Fix issues with unavailable secrets
Previously, if a secret became unavailable in barbican, the user saw a generic error raised from the barbican client and was unable to delete load balancer resources. This patch corrects both of those issues. Change-Id: I97bd1b2a97a44d0a0566ae56167fa4f2e503ee2d Story: 2006676 Task: 37012 Task: 37077
This commit is contained in:
parent
2f1987ccbe
commit
7fcef817ec
octavia
api
common/tls_utils
tests
functional/api/v2
unit
@ -21,6 +21,7 @@ from octavia_lib.api.drivers import exceptions as lib_exceptions
|
|||||||
from oslo_config import cfg
|
from oslo_config import cfg
|
||||||
from oslo_context import context as oslo_context
|
from oslo_context import context as oslo_context
|
||||||
from oslo_log import log as logging
|
from oslo_log import log as logging
|
||||||
|
from oslo_utils import excutils
|
||||||
from stevedore import driver as stevedore_driver
|
from stevedore import driver as stevedore_driver
|
||||||
|
|
||||||
from octavia.api.drivers import exceptions as driver_exceptions
|
from octavia.api.drivers import exceptions as driver_exceptions
|
||||||
@ -124,8 +125,8 @@ def _base_to_provider_dict(current_dict, include_project_id=False):
|
|||||||
|
|
||||||
# Note: The provider dict returned from this method will have provider
|
# Note: The provider dict returned from this method will have provider
|
||||||
# data model objects in it.
|
# data model objects in it.
|
||||||
def lb_dict_to_provider_dict(lb_dict, vip=None,
|
def lb_dict_to_provider_dict(lb_dict, vip=None, db_pools=None,
|
||||||
db_pools=None, db_listeners=None):
|
db_listeners=None, for_delete=False):
|
||||||
new_lb_dict = _base_to_provider_dict(lb_dict, include_project_id=True)
|
new_lb_dict = _base_to_provider_dict(lb_dict, include_project_id=True)
|
||||||
new_lb_dict['loadbalancer_id'] = new_lb_dict.pop('id')
|
new_lb_dict['loadbalancer_id'] = new_lb_dict.pop('id')
|
||||||
if vip:
|
if vip:
|
||||||
@ -139,19 +140,21 @@ def lb_dict_to_provider_dict(lb_dict, vip=None,
|
|||||||
new_lb_dict['flavor'] = flavor_repo.get_flavor_metadata_dict(
|
new_lb_dict['flavor'] = flavor_repo.get_flavor_metadata_dict(
|
||||||
db_api.get_session(), lb_dict['flavor_id'])
|
db_api.get_session(), lb_dict['flavor_id'])
|
||||||
if db_pools:
|
if db_pools:
|
||||||
new_lb_dict['pools'] = db_pools_to_provider_pools(db_pools)
|
new_lb_dict['pools'] = db_pools_to_provider_pools(
|
||||||
|
db_pools, for_delete=for_delete)
|
||||||
if db_listeners:
|
if db_listeners:
|
||||||
new_lb_dict['listeners'] = db_listeners_to_provider_listeners(
|
new_lb_dict['listeners'] = db_listeners_to_provider_listeners(
|
||||||
db_listeners)
|
db_listeners, for_delete=for_delete)
|
||||||
return new_lb_dict
|
return new_lb_dict
|
||||||
|
|
||||||
|
|
||||||
def db_loadbalancer_to_provider_loadbalancer(db_loadbalancer):
|
def db_loadbalancer_to_provider_loadbalancer(db_loadbalancer,
|
||||||
|
for_delete=False):
|
||||||
new_loadbalancer_dict = lb_dict_to_provider_dict(
|
new_loadbalancer_dict = lb_dict_to_provider_dict(
|
||||||
db_loadbalancer.to_dict(recurse=True),
|
db_loadbalancer.to_dict(recurse=True),
|
||||||
vip=db_loadbalancer.vip,
|
vip=db_loadbalancer.vip,
|
||||||
db_pools=db_loadbalancer.pools,
|
db_pools=db_loadbalancer.pools,
|
||||||
db_listeners=db_loadbalancer.listeners)
|
db_listeners=db_loadbalancer.listeners, for_delete=for_delete)
|
||||||
for unsupported_field in ['server_group_id', 'amphorae',
|
for unsupported_field in ['server_group_id', 'amphorae',
|
||||||
'vrrp_group', 'topology', 'vip']:
|
'vrrp_group', 'topology', 'vip']:
|
||||||
