def test_load_certificates(self, mock_oslo): listener = sample_configs.sample_listener_tuple(tls=True, sni=True, client_ca_cert=True) client = mock.MagicMock() context = mock.Mock() context.project_id = '12345' with mock.patch.object(cert_parser, 'get_host_names') as cp: with mock.patch.object(cert_parser, '_map_cert_tls_container'): cp.return_value = {'cn': 'fakeCN'} cert_parser.load_certificates_data(client, listener, context) # Ensure upload_cert is called three times calls_cert_mngr = [ mock.call.get_cert(context, 'cont_id_1', check_only=True), mock.call.get_cert(context, 'cont_id_2', check_only=True), mock.call.get_cert(context, 'cont_id_3', check_only=True) ] client.assert_has_calls(calls_cert_mngr) # Test asking for nothing listener = sample_configs.sample_listener_tuple(tls=False, sni=False, client_ca_cert=False) client = mock.MagicMock() with mock.patch.object(cert_parser, '_map_cert_tls_container') as mock_map: result = cert_parser.load_certificates_data(client, listener) mock_map.assert_not_called() ref_empty_dict = {'tls_cert': None, 'sni_certs': []} self.assertEqual(ref_empty_dict, result) mock_oslo.assert_called()
def test_update(self): with mock.patch.object(self.driver, "_process_tls_certificates") as process_tls_patch: with mock.patch.object(jinja_cfg.JinjaTemplater, "build_config") as build_conf: # Build sample Listener and VIP configs listener = sample_configs.sample_listener_tuple(tls=True, sni=True) vip = sample_configs.sample_vip_tuple() process_tls_patch.return_value = { "tls_cert": listener.default_tls_container, "sni_certs": listener.sni_containers, } build_conf.return_value = "sampleConfig" # Execute driver method self.driver.update(listener, vip) # Verify calls process_tls_patch.assert_called_once_with(listener) build_conf.assert_called_once_with(listener, listener.default_tls_container) self.driver.client.connect.assert_called_once_with( hostname=listener.load_balancer.amphorae[0].lb_network_ip, key_filename=self.driver.amp_config.key_path, username=self.driver.amp_config.username, ) self.driver.client.open_sftp.assert_called_once_with() self.driver.client.open_sftp().put.assert_called_once_with(mock.ANY, mock.ANY) self.driver.client.exec_command.assert_has_calls( [mock.call(mock.ANY), mock.call(mock.ANY), mock.call(mock.ANY), mock.call(mock.ANY)] ) self.driver.client.close.assert_called_once_with()
def test_render_template_tls_no_sni(self): fe = ("frontend sample_listener_id_1\n" " option tcplog\n" " maxconn 98\n" " redirect scheme https if !{ ssl_fc }\n" " bind 10.0.0.2:443 " "ssl crt /var/lib/octavia/certs/" "sample_listener_id_1/FakeCN.pem\n" " mode http\n" " default_backend sample_pool_id_1\n\n") be = ("backend sample_pool_id_1\n" " mode http\n" " balance roundrobin\n" " cookie SRV insert indirect nocache\n" " timeout check 31\n" " option httpchk GET /index.html\n" " http-check expect rstatus 418\n" " server sample_member_id_1 10.0.0.99:82 " "weight 13 check inter 30s fall 3 rise 2 " "cookie sample_member_id_1\n" " server sample_member_id_2 10.0.0.98:82 " "weight 13 check inter 30s fall 3 rise 2 " "cookie sample_member_id_2\n\n") rendered_obj = self.jinja_cfg.render_loadbalancer_obj( sample_configs.sample_amphora_tuple(), sample_configs.sample_listener_tuple( proto='TERMINATED_HTTPS', tls=True), tls_cert=sample_configs.sample_tls_container_tuple( certificate='ImAalsdkfjCert', private_key='ImAsdlfksdjPrivateKey', primary_cn="FakeCN")) self.assertEqual( sample_configs.sample_base_expected_config( frontend=fe, backend=be), rendered_obj)
def test_render_template_https(self): fe = ("frontend sample_listener_id_1\n" " option tcplog\n" " maxconn 98\n" " bind 10.0.0.2:443\n" " mode tcp\n" " default_backend sample_pool_id_1\n\n") be = ("backend sample_pool_id_1\n" " mode tcp\n" " balance roundrobin\n" " cookie SRV insert indirect nocache\n" " timeout check 31\n" " option httpchk GET /index.html\n" " http-check expect rstatus 418\n" " option ssl-hello-chk\n" " server sample_member_id_1 10.0.0.99:82 " "weight 13 check inter 30s fall 3 rise 2 " "cookie sample_member_id_1\n" " server sample_member_id_2 10.0.0.98:82 " "weight 13 check inter 30s fall 3 rise 2 " "cookie sample_member_id_2\n\n") rendered_obj = self.jinja_cfg.render_loadbalancer_obj( sample_configs.sample_listener_tuple(proto='HTTPS')) self.assertEqual(sample_configs.sample_base_expected_config( frontend=fe, backend=be), rendered_obj)
def test_render_template_http_xff_xfport(self): be = ("backend sample_pool_id_1\n" " mode http\n" " balance roundrobin\n" " cookie SRV insert indirect nocache\n" " timeout check 31s\n" " option httpchk GET /index.html\n" " http-check expect rstatus 418\n" " option forwardfor\n" " http-request set-header X-Forwarded-Port %[dst_port]\n" " fullconn 98\n" " server sample_member_id_1 10.0.0.99:82 " "weight 13 check inter 30s fall 3 rise 2 " "cookie sample_member_id_1\n" " server sample_member_id_2 10.0.0.98:82 " "weight 13 check inter 30s fall 3 rise 2 " "cookie sample_member_id_2\n\n") rendered_obj = self.jinja_cfg.render_loadbalancer_obj( sample_configs.sample_amphora_tuple(), sample_configs.sample_listener_tuple( insert_headers={'X-Forwarded-For': 'true', 'X-Forwarded-Port': 'true'})) self.assertEqual( sample_configs.sample_base_expected_config(backend=be), rendered_obj)
