#
# Suggested name for wallet object containing the database credentials:
# db/<group>/secure-afs-request/<dbname>
class secure_afs_request (
  Enum['present', 'absent'] $ensure = 'present',
  String                    $vhost  = 'secure-afs-request.example.com',
  #
  Enum['wallet', 'none']    $db_credentials_source = 'wallet',
  Optional[String]          $wallet_name   = undef,
) {

  # Install the software.
  package { 'secure-afs-request-web':
    ensure => $ensure,
  }

  class { 'secure_afs_request::config_file':
    ensure  => $ensure,
    require => Package['secure-afs-request-web'],
  }

  # Install the database ini file
  case $db_credentials_source {
    'wallet': {
      if ($wallet_name != undef) {
        wallet { $wallet_name:
          ensure => $ensure,
          type   => 'file',
          path   => '/etc/secure-afs-request/database.ini',
          mode   => '0640',
          owner  => 'root',
          group  => 'www-data',
        }
      } else {
        crit('wallet_name not defined')
      }
    }
    'none': { }
    default: { crit('unknown value for db_credentials_source') }
  }

  # Install the Apache configuration.
  file { '/etc/apache2/sites-enabled/secure-afs-request.conf':
    ensure  => $ensure,
    content => template('secure_afs_request/etc/apache2/sites-available/secure-afs-request.conf.erb'),
    owner   => 'root',
    group   => 'root',
    mode    => '0755',
  }

  # Install the key-pair
  su_apache::cert::incommon { $vhost:
    ensure => $ensure,
  }

}