openstack/puppet-heat
Code Issues Proposed changes

Add TLS options to oslo.cache

Browse Source 
This patch specifies a set of options required to build a TLS context.
The context built from those options can later on be passed to any of
the oslo.cache backends that supports TLS connections.

Depends-on: https://review.opendev.org/761604
Change-Id: I92552d013db98b972124db901f3f35a326110846
This commit is contained in:
Grzegorz Grasza 2020-11-30 15:34:43 +01:00 committed by Takashi Kajinami
parent c16009b55b
commit 42d1e8567d
3 changed files with 62 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

43
manifests/cache.pp
View File

@ -112,6 +112,39 @@
# (Optional) TTL, in seconds, for caching in resource finder. # (Optional) TTL, in seconds, for caching in resource finder.
# Defaults to $::os_service_default # Defaults to $::os_service_default
# #
# [*tls_enabled*]
# (Optional) Global toggle for TLS usage when comunicating with
# the caching servers.
# Default to $::os_service_default
#
# [*tls_cafile*]
# (Optional) Path to a file of concatenated CA certificates in PEM
# format necessary to establish the caching server's authenticity.
# If tls_enabled is False, this option is ignored.
# Default to $::os_service_default
#
# [*tls_certfile*]
# (Optional) Path to a single file in PEM format containing the
# client's certificate as well as any number of CA certificates
# needed to establish the certificate's authenticity. This file
# is only required when client side authentication is necessary.
# If tls_enabled is False, this option is ignored.
# Default to $::os_service_default
#
# [*tls_keyfile*]
# (Optional) Path to a single file containing the client's private
# key in. Otherwhise the private key will be taken from the file
# specified in tls_certfile. If tls_enabled is False, this option
# is ignored.
# Default to $::os_service_default
#
# [*tls_allowed_ciphers*]
# (Optional) Set the available ciphers for sockets created with
# the TLS context. It should be a string in the OpenSSL cipher
# list format. If not specified, all OpenSSL enabled ciphers will
# be available.
# Default to $::os_service_default
#
class heat::cache ( class heat::cache (
$config_prefix = $::os_service_default, $config_prefix = $::os_service_default,
$expiration_time = $::os_service_default, $expiration_time = $::os_service_default,
@ -133,6 +166,11 @@ class heat::cache (
$service_extension_expiration_time = $::os_service_default, $service_extension_expiration_time = $::os_service_default,
$resource_finder_caching = $::os_service_default, $resource_finder_caching = $::os_service_default,
$resource_finder_expiration_time = $::os_service_default, $resource_finder_expiration_time = $::os_service_default,
$tls_enabled = $::os_service_default,
$tls_cafile = $::os_service_default,
$tls_certfile = $::os_service_default,
$tls_keyfile = $::os_service_default,
$tls_allowed_ciphers = $::os_service_default,
) { ) {
include heat::deps include heat::deps
@ -152,6 +190,11 @@ class heat::cache (
memcache_pool_unused_timeout => $memcache_pool_unused_timeout, memcache_pool_unused_timeout => $memcache_pool_unused_timeout,
memcache_pool_connection_get_timeout => $memcache_pool_connection_get_timeout, memcache_pool_connection_get_timeout => $memcache_pool_connection_get_timeout,
manage_backend_package => $manage_backend_package, manage_backend_package => $manage_backend_package,
tls_enabled => $tls_enabled,
tls_cafile => $tls_cafile,
tls_certfile => $tls_certfile,
tls_keyfile => $tls_keyfile,
tls_allowed_ciphers => $tls_allowed_ciphers,
} }
heat_config { heat_config {