if unsupported_field in new_loadbalancer_dict:
|
if unsupported_field in new_loadbalancer_dict:
|
||||||
@ -161,20 +164,22 @@ def db_loadbalancer_to_provider_loadbalancer(db_loadbalancer):
|
|||||||
return provider_loadbalancer
|
return provider_loadbalancer
|
||||||
|
|
||||||
|
|
||||||
def db_listeners_to_provider_listeners(db_listeners):
|
def db_listeners_to_provider_listeners(db_listeners, for_delete=False):
|
||||||
provider_listeners = []
|
provider_listeners = []
|
||||||
for listener in db_listeners:
|
for listener in db_listeners:
|
||||||
provider_listener = db_listener_to_provider_listener(listener)
|
provider_listener = db_listener_to_provider_listener(
|
||||||
|
listener, for_delete=for_delete)
|
||||||
provider_listeners.append(provider_listener)
|
provider_listeners.append(provider_listener)
|
||||||
return provider_listeners
|
return provider_listeners
|
||||||
|
|
||||||
|
|
||||||
def db_listener_to_provider_listener(db_listener):
|
def db_listener_to_provider_listener(db_listener, for_delete=False):
|
||||||
new_listener_dict = listener_dict_to_provider_dict(
|
new_listener_dict = listener_dict_to_provider_dict(
|
||||||
db_listener.to_dict(recurse=True))
|
db_listener.to_dict(recurse=True), for_delete=for_delete)
|
||||||
if ('default_pool' in new_listener_dict and
|
if ('default_pool' in new_listener_dict and
|
||||||
new_listener_dict['default_pool']):
|
new_listener_dict['default_pool']):
|
||||||
provider_pool = db_pool_to_provider_pool(db_listener.default_pool)
|
provider_pool = db_pool_to_provider_pool(db_listener.default_pool,
|
||||||
|
for_delete=for_delete)
|
||||||
new_listener_dict['default_pool_id'] = provider_pool.pool_id
|
new_listener_dict['default_pool_id'] = provider_pool.pool_id
|
||||||
new_listener_dict['default_pool'] = provider_pool
|
new_listener_dict['default_pool'] = provider_pool
|
||||||
if new_listener_dict.get('l7policies', None):
|
if new_listener_dict.get('l7policies', None):
|
||||||
@ -184,16 +189,25 @@ def db_listener_to_provider_listener(db_listener):
|
|||||||
return provider_listener
|
return provider_listener
|
||||||
|
|
||||||
|
|
||||||
def _get_secret_data(cert_manager, project_id, secret_ref):
|
def _get_secret_data(cert_manager, project_id, secret_ref, for_delete=False):
|
||||||
"""Get the secret from the certificate manager and upload it to the amp.
|
"""Get the secret from the certificate manager and upload it to the amp.
|
||||||
|
|
||||||
:returns: The secret data.
|
:returns: The secret data.
|
||||||
"""
|
"""
|
||||||
context = oslo_context.RequestContext(project_id=project_id)
|
context = oslo_context.RequestContext(project_id=project_id)
|
||||||
return cert_manager.get_secret(context, secret_ref)
|
try:
|
||||||
|
secret_data = cert_manager.get_secret(context, secret_ref)
|
||||||
|
except Exception as e:
|
||||||
|
LOG.warning('Unable to retrieve certificate: %s due to %s.',
|
||||||
|
secret_ref, str(e))
|
||||||
|
if for_delete:
|
||||||
|
secret_data = None
|
||||||
|
else:
|
||||||
|
raise exceptions.CertificateRetrievalException(ref=secret_ref)
|
||||||
|
return secret_data
|
||||||
|
|
||||||
|
|
||||||
def listener_dict_to_provider_dict(listener_dict):
|
def listener_dict_to_provider_dict(listener_dict, for_delete=False):
|
||||||
new_listener_dict = _base_to_provider_dict(listener_dict,
|
new_listener_dict = _base_to_provider_dict(listener_dict,
|
||||||
include_project_id=True)
|
include_project_id=True)
|
||||||
new_listener_dict['listener_id'] = new_listener_dict.pop('id')
|
new_listener_dict['listener_id'] = new_listener_dict.pop('id')
|
||||||
@ -246,8 +260,16 @@ def listener_dict_to_provider_dict(listener_dict):
|
|||||||
name=CONF.certificates.cert_manager,
|
name=CONF.certificates.cert_manager,
|
||||||
invoke_on_load=True,
|
invoke_on_load=True,
|
||||||
).driver
|
).driver
|
||||||
cert_dict = cert_parser.load_certificates_data(cert_manager,
|
try:
|
||||||
listener_obj)
|
cert_dict = cert_parser.load_certificates_data(cert_manager,
|
||||||
|
listener_obj)
|
||||||
|
except Exception as e:
|
||||||
|
with excutils.save_and_reraise_exception() as ctxt:
|
||||||
|
LOG.warning('Unable to retrieve certificate(s) due to %s.',
|
||||||
|
str(e))
|
||||||
|
if for_delete:
|
||||||
|
ctxt.reraise = False
|
||||||
|
cert_dict = {}
|
||||||
if 'tls_cert' in cert_dict and cert_dict['tls_cert']:
|
if 'tls_cert' in cert_dict and cert_dict['tls_cert']:
|
||||||
new_listener_dict['default_tls_container_data'] = (
|
new_listener_dict['default_tls_container_data'] = (
|
||||||
cert_dict['tls_cert'].to_dict(recurse=True))
|
cert_dict['tls_cert'].to_dict(recurse=True))
|
||||||
@ -287,7 +309,8 @@ def listener_dict_to_provider_dict(listener_dict):
|
|||||||
if ('default_pool' in new_listener_dict and
|
if ('default_pool' in new_listener_dict and
|
||||||
new_listener_dict['default_pool']):
|
new_listener_dict['default_pool']):
|
||||||
pool = new_listener_dict.pop('default_pool')
|
pool = new_listener_dict.pop('default_pool')
|
||||||
new_listener_dict['default_pool'] = pool_dict_to_provider_dict(pool)
|
new_listener_dict['default_pool'] = pool_dict_to_provider_dict(
|
||||||
|
pool, for_delete=for_delete)
|
||||||
provider_l7policies = []
|
provider_l7policies = []
|
||||||
if 'l7policies' in new_listener_dict:
|
if 'l7policies' in new_listener_dict:
|
||||||
l7policies = new_listener_dict.pop('l7policies') or []
|
l7policies = new_listener_dict.pop('l7policies') or []
|
||||||
@ -298,15 +321,17 @@ def listener_dict_to_provider_dict(listener_dict):
|
|||||||
return new_listener_dict
|
return new_listener_dict
|
||||||
|
|
||||||
|
|
||||||
def db_pools_to_provider_pools(db_pools):
|
def db_pools_to_provider_pools(db_pools, for_delete=False):
|
||||||
provider_pools = []
|
provider_pools = []
|
||||||
for pool in db_pools:
|
for pool in db_pools:
|
||||||
provider_pools.append(db_pool_to_provider_pool(pool))
|
provider_pools.append(db_pool_to_provider_pool(pool,
|
||||||
|
for_delete=for_delete))
|
||||||
return provider_pools
|
return provider_pools
|
||||||
|
|
||||||
|
|
||||||
def db_pool_to_provider_pool(db_pool):
|
def db_pool_to_provider_pool(db_pool, for_delete=False):
|
||||||
new_pool_dict = pool_dict_to_provider_dict(db_pool.to_dict(recurse=True))
|
new_pool_dict = pool_dict_to_provider_dict(db_pool.to_dict(recurse=True),
|
||||||
|
for_delete=for_delete)
|
||||||
# Replace the sub-dicts with objects
|
# Replace the sub-dicts with objects
|
||||||
if 'health_monitor' in new_pool_dict:
|
if 'health_monitor' in new_pool_dict:
|
||||||
del new_pool_dict['health_monitor']
|
del new_pool_dict['health_monitor']
|
||||||
@ -325,7 +350,7 @@ def db_pool_to_provider_pool(db_pool):
|
|||||||
return driver_dm.Pool.from_dict(new_pool_dict)
|
return driver_dm.Pool.from_dict(new_pool_dict)
|
||||||
|
|
||||||
|
|
||||||
def pool_dict_to_provider_dict(pool_dict):
|
def pool_dict_to_provider_dict(pool_dict, for_delete=False):
|
||||||
new_pool_dict = _base_to_provider_dict(pool_dict, include_project_id=True)
|
new_pool_dict = _base_to_provider_dict(pool_dict, include_project_id=True)
|
||||||
new_pool_dict['pool_id'] = new_pool_dict.pop('id')
|
new_pool_dict['pool_id'] = new_pool_dict.pop('id')
|
||||||
