diff --git a/octavia/amphorae/drivers/haproxy/rest_api_driver.py b/octavia/amphorae/drivers/haproxy/rest_api_driver.py index 599485fe3d..077cea41fd 100644 --- a/octavia/amphorae/drivers/haproxy/rest_api_driver.py +++ b/octavia/amphorae/drivers/haproxy/rest_api_driver.py @@ -498,8 +498,7 @@ class HaproxyAmphoraLoadBalancerDriver( amphora, obj_id, pem=secret, md5=md5, name=name) return name - def _process_listener_pool_certs(self, listener, amphora=None, - obj_id=None): + def _process_listener_pool_certs(self, listener, amphora, obj_id): # {'POOL-ID': { # 'client_cert': client_full_filename, # 'ca_cert': ca_cert_full_filename, @@ -517,7 +516,7 @@ class HaproxyAmphoraLoadBalancerDriver( amphora, obj_id)) return pool_certs_dict - def _process_pool_certs(self, listener, pool, amphora=None, obj_id=None): + def _process_pool_certs(self, listener, pool, amphora, obj_id): pool_cert_dict = dict() # Handle the client cert(s) and key @@ -534,17 +533,17 @@ class HaproxyAmphoraLoadBalancerDriver( if amphora and obj_id: self._upload_cert(amphora, obj_id, pem=pem, md5=md5, name=name) pool_cert_dict['client_cert'] = os.path.join( - CONF.haproxy_amphora.base_cert_dir, listener.id, name) + CONF.haproxy_amphora.base_cert_dir, obj_id, name) if pool.ca_tls_certificate_id: name = self._process_secret(listener, pool.ca_tls_certificate_id, amphora, obj_id) pool_cert_dict['ca_cert'] = os.path.join( - CONF.haproxy_amphora.base_cert_dir, listener.id, name) + CONF.haproxy_amphora.base_cert_dir, obj_id, name) if pool.crl_container_id: name = self._process_secret(listener, pool.crl_container_id, amphora, obj_id) pool_cert_dict['crl'] = os.path.join( - CONF.haproxy_amphora.base_cert_dir, listener.id, name) + CONF.haproxy_amphora.base_cert_dir, obj_id, name) return pool_cert_dict diff --git a/octavia/tests/unit/amphorae/drivers/haproxy/test_rest_api_driver_0_5.py b/octavia/tests/unit/amphorae/drivers/haproxy/test_rest_api_driver_0_5.py index 9482d90c14..946b7d9fe2 100644 --- a/octavia/tests/unit/amphorae/drivers/haproxy/test_rest_api_driver_0_5.py +++ b/octavia/tests/unit/amphorae/drivers/haproxy/test_rest_api_driver_0_5.py @@ -288,14 +288,14 @@ class TestHaproxyAmphoraLoadBalancerDriverTest(base.TestCase): self.driver.clients[API_VERSION].get_cert_md5sum.side_effect = [ exc.NotFound, 'Fake_MD5', 'aaaaa', 'aaaaaaaa'] self.driver._process_tls_certificates( - sample_listener, self.amp, sample_listener.load_balancer.id) + sample_listener, self.amp, sample_listener.id) gcm_calls = [ - mock.call(self.amp, self.lb.id, + mock.call(self.amp, sample_listener.id, self.sl.default_tls_container.id + '.pem', ignore=(404,)), - mock.call(self.amp, self.lb.id, + mock.call(self.amp, sample_listener.id, sconts[0].id + '.pem', ignore=(404,)), - mock.call(self.amp, self.lb.id, + mock.call(self.amp, sample_listener.id, sconts[1].id + '.pem', ignore=(404,)) ] self.driver.clients[API_VERSION].get_cert_md5sum.assert_has_calls( @@ -310,11 +310,11 @@ class TestHaproxyAmphoraLoadBalancerDriverTest(base.TestCase): sample_certs.X509_CERT_KEY_3, sample_certs.X509_IMDS]) + b'\n' ucp_calls = [ - mock.call(self.amp, self.lb.id, + mock.call(self.amp, sample_listener.id, self.sl.default_tls_container.id + '.pem', fp1), - mock.call(self.amp, self.lb.id, + mock.call(self.amp, sample_listener.id, sconts[0].id + '.pem', fp2), - mock.call(self.amp, self.lb.id, + mock.call(self.amp, sample_listener.id, sconts[1].id + '.pem', fp3) ] self.driver.clients[API_VERSION].upload_cert_pem.assert_has_calls( @@ -375,13 +375,13 @@ class TestHaproxyAmphoraLoadBalancerDriverTest(base.TestCase): 'sample_pool_id_2': ref_pool_cert_2} result = self.driver._process_listener_pool_certs( - sample_listener, self.amp, sample_listener.load_balancer.id) + sample_listener, self.amp, sample_listener.id) pool_certs_calls = [ mock.call(sample_listener, sample_listener.default_pool, - self.amp, sample_listener.load_balancer.id), + self.amp, sample_listener.id), mock.call(sample_listener, sample_listener.pools[1], - self.amp, sample_listener.load_balancer.id) + self.amp, sample_listener.id) ] mock_pool_cert.assert_has_calls(pool_certs_calls, any_order=True) @@ -425,19 +425,19 @@ class TestHaproxyAmphoraLoadBalancerDriverTest(base.TestCase): result = self.driver._process_pool_certs( sample_listener, sample_listener.default_pool, self.amp, - sample_listener.load_balancer.id) + sample_listener.id) secret_calls = [ mock.call(sample_listener, sample_listener.default_pool.ca_tls_certificate_id, - self.amp, sample_listener.load_balancer.id), + self.amp, sample_listener.id), mock.call(sample_listener, sample_listener.default_pool.crl_container_id, - self.amp, sample_listener.load_balancer.id)] + self.amp, sample_listener.id)] mock_build_pem.assert_called_once_with(pool_cert) mock_upload_cert.assert_called_once_with( - self.amp, sample_listener.load_balancer.id, pem=fake_pem, + self.amp, sample_listener.id, pem=fake_pem, md5=ref_md5, name=ref_name) mock_secret.assert_has_calls(secret_calls) self.assertEqual(ref_result, result) diff --git a/octavia/tests/unit/amphorae/drivers/haproxy/test_rest_api_driver_1_0.py b/octavia/tests/unit/amphorae/drivers/haproxy/test_rest_api_driver_1_0.py index 5b6f97baec..b48d3e94bb 100644 --- a/octavia/tests/unit/amphorae/drivers/haproxy/test_rest_api_driver_1_0.py +++ b/octavia/tests/unit/amphorae/drivers/haproxy/test_rest_api_driver_1_0.py @@ -410,15 +410,16 @@ class TestHaproxyAmphoraLoadBalancerDriverTest(base.TestCase): mock_build_pem.return_value = fake_pem ref_md5 = hashlib.md5(fake_pem).hexdigest() # nosec ref_name = '{id}.pem'.format(id=pool_cert.id) - ref_path = '{cert_dir}/{list_id}/{name}'.format( - cert_dir=fake_cert_dir, list_id=sample_listener.id, name=ref_name) + ref_path = '{cert_dir}/{lb_id}/{name}'.format( + cert_dir=fake_cert_dir, lb_id=sample_listener.load_balancer.id, + name=ref_name) ref_ca_name = 'fake_ca.pem' - ref_ca_path = '{cert_dir}/{list_id}/{name}'.format( - cert_dir=fake_cert_dir, list_id=sample_listener.id, + ref_ca_path = '{cert_dir}/{lb_id}/{name}'.format( + cert_dir=fake_cert_dir, lb_id=sample_listener.load_balancer.id, name=ref_ca_name) ref_crl_name = 'fake_crl.pem' - ref_crl_path = '{cert_dir}/{list_id}/{name}'.format( - cert_dir=fake_cert_dir, list_id=sample_listener.id, + ref_crl_path = '{cert_dir}/{lb_id}/{name}'.format( + cert_dir=fake_cert_dir, lb_id=sample_listener.load_balancer.id, name=ref_crl_name) ref_result = {'client_cert': ref_path, 'ca_cert': ref_ca_path, 'crl': ref_crl_path} diff --git a/releasenotes/notes/fix-add-member-tls-enabled-pool-cc77bfa320aaf659.yaml b/releasenotes/notes/fix-add-member-tls-enabled-pool-cc77bfa320aaf659.yaml new file mode 100644 index 0000000000..91b65a639d --- /dev/null +++ b/releasenotes/notes/fix-add-member-tls-enabled-pool-cc77bfa320aaf659.yaml @@ -0,0 +1,5 @@ +--- +fixes: + - | + Fixed an issue where members added to TLS-enabled pools would go to ERROR + provisioning status.