Fix update/delete listener CA/CRL error

Fixed "Could not retrieve certificate" error when updating/deleting the client_ca_tls_container_ref field of a listener after a CA/CRL was deleted. Story 2010081 Task 45577 Change-Id: I1633c2cacf1c4dc5c0aa605635545fae8085e296
2022-06-08 15:43:56 +08:00 · 2022-06-08 15:43:56 +08:00 · 9a5273d3ea
commit 9a5273d3ea
parent 65b1c341e2
3 changed files with 17 additions and 4 deletions
--- a/octavia/api/drivers/utils.py
+++ b/octavia/api/drivers/utils.py
@ -272,11 +272,13 @@ def listener_dict_to_provider_dict(listener_dict, for_delete=False):

        if listener_obj.client_ca_tls_certificate_id:
            cert = _get_secret_data(cert_manager, listener_obj.project_id,
-                                    listener_obj.client_ca_tls_certificate_id)
+                                    listener_obj.client_ca_tls_certificate_id,
+                                    for_delete=for_delete)
            new_listener_dict['client_ca_tls_container_data'] = cert
        if listener_obj.client_crl_container_id:
            crl_file = _get_secret_data(cert_manager, listener_obj.project_id,
-                                        listener_obj.client_crl_container_id)
+                                        listener_obj.client_crl_container_id,
+                                        for_delete=for_delete)
            new_listener_dict['client_crl_container_data'] = crl_file

    # Format the allowed_cidrs
@ -394,12 +396,14 @@ def pool_dict_to_provider_dict(pool_dict, for_delete=False):

        if pool_obj.ca_tls_certificate_id:
            cert = _get_secret_data(cert_manager, pool_obj.project_id,
-                                    pool_obj.ca_tls_certificate_id)
+                                    pool_obj.ca_tls_certificate_id,
+                                    for_delete=for_delete)
            new_pool_dict['ca_tls_container_data'] = cert

        if pool_obj.crl_container_id:
            crl_file = _get_secret_data(cert_manager, pool_obj.project_id,
-                                        pool_obj.crl_container_id)
+                                        pool_obj.crl_container_id,
+                                        for_delete=for_delete)
            new_pool_dict['crl_container_data'] = crl_file

    # Remove the DB back references
--- a/octavia/tests/unit/api/drivers/test_utils.py
+++ b/octavia/tests/unit/api/drivers/test_utils.py
@ -274,6 +274,8 @@ class TestUtils(base.TestCase):
        del expect_prov['sni_container_data']
        provider_listener = utils.listener_dict_to_provider_dict(
            self.sample_data.test_listener1_dict, for_delete=True)
+        args, kwargs = mock_secret.call_args
+        self.assertEqual(kwargs['for_delete'], True)
        self.assertEqual(expect_prov, provider_listener)

    @mock.patch('octavia.api.drivers.utils._get_secret_data')
@ -379,6 +381,8 @@ class TestUtils(base.TestCase):
        provider_pool_dict = utils.pool_dict_to_provider_dict(
            self.sample_data.test_pool1_dict, for_delete=True)
        provider_pool_dict.pop('crl_container_ref')
+        args, kwargs = mock_secret.call_args
+        self.assertEqual(kwargs['for_delete'], True)
        self.assertEqual(expect_prov, provider_pool_dict)

    def test_db_HM_to_provider_HM(self):
--- a/releasenotes/notes/fix-update-listener-ca-error-167464debc06cba2.yaml
+++ b/releasenotes/notes/fix-update-listener-ca-error-167464debc06cba2.yaml
@ -0,0 +1,5 @@
+---
+fixes:
+  - |
+    Fixed "Could not retrieve certificate" error when updating/deleting the
+    client_ca_tls_container_ref field of a listener after a CA/CRL was deleted.