Octavia: Accept lists for Ciphers parameters

This is follow-up of 8751555509 and
allows usage of list values for ciphers parameters so that users can
more easily maintain items. List values are automatically converted to
colon-separated strings by puppet-octavia .

Also, some default values are quite long and makes maintenance quite
difficult. Instead of hard-coding default, these parameters use service
default when the values are unset(or intentionally set to empty lists).

Conflicts:
	deployment/octavia/octavia-api-container-puppet.yaml

Change-Id: I09ca5baff60f472edee0a4bde59f9c2e575dfdee
(cherry picked from commit fef8dacd9f)

deployment/octavia/octavia-api-container-puppet.yaml

@@ -86,14 +86,14 @@ parameters:
       Use the advanced (eventlet safe) memcached client pool.
     default: true
   OctaviaDefaultListenerCiphers:
-    type: string
-    default: 'TLS_AES_256_GCM_SHA384:TLS_CHACHA20_POLY1305_SHA256:TLS_AES_128_GCM_SHA256:DHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-SHA256:DHE-RSA-AES128-SHA256:ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES128-SHA256'
+    type: comma_delimited_list
+    default: []
   OctaviaDefaultPoolCiphers:
-    type: string
-    default: 'TLS_AES_256_GCM_SHA384:TLS_CHACHA20_POLY1305_SHA256:TLS_AES_128_GCM_SHA256:DHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-SHA256:DHE-RSA-AES128-SHA256:ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES128-SHA256'
+    type: comma_delimited_list
+    default: []
   OctaviaTlsCiphersProhibitList:
-    type: string  # colon separated list
-    default: ''
+    type: comma_delimited_list
+    default: []
   OctaviaListenerTlsVersions:
     type: comma_delimited_list
     default: ['TLSv1.2', 'TLSv1.3']
@@ -108,7 +108,11 @@ conditions:
   internal_tls_enabled: {equals: [{get_param: EnableInternalTLS}, true]}
   use_tls_proxy: {equals : [{get_param: EnableInternalTLS}, true]}
   enable_driver_agent: {equals: [{get_param: OctaviaEnableDriverAgent}, true]}
-  octavia_min_tls_version:
+  octavia_default_listener_ciphers_set:
+    not: {equals : [{get_param: OctaviaDefaultListenerCiphers}, []]}
+  octavia_default_pool_ciphers_set:
+    not: {equals : [{get_param: OctaviaDefaultPoolCiphers}, []]}
+  octavia_min_tls_version_set:
     not: {equals : [{get_param: OctaviaMinimumTlsVersion}, '']}
 
 resources:
@@ -215,8 +219,6 @@ outputs:
             octavia::api::service_name: 'httpd'
             octavia::api::enable_proxy_headers_parsing: true
             octavia::api::healthcheck_enabled: true
-            octavia::api::default_listener_ciphers: {get_param: OctaviaDefaultListenerCiphers}
-            octavia::api::default_pool_ciphers: {get_param: OctaviaDefaultPoolCiphers}
             octavia::api::tls_cipher_prohibit_list: {get_param: OctaviaTlsCiphersProhibitList}
             octavia::api::default_listener_tls_versions: {get_param: OctaviaListenerTlsVersions}
             octavia::api::default_pool_tls_versions: {get_param: OctaviaPoolTlsVersions}
@@ -259,9 +261,14 @@ outputs:
                       - {get_attr: [OctaviaProviderConfig, role_data, provider_driver_labels]}
                       - []
           - if:
-              - octavia_min_tls_version
-              - octavia::api::minimum_tls_version: { get_param: OctaviaMinimumTlsVersion }
-
+              - octavia_default_listener_ciphers_set
+              - octavia::api::default_listener_ciphers: {get_param: OctaviaDefaultListenerCiphers}
+          - if:
+              - octavia_default_pool_ciphers_set
+              - octavia::api::default_pool_ciphers: {get_param: OctaviaDefaultPoolCiphers}
+          - if:
+              - octavia_min_tls_version_set
+              - octavia::api::minimum_tls_version: {get_param: OctaviaMinimumTlsVersion}
       service_config_settings:
         rsyslog:
           tripleo_logging_sources_octavia_api: