From 7bc6b0020863a7c9143173aa1d2f00f97ea22bdf Mon Sep 17 00:00:00 2001 From: Dakota Brown Date: Fri, 5 Jun 2020 14:46:34 -0400 Subject: [PATCH] Fixes solarkennedy/puppet-consul#537 --- .../functions/consul/validate_checks.rb | 4 ++ manifests/check.pp | 57 ++++++++++--------- spec/defines/consul_check_spec.rb | 36 ++++++++++++ spec/functions/consul_validate_checks_spec.rb | 36 ++++++++++++ 4 files changed, 107 insertions(+), 26 deletions(-) diff --git a/lib/puppet/functions/consul/validate_checks.rb b/lib/puppet/functions/consul/validate_checks.rb index f7e64ca9..e0f5510a 100644 --- a/lib/puppet/functions/consul/validate_checks.rb +++ b/lib/puppet/functions/consul/validate_checks.rb @@ -35,6 +35,10 @@ def validate_checks(obj) if (obj.key?("http") || obj.key?("tcp")) raise Puppet::ParseError.new('http and tcp must not be defined for script checks') end + elsif obj.key?("tls_skip_verify") + if (( obj.key?("args") || obj.key?("script") ) || obj.key?("tcp")) + raise Puppet::ParseError.new('script and tcp must not be defined with tls_skip_verify') + end else raise Puppet::ParseError.new('One of ttl, script, tcp, or http must be defined.') end diff --git a/manifests/check.pp b/manifests/check.pp index d4e0102e..3eda381f 100644 --- a/manifests/check.pp +++ b/manifests/check.pp @@ -49,38 +49,43 @@ # [*ttl*] # Value in seconds before the http endpoint considers a failing healthcheck # to be "HARD" down. +# [*tls_skip_verify*] +# enables skip verify of ssl certs for https healthchecks if set to 'true' # + define consul::check ( - $ensure = present, - $http = undef, - $id = $title, - $interval = undef, - $notes = undef, - $script = undef, - $args = undef, - $service_id = undef, - $status = undef, - $tcp = undef, - $timeout = undef, - $token = undef, - $ttl = undef, + $ensure = present, + $http = undef, + $id = $title, + $interval = undef, + $notes = undef, + $script = undef, + $args = undef, + $service_id = undef, + $status = undef, + $tcp = undef, + $timeout = undef, + $token = undef, + $ttl = undef, + $tls_skip_verify = undef, ) { include consul $basic_hash = { - 'id' => $id, - 'name' => $name, - 'ttl' => $ttl, - 'http' => $http, - 'script' => $script, - 'args' => $args, - 'tcp' => $tcp, - 'interval' => $interval, - 'timeout' => $timeout, - 'service_id' => $service_id, - 'notes' => $notes, - 'token' => $token, - 'status' => $status, + 'id' => $id, + 'name' => $name, + 'ttl' => $ttl, + 'http' => $http, + 'script' => $script, + 'args' => $args, + 'tcp' => $tcp, + 'interval' => $interval, + 'timeout' => $timeout, + 'service_id' => $service_id, + 'notes' => $notes, + 'token' => $token, + 'status' => $status, + 'tls_skip_verify' => $tls_skip_verify } $check_hash = { diff --git a/spec/defines/consul_check_spec.rb b/spec/defines/consul_check_spec.rb index 1bcd15f8..fb09e932 100644 --- a/spec/defines/consul_check_spec.rb +++ b/spec/defines/consul_check_spec.rb @@ -93,6 +93,22 @@ .with_content(/"http" *: *"localhost"/) \ } end + describe 'with http and tls_skip_verify' do + let(:params) {{ + 'interval' => '30s', + 'http' => 'localhost' + 'tls_skip_verify' => 'true' + }} + it { + should contain_file("/etc/consul/check_my_check.json") \ + .with_content(/"id" *: *"my_check"/) \ + .with_content(/"name" *: *"my_check"/) \ + .with_content(/"check" *: *\{/) \ + .with_content(/"interval" *: *"30s"/) \ + .with_content(/"http" *: *"localhost"/) \ + .with_content(/"tls_skip_verify" *: *"true"/) \ + } + end describe 'with http and service_id' do let(:params) {{ 'interval' => '30s', @@ -271,6 +287,16 @@ should raise_error(Puppet::Error, /script and tcp must not be defined for http checks/) } end + describe 'with both script and tls_skip_verify' do + let(:params) {{ + 'script' => 'true', + 'tls_skip_verify' => 'true', + 'interval' => '60s' + }} + it { + should raise_error(Puppet::Error, /script and tcp must not be defined with tls_skip_verify/) + } + end describe 'with script but no interval' do let(:params) {{ 'script' => 'true', @@ -295,6 +321,16 @@ should raise_error(Puppet::Error, /interval must be defined for tcp, http, and script checks/) } end + describe 'with both tcp and tls_skip_verify' do + let(:params) {{ + 'tcp' => 'localhost', + 'tls_skip_verify' => 'true', + 'interval' => '60s' + }} + it { + should raise_error(Puppet::Error, /script and tcp must not be defined with tls_skip_verify/) + } + end describe 'with a / in the id' do let(:params) {{ 'ttl' => '30s', diff --git a/spec/functions/consul_validate_checks_spec.rb b/spec/functions/consul_validate_checks_spec.rb index 6e49b951..1a900385 100644 --- a/spec/functions/consul_validate_checks_spec.rb +++ b/spec/functions/consul_validate_checks_spec.rb @@ -20,6 +20,15 @@ ]).and_raise_error(Exception) } end + describe 'validate script and tls_skip_verify' do + it {should run.with_params([ + { + 'tls_skip_verify' => 'true', + 'script' => 'true' + } + ]).and_raise_error(Exception) } + end + describe 'validate http and tcp' do it {should run.with_params([ { @@ -89,6 +98,15 @@ ]).and_raise_error(Exception) } end + describe 'validate tcp and tls_skip_verify' do + it {should run.with_params([ + { + 'tcp' => 'localhost', + 'tls_skip_verify' => 'true' + } + ]).and_raise_error(Exception) } + end + describe 'validate tcp check' do it {should run.with_params([ { @@ -97,4 +115,22 @@ } ])} end + + describe 'validate http and tls_skip_verify' do + it {should run.with_params([ + { + 'http' => 'localhost', + 'tls_skip_verify' => 'true' + } + ])} + end + + describe 'validate http and ttl' do + it {should run.with_params([ + { + 'http' => 'localhost', + 'ttl' => 'true' + } + ]).and_raise_error(Exception) } + end end