|
|
||||||
@ -348,8 +373,16 @@ def pool_dict_to_provider_dict(pool_dict):
|
|||||||
name=CONF.certificates.cert_manager,
|
name=CONF.certificates.cert_manager,
|
||||||
invoke_on_load=True,
|
invoke_on_load=True,
|
||||||
).driver
|
).driver
|
||||||
cert_dict = cert_parser.load_certificates_data(cert_manager,
|
try:
|
||||||
pool_obj)
|
cert_dict = cert_parser.load_certificates_data(cert_manager,
|
||||||
|
pool_obj)
|
||||||
|
except Exception as e:
|
||||||
|
with excutils.save_and_reraise_exception() as ctxt:
|
||||||
|
LOG.warning('Unable to retrieve certificate(s) due to %s.',
|
||||||
|
str(e))
|
||||||
|
if for_delete:
|
||||||
|
ctxt.reraise = False
|
||||||
|
cert_dict = {}
|
||||||
if 'tls_cert' in cert_dict and cert_dict['tls_cert']:
|
if 'tls_cert' in cert_dict and cert_dict['tls_cert']:
|
||||||
new_pool_dict['tls_container_data'] = (
|
new_pool_dict['tls_container_data'] = (
|
||||||
cert_dict['tls_cert'].to_dict(recurse=True))
|
cert_dict['tls_cert'].to_dict(recurse=True))
|
||||||
|
@ -592,7 +592,8 @@ class ListenersController(base.BaseController):
|
|||||||
LOG.info("Sending delete Listener %s to provider %s", id,
|
LOG.info("Sending delete Listener %s to provider %s", id,
|
||||||
driver.name)
|
driver.name)
|
||||||
provider_listener = (
|
provider_listener = (
|
||||||
driver_utils.db_listener_to_provider_listener(db_listener))
|
driver_utils.db_listener_to_provider_listener(
|
||||||
|
db_listener, for_delete=True))
|
||||||
driver_utils.call_provider(driver.name, driver.listener_delete,
|
driver_utils.call_provider(driver.name, driver.listener_delete,
|
||||||
provider_listener)
|
provider_listener)
|
||||||
|
|
||||||
|
@ -638,7 +638,8 @@ class LoadBalancersController(base.BaseController):
|
|||||||
LOG.info("Sending delete Load Balancer %s to provider %s",
|
LOG.info("Sending delete Load Balancer %s to provider %s",
|
||||||
id, driver.name)
|
id, driver.name)
|
||||||
provider_loadbalancer = (
|
provider_loadbalancer = (
|
||||||
driver_utils.db_loadbalancer_to_provider_loadbalancer(db_lb))
|
driver_utils.db_loadbalancer_to_provider_loadbalancer(
|
||||||
|
db_lb, for_delete=True))
|
||||||
driver_utils.call_provider(driver.name, driver.loadbalancer_delete,
|
driver_utils.call_provider(driver.name, driver.loadbalancer_delete,
|
||||||
provider_loadbalancer, cascade)
|
provider_loadbalancer, cascade)
|
||||||
|
|
||||||
|
@ -452,7 +452,8 @@ class PoolsController(base.BaseController):
|
|||||||
|
|
||||||
LOG.info("Sending delete Pool %s to provider %s", id, driver.name)
|
LOG.info("Sending delete Pool %s to provider %s", id, driver.name)
|
||||||
provider_pool = (
|
provider_pool = (
|
||||||
driver_utils.db_pool_to_provider_pool(db_pool))
|
driver_utils.db_pool_to_provider_pool(db_pool,
|
||||||
|
for_delete=True))
|
||||||
driver_utils.call_provider(driver.name, driver.pool_delete,
|
driver_utils.call_provider(driver.name, driver.pool_delete,
|
||||||
provider_pool)
|
provider_pool)
|
||||||
|
|
||||||
|
@ -27,7 +27,7 @@ from pyasn1_modules import rfc2315
|
|||||||
import six
|
import six
|
||||||
|
|
||||||
from octavia.common import data_models
|
from octavia.common import data_models
|
||||||
import octavia.common.exceptions as exceptions
|
from octavia.common import exceptions
|
||||||
|
|
||||||
X509_BEG = b'-----BEGIN CERTIFICATE-----'
|
X509_BEG = b'-----BEGIN CERTIFICATE-----'
|
||||||
X509_END = b'-----END CERTIFICATE-----'
|
X509_END = b'-----END CERTIFICATE-----'
|
||||||
@ -354,16 +354,29 @@ def load_certificates_data(cert_mngr, obj, context=None):
|
|||||||
context = oslo_context.RequestContext(project_id=obj.project_id)
