Merge "NSX|P: Support update of listener with certificate" into stable/stein
This commit is contained in:
commit
cf10c49b56
|
@ -49,25 +49,33 @@ class EdgeListenerManagerFromDict(base_mgr.NsxpLoadbalancerBaseManager):
|
||||||
return tags
|
return tags
|
||||||
|
|
||||||
def _upload_certificate(self, listener_id, cert_href, tags,
|
def _upload_certificate(self, listener_id, cert_href, tags,
|
||||||
certificate=None):
|
certificate):
|
||||||
nsxpolicy = self.core_plugin.nsxpolicy
|
nsxpolicy = self.core_plugin.nsxpolicy
|
||||||
cert_client = nsxpolicy.certificate
|
cert_client = nsxpolicy.certificate
|
||||||
ssl_client = nsxpolicy.load_balancer.client_ssl_profile
|
ssl_client = nsxpolicy.load_balancer.client_ssl_profile
|
||||||
passphrase = certificate.get('passphrase')
|
|
||||||
if not passphrase:
|
# check if this certificate was already uploaded
|
||||||
passphrase = core_resources.IGNORE
|
cert_ids = cert_client.find_cert_with_pem(
|
||||||
cert_client.create_or_overwrite(
|
certificate.get('certificate'))
|
||||||
cert_href, certificate_id=listener_id,
|
if cert_ids:
|
||||||
pem_encoded=certificate.get('certificate'),
|
nsx_cert_id = cert_ids[0]
|
||||||
private_key=certificate.get('private_key'),
|
else:
|
||||||
passphrase=passphrase,
|
# Create it with a random id as this might not be the first one
|
||||||
tags=tags)
|
passphrase = certificate.get('passphrase')
|
||||||
|
if not passphrase:
|
||||||
|
passphrase = core_resources.IGNORE
|
||||||
|
nsx_cert_id = cert_client.create_or_overwrite(
|
||||||
|
cert_href,
|
||||||
|
pem_encoded=certificate.get('certificate'),
|
||||||
|
private_key=certificate.get('private_key'),
|
||||||
|
passphrase=passphrase,
|
||||||
|
tags=tags)
|
||||||
|
|
||||||
return {
|
return {
|
||||||
'client_ssl_profile_binding': {
|
'client_ssl_profile_binding': {
|
||||||
'ssl_profile_path': ssl_client.get_path(
|
'ssl_profile_path': ssl_client.get_path(
|
||||||
self.core_plugin.client_ssl_profile),
|
self.core_plugin.client_ssl_profile),
|
||||||
'default_certificate_path': cert_client.get_path(listener_id)
|
'default_certificate_path': cert_client.get_path(nsx_cert_id)
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
|
@ -236,14 +244,13 @@ class EdgeListenerManagerFromDict(base_mgr.NsxpLoadbalancerBaseManager):
|
||||||
app_client = self._get_nsxlib_app_profile(nsxlib_lb, old_listener)
|
app_client = self._get_nsxlib_app_profile(nsxlib_lb, old_listener)
|
||||||
|
|
||||||
vs_name = None
|
vs_name = None
|
||||||
tags = None
|
|
||||||
self._validate_default_pool(new_listener, completor)
|
self._validate_default_pool(new_listener, completor)
|
||||||
|
|
||||||
if new_listener['name'] != old_listener['name']:
|
if new_listener['name'] != old_listener['name']:
|
||||||
vs_name = utils.get_name_and_uuid(
|
vs_name = utils.get_name_and_uuid(
|
||||||
new_listener['name'] or 'listener',
|
new_listener['name'] or 'listener',
|
||||||
new_listener['id'])
|
new_listener['id'])
|
||||||
tags = self._get_listener_tags(context, new_listener)
|
tags = self._get_listener_tags(context, new_listener)
|
||||||
|
|
||||||
try:
|
try:
|
||||||
app_profile_id = new_listener['id']
|
app_profile_id = new_listener['id']
|
||||||
|
@ -304,19 +311,20 @@ class EdgeListenerManagerFromDict(base_mgr.NsxpLoadbalancerBaseManager):
|
||||||
LOG.error("Failed to delete application profile %s from the "
|
LOG.error("Failed to delete application profile %s from the "
|
||||||
"NSX: %s", app_profile_id, e)
|
"NSX: %s", app_profile_id, e)
|
||||||
|
|
||||||
# Delete imported NSX cert if there is any
|
# Delete imported NSX certificates if there is any
|
||||||
if lb_common.get_listener_cert_ref(listener):
|
cert_client = self.core_plugin.nsxpolicy.certificate
|
||||||
cert_client = self.core_plugin.nsxpolicy.certificate
|
cert_tags = [{'scope': lb_const.LB_LISTENER_TYPE,
|
||||||
|
'tag': listener['id']}]
|
||||||
|
results = self.core_plugin.nsxpolicy.search_by_tags(
|
||||||
|
cert_tags, cert_client.entry_def.resource_type())
|
||||||
|
for res_obj in results['results']:
|
||||||
try:
|
try:
|
||||||
cert_client.delete(listener['id'])
|
cert_client.delete(res_obj['id'])
|
||||||
except nsxlib_exc.ResourceNotFound:
|
|
||||||
LOG.error("Certificate not found on nsx: %s", listener['id'])
|
|
||||||
|
|
||||||
except nsxlib_exc.ManagerError:
|
except nsxlib_exc.ManagerError:
|
||||||
completor(success=False)
|
msg = (_('Failed to delete certificate: %(crt)s for '
|
||||||
msg = (_('Failed to delete certificate: %(crt)s') %
|
'listener %(list)s') %
|
||||||
{'crt': listener['id']})
|
{'crt': res_obj['id'], 'list': listener['id']})
|
||||||
raise n_exc.BadRequest(resource='lbaas-listener', msg=msg)
|
LOG.error(msg)
|
||||||
|
|
||||||
completor(success=True)
|
completor(success=True)
|
||||||
|
|
||||||
|
|
|
@ -279,8 +279,6 @@ class BaseTestEdgeLbaasV2(base.BaseTestCase):
|
||||||
load_balancer, 'lb_cookie_persistence_profile').start()
|
load_balancer, 'lb_cookie_persistence_profile').start()
|
||||||
self.pp_generic_client = mock.patch.object(
|
self.pp_generic_client = mock.patch.object(
|
||||||
load_balancer, 'lb_persistence_profile').start()
|
load_balancer, 'lb_persistence_profile').start()
|
||||||
self.tm_client = mock.patch.object(nsxpolicy,
|
|
||||||
'trust_management').start()
|
|
||||||
self.nsxpolicy = nsxpolicy
|
self.nsxpolicy = nsxpolicy
|
||||||
|
|
||||||
def _unpatch_lb_plugin(self, lb_plugin, manager):
|
def _unpatch_lb_plugin(self, lb_plugin, manager):
|
||||||
|
@ -753,17 +751,16 @@ class TestEdgeLbaasV2Listener(BaseTestEdgeLbaasV2):
|
||||||
self._create_listener(protocol='HTTPS')
|
self._create_listener(protocol='HTTPS')
|
||||||
|
|
||||||
def test_create_terminated_https(self):
|
def test_create_terminated_https(self):
|
||||||
|
#TODO(asarfaty): Add test with certificate
|
||||||
|
self.reset_completor()
|
||||||
with mock.patch.object(self.core_plugin, 'get_floatingips'
|
with mock.patch.object(self.core_plugin, 'get_floatingips'
|
||||||
) as mock_get_floatingips, \
|
) as mock_get_floatingips, \
|
||||||
mock.patch.object(self.core_plugin,
|
mock.patch.object(self.core_plugin,
|
||||||
'get_waf_profile_path_and_mode',
|
'get_waf_profile_path_and_mode',
|
||||||
return_value=(None, None)), \
|
return_value=(None, None)), \
|
||||||
mock.patch.object(self.tm_client, 'create_cert'
|
|
||||||
) as mock_create_cert, \
|
|
||||||
mock.patch.object(self.vs_client, 'create_or_overwrite'
|
mock.patch.object(self.vs_client, 'create_or_overwrite'
|
||||||
) as mock_add_virtual_server:
|
) as mock_add_virtual_server:
|
||||||
mock_get_floatingips.return_value = []
|
mock_get_floatingips.return_value = []
|
||||||
mock_create_cert.return_value = FAKE_CERT['id']
|
|
||||||
|
|
||||||
self.edge_driver.listener.create(
|
self.edge_driver.listener.create(
|
||||||
self.context,
|
self.context,
|
||||||
|
|
Loading…
Reference in New Issue