4
releasenotes/notes/add_tls_options-e126a2206f028366.yaml Normal file
View File

@ -0,0 +1,4 @@
---
features:
- |
Add TLS options to oslo.cache

15
spec/classes/heat_cache_spec.rb
View File

@ -23,6 +23,11 @@ describe 'heat::cache' do
is_expected.to contain_heat_config('cache/memcache_pool_maxsize').with_value('<SERVICE DEFAULT>') is_expected.to contain_heat_config('cache/memcache_pool_maxsize').with_value('<SERVICE DEFAULT>')
is_expected.to contain_heat_config('cache/memcache_pool_unused_timeout').with_value('<SERVICE DEFAULT>') is_expected.to contain_heat_config('cache/memcache_pool_unused_timeout').with_value('<SERVICE DEFAULT>')
is_expected.to contain_heat_config('cache/memcache_pool_connection_get_timeout').with_value('<SERVICE DEFAULT>') is_expected.to contain_heat_config('cache/memcache_pool_connection_get_timeout').with_value('<SERVICE DEFAULT>')
is_expected.to contain_heat_config('cache/tls_enabled').with_value('<SERVICE DEFAULT>')
is_expected.to contain_heat_config('cache/tls_cafile').with_value('<SERVICE DEFAULT>')
is_expected.to contain_heat_config('cache/tls_certfile').with_value('<SERVICE DEFAULT>')
is_expected.to contain_heat_config('cache/tls_keyfile').with_value('<SERVICE DEFAULT>')
is_expected.to contain_heat_config('cache/tls_allowed_ciphers').with_value('<SERVICE DEFAULT>')
is_expected.to contain_oslo__cache('heat_config').with_manage_backend_package(true) is_expected.to contain_oslo__cache('heat_config').with_manage_backend_package(true)
is_expected.to contain_heat_config('constraint_validation_cache/caching').with_value('<SERVICE DEFAULT>') is_expected.to contain_heat_config('constraint_validation_cache/caching').with_value('<SERVICE DEFAULT>')
is_expected.to contain_heat_config('constraint_validation_cache/expiration_time').with_value('<SERVICE DEFAULT>') is_expected.to contain_heat_config('constraint_validation_cache/expiration_time').with_value('<SERVICE DEFAULT>')
@ -48,6 +53,11 @@ describe 'heat::cache' do
:memcache_pool_maxsize => '10', :memcache_pool_maxsize => '10',
:memcache_pool_unused_timeout => '120', :memcache_pool_unused_timeout => '120',
:memcache_pool_connection_get_timeout => '360', :memcache_pool_connection_get_timeout => '360',
:tls_enabled => false,
:tls_cafile => nil,
:tls_certfile => nil,
:tls_keyfile => nil,
:tls_allowed_ciphers => nil,
:manage_backend_package => false, :manage_backend_package => false,
:constraint_validation_caching => true, :constraint_validation_caching => true,
:constraint_validation_expiration_time => '3600', :constraint_validation_expiration_time => '3600',
@ -72,6 +82,11 @@ describe 'heat::cache' do
is_expected.to contain_heat_config('cache/memcache_pool_maxsize').with_value('10') is_expected.to contain_heat_config('cache/memcache_pool_maxsize').with_value('10')
is_expected.to contain_heat_config('cache/memcache_pool_unused_timeout').with_value('120') is_expected.to contain_heat_config('cache/memcache_pool_unused_timeout').with_value('120')
is_expected.to contain_heat_config('cache/memcache_pool_connection_get_timeout').with_value('360') is_expected.to contain_heat_config('cache/memcache_pool_connection_get_timeout').with_value('360')
is_expected.to contain_heat_config('cache/tls_enabled').with_value('false')
is_expected.to contain_heat_config('cache/tls_cafile').with_value('nil')
is_expected.to contain_heat_config('cache/tls_certfile').with_value('nil')
is_expected.to contain_heat_config('cache/tls_keyfile').with_value('nil')
is_expected.to contain_heat_config('cache/tls_allowed_ciphers').with_value('nil')
is_expected.to contain_oslo__cache('heat_config').with_manage_backend_package(false) is_expected.to contain_oslo__cache('heat_config').with_manage_backend_package(false)
is_expected.to contain_heat_config('constraint_validation_cache/caching').with_value('true') is_expected.to contain_heat_config('constraint_validation_cache/caching').with_value('true')
is_expected.to contain_heat_config('constraint_validation_cache/expiration_time').with_value('3600') is_expected.to contain_heat_config('constraint_validation_cache/expiration_time').with_value('3600')