Fix update/delete listener CA/CRL error

Fixed "Could not retrieve certificate" error when updating/deleting the client_ca_tls_container_ref field of a listener after a CA/CRL was deleted.

Story 2010081
Task 45577

Change-Id: I1633c2cacf1c4dc5c0aa605635545fae8085e296
This commit is contained in:
yangshaoxue 2022-06-08 15:43:56 +08:00 committed by conna
parent 65b1c341e2
commit 9a5273d3ea
3 changed files with 17 additions and 4 deletions

View File

@ -272,11 +272,13 @@ def listener_dict_to_provider_dict(listener_dict, for_delete=False):
if listener_obj.client_ca_tls_certificate_id: if listener_obj.client_ca_tls_certificate_id:
cert = _get_secret_data(cert_manager, listener_obj.project_id, cert = _get_secret_data(cert_manager, listener_obj.project_id,
listener_obj.client_ca_tls_certificate_id) listener_obj.client_ca_tls_certificate_id,
for_delete=for_delete)
new_listener_dict['client_ca_tls_container_data'] = cert new_listener_dict['client_ca_tls_container_data'] = cert
if listener_obj.client_crl_container_id: if listener_obj.client_crl_container_id:
crl_file = _get_secret_data(cert_manager, listener_obj.project_id, crl_file = _get_secret_data(cert_manager, listener_obj.project_id,
listener_obj.client_crl_container_id) listener_obj.client_crl_container_id,
for_delete=for_delete)
new_listener_dict['client_crl_container_data'] = crl_file new_listener_dict['client_crl_container_data'] = crl_file
# Format the allowed_cidrs # Format the allowed_cidrs
@ -394,12 +396,14 @@ def pool_dict_to_provider_dict(pool_dict, for_delete=False):
if pool_obj.ca_tls_certificate_id: if pool_obj.ca_tls_certificate_id:
cert = _get_secret_data(cert_manager, pool_obj.project_id, cert = _get_secret_data(cert_manager, pool_obj.project_id,
pool_obj.ca_tls_certificate_id) pool_obj.ca_tls_certificate_id,
for_delete=for_delete)
new_pool_dict['ca_tls_container_data'] = cert new_pool_dict['ca_tls_container_data'] = cert
if pool_obj.crl_container_id: if pool_obj.crl_container_id:
crl_file = _get_secret_data(cert_manager, pool_obj.project_id, crl_file = _get_secret_data(cert_manager, pool_obj.project_id,
pool_obj.crl_container_id) pool_obj.crl_container_id,
for_delete=for_delete)
new_pool_dict['crl_container_data'] = crl_file new_pool_dict['crl_container_data'] = crl_file
# Remove the DB back references # Remove the DB back references

View File

@ -274,6 +274,8 @@ class TestUtils(base.TestCase):
del expect_prov['sni_container_data'] del expect_prov['sni_container_data']
provider_listener = utils.listener_dict_to_provider_dict( provider_listener = utils.listener_dict_to_provider_dict(
self.sample_data.test_listener1_dict, for_delete=True) self.sample_data.test_listener1_dict, for_delete=True)
args, kwargs = mock_secret.call_args
self.assertEqual(kwargs['for_delete'], True)
self.assertEqual(expect_prov, provider_listener) self.assertEqual(expect_prov, provider_listener)
@mock.patch('octavia.api.drivers.utils._get_secret_data') @mock.patch('octavia.api.drivers.utils._get_secret_data')
@ -379,6 +381,8 @@ class TestUtils(base.TestCase):
provider_pool_dict = utils.pool_dict_to_provider_dict( provider_pool_dict = utils.pool_dict_to_provider_dict(
self.sample_data.test_pool1_dict, for_delete=True) self.sample_data.test_pool1_dict, for_delete=True)
provider_pool_dict.pop('crl_container_ref') provider_pool_dict.pop('crl_container_ref')
args, kwargs = mock_secret.call_args
self.assertEqual(kwargs['for_delete'], True)
self.assertEqual(expect_prov, provider_pool_dict) self.assertEqual(expect_prov, provider_pool_dict)
def test_db_HM_to_provider_HM(self): def test_db_HM_to_provider_HM(self):

View File

@ -0,0 +1,5 @@
---
fixes:
- |
Fixed "Could not retrieve certificate" error when updating/deleting the
client_ca_tls_container_ref field of a listener after a CA/CRL was deleted.