Refactor handling of ssl options

Change-Id: I95d518e6ea9440736fc1a63135850c6a2d990a61

manifests/api.pp

@@ -113,9 +113,9 @@ class trove::api(
   $workers                = $facts['os_workers'],
   Boolean $enabled        = true,
   Boolean $purge_config   = false,
-  $cert_file              = false,
-  $key_file               = false,
-  $ca_file                = false,
+  $cert_file              = $facts['os_service_default'],
+  $key_file               = $facts['os_service_default'],
+  $ca_file                = $facts['os_service_default'],
   $http_get_rate          = $facts['os_service_default'],
   $http_post_rate         = $facts['os_service_default'],
   $http_put_rate          = $facts['os_service_default'],
@@ -142,33 +142,10 @@ class trove::api(
     include trove::keystone::authtoken
   }
 
-  # SSL Options
-  if $cert_file {
-    trove_config {
-      'ssl/cert_file': value => $cert_file;
-    }
-  } else {
-    trove_config {
-      'ssl/cert_file': ensure => absent;
-    }
-  }
-  if $key_file {
-    trove_config {
-      'ssl/key_file': value => $key_file;
-    }
-  } else {
-    trove_config {
-      'ssl/key_file': ensure => absent;
-    }
-  }
-  if $ca_file {
-    trove_config {
-      'ssl/ca_file': value => $ca_file;
-    }
-  } else {
-    trove_config {
-      'ssl/ca_file': ensure => absent;
-    }
+  trove_config {
+    'ssl/cert_file': value => $cert_file;
+    'ssl/key_file':  value => $key_file;
+    'ssl/ca_file':   value => $ca_file;
   }
 
   # rate limits

releasenotes/notes/refacotr-ssl-opts-bff4682538e62acb.yaml

@@ -0,0 +1,9 @@
+---
+upgrade:
+  - |
+    The following parameters of the ``trove`` class no longer treat ``false``
+    as an indicator to remove the option. Use os_service_default fact instead.
+
+    - ``ca_file``
+    - ``cert_file``
+    - ``key_file``

spec/classes/trove_api_spec.rb

@@ -73,9 +73,9 @@ describe 'trove::api' do
         is_expected.to contain_trove_config('DEFAULT/http_delete_rate').with_value('<SERVICE DEFAULT>')
         is_expected.to contain_trove_config('DEFAULT/http_mgmt_post_rate').with_value('<SERVICE DEFAULT>')
         is_expected.to contain_trove_config('DEFAULT/taskmanager_queue').with_value('<SERVICE DEFAULT>')
-        is_expected.to contain_trove_config('ssl/cert_file').with_ensure('absent')
-        is_expected.to contain_trove_config('ssl/key_file').with_ensure('absent')
-        is_expected.to contain_trove_config('ssl/ca_file').with_ensure('absent')
+        is_expected.to contain_trove_config('ssl/cert_file').with_value('<SERVICE DEFAULT>')
+        is_expected.to contain_trove_config('ssl/key_file').with_value('<SERVICE DEFAULT>')
+        is_expected.to contain_trove_config('ssl/ca_file').with_value('<SERVICE DEFAULT>')
       end
 
       context 'with SSL enabled on API' do