Add SSL options

Refer to the following link, there are SSL options
in barbican.conf, so we can configure them.

http://git.openstack.org/cgit/openstack/barbican/tree/etc/barbican/barbican.conf

Change-Id: Id0ad701bab2f4ad5de75a3d72c991b8c838d5146

manifests/api.pp

@@ -221,6 +221,22 @@
 #   to make barbican-api be a web app using apache mod_wsgi.
 #   Defaults to 'barbican-api'
 #
+# [*use_ssl*]
+#   (optional) Enable SSL on the API server
+#   Defaults to false, not set
+#
+# [*cert_file*]
+#   (optinal) Certificate file to use when starting API server securely
+#   Defaults to $::os_service_default
+#
+# [*key_file*]
+#   (optional) Private key file to use when starting API server securely
+#   Defaults to $::os_service_default
+#
+# [*ca_file*]
+#   (optional) CA certificate file to use to verify connecting clients
+#   Defaults to $::os_service_default
+#
 class barbican::api (
   $ensure_package                                = 'present',
   $client_package_ensure                         = 'present',
@@ -269,6 +285,10 @@ class barbican::api (
   $enabled                                       = true,
   $sync_db                                       = true,
   $db_auto_create                                = $::os_service_default,
+  $use_ssl                                       = false,
+  $ca_file                                       = $::os_service_default,
+  $cert_file                                     = $::os_service_default,
+  $key_file                                      = $::os_service_default,
   $service_name                                  = 'barbican-api',
 ) inherits barbican::params {
 
@@ -424,6 +444,22 @@ class barbican::api (
   # instead of using db_sync
   barbican_config { 'DEFAULT/db_auto_create': value => $db_auto_create }
 
+  if $use_ssl {
+    if is_service_default($cert_file) {
+      fail('The cert_file parameter is required when use_ssl is set to true')
+    }
+    if is_service_default($key_file) {
+      fail('The key_file parameter is required when use_ssl is set to true')
+    }
+  }
+
+  # SSL Options
+  barbican_config {
+    'DEFAULT/cert_file' : value => $cert_file;
+    'DEFAULT/key_file' :  value => $key_file;
+    'DEFAULT/ca_file' :   value => $ca_file;
+  }
+
   if $sync_db {
     include ::barbican::db::sync
   }

spec/classes/barbican_api_spec.rb

@@ -172,6 +172,48 @@ describe 'barbican::api' do
     end
   end
 
+  describe 'with SSL socket options set' do
+    let :params do
+      {
+        :use_ssl           => true,
+        :cert_file         => '/path/to/cert',
+        :ca_file           => '/path/to/ca',
+        :key_file          => '/path/to/key',
+        :keystone_password => 'foobar',
+      }
+    end
+
+    it { is_expected.to contain_barbican_config('DEFAULT/ca_file').with_value('/path/to/ca') }
+    it { is_expected.to contain_barbican_config('DEFAULT/cert_file').with_value('/path/to/cert') }
+    it { is_expected.to contain_barbican_config('DEFAULT/key_file').with_value('/path/to/key') }
+  end
+
+  describe 'with SSL socket options left by default' do
+    let :params do
+      {
+        :use_ssl           => false,
+        :keystone_password => 'foobar',
+      }
+    end
+
+    it { is_expected.to contain_barbican_config('DEFAULT/ca_file').with_value('<SERVICE DEFAULT>') }
+    it { is_expected.to contain_barbican_config('DEFAULT/cert_file').with_value('<SERVICE DEFAULT>') }
+    it { is_expected.to contain_barbican_config('DEFAULT/key_file').with_value('<SERVICE DEFAULT>') }
+  end
+
+  describe 'with SSL socket options set wrongly configured' do
+    let :params do
+      {
+        :use_ssl           => true,
+        :ca_file           => '/path/to/ca',
+        :key_file          => '/path/to/key',
+        :keystone_password => 'foobar',
+      }
+    end
+
+    it_raises 'a Puppet::Error', /The cert_file parameter is required when use_ssl is set to true/
+  end
+
   describe 'with keystone auth' do
     let :params do
       {