Merge "Deny the creation of L7Policies for HTTPS/TCP/UDP listeners" into stable/victoria
This commit is contained in:
commit
254725df16
|
@ -54,6 +54,11 @@ AMPHORA_SUPPORTED_PROTOCOLS = [
|
||||||
lib_consts.PROTOCOL_UDP,
|
lib_consts.PROTOCOL_UDP,
|
||||||
]
|
]
|
||||||
|
|
||||||
|
VALID_L7POLICY_LISTENER_PROTOCOLS = [
|
||||||
|
lib_consts.PROTOCOL_HTTP,
|
||||||
|
lib_consts.PROTOCOL_TERMINATED_HTTPS
|
||||||
|
]
|
||||||
|
|
||||||
|
|
||||||
class AmphoraProviderDriver(driver_base.ProviderDriver):
|
class AmphoraProviderDriver(driver_base.ProviderDriver):
|
||||||
def __init__(self):
|
def __init__(self):
|
||||||
|
@ -336,6 +341,14 @@ class AmphoraProviderDriver(driver_base.ProviderDriver):
|
||||||
|
|
||||||
# L7 Policy
|
# L7 Policy
|
||||||
def l7policy_create(self, l7policy):
|
def l7policy_create(self, l7policy):
|
||||||
|
db_listener = self.repositories.listener.get(db_apis.get_session(),
|
||||||
|
id=l7policy.listener_id)
|
||||||
|
if db_listener.protocol not in VALID_L7POLICY_LISTENER_PROTOCOLS:
|
||||||
|
msg = ('%s protocol listeners do not support L7 policies' % (
|
||||||
|
db_listener.protocol))
|
||||||
|
raise exceptions.UnsupportedOptionError(
|
||||||
|
user_fault_string=msg,
|
||||||
|
operator_fault_string=msg)
|
||||||
payload = {consts.L7POLICY_ID: l7policy.l7policy_id}
|
payload = {consts.L7POLICY_ID: l7policy.l7policy_id}
|
||||||
self.client.cast({}, 'create_l7policy', **payload)
|
self.client.cast({}, 'create_l7policy', **payload)
|
||||||
|
|
||||||
|
|
|
@ -55,6 +55,11 @@ AMPHORA_SUPPORTED_PROTOCOLS = [
|
||||||
lib_consts.PROTOCOL_UDP,
|
lib_consts.PROTOCOL_UDP,
|
||||||
]
|
]
|
||||||
|
|
||||||
|
VALID_L7POLICY_LISTENER_PROTOCOLS = [
|
||||||
|
lib_consts.PROTOCOL_HTTP,
|
||||||
|
lib_consts.PROTOCOL_TERMINATED_HTTPS
|
||||||
|
]
|
||||||
|
|
||||||
|
|
||||||
class AmphoraProviderDriver(driver_base.ProviderDriver):
|
class AmphoraProviderDriver(driver_base.ProviderDriver):
|
||||||
def __init__(self):
|
def __init__(self):
|
||||||
|
@ -359,6 +364,14 @@ class AmphoraProviderDriver(driver_base.ProviderDriver):
|
||||||
|
|
||||||
# L7 Policy
|
# L7 Policy
|
||||||
def l7policy_create(self, l7policy):
|
def l7policy_create(self, l7policy):
|
||||||
|
db_listener = self.repositories.listener.get(db_apis.get_session(),
|
||||||
|
id=l7policy.listener_id)
|
||||||
|
if db_listener.protocol not in VALID_L7POLICY_LISTENER_PROTOCOLS:
|
||||||
|
msg = ('%s protocol listeners do not support L7 policies' % (
|
||||||
|
db_listener.protocol))
|
||||||
|
raise exceptions.UnsupportedOptionError(
|
||||||
|
user_fault_string=msg,
|
||||||
|
operator_fault_string=msg)
|
||||||
payload = {consts.L7POLICY: l7policy.to_dict()}
|
payload = {consts.L7POLICY: l7policy.to_dict()}
|
||||||
self.client.cast({}, 'create_l7policy', **payload)
|
self.client.cast({}, 'create_l7policy', **payload)
|
||||||
|
|
||||||
|
|
|
@ -596,14 +596,32 @@ class TestAmphoraDriver(base.TestRpc):
|
||||||
mock_cast.assert_called_with({}, 'update_health_monitor', **payload)
|
mock_cast.assert_called_with({}, 'update_health_monitor', **payload)
|
||||||
|
|
||||||
# L7 Policy
|
# L7 Policy
|
||||||
|
@mock.patch('octavia.db.api.get_session')
|
||||||
|
@mock.patch('octavia.db.repositories.ListenerRepository.get')
|
||||||
@mock.patch('oslo_messaging.RPCClient.cast')
|
@mock.patch('oslo_messaging.RPCClient.cast')
|
||||||
def test_l7policy_create(self, mock_cast):
|
def test_l7policy_create(self, mock_cast, mock_listener_get, mock_session):
|
||||||
|
mock_listener = mock.MagicMock()
|
||||||
|
mock_listener.protocol = consts.PROTOCOL_HTTP
|
||||||
|
mock_listener_get.return_value = mock_listener
|
||||||
provider_l7policy = driver_dm.L7Policy(
|
provider_l7policy = driver_dm.L7Policy(
|
||||||
l7policy_id=self.sample_data.l7policy1_id)
|
l7policy_id=self.sample_data.l7policy1_id)
|
||||||
self.amp_driver.l7policy_create(provider_l7policy)
|
self.amp_driver.l7policy_create(provider_l7policy)
