Update to EPP templates and other minor fixes after resolving conflicts

- Switch to EPP templates - Alphasort
voxpupuli · Nov 16, 2024 · af88d1f · af88d1f
1 parent a940564
commit af88d1f
Show file tree

Hide file tree

Showing 6 changed files with 25 additions and 236 deletions.
diff --git a/REFERENCE.md b/REFERENCE.md
@@ -264,6 +264,7 @@ The following parameters are available in the `rabbitmq` class:
 * [`ssl_cacert`](#-rabbitmq--ssl_cacert)
 * [`ssl_cert`](#-rabbitmq--ssl_cert)
 * [`ssl_cert_password`](#-rabbitmq--ssl_cert_password)
+* [`ssl_client_renegotiation`](#-rabbitmq--ssl_client_renegotiation)
 * [`ssl_depth`](#-rabbitmq--ssl_depth)
 * [`ssl_dhfile`](#-rabbitmq--ssl_dhfile)
 * [`ssl_erl_dist`](#-rabbitmq--ssl_erl_dist)
@@ -278,7 +279,6 @@ The following parameters are available in the `rabbitmq` class:
 * [`ssl_management_fail_if_no_peer_cert`](#-rabbitmq--ssl_management_fail_if_no_peer_cert)
 * [`ssl_port`](#-rabbitmq--ssl_port)
 * [`ssl_reuse_sessions`](#-rabbitmq--ssl_reuse_sessions)
-* [`ssl_client_renegotiation`](#-rabbitmq--ssl_client_renegotiation)
 * [`ssl_secure_renegotiate`](#-rabbitmq--ssl_secure_renegotiate)
 * [`ssl_stomp_port`](#-rabbitmq--ssl_stomp_port)
 * [`ssl_verify`](#-rabbitmq--ssl_verify)
@@ -883,6 +883,14 @@ Password used when generating CSR.
 
 Default value: `undef`
 
+##### <a name="-rabbitmq--ssl_client_renegotiation"></a>`ssl_client_renegotiation`
+
+Data type: `Optional[Boolean]`
+
+Allow ssl client renegotiation
+
+Default value: `undef`
+
 ##### <a name="-rabbitmq--ssl_depth"></a>`ssl_depth`
 
 Data type: `Optional[Integer]`
@@ -996,14 +1004,6 @@ Reuse ssl sessions
 
 Default value: `true`
 
-##### <a name="-rabbitmq--ssl_client_renegotiation"></a>`ssl_client_renegotiation`
-
-Data type: `Optional[Boolean]`
-
-Allow ssl client renegotiation
-
-Default value: `undef`
-
 ##### <a name="-rabbitmq--ssl_secure_renegotiate"></a>`ssl_secure_renegotiate`
 
 Data type: `Boolean`

diff --git a/data/common.yaml b/data/common.yaml
@@ -62,7 +62,6 @@ rabbitmq::ssl_fail_if_no_peer_cert: false
 rabbitmq::ssl_management_verify: 'verify_none'
 rabbitmq::ssl_management_fail_if_no_peer_cert: false
 rabbitmq::ssl_versions: ~
-rabbitmq::ssl_client_renegotiation: ~
 rabbitmq::ssl_secure_renegotiate: true
 rabbitmq::ssl_reuse_sessions: true
 rabbitmq::ssl_honor_cipher_order: true

diff --git a/manifests/init.pp b/manifests/init.pp
@@ -263,6 +263,8 @@
 #   Cert to use for SSL.
 # @param ssl_cert_password
 #   Password used when generating CSR.
+# @param ssl_client_renegotiation
+#   Allow ssl client renegotiation
 # @param ssl_depth
 #   SSL verification depth.
 # @param ssl_dhfile
@@ -291,8 +293,6 @@
 #   SSL port for RabbitMQ
 # @param ssl_reuse_sessions
 #   Reuse ssl sessions
-# @param ssl_client_renegotiation
-#   Allow ssl client renegotiation
 # @param ssl_secure_renegotiate
 #   Use ssl secure renegotiate
 # @param ssl_stomp_port

diff --git a/spec/classes/rabbitmq_spec.rb b/spec/classes/rabbitmq_spec.rb
@@ -1195,7 +1195,7 @@
       end
 
       # tlsv1.3 not supported on older RMQ/Erlang with this distro
-      describe 'ssl options with ssl version tlsv1.3', unless: facts[:osfamily] == 'RedHat' do
+      describe 'ssl options with ssl version tlsv1.3' do
         let(:params) do
           { ssl: true,
             ssl_port: 3141,

diff --git a/templates/rabbitmq.config.epp b/templates/rabbitmq.config.epp
@@ -77,7 +77,12 @@
                    <%- if $rabbitmq::config::ssl_dhfile {-%>
                    {dhfile, "<%= $rabbitmq::config::ssl_dhfile %>"},
                    <%- } -%>
+                   <%- if !$rabbitmq::config::ssl_versions or !('tlsv1.3' in $rabbitmq::config::ssl_versions) {-%>
+                     <%- if $rabbitmq::config::ssl_client_renegotiation != undef {-%>
+                   {client_renegotiation,<%= $rabbitmq::config::ssl_client_renegotiation %>},
+                     <%- } -%>
                    {secure_renegotiate,<%= $rabbitmq::config::ssl_secure_renegotiate %>},
+                   <%- } -%>
                    {reuse_sessions,<%= $rabbitmq::config::ssl_reuse_sessions %>},
                    {honor_cipher_order,<%= $rabbitmq::config::ssl_honor_cipher_order %>},
                    {verify,<%= $rabbitmq::config::ssl_verify %>},
@@ -150,6 +155,14 @@
                   <%- } -%>
                   {certfile, "<%= $rabbitmq::config::ssl_management_cert %>"},
                   {keyfile, "<%= $rabbitmq::config::ssl_management_key %>"},
+                  <%- if !$rabbitmq::config::ssl_versions or !('tlsv1.3' in $rabbitmq::config::ssl_versions) {-%>
+                    <%- if $rabbitmq::config::ssl_client_renegotiation != undef {-%>
+                  {client_renegotiation,<%= $rabbitmq::config::ssl_client_renegotiation %>},
+                    <%- } -%>
+                  {secure_renegotiate,<%= $rabbitmq::config::ssl_secure_renegotiate %>},
+                  <%- } -%>
+                  {reuse_sessions,<%= $rabbitmq::config::ssl_reuse_sessions %>},
+                  {honor_cipher_order,<%= $rabbitmq::config::ssl_honor_cipher_order %>},
                   {verify,<%= $rabbitmq::config::ssl_management_verify %>},
                   {fail_if_no_peer_cert,<%= $rabbitmq::config::ssl_management_fail_if_no_peer_cert %>}
                    <%- if $rabbitmq::config::ssl_versions {-%>

diff --git a/templates/rabbitmq.config.erb b/templates/rabbitmq.config.erb