Add ssl profile binding methods for LB virtual server

Add two methods for load balancer virtual server ssl profile binding. - Add client_ssl_profile_binding for virtual server. This setting is used when load balancer acts as an SSL server and terminating the client SSL connection. - Add server_ssl_profile_binding for virtual server. This setting is used when load balancer acts as an SSL client and establishing a connection to the backend server. This patch also fixes a typo in server_ssl_profile. Change-Id: I692a3cc30dcef9c8d68fe1b40c0624b881954bdd
2017-10-04 10:30:43 -07:00 · 2017-10-04 10:30:43 -07:00 · 45b127140a
parent 1f16b50882
commit 45b127140a
3 changed files with 108 additions and 6 deletions
--- a/vmware_nsxlib/tests/unit/v3/test_constants.py
+++ b/vmware_nsxlib/tests/unit/v3/test_constants.py
@ -356,3 +356,5 @@ FAKE_RELAY_SERVICE = {
    "dhcp_relay_profile_id": FAKE_RELAY_UUID,
    "resource_type": "DhcpRelayService"
 }
+
+FAKE_DEFAULT_CERTIFICATE_ID = uuidutils.generate_uuid()
--- a/vmware_nsxlib/tests/unit/v3/test_load_balancer.py
+++ b/vmware_nsxlib/tests/unit/v3/test_load_balancer.py
@ -14,6 +14,8 @@
 #    under the License.
 #

+import copy
+
 import mock

 from vmware_nsxlib.tests.unit.v3 import nsxlib_testcase
@ -210,21 +212,21 @@ class TestServerSslProfile(nsxlib_testcase.NsxClientTestCase):
            'tags': tags
        }
        with mock.patch.object(self.nsxlib.client, 'create') as create:
-                self.nsxlib.load_balancer.server_ssh_profile.create(
+                self.nsxlib.load_balancer.server_ssl_profile.create(
                    body['display_name'], body['description'], tags)
                create.assert_called_with('loadbalancer/server-ssl-profiles',
                                          body)

    def test_list_server_ssl_profiles(self):
        with mock.patch.object(self.nsxlib.client, 'list') as list_call:
-            self.nsxlib.load_balancer.server_ssh_profile.list()
+            self.nsxlib.load_balancer.server_ssl_profile.list()
            list_call.assert_called_with(
                resource='loadbalancer/server-ssl-profiles')

    def test_get_server_ssl_profile(self):
        with mock.patch.object(self.nsxlib.client, 'get') as get:
            fake_profile = consts.FAKE_SERVER_SSL_PROFILE.copy()
-            self.nsxlib.load_balancer.server_ssh_profile.get(
+            self.nsxlib.load_balancer.server_ssl_profile.get(
                fake_profile['id'])
            get.assert_called_with(
                'loadbalancer/server-ssl-profiles/%s' % fake_profile['id'])
@ -232,7 +234,7 @@ class TestServerSslProfile(nsxlib_testcase.NsxClientTestCase):
    def test_delete_server_ssl_profile(self):
        with mock.patch.object(self.nsxlib.client, 'delete') as delete:
            fake_profile = consts.FAKE_SERVER_SSL_PROFILE.copy()
-            self.nsxlib.load_balancer.server_ssh_profile.delete(
+            self.nsxlib.load_balancer.server_ssl_profile.delete(
                fake_profile['id'])
            delete.assert_called_with(
                'loadbalancer/server-ssl-profiles/%s' % fake_profile['id'])
@ -418,7 +420,7 @@ class TestVirtualServer(nsxlib_testcase.NsxClientTestCase):
                body)

    def test_remove_rule(self):
-        fake_virtual_server = consts.FAKE_VIRTUAL_SERVER
+        fake_virtual_server = copy.deepcopy(consts.FAKE_VIRTUAL_SERVER)
        fake_virtual_server['rule_ids'] = [consts.FAKE_RULE_UUID]
        body = {
            'display_name': fake_virtual_server['display_name'],
@ -438,6 +440,67 @@ class TestVirtualServer(nsxlib_testcase.NsxClientTestCase):
                'loadbalancer/virtual-servers/%s' % fake_virtual_server['id'],
                body)

+    def test_add_client_ssl_profile_binding(self):
+        fake_virtual_server = copy.deepcopy(consts.FAKE_VIRTUAL_SERVER)
+        body = {
+            'display_name': fake_virtual_server['display_name'],
+            'description': fake_virtual_server['description'],
+            'id': fake_virtual_server['id'],
+            'enabled': fake_virtual_server['enabled'],
+            'port': fake_virtual_server['port'],
+            'ip_protocol': fake_virtual_server['ip_protocol'],
+            'client_ssl_profile_binding': {
+                'ssl_profile_id': consts.FAKE_CLIENT_SSL_PROFILE_UUID,
+                'default_certificate_id': consts.FAKE_DEFAULT_CERTIFICATE_ID,
+                'client_auth': 'IGNORE',
+                'certificate_chain_depth': 3
+            }
+        }
+        with mock.patch.object(self.nsxlib.client, 'get') as mock_get, \
+            mock.patch.object(self.nsxlib.client, 'update') as mock_update:
+            mock_get.return_value = fake_virtual_server
+            vs_client = self.nsxlib.load_balancer.virtual_server
+            vs_client.add_client_ssl_profile_binding(
+                fake_virtual_server['id'],
+                consts.FAKE_CLIENT_SSL_PROFILE_UUID,
+                consts.FAKE_DEFAULT_CERTIFICATE_ID,
+                client_auth='IGNORE',
+                certificate_chain_depth=3,
+                xyz='xyz'
+            )
+            mock_update.assert_called_with(
+                'loadbalancer/virtual-servers/%s' % fake_virtual_server['id'],
+                body)
+
+    def test_add_server_ssl_profile_binding(self):
+        fake_virtual_server = copy.deepcopy(consts.FAKE_VIRTUAL_SERVER)
+        body = {
+            'display_name': fake_virtual_server['display_name'],
+            'description': fake_virtual_server['description'],
+            'id': fake_virtual_server['id'],
+            'enabled': fake_virtual_server['enabled'],
+            'port': fake_virtual_server['port'],
+            'ip_protocol': fake_virtual_server['ip_protocol'],
+            'server_ssl_profile_binding': {
+                'ssl_profile_id': consts.FAKE_SERVER_SSL_PROFILE_UUID,
+                'server_auth': 'IGNORE',
+                'certificate_chain_depth': 3
+            }
+        }
+        with mock.patch.object(self.nsxlib.client, 'get') as mock_get, \
+            mock.patch.object(self.nsxlib.client, 'update') as mock_update:
+            mock_get.return_value = fake_virtual_server
+            vs_client = self.nsxlib.load_balancer.virtual_server
+            vs_client.add_server_ssl_profile_binding(
+                fake_virtual_server['id'],
+                consts.FAKE_SERVER_SSL_PROFILE_UUID,
+                server_auth='IGNORE',
+                certificate_chain_depth=3,
+                xyz='xyz')
+        mock_update.assert_called_with(
+            'loadbalancer/virtual-servers/%s' % fake_virtual_server['id'],
+            body)
+

 class TestService(nsxlib_testcase.NsxClientTestCase):

--- a/vmware_nsxlib/v3/load_balancer.py
+++ b/vmware_nsxlib/v3/load_balancer.py
@ -314,6 +314,43 @@ class VirtualServer(LoadBalancerBase):
    def remove_rule(self, vs_id, rule_id):
        self.remove_from_list(vs_id, rule_id, 'rule_ids')

+    def add_client_ssl_profile_binding(self, virtual_server_id,
+                                       ssl_profile_id, default_certificate_id,
+                                       sni_certificate_ids=None, **kwargs):
+        binding = {'ssl_profile_id': ssl_profile_id,
+                   'default_certificate_id': default_certificate_id}
+        if sni_certificate_ids:
+            binding.update({'sni_certificate_ids': sni_certificate_ids})
+
+        valid_args = ['client_auth_ca_ids', 'client_auth_crl_ids',
+                      'certificate_chain_depth', 'client_auth']
+        # Remove the args that is not in the valid_args list or the
+        # keyword argument doesn't have value.
+        for arg in kwargs:
+            if arg in valid_args and kwargs.get(arg):
+                binding[arg] = kwargs.get(arg)
+        object_url = self.resource + '/' + virtual_server_id
+        body = self.client.get(object_url)
+        body['client_ssl_profile_binding'] = binding
+        return self.client.update(object_url, body)
+
+    def add_server_ssl_profile_binding(self, virtual_server_id,
+                                       ssl_profile_id, **kwargs):
+        binding = {'ssl_profile_id': ssl_profile_id}
+
+        valid_args = ['server_auth_ca_ids', 'server_auth_crl_ids',
+                      'certificate_chain_depth', 'server_auth',
+                      'client_certificate_id']
+        # Remove the args that is not in the valid_args list or the
+        # keyword argument doesn't have value.
+        for arg in kwargs:
+            if arg in valid_args and kwargs.get(arg):
+                binding[arg] = kwargs[arg]
+        object_url = self.resource + '/' + virtual_server_id
+        body = self.client.get(object_url)
+        body['server_ssl_profile_binding'] = binding
+        return self.client.update(object_url, body)
+

 class Service(LoadBalancerBase):
    resource = 'loadbalancer/services'
@ -365,5 +402,5 @@ class LoadBalancer(object):
        self.application_profile = ApplicationProfile(client, nsxlib_config)
        self.persistence_profile = PersistenceProfile(client, nsxlib_config)
        self.client_ssl_profile = ClientSslProfile(client, nsxlib_config)
-        self.server_ssh_profile = ServerSslProfile(client, nsxlib_config)
+        self.server_ssl_profile = ServerSslProfile(client, nsxlib_config)
        self.rule = Rule(client, nsxlib_config)