From aa1c69a58667fd53ede2f9e08deaed61545c0b32 Mon Sep 17 00:00:00 2001 From: yangshaoxue Date: Wed, 8 Jun 2022 15:43:56 +0800 Subject: [PATCH] Fix update/delete listener CA/CRL error Fixed "Could not retrieve certificate" error when updating/deleting the client_ca_tls_container_ref field of a listener after a CA/CRL was deleted. Story 2010081 Task 45577 Change-Id: I1633c2cacf1c4dc5c0aa605635545fae8085e296 (cherry picked from commit 9a5273d3ea91109c8f22671fd7215eb7b953b975) (cherry picked from commit 74f2baf539359f5ded2bc01b28d570083bc0a797) --- octavia/api/drivers/utils.py | 12 ++++++++---- octavia/tests/unit/api/drivers/test_utils.py | 4 ++++ ...ix-update-listener-ca-error-167464debc06cba2.yaml | 5 +++++ 3 files changed, 17 insertions(+), 4 deletions(-) create mode 100644 releasenotes/notes/fix-update-listener-ca-error-167464debc06cba2.yaml diff --git a/octavia/api/drivers/utils.py b/octavia/api/drivers/utils.py index ea1a2e6d84..b7305fed54 100644 --- a/octavia/api/drivers/utils.py +++ b/octavia/api/drivers/utils.py @@ -272,11 +272,13 @@ def listener_dict_to_provider_dict(listener_dict, for_delete=False): if listener_obj.client_ca_tls_certificate_id: cert = _get_secret_data(cert_manager, listener_obj.project_id, - listener_obj.client_ca_tls_certificate_id) + listener_obj.client_ca_tls_certificate_id, + for_delete=for_delete) new_listener_dict['client_ca_tls_container_data'] = cert if listener_obj.client_crl_container_id: crl_file = _get_secret_data(cert_manager, listener_obj.project_id, - listener_obj.client_crl_container_id) + listener_obj.client_crl_container_id, + for_delete=for_delete) new_listener_dict['client_crl_container_data'] = crl_file # Format the allowed_cidrs @@ -394,12 +396,14 @@ def pool_dict_to_provider_dict(pool_dict, for_delete=False): if pool_obj.ca_tls_certificate_id: cert = _get_secret_data(cert_manager, pool_obj.project_id, - pool_obj.ca_tls_certificate_id) + pool_obj.ca_tls_certificate_id, + for_delete=for_delete) new_pool_dict['ca_tls_container_data'] = cert if pool_obj.crl_container_id: crl_file = _get_secret_data(cert_manager, pool_obj.project_id, - pool_obj.crl_container_id) + pool_obj.crl_container_id, + for_delete=for_delete) new_pool_dict['crl_container_data'] = crl_file # Remove the DB back references diff --git a/octavia/tests/unit/api/drivers/test_utils.py b/octavia/tests/unit/api/drivers/test_utils.py index 4d41d29e68..6205227aaa 100644 --- a/octavia/tests/unit/api/drivers/test_utils.py +++ b/octavia/tests/unit/api/drivers/test_utils.py @@ -274,6 +274,8 @@ class TestUtils(base.TestCase): del expect_prov['sni_container_data'] provider_listener = utils.listener_dict_to_provider_dict( self.sample_data.test_listener1_dict, for_delete=True) + args, kwargs = mock_secret.call_args + self.assertEqual(kwargs['for_delete'], True) self.assertEqual(expect_prov, provider_listener) @mock.patch('octavia.api.drivers.utils._get_secret_data') @@ -379,6 +381,8 @@ class TestUtils(base.TestCase): provider_pool_dict = utils.pool_dict_to_provider_dict( self.sample_data.test_pool1_dict, for_delete=True) provider_pool_dict.pop('crl_container_ref') + args, kwargs = mock_secret.call_args + self.assertEqual(kwargs['for_delete'], True) self.assertEqual(expect_prov, provider_pool_dict) def test_db_HM_to_provider_HM(self): diff --git a/releasenotes/notes/fix-update-listener-ca-error-167464debc06cba2.yaml b/releasenotes/notes/fix-update-listener-ca-error-167464debc06cba2.yaml new file mode 100644 index 0000000000..25c0e32cee --- /dev/null +++ b/releasenotes/notes/fix-update-listener-ca-error-167464debc06cba2.yaml @@ -0,0 +1,5 @@ +--- +fixes: + - | + Fixed "Could not retrieve certificate" error when updating/deleting the + client_ca_tls_container_ref field of a listener after a CA/CRL was deleted.