def test_render_template_udp_no_other_resources(self): exp = ("# Configuration for Loadbalancer sample_loadbalancer_id_1\n" "# Configuration for Listener sample_listener_id_1\n\n" "net_namespace amphora-haproxy\n\n\n") rendered_obj = self.udp_jinja_cfg.render_loadbalancer_obj( sample_configs.sample_listener_tuple( proto=constants.PROTOCOL_UDP, monitor=False, persistence=False, alloc_default_pool=False)) self.assertEqual(exp, rendered_obj)
def test_process_tls_certificates(self): listener = sample_configs.sample_listener_tuple(tls=True, sni=True) with mock.patch.object(cert_parser, 'build_pem') as bp: with mock.patch.object(cert_parser, 'load_certificates_data') as cd: with mock.patch.object(cert_parser, 'get_host_names') as cp: with mock.patch.object(self.driver, '_exec_on_amphorae') as ea: self.driver.barbican_client = mock.MagicMock() cp.return_value = {'cn': 'fakeCN'} pem = 'imapem' bp.return_value = pem tls_cont = data_models.TLSContainer( primary_cn='fakecn', certificate='fakecert', private_key='fakepk') sni_cont1 = data_models.TLSContainer( primary_cn='fakecn1', certificate='fakecert', private_key='fakepk') sni_cont2 = data_models.TLSContainer( primary_cn='fakecn2', certificate='fakecert', private_key='fakepk') cd.return_value = {'tls_cert': tls_cont, 'sni_certs': [sni_cont1, sni_cont2]} self.driver._process_tls_certificates(listener) # Ensure upload_cert is called three times calls_bbq = [mock.call(self.driver.cert_manager, listener)] cd.assert_has_calls(calls_bbq) calls_bp = [ mock.call(tls_cont), mock.call(sni_cont1), mock.call(sni_cont2)] bp.assert_has_calls(calls_bp) cert_dir = os.path.join( self.driver.amp_config.base_cert_dir, listener.id) cmd = 'chmod 600 {base_path}/*.pem'.format( base_path=cert_dir) listener_cert = '{0}/fakecn.pem'.format(cert_dir) ea.assert_has_calls([ mock.call(listener.load_balancer.amphorae, [cmd], make_dir=cert_dir, data=[pem, pem, pem], upload_dir=listener_cert)])
def test_render_template_no_persistence_http(self): be = ("backend sample_pool_id_1\n" " mode http\n" " balance roundrobin\n" " option forwardfor\n" " server sample_member_id_1 10.0.0.99:82 weight 13\n" " server sample_member_id_2 10.0.0.98:82 weight 13\n\n") rendered_obj = self.jinja_cfg.render_loadbalancer_obj( sample_configs.sample_listener_tuple(proto='HTTP', monitor=False, persistence=False)) self.assertEqual(sample_configs.sample_base_expected_config( backend=be), rendered_obj)
def setUp(self, mock_session): super(TestSshDriver, self).setUp() mock.MagicMock(keystone.get_session()) self.driver = ssh_driver.HaproxyManager() self.listener = sample_configs.sample_listener_tuple() self.vip = sample_configs.sample_vip_tuple() self.amphora = models.Amphora() self.amphora.id = self.FAKE_UUID_1 self.driver.cert_manager = mock.Mock(spec=cert_mgr.CertManager) self.driver.client = mock.Mock(spec=paramiko.SSHClient) self.driver.client.exec_command.return_value = (mock.Mock(), mock.Mock(), mock.Mock()) self.driver.amp_config = mock.MagicMock() self.port = network_models.Port(mac_address="123")
def setUp(self): super(HaproxyAmphoraLoadBalancerDriverTest, self).setUp() self.driver = driver.HaproxyAmphoraLoadBalancerDriver() self.driver.cert_manager = mock.MagicMock() self.driver.client = mock.MagicMock() self.driver.jinja = mock.MagicMock() # Build sample Listener and VIP configs self.sl = sample_configs.sample_listener_tuple(tls=True, sni=True) self.amp = self.sl.load_balancer.amphorae[0] self.sv = sample_configs.sample_vip_tuple() self.lb = self.sl.load_balancer self.port = network_models.Port(mac_address='123')
def test_udp_transform_listener(self): in_listener = sample_configs.sample_listener_tuple( proto=constants.PROTOCOL_UDP, persistence_type=constants.SESSION_PERSISTENCE_SOURCE_IP, persistence_timeout=33, persistence_granularity='255.0.0.0', monitor_proto=constants.HEALTH_MONITOR_UDP_CONNECT, connection_limit=98 ) ret = self.udp_jinja_cfg._transform_listener(in_listener) self.assertEqual(sample_configs.RET_UDP_LISTENER, ret) in_listener = sample_configs.sample_listener_tuple( proto=constants.PROTOCOL_UDP, persistence_type=constants.SESSION_PERSISTENCE_SOURCE_IP, persistence_timeout=33, persistence_granularity='255.0.0.0', monitor_proto=constants.HEALTH_MONITOR_UDP_CONNECT, connection_limit=-1) ret = self.udp_jinja_cfg._transform_listener(in_listener) sample_configs.RET_UDP_LISTENER.pop('connection_limit') self.assertEqual(sample_configs.RET_UDP_LISTENER, ret)
def test_render_template_no_monitor_http(self): be = ("backend sample_pool_id_1\n" " mode http\n" " balance roundrobin\n" " cookie SRV insert indirect nocache\n" " server sample_member_id_1 10.0.0.99:82 weight 13 " "cookie sample_member_id_1\n" " server sample_member_id_2 10.0.0.98:82 weight 13 " "cookie sample_member_id_2\n\n") rendered_obj = self.jinja_cfg.render_loadbalancer_obj( sample_configs.sample_amphora_tuple(), sample_configs.sample_listener_tuple(proto='HTTP', monitor=False)) self.assertEqual(sample_configs.sample_base_expected_config( backend=be), rendered_obj)
def test_render_template_udp_source_ip(self): exp = ("# Configuration for Loadbalancer sample_loadbalancer_id_1\n" "# Configuration for Listener sample_listener_id_1\n\n" "net_namespace amphora-haproxy\n\n" "virtual_server 10.0.0.2 80 {\n" " lb_algo rr\n" " lb_kind NAT\n" " protocol UDP\n" " persistence_timeout 33\n" " persistence_granularity 255.255.0.0\n" " delay_loop 30\n" " delay_before_retry 31\n" " retry 3\n\n\n" " # Configuration for Pool sample_pool_id_1\n" " # Configuration for HealthMonitor sample_monitor_id_1\n" " # Configuration for Member sample_member_id_1\n" " real_server 10.0.0.99 82 {\n" " weight 13\n" " uthreshold 98\n" " delay_before_retry 31\n" " retry 3\n" " MISC_CHECK {\n" " misc_path \"/var/lib/octavia/lvs/check/" "udp_check.sh 10.0.0.99 82\"\n" " misc_timeout 30\n" " }\n" " }\n\n" " # Configuration for Member sample_member_id_2\n" " real_server 10.0.0.98 82 {\n" " weight 13\n" " uthreshold 98\n" " delay_before_retry 31\n" " retry 3\n" " MISC_CHECK {\n" " misc_path \"/var/lib/octavia/lvs/check/" "udp_check.sh 10.0.0.98 82\"\n" " misc_timeout 30\n" " }\n" " }\n\n" "}\n\n") rendered_obj = self.udp_jinja_cfg.render_loadbalancer_obj( sample_configs.sample_listener_tuple( proto=constants.PROTOCOL_UDP, persistence_type=constants.SESSION_PERSISTENCE_SOURCE_IP, persistence_timeout=33, persistence_granularity='255.255.0.0', monitor_proto=constants.HEALTH_MONITOR_UDP_CONNECT, connection_limit=98)) self.assertEqual(exp, rendered_obj)
def test_render_template_l7policies(self): fe = ("frontend sample_listener_id_1\n" " option httplog\n" " maxconn 98\n" " bind 10.0.0.2:80\n" " mode http\n" " acl sample_l7rule_id_1 path -m beg /api\n" " use_backend sample_pool_id_2 if sample_l7rule_id_1\n" " acl sample_l7rule_id_2 req.hdr(Some-header) -m sub " "This\\ string\\\\\\ with\\ stuff\n" " acl sample_l7rule_id_3 req.cook(some-cookie) -m reg " "this.*|that\n" " redirect location http://www.example.com if " "!sample_l7rule_id_2 sample_l7rule_id_3\n" " acl sample_l7rule_id_4 path_end -m str jpg\n" " acl sample_l7rule_id_5 req.hdr(host) -i -m end " ".example.com\n" " http-request deny if sample_l7rule_id_4 " "sample_l7rule_id_5\n" " default_backend sample_pool_id_1\n\n") be = ("backend sample_pool_id_1\n" " mode http\n" " balance roundrobin\n" " cookie SRV insert indirect nocache\n" " timeout check 31s\n" " option httpchk GET /index.html\n" " http-check expect rstatus 418\n" " fullconn 98\n" " server sample_member_id_1 10.0.0.99:82 weight 13 check " "inter 30s fall 3 rise 2 cookie sample_member_id_1\n" " server sample_member_id_2 10.0.0.98:82 weight 13 check " "inter 30s fall 3 rise 2 cookie sample_member_id_2\n" "\n" "backend sample_pool_id_2\n" " mode http\n" " balance roundrobin\n" " cookie SRV insert indirect nocache\n" " timeout check 31s\n" " option httpchk GET /healthmon.html\n" " http-check expect rstatus 418\n" " fullconn 98\n" " server sample_member_id_3 10.0.0.97:82 weight 13 check " "inter 30s fall 3 rise 2 cookie sample_member_id_3\n\n") rendered_obj = self.jinja_cfg.render_loadbalancer_obj( sample_configs.sample_amphora_tuple(), sample_configs.sample_listener_tuple(l7=True)) self.assertEqual(sample_configs.sample_base_expected_config( frontend=fe, backend=be), rendered_obj)
def test_start(self): # Build sample Listener and VIP configs listener = sample_configs.sample_listener_tuple( tls=True, sni=True) vip = sample_configs.sample_vip_tuple() # Execute driver method self.driver.start(listener, vip) self.driver.client.connect.assert_called_once_with( hostname=listener.load_balancer.amphorae[0].lb_network_ip, key_filename=self.driver.amp_config.key_path, username=self.driver.amp_config.username) self.driver.client.exec_command.assert_called_once_with( 'sudo haproxy -f {0}/{1}/haproxy.cfg -p {0}/{1}/{1}.pid'.format( self.driver.amp_config.base_path, listener.id)) self.driver.client.close.assert_called_once_with()
def test_load_certificates(self): listener = sample_configs.sample_listener_tuple(tls=True, sni=True) client = mock.MagicMock() with mock.patch.object(cert_parser, 'get_host_names') as cp: with mock.patch.object(cert_parser, '_map_cert_tls_container'): cp.return_value = {'cn': 'fakeCN'} cert_parser.load_certificates_data(client, listener) # Ensure upload_cert is called three times calls_cert_mngr = [ mock.call.get_cert('cont_id_1', check_only=True), mock.call.get_cert('cont_id_2', check_only=True), mock.call.get_cert('cont_id_3', check_only=True) ] client.assert_has_calls(calls_cert_mngr)
def test_process_tls_certificates(self): listener = sample_configs.sample_listener_tuple(tls=True, sni=True) with mock.patch.object(cert_parser, "build_pem") as bp: with mock.patch.object(cert_parser, "load_certificates_data") as cd: with mock.patch.object(cert_parser, "get_host_names") as cp: with mock.patch.object(self.driver, "_exec_on_amphorae") as ea: self.driver.barbican_client = mock.MagicMock() cp.return_value = {"cn": "fakeCN"} pem = "imapem" bp.return_value = pem tls_cont = data_models.TLSContainer( primary_cn="fakecn", certificate="fakecert", private_key="fakepk" ) sni_cont1 = data_models.TLSContainer( primary_cn="fakecn1", certificate="fakecert", private_key="fakepk" ) sni_cont2 = data_models.TLSContainer( primary_cn="fakecn2", certificate="fakecert", private_key="fakepk" ) cd.return_value = {"tls_cert": tls_cont, "sni_certs": [sni_cont1, sni_cont2]} self.driver._process_tls_certificates(listener) # Ensure upload_cert is called three times calls_bbq = [mock.call(self.driver.cert_manager, listener)] cd.assert_has_calls(calls_bbq) calls_bp = [mock.call(tls_cont), mock.call(sni_cont1), mock.call(sni_cont2)] bp.assert_has_calls(calls_bp) cert_dir = os.path.join(self.driver.amp_config.base_cert_dir, listener.id) cmd = "chmod 600 {base_path}/*.pem".format(base_path=cert_dir) listener_cert = "{0}/fakecn.pem".format(cert_dir) ea.assert_has_calls( [ mock.call( listener.load_balancer.amphorae, [cmd], make_dir=cert_dir, data=[pem, pem, pem], upload_dir=listener_cert, ) ] )
def test_render_template_no_persistence_https(self): fe = ("frontend sample_listener_id_1\n" " option tcplog\n" " maxconn 98\n" " bind 10.0.0.2:443\n" " mode tcp\n" " default_backend sample_pool_id_1\n\n") be = ("backend sample_pool_id_1\n" " mode tcp\n" " balance roundrobin\n" " server sample_member_id_1 10.0.0.99:82 weight 13\n" " server sample_member_id_2 10.0.0.98:82 weight 13\n\n") rendered_obj = self.jinja_cfg.render_loadbalancer_obj( sample_configs.sample_listener_tuple(proto='HTTPS', monitor=False, persistence=False)) self.assertEqual(sample_configs.sample_base_expected_config( frontend=fe, backend=be), rendered_obj)
def test_render_template_http(self): be = ("backend sample_pool_id_1\n" " mode http\n" " balance roundrobin\n" " cookie SRV insert indirect nocache\n" " timeout check 31\n" " option httpchk GET /index.html\n" " http-check expect rstatus 418\n" " option forwardfor\n" " server sample_member_id_1 10.0.0.99:82 " "weight 13 check inter 30s fall 3 rise 2 " "cookie sample_member_id_1\n" " server sample_member_id_2 10.0.0.98:82 " "weight 13 check inter 30s fall 3 rise 2 " "cookie sample_member_id_2\n\n") rendered_obj = self.jinja_cfg.render_loadbalancer_obj( sample_configs.sample_listener_tuple()) self.assertEqual( sample_configs.sample_base_expected_config(backend=be), rendered_obj)
def test_render_template_sourceip_persistence(self): be = ("backend sample_pool_id_1\n" " mode http\n" " balance roundrobin\n" " stick-table type ip size 10k\n" " stick on src\n" " timeout check 31\n" " option httpchk GET /index.html\n" " http-check expect rstatus 418\n" " option forwardfor\n" " server sample_member_id_1 10.0.0.99:82 " "weight 13 check inter 30s fall 3 rise 2\n" " server sample_member_id_2 10.0.0.98:82 " "weight 13 check inter 30s fall 3 rise 2\n\n") rendered_obj = self.jinja_cfg.render_loadbalancer_obj( sample_configs.sample_listener_tuple( persistence_type='SOURCE_IP')) self.assertEqual( sample_configs.sample_base_expected_config(backend=be), rendered_obj)
def test_render_template_appcookie_persistence(self): be = ("backend sample_pool_id_1\n" " mode http\n" " balance roundrobin\n" " stick-table type string len 64 size 10k\n" " stick store-response res.cook(JSESSIONID)\n" " stick match req.cook(JSESSIONID)\n" " timeout check 31\n" " option httpchk GET /index.html\n" " http-check expect rstatus 418\n" " server sample_member_id_1 10.0.0.99:82 " "weight 13 check inter 30s fall 3 rise 2\n" " server sample_member_id_2 10.0.0.98:82 " "weight 13 check inter 30s fall 3 rise 2\n\n") rendered_obj = self.jinja_cfg.render_loadbalancer_obj( sample_configs.sample_amphora_tuple(), sample_configs.sample_listener_tuple( persistence_type='APP_COOKIE', persistence_cookie='JSESSIONID')) self.assertEqual( sample_configs.sample_base_expected_config(backend=be), rendered_obj)
def setUp(self): super(TestHaproxyAmphoraLoadBalancerDriverTest, self).setUp() DEST1 = '198.51.100.0/24' DEST2 = '203.0.113.0/24' NEXTHOP = '192.0.2.1' self.driver = driver.HaproxyAmphoraLoadBalancerDriver() self.driver.cert_manager = mock.MagicMock() self.driver.cert_parser = mock.MagicMock() self.driver.client = mock.MagicMock() self.driver.jinja = mock.MagicMock() # Build sample Listener and VIP configs self.sl = sample_configs.sample_listener_tuple(tls=True, sni=True) self.amp = self.sl.load_balancer.amphorae[0] self.sv = sample_configs.sample_vip_tuple() self.lb = self.sl.load_balancer self.fixed_ip = mock.MagicMock() self.fixed_ip.ip_address = '198.51.100.5' self.fixed_ip.subnet.cidr = '198.51.100.0/24' self.network = network_models.Network(mtu=FAKE_MTU) self.port = network_models.Port(mac_address=FAKE_MAC_ADDRESS, fixed_ips=[self.fixed_ip], network=self.network) self.host_routes = [network_models.HostRoute(destination=DEST1, nexthop=NEXTHOP), network_models.HostRoute(destination=DEST2, nexthop=NEXTHOP)] host_routes_data = [{'destination': DEST1, 'nexthop': NEXTHOP}, {'destination': DEST2, 'nexthop': NEXTHOP}] self.subnet_info = {'subnet_cidr': FAKE_CIDR, 'gateway': FAKE_GATEWAY, 'mac_address': FAKE_MAC_ADDRESS, 'vrrp_ip': self.amp.vrrp_ip, 'mtu': FAKE_MTU, 'host_routes': host_routes_data}
def test_delete(self): # Build sample Listener and VIP configs listener = sample_configs.sample_listener_tuple( tls=True, sni=True) vip = sample_configs.sample_vip_tuple() # Execute driver method self.driver.delete(listener, vip) # Verify call self.driver.client.connect.assert_called_once_with( hostname=listener.load_balancer.amphorae[0].lb_network_ip, key_filename=self.driver.amp_config.key_path, username=self.driver.amp_config.username) exec_command_calls = [ mock.call('sudo kill -9 $(cat {0}/sample_listener_id_1' '/sample_listener_id_1.pid)' .format(self.driver.amp_config.base_path)), mock.call('sudo rm -rf {0}/sample_listener_id_1'.format( self.driver.amp_config.base_path))] self.driver.client.exec_command.assert_has_calls(exec_command_calls) self.driver.client.close.assert_called_once_with()
