From 9dab35e548c147d390443f0c235edbdfe4e439d0 Mon Sep 17 00:00:00 2001
From: yatinkarel <ykarel@redhat.com>
Date: Fri, 19 Apr 2024 14:10:01 +0530
Subject: [PATCH] [edpm_neutron_sriov] Add caCerts to container if tls enabled

Depends-On: https://github.com/openstack-k8s-operators/dataplane-operator/pull/842
---
 roles/edpm_neutron_sriov/defaults/main.yml                   | 5 +++++
 roles/edpm_neutron_sriov/meta/argument_specs.yml             | 5 +++++
 .../edpm_neutron_sriov/templates/neutron_sriov_agent.yaml.j2 | 5 +++++
 3 files changed, 15 insertions(+)

diff --git a/roles/edpm_neutron_sriov/defaults/main.yml b/roles/edpm_neutron_sriov/defaults/main.yml
index e7e24a44a..1f307098b 100644
--- a/roles/edpm_neutron_sriov/defaults/main.yml
+++ b/roles/edpm_neutron_sriov/defaults/main.yml
@@ -36,6 +36,11 @@ edpm_neutron_sriov_common_volumes:
   - /var/lib/kolla/config_files/neutron_sriov_agent.json:/var/lib/kolla/config_files/config.json:ro
   - /var/log/containers/neutron:/var/log/neutron:z
 
+edpm_neutron_sriov_tls_enabled: "{{ edpm_tls_certs_enabled | default(False) }}"
+edpm_neutron_sriov_tls_ca_src_dir: "/var/lib/openstack/cacerts/{{ edpm_service_name | default('neutron-sriov') }}"
+edpm_neutron_sriov_tls_volumes:
+  - "/var/lib/openstack/cacerts/{{ edpm_service_name | default('neutron-sriov') }}/tls-ca-bundle.pem:/etc/pki/ca-trust/extracted/pem/tls-ca-bundle.pem:ro,z"
+
 # neutron.conf
 # DEFAULT
 edpm_neutron_sriov_DEFAULT_debug: false
diff --git a/roles/edpm_neutron_sriov/meta/argument_specs.yml b/roles/edpm_neutron_sriov/meta/argument_specs.yml
index 118e71b97..6d1e61321 100644
--- a/roles/edpm_neutron_sriov/meta/argument_specs.yml
+++ b/roles/edpm_neutron_sriov/meta/argument_specs.yml
@@ -38,6 +38,11 @@ argument_specs:
           - /var/log/containers/neutron:/var/log/neutron:z
         description: List of volumes in a mount point form.
         type: list
+      edpm_neutron_sriov_tls_enabled:
+        default: false
+        description: >
+          Should TLS cacerts be configured for neutron sriov
+        type: bool
       edpm_neutron_sriov_DEFAULT_debug:
         default: false
         description: "Enable or disable DEBUG mode in the Neutron agent"
diff --git a/roles/edpm_neutron_sriov/templates/neutron_sriov_agent.yaml.j2 b/roles/edpm_neutron_sriov/templates/neutron_sriov_agent.yaml.j2
index 5d831fb40..24ccd7383 100644
--- a/roles/edpm_neutron_sriov/templates/neutron_sriov_agent.yaml.j2
+++ b/roles/edpm_neutron_sriov/templates/neutron_sriov_agent.yaml.j2
@@ -9,6 +9,11 @@ volumes:
   {%- set edpm_neutron_sriov_volumes =
           edpm_neutron_sriov_volumes +
           edpm_neutron_sriov_common_volumes %}
+{%- if edpm_neutron_sriov_tls_enabled | bool %}
+  {%- set edpm_neutron_sriov_volumes =
+          edpm_neutron_sriov_volumes +
+          edpm_neutron_sriov_tls_volumes %}
+{%- endif -%}
   {{ edpm_neutron_sriov_volumes }}
 environment:
   KOLLA_CONFIG_STRATEGY: COPY_ALWAYS