From 03af5f8f4d01fe40253b355252e05548d5f50777 Mon Sep 17 00:00:00 2001
From: Thomas Herve <therve@redhat.com>
Date: Wed, 19 Jul 2017 11:13:19 +0200
Subject: [PATCH] Enable Zaqar API SSL

This sets the SSL flag in the docker service and expose the parameter in
the docker service.

Depends-On: I4c68a662c2433398249f770ac50ba0791449fe71
Change-Id: Ic3df2b9ab7432ffbed5434943e04085a781774a0
---
 docker/services/zaqar.yaml | 17 +++++++++++++++++
 puppet/services/zaqar.yaml |  4 +++-
 2 files changed, 20 insertions(+), 1 deletion(-)

diff --git a/docker/services/zaqar.yaml b/docker/services/zaqar.yaml
index 061a4a70..df57ad6a 100644
--- a/docker/services/zaqar.yaml
+++ b/docker/services/zaqar.yaml
@@ -40,9 +40,13 @@ parameters:
     default: {}
     description: Parameters specific to the role
     type: json
+  EnableInternalTLS:
+    type: boolean
+    default: false
 
 conditions:
   zaqar_management_store_sqlalchemy: {equals : [{get_param: ZaqarManagementStore}, 'sqlalchemy']}
+  internal_tls_enabled: {get_param: EnableInternalTLS}
 
 resources:
 
@@ -58,6 +62,7 @@ resources:
       DefaultPasswords: {get_param: DefaultPasswords}
       RoleName: {get_param: RoleName}
       RoleParameters: {get_param: RoleParameters}
+      EnableInternalTLS: {get_param: EnableInternalTLS}
 
 outputs:
   role_data:
@@ -137,6 +142,16 @@ outputs:
                       - /var/lib/kolla/config_files/zaqar.json:/var/lib/kolla/config_files/config.json:ro
                       - /var/lib/config-data/puppet-generated/zaqar/:/var/lib/kolla/config_files/src:ro
                       - /var/log/containers/zaqar:/var/log/zaqar
+                      -
+                        if:
+                          - internal_tls_enabled
+                          - /etc/pki/tls/certs/httpd:/etc/pki/tls/certs/httpd:ro
+                          - ''
+                      -
+                        if:
+                          - internal_tls_enabled
+                          - /etc/pki/tls/private/httpd:/etc/pki/tls/private/httpd:ro
+                          - ''
                 environment:
                   - KOLLA_CONFIG_STRATEGY=COPY_ALWAYS
               zaqar_websocket:
@@ -162,3 +177,5 @@ outputs:
         - name: Stop and disable zaqar service
           tags: step2
           service: name=httpd state=stopped enabled=no
+      metadata_settings:
+        get_attr: [ZaqarBase, role_data, metadata_settings]
diff --git a/puppet/services/zaqar.yaml b/puppet/services/zaqar.yaml
index 21857423..4a1ad179 100644
--- a/puppet/services/zaqar.yaml
+++ b/puppet/services/zaqar.yaml
@@ -105,7 +105,7 @@ outputs:
               - {get_param: ZaqarDebug }
             zaqar::server::service_name: 'httpd'
             zaqar::transport::websocket::bind: {get_param: [EndpointMap, ZaqarInternal, host]}
-            zaqar::wsgi::apache::ssl: false
+            zaqar::wsgi::apache::ssl: {get_param: EnableInternalTLS}
             zaqar::wsgi::apache::bind_host: {get_param: [ServiceNetMap, ZaqarApiNetwork]}
             zaqar::message_pipeline: 'zaqar.notification.notifier'
             zaqar::unreliable: true
@@ -178,6 +178,8 @@ outputs:
             - {}
       step_config: |
         include ::tripleo::profile::base::zaqar
+      metadata_settings:
+        get_attr: [ApacheServiceBase, role_data, metadata_settings]
       upgrade_tasks:
         yaql:
           expression: $.data.apache_upgrade + $.data.zaqar_upgrade
-- 
2.16.6