Fixes the SNI issues in master(mitaka) for octavia

1. Fixes the mismatch between the tls_container_id lengths in neutron.lbaas_sni and octavia.sni tables. 2. Fixes the syntax error in cert_parser.py field. (tls_container.id => tls_container_id) 3. Removes the certs['sni_certs'] parameter from the rest_api_driver.py as it gets wrongly assigned to socket_path parameter in the jinja_cfg.py file. 4. Modifies the sample_configs to make the unit tests work with the above changes. Change-Id: I8fe5854ef2dc508e37a368294c44eef63b5bccba Closes-Bug: #1520990
7 years ago · 298fd45380
parent 2cd234a0f1
commit 298fd45380
4 changed files with 50 additions and 10 deletions
--- a/octavia/amphorae/drivers/haproxy/rest_api_driver.py
+++ b/octavia/amphorae/drivers/haproxy/rest_api_driver.py
@ -67,8 +67,7 @@ class HaproxyAmphoraLoadBalancerDriver(
        # Process listener certificate info
        certs = self._process_tls_certificates(listener)
        # Generate HaProxy configuration from listener object
-        config = self.jinja.build_config(listener, certs['tls_cert'],
-                                         certs['sni_certs'])
+        config = self.jinja.build_config(listener, certs['tls_cert'])

        for amp in listener.load_balancer.amphorae:
            if amp.status != constants.DELETED:
--- a/octavia/common/tls_utils/cert_parser.py
+++ b/octavia/common/tls_utils/cert_parser.py
@ -197,7 +197,7 @@ def load_certificates_data(cert_mngr, listener):
            for sni_cont in listener.sni_containers:
                cert_container = _map_cert_tls_container(
                    cert_mngr.get_cert(listener.project_id,
-                                       sni_cont.tls_container.id,
+                                       sni_cont.tls_container_id,
                                       check_only=True))
                sni_certs.append(cert_container)
        return {'tls_cert': tls_cert, 'sni_certs': sni_certs}
--- a/octavia/db/migration/alembic_migrations/versions/8c0851bdf6c3_change_tls_container_id_length_in_sni_.py
+++ b/octavia/db/migration/alembic_migrations/versions/8c0851bdf6c3_change_tls_container_id_length_in_sni_.py
@ -0,0 +1,37 @@
+# Copyright 2016 Hewlett-Packard Development Company, L.P.
+#
+# Licensed under the Apache License, Version 2.0 (the "License"); you may
+# not use this file except in compliance with the License. You may obtain
+# a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
+# License for the specific language governing permissions and limitations
+# under the License.
+
+"""change_tls_container_id_length_in_sni_table
+
+Revision ID: 8c0851bdf6c3
+Revises: 186509101b9b
+Create Date: 2016-03-23 19:08:53.148812
+
+"""
+
+# revision identifiers, used by Alembic.
+revision = '8c0851bdf6c3'
+down_revision = '186509101b9b'
+
+from alembic import op
+import sqlalchemy as sa
+
+
+def upgrade():
+    op.alter_column(u'sni', u'tls_container_id', type_=sa.String(128),
+                    existing_type=sa.String(36), nullable=True)
+
+
+def downgrade():
+    pass
--- a/octavia/tests/unit/common/sample_configs/sample_configs.py
+++ b/octavia/tests/unit/common/sample_configs/sample_configs.py
@ -403,12 +403,14 @@ def sample_listener_tuple(proto=None, monitor=True, persistence=True,
        ) if tls else '',
        sni_containers=[
            sample_tls_sni_container_tuple(
+                tls_container_id='cont_id_2',
                tls_container=sample_tls_container_tuple(
                    id='cont_id_2', certificate='--imapem2--\n',
                    private_key='--imakey2--\n', intermediates=[
                        '--imainter2--\n', '--imainter2too--\n'
                    ], primary_cn='aFakeCN')),
            sample_tls_sni_container_tuple(
+                tls_container_id='cont_id_3',
                tls_container=sample_tls_container_tuple(
                    id='cont_id_3', certificate='--imapem3--\n',
                    private_key='--imakey3--\n', intermediates=[
@ -421,14 +423,16 @@ def sample_listener_tuple(proto=None, monitor=True, persistence=True,
    )


-def sample_tls_sni_container_tuple(tls_container=None):
-    sc = collections.namedtuple('sni_container', 'tls_container')
-    return sc(tls_container=tls_container)
+def sample_tls_sni_container_tuple(tls_container_id=None, tls_container=None):
+    sc = collections.namedtuple('sni_container', 'tls_container_id, '
+                                                 'tls_container')
+    return sc(tls_container_id=tls_container_id, tls_container=tls_container)


-def sample_tls_sni_containers_tuple(tls_container=None):
-    sc = collections.namedtuple('sni_containers', 'tls_container')
-    return [sc(tls_container=tls_container)]
+def sample_tls_sni_containers_tuple(tls_container_id=None, tls_container=None):
+    sc = collections.namedtuple('sni_containers', 'tls_container_id, '
+                                                  'tls_container')
+    return [sc(tls_container_id=tls_container_id, tls_container=tls_container)]


 def sample_tls_container_tuple(id='cont_id_1', certificate=None,
@ -633,4 +637,4 @@ def sample_base_expected_config(frontend=None, backend=None, peers=None):
            "    option redispatch\n"
            "    timeout connect 5000\n"
            "    timeout client 50000\n"
-            "    timeout server 50000\n\n" + peers + frontend + backend)
+            "    timeout server 50000\n\n" + peers + frontend + backend)