def test_render_template_appcookie_persistence(self): be = ("backend sample_pool_id_1\n" " mode http\n" " balance roundrobin\n" " stick-table type string len 64 size 10k\n" " stick store-response res.cook(JSESSIONID)\n" " stick match req.cook(JSESSIONID)\n" " timeout check 31s\n" " option httpchk GET /index.html\n" " http-check expect rstatus 418\n" " fullconn 98\n" " server sample_member_id_1 10.0.0.99:82 " "weight 13 check inter 30s fall 3 rise 2\n" " server sample_member_id_2 10.0.0.98:82 " "weight 13 check inter 30s fall 3 rise 2\n\n") rendered_obj = self.jinja_cfg.render_loadbalancer_obj( sample_configs.sample_amphora_tuple(), sample_configs.sample_listener_tuple( persistence_type='APP_COOKIE', persistence_cookie='JSESSIONID')) self.assertEqual( sample_configs.sample_base_expected_config(backend=be), rendered_obj)
def test_render_template_pool_proxy_protocol(self): be = ("backend sample_pool_id_1\n" " mode http\n" " balance roundrobin\n" " cookie SRV insert indirect nocache\n" " timeout check 31s\n" " fullconn {maxconn}\n" " option allbackups\n" " timeout connect 5000\n" " timeout server 50000\n" " server sample_member_id_1 10.0.0.99:82 " "weight 13 check inter 30s fall 3 rise 2 " "cookie sample_member_id_1 send-proxy\n" " server sample_member_id_2 10.0.0.98:82 " "weight 13 check inter 30s fall 3 rise 2 " "cookie sample_member_id_2 send-proxy\n\n").format( maxconn=constants.HAPROXY_MAX_MAXCONN) rendered_obj = self.jinja_cfg.render_loadbalancer_obj( sample_configs.sample_amphora_tuple(), sample_configs.sample_listener_tuple(be_proto='PROXY')) self.assertEqual( sample_configs.sample_base_expected_config(backend=be), rendered_obj)
def test_render_template_http_xff(self): be = ("backend sample_pool_id_1\n" " mode http\n" " balance roundrobin\n" " cookie SRV insert indirect nocache\n" " timeout check 31s\n" " option httpchk GET /index.html\n" " http-check expect rstatus 418\n" " option forwardfor\n" " fullconn 98\n" " server sample_member_id_1 10.0.0.99:82 " "weight 13 check inter 30s fall 3 rise 2 " "cookie sample_member_id_1\n" " server sample_member_id_2 10.0.0.98:82 " "weight 13 check inter 30s fall 3 rise 2 " "cookie sample_member_id_2\n\n") rendered_obj = self.jinja_cfg.render_loadbalancer_obj( sample_configs.sample_amphora_tuple(), sample_configs.sample_listener_tuple( insert_headers={'X-Forwarded-For': 'true'})) self.assertEqual( sample_configs.sample_base_expected_config(backend=be), rendered_obj)
def test_render_template_sourceip_persistence(self): be = ("backend sample_pool_id_1\n" " mode http\n" " balance roundrobin\n" " stick-table type ip size 10k\n" " stick on src\n" " timeout check 31s\n" " option httpchk GET /index.html\n" " http-check expect rstatus 418\n" " fullconn 98\n" " option allbackups\n" " timeout connect 5000\n" " timeout server 50000\n" " server sample_member_id_1 10.0.0.99:82 " "weight 13 check inter 30s fall 3 rise 2\n" " server sample_member_id_2 10.0.0.98:82 " "weight 13 check inter 30s fall 3 rise 2\n\n") rendered_obj = self.jinja_cfg.render_loadbalancer_obj( sample_configs.sample_amphora_tuple(), sample_configs.sample_listener_tuple(persistence_type='SOURCE_IP')) self.assertEqual( sample_configs.sample_base_expected_config(backend=be), rendered_obj)
def test_render_template_no_monitor_https(self): fe = ("frontend sample_listener_id_1\n" " option tcplog\n" " maxconn 98\n" " bind 10.0.0.2:443\n" " mode tcp\n" " default_backend sample_pool_id_1\n\n") be = ("backend sample_pool_id_1\n" " mode tcp\n" " balance roundrobin\n" " cookie SRV insert indirect nocache\n" " fullconn 98\n" " server sample_member_id_1 10.0.0.99:82 weight 13 " "cookie sample_member_id_1\n" " server sample_member_id_2 10.0.0.98:82 weight 13 " "cookie sample_member_id_2\n\n") rendered_obj = self.jinja_cfg.render_loadbalancer_obj( sample_configs.sample_amphora_tuple(), sample_configs.sample_listener_tuple(proto='HTTPS', monitor=False)) self.assertEqual( sample_configs.sample_base_expected_config(frontend=fe, backend=be), rendered_obj)
def test_render_template_tls(self): fe = ("frontend sample_listener_id_1\n" " option tcplog\n" " maxconn 98\n" " option forwardfor\n" " bind 10.0.0.2:443 " "ssl crt /var/lib/octavia/certs/" "sample_listener_id_1/FakeCN.pem " "crt /var/lib/octavia/certs/sample_listener_id_1\n" " mode http\n" " default_backend sample_pool_id_1\n\n") be = ("backend sample_pool_id_1\n" " mode http\n" " balance roundrobin\n" " redirect scheme https if !{ ssl_fc }\n" " cookie SRV insert indirect nocache\n" " timeout check 31\n" " option httpchk GET /index.html\n" " http-check expect rstatus 418\n" " option forwardfor\n" " server sample_member_id_1 10.0.0.99:82 " "weight 13 check inter 30s fall 3 rise 2 " "cookie sample_member_id_1\n" " server sample_member_id_2 10.0.0.98:82 " "weight 13 check inter 30s fall 3 rise 2 cookie " "sample_member_id_2\n\n") tls_tupe = sample_configs.sample_tls_container_tuple( certificate='imaCert1', private_key='imaPrivateKey1', primary_cn='FakeCN') rendered_obj = self.jinja_cfg.render_loadbalancer_obj( sample_configs.sample_listener_tuple(proto='TERMINATED_HTTPS', tls=True, sni=True), tls_tupe) self.assertEqual( sample_configs.sample_base_expected_config( frontend=fe, backend=be), rendered_obj)
def test_render_template_tls_no_sni(self): fe = ("frontend sample_listener_id_1\n" " option httplog\n" " maxconn 98\n" " redirect scheme https if !{ ssl_fc }\n" " bind 10.0.0.2:443 " "ssl crt /var/lib/octavia/certs/" "sample_listener_id_1/FakeCN.pem\n" " mode http\n" " default_backend sample_pool_id_1\n\n") be = ("backend sample_pool_id_1\n" " mode http\n" " balance roundrobin\n" " cookie SRV insert indirect nocache\n" " timeout check 31s\n" " option httpchk GET /index.html\n" " http-check expect rstatus 418\n" " fullconn 98\n" " option allbackups\n" " server sample_member_id_1 10.0.0.99:82 " "weight 13 check inter 30s fall 3 rise 2 " "cookie sample_member_id_1\n" " server sample_member_id_2 10.0.0.98:82 " "weight 13 check inter 30s fall 3 rise 2 " "cookie sample_member_id_2\n\n") rendered_obj = self.jinja_cfg.render_loadbalancer_obj( sample_configs.sample_amphora_tuple(), sample_configs.sample_listener_tuple(proto='TERMINATED_HTTPS', tls=True), tls_cert=sample_configs.sample_tls_container_tuple( certificate='ImAalsdkfjCert', private_key='ImAsdlfksdjPrivateKey', primary_cn="FakeCN")) self.assertEqual( sample_configs.sample_base_expected_config(frontend=fe, backend=be), rendered_obj)
def test_render_template_ping_monitor_http(self): be = ("backend sample_pool_id_1\n" " mode http\n" " balance roundrobin\n" " cookie SRV insert indirect nocache\n" " timeout check 31s\n" " option external-check\n" " external-check command /var/lib/octavia/ping-wrapper.sh\n" " fullconn 98\n" " server sample_member_id_1 10.0.0.99:82 " "weight 13 check inter 30s fall 3 rise 2 " "cookie sample_member_id_1\n" " server sample_member_id_2 10.0.0.98:82 " "weight 13 check inter 30s fall 3 rise 2 " "cookie sample_member_id_2\n\n") go = " maxconn 98\n external-check\n\n" rendered_obj = self.jinja_cfg.render_loadbalancer_obj( sample_configs.sample_amphora_tuple(), sample_configs.sample_listener_tuple(proto='HTTP', monitor_proto='PING')) self.assertEqual( sample_configs.sample_base_expected_config(backend=be, global_opts=go), rendered_obj)
def test_render_template_member_monitor_addr_port(self): be = ("backend sample_pool_id_1\n" " mode http\n" " balance roundrobin\n" " cookie SRV insert indirect nocache\n" " timeout check 31s\n" " option httpchk GET /index.html\n" " http-check expect rstatus 418\n" " fullconn 98\n" " option allbackups\n" " server sample_member_id_1 10.0.0.99:82 " "weight 13 check inter 30s fall 3 rise 2 " "addr 192.168.1.1 port 9000 " "cookie sample_member_id_1\n" " server sample_member_id_2 10.0.0.98:82 " "weight 13 check inter 30s fall 3 rise 2 " "addr 192.168.1.1 port 9000 " "cookie sample_member_id_2\n\n") rendered_obj = self.jinja_cfg.render_loadbalancer_obj( sample_configs.sample_amphora_tuple(), sample_configs.sample_listener_tuple(monitor_ip_port=True)) self.assertEqual( sample_configs.sample_base_expected_config(backend=be), rendered_obj)
def test_render_template_null_timeouts(self): fe = ("frontend sample_listener_id_1\n" " option httplog\n" " maxconn {maxconn}\n" " bind 10.0.0.2:80\n" " mode http\n" " default_backend sample_pool_id_1\n" " timeout client 50000\n\n").format( maxconn=constants.HAPROXY_MAX_MAXCONN) be = ("backend sample_pool_id_1\n" " mode http\n" " http-reuse safe\n" " balance roundrobin\n" " cookie SRV insert indirect nocache\n" " timeout check 31s\n" " option httpchk GET /index.html\n" " http-check expect rstatus 418\n" " fullconn {maxconn}\n" " option allbackups\n" " timeout connect 5000\n" " timeout server 50000\n" " server sample_member_id_1 10.0.0.99:82 weight 13 " "check inter 30s fall 3 rise 2 cookie sample_member_id_1\n" " server sample_member_id_2 10.0.0.98:82 weight 13 " "check inter 30s fall 3 rise 2 cookie " "sample_member_id_2\n\n").format( maxconn=constants.HAPROXY_MAX_MAXCONN) rendered_obj = self.jinja_cfg.render_loadbalancer_obj( sample_configs.sample_amphora_tuple(), sample_configs.sample_listener_tuple(timeout_member_connect=None, timeout_client_data=None, timeout_member_data=None)) self.assertEqual( sample_configs.sample_base_expected_config(frontend=fe, backend=be), rendered_obj)
def test_parse_haproxy_config(self): # template_tls tls_tupe = sample_configs.sample_tls_container_tuple( certificate='imaCert1', private_key='imaPrivateKey1', primary_cn='FakeCN') rendered_obj = self.jinja_cfg.render_loadbalancer_obj( sample_configs.sample_listener_tuple(proto='TERMINATED_HTTPS', tls=True, sni=True), tls_tupe) m = mock.mock_open(read_data=rendered_obj) with mock.patch('%s.open' % BUILTINS, m, create=True): res = listener._parse_haproxy_file('123') self.assertEqual('TERMINATED_HTTPS', res['mode']) self.assertEqual('/var/lib/octavia/sample_listener_id_1.sock', res['stats_socket']) self.assertEqual( '/var/lib/octavia/certs/sample_listener_id_1/FakeCN.pem', res['ssl_crt']) # render_template_tls_no_sni rendered_obj = self.jinja_cfg.render_loadbalancer_obj( sample_configs.sample_listener_tuple(proto='TERMINATED_HTTPS', tls=True), tls_cert=sample_configs.sample_tls_container_tuple( certificate='ImAalsdkfjCert', private_key='ImAsdlfksdjPrivateKey', primary_cn="FakeCN")) m = mock.mock_open(read_data=rendered_obj) with mock.patch('%s.open' % BUILTINS, m, create=True): res = listener._parse_haproxy_file('123') self.assertEqual('TERMINATED_HTTPS', res['mode']) self.assertEqual(BASE_AMP_PATH + '/sample_listener_id_1.sock', res['stats_socket']) self.assertEqual( BASE_CRT_PATH + '/sample_listener_id_1/FakeCN.pem', res['ssl_crt']) # render_template_http rendered_obj = self.jinja_cfg.render_loadbalancer_obj( sample_configs.sample_listener_tuple()) m = mock.mock_open(read_data=rendered_obj) with mock.patch('%s.open' % BUILTINS, m, create=True): res = listener._parse_haproxy_file('123') self.assertEqual('HTTP', res['mode']) self.assertEqual(BASE_AMP_PATH + '/sample_listener_id_1.sock', res['stats_socket']) self.assertIsNone(res['ssl_crt']) # template_https rendered_obj = self.jinja_cfg.render_loadbalancer_obj( sample_configs.sample_listener_tuple(proto='HTTPS')) m = mock.mock_open(read_data=rendered_obj) with mock.patch('%s.open' % BUILTINS, m, create=True): res = listener._parse_haproxy_file('123') self.assertEqual('TCP', res['mode']) self.assertEqual(BASE_AMP_PATH + '/sample_listener_id_1.sock', res['stats_socket']) self.assertIsNone(res['ssl_crt']) # Bogus format m = mock.mock_open(read_data='Bogus') with mock.patch('%s.open' % BUILTINS, m, create=True): try: res = listener._parse_haproxy_file('123') self.fail("No Exception?") except listener.ParsingError: pass
def setUp(self): super(TestHaproxyAmphoraLoadBalancerDriverTest, self).setUp() conf = oslo_fixture.Config(cfg.CONF) conf.config(group="haproxy_amphora", user_group="everyone") DEST1 = '198.51.100.0/24' DEST2 = '203.0.113.0/24' NEXTHOP = '192.0.2.1' self.driver = driver.HaproxyAmphoraLoadBalancerDriver() self.driver.cert_manager = mock.MagicMock() self.driver.cert_parser = mock.MagicMock() self.driver.client = mock.MagicMock() self.driver.jinja = mock.MagicMock() self.driver.udp_jinja = mock.MagicMock() # Build sample Listener and VIP configs self.sl = sample_configs.sample_listener_tuple(tls=True, sni=True) self.sl_udp = sample_configs.sample_listener_tuple( proto=constants.PROTOCOL_UDP, persistence_type=constants.SESSION_PERSISTENCE_SOURCE_IP, persistence_timeout=33, persistence_granularity='255.255.0.0', monitor_proto=constants.HEALTH_MONITOR_UDP_CONNECT) self.amp = self.sl.load_balancer.amphorae[0] self.sv = sample_configs.sample_vip_tuple() self.lb = self.sl.load_balancer self.fixed_ip = mock.MagicMock() self.fixed_ip.ip_address = '198.51.100.5' self.fixed_ip.subnet.cidr = '198.51.100.0/24' self.network = network_models.Network(mtu=FAKE_MTU) self.port = network_models.Port(mac_address=FAKE_MAC_ADDRESS, fixed_ips=[self.fixed_ip], network=self.network) self.host_routes = [ network_models.HostRoute(destination=DEST1, nexthop=NEXTHOP), network_models.HostRoute(destination=DEST2, nexthop=NEXTHOP) ] host_routes_data = [{ 'destination': DEST1, 'nexthop': NEXTHOP }, { 'destination': DEST2, 'nexthop': NEXTHOP }] self.subnet_info = { 'subnet_cidr': FAKE_CIDR, 'gateway': FAKE_GATEWAY, 'mac_address': FAKE_MAC_ADDRESS, 'vrrp_ip': self.amp.vrrp_ip, 'mtu': FAKE_MTU, 'host_routes': host_routes_data } self.timeout_dict = { constants.REQ_CONN_TIMEOUT: 1, constants.REQ_READ_TIMEOUT: 2, constants.CONN_MAX_RETRIES: 3, constants.CONN_RETRY_INTERVAL: 4 }
def test_parse_haproxy_config(self): # template_tls tls_tupe = sample_configs.sample_tls_container_tuple( certificate='imaCert1', private_key='imaPrivateKey1', primary_cn='FakeCN') rendered_obj = self.jinja_cfg.render_loadbalancer_obj( sample_configs.sample_listener_tuple(proto='TERMINATED_HTTPS', tls=True, sni=True), tls_tupe) m = mock.mock_open(read_data=rendered_obj) with mock.patch.object(builtins, 'open', m, create=True): res = listener._parse_haproxy_file('123') self.assertEqual('TERMINATED_HTTPS', res['mode']) self.assertEqual('/var/lib/octavia/sample_listener_id_1.sock', res['stats_socket']) self.assertEqual( '/var/lib/octavia/certs/sample_listener_id_1/FakeCN.pem', res['ssl_crt']) # render_template_tls_no_sni rendered_obj = self.jinja_cfg.render_loadbalancer_obj( sample_configs.sample_listener_tuple( proto='TERMINATED_HTTPS', tls=True), tls_cert=sample_configs.sample_tls_container_tuple( certificate='ImAalsdkfjCert', private_key='ImAsdlfksdjPrivateKey', primary_cn="FakeCN")) m = mock.mock_open(read_data=rendered_obj) with mock.patch.object(builtins, 'open', m, create=True): res = listener._parse_haproxy_file('123') self.assertEqual('TERMINATED_HTTPS', res['mode']) self.assertEqual(BASE_AMP_PATH + '/sample_listener_id_1.sock', res['stats_socket']) self.assertEqual( BASE_CRT_PATH + '/sample_listener_id_1/FakeCN.pem', res['ssl_crt']) # render_template_http rendered_obj = self.jinja_cfg.render_loadbalancer_obj( sample_configs.sample_listener_tuple()) m = mock.mock_open(read_data=rendered_obj) with mock.patch.object(builtins, 'open', m, create=True): res = listener._parse_haproxy_file('123') self.assertEqual('HTTP', res['mode']) self.assertEqual(BASE_AMP_PATH + '/sample_listener_id_1.sock', res['stats_socket']) self.assertIsNone(res['ssl_crt']) # template_https rendered_obj = self.jinja_cfg.render_loadbalancer_obj( sample_configs.sample_listener_tuple(proto='HTTPS')) m = mock.mock_open(read_data=rendered_obj) with mock.patch.object(builtins, 'open', m, create=True): res = listener._parse_haproxy_file('123') self.assertEqual('TCP', res['mode']) self.assertEqual(BASE_AMP_PATH + '/sample_listener_id_1.sock', res['stats_socket']) self.assertIsNone(res['ssl_crt']) # Bogus format m = mock.mock_open(read_data='Bogus') with mock.patch.object(builtins, 'open', m, create=True): try: res = listener._parse_haproxy_file('123') self.fail("No Exception?") except listener.ParsingError: pass
def test_render_template_l7policies(self): fe = ("frontend sample_listener_id_1\n" " option httplog\n" " maxconn {maxconn}\n" " bind 10.0.0.2:80\n" " mode http\n" " acl sample_l7rule_id_1 path -m beg /api\n" " use_backend sample_pool_id_2 if sample_l7rule_id_1\n" " acl sample_l7rule_id_2 req.hdr(Some-header) -m sub " "This\\ string\\\\\\ with\\ stuff\n" " acl sample_l7rule_id_3 req.cook(some-cookie) -m reg " "this.*|that\n" " redirect location http://www.example.com if " "!sample_l7rule_id_2 sample_l7rule_id_3\n" " acl sample_l7rule_id_4 path_end -m str jpg\n" " acl sample_l7rule_id_5 req.hdr(host) -i -m end " ".example.com\n" " http-request deny if sample_l7rule_id_4 " "sample_l7rule_id_5\n" " default_backend sample_pool_id_1\n" " timeout client 50000\n\n").format( maxconn=constants.HAPROXY_MAX_MAXCONN) be = ("backend sample_pool_id_1\n" " mode http\n" " http-reuse safe\n" " balance roundrobin\n" " cookie SRV insert indirect nocache\n" " timeout check 31s\n" " option httpchk GET /index.html\n" " http-check expect rstatus 418\n" " fullconn {maxconn}\n" " option allbackups\n" " timeout connect 5000\n" " timeout server 50000\n" " server sample_member_id_1 10.0.0.99:82 weight 13 check " "inter 30s fall 3 rise 2 cookie sample_member_id_1\n" " server sample_member_id_2 10.0.0.98:82 weight 13 check " "inter 30s fall 3 rise 2 cookie sample_member_id_2\n" "\n" "backend sample_pool_id_2\n" " mode http\n" " http-reuse safe\n" " balance roundrobin\n" " cookie SRV insert indirect nocache\n" " timeout check 31s\n" " option httpchk GET /healthmon.html\n" " http-check expect rstatus 418\n" " fullconn {maxconn}\n" " option allbackups\n" " timeout connect 5000\n" " timeout server 50000\n" " server sample_member_id_3 10.0.0.97:82 weight 13 check " "inter 30s fall 3 rise 2 cookie sample_member_id_3\n\n").format( maxconn=constants.HAPROXY_MAX_MAXCONN) rendered_obj = self.jinja_cfg.render_loadbalancer_obj( sample_configs.sample_amphora_tuple(), sample_configs.sample_listener_tuple(l7=True)) self.assertEqual( sample_configs.sample_base_expected_config(frontend=fe, backend=be), rendered_obj)
def test_transform_listener_with_l7(self): in_listener = sample_configs.sample_listener_tuple(l7=True) ret = self.jinja_cfg._transform_listener(in_listener, None, {}) self.assertEqual(sample_configs.RET_LISTENER_L7, ret)
def test_parse_haproxy_config(self): # template_tls tls_tupe = sample_configs.sample_tls_container_tuple( id='tls_container_id', certificate='imaCert1', private_key='imaPrivateKey1', primary_cn='FakeCN') rendered_obj = self.jinja_cfg.render_loadbalancer_obj( sample_configs.sample_amphora_tuple(), sample_configs.sample_listener_tuple(proto='TERMINATED_HTTPS', tls=True, sni=True), tls_tupe) path = agent_util.config_path(LISTENER_ID1) self.useFixture(test_utils.OpenFixture(path, rendered_obj)) res = self.test_listener._parse_haproxy_file(LISTENER_ID1) self.assertEqual('TERMINATED_HTTPS', res['mode']) self.assertEqual('/var/lib/octavia/sample_listener_id_1.sock', res['stats_socket']) self.assertEqual( '/var/lib/octavia/certs/sample_listener_id_1/tls_container_id.pem', res['ssl_crt']) # render_template_tls_no_sni rendered_obj = self.jinja_cfg.render_loadbalancer_obj( sample_configs.sample_amphora_tuple(), sample_configs.sample_listener_tuple(proto='TERMINATED_HTTPS', tls=True), tls_cert=sample_configs.sample_tls_container_tuple( id='tls_container_id', certificate='ImAalsdkfjCert', private_key='ImAsdlfksdjPrivateKey', primary_cn="FakeCN")) self.useFixture(test_utils.OpenFixture(path, rendered_obj)) res = self.test_listener._parse_haproxy_file(LISTENER_ID1) self.assertEqual('TERMINATED_HTTPS', res['mode']) self.assertEqual(BASE_AMP_PATH + '/sample_listener_id_1.sock', res['stats_socket']) self.assertEqual( BASE_CRT_PATH + '/sample_listener_id_1/tls_container_id.pem', res['ssl_crt']) # render_template_http rendered_obj = self.jinja_cfg.render_loadbalancer_obj( sample_configs.sample_amphora_tuple(), sample_configs.sample_listener_tuple()) self.useFixture(test_utils.OpenFixture(path, rendered_obj)) res = self.test_listener._parse_haproxy_file(LISTENER_ID1) self.assertEqual('HTTP', res['mode']) self.assertEqual(BASE_AMP_PATH + '/sample_listener_id_1.sock', res['stats_socket']) self.assertIsNone(res['ssl_crt']) # template_https rendered_obj = self.jinja_cfg.render_loadbalancer_obj( sample_configs.sample_amphora_tuple(), sample_configs.sample_listener_tuple(proto='HTTPS')) self.useFixture(test_utils.OpenFixture(path, rendered_obj)) res = self.test_listener._parse_haproxy_file(LISTENER_ID1) self.assertEqual('TCP', res['mode']) self.assertEqual(BASE_AMP_PATH + '/sample_listener_id_1.sock', res['stats_socket']) self.assertIsNone(res['ssl_crt']) # Bogus format self.useFixture(test_utils.OpenFixture(path, 'Bogus')) try: res = self.test_listener._parse_haproxy_file(LISTENER_ID