Fix update API when barbican secret is missing

API update calls were blocked if the load balancer had a TLS terminated listener that the secret has been removed from barbican. This patch corrects this problem allowing users to update the certificate reference. Change-Id: I96908e6cbdb523f95298aff463a749d15e98e1ad Story: 2006676 Task: 37322
2019-10-29 14:15:13 -07:00 · 2019-10-29 14:15:13 -07:00 · 5af97a248b
commit 5af97a248b
parent 3c05ce1297
5 changed files with 55 additions and 5 deletions
--- a/octavia/api/v2/controllers/listener.py
+++ b/octavia/api/v2/controllers/listener.py
@ -544,15 +544,16 @@ class ListenersController(base.BaseController):
                driver_utils.listener_dict_to_provider_dict(listener_dict))

            # Also prepare the baseline object data
-            old_provider_llistener = (
-                driver_utils.db_listener_to_provider_listener(db_listener))
+            old_provider_listener = (
+                driver_utils.db_listener_to_provider_listener(db_listener,
+                                                              for_delete=True))

            # Dispatch to the driver
            LOG.info("Sending update Listener %s to provider %s", id,
                     driver.name)
            driver_utils.call_provider(
                driver.name, driver.listener_update,
-                old_provider_llistener,
+                old_provider_listener,
                driver_dm.Listener.from_dict(provider_listener_dict))

            # Update the database to reflect what the driver just accepted
--- a/octavia/api/v2/controllers/load_balancer.py
+++ b/octavia/api/v2/controllers/load_balancer.py
@ -588,7 +588,8 @@ class LoadBalancersController(base.BaseController):

            # Also prepare the baseline object data
            old_provider_lb = (
-                driver_utils.db_loadbalancer_to_provider_loadbalancer(db_lb))
+                driver_utils.db_loadbalancer_to_provider_loadbalancer(
+                    db_lb, for_delete=True))

            # Dispatch to the driver
            LOG.info("Sending update Load Balancer %s to provider "
--- a/octavia/api/v2/controllers/pool.py
+++ b/octavia/api/v2/controllers/pool.py
@ -403,7 +403,7 @@ class PoolsController(base.BaseController):

            # Also prepare the baseline object data
            old_provider_pool = driver_utils.db_pool_to_provider_pool(
-                db_pool)
+                db_pool, for_delete=True)

            # Dispatch to the driver
            LOG.info("Sending update Pool %s to provider %s", id, driver.name)
--- a/octavia/tests/functional/api/v2/test_listener.py
+++ b/octavia/tests/functional/api/v2/test_listener.py
@ -1310,6 +1310,26 @@ class TestListener(base.BaseAPITest):
                                            api_listener['id'])
        return ori_listener, api_listener

+    def test_update_with_bad_tls_ref(self):
+        listener = self.create_listener(constants.PROTOCOL_TCP,
+                                        443, self.lb_id)
+        tls_uuid = uuidutils.generate_uuid()
+        self.set_lb_status(self.lb_id)
+        self.listener_repo.update(db_api.get_session(),
+                                  listener['listener']['id'],
+                                  tls_certificate_id=tls_uuid,
+                                  protocol=constants.PROTOCOL_TERMINATED_HTTPS)
+
+        listener_path = self.LISTENER_PATH.format(
+            listener_id=listener['listener']['id'])
+        update_data = {'name': 'listener2'}
+        body = self._build_body(update_data)
+        api_listener = self.put(listener_path, body).json.get(self.root_tag)
+        response = self.get(self.listener_path.format(
+            listener_id=listener['listener']['id']))
+        api_listener = response.json.get(self.root_tag)
+        self.assertEqual('listener2', api_listener['name'])
+
    def test_negative_update_udp_case(self):
        api_listener = self.create_listener(constants.PROTOCOL_UDP, 6666,
                                            self.lb_id).get(self.root_tag)
--- a/octavia/tests/functional/api/v2/test_pool.py
+++ b/octavia/tests/functional/api/v2/test_pool.py
@ -1443,6 +1443,34 @@ class TestPool(base.BaseAPITest):
            lb_id=self.lb_id, listener_id=self.listener_id,
            pool_id=response.get('id'))

+    def test_update_with_bad_tls_ref(self):
+        api_pool = self.create_pool(
+            self.lb_id,
+            constants.PROTOCOL_HTTP,
+            constants.LB_ALGORITHM_ROUND_ROBIN,
+            listener_id=self.listener_id).get(self.root_tag)
+        self.set_lb_status(lb_id=self.lb_id)
+        # Set status to ACTIVE/ONLINE because set_lb_status did it in the db
+        api_pool['provisioning_status'] = constants.ACTIVE
+        api_pool['operating_status'] = constants.ONLINE
+        api_pool.pop('updated_at')
+
+        response = self.get(self.POOL_PATH.format(
+            pool_id=api_pool.get('id'))).json.get(self.root_tag)
+        response.pop('updated_at')
+        self.assertEqual(api_pool, response)
+
+        tls_uuid = uuidutils.generate_uuid()
+        self.pool_repo.update(db_api.get_session(),
+                              api_pool.get('id'),
+                              tls_certificate_id=tls_uuid)
+        update_data = {'name': 'pool2'}
+        self.put(self.POOL_PATH.format(pool_id=api_pool.get('id')),
+                 self._build_body(update_data))
+        response = self.get(self.POOL_PATH.format(
+            pool_id=api_pool.get('id'))).json.get(self.root_tag)
+        self.assertEqual('pool2', response.get('name'))
+
    def test_bad_update(self):
        api_pool = self.create_pool(
            self.lb_id,