|
context = oslo_context.RequestContext(project_id=obj.project_id)
|
||||||
|
|
||||||
if obj.tls_certificate_id:
|
if obj.tls_certificate_id:
|
||||||
tls_cert = _map_cert_tls_container(
|
try:
|
||||||
cert_mngr.get_cert(context,
|
tls_cert = _map_cert_tls_container(
|
||||||
obj.tls_certificate_id,
|
cert_mngr.get_cert(context,
|
||||||
check_only=True))
|
obj.tls_certificate_id,
|
||||||
|
check_only=True))
|
||||||
|
except Exception as e:
|
||||||
|
LOG.warning('Unable to retrieve certificate: %s due to %s.',
|
||||||
|
obj.tls_certificate_id, str(e))
|
||||||
|
raise exceptions.CertificateRetrievalException(
|
||||||
|
ref=obj.tls_certificate_id)
|
||||||
|
|
||||||
if hasattr(obj, 'sni_containers') and obj.sni_containers:
|
if hasattr(obj, 'sni_containers') and obj.sni_containers:
|
||||||
for sni_cont in obj.sni_containers:
|
for sni_cont in obj.sni_containers:
|
||||||
cert_container = _map_cert_tls_container(
|
try:
|
||||||
cert_mngr.get_cert(context,
|
cert_container = _map_cert_tls_container(
|
||||||
sni_cont.tls_container_id,
|
cert_mngr.get_cert(context,
|
||||||
check_only=True))
|
sni_cont.tls_container_id,
|
||||||
|
check_only=True))
|
||||||
|
except Exception as e:
|
||||||
|
LOG.warning('Unable to retrieve certificate: %s due to %s.',
|
||||||
|
sni_cont.tls_container_id, str(e))
|
||||||
|
raise exceptions.CertificateRetrievalException(
|
||||||
|
ref=sni_cont.tls_container_id)
|
||||||
sni_certs.append(cert_container)
|
sni_certs.append(cert_container)
|
||||||
return {'tls_cert': tls_cert, 'sni_certs': sni_certs}
|
return {'tls_cert': tls_cert, 'sni_certs': sni_certs}
|
||||||
|
|
||||||
|
@ -25,6 +25,7 @@ from octavia.common import constants
|
|||||||
import octavia.common.context
|
import octavia.common.context
|
||||||
from octavia.common import data_models
|
from octavia.common import data_models
|
||||||
from octavia.common import exceptions
|
from octavia.common import exceptions
|
||||||
|
from octavia.db import api as db_api
|
||||||
from octavia.tests.common import sample_certs
|
from octavia.tests.common import sample_certs
|
||||||
from octavia.tests.functional.api.v2 import base
|
from octavia.tests.functional.api.v2 import base
|
||||||
|
|
||||||
@ -1849,6 +1850,37 @@ class TestListener(base.BaseAPITest):
|
|||||||
self.assert_final_listener_statuses(self.lb_id, api_listener['id'],
|
self.assert_final_listener_statuses(self.lb_id, api_listener['id'],
|
||||||
delete=True)
|
delete=True)
|
||||||
|
|
||||||
|
# Problems with TLS certs should not block a delete
|
||||||
|
def test_delete_with_bad_tls_ref(self):
|
||||||
|
listener = self.create_listener(constants.PROTOCOL_TCP,
|
||||||
|
443, self.lb_id)
|
||||||
|
tls_uuid = uuidutils.generate_uuid()
|
||||||
|
self.set_lb_status(self.lb_id)
|
||||||
|
self.listener_repo.update(db_api.get_session(),
|
||||||
|
listener['listener']['id'],
|
||||||
|
tls_certificate_id=tls_uuid,
|
||||||
|
protocol=constants.PROTOCOL_TERMINATED_HTTPS)
|
||||||
|
|
||||||
|
listener_path = self.LISTENER_PATH.format(
|
||||||
|
listener_id=listener['listener']['id'])
|
||||||
|
self.delete(listener_path)
|
||||||
|
response = self.get(listener_path)
|
||||||
|
api_listener = response.json['listener']
|
||||||
|
expected = {'name': None, 'default_pool_id': None,
|
||||||
|
'description': None, 'admin_state_up': True,
|
||||||
|
'operating_status': constants.ONLINE,
|
||||||
|
'provisioning_status': constants.PENDING_DELETE,
|
||||||
|
'connection_limit': None}
|
||||||
|
listener['listener'].update(expected)
|
||||||
|
|
||||||
|
