Add ssl profile binding methods for LB virtual server
Add two methods for load balancer virtual server ssl profile binding. - Add client_ssl_profile_binding for virtual server. This setting is used when load balancer acts as an SSL server and terminating the client SSL connection. - Add server_ssl_profile_binding for virtual server. This setting is used when load balancer acts as an SSL client and establishing a connection to the backend server. This patch also fixes a typo in server_ssl_profile. Change-Id: I692a3cc30dcef9c8d68fe1b40c0624b881954bdd
This commit is contained in:
parent
1f16b50882
commit
45b127140a
|
@ -356,3 +356,5 @@ FAKE_RELAY_SERVICE = {
|
|||
"dhcp_relay_profile_id": FAKE_RELAY_UUID,
|
||||
"resource_type": "DhcpRelayService"
|
||||
}
|
||||
|
||||
FAKE_DEFAULT_CERTIFICATE_ID = uuidutils.generate_uuid()
|
||||
|
|
|
@ -14,6 +14,8 @@
|
|||
# under the License.
|
||||
#
|
||||
|
||||
import copy
|
||||
|
||||
import mock
|
||||
|
||||
from vmware_nsxlib.tests.unit.v3 import nsxlib_testcase
|
||||
|
@ -210,21 +212,21 @@ class TestServerSslProfile(nsxlib_testcase.NsxClientTestCase):
|
|||
'tags': tags
|
||||
}
|
||||
with mock.patch.object(self.nsxlib.client, 'create') as create:
|
||||
self.nsxlib.load_balancer.server_ssh_profile.create(
|
||||
self.nsxlib.load_balancer.server_ssl_profile.create(
|
||||
body['display_name'], body['description'], tags)
|
||||
create.assert_called_with('loadbalancer/server-ssl-profiles',
|
||||
body)
|
||||
|
||||
def test_list_server_ssl_profiles(self):
|
||||
with mock.patch.object(self.nsxlib.client, 'list') as list_call:
|
||||
self.nsxlib.load_balancer.server_ssh_profile.list()
|
||||
self.nsxlib.load_balancer.server_ssl_profile.list()
|
||||
list_call.assert_called_with(
|
||||
resource='loadbalancer/server-ssl-profiles')
|
||||
|
||||
def test_get_server_ssl_profile(self):
|
||||
with mock.patch.object(self.nsxlib.client, 'get') as get:
|
||||
fake_profile = consts.FAKE_SERVER_SSL_PROFILE.copy()
|
||||
self.nsxlib.load_balancer.server_ssh_profile.get(
|
||||
self.nsxlib.load_balancer.server_ssl_profile.get(
|
||||
fake_profile['id'])
|
||||
get.assert_called_with(
|
||||
'loadbalancer/server-ssl-profiles/%s' % fake_profile['id'])
|
||||
|
@ -232,7 +234,7 @@ class TestServerSslProfile(nsxlib_testcase.NsxClientTestCase):
|
|||
def test_delete_server_ssl_profile(self):
|
||||
with mock.patch.object(self.nsxlib.client, 'delete') as delete:
|
||||
fake_profile = consts.FAKE_SERVER_SSL_PROFILE.copy()
|
||||
self.nsxlib.load_balancer.server_ssh_profile.delete(
|
||||
self.nsxlib.load_balancer.server_ssl_profile.delete(
|
||||
fake_profile['id'])
|
||||
delete.assert_called_with(
|
||||
'loadbalancer/server-ssl-profiles/%s' % fake_profile['id'])
|
||||
|
@ -418,7 +420,7 @@ class TestVirtualServer(nsxlib_testcase.NsxClientTestCase):
|
|||
body)
|
||||
|
||||
def test_remove_rule(self):
|
||||
fake_virtual_server = consts.FAKE_VIRTUAL_SERVER
|
||||
fake_virtual_server = copy.deepcopy(consts.FAKE_VIRTUAL_SERVER)
|
||||
fake_virtual_server['rule_ids'] = [consts.FAKE_RULE_UUID]
|
||||
body = {
|
||||
'display_name': fake_virtual_server['display_name'],
|
||||
|
@ -438,6 +440,67 @@ class TestVirtualServer(nsxlib_testcase.NsxClientTestCase):
|
|||
'loadbalancer/virtual-servers/%s' % fake_virtual_server['id'],
|
||||
body)
|
||||
|
||||
def test_add_client_ssl_profile_binding(self):
|
||||
fake_virtual_server = copy.deepcopy(consts.FAKE_VIRTUAL_SERVER)
|
||||
body = {
|
||||
'display_name': fake_virtual_server['display_name'],
|
||||
'description': fake_virtual_server['description'],
|
||||
'id': fake_virtual_server['id'],
|
||||
'enabled': fake_virtual_server['enabled'],
|
||||
'port': fake_virtual_server['port'],
|
||||
'ip_protocol': fake_virtual_server['ip_protocol'],
|
||||
'client_ssl_profile_binding': {
|
||||
'ssl_profile_id': consts.FAKE_CLIENT_SSL_PROFILE_UUID,
|
||||
'default_certificate_id': consts.FAKE_DEFAULT_CERTIFICATE_ID,
|
||||
'client_auth': 'IGNORE',
|
||||
'certificate_chain_depth': 3
|
||||
}
|
||||
}
|
||||
with mock.patch.object(self.nsxlib.client, 'get') as mock_get, \
|
||||
mock.patch.object(self.nsxlib.client, 'update') as mock_update:
|
||||
mock_get.return_value = fake_virtual_server
