Fix pool API handling of None/null updates

The current pool API does not properly handle clearing/reseting values on update. There was a case where removing the CA and CRL at the same time could be refused, requiring you to remove the CRL first, then the CA reference. This patch resolves that issue. This patch corrects this to appropriately handle None/null updates to the pool parameters. Change-Id: Iee8a12b693a09e96e59313e58beffe1b1985084f Story: 2005374 Task: 31007
2019-05-14 17:47:34 -07:00 · 2019-05-14 17:47:34 -07:00 · db212fc304
parent 987a6b3f1d
commit db212fc304
2 changed files with 7 additions and 3 deletions
--- a/octavia/api/v2/controllers/pool.py
+++ b/octavia/api/v2/controllers/pool.py
@ -330,10 +330,13 @@ class PoolsController(base.BaseController):
            validate.check_session_persistence(sp_dict)

        crl_ref = None
+        # If we got a crl_ref and it's not unset, use it
        if (pool.crl_container_ref and
                pool.crl_container_ref != wtypes.Unset):
            crl_ref = pool.crl_container_ref
-        elif db_pool.crl_container_id:
+        # If we got Unset and a CRL exists in the DB, use the DB crl_ref
+        elif (db_pool.crl_container_id and
+              pool.crl_container_ref == wtypes.Unset):
            crl_ref = db_pool.crl_container_id

        ca_ref = None
@ -350,8 +353,8 @@ class PoolsController(base.BaseController):
                    "specify a certificate revocation list."))
            if pool.ca_tls_container_ref:
                ca_ref = pool.ca_tls_container_ref
-            elif db_ca_ref:
-                ca_ref = db_ca_ref
+        elif db_ca_ref and pool.ca_tls_container_ref == wtypes.Unset:
+            ca_ref = db_ca_ref
        elif crl_ref and not db_ca_ref:
            raise exceptions.ValidationException(detail=_(
                "A CA reference is required to "
--- a/octavia/tests/functional/api/v2/test_pool.py
+++ b/octavia/tests/functional/api/v2/test_pool.py
@ -1373,6 +1373,7 @@ class TestPool(base.BaseAPITest):
                                       'sni_certs': [],
                                       'client_ca_cert': None}
        self.cert_manager_mock().get_secret.side_effect = [
+            sample_certs.X509_CA_CERT, sample_certs.X509_CA_CRL,
            sample_certs.X509_CA_CERT, sample_certs.X509_CA_CRL,
            sample_certs.X509_CA_CERT, sample_certs.X509_CA_CRL,
            sample_certs.X509_CA_CERT, sample_certs.X509_CA_CRL]