self.assertIsNone(listener['listener'].pop('updated_at'))
|
||||||
|
self.assertIsNotNone(api_listener.pop('updated_at'))
|
||||||
|
self.assertNotEqual(listener, api_listener)
|
||||||
|
self.assert_correct_lb_status(self.lb_id, constants.ONLINE,
|
||||||
|
constants.PENDING_UPDATE)
|
||||||
|
self.assert_final_listener_statuses(self.lb_id, api_listener['id'],
|
||||||
|
delete=True)
|
||||||
|
|
||||||
def test_delete_authorized(self):
|
def test_delete_authorized(self):
|
||||||
listener = self.create_listener(constants.PROTOCOL_HTTP, 80,
|
listener = self.create_listener(constants.PROTOCOL_HTTP, 80,
|
||||||
self.lb_id)
|
self.lb_id)
|
||||||
|
@ -22,6 +22,7 @@ from octavia.common import constants
|
|||||||
import octavia.common.context
|
import octavia.common.context
|
||||||
from octavia.common import data_models
|
from octavia.common import data_models
|
||||||
from octavia.common import exceptions
|
from octavia.common import exceptions
|
||||||
|
from octavia.db import api as db_api
|
||||||
from octavia.tests.common import sample_certs
|
from octavia.tests.common import sample_certs
|
||||||
from octavia.tests.functional.api.v2 import base
|
from octavia.tests.functional.api.v2 import base
|
||||||
|
|
||||||
@ -1754,6 +1755,37 @@ class TestPool(base.BaseAPITest):
|
|||||||
listener_prov_status=constants.PENDING_UPDATE,
|
listener_prov_status=constants.PENDING_UPDATE,
|
||||||
pool_prov_status=constants.PENDING_DELETE)
|
pool_prov_status=constants.PENDING_DELETE)
|
||||||
|
|
||||||
|
# Problems with TLS certs should not block a delete
|
||||||
|
def test_delete_with_bad_tls_ref(self):
|
||||||
|
api_pool = self.create_pool(
|
||||||
|
self.lb_id,
|
||||||
|
constants.PROTOCOL_HTTP,
|
||||||
|
constants.LB_ALGORITHM_ROUND_ROBIN,
|
||||||
|
listener_id=self.listener_id).get(self.root_tag)
|
||||||
|
self.set_lb_status(lb_id=self.lb_id)
|
||||||
|
# Set status to ACTIVE/ONLINE because set_lb_status did it in the db
|
||||||
|
api_pool['provisioning_status'] = constants.ACTIVE
|
||||||
|
api_pool['operating_status'] = constants.ONLINE
|
||||||
|
api_pool.pop('updated_at')
|
||||||
|
|
||||||
|
response = self.get(self.POOL_PATH.format(
|
||||||
|
pool_id=api_pool.get('id'))).json.get(self.root_tag)
|
||||||
|
response.pop('updated_at')
|
||||||
|
self.assertEqual(api_pool, response)
|
||||||
|
|
||||||
|
tls_uuid = uuidutils.generate_uuid()
|
||||||
|
self.pool_repo.update(db_api.get_session(),
|
||||||
|
api_pool.get('id'),
|
||||||
|
tls_certificate_id=tls_uuid)
|
||||||
|
|
||||||
|
self.delete(self.POOL_PATH.format(pool_id=api_pool.get('id')))
|
||||||
|
self.assert_correct_status(
|
||||||
|
lb_id=self.lb_id, listener_id=self.listener_id,
|
||||||
|
pool_id=api_pool.get('id'),
|
||||||
|
lb_prov_status=constants.PENDING_UPDATE,
|
||||||
|
listener_prov_status=constants.PENDING_UPDATE,
|
||||||
|
pool_prov_status=constants.PENDING_DELETE)
|
||||||
|
|
||||||
def test_delete_authorize(self):
|
def test_delete_authorize(self):
|
||||||
api_pool = self.create_pool(
|
api_pool = self.create_pool(
|
||||||
self.lb_id,
|
self.lb_id,
|
||||||
|
@ -215,6 +215,22 @@ class TestUtils(base.TestCase):
|
|||||||
ref_listeners = copy.deepcopy(self.sample_data.provider_listeners)
|
ref_listeners = copy.deepcopy(self.sample_data.provider_listeners)
|
||||||
self.assertEqual(ref_listeners, provider_listeners)
|
self.assertEqual(ref_listeners, provider_listeners)
|
||||||
|
|
||||||
|
@mock.patch('oslo_context.context.RequestContext', return_value=None)
|
||||||
|
def test_get_secret_data_errors(self, mock_context):
|
||||||
|
mock_cert_mngr = mock.MagicMock()
|
