From db75e58e532b08852c3b5a71d835ea42dcf61526 Mon Sep 17 00:00:00 2001 From: Michael Johnson Date: Tue, 29 Oct 2019 14:15:13 -0700 Subject: [PATCH] Fix update API when barbican secret is missing API update calls were blocked if the load balancer had a TLS terminated listener that the secret has been removed from barbican. This patch corrects this problem allowing users to update the certificate reference. Change-Id: I96908e6cbdb523f95298aff463a749d15e98e1ad Story: 2006676 Task: 37322 (cherry picked from commit 5af97a248b2c20cd12d743b124fec9848b1d965c) --- octavia/api/v2/controllers/listener.py | 7 +++-- octavia/api/v2/controllers/load_balancer.py | 3 +- octavia/api/v2/controllers/pool.py | 2 +- .../tests/functional/api/v2/test_listener.py | 20 +++++++++++++ octavia/tests/functional/api/v2/test_pool.py | 28 +++++++++++++++++++ 5 files changed, 55 insertions(+), 5 deletions(-) diff --git a/octavia/api/v2/controllers/listener.py b/octavia/api/v2/controllers/listener.py index 7963526bd8..cc06176b88 100644 --- a/octavia/api/v2/controllers/listener.py +++ b/octavia/api/v2/controllers/listener.py @@ -480,15 +480,16 @@ class ListenersController(base.BaseController): driver_utils.listener_dict_to_provider_dict(listener_dict)) # Also prepare the baseline object data - old_provider_llistener = ( - driver_utils.db_listener_to_provider_listener(db_listener)) + old_provider_listener = ( + driver_utils.db_listener_to_provider_listener(db_listener, + for_delete=True)) # Dispatch to the driver LOG.info("Sending update Listener %s to provider %s", id, driver.name) driver_utils.call_provider( driver.name, driver.listener_update, - old_provider_llistener, + old_provider_listener, driver_dm.Listener.from_dict(provider_listener_dict)) # Update the database to reflect what the driver just accepted diff --git a/octavia/api/v2/controllers/load_balancer.py b/octavia/api/v2/controllers/load_balancer.py index f7dde6cadb..1ee1071398 100644 --- a/octavia/api/v2/controllers/load_balancer.py +++ b/octavia/api/v2/controllers/load_balancer.py @@ -588,7 +588,8 @@ class LoadBalancersController(base.BaseController): # Also prepare the baseline object data old_provider_lb = ( - driver_utils.db_loadbalancer_to_provider_loadbalancer(db_lb)) + driver_utils.db_loadbalancer_to_provider_loadbalancer( + db_lb, for_delete=True)) # Dispatch to the driver LOG.info("Sending update Load Balancer %s to provider " diff --git a/octavia/api/v2/controllers/pool.py b/octavia/api/v2/controllers/pool.py index f3895bb123..0c67858f74 100644 --- a/octavia/api/v2/controllers/pool.py +++ b/octavia/api/v2/controllers/pool.py @@ -404,7 +404,7 @@ class PoolsController(base.BaseController): # Also prepare the baseline object data old_provider_pool = driver_utils.db_pool_to_provider_pool( - db_pool) + db_pool, for_delete=True) # Dispatch to the driver LOG.info("Sending update Pool %s to provider %s", id, driver.name) diff --git a/octavia/tests/functional/api/v2/test_listener.py b/octavia/tests/functional/api/v2/test_listener.py index c0d35f5e65..5ba341345c 100644 --- a/octavia/tests/functional/api/v2/test_listener.py +++ b/octavia/tests/functional/api/v2/test_listener.py @@ -1215,6 +1215,26 @@ class TestListener(base.BaseAPITest): api_listener['id']) return ori_listener, api_listener + def test_update_with_bad_tls_ref(self): + listener = self.create_listener(constants.PROTOCOL_TCP, + 443, self.lb_id) + tls_uuid = uuidutils.generate_uuid() + self.set_lb_status(self.lb_id) + self.listener_repo.update(db_api.get_session(), + listener['listener']['id'], + tls_certificate_id=tls_uuid, + protocol=constants.PROTOCOL_TERMINATED_HTTPS) + + listener_path = self.LISTENER_PATH.format( + listener_id=listener['listener']['id']) + update_data = {'name': 'listener2'} + body = self._build_body(update_data) + api_listener = self.put(listener_path, body).json.get(self.root_tag) + response = self.get(self.listener_path.format( + listener_id=listener['listener']['id'])) + api_listener = response.json.get(self.root_tag) + self.assertEqual('listener2', api_listener['name']) + def test_negative_update_udp_case(self): api_listener = self.create_listener(constants.PROTOCOL_UDP, 6666, self.lb_id).get(self.root_tag) diff --git a/octavia/tests/functional/api/v2/test_pool.py b/octavia/tests/functional/api/v2/test_pool.py index a9983958dc..ff312218f2 100644 --- a/octavia/tests/functional/api/v2/test_pool.py +++ b/octavia/tests/functional/api/v2/test_pool.py @@ -1443,6 +1443,34 @@ class TestPool(base.BaseAPITest): lb_id=self.lb_id, listener_id=self.listener_id, pool_id=response.get('id')) + def test_update_with_bad_tls_ref(self): + api_pool = self.create_pool( + self.lb_id, + constants.PROTOCOL_HTTP, + constants.LB_ALGORITHM_ROUND_ROBIN, + listener_id=self.listener_id).get(self.root_tag) + self.set_lb_status(lb_id=self.lb_id) + # Set status to ACTIVE/ONLINE because set_lb_status did it in the db + api_pool['provisioning_status'] = constants.ACTIVE + api_pool['operating_status'] = constants.ONLINE + api_pool.pop('updated_at') + + response = self.get(self.POOL_PATH.format( + pool_id=api_pool.get('id'))).json.get(self.root_tag) + response.pop('updated_at') + self.assertEqual(api_pool, response) + + tls_uuid = uuidutils.generate_uuid() + self.pool_repo.update(db_api.get_session(), + api_pool.get('id'), + tls_certificate_id=tls_uuid) + update_data = {'name': 'pool2'} + self.put(self.POOL_PATH.format(pool_id=api_pool.get('id')), + self._build_body(update_data)) + response = self.get(self.POOL_PATH.format( + pool_id=api_pool.get('id'))).json.get(self.root_tag) + self.assertEqual('pool2', response.get('name')) + def test_bad_update(self): api_pool = self.create_pool( self.lb_id,