瀏覽代碼

Fix update API when barbican secret is missing

API update calls were blocked if the load balancer had a TLS
terminated listener that the secret has been removed from barbican.
This patch corrects this problem allowing users to update the
certificate reference.

Change-Id: I96908e6cbdb523f95298aff463a749d15e98e1ad
Story: 2006676
Task: 37322
(cherry picked from commit 5af97a248b2c20cd12d743b124fec9848b1d965c)
changes/39/698539/2
Michael Johnson 7 月之前
父節點
當前提交
db75e58e53
共有 5 個文件被更改,包括 55 次插入5 次删除
  1. +4
    -3
      octavia/api/v2/controllers/listener.py
  2. +2
    -1
      octavia/api/v2/controllers/load_balancer.py
  3. +1
    -1
      octavia/api/v2/controllers/pool.py
  4. +20
    -0
      octavia/tests/functional/api/v2/test_listener.py
  5. +28
    -0
      octavia/tests/functional/api/v2/test_pool.py

+ 4
- 3
octavia/api/v2/controllers/listener.py 查看文件

@@ -480,15 +480,16 @@ class ListenersController(base.BaseController):
driver_utils.listener_dict_to_provider_dict(listener_dict))

# Also prepare the baseline object data
old_provider_llistener = (
driver_utils.db_listener_to_provider_listener(db_listener))
old_provider_listener = (
driver_utils.db_listener_to_provider_listener(db_listener,
for_delete=True))

# Dispatch to the driver
LOG.info("Sending update Listener %s to provider %s", id,
driver.name)
driver_utils.call_provider(
driver.name, driver.listener_update,
old_provider_llistener,
old_provider_listener,
driver_dm.Listener.from_dict(provider_listener_dict))

# Update the database to reflect what the driver just accepted


+ 2
- 1
octavia/api/v2/controllers/load_balancer.py 查看文件

@@ -588,7 +588,8 @@ class LoadBalancersController(base.BaseController):

# Also prepare the baseline object data
old_provider_lb = (
driver_utils.db_loadbalancer_to_provider_loadbalancer(db_lb))
driver_utils.db_loadbalancer_to_provider_loadbalancer(
db_lb, for_delete=True))

# Dispatch to the driver
LOG.info("Sending update Load Balancer %s to provider "


+ 1
- 1
octavia/api/v2/controllers/pool.py 查看文件

@@ -404,7 +404,7 @@ class PoolsController(base.BaseController):

# Also prepare the baseline object data
old_provider_pool = driver_utils.db_pool_to_provider_pool(
db_pool)
db_pool, for_delete=True)

# Dispatch to the driver
LOG.info("Sending update Pool %s to provider %s", id, driver.name)


+ 20
- 0
octavia/tests/functional/api/v2/test_listener.py 查看文件

@@ -1215,6 +1215,26 @@ class TestListener(base.BaseAPITest):
api_listener['id'])
return ori_listener, api_listener

def test_update_with_bad_tls_ref(self):
listener = self.create_listener(constants.PROTOCOL_TCP,
443, self.lb_id)
tls_uuid = uuidutils.generate_uuid()
self.set_lb_status(self.lb_id)
self.listener_repo.update(db_api.get_session(),
listener['listener']['id'],
tls_certificate_id=tls_uuid,
protocol=constants.PROTOCOL_TERMINATED_HTTPS)

listener_path = self.LISTENER_PATH.format(
listener_id=listener['listener']['id'])
update_data = {'name': 'listener2'}
body = self._build_body(update_data)
api_listener = self.put(listener_path, body).json.get(self.root_tag)
response = self.get(self.listener_path.format(
listener_id=listener['listener']['id']))
api_listener = response.json.get(self.root_tag)
self.assertEqual('listener2', api_listener['name'])

def test_negative_update_udp_case(self):
api_listener = self.create_listener(constants.PROTOCOL_UDP, 6666,
self.lb_id).get(self.root_tag)


+ 28
- 0
octavia/tests/functional/api/v2/test_pool.py 查看文件

@@ -1443,6 +1443,34 @@ class TestPool(base.BaseAPITest):
lb_id=self.lb_id, listener_id=self.listener_id,
pool_id=response.get('id'))

def test_update_with_bad_tls_ref(self):
api_pool = self.create_pool(
self.lb_id,
constants.PROTOCOL_HTTP,
constants.LB_ALGORITHM_ROUND_ROBIN,
listener_id=self.listener_id).get(self.root_tag)
self.set_lb_status(lb_id=self.lb_id)
# Set status to ACTIVE/ONLINE because set_lb_status did it in the db
api_pool['provisioning_status'] = constants.ACTIVE
api_pool['operating_status'] = constants.ONLINE
api_pool.pop('updated_at')

response = self.get(self.POOL_PATH.format(
pool_id=api_pool.get('id'))).json.get(self.root_tag)
response.pop('updated_at')
self.assertEqual(api_pool, response)

tls_uuid = uuidutils.generate_uuid()
self.pool_repo.update(db_api.get_session(),
api_pool.get('id'),
tls_certificate_id=tls_uuid)
update_data = {'name': 'pool2'}
self.put(self.POOL_PATH.format(pool_id=api_pool.get('id')),
self._build_body(update_data))
response = self.get(self.POOL_PATH.format(
pool_id=api_pool.get('id'))).json.get(self.root_tag)
self.assertEqual('pool2', response.get('name'))

def test_bad_update(self):
api_pool = self.create_pool(
self.lb_id,


Loading…
取消
儲存