||||||
|
|
||||||
|
mock_cert_mngr.get_secret.side_effect = [Exception, Exception]
|
||||||
|
|
||||||
|
# Test for_delete == False path
|
||||||
|
self.assertRaises(exceptions.CertificateRetrievalException,
|
||||||
|
utils._get_secret_data, mock_cert_mngr,
|
||||||
|
'fake_project_id', 1)
|
||||||
|
|
||||||
|
# Test for_delete == True path
|
||||||
|
self.assertIsNone(
|
||||||
|
utils._get_secret_data(mock_cert_mngr, 'fake_project_id',
|
||||||
|
2, for_delete=True))
|
||||||
|
|
||||||
@mock.patch('octavia.api.drivers.utils._get_secret_data')
|
@mock.patch('octavia.api.drivers.utils._get_secret_data')
|
||||||
@mock.patch('octavia.common.tls_utils.cert_parser.load_certificates_data')
|
@mock.patch('octavia.common.tls_utils.cert_parser.load_certificates_data')
|
||||||
def test_listener_dict_to_provider_dict(self, mock_load_cert, mock_secret):
|
def test_listener_dict_to_provider_dict(self, mock_load_cert, mock_secret):
|
||||||
@ -241,6 +257,41 @@ class TestUtils(base.TestCase):
|
|||||||
self.sample_data.test_listener1_dict)
|
self.sample_data.test_listener1_dict)
|
||||||
self.assertEqual(expect_prov, provider_listener)
|
self.assertEqual(expect_prov, provider_listener)
|
||||||
|
|
||||||
|
@mock.patch('octavia.api.drivers.utils._get_secret_data')
|
||||||
|
@mock.patch('octavia.common.tls_utils.cert_parser.load_certificates_data')
|
||||||
|
def test_listener_dict_to_provider_dict_load_cert_error(
|
||||||
|
self, mock_load_cert, mock_secret):
|
||||||
|
mock_secret.side_effect = ['ca cert', 'X509 CRL FILE',
|
||||||
|
'X509 POOL CA CERT FILE',
|
||||||
|
'X509 POOL CRL FILE']
|
||||||
|
mock_load_cert.side_effect = [exceptions.OctaviaException,
|
||||||
|
Exception]
|
||||||
|
|
||||||
|
# Test load_cert exception for_delete == False path
|
||||||
|
self.assertRaises(exceptions.OctaviaException,
|
||||||
|
utils.listener_dict_to_provider_dict,
|
||||||
|
self.sample_data.test_listener1_dict)
|
||||||
|
|
||||||
|
@mock.patch('octavia.api.drivers.utils._get_secret_data')
|
||||||
|
@mock.patch('octavia.common.tls_utils.cert_parser.load_certificates_data')
|
||||||
|
def test_listener_dict_to_provider_dict_load_cert_error_for_delete(
|
||||||
|
self, mock_load_cert, mock_secret):
|
||||||
|
mock_secret.side_effect = ['ca cert', 'X509 CRL FILE',
|
||||||
|
'X509 POOL CA CERT FILE',
|
||||||
|
'X509 POOL CRL FILE']
|
||||||
|
mock_load_cert.side_effect = [Exception]
|
||||||
|
|
||||||
|
# Test load_cert exception for_delete == True path
|
||||||
|
expect_prov = copy.deepcopy(self.sample_data.provider_listener1_dict)
|
||||||
|
expect_pool_prov = copy.deepcopy(self.sample_data.provider_pool1_dict)
|
||||||
|
del expect_pool_prov['tls_container_data']
|
||||||
|
expect_prov['default_pool'] = expect_pool_prov
|
||||||
|
del expect_prov['default_tls_container_data']
|
||||||
|
del expect_prov['sni_container_data']
|
||||||
|
provider_listener = utils.listener_dict_to_provider_dict(
|
||||||
|
self.sample_data.test_listener1_dict, for_delete=True)
|
||||||
|
self.assertEqual(expect_prov, provider_listener)
|
||||||
|
|
||||||
@mock.patch('octavia.api.drivers.utils._get_secret_data')
|
@mock.patch('octavia.api.drivers.utils._get_secret_data')
|
||||||
@mock.patch('octavia.common.tls_utils.cert_parser.load_certificates_data')
|
@mock.patch('octavia.common.tls_utils.cert_parser.load_certificates_data')
|
||||||
def test_listener_dict_to_provider_dict_SNI(self, mock_load_cert,
|
def test_listener_dict_to_provider_dict_SNI(self, mock_load_cert,
|
||||||
@ -315,6 +366,37 @@ class TestUtils(base.TestCase):
|
|||||||
provider_pool_dict.pop('crl_container_ref')
