# Copyright 2017 Red Hat, Inc.
#
# Licensed under the Apache License, Version 2.0 (the "License"); you may
# not use this file except in compliance with the License. You may obtain
# a copy of the License at
#
#      http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
# License for the specific language governing permissions and limitations
# under the License.

define openstack_project::website (
  $aliases = undef,
  $volume_name = undef,
  $ssl_cert = undef,
  $ssl_key = undef,
  $ssl_intermediate = undef,
  $ssl_cert_file = undef,
  $ssl_key_file = undef,
  $ssl_chain_file = undef,
  $template = 'openstack_project/website.vhost.erb',
  $docroot = undef,
  $allow_override_list = undef,
) {

  $afs_root = '/afs/openstack.org/'
  if $volume_name == undef {
    # Default to volume name matching vhost name
    $volume_name_ = $name
  } else {
    $volume_name_ = $volume_name
  }

  if $docroot == undef {
     $docroot_ = "${afs_root}/project/${volume_name_}/www"
  } else {
     $docroot_ = $docroot
  }

  if $allow_override_list == undef {
     $allow_override_list_ = "Redirect RedirectMatch"
  } else {
     $allow_override_list_ = $allow_override_list
  }

  if ($ssl_cert != undef) {
    $ssl_cert_file_ = "/etc/ssl/certs/${name}.pem"
    file { "${ssl_cert_file_}":
      ensure  => present,
      owner   => 'root',
      group   => 'root',
      mode    => '0644',
      content => $ssl_cert,
      require => File['/etc/ssl/certs'],
    }
  } else {
    $ssl_cert_file_ = $ssl_cert_file
  }

  if ($ssl_key != undef) {
    $ssl_key_file_ = "/etc/ssl/private/${name}.key"
    file { "${ssl_key_file_}":
      ensure  => present,
      owner   => 'root',
      group   => 'root',
      mode    => '0600',
      content => $ssl_key,
      require => File['/etc/ssl/private'],
    }
  } else {
    $ssl_key_file_ = $ssl_key_file
  }

  if ($ssl_intermediate != undef) {
    $ssl_chain_file_ = "/etc/ssl/certs/${name}_intermediate.pem"
    file { "${ssl_chain_file_}":
      ensure  => present,
      owner   => 'root',
      group   => 'root',
      mode    => '0644',
      content => $ssl_intermediate,
      require => File['/etc/ssl/certs'],
    }
  } else {
    $ssl_chain_file_ = $ssl_chain_file
  }

  ::httpd::vhost { $name:
    serveraliases => $aliases,
    port          => 443, # Is required despite not being used.
    docroot       => $docroot_,
    priority      => '50',
    content       => template($template)
  }
}