Fix update/delete listener CA/CRL error

Fixed "Could not retrieve certificate" error when updating/deleting the client_ca_tls_container_ref field of a listener after a CA/CRL was deleted.

Story 2010081
Task 45577

Change-Id: I1633c2cacf1c4dc5c0aa605635545fae8085e296
(cherry picked from commit 9a5273d3ea)
(cherry picked from commit 74f2baf539)
(cherry picked from commit aa1c69a586)
(cherry picked from commit 1028bc2422)
(cherry picked from commit 69909d9760)
(cherry picked from commit 14f131dbf2)

octavia/api/drivers/utils.py

@@ -267,11 +267,13 @@ def listener_dict_to_provider_dict(listener_dict, for_delete=False):
 
         if listener_obj.client_ca_tls_certificate_id:
             cert = _get_secret_data(cert_manager, listener_obj.project_id,
-                                    listener_obj.client_ca_tls_certificate_id)
+                                    listener_obj.client_ca_tls_certificate_id,
+                                    for_delete=for_delete)
             new_listener_dict['client_ca_tls_container_data'] = cert
         if listener_obj.client_crl_container_id:
             crl_file = _get_secret_data(cert_manager, listener_obj.project_id,
-                                        listener_obj.client_crl_container_id)
+                                        listener_obj.client_crl_container_id,
+                                        for_delete=for_delete)
             new_listener_dict['client_crl_container_data'] = crl_file
 
     # Format the allowed_cidrs
@@ -389,12 +391,14 @@ def pool_dict_to_provider_dict(pool_dict, for_delete=False):
 
         if pool_obj.ca_tls_certificate_id:
             cert = _get_secret_data(cert_manager, pool_obj.project_id,
-                                    pool_obj.ca_tls_certificate_id)
+                                    pool_obj.ca_tls_certificate_id,
+                                    for_delete=for_delete)
             new_pool_dict['ca_tls_container_data'] = cert
 
         if pool_obj.crl_container_id:
             crl_file = _get_secret_data(cert_manager, pool_obj.project_id,
-                                        pool_obj.crl_container_id)
+                                        pool_obj.crl_container_id,
+                                        for_delete=for_delete)
             new_pool_dict['crl_container_data'] = crl_file
 
     # Remove the DB back references

octavia/tests/unit/api/drivers/test_utils.py

@@ -290,6 +290,8 @@ class TestUtils(base.TestCase):
         del expect_prov['sni_container_data']
         provider_listener = utils.listener_dict_to_provider_dict(
             self.sample_data.test_listener1_dict, for_delete=True)
+        args, kwargs = mock_secret.call_args
+        self.assertEqual(kwargs['for_delete'], True)
         self.assertEqual(expect_prov, provider_listener)
 
     @mock.patch('octavia.api.drivers.utils._get_secret_data')
@@ -395,6 +397,8 @@ class TestUtils(base.TestCase):
         provider_pool_dict = utils.pool_dict_to_provider_dict(
             self.sample_data.test_pool1_dict, for_delete=True)
         provider_pool_dict.pop('crl_container_ref')
+        args, kwargs = mock_secret.call_args
+        self.assertEqual(kwargs['for_delete'], True)
         self.assertEqual(expect_prov, provider_pool_dict)
 
     def test_db_HM_to_provider_HM(self):

releasenotes/notes/fix-update-listener-ca-error-167464debc06cba2.yaml

@@ -0,0 +1,5 @@
+---
+fixes:
+  - |
+    Fixed "Could not retrieve certificate" error when updating/deleting the
+    client_ca_tls_container_ref field of a listener after a CA/CRL was deleted.