From 7c2eee2494b622dbd858ccd5c5a331f1bffbbbc2 Mon Sep 17 00:00:00 2001
From: Juan Antonio Osorio Robles <jaosorior@redhat.com>
Date: Fri, 3 Nov 2017 14:11:41 +0200
Subject: [PATCH] Tell HAProxy container template that the public cert was
 autogenerated

With the recent change to only mounting the certificate when it's used
[1]. The usecase of autogenerating the public certificate was missed.
This enables a flag to tell the template to mount it if we're
autogenerating the certificate.

[1] Id8ba09902d25689e642f922c43e71649977bf248

Change-Id: I299e6052e6a872c3907184b635d218a806d906e0
---
 docker/services/haproxy.yaml                    | 17 +++++++++++++----
 .../services/haproxy-public-tls-certmonger.yaml |  1 +
 2 files changed, 14 insertions(+), 4 deletions(-)

diff --git a/docker/services/haproxy.yaml b/docker/services/haproxy.yaml
index 7b3ea7edb5..4fe20dfe63 100644
--- a/docker/services/haproxy.yaml
+++ b/docker/services/haproxy.yaml
@@ -45,6 +45,11 @@ parameters:
     description: >
       The content of the SSL certificate (without Key) in PEM format.
     type: string
+  PublicSSLCertificateAutogenerated:
+    default: false
+    description: >
+      Whether the public SSL certificate was autogenerated or not.
+    type: boolean
   DeployedSSLCertificatePath:
     default: '/etc/pki/tls/private/overcloud_endpoint.pem'
     description: >
@@ -78,10 +83,14 @@ conditions:
 
   internal_tls_enabled: {equals: [{get_param: EnableInternalTLS}, true]}
   public_tls_enabled:
-    not:
-      equals:
-      - {get_param: SSLCertificate}
-      - ""
+    or:
+    - not:
+        equals:
+        - {get_param: SSLCertificate}
+        - ""
+    - equals:
+        - {get_param: PublicSSLCertificateAutogenerated}
+        - true
 
 resources:
 
diff --git a/environments/services/haproxy-public-tls-certmonger.yaml b/environments/services/haproxy-public-tls-certmonger.yaml
index d3ad3ad427..022f8474c9 100644
--- a/environments/services/haproxy-public-tls-certmonger.yaml
+++ b/environments/services/haproxy-public-tls-certmonger.yaml
@@ -1,4 +1,5 @@
 # A Heat environment file which can be used to enable a
 # a TLS for HAProxy via certmonger
 resource_registry:
+  PublicSSLCertificateAutogenerated: true
   OS::TripleO::Services::HAProxyPublicTLS: ../../puppet/services/haproxy-public-tls-certmonger.yaml