFAULT/kombu_ssl_version':  value => $kombu_ssl_version;
         }
+      } else {
+        ceilometer_config {
+          'DEFAULT/kombu_ssl_certfile': ensure => absent;
+          'DEFAULT/kombu_ssl_keyfile':  ensure => absent;
+        }
+      }
+
+      if $kombu_ssl_version {
+        ceilometer_config { 'DEFAULT/kombu_ssl_version':  value => $kombu_ssl_version; }
+      } else {
+        ceilometer_config { 'DEFAULT/kombu_ssl_version':  ensure => absent; }
+      }
+
       } else {
         ceilometer_config {
           'DEFAULT/kombu_ssl_ca_certs': ensure => absent;
diff --git a/spec/classes/ceilometer_init_spec.rb b/spec/classes/ceilometer_init_spec.rb
@@ -220,7 +220,7 @@
       it { should contain_ceilometer_config('DEFAULT/kombu_ssl_version').with_ensure('absent') }
     end
 
-    context "with SSL enabled" do
+    context "with SSL enabled with kombu" do
       before { params.merge!(
         :rabbit_use_ssl     => 'true',
         :kombu_ssl_ca_certs => '/path/to/ca.crt',
@@ -236,15 +236,33 @@
       it { should contain_ceilometer_config('DEFAULT/kombu_ssl_version').with_value('TLSv1') }
     end
 
-    context "with SSL wrongly configured" do
+    context "with SSL enabled without kombu" do
       before { params.merge!(
-        :rabbit_use_ssl     => 'false',
-        :kombu_ssl_certfile => '/path/to/cert.crt',
-        :kombu_ssl_keyfile  => '/path/to/cert.key',
-        :kombu_ssl_version  => 'TLSv1'
+        :rabbit_use_ssl     => 'true'
       ) }
 
-      it_raises 'a Puppet::Error', /The kombu_ssl_ca_certs parameter is required when rabbit_use_ssl is set to true/
+      it { should contain_ceilometer_config('DEFAULT/rabbit_use_ssl').with_value('true') }
+      it { should contain_ceilometer_config('DEFAULT/kombu_ssl_ca_certs').with_ensure('absent') }
+      it { should contain_ceilometer_config('DEFAULT/kombu_ssl_certfile').with_ensure('absent') }
+      it { should contain_ceilometer_config('DEFAULT/kombu_ssl_keyfile').with_ensure('absent') }
+      it { should contain_ceilometer_config('DEFAULT/kombu_ssl_version').with_value('SSLv3') }
+    end
+
+    context "with SSL wrongly configured" do
+      context 'with kombu_ssl_ca_certs parameter' do
+        before { params.merge!(:kombu_ssl_ca_certs => '/path/to/ca.crt') }
+        it_raises 'a Puppet::Error', /The kombu_ssl_ca_certs parameter requires rabbit_use_ssl to be set to true/
+      end
+
+      context 'with kombu_ssl_certfile parameter' do
+        before { params.merge!(:kombu_ssl_certfile => '/path/to/ssl/cert/file') }
+        it_raises 'a Puppet::Error', /The kombu_ssl_certfile parameter requires rabbit_use_ssl to be set to true/
+      end
+
+      context 'with kombu_ssl_keyfile parameter' do
+        before { params.merge!(:kombu_ssl_keyfile => '/path/to/ssl/keyfile') }
+        it_raises 'a Puppet::Error', /The kombu_ssl_keyfile parameter requires rabbit_use_ssl to be set to true/
+      end
     end
 
   end
