From e197b396a8224b86873aa8d439e57c847d774f57 Mon Sep 17 00:00:00 2001
From: Takashi Kajinami <tkajinam@redhat.com>
Date: Fri, 7 Jan 2022 22:58:54 +0900
Subject: [PATCH] Prepare updating default of emc_ssl_cert_verify

Currently, the emc_ssl_cert_verify parameter defaults to false in
some backends. However the parameter defaults to true in Manila itself,
and it is generally discouraged to disable verification of SSL certs.

This change prepares updating the default value in a future release,
and provide notice about that change.

Change-Id: I75378fdef418f95cae1790abcd26754453256dbf
---
 manifests/backend/dellemc_unity.pp                       | 9 +++++++--
 manifests/backend/dellemc_vnx.pp                         | 9 +++++++--
 .../change-emc_ssl_cert_verify-2a6204b63853bdf1.yaml     | 9 +++++++++
 3 files changed, 23 insertions(+), 4 deletions(-)
 create mode 100644 releasenotes/notes/change-emc_ssl_cert_verify-2a6204b63853bdf1.yaml

diff --git a/manifests/backend/dellemc_unity.pp b/manifests/backend/dellemc_unity.pp
index 0510692c..c82b615e 100644
--- a/manifests/backend/dellemc_unity.pp
+++ b/manifests/backend/dellemc_unity.pp
@@ -105,7 +105,7 @@ define manila::backend::dellemc_unity (
   $unity_share_server             = $::os_service_default,
   $report_default_filter_function = $::os_service_default,
   $network_plugin_ipv6_enabled    = true,
-  $emc_ssl_cert_verify            = false,
+  $emc_ssl_cert_verify            = undef,
   $emc_ssl_cert_path              = $::os_service_default,
   $package_ensure                 = 'present',
 ) {
@@ -115,6 +115,11 @@ define manila::backend::dellemc_unity (
 
   validate_legacy(String, 'validate_string', $emc_nas_password)
 
+  if $emc_ssl_cert_verify == undef {
+    warning('Default of emc_ssl_cert_verify will be changed from false to service default(true).')
+  }
+  $emc_ssl_cert_verify_real = pick($emc_ssl_cert_verify, false)
+
   $unity_share_driver = 'manila.share.drivers.dell_emc.driver.EMCShareDriver'
 
   manila_config {
@@ -132,7 +137,7 @@ define manila::backend::dellemc_unity (
     "${share_backend_name}/unity_share_server":             value => $unity_share_server;
     "${share_backend_name}/report_default_filter_function": value => $report_default_filter_function;
     "${share_backend_name}/network_plugin_ipv6_enabled":    value => $network_plugin_ipv6_enabled;
-    "${share_backend_name}/emc_ssl_cert_verify":            value => $emc_ssl_cert_verify;
+    "${share_backend_name}/emc_ssl_cert_verify":            value => $emc_ssl_cert_verify_real;
     "${share_backend_name}/emc_ssl_cert_path":              value => $emc_ssl_cert_path;
   }
 
diff --git a/manifests/backend/dellemc_vnx.pp b/manifests/backend/dellemc_vnx.pp
index ff031548..ccf55a35 100644
--- a/manifests/backend/dellemc_vnx.pp
+++ b/manifests/backend/dellemc_vnx.pp
@@ -94,7 +94,7 @@ define manila::backend::dellemc_vnx (
   $vnx_share_data_pools         = $::os_service_default,
   $vnx_ethernet_ports           = $::os_service_default,
   $network_plugin_ipv6_enabled  = true,
-  $emc_ssl_cert_verify          = false,
+  $emc_ssl_cert_verify          = undef,
   $emc_ssl_cert_path            = $::os_service_default,
   $package_ensure               = 'present',
   $driver_handles_share_servers = undef,
@@ -105,6 +105,11 @@ define manila::backend::dellemc_vnx (
 
   validate_legacy(String, 'validate_string', $emc_nas_password)
 
+  if $emc_ssl_cert_verify == undef {
+    warning('Default of emc_ssl_cert_verify will be changed from false to service default(true).')
+  }
+  $emc_ssl_cert_verify_real = pick($emc_ssl_cert_verify, false)
+
   if $driver_handles_share_servers != undef {
     warning('The driver_handles_share_servers parameter has been deprecated and has no effect')
   }
@@ -124,7 +129,7 @@ define manila::backend::dellemc_vnx (
     "${share_backend_name}/vnx_share_data_pools":         value => join(any2array($vnx_share_data_pools), ',');
     "${share_backend_name}/vnx_ethernet_ports":           value => join(any2array($vnx_ethernet_ports), ',');
     "${share_backend_name}/network_plugin_ipv6_enabled":  value => $network_plugin_ipv6_enabled;
-    "${share_backend_name}/emc_ssl_cert_verify":          value => $emc_ssl_cert_verify;
+    "${share_backend_name}/emc_ssl_cert_verify":          value => $emc_ssl_cert_verify_real;
     "${share_backend_name}/emc_ssl_cert_path":            value => $emc_ssl_cert_path;
   }
 
diff --git a/releasenotes/notes/change-emc_ssl_cert_verify-2a6204b63853bdf1.yaml b/releasenotes/notes/change-emc_ssl_cert_verify-2a6204b63853bdf1.yaml
new file mode 100644
index 00000000..08574bc5
--- /dev/null
+++ b/releasenotes/notes/change-emc_ssl_cert_verify-2a6204b63853bdf1.yaml
@@ -0,0 +1,9 @@
+---
+upgrade:
+  - |
+    Defaut value of the ``emc_ssl_cert_verify`` parameter in the following
+    resource types will be changed from ``false`` to service default which
+    is effectively ``true``. Make sure the parameter is set if needed.
+
+    - ``manila::backend::dellemc_unity``
+    - ``manila::backend::dellemc_vnx``