Fixes the SNI issues in master(mitaka) for octavia

1. Fixes the mismatch between the tls_container_id lengths in neutron.lbaas_sni
and octavia.sni tables.
2. Fixes the syntax error in cert_parser.py field. (tls_container.id => tls_container_id)
3. Removes the certs['sni_certs'] parameter from the rest_api_driver.py as it gets wrongly
assigned to socket_path parameter in the jinja_cfg.py file.
4. Modifies the sample_configs to make the unit tests work with the above changes.

Change-Id: I8fe5854ef2dc508e37a368294c44eef63b5bccba
Closes-Bug: #1520990
changes/80/297480/2
Aishwarya Thangappa 7 years ago
parent 2cd234a0f1
commit 298fd45380

@ -67,8 +67,7 @@ class HaproxyAmphoraLoadBalancerDriver(
# Process listener certificate info
certs = self._process_tls_certificates(listener)
# Generate HaProxy configuration from listener object
config = self.jinja.build_config(listener, certs['tls_cert'],
certs['sni_certs'])
config = self.jinja.build_config(listener, certs['tls_cert'])
for amp in listener.load_balancer.amphorae:
if amp.status != constants.DELETED:

@ -197,7 +197,7 @@ def load_certificates_data(cert_mngr, listener):
for sni_cont in listener.sni_containers:
cert_container = _map_cert_tls_container(
cert_mngr.get_cert(listener.project_id,
sni_cont.tls_container.id,
sni_cont.tls_container_id,
check_only=True))
sni_certs.append(cert_container)
return {'tls_cert': tls_cert, 'sni_certs': sni_certs}

@ -0,0 +1,37 @@
# Copyright 2016 Hewlett-Packard Development Company, L.P.
#
# Licensed under the Apache License, Version 2.0 (the "License"); you may
# not use this file except in compliance with the License. You may obtain
# a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
# License for the specific language governing permissions and limitations
# under the License.
"""change_tls_container_id_length_in_sni_table
Revision ID: 8c0851bdf6c3
Revises: 186509101b9b
Create Date: 2016-03-23 19:08:53.148812
"""
# revision identifiers, used by Alembic.
revision = '8c0851bdf6c3'
down_revision = '186509101b9b'
from alembic import op
import sqlalchemy as sa
def upgrade():
op.alter_column(u'sni', u'tls_container_id', type_=sa.String(128),
existing_type=sa.String(36), nullable=True)
def downgrade():
pass

@ -403,12 +403,14 @@ def sample_listener_tuple(proto=None, monitor=True, persistence=True,
) if tls else '',
sni_containers=[
sample_tls_sni_container_tuple(
tls_container_id='cont_id_2',
tls_container=sample_tls_container_tuple(
id='cont_id_2', certificate='--imapem2--\n',
private_key='--imakey2--\n', intermediates=[
'--imainter2--\n', '--imainter2too--\n'
], primary_cn='aFakeCN')),
sample_tls_sni_container_tuple(
tls_container_id='cont_id_3',
tls_container=sample_tls_container_tuple(
id='cont_id_3', certificate='--imapem3--\n',
private_key='--imakey3--\n', intermediates=[
@ -421,14 +423,16 @@ def sample_listener_tuple(proto=None, monitor=True, persistence=True,
)
def sample_tls_sni_container_tuple(tls_container=None):
sc = collections.namedtuple('sni_container', 'tls_container')
return sc(tls_container=tls_container)
def sample_tls_sni_container_tuple(tls_container_id=None, tls_container=None):
sc = collections.namedtuple('sni_container', 'tls_container_id, '
'tls_container')
return sc(tls_container_id=tls_container_id, tls_container=tls_container)
def sample_tls_sni_containers_tuple(tls_container=None):
sc = collections.namedtuple('sni_containers', 'tls_container')
return [sc(tls_container=tls_container)]
def sample_tls_sni_containers_tuple(tls_container_id=None, tls_container=None):
sc = collections.namedtuple('sni_containers', 'tls_container_id, '
'tls_container')
return [sc(tls_container_id=tls_container_id, tls_container=tls_container)]
def sample_tls_container_tuple(id='cont_id_1', certificate=None,
@ -633,4 +637,4 @@ def sample_base_expected_config(frontend=None, backend=None, peers=None):
" option redispatch\n"
" timeout connect 5000\n"
" timeout client 50000\n"
" timeout server 50000\n\n" + peers + frontend + backend)
" timeout server 50000\n\n" + peers + frontend + backend)
Loading…
Cancel
Save