Fixes voxpupuli#537

lib/puppet/functions/consul/validate_checks.rb

@@ -35,6 +35,10 @@ def validate_checks(obj)
             if (obj.key?("http") || obj.key?("tcp"))
                 raise Puppet::ParseError.new('http and tcp must not be defined for script checks')
             end
+            elsif obj.key?("tls_skip_verify")
+            if (( obj.key?("args") || obj.key?("script") ) || obj.key?("tcp"))
+                raise Puppet::ParseError.new('script and tcp must not be defined with tls_skip_verify')
+            end
             else
             raise Puppet::ParseError.new('One of ttl, script, tcp, or http must be defined.')
             end

manifests/check.pp

@@ -49,38 +49,43 @@
 # [*ttl*]
 #   Value in seconds before the http endpoint considers a failing healthcheck
 #   to be "HARD" down.
+# [*tls_skip_verify*]
+#   enables skip verify of ssl certs for https healthchecks if set to 'true'
 #
+
 define consul::check (
-  $ensure     = present,
-  $http       = undef,
-  $id         = $title,
-  $interval   = undef,
-  $notes      = undef,
-  $script     = undef,
-  $args       = undef,
-  $service_id = undef,
-  $status     = undef,
-  $tcp        = undef,
-  $timeout    = undef,
-  $token      = undef,
-  $ttl        = undef,
+  $ensure          = present,
+  $http            = undef,
+  $id              = $title,
+  $interval        = undef,
+  $notes           = undef,
+  $script          = undef,
+  $args            = undef,
+  $service_id      = undef,
+  $status          = undef,
+  $tcp             = undef,
+  $timeout         = undef,
+  $token           = undef,
+  $ttl             = undef,
+  $tls_skip_verify = undef,
 ) {
   include consul
 
   $basic_hash = {
-    'id'         => $id,
-    'name'       => $name,
-    'ttl'        => $ttl,
-    'http'       => $http,
-    'script'     => $script,
-    'args'       => $args,
-    'tcp'        => $tcp,
-    'interval'   => $interval,
-    'timeout'    => $timeout,
-    'service_id' => $service_id,
-    'notes'      => $notes,
-    'token'      => $token,
-    'status'     => $status,
+    'id'              => $id,
+    'name'            => $name,
+    'ttl'             => $ttl,
+    'http'            => $http,
+    'script'          => $script,
+    'args'            => $args,
+    'tcp'             => $tcp,
+    'interval'        => $interval,
+    'timeout'         => $timeout,
+    'service_id'      => $service_id,
+    'notes'           => $notes,
+    'token'           => $token,
+    'status'          => $status,
+    'tls_skip_verify' => $tls_skip_verify
   }
 
   $check_hash = {

spec/defines/consul_check_spec.rb

@@ -93,6 +93,22 @@
             .with_content(/"http" *: *"localhost"/) \
         }
       end
+      describe 'with http and tls_skip_verify' do
+        let(:params) {{
+          'interval'    => '30s',
+          'http' => 'localhost'
+          'tls_skip_verify' => 'true'
+        }}
+        it {
+          should contain_file("/etc/consul/check_my_check.json") \
+            .with_content(/"id" *: *"my_check"/) \
+            .with_content(/"name" *: *"my_check"/) \
+            .with_content(/"check" *: *\{/) \
+            .with_content(/"interval" *: *"30s"/) \
+            .with_content(/"http" *: *"localhost"/) \
+            .with_content(/"tls_skip_verify" *: *"true"/) \
+        }
+      end
       describe 'with http and service_id' do
         let(:params) {{
           'interval'    => '30s',
@@ -271,6 +287,16 @@
           should raise_error(Puppet::Error, /script and tcp must not be defined for http checks/)
         }
       end
+      describe 'with both script and tls_skip_verify' do
+        let(:params) {{
+          'script' => 'true',
+          'tls_skip_verify' => 'true',
+          'interval' => '60s'
+        }}
+        it {
+          should raise_error(Puppet::Error, /script and tcp must not be defined with tls_skip_verify/)
+        }
+      end
       describe 'with script but no interval' do
         let(:params) {{
           'script' => 'true',
@@ -295,6 +321,16 @@
           should raise_error(Puppet::Error, /interval must be defined for tcp, http, and script checks/)
         }
       end
+      describe 'with both tcp and tls_skip_verify' do
+        let(:params) {{
+          'tcp' => 'localhost',
+          'tls_skip_verify' => 'true',
+          'interval' => '60s'
+        }}
+        it {
+          should raise_error(Puppet::Error, /script and tcp must not be defined with tls_skip_verify/)
+        }
+      end
       describe 'with a / in the id' do
         let(:params) {{
           'ttl' => '30s',

spec/functions/consul_validate_checks_spec.rb

@@ -20,6 +20,15 @@
     ]).and_raise_error(Exception) }
   end
 
+  describe 'validate script and tls_skip_verify' do
+    it {should run.with_params([
+      {
+        'tls_skip_verify' => 'true',
+        'script' => 'true'
+      }
+    ]).and_raise_error(Exception) }
+  end
+
   describe 'validate http and tcp' do
     it {should run.with_params([
       {
@@ -89,6 +98,15 @@
     ]).and_raise_error(Exception) }
   end
 
+  describe 'validate tcp and tls_skip_verify' do
+    it {should run.with_params([
+      {
+        'tcp' => 'localhost',
+        'tls_skip_verify' => 'true'
+      }
+    ]).and_raise_error(Exception) }
+  end
+
   describe 'validate tcp check' do
     it {should run.with_params([
       {
@@ -97,4 +115,22 @@
       }
     ])}
   end
+
+  describe 'validate http and tls_skip_verify' do
+    it {should run.with_params([
+      {
+        'http' => 'localhost',
+        'tls_skip_verify' => 'true'
+      }
+    ])}
+  end
+
+  describe 'validate http and ttl' do
+    it {should run.with_params([
+      {
+        'http' => 'localhost',
+        'ttl' => 'true'
+      }
+    ]).and_raise_error(Exception) }
+  end
 end