Add TLS options to oslo.cache

This patch specifies a set of options required to build a TLS context.
The context built from those options can later on be passed to any of
the oslo.cache backends that supports TLS connections.

Train note: Test modifications are not ported to Train, since the
specific test that was modified doesn't exist in Train.

Depends-on: https://review.opendev.org/774120
Change-Id: I835641d402e6cbd6650efd0d7a1fb16fb361350e
(cherry picked from commit 7ae8aa377e)

manifests/init.pp

@@ -120,6 +120,39 @@
 #   cache_backend, cache_enabled and cache_memcache_servers is set.
 #   Default to $::os_service_default
 #
+# [*tls_enabled*]
+#   (Optional) Global toggle for TLS usage when comunicating with
+#   the caching servers.
+#   Default to $::os_service_default
+#
+# [*tls_cafile*]
+#   (Optional) Path to a file of concatenated CA certificates in PEM
+#   format necessary to establish the caching server's authenticity.
+#   If tls_enabled is False, this option is ignored.
+#   Default to $::os_service_default
+#
+# [*tls_certfile*]
+#   (Optional) Path to a single file in PEM format containing the
+#   client's certificate as well as any number of CA certificates
+#   needed to establish the certificate's authenticity. This file
+#   is only required when client side authentication is necessary.
+#   If tls_enabled is False, this option is ignored.
+#   Default to $::os_service_default
+#
+# [*tls_keyfile*]
+#   (Optional) Path to a single file containing the client's private
+#   key in. Otherwhise the private key will be taken from the file
+#   specified in tls_certfile. If tls_enabled is False, this option
+#   is ignored.
+#   Default to $::os_service_default
+#
+# [*tls_allowed_ciphers*]
+#   (Optional) Set the available ciphers for sockets created with
+#   the TLS context. It should be a string in the OpenSSL cipher
+#   list format. If not specified, all OpenSSL enabled ciphers will
+#   be available.
+#   Default to $::os_service_default
+#
 # [*manage_service*]
 #   (Optional) If Puppet should manage service startup / shutdown.
 #   Defaults to true.
@@ -626,6 +659,11 @@ class keystone(
   $cache_expiration_time                = $::os_service_default,
   $cache_proxies                        = $::os_service_default,
   $token_caching                        = $::os_service_default,
+  $tls_enabled                          = $::os_service_default,
+  $tls_cafile                           = $::os_service_default,
+  $tls_certfile                         = $::os_service_default,
+  $tls_keyfile                          = $::os_service_default,
+  $tls_allowed_ciphers                  = $::os_service_default,
   $enabled                              = true,
   $database_connection                  = undef,
   $database_idle_timeout                = undef,
@@ -871,6 +909,11 @@ admin_token will be removed in a later release")
     memcache_pool_unused_timeout         => $memcache_pool_unused_timeout,
     memcache_pool_connection_get_timeout => $memcache_pool_connection_get_timeout,
     manage_backend_package               => $manage_backend_package,
+    tls_enabled                          => $tls_enabled,
+    tls_cafile                           => $tls_cafile,
+    tls_certfile                         => $tls_certfile,
+    tls_keyfile                          => $tls_keyfile,
+    tls_allowed_ciphers                  => $tls_allowed_ciphers,
   }
 
   oslo::middleware { 'keystone_config':

releasenotes/notes/add_tls_options-8ed38a82af2f378f.yaml

@@ -0,0 +1,4 @@
+---
+features:
+  - |
+    Add TLS options to oslo.cache