|
||||||
payload = {consts.L7POLICY_ID: self.sample_data.l7policy1_id}
|
payload = {consts.L7POLICY_ID: self.sample_data.l7policy1_id}
|
||||||
mock_cast.assert_called_with({}, 'create_l7policy', **payload)
|
mock_cast.assert_called_with({}, 'create_l7policy', **payload)
|
||||||
|
|
||||||
|
@mock.patch('octavia.db.api.get_session')
|
||||||
|
@mock.patch('octavia.db.repositories.ListenerRepository.get')
|
||||||
|
def test_l7policy_create_invalid_listener_protocol(self, mock_listener_get,
|
||||||
|
mock_session):
|
||||||
|
mock_listener = mock.MagicMock()
|
||||||
|
mock_listener.protocol = consts.PROTOCOL_UDP
|
||||||
|
mock_listener_get.return_value = mock_listener
|
||||||
|
provider_l7policy = driver_dm.L7Policy(
|
||||||
|
l7policy_id=self.sample_data.l7policy1_id)
|
||||||
|
self.assertRaises(exceptions.UnsupportedOptionError,
|
||||||
|
self.amp_driver.l7policy_create,
|
||||||
|
provider_l7policy)
|
||||||
|
|
||||||
@mock.patch('oslo_messaging.RPCClient.cast')
|
@mock.patch('oslo_messaging.RPCClient.cast')
|
||||||
def test_l7policy_delete(self, mock_cast):
|
def test_l7policy_delete(self, mock_cast):
|
||||||
provider_l7policy = driver_dm.L7Policy(
|
provider_l7policy = driver_dm.L7Policy(
|
||||||
|
|
|
@ -606,14 +606,32 @@ class TestAmphoraDriver(base.TestRpc):
|
||||||
mock_cast.assert_called_with({}, 'update_health_monitor', **payload)
|
mock_cast.assert_called_with({}, 'update_health_monitor', **payload)
|
||||||
|
|
||||||
# L7 Policy
|
# L7 Policy
|
||||||
|
@mock.patch('octavia.db.api.get_session')
|
||||||
|
@mock.patch('octavia.db.repositories.ListenerRepository.get')
|
||||||
@mock.patch('oslo_messaging.RPCClient.cast')
|
@mock.patch('oslo_messaging.RPCClient.cast')
|
||||||
def test_l7policy_create(self, mock_cast):
|
def test_l7policy_create(self, mock_cast, mock_listener_get, mock_session):
|
||||||
|
mock_listener = mock.MagicMock()
|
||||||
|
mock_listener.protocol = consts.PROTOCOL_HTTP
|
||||||
|
mock_listener_get.return_value = mock_listener
|
||||||
provider_l7policy = driver_dm.L7Policy(
|
provider_l7policy = driver_dm.L7Policy(
|
||||||
l7policy_id=self.sample_data.l7policy1_id)
|
l7policy_id=self.sample_data.l7policy1_id)
|
||||||
self.amp_driver.l7policy_create(provider_l7policy)
|
self.amp_driver.l7policy_create(provider_l7policy)
|
||||||
payload = {consts.L7POLICY: provider_l7policy.to_dict()}
|
payload = {consts.L7POLICY: provider_l7policy.to_dict()}
|
||||||
mock_cast.assert_called_with({}, 'create_l7policy', **payload)
|
mock_cast.assert_called_with({}, 'create_l7policy', **payload)
|
||||||
|
|
||||||
|
@mock.patch('octavia.db.api.get_session')
|
||||||
|
@mock.patch('octavia.db.repositories.ListenerRepository.get')
|
||||||
|
def test_l7policy_create_invalid_listener_protocol(self, mock_listener_get,
|
||||||
|
mock_session):
|
||||||
|
mock_listener = mock.MagicMock()
|
||||||
|
mock_listener.protocol = consts.PROTOCOL_UDP
|
||||||
|
mock_listener_get.return_value = mock_listener
|
||||||
|
provider_l7policy = driver_dm.L7Policy(
|
||||||
|
l7policy_id=self.sample_data.l7policy1_id)
|
||||||
|
self.assertRaises(exceptions.UnsupportedOptionError,
|
||||||
|
self.amp_driver.l7policy_create,
|
||||||
|
provider_l7policy)
|
||||||
|
|
||||||
@mock.patch('oslo_messaging.RPCClient.cast')
|
@mock.patch('oslo_messaging.RPCClient.cast')
|
||||||
def test_l7policy_delete(self, mock_cast):
|
def test_l7policy_delete(self, mock_cast):
|
||||||
provider_l7policy = driver_dm.L7Policy(
|
provider_l7policy = driver_dm.L7Policy(
|
||||||
|
|
|
@ -0,0 +1,7 @@
|
||||||
|
---
|
||||||
|
fixes:
|
||||||
|
- |
|
||||||
|
Validate that the creation of L7 policies is compatible with the protocol
|
||||||
|
of the listener in the Amphora driver. L7 policies are allowed for
|
||||||
|
Terminated HTTPS or HTTP protocol listeners, but not for HTTPS, TCP or UDP
|
||||||
|
protocols listeners.
|
Loading…
Reference in New Issue