|
||||
vs_client = self.nsxlib.load_balancer.virtual_server
|
||||
vs_client.add_client_ssl_profile_binding(
|
||||
fake_virtual_server['id'],
|
||||
consts.FAKE_CLIENT_SSL_PROFILE_UUID,
|
||||
consts.FAKE_DEFAULT_CERTIFICATE_ID,
|
||||
client_auth='IGNORE',
|
||||
certificate_chain_depth=3,
|
||||
xyz='xyz'
|
||||
)
|
||||
mock_update.assert_called_with(
|
||||
'loadbalancer/virtual-servers/%s' % fake_virtual_server['id'],
|
||||
body)
|
||||
|
||||
def test_add_server_ssl_profile_binding(self):
|
||||
fake_virtual_server = copy.deepcopy(consts.FAKE_VIRTUAL_SERVER)
|
||||
body = {
|
||||
'display_name': fake_virtual_server['display_name'],
|
||||
'description': fake_virtual_server['description'],
|
||||
'id': fake_virtual_server['id'],
|
||||
'enabled': fake_virtual_server['enabled'],
|
||||
'port': fake_virtual_server['port'],
|
||||
'ip_protocol': fake_virtual_server['ip_protocol'],
|
||||
'server_ssl_profile_binding': {
|
||||
'ssl_profile_id': consts.FAKE_SERVER_SSL_PROFILE_UUID,
|
||||
'server_auth': 'IGNORE',
|
||||
'certificate_chain_depth': 3
|
||||
}
|
||||
}
|
||||
with mock.patch.object(self.nsxlib.client, 'get') as mock_get, \
|
||||
mock.patch.object(self.nsxlib.client, 'update') as mock_update:
|
||||
mock_get.return_value = fake_virtual_server
|
||||
vs_client = self.nsxlib.load_balancer.virtual_server
|
||||
vs_client.add_server_ssl_profile_binding(
|
||||
fake_virtual_server['id'],
|
||||
consts.FAKE_SERVER_SSL_PROFILE_UUID,
|
||||
server_auth='IGNORE',
|
||||
certificate_chain_depth=3,
|
||||
xyz='xyz')
|
||||
mock_update.assert_called_with(
|
||||
'loadbalancer/virtual-servers/%s' % fake_virtual_server['id'],
|
||||
body)
|
||||
|
||||
|
||||
class TestService(nsxlib_testcase.NsxClientTestCase):
|
||||
|
||||
|
|
|
@ -314,6 +314,43 @@ class VirtualServer(LoadBalancerBase):
|
|||
def remove_rule(self, vs_id, rule_id):
|
||||
self.remove_from_list(vs_id, rule_id, 'rule_ids')
|
||||
|
||||
def add_client_ssl_profile_binding(self, virtual_server_id,
|
||||
ssl_profile_id, default_certificate_id,
|
||||
sni_certificate_ids=None, **kwargs):
|
||||
binding = {'ssl_profile_id': ssl_profile_id,
|
||||
'default_certificate_id': default_certificate_id}
|
||||
if sni_certificate_ids:
|
||||
binding.update({'sni_certificate_ids': sni_certificate_ids})
|
||||
|
||||
valid_args = ['client_auth_ca_ids', 'client_auth_crl_ids',
|
||||
'certificate_chain_depth', 'client_auth']
|
||||
# Remove the args that is not in the valid_args list or the
|
||||
# keyword argument doesn't have value.
|
||||
for arg in kwargs:
|
||||
if arg in valid_args and kwargs.get(arg):
|
||||
binding[arg] = kwargs.get(arg)
|
||||
object_url = self.resource + '/' + virtual_server_id
|
||||
body = self.client.get(object_url)
|
||||
body['client_ssl_profile_binding'] = binding
|
||||
return self.client.update(object_url, body)
|
||||
|
||||
def add_server_ssl_profile_binding(self, virtual_server_id,
|
||||
ssl_profile_id, **kwargs):
|
||||
binding = {'ssl_profile_id': ssl_profile_id}
|
||||
|
||||
valid_args = ['server_auth_ca_ids', 'server_auth_crl_ids',
|
||||
'certificate_chain_depth', 'server_auth',
|
||||
'client_certificate_id']
|
||||
# Remove the args that is not in the valid_args list or the
|
||||
# keyword argument doesn't have value.
|
||||
for arg in kwargs:
|
||||
if arg in valid_args and kwargs.get(arg):
|
||||
binding[arg] = kwargs[arg]
|
||||
object_url = self.resource + '/' + virtual_server_id
|
||||
body = self.client.get(object_url)
|
||||
body['server_ssl_profile_binding'] = binding
|
||||
return self.client.update(object_url, body)
|
||||
|
||||
|
||||
class Service(LoadBalancerBase):
|
||||
resource = 'loadbalancer/services'
|
||||
|
@ -365,5 +402,5 @@ class LoadBalancer(object):
|
|||
self.application_profile = ApplicationProfile(client, nsxlib_config)
|
||||
self.persistence_profile = PersistenceProfile(client, nsxlib_config)
|
||||
self.client_ssl_profile = ClientSslProfile(client, nsxlib_config)
|
||||
self.server_ssh_profile = ServerSslProfile(client, nsxlib_config)
|
||||
self.server_ssl_profile = ServerSslProfile(client, nsxlib_config)
|
||||
self.rule = Rule(client, nsxlib_config)
|
||||
|
|
Loading…
Reference in New Issue