#
# Copyright (C) 2014 eNovance SAS <licensing@enovance.com>
#
# Author: Emilien Macchi <emilien.macchi@enovance.com>
#
# Licensed under the Apache License, Version 2.0 (the "License"); you may
# not use this file except in compliance with the License. You may obtain
# a copy of the License at
#
#      http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
# License for the specific language governing permissions and limitations
# under the License.
#
# == Class: openstacklib::wsgi::apache
#
# Serve a service with apache mod_wsgi
# When using this class you should disable your service.
#
# == Parameters
#
# [*service_name*]
#   (optional) Name of the service to run.
#   Example: nova-api
#   Defaults to $name
#
# [*servername*]
#   (optional) The servername for the virtualhost.
#   Defaults to $::fqdn
#
# [*bind_host*]
#   (optional) The host/ip address Apache will listen on.
#   Defaults to undef (listen on all ip addresses).
#
# [*bind_port*]
#   (optional) The port to listen.
#   Defaults to undef
#
# [*group*]
#   (optional) Group with permissions on the script
#   Defaults to undef
#
# [*path*]
#   (optional) The prefix for the endpoint.
#   Defaults to '/'
#
# [*priority*]
#   (optional) The priority for the vhost.
#   Defaults to '10'
#
# [*ssl*]
#   (optional) Use ssl ? (boolean)
#   Defaults to false
#
# [*ssl_cert*]
#   (optional) Path to SSL certificate
#   Default to apache::vhost 'ssl_*' defaults.
#
# [*ssl_key*]
#   (optional) Path to SSL key
#   Default to apache::vhost 'ssl_*' defaults.
#
# [*ssl_chain*]
#   (optional) SSL chain
#   Default to apache::vhost 'ssl_*' defaults.
#
# [*ssl_ca*]
#   (optional) Path to SSL certificate authority
#   Default to apache::vhost 'ssl_*' defaults.
#
# [*ssl_crl_path*]
#   (optional) Path to SSL certificate revocation list
#   Default to apache::vhost 'ssl_*' defaults.
#
# [*ssl_crl*]
#   (optional) SSL certificate revocation list name
#   Default to apache::vhost 'ssl_*' defaults.
#
# [*ssl_certs_dir*]
#   (optional) Path to SSL certificate directory
#   Default to apache::vhost 'ssl_*' defaults.
#
# [*threads*]
#   (optional) The number of threads for the vhost.
#   Defaults to $::processorcount
#
# [*user*]
#   (optional) User with permissions on the script
#   Defaults to undef
#
# [*workers*]
#   (optional) The number of workers for the vhost.
#   Defaults to '1'
#
# [*wsgi_daemon_process*]
#   (optional) Name of the WSGI daemon process.
#   Defaults to $name
#
# [*wsgi_process_group*]
#   (optional) Name of the WSGI process group.
#   Defaults to $name
#
# [*wsgi_script_dir*]
#   (optional) The directory path of the WSGI script.
#   Defaults to undef
#
# [*wsgi_script_file*]
#   (optional) The file path of the WSGI script.
#   Defaults to undef
#
# [*wsgi_script_source*]
#   (optional) The source of the WSGI script.
#   Defaults to undef
#
define openstacklib::wsgi::apache (
  $service_name        = $name,
  $bind_host           = undef,
  $bind_port           = undef,
  $group               = undef,
  $path                = '/',
  $priority            = '10',
  $servername          = $::fqdn,
  $ssl                 = false,
  $ssl_ca              = undef,
  $ssl_cert            = undef,
  $ssl_certs_dir       = undef,
  $ssl_chain           = undef,
  $ssl_crl             = undef,
  $ssl_crl_path        = undef,
  $ssl_key             = undef,
  $threads             = $::processorcount,
  $user                = undef,
  $workers             = 1,
  $wsgi_daemon_process = $name,
  $wsgi_process_group  = $name,
  $wsgi_script_dir     = undef,
  $wsgi_script_file    = undef,
  $wsgi_script_source  = undef,
) {

  include ::apache
  include ::apache::mod::wsgi
  if $ssl {
    include ::apache::mod::ssl
  }

  # Ensure there's no trailing '/' except if this is also the only character
  $path_real = regsubst($path, '(^/.*)/$', '\1')

  if !defined(File[$wsgi_script_dir]) {
    file { $wsgi_script_dir:
      ensure  => directory,
      owner   => $user,
      group   => $group,
      require => Package['httpd'],
    }
  }

  file { $service_name:
    ensure  => file,
    path    => "${wsgi_script_dir}/${wsgi_script_file}",
    source  => $wsgi_script_source,
    owner   => $user,
    group   => $group,
    mode    => '0644',
    require => File[$wsgi_script_dir],
  }

  $wsgi_daemon_process_options = {
    user      => $user,
    group     => $group,
    processes => $workers,
    threads   => $threads,
  }
  $wsgi_script_aliases = hash([$path_real,"${wsgi_script_dir}/${wsgi_script_file}"])

  ::apache::vhost { $service_name:
    ensure                      => 'present',
    servername                  => $servername,
    ip                          => $bind_host,
    port                        => $bind_port,
    docroot                     => $wsgi_script_dir,
    docroot_owner               => $user,
    docroot_group               => $group,
    priority                    => $priority,
    ssl                         => $ssl,
    ssl_cert                    => $ssl_cert,
    ssl_key                     => $ssl_key,
    ssl_chain                   => $ssl_chain,
    ssl_ca                      => $ssl_ca,
    ssl_crl_path                => $ssl_crl_path,
    ssl_crl                     => $ssl_crl,
    ssl_certs_dir               => $ssl_certs_dir,
    wsgi_daemon_process         => $wsgi_daemon_process,
    wsgi_daemon_process_options => $wsgi_daemon_process_options,
    wsgi_process_group          => $wsgi_process_group,
    wsgi_script_aliases         => $wsgi_script_aliases,
    require                     => File[$service_name],
  }

}