# Installs & configure the octavia service
#
# == Parameters
#
# [*enabled*]
#   (optional) Should the service be enabled.
#   Defaults to true
#
# [*manage_service*]
#   (optional) Whether the service should be managed by Puppet.
#   Defaults to true.
#
# [*service_name*]
#   (Optional) Name of the service that will be providing the
#   server functionality of octavia-api.
#   If the value is 'httpd', this means octavia-api will be a web
#   service, and you must use another class to configure that
#   web service. For example, use class { 'octavia::wsgi::apache'...}
#   to make octavia-api be a web app using apache mod_wsgi.
#   Defaults to $octavia::params::api_service_name
#
# [*host*]
#   (optional) The octavia api bind address.
#   Defaults to '0.0.0.0'
#
# [*port*]
#   (optional) The octavia api port.
#   Defaults to '9876'
#
# [*package_ensure*]
#   (optional) ensure state for package.
#   Defaults to 'present'
#
# [*auth_strategy*]
#   (optional) set authentication mechanism
#   Defaults to 'keystone'
#
# [*api_handler*]
#   (optional) The handler that the API communicates with
#   Defaults to $facts['os_service_default']
#
# [*allow_tls_terminated_listeners*]
#   (optional) Boolean if we allow creation of TLS terminated listeners.
#   Defaults to $facts['os_service_default']
#
# [*sync_db*]
#   (optional) Run octavia-db-manage upgrade head on api nodes after installing the package.
#   Defaults to false
#
# [*enable_proxy_headers_parsing*]
#   (Optional) Enable paste middleware to handle SSL requests through
#   HTTPProxyToWSGI middleware.
#   Defaults to $facts['os_service_default'].
#
# [*max_request_body_size*]
#   (Optional) Set max request body size
#   Defaults to $facts['os_service_default'].
#
# [*default_provider_driver*]
#   (optional) Configure the default provider driver.
#   Defaults to $facts['os_service_default']
#
# [*enabled_provider_drivers*]
#   (optional) Configure the loadbalancer provider drivers.
#   Defaults to $facts['os_service_default']
#
# [*pagination_max_limit*]
#   (optional) The maximum number of items returned in a single response.
#   Defaults to $facts['os_service_default']
#
# [*healthcheck_enabled*]
#   (optional) Enable the oslo middleware healthcheck endpoint.
#   Defaults to $facts['os_service_default']
#
# [*healthcheck_refresh_interval*]
#   (optional) The interval healthcheck plugin should cache results, in seconds.
#   Defaults to $facts['os_service_default']
#
# [*default_listener_ciphers*]
#   (optional) Default OpenSSL cipher string (colon-separated) for new
#   TLS-enabled pools.
#   Defaults to $facts['os_service_default']
#
# [*default_pool_ciphers*]
#   (optional) Default OpenSSL cipher string (colon-separated) for new
#   TLS-enabled pools.
#   Defaults to $facts['os_service_default']
#
# [*tls_cipher_prohibit_list*]
#   (optional) Colon separated list of OpenSSL ciphers. Usage of these ciphers
#   will be blocked.
#   Defaults to $facts['os_service_default']
#
# [*default_listener_tls_versions*]
#   (optional) List of TLS versions to use for new TLS-enabled listeners.
#   Defaults to $facts['os_service_default']
#
# [*default_pool_tls_versions*]
#   (optional) List of TLS versions to use for new TLS-enabled pools.
#   Defaults to $facts['os_service_default']
#
# [*minimum_tls_version*]
#   (optional) Minimum allowed TLS version for listeners and pools.
#   Defaults to $facts['os_service_default']
#
# [*allow_ping_health_monitors*]
#   (optional) Allow PING type Health Monitors.
#   Defaults to $facts['os_service_default']
#
# [*allow_prometheus_listeners*]
#   (optional) Allow PROMETHEUS type listeners.
#   Defaults to $facts['os_service_default']
#
# DEPRECATED PARAMETERS
#
# [*api_v1_enabled*]
#   (optional) Boolean if V1 API should be enabled.
#   Defaults to undef
#
# [*api_v2_enabled*]
#   (optional) Boolean if V2 API should be enabled.
#   Defaults to undef
#
class octavia::api (
  Boolean $enabled                          = true,
  Boolean $manage_service                   = true,
  String[1] $service_name                   = $octavia::params::api_service_name,
  $host                                     = '0.0.0.0',
  $port                                     = '9876',
  Stdlib::Ensure::Package $package_ensure   = 'present',
  Enum['keystone', 'noauth'] $auth_strategy = 'keystone',
  $api_handler                              = $facts['os_service_default'],
  $allow_tls_terminated_listeners           = $facts['os_service_default'],
  Boolean $sync_db                          = false,
  $enable_proxy_headers_parsing             = $facts['os_service_default'],
  $max_request_body_size                    = $facts['os_service_default'],
  $default_provider_driver                  = $facts['os_service_default'],
  $enabled_provider_drivers                 = $facts['os_service_default'],
  $pagination_max_limit                     = $facts['os_service_default'],
  $healthcheck_enabled                      = $facts['os_service_default'],
  $healthcheck_refresh_interval             = $facts['os_service_default'],
  $default_listener_ciphers                 = $facts['os_service_default'],
  $default_pool_ciphers                     = $facts['os_service_default'],
  $tls_cipher_prohibit_list                 = $facts['os_service_default'],
  $default_listener_tls_versions            = $facts['os_service_default'],
  $default_pool_tls_versions                = $facts['os_service_default'],
  $minimum_tls_version                      = $facts['os_service_default'],
  $allow_ping_health_monitors               = $facts['os_service_default'],
  $allow_prometheus_listeners               = $facts['os_service_default'],
  # DEPRECATED PARAMETERS
  $api_v1_enabled                           = undef,
  $api_v2_enabled                           = undef,
) inherits octavia::params {
  include octavia::deps
  include octavia::policy
  include octavia::db