|
provider_pool_dict.pop('crl_container_ref')
|
||||||
self.assertEqual(expect_prov, provider_pool_dict)
|
self.assertEqual(expect_prov, provider_pool_dict)
|
||||||
|
|
||||||
|
@mock.patch('octavia.api.drivers.utils._get_secret_data')
|
||||||
|
@mock.patch('octavia.common.tls_utils.cert_parser.load_certificates_data')
|
||||||
|
def test_pool_dict_to_provider_dict_load_cert_error(
|
||||||
|
self, mock_load_cert, mock_secret):
|
||||||
|
|
||||||
|
mock_load_cert.side_effect = [exceptions.OctaviaException,
|
||||||
|
Exception]
|
||||||
|
|
||||||
|
# Test load_cert exception for_delete == False path
|
||||||
|
self.assertRaises(exceptions.OctaviaException,
|
||||||
|
utils.pool_dict_to_provider_dict,
|
||||||
|
self.sample_data.test_pool1_dict)
|
||||||
|
|
||||||
|
@mock.patch('octavia.api.drivers.utils._get_secret_data')
|
||||||
|
@mock.patch('octavia.common.tls_utils.cert_parser.load_certificates_data')
|
||||||
|
def test_pool_dict_to_provider_dict_load_cert_error_for_delete(
|
||||||
|
self, mock_load_cert, mock_secret):
|
||||||
|
|
||||||
|
mock_load_cert.side_effect = [Exception]
|
||||||
|
|
||||||
|
# Test load_cert exception for_delete == True path
|
||||||
|
mock_secret.side_effect = ['X509 POOL CA CERT FILE',
|
||||||
|
'X509 POOL CRL FILE']
|
||||||
|
expect_prov = copy.deepcopy(self.sample_data.provider_pool1_dict)
|
||||||
|
expect_prov.pop('crl_container_ref')
|
||||||
|
del expect_prov['tls_container_data']
|
||||||
|
provider_pool_dict = utils.pool_dict_to_provider_dict(
|
||||||
|
self.sample_data.test_pool1_dict, for_delete=True)
|
||||||
|
provider_pool_dict.pop('crl_container_ref')
|
||||||
|
self.assertEqual(expect_prov, provider_pool_dict)
|
||||||
|
|
||||||
def test_db_HM_to_provider_HM(self):
|
def test_db_HM_to_provider_HM(self):
|
||||||
provider_hm = utils.db_HM_to_provider_HM(self.sample_data.db_hm1)
|
provider_hm = utils.db_HM_to_provider_HM(self.sample_data.db_hm1)
|
||||||
self.assertEqual(self.sample_data.provider_hm1, provider_hm)
|
self.assertEqual(self.sample_data.provider_hm1, provider_hm)
|
||||||
|
@ -174,6 +174,29 @@ class TestTLSParseUtils(base.TestCase):
|
|||||||
self.assertEqual(ref_empty_dict, result)
|
self.assertEqual(ref_empty_dict, result)
|
||||||
mock_oslo.assert_called()
|
mock_oslo.assert_called()
|
||||||
|
|
||||||
|
def test_load_certificates_get_cert_errors(self):
|
||||||
|
mock_cert_mngr = mock.MagicMock()
|
||||||
|
mock_obj = mock.MagicMock()
|
||||||
|
mock_sni_container = mock.MagicMock()
|
||||||
|
mock_sni_container.tls_container_id = 2
|
||||||
|
|
||||||
|
mock_cert_mngr.get_cert.side_effect = [Exception, Exception]
|
||||||
|
|
||||||
|
# Test tls_certificate_id error
|
||||||
|
mock_obj.tls_certificate_id = 1
|
||||||
|
|
||||||
|
self.assertRaises(exceptions.CertificateRetrievalException,
|
||||||
|
cert_parser.load_certificates_data,
|
||||||
|
mock_cert_mngr, mock_obj)
|
||||||
|
|
||||||
|
# Test sni_containers error
|
||||||
|
mock_obj.tls_certificate_id = None
|
||||||
|
mock_obj.sni_containers = [mock_sni_container]
|
||||||
|
|
||||||
|
self.assertRaises(exceptions.CertificateRetrievalException,
|
||||||
|
cert_parser.load_certificates_data,
|
||||||
|
mock_cert_mngr, mock_obj)
|
||||||
|
|
||||||
@mock.patch('octavia.certificates.common.cert.Cert')
|
@mock.patch('octavia.certificates.common.cert.Cert')
|
||||||
def test_map_cert_tls_container(self, cert_mock):
|
def test_map_cert_tls_container(self, cert_mock):
|
||||||
tls = data_models.TLSContainer(
|
tls = data_models.TLSContainer(
|
||||||
|
Loading…
Reference in New Issue
Block a user