api: allow ssl communications with registry

Add missing options to allow Glance API to connect to Glance Registry
when SSL is enabled on both services.
Also switching SSL options to os_service_default to avoid useless
conditions in manifests.

Change-Id: Ia40228fc165ef8ce1213fed7f5eec4de1c12c013

manifests/api.pp

@@ -175,15 +175,30 @@
 #
 # [*cert_file*]
 #   (optinal) Certificate file to use when starting API server securely
-#   Defaults to false, not set
+#   Defaults to $::os_service_default
 #
 # [*key_file*]
 #   (optional) Private key file to use when starting API server securely
-#   Defaults to false, not set
+#   Defaults to $::os_service_default
 #
 # [*ca_file*]
 #   (optional) CA certificate file to use to verify connecting clients
-#   Defaults to false, not set
+#   Defaults to $::os_service_default
+#
+# [*registry_client_cert_file*]
+#   (optinal) The path to the cert file to use in SSL connections to the
+#   registry server.
+#   Defaults to $::os_service_default
+#
+# [*registry_client_key_file*]
+#   (optinal) The path to the private key file to use in SSL connections to the
+#   registry server.
+#   Defaults to $::os_service_default
+#
+# [*registry_client_ca_file*]
+#   (optinal) The path to the CA certificate file to use in SSL connections to the
+#   registry server.
+#   Defaults to $::os_service_default
 #
 # [*stores*]
 #   (optional) List of which store classes and store class locations are
@@ -285,9 +300,12 @@ class glance::api(
   $show_multiple_locations   = $::os_service_default,
   $location_strategy         = $::os_service_default,
   $purge_config              = false,
-  $cert_file                = false,
-  $key_file                 = false,
-  $ca_file                  = false,
+  $cert_file                 = $::os_service_default,
+  $key_file                  = $::os_service_default,
+  $ca_file                   = $::os_service_default,
+  $registry_client_cert_file = $::os_service_default,
+  $registry_client_key_file  = $::os_service_default,
+  $registry_client_ca_file   = $::os_service_default,
   $stores                    = false,
   $default_store             = undef,
   $multi_store               = false,
@@ -452,32 +470,13 @@ class glance::api(
   }
 
   # SSL Options
-  if $cert_file {
-    glance_api_config {
-      'DEFAULT/cert_file' : value => $cert_file;
-    }
-  } else {
-    glance_api_config {
-      'DEFAULT/cert_file': ensure => absent;
-    }
-  }
-  if $key_file {
   glance_api_config {
+    'DEFAULT/cert_file':                 value => $cert_file;
     'DEFAULT/key_file' :                 value => $key_file;
-    }
-  } else {
-    glance_api_config {
-      'DEFAULT/key_file': ensure => absent;
-    }
-  }
-  if $ca_file {
-    glance_api_config {
     'DEFAULT/ca_file'  :                 value => $ca_file;
-    }
-  } else {
-    glance_api_config {
-      'DEFAULT/ca_file': ensure => absent;
-    }
+    'DEFAULT/registry_client_ca_file':   value => $registry_client_ca_file;
+    'DEFAULT/registry_client_cert_file': value => $registry_client_cert_file;
+    'DEFAULT/registry_client_key_file':  value => $registry_client_key_file;
   }
 
   if $manage_service {

spec/classes/glance_api_spec.rb

@@ -146,9 +146,12 @@ describe 'glance::api' do
         end
 
         it 'is_expected.to have no ssl options' do
-          is_expected.to contain_glance_api_config('DEFAULT/ca_file').with_ensure('absent')
-          is_expected.to contain_glance_api_config('DEFAULT/cert_file').with_ensure('absent')
-          is_expected.to contain_glance_api_config('DEFAULT/key_file').with_ensure('absent')
+          is_expected.to contain_glance_api_config('DEFAULT/ca_file').with_value('<SERVICE DEFAULT>')
+          is_expected.to contain_glance_api_config('DEFAULT/cert_file').with_value('<SERVICE DEFAULT>')
+          is_expected.to contain_glance_api_config('DEFAULT/key_file').with_value('<SERVICE DEFAULT>')
+          is_expected.to contain_glance_api_config('DEFAULT/registry_client_ca_file').with_value('<SERVICE DEFAULT>')
+          is_expected.to contain_glance_api_config('DEFAULT/registry_client_cert_file').with_value('<SERVICE DEFAULT>')
+          is_expected.to contain_glance_api_config('DEFAULT/registry_client_key_file').with_value('<SERVICE DEFAULT>')
         end
 
         it 'is_expected.to configure itself for keystone if that is the auth_type' do
@@ -235,7 +238,10 @@ describe 'glance::api' do
         default_params.merge({
           :ca_file                   => '/tmp/ca_file',
           :cert_file                 => '/tmp/cert_file',
-          :key_file    => '/tmp/key_file'
+          :key_file                  => '/tmp/key_file',
+          :registry_client_ca_file   => '/tmp/registry_ca_file',
+          :registry_client_key_file  => '/tmp/registry_key_file',
+          :registry_client_cert_file => '/tmp/registry_cert_file',
         })
       end
 
@@ -243,6 +249,9 @@ describe 'glance::api' do
         it { is_expected.to contain_glance_api_config('DEFAULT/ca_file').with_value('/tmp/ca_file') }
         it { is_expected.to contain_glance_api_config('DEFAULT/cert_file').with_value('/tmp/cert_file') }
         it { is_expected.to contain_glance_api_config('DEFAULT/key_file').with_value('/tmp/key_file') }
+        it { is_expected.to contain_glance_api_config('DEFAULT/registry_client_ca_file').with_value('/tmp/registry_ca_file') }
+        it { is_expected.to contain_glance_api_config('DEFAULT/registry_client_key_file').with_value('/tmp/registry_key_file') }
+        it { is_expected.to contain_glance_api_config('DEFAULT/registry_client_cert_file').with_value('/tmp/registry_cert_file') }
       end
     end
     describe 'with stores by default' do