  if $auth_strategy == 'keystone' {
    include octavia::keystone::authtoken
  }

  [
    'api_v1_enabled', 'api_v2_enabled',
  ].each |String $opt| {
    if getvar($opt) != undef {
      warning("The ${opt} parameter is deprecated and has no effect.")
    }
  }

  package { 'octavia-api':
    ensure => $package_ensure,
    name   => $octavia::params::api_package_name,
    tag    => ['openstack', 'octavia-package'],
  }

  if $manage_service {
    case $service_name {
      'httpd': {
        Service<| title == 'httpd' |> { tag +> 'octavia-service' }

        service { 'octavia-api':
          ensure => 'stopped',
          name   => $octavia::params::api_service_name,
          enable => false,
          tag    => 'octavia-service',
        }
        Service['octavia-api'] -> Service[$service_name]
      }
      default: {
        $service_ensure = $enabled ? {
          true    => 'running',
          default => 'stopped',
        }

        service { 'octavia-api':
          ensure     => $service_ensure,
          name       => $octavia::params::api_service_name,
          enable     => $enabled,
          hasstatus  => true,
          hasrestart => true,
          tag        => 'octavia-service',
        }

        # On any uwsgi config change, we must restart Octavia API.
        Octavia_api_uwsgi_config<||> ~> Service['octavia-api']
      }
    }
  }

  if $sync_db {
    include octavia::db::sync
  }

  if $enabled_provider_drivers =~ Hash {
    $enabled_provider_drivers_real = join(join_keys_to_values($enabled_provider_drivers, ':'), ',')
  } else {
    $enabled_provider_drivers_real = join(any2array($enabled_provider_drivers), ',')
  }

  octavia_config {
    'api_settings/bind_host':                      value => $host;
    'api_settings/bind_port':                      value => $port;
    'api_settings/auth_strategy':                  value => $auth_strategy;
    'api_settings/api_handler':                    value => $api_handler;
    'api_settings/allow_tls_terminated_listeners': value => $allow_tls_terminated_listeners;
    'api_settings/default_provider_driver':        value => $default_provider_driver;
    'api_settings/enabled_provider_drivers':       value => $enabled_provider_drivers_real;
    'api_settings/pagination_max_limit':           value => $pagination_max_limit;
    'api_settings/healthcheck_enabled':            value => $healthcheck_enabled;
    'api_settings/healthcheck_refresh_interval':   value => $healthcheck_refresh_interval;
    'api_settings/default_listener_ciphers':       value => join(any2array($default_listener_ciphers), ':');
    'api_settings/default_pool_ciphers':           value => join(any2array($default_pool_ciphers), ':');
    'api_settings/tls_cipher_prohibit_list':       value => join(any2array($tls_cipher_prohibit_list), ':');
    'api_settings/default_listener_tls_versions':  value => join(any2array($default_listener_tls_versions), ',');
    'api_settings/default_pool_tls_versions':      value => join(any2array($default_pool_tls_versions), ',');
    'api_settings/minimum_tls_version':            value => $minimum_tls_version;
    'api_settings/allow_ping_health_monitors':     value => $allow_ping_health_monitors;
    'api_settings/allow_prometheus_listeners':     value => $allow_prometheus_listeners;
  }

  # TODO(tkajinam): Remove this after 2026.1 release
  octavia_config {
    'api_settings/api_v1_enabled': ensure => absent;
    'api_settings/api_v2_enabled': ensure => absent;
  }

  oslo::middleware { 'octavia_config':
    enable_proxy_headers_parsing => $enable_proxy_headers_parsing,
    max_request_body_size        => $max_request_body_size,
  }
}