def test_load_certificates(self, mock_oslo):
listener = sample_configs_combined.sample_listener_tuple(
tls=True, sni=True, client_ca_cert=True)
client = mock.MagicMock()
context = mock.Mock()
context.project_id = '12345'
with mock.patch.object(cert_parser, 'get_host_names') as cp:
with mock.patch.object(cert_parser, '_map_cert_tls_container'):
cp.return_value = {'cn': 'fakeCN'}
cert_parser.load_certificates_data(client, listener, context)
# Ensure upload_cert is called three times
calls_cert_mngr = [
mock.call.get_cert(context, 'cont_id_1', check_only=True),
mock.call.get_cert(context, 'cont_id_2', check_only=True),
mock.call.get_cert(context, 'cont_id_3', check_only=True)
]
client.assert_has_calls(calls_cert_mngr)
# Test asking for nothing
listener = sample_configs_combined.sample_listener_tuple(
tls=False, sni=False, client_ca_cert=False)
client = mock.MagicMock()
with mock.patch.object(cert_parser,
'_map_cert_tls_container') as mock_map:
result = cert_parser.load_certificates_data(client, listener)
mock_map.assert_not_called()
ref_empty_dict = {'tls_cert': None, 'sni_certs': []}
self.assertEqual(ref_empty_dict, result)
mock_oslo.assert_called()
def test_render_template_udp_listener_with_http_health_monitor(self):
exp = ("# Configuration for Loadbalancer sample_loadbalancer_id_1\n"
"# Configuration for Listener sample_listener_id_1\n\n"
"net_namespace amphora-haproxy\n\n"
"virtual_server 10.0.0.2 80 {\n"
" lb_algo rr\n"
" lb_kind NAT\n"
" protocol UDP\n"
" delay_loop 30\n"
" delay_before_retry 30\n"
" retry 3\n\n\n"
" # Configuration for Pool sample_pool_id_1\n"
" # Configuration for HealthMonitor sample_monitor_id_1\n"
" # Configuration for Member sample_member_id_1\n"
" real_server 10.0.0.99 82 {\n"
" weight 13\n"
" uthreshold 98\n"
" HTTP_GET {\n"
" url {\n"
" path /index.html\n"
" status_code 200\n"
" }\n"
" url {\n"
" path /index.html\n"
" status_code 201\n"
" }\n"
" connect_ip 10.0.0.99\n"
" connect_port 82\n"
" connect_timeout 31\n"
" }\n"
" }\n\n"
" # Configuration for Member sample_member_id_2\n"
" real_server 10.0.0.98 82 {\n"
" weight 13\n"
" uthreshold 98\n"
" HTTP_GET {\n"
" url {\n"
" path /index.html\n"
" status_code 200\n"
" }\n"
" url {\n"
" path /index.html\n"
" status_code 201\n"
" }\n"
" connect_ip 10.0.0.98\n"
" connect_port 82\n"
" connect_timeout 31\n"
" }\n"
" }\n\n"
"}\n\n")
listener = sample_configs_combined.sample_listener_tuple(
proto=constants.PROTOCOL_UDP,
monitor_proto=constants.HEALTH_MONITOR_HTTP,
connection_limit=98,
persistence=False,
monitor_expected_codes='200-201')
rendered_obj = self.udp_jinja_cfg.render_loadbalancer_obj(listener)
self.assertEqual(exp, rendered_obj)
def test_render_template_udp_with_disabled_pool(self):
exp = ("# Configuration for Loadbalancer sample_loadbalancer_id_1\n"
"# Configuration for Listener sample_listener_id_1\n\n"
"net_namespace amphora-haproxy\n\n"
"virtual_server 10.0.0.2 80 {\n"
" lb_algo rr\n"
" lb_kind NAT\n"
" protocol UDP\n\n\n"
" # Pool sample_pool_id_1 is disabled\n"
" # Configuration for Member sample_member_id_1\n"
" real_server 10.0.0.99 82 {\n"
" weight 13\n\n"
" }\n\n"
" # Configuration for Member sample_member_id_2\n"
" real_server 10.0.0.98 82 {\n"
" weight 13\n\n"
" }\n\n"
"}\n\n")
rendered_obj = self.lvs_jinja_cfg.render_loadbalancer_obj(
sample_configs_combined.sample_listener_tuple(
proto=constants.PROTOCOL_UDP, monitor=False,
persistence=False, alloc_default_pool=True,
pool_enabled=False))
self.assertEqual(exp, rendered_obj)
def setUp(self):
super(TestAmphoraInfo, self).setUp()
self.osutils_mock = mock.MagicMock()
self.amp_info = amphora_info.AmphoraInfo(self.osutils_mock)
self.udp_driver = mock.MagicMock()
# setup a fake haproxy config file
templater = jinja_cfg.JinjaTemplater(base_amp_path=self.BASE_AMP_PATH,
base_crt_dir=self.BASE_CRT_PATH)
tls_tupel = {
'cont_id_1':
sample_configs_combined.sample_tls_container_tuple(
id='tls_container_id',
certificate='imaCert1',
private_key='imaPrivateKey1',
primary_cn='FakeCN')
}
self.rendered_haproxy_cfg = templater.render_loadbalancer_obj(
sample_configs_combined.sample_amphora_tuple(), [
sample_configs_combined.sample_listener_tuple(
proto='TERMINATED_HTTPS', tls=True, sni=True)
], tls_tupel)
path = util.config_path(self.LB_ID_1)
self.useFixture(test_utils.OpenFixture(path,
self.rendered_haproxy_cfg))
def test_render_template_sctp_no_other_resources(self):
exp = ("# Configuration for Loadbalancer sample_loadbalancer_id_1\n"
"# Configuration for Listener sample_listener_id_1\n\n"
"net_namespace amphora-haproxy\n\n\n")
rendered_obj = self.lvs_jinja_cfg.render_loadbalancer_obj(
sample_configs_combined.sample_listener_tuple(
proto=lib_consts.PROTOCOL_SCTP, monitor=False,
persistence=False, alloc_default_pool=False))
self.assertEqual(exp, rendered_obj)
def test_udp_transform_listener(self):
in_listener = sample_configs_combined.sample_listener_tuple(
proto=constants.PROTOCOL_UDP,
persistence_type=constants.SESSION_PERSISTENCE_SOURCE_IP,
persistence_timeout=33,
persistence_granularity='255.0.0.0',
monitor_proto=constants.HEALTH_MONITOR_UDP_CONNECT,
connection_limit=98)
ret = self.udp_jinja_cfg._transform_listener(in_listener)
self.assertEqual(sample_configs_combined.RET_UDP_LISTENER, ret)
in_listener = sample_configs_combined.sample_listener_tuple(
proto=constants.PROTOCOL_UDP,
persistence_type=constants.SESSION_PERSISTENCE_SOURCE_IP,
persistence_timeout=33,
persistence_granularity='255.0.0.0',
monitor_proto=constants.HEALTH_MONITOR_UDP_CONNECT,
connection_limit=-1)
ret = self.udp_jinja_cfg._transform_listener(in_listener)
sample_configs_combined.RET_UDP_LISTENER.pop('connection_limit')
self.assertEqual(sample_configs_combined.RET_UDP_LISTENER, ret)
def test_render_template_disabled_udp_listener(self):
exp = ("# Configuration for Loadbalancer sample_loadbalancer_id_1\n"
"# Listener sample_listener_id_1 is disabled\n\n"
"net_namespace amphora-haproxy\n\n")
rendered_obj = self.udp_jinja_cfg.render_loadbalancer_obj(
sample_configs_combined.sample_listener_tuple(
enabled=False,
proto=constants.PROTOCOL_UDP,
persistence_type=constants.SESSION_PERSISTENCE_SOURCE_IP,
persistence_timeout=33,
persistence_granularity='255.255.0.0',
monitor_proto=constants.HEALTH_MONITOR_UDP_CONNECT,
connection_limit=98))
self.assertEqual(exp, rendered_obj)
def test_render_template_udp_source_ip(self):
exp = ("# Configuration for Loadbalancer sample_loadbalancer_id_1\n"
"# Configuration for Listener sample_listener_id_1\n\n"
"net_namespace amphora-haproxy\n\n"
"virtual_server 10.0.0.2 80 {\n"
" lb_algo rr\n"
" lb_kind NAT\n"
" protocol UDP\n"
" persistence_timeout 33\n"
" persistence_granularity 255.255.0.0\n"
" delay_loop 30\n"
" delay_before_retry 31\n"
" retry 3\n\n\n"
" # Configuration for Pool sample_pool_id_1\n"
" # Configuration for HealthMonitor sample_monitor_id_1\n"
" # Configuration for Member sample_member_id_1\n"
" real_server 10.0.0.99 82 {\n"
" weight 13\n"
" uthreshold 98\n"
" delay_before_retry 31\n"
" retry 3\n"
" MISC_CHECK {\n"
" misc_path \"/var/lib/octavia/lvs/check/"
"udp_check.sh 10.0.0.99 82\"\n"
" misc_timeout 30\n"
" }\n"
" }\n\n"
" # Configuration for Member sample_member_id_2\n"
" real_server 10.0.0.98 82 {\n"
" weight 13\n"
" uthreshold 98\n"
" delay_before_retry 31\n"
" retry 3\n"
" MISC_CHECK {\n"
" misc_path \"/var/lib/octavia/lvs/check/"
"udp_check.sh 10.0.0.98 82\"\n"
" misc_timeout 30\n"
" }\n"
" }\n\n"
"}\n\n")
rendered_obj = self.udp_jinja_cfg.render_loadbalancer_obj(
sample_configs_combined.sample_listener_tuple(
proto=constants.PROTOCOL_UDP,
persistence_type=constants.SESSION_PERSISTENCE_SOURCE_IP,
persistence_timeout=33,
persistence_granularity='255.255.0.0',
monitor_proto=constants.HEALTH_MONITOR_UDP_CONNECT,
connection_limit=98))
self.assertEqual(exp, rendered_obj)
def test_render_template_udp_with_health_monitor_ip_port(self):
exp = ("# Configuration for Loadbalancer sample_loadbalancer_id_1\n"
"# Configuration for Listener sample_listener_id_1\n\n"
"net_namespace amphora-haproxy\n\n"
"virtual_server 10.0.0.2 80 {\n"
" lb_algo rr\n"
" lb_kind NAT\n"
" protocol UDP\n"
" delay_loop 30\n"
" delay_before_retry 31\n"
" retry 3\n\n\n"
" # Configuration for Pool sample_pool_id_1\n"
" # Configuration for HealthMonitor sample_monitor_id_1\n"
" # Configuration for Member sample_member_id_1\n"
" real_server 10.0.0.99 82 {\n"
" weight 13\n"
" uthreshold 98\n"
" delay_before_retry 31\n"
" retry 3\n"
" MISC_CHECK {\n"
" misc_path \"/var/lib/octavia/lvs/check/"
"udp_check.sh 192.168.1.1 9000\"\n"
" misc_timeout 30\n"
" }\n"
" }\n\n"
" # Configuration for Member sample_member_id_2\n"
" real_server 10.0.0.98 82 {\n"
" weight 13\n"
" uthreshold 98\n"
" delay_before_retry 31\n"
" retry 3\n"
" MISC_CHECK {\n"
" misc_path \"/var/lib/octavia/lvs/check/"
"udp_check.sh 192.168.1.1 9000\"\n"
" misc_timeout 30\n"
" }\n"
" }\n\n"
"}\n\n")
rendered_obj = self.udp_jinja_cfg.render_loadbalancer_obj(
sample_configs_combined.sample_listener_tuple(
proto=constants.PROTOCOL_UDP,
monitor_ip_port=True,
monitor_proto=constants.HEALTH_MONITOR_UDP_CONNECT,
persistence=False,
connection_limit=98))
self.assertEqual(exp, rendered_obj)
def test_render_template_udp_with_pool_no_member(self):
exp = ("# Configuration for Loadbalancer sample_loadbalancer_id_1\n"
"# Configuration for Listener sample_listener_id_1\n\n"
"net_namespace amphora-haproxy\n\n"
"virtual_server 10.0.0.2 80 {\n"
" lb_algo rr\n"
" lb_kind NAT\n"
" protocol UDP\n\n\n"
" # Configuration for Pool sample_pool_id_0\n"
"}\n\n")
rendered_obj = self.udp_jinja_cfg.render_loadbalancer_obj(
sample_configs_combined.sample_listener_tuple(
proto=constants.PROTOCOL_UDP,
monitor=False,
persistence=False,
alloc_default_pool=True,
sample_default_pool=0))
self.assertEqual(exp, rendered_obj)
def test_render_template_sctp_listener_with_tcp_health_monitor(self):
exp = ("# Configuration for Loadbalancer sample_loadbalancer_id_1\n"
"# Configuration for Listener sample_listener_id_1\n\n"
"net_namespace amphora-haproxy\n\n"
"virtual_server 10.0.0.2 80 {\n"
" lb_algo rr\n"
" lb_kind NAT\n"
" protocol SCTP\n"
" delay_loop 30\n"
" delay_before_retry 30\n"
" retry 3\n\n\n"
" # Configuration for Pool sample_pool_id_1\n"
" # Configuration for HealthMonitor sample_monitor_id_1\n"
" # Configuration for Member sample_member_id_1\n"
" real_server 10.0.0.99 82 {\n"
" weight 13\n"
" uthreshold 98\n"
" TCP_CHECK {\n"
" connect_ip 10.0.0.99\n"
" connect_port 82\n"
" connect_timeout 31\n"
" }\n"
" }\n\n"
" # Configuration for Member sample_member_id_2\n"
" real_server 10.0.0.98 82 {\n"
" weight 13\n"
" uthreshold 98\n"
" TCP_CHECK {\n"
" connect_ip 10.0.0.98\n"
" connect_port 82\n"
" connect_timeout 31\n"
" }\n"
" }\n\n"
"}\n\n")
listener = sample_configs_combined.sample_listener_tuple(
proto=lib_consts.PROTOCOL_SCTP,
monitor_proto=constants.HEALTH_MONITOR_TCP,
connection_limit=98,
persistence=False)
rendered_obj = self.lvs_jinja_cfg.render_loadbalancer_obj(listener)
self.assertEqual(exp, rendered_obj)
def test_parse_haproxy_config(self):
# template_tls
tls_tupe = {
'cont_id_1':
sample_configs_combined.sample_tls_container_tuple(
id='tls_container_id',
certificate='imaCert1',
private_key='imaPrivateKey1',
primary_cn='FakeCN')
}
rendered_obj = self.jinja_cfg.render_loadbalancer_obj(
sample_configs_combined.sample_amphora_tuple(), [
sample_configs_combined.sample_listener_tuple(
proto='TERMINATED_HTTPS', tls=True, sni=True)
], tls_tupe)
path = util.config_path(LISTENER_ID1)
self.useFixture(test_utils.OpenFixture(path, rendered_obj))
res = util.parse_haproxy_file(LISTENER_ID1)
listener_dict = res[1]['sample_listener_id_1']
self.assertEqual('TERMINATED_HTTPS', listener_dict['mode'])
self.assertEqual('/var/lib/octavia/sample_loadbalancer_id_1.sock',
res[0])
self.assertEqual(
'/var/lib/octavia/certs/sample_loadbalancer_id_1/'
'tls_container_id.pem crt /var/lib/octavia/certs/'
'sample_loadbalancer_id_1', listener_dict['ssl_crt'])
# render_template_tls_no_sni
rendered_obj = self.jinja_cfg.render_loadbalancer_obj(
sample_configs_combined.sample_amphora_tuple(), [
sample_configs_combined.sample_listener_tuple(
proto='TERMINATED_HTTPS', tls=True)
],
tls_certs={
'cont_id_1':
sample_configs_combined.sample_tls_container_tuple(
id='tls_container_id',
certificate='ImAalsdkfjCert',
private_key='ImAsdlfksdjPrivateKey',
primary_cn="FakeCN")
})
self.useFixture(test_utils.OpenFixture(path, rendered_obj))
res = util.parse_haproxy_file(LISTENER_ID1)
listener_dict = res[1]['sample_listener_id_1']
self.assertEqual('TERMINATED_HTTPS', listener_dict['mode'])
self.assertEqual(BASE_AMP_PATH + '/sample_loadbalancer_id_1.sock',
res[0])
self.assertEqual(
BASE_CRT_PATH + '/sample_loadbalancer_id_1/tls_container_id.pem',
listener_dict['ssl_crt'])
# render_template_http
rendered_obj = self.jinja_cfg.render_loadbalancer_obj(
sample_configs_combined.sample_amphora_tuple(),
[sample_configs_combined.sample_listener_tuple()])
self.useFixture(test_utils.OpenFixture(path, rendered_obj))
res = util.parse_haproxy_file(LISTENER_ID1)
listener_dict = res[1]['sample_listener_id_1']
self.assertEqual('HTTP', listener_dict['mode'])
self.assertEqual(BASE_AMP_PATH + '/sample_loadbalancer_id_1.sock',
res[0])
self.assertIsNone(listener_dict.get('ssl_crt', None))
# template_https
rendered_obj = self.jinja_cfg.render_loadbalancer_obj(
sample_configs_combined.sample_amphora_tuple(),
[sample_configs_combined.sample_listener_tuple(proto='HTTPS')])
self.useFixture(test_utils.OpenFixture(path, rendered_obj))
res = util.parse_haproxy_file(LISTENER_ID1)
listener_dict = res[1]['sample_listener_id_1']
self.assertEqual('TCP', listener_dict['mode'])
self.assertEqual(BASE_AMP_PATH + '/sample_loadbalancer_id_1.sock',
res[0])
self.assertIsNone(listener_dict.get('ssl_crt', None))
# Bogus format
self.useFixture(test_utils.OpenFixture(path, 'Bogus'))
try:
res = util.parse_haproxy_file(LISTENER_ID1)
self.fail("No Exception?")
except util.ParsingError:
pass
# Bad listener mode
fake_cfg = 'stats socket foo\nfrontend {}\nmode\n'.format(LISTENER_ID1)
self.useFixture(test_utils.OpenFixture(path, fake_cfg))
self.assertRaises(util.ParsingError, util.parse_haproxy_file,
LISTENER_ID1)
def test_parse_haproxy_config(self):
self.CONF.config(group="haproxy_amphora",
base_cert_dir='/fake_cert_dir')
FAKE_CRT_LIST_FILENAME = os.path.join(
CONF.haproxy_amphora.base_cert_dir,
'sample_loadbalancer_id_1/sample_listener_id_1.pem')
rendered_obj = self.jinja_cfg.render_loadbalancer_obj(
sample_configs_combined.sample_amphora_tuple(), [
sample_configs_combined.sample_listener_tuple(
proto='TERMINATED_HTTPS', tls=True, sni=True)
])
path = util.config_path(LISTENER_ID1)
self.useFixture(test_utils.OpenFixture(path, rendered_obj))
res = util.parse_haproxy_file(LISTENER_ID1)
listener_dict = res[1]['sample_listener_id_1']
# NOTE: parse_haproxy_file makes mode TERMINATED_HTTPS even though
# the haproxy.cfg needs mode HTTP
self.assertEqual('TERMINATED_HTTPS', listener_dict['mode'])
self.assertEqual('/var/lib/octavia/sample_loadbalancer_id_1.sock',
res[0])
self.assertEqual(FAKE_CRT_LIST_FILENAME, listener_dict['ssl_crt'])
# render_template_tls_no_sni
rendered_obj = self.jinja_cfg.render_loadbalancer_obj(
sample_configs_combined.sample_amphora_tuple(), [
sample_configs_combined.sample_listener_tuple(
proto='TERMINATED_HTTPS', tls=True)
])
self.useFixture(test_utils.OpenFixture(path, rendered_obj))
res = util.parse_haproxy_file(LISTENER_ID1)
listener_dict = res[1]['sample_listener_id_1']
self.assertEqual('TERMINATED_HTTPS', listener_dict['mode'])
self.assertEqual(BASE_AMP_PATH + '/sample_loadbalancer_id_1.sock',
res[0])
self.assertEqual(FAKE_CRT_LIST_FILENAME, listener_dict['ssl_crt'])
# render_template_http
rendered_obj = self.jinja_cfg.render_loadbalancer_obj(
sample_configs_combined.sample_amphora_tuple(),
[sample_configs_combined.sample_listener_tuple()])
self.useFixture(test_utils.OpenFixture(path, rendered_obj))
res = util.parse_haproxy_file(LISTENER_ID1)
listener_dict = res[1]['sample_listener_id_1']
self.assertEqual('HTTP', listener_dict['mode'])
self.assertEqual(BASE_AMP_PATH + '/sample_loadbalancer_id_1.sock',
res[0])
self.assertIsNone(listener_dict.get('ssl_crt', None))
# template_https
rendered_obj = self.jinja_cfg.render_loadbalancer_obj(
sample_configs_combined.sample_amphora_tuple(),
[sample_configs_combined.sample_listener_tuple(proto='HTTPS')])
self.useFixture(test_utils.OpenFixture(path, rendered_obj))
res = util.parse_haproxy_file(LISTENER_ID1)
listener_dict = res[1]['sample_listener_id_1']
self.assertEqual('TCP', listener_dict['mode'])
self.assertEqual(BASE_AMP_PATH + '/sample_loadbalancer_id_1.sock',
res[0])
self.assertIsNone(listener_dict.get('ssl_crt', None))
# Bogus format
self.useFixture(test_utils.OpenFixture(path, 'Bogus'))
try:
res = util.parse_haproxy_file(LISTENER_ID1)
self.fail("No Exception?")
except util.ParsingError:
pass
# Bad listener mode
fake_cfg = 'stats socket foo\nfrontend {}\nmode\n'.format(LISTENER_ID1)
self.useFixture(test_utils.OpenFixture(path, fake_cfg))
self.assertRaises(util.ParsingError, util.parse_haproxy_file,
LISTENER_ID1)
