Allow puppetdb conn validation when ssl is disabled
for my use case, I am not able to validate the ssl endpoint b/c I am creating my puppet certificates during my puppet run, so they are not available to the http get request. This patch adds a new resource parameter to the puppetdb_conn_validator that allows it to make a non-ssl connection. This allows me to declare my own http only resource that I can use to verify the puppetdb connection.
This commit is contained in:
parent
7e056f1c4c
commit
cfffea0a79
4 changed files with 30 additions and 4 deletions
|
@ -50,7 +50,7 @@ Puppet::Type.type(:puppetdb_conn_validator).provide(:puppet_https) do
|
|||
|
||||
# @api private
|
||||
def validator
|
||||
@validator ||= Puppet::Util::PuppetdbValidator.new(resource[:puppetdb_server], resource[:puppetdb_port])
|
||||
@validator ||= Puppet::Util::PuppetdbValidator.new(resource[:puppetdb_server], resource[:puppetdb_port], resource[:use_ssl])
|
||||
end
|
||||
|
||||
end
|
||||
|
|
|
@ -23,6 +23,11 @@ Puppet::Type.newtype(:puppetdb_conn_validator) do
|
|||
desc 'The port that the puppetdb server should be listening on.'
|
||||
end
|
||||
|
||||
newparam(:use_ssl) do
|
||||
desc 'Whether the connection will be attemped using https'
|
||||
defaultto true
|
||||
end
|
||||
|
||||
newparam(:timeout) do
|
||||
desc 'The max number of seconds that the validator should wait before giving up and deciding that puppetdb is not running; defaults to 15 seconds.'
|
||||
defaultto 15
|
||||
|
|
|
@ -6,9 +6,10 @@ module Puppet
|
|||
attr_reader :puppetdb_server
|
||||
attr_reader :puppetdb_port
|
||||
|
||||
def initialize(puppetdb_server, puppetdb_port)
|
||||
def initialize(puppetdb_server, puppetdb_port, use_ssl=true)
|
||||
@puppetdb_server = puppetdb_server
|
||||
@puppetdb_port = puppetdb_port
|
||||
@puppetdb_port = puppetdb_port
|
||||
@use_ssl = use_ssl
|
||||
end
|
||||
|
||||
# Utility method; attempts to make an https connection to the puppetdb server.
|
||||
|
@ -22,7 +23,16 @@ module Puppet
|
|||
# on the puppetdb server.
|
||||
path = "/metrics/mbean/java.lang:type=Memory"
|
||||
headers = {"Accept" => "application/json"}
|
||||
conn = Puppet::Network::HttpPool.http_instance(@puppetdb_server, @puppetdb_port, true)
|
||||
if @use_ssl
|
||||
conn = Puppet::Network::HttpPool.http_instance(@puppetdb_server, @puppetdb_port, @use_ssl)
|
||||
else
|
||||
# the Puppet httppool only supports disabling ssl in Puppet > 3.x
|
||||
# this code allows ssl to be disabled for the connection on both 2.7 and 3.x
|
||||
conn = Net::HTTP.new(@puppetdb_server, @puppetdb_port)
|
||||
conn.read_timeout = Puppet[:configtimeout]
|
||||
conn.open_timeout = Puppet[:configtimeout]
|
||||
end
|
||||
|
||||
response = conn.get(path, headers)
|
||||
unless response.kind_of?(Net::HTTPSuccess)
|
||||
Puppet.notice "Unable to connect to puppetdb server (#{@puppetdb_server}:#{@puppetdb_port}): [#{response.code}] #{response.msg}"
|
||||
|
|
|
@ -13,6 +13,8 @@ describe 'Puppet::Util::PuppetdbValidator' do
|
|||
|
||||
conn_ok = stub()
|
||||
conn_ok.stubs(:get).with('/metrics/mbean/java.lang:type=Memory', {"Accept" => "application/json"}).returns(response_ok)
|
||||
conn_ok.stubs(:read_timeout=).with(2)
|
||||
conn_ok.stubs(:open_timeout=).with(2)
|
||||
|
||||
conn_not_found = stub()
|
||||
conn_not_found.stubs(:get).with('/metrics/mbean/java.lang:type=Memory', {"Accept" => "application/json"}).returns(response_not_found)
|
||||
|
@ -21,6 +23,7 @@ describe 'Puppet::Util::PuppetdbValidator' do
|
|||
Puppet::Network::HttpPool.stubs(:http_instance).with('mypuppetdb.com', 8080, true).raises('Connection refused')
|
||||
Puppet::Network::HttpPool.stubs(:http_instance).with('mypuppetdb.com', 8081, true).returns(conn_ok)
|
||||
Puppet::Network::HttpPool.stubs(:http_instance).with('wrongserver.com', 8081, true).returns(conn_not_found)
|
||||
Net::HTTP.stubs(:new).with('mypuppetdb.com', 8080).returns(conn_ok)
|
||||
end
|
||||
|
||||
it 'returns true if connection succeeds' do
|
||||
|
@ -28,6 +31,12 @@ describe 'Puppet::Util::PuppetdbValidator' do
|
|||
validator.attempt_connection.should be_true
|
||||
end
|
||||
|
||||
it 'should still validate without ssl' do
|
||||
Puppet[:configtimeout] = 2
|
||||
validator = Puppet::Util::PuppetdbValidator.new('mypuppetdb.com', 8080, false)
|
||||
validator.attempt_connection.should be_true
|
||||
end
|
||||
|
||||
it 'returns false and issues an appropriate notice if connection is refused' do
|
||||
puppetdb_server = 'mypuppetdb.com'
|
||||
puppetdb_port = 8080
|
||||
|
@ -53,4 +62,6 @@ describe 'Puppet::Util::PuppetdbValidator' do
|
|||
Puppet.expects(:notice).with("Unable to connect to puppetdb server (#{puppetdb_server}:#{puppetdb_port}): Unknown host")
|
||||
validator.attempt_connection.should be_false
|
||||
end
|
||||
|
||||
|
||||
end
|
||||
|
|
Loading…
Reference in a new issue