[TLS] Fix enable/disable of tls configuration

The following is the current expected behavior:
* When TLS was enable and gets disabled previous created certificates
won't get deleted.

* adding additional custom CA certs can only be passed to the
services if tls is enabled, otherwise CA bundle creation will be
skipped and no bundle will be passed to the service CAs. Right now
the default is to have TLS enabled for at least routes.

Jira: OSPRH-3268

apis/core/v1beta1/openstackcontrolplane_types.go

@@ -769,7 +769,7 @@ func SetupDefaults() {
 // Enabled - returns status of tls configuration for the passed in endpoint type
 func (t *TLSSection) Enabled(endpt service.Endpoint) bool {
 	if t != nil {
-		if cfg, ok := t.Endpoint[service.EndpointInternal]; ok && cfg.Enabled {
+		if cfg, ok := t.Endpoint[endpt]; ok && cfg.Enabled {
 			return true
 		}
 	}

pkg/openstack/ca.go

@@ -35,17 +35,16 @@ func ReconcileCAs(ctx context.Context, instance *corev1.OpenStackControlPlane, h
 		instance.GetNamespace(),
 		map[string]string{},
 	)
-	/*
-		// Cleanuo?
-		if !instance.Spec.TLS.Enabled {
-			if err := cert.Delete(ctx, helper); err != nil {
-				return ctrl.Result{}, err
-			}
-			instance.Status.Conditions.Remove(corev1beta1.OpenStackControlPlaneCAsReadyCondition)
 
-			return ctrl.Result{}, nil
-		}
-	*/
+	// Note (mschuppert) - right now additional custom CA certs can only be passed to the services if
+	// tls is enabled, otherwise CA bundle creation will be skipped and no bundle will be passed to the
+	// service CAs.
+	if !instance.Spec.TLS.Enabled(service.EndpointInternal) && !instance.Spec.TLS.Enabled(service.EndpointPublic) {
+		// we are not deleting certificates if tls gets disabled
+		instance.Status.Conditions.Remove(corev1.OpenStackControlPlaneCAReadyCondition)
+
+		return ctrl.Result{}, nil
+	}
 
 	helper.GetLogger().Info("Reconciling CAs", "Namespace", instance.Namespace, "Name", issuerReq.Name)