From e6afe1f62fb7f74b7a9e81dcd7984e7a926e9093 Mon Sep 17 00:00:00 2001
From: Takashi Kajinami <kajinamit@oss.nttdata.com>
Date: Wed, 13 Mar 2024 10:55:42 +0900
Subject: [PATCH] Refactor handling of ssl options

Change-Id: I95d518e6ea9440736fc1a63135850c6a2d990a61
---
 manifests/api.pp                              | 37 ++++---------------
 .../refacotr-ssl-opts-bff4682538e62acb.yaml   |  9 +++++
 spec/classes/trove_api_spec.rb                |  6 +--
 3 files changed, 19 insertions(+), 33 deletions(-)
 create mode 100644 releasenotes/notes/refacotr-ssl-opts-bff4682538e62acb.yaml

diff --git a/manifests/api.pp b/manifests/api.pp
index b5b5645c..8be98449 100644
--- a/manifests/api.pp
+++ b/manifests/api.pp
@@ -113,9 +113,9 @@ class trove::api(
   $workers                = $facts['os_workers'],
   Boolean $enabled        = true,
   Boolean $purge_config   = false,
-  $cert_file              = false,
-  $key_file               = false,
-  $ca_file                = false,
+  $cert_file              = $facts['os_service_default'],
+  $key_file               = $facts['os_service_default'],
+  $ca_file                = $facts['os_service_default'],
   $http_get_rate          = $facts['os_service_default'],
   $http_post_rate         = $facts['os_service_default'],
   $http_put_rate          = $facts['os_service_default'],
@@ -142,33 +142,10 @@ class trove::api(
     include trove::keystone::authtoken
   }
 
-  # SSL Options
-  if $cert_file {
-    trove_config {
-      'ssl/cert_file': value => $cert_file;
-    }
-  } else {
-    trove_config {
-      'ssl/cert_file': ensure => absent;
-    }
-  }
-  if $key_file {
-    trove_config {
-      'ssl/key_file': value => $key_file;
-    }
-  } else {
-    trove_config {
-      'ssl/key_file': ensure => absent;
-    }
-  }
-  if $ca_file {
-    trove_config {
-      'ssl/ca_file': value => $ca_file;
-    }
-  } else {
-    trove_config {
-      'ssl/ca_file': ensure => absent;
-    }
+  trove_config {
+    'ssl/cert_file': value => $cert_file;
+    'ssl/key_file':  value => $key_file;
+    'ssl/ca_file':   value => $ca_file;
   }
 
   # rate limits
diff --git a/releasenotes/notes/refacotr-ssl-opts-bff4682538e62acb.yaml b/releasenotes/notes/refacotr-ssl-opts-bff4682538e62acb.yaml
new file mode 100644
index 00000000..b420e311
--- /dev/null
+++ b/releasenotes/notes/refacotr-ssl-opts-bff4682538e62acb.yaml
@@ -0,0 +1,9 @@
+---
+upgrade:
+  - |
+    The following parameters of the ``trove`` class no longer treat ``false``
+    as an indicator to remove the option. Use os_service_default fact instead.
+
+    - ``ca_file``
+    - ``cert_file``
+    - ``key_file``
diff --git a/spec/classes/trove_api_spec.rb b/spec/classes/trove_api_spec.rb
index dbc3b4c9..d4679214 100644
--- a/spec/classes/trove_api_spec.rb
+++ b/spec/classes/trove_api_spec.rb
@@ -73,9 +73,9 @@ describe 'trove::api' do
         is_expected.to contain_trove_config('DEFAULT/http_delete_rate').with_value('<SERVICE DEFAULT>')
         is_expected.to contain_trove_config('DEFAULT/http_mgmt_post_rate').with_value('<SERVICE DEFAULT>')
         is_expected.to contain_trove_config('DEFAULT/taskmanager_queue').with_value('<SERVICE DEFAULT>')
-        is_expected.to contain_trove_config('ssl/cert_file').with_ensure('absent')
-        is_expected.to contain_trove_config('ssl/key_file').with_ensure('absent')
-        is_expected.to contain_trove_config('ssl/ca_file').with_ensure('absent')
+        is_expected.to contain_trove_config('ssl/cert_file').with_value('<SERVICE DEFAULT>')
+        is_expected.to contain_trove_config('ssl/key_file').with_value('<SERVICE DEFAULT>')
+        is_expected.to contain_trove_config('ssl/ca_file').with_value('<SERVICE DEFAULT>')
       end
 
       context 'with SSL enabled on API' do