From: Juan Antonio Osorio Robles <jaosorior@redhat.com>
Date: Mon, 14 Nov 2016 07:09:52 +0000 (+0200)
Subject: Enable internal TLS for Barbican API
X-Git-Tag: opnfv-6.0.0~1402^2
X-Git-Url: https://gerrit.opnfv.org/gerrit/gitweb?a=commitdiff_plain;h=23ca447f770f35af28b8ba641becb0040023fb87;p=apex-tripleo-heat-templates.git

Enable internal TLS for Barbican API

This adds the necessary hieradata for enabling TLS in the internal
network for Barbican API.

bp tls-via-certmonger
Depends-On: I1c1d3dab9bba7bec6296a55747e9ade242c47bd9

Change-Id: Ib100faa9dc222f836695a0e8f6e101dc7637d1d6
---

diff --git a/puppet/services/barbican-api.yaml b/puppet/services/barbican-api.yaml
index cf57680c..ab6b0ec7 100644
--- a/puppet/services/barbican-api.yaml
+++ b/puppet/services/barbican-api.yaml
@@ -52,6 +52,9 @@ parameters:
     default: guest
     description: The username for RabbitMQ
     type: string
+  EnableInternalTLS:
+    type: boolean
+    default: false
 
 resources:
 
@@ -85,7 +88,7 @@ outputs:
             barbican::api::rabbit_heartbeat_timeout_threshold: 60
             barbican::api::service_name: 'httpd'
             barbican::wsgi::apache::bind_host: {get_param: [ServiceNetMap, BarbicanApiNetwork]}
-            barbican::wsgi::apache::ssl: false
+            barbican::wsgi::apache::ssl:  {get_param: EnableInternalTLS}
             barbican::wsgi::apache::workers: {get_param: BarbicanWorkers}
             barbican::wsgi::apache::servername:
               str_replace: