Merge pull request #648 from Slm0n87/master

Add optional variables for SSL management-console
voxpupuli · Jun 22, 2019 · ab81dcc · ab81dcc
2 parents bc420f9 + 03cf356
commit ab81dcc
Show file tree

Hide file tree

Showing 5 changed files with 52 additions and 7 deletions.
diff --git a/manifests/config.pp b/manifests/config.pp
@@ -47,6 +47,9 @@
   $ssl_port                            = $rabbitmq::ssl_port
   $ssl_interface                       = $rabbitmq::ssl_interface
   $ssl_management_port                 = $rabbitmq::ssl_management_port
+  $ssl_management_cacert               = $rabbitmq::ssl_management_cacert
+  $ssl_management_cert                 = $rabbitmq::ssl_management_cert
+  $ssl_management_key                  = $rabbitmq::ssl_management_key
   $ssl_management_verify               = $rabbitmq::ssl_management_verify
   $ssl_management_fail_if_no_peer_cert = $rabbitmq::ssl_management_fail_if_no_peer_cert
   $ssl_stomp_port                      = $rabbitmq::ssl_stomp_port

diff --git a/manifests/init.pp b/manifests/init.pp
@@ -238,6 +238,12 @@
 #   port => undef
 # @param ssl_management_port
 #   SSL management port.
+# @param ssl_management_cacert
+#   SSL management cacert. If unset set to ssl_cacert for backwards compatibility.
+# @param ssl_management_cert
+#   SSL management cert. If unset set to ssl_cert for backwards compatibility.
+# @param ssl_management_key
+#   SSL management key. If unset set to ssl_key for backwards compatibility.
 # @param ssl_port
 #   SSL port for RabbitMQ
 # @param ssl_reuse_sessions
@@ -345,6 +351,9 @@
   Integer[1, 65535] $ssl_port                                                                      = 5671,
   Optional[String] $ssl_interface                                                                  = undef,
   Integer[1, 65535] $ssl_management_port                                                           = 15671,
+  Optional[Stdlib::Absolutepath] $ssl_management_cacert                                            = $ssl_cacert,
+  Optional[Stdlib::Absolutepath] $ssl_management_cert                                              = $ssl_cert,
+  Optional[Stdlib::Absolutepath] $ssl_management_key                                               = $ssl_key,
   Integer[1, 65535] $ssl_stomp_port                                                                = 6164,
   Enum['verify_none','verify_peer'] $ssl_verify                                                    = 'verify_none',
   Boolean $ssl_fail_if_no_peer_cert                                                                = false,

diff --git a/spec/classes/rabbitmq_spec.rb b/spec/classes/rabbitmq_spec.rb
@@ -1240,6 +1240,39 @@
         end
       end
 
+      describe 'ssl admin options with dedicated admin-key and -certs' do
+        let(:params) do
+          { ssl: true,
+            ssl_management_port: 3141,
+            ssl_management_cacert: '/path/to/management_cacert',
+            ssl_management_cert: '/path/to/management_cert',
+            ssl_management_key: '/path/to/management_key',
+            admin_enable: true }
+        end
+
+        it 'sets rabbitmq_management ssl options to specified values' do
+          is_expected.to contain_file('rabbitmq.config').with_content(%r{rabbitmq_management, \[})
+          is_expected.to contain_file('rabbitmq.config').with_content(%r{listener, \[})
+          is_expected.to contain_file('rabbitmq.config').with_content(%r{port, 3141\},})
+          is_expected.to contain_file('rabbitmq.config').with_content(%r{ssl, true\},})
+          is_expected.to contain_file('rabbitmq.config').with_content(%r{ssl_opts, \[})
+          is_expected.to contain_file('rabbitmq.config').with_content(%r{cacertfile, "/path/to/management_cacert"\},})
+          is_expected.to contain_file('rabbitmq.config').with_content(%r{certfile, "/path/to/management_cert"\},})
+          is_expected.to contain_file('rabbitmq.config').with_content(%r{keyfile, "/path/to/management_key"\}})
+        end
+        it 'sets ssl options in the rabbitmqadmin.conf' do
+          is_expected.to contain_file('rabbitmqadmin.conf').with_content(
+            %r{ssl_ca_cert_file\s=\s/path/to/management_cacert}
+          )
+          is_expected.to contain_file('rabbitmqadmin.conf').with_content(
+            %r{ssl_cert_file\s=\s/path/to/management_cert}
+          )
+          is_expected.to contain_file('rabbitmqadmin.conf').with_content(
+            %r{ssl_key_file\s=\s/path/to/management_key}
+          )
+        end
+      end
+
       describe 'admin without ssl' do
         let(:params) do
           { ssl: false,

diff --git a/templates/rabbitmq.config.erb b/templates/rabbitmq.config.erb
@@ -110,11 +110,11 @@
   <%- end -%>
       {port, <%= @ssl_management_port %>},
       {ssl, true},
-      {ssl_opts, [<%- if @ssl_cacert %>
-                  {cacertfile, "<%= @ssl_cacert %>"},
+      {ssl_opts, [<%- if @ssl_management_cacert %>
+                  {cacertfile, "<%= @ssl_management_cacert %>"},
                   <%- end -%>
-                  {certfile, "<%= @ssl_cert %>"},
-                  {keyfile, "<%= @ssl_key %>"},
+                  {certfile, "<%= @ssl_management_cert %>"},
+                  {keyfile, "<%= @ssl_management_key %>"},
                   {verify,<%= @ssl_management_verify %>},
                   {fail_if_no_peer_cert,<%= @ssl_management_fail_if_no_peer_cert %>}
                    <%- if @ssl_versions -%>

diff --git a/templates/rabbitmqadmin.conf.erb b/templates/rabbitmqadmin.conf.erb
@@ -1,9 +1,9 @@
 [default]
 <% if @ssl && @management_ssl -%>
 ssl = True
-ssl_ca_cert_file = <%= @ssl_cacert %>
-ssl_cert_file = <%= @ssl_cert %>
-ssl_key_file = <%= @ssl_key %>
+ssl_ca_cert_file = <%= @ssl_management_cacert %>
+ssl_cert_file = <%= @ssl_management_cert %>
+ssl_key_file = <%= @ssl_management_key %>
 port = <%= @ssl_management_port %>
 <% unless @management_hostname -%>
 hostname = <%= @fqdn %>