#
# Class to serve barbican with apache mod_wsgi in place of barbican service
#
# Serving barbican from apache is the recommended way to go for production
# systems as the current barbican implementation is not multi-processor aware,
# thus limiting the performance for concurrent accesses.
#
# When using this class you should disable your barbican service.
#
# == Parameters
#
# [*servername*]
#   The servername for the virtualhost.
#   Optional. Defaults to $::fqdn
#
# [*public_port*]
#   The public port.
#   Optional. Defaults to 9311
#
# [*bind_host*]
#   The host/ip address Apache will listen on.
#   Optional. Defaults to undef (listen on all ip addresses).
#
# [*public_path*]
#   The prefix for the public endpoint.
#   Optional. Defaults to '/'
#
# [*ssl*]
#   Use ssl ? (boolean)
#   Optional. Defaults to true
#
# [*workers*]
#   Number of WSGI workers to spawn.
#   Optional. Defaults to $::os_workers
#
# [*ssl_cert*]
#   (optional) Path to SSL certificate
#   Default to apache::vhost 'ssl_*' defaults.
#
# [*ssl_key*]
#   (optional) Path to SSL key
#   Default to apache::vhost 'ssl_*' defaults.
#
# [*ssl_chain*]
#   (optional) SSL chain
#   Default to apache::vhost 'ssl_*' defaults.
#
# [*ssl_ca*]
#   (optional) Path to SSL certificate authority
#   Default to apache::vhost 'ssl_*' defaults.
#
# [*ssl_crl_path*]
#   (optional) Path to SSL certificate revocation list
#   Default to apache::vhost 'ssl_*' defaults.
#
# [*ssl_crl*]
#   (optional) SSL certificate revocation list name
#   Default to apache::vhost 'ssl_*' defaults.
#
# [*ssl_certs_dir*]
#   apache::vhost ssl parameters.
#   Optional. Default to apache::vhost 'ssl_*' defaults.
#
# [*priority*]
#   (optional) The priority for the vhost.
#   Defaults to '10'
#
# [*threads*]
#   (optional) The number of threads for the vhost.
#   Defaults to 1
#
# [*wsgi_process_display_name*]
#   (optional) Name of the WSGI process display-name.
#   Defaults to undef
#
# [*access_log_file*]
#   The log file name for the virtualhost.
#   Optional. Defaults to false.
#
# [*access_log_format*]
#   The log format for the virtualhost.
#   Optional. Defaults to false.
#
# [*error_log_file*]
#   The error log file name for the virtualhost.
#   Optional. Defaults to undef.
#
# [*custom_wsgi_process_options*]
#   (optional) gives you the oportunity to add custom process options or to
#   overwrite the default options for the WSGI main process.
#   eg. to use a virtual python environment for the WSGI process
#   you could set it to:
#   { python-path => '/my/python/virtualenv' }
#   Defaults to {}
#
# [*vhost_custom_fragment*]
#   (optional) Passes a string of custom configuration
#   directives to be placed at the end of the vhost configuration.
#   Defaults to undef.
#
# == Authors
#
#   Ade Lee <alee@redhat.com>
#
# == Copyright
#
#   Copyright 2015 Red Hat Inc. <licensing@redhat.com>
#
class barbican::wsgi::apache (
  $servername                  = $::fqdn,
  $public_port                 = 9311,
  $bind_host                   = undef,
  $public_path                 = '/',
  $ssl                         = undef,
  $workers                     = $::os_workers,
  $ssl_cert                    = undef,
  $ssl_key                     = undef,
  $ssl_chain                   = undef,
  $ssl_ca                      = undef,
  $ssl_crl_path                = undef,
  $ssl_crl                     = undef,
  $ssl_certs_dir               = undef,
  $wsgi_process_display_name   = undef,
  $threads                     = 1,
  $priority                    = '10',
  $access_log_file             = false,
  $access_log_format           = false,
  $error_log_file              = undef,
  $custom_wsgi_process_options = {},
  $vhost_custom_fragment       = undef,
) {

  if $ssl == undef {
    warning('Default of the ssl parameter will be changed in a future release')
  }
  $ssl_real = pick($ssl, true)

  include barbican::deps
  include barbican::params

  Anchor['barbican::install::end'] -> Class['apache']

  openstacklib::wsgi::apache { 'barbican_wsgi_main':
    bind_host                   => $bind_host,
    bind_port                   => $public_port,
    group                       => 'barbican',
    path                        => $public_path,
    priority                    => $priority,
    servername                  => $servername,
    ssl                         => $ssl_real,
    ssl_ca                      => $ssl_ca,
    ssl_cert                    => $ssl_cert,
    ssl_certs_dir               => $ssl_certs_dir,
    ssl_chain                   => $ssl_chain,
    ssl_crl                     => $ssl_crl,
    ssl_crl_path                => $ssl_crl_path,
    ssl_key                     => $ssl_key,
    threads                     => $threads,
    user                        => 'barbican',
    vhost_custom_fragment       => $vhost_custom_fragment,
    workers                     => $workers,
    wsgi_daemon_process         => 'barbican-api',
    wsgi_process_display_name   => $wsgi_process_display_name,
    wsgi_process_group          => 'barbican-api',
    wsgi_script_dir             => $::barbican::params::barbican_wsgi_script_path,
    wsgi_script_file            => 'main',
    wsgi_script_source          => $::barbican::params::barbican_wsgi_script_source,
    access_log_file             => $access_log_file,
    access_log_format           => $access_log_format,
    error_log_file              => $error_log_file,
    custom_wsgi_process_options => $custom_wsgi_process_options,
  }
}