Merge "Allow updating TLS refs" into stable/liberty
This commit is contained in:
commit
2ada28e3d0
|
@ -319,8 +319,9 @@ class LoadBalancerPluginDbv2(base_db.CommonDbMixin,
|
|||
listener[id] = None
|
||||
|
||||
self._validate_listener_data(context, listener)
|
||||
|
||||
sni_container_ids = listener.pop('sni_container_ids')
|
||||
sni_container_ids = []
|
||||
if 'sni_container_ids' in listener:
|
||||
sni_container_ids = listener.pop('sni_container_ids')
|
||||
listener_db_entry = models.Listener(**listener)
|
||||
for container_id in sni_container_ids:
|
||||
sni = models.SNI(listener_id=listener_db_entry.id,
|
||||
|
|
|
@ -566,10 +566,14 @@ class LoadBalancerPluginv2(loadbalancerv2.LoadBalancerPluginBaseV2):
|
|||
def _validate_tls(self, listener, curr_listener=None):
|
||||
def validate_tls_container(container_ref):
|
||||
cert_container = None
|
||||
if curr_listener:
|
||||
service_url = self._get_service_url(curr_listener)
|
||||
else:
|
||||
service_url = self._get_service_url(listener)
|
||||
try:
|
||||
cert_container = CERT_MANAGER_PLUGIN.CertManager.get_cert(
|
||||
container_ref,
|
||||
resource_ref=self._get_service_url(listener))
|
||||
resource_ref=service_url)
|
||||
except Exception as e:
|
||||
if hasattr(e, 'status_code') and e.status_code == 404:
|
||||
raise loadbalancerv2.TLSContainerNotFound(
|
||||
|
@ -602,7 +606,8 @@ class LoadBalancerPluginv2(loadbalancerv2.LoadBalancerPluginBaseV2):
|
|||
raise loadbalancerv2.TLSDefaultContainerNotSpecified()
|
||||
if not curr_listener:
|
||||
to_validate.extend([listener['default_tls_container_ref']])
|
||||
to_validate.extend(listener['sni_container_refs'])
|
||||
if 'sni_container_refs' in listener:
|
||||
to_validate.extend(listener['sni_container_refs'])
|
||||
elif curr_listener['provisioning_status'] == constants.ERROR:
|
||||
to_validate.extend(curr_listener['default_tls_container_id'])
|
||||
to_validate.extend([
|
||||
|
@ -611,9 +616,9 @@ class LoadBalancerPluginv2(loadbalancerv2.LoadBalancerPluginBaseV2):
|
|||
else:
|
||||
if (curr_listener['default_tls_container_id'] !=
|
||||
listener['default_tls_container_ref']):
|
||||
to_validate.extend(listener['default_tls_container_ref'])
|
||||
to_validate.extend([listener['default_tls_container_ref']])
|
||||
|
||||
if (listener['sni_container_refs'] is not None and
|
||||
if ('sni_container_refs' in listener and
|
||||
[container['tls_container_id'] for container in (
|
||||
curr_listener['sni_containers'])] !=
|
||||
listener['sni_container_refs']):
|
||||
|
@ -630,7 +635,7 @@ class LoadBalancerPluginv2(loadbalancerv2.LoadBalancerPluginBaseV2):
|
|||
cfg.CONF.service_auth.service_name,
|
||||
cfg.CONF.service_auth.region,
|
||||
constants.LOADBALANCER,
|
||||
listener.get('loadbalancer_id'))
|
||||
listener['loadbalancer_id'])
|
||||
|
||||
def create_listener(self, context, listener):
|
||||
listener = listener.get('listener')
|
||||
|
@ -664,13 +669,12 @@ class LoadBalancerPluginv2(loadbalancerv2.LoadBalancerPluginBaseV2):
|
|||
|
||||
default_tls_container_ref = listener.get(
|
||||
'default_tls_container_ref')
|
||||
sni_container_refs = listener.get('sni_container_refs')
|
||||
if not default_tls_container_ref:
|
||||
listener['default_tls_container_ref'] = (
|
||||
# NOTE(blogan): not changing to ref bc this dictionary is
|
||||
# created from a data model
|
||||
curr_listener['default_tls_container_id'])
|
||||
if not sni_container_refs:
|
||||
if 'sni_container_refs' not in listener:
|
||||
listener['sni_container_ids'] = [
|
||||
container.tls_container_id for container in (
|
||||
curr_listener['sni_containers'])]
|
||||
|
|
|
@ -589,6 +589,39 @@ class LoadBalancerExtensionV2TestCase(base.ExtensionTestCase):
|
|||
self.assertIn('listener', res)
|
||||
self.assertEqual(res['listener'], return_value)
|
||||
|
||||
def test_listener_create_with_tls(self):
|
||||
listener_id = _uuid()
|
||||
tls_ref = 'http://example.ref/uuid'
|
||||
sni_refs = ['http://example.ref/uuid',
|
||||
'http://example.ref/uuid1']
|
||||
data = {'listener': {'tenant_id': _uuid(),
|
||||
'name': 'listen-name-1',
|
||||
'description': 'listen-1-desc',
|
||||
'protocol': 'HTTP',
|
||||
'protocol_port': 80,
|
||||
'default_tls_container_ref': tls_ref,
|
||||
'sni_container_refs': sni_refs,
|
||||
'connection_limit': 100,
|
||||
'admin_state_up': True,
|
||||
'loadbalancer_id': _uuid()}}
|
||||
return_value = copy.copy(data['listener'])
|
||||
return_value.update({'id': listener_id})
|
||||
del return_value['loadbalancer_id']
|
||||
|
||||
instance = self.plugin.return_value
|
||||
instance.create_listener.return_value = return_value
|
||||
|
||||
res = self.api.post(_get_path('lbaas/listeners', fmt=self.fmt),
|
||||
self.serialize(data),
|
||||
content_type='application/{0}'.format(self.fmt))
|
||||
instance.create_listener.assert_called_with(mock.ANY,
|
||||
listener=data)
|
||||
|
||||
self.assertEqual(res.status_int, exc.HTTPCreated.code)
|
||||
res = self.deserialize(res)
|
||||
self.assertIn('listener', res)
|
||||
self.assertEqual(res['listener'], return_value)
|
||||
|
||||
def test_listener_list(self):
|
||||
listener_id = _uuid()
|
||||
return_value = [{'admin_state_up': True,
|
||||
|
@ -628,6 +661,34 @@ class LoadBalancerExtensionV2TestCase(base.ExtensionTestCase):
|
|||
self.assertIn('listener', res)
|
||||
self.assertEqual(res['listener'], return_value)
|
||||
|
||||
def test_listener_update_with_tls(self):
|
||||
listener_id = _uuid()
|
||||
tls_ref = 'http://example.ref/uuid'
|
||||
sni_refs = ['http://example.ref/uuid',
|
||||
'http://example.ref/uuid1']
|
||||
update_data = {'listener': {'admin_state_up': False}}
|
||||
return_value = {'name': 'listener1',
|
||||
'admin_state_up': False,
|
||||
'tenant_id': _uuid(),
|
||||
'id': listener_id,
|
||||
'default_tls_container_ref': tls_ref,
|
||||
'sni_container_refs': sni_refs}
|
||||
|
||||
instance = self.plugin.return_value
|
||||
instance.update_listener.return_value = return_value
|
||||
|
||||
res = self.api.put(_get_path('lbaas/listeners',
|
||||
id=listener_id,
|
||||
fmt=self.fmt),
|
||||
self.serialize(update_data))
|
||||
|
||||
instance.update_listener.assert_called_with(
|
||||
mock.ANY, listener_id, listener=update_data)
|
||||
self.assertEqual(res.status_int, exc.HTTPOk.code)
|
||||
res = self.deserialize(res)
|
||||
self.assertIn('listener', res)
|
||||
self.assertEqual(res['listener'], return_value)
|
||||
|
||||
def test_listener_get(self):
|
||||
listener_id = _uuid()
|
||||
return_value = {'name': 'listener1',
|
||||
|
|
Loading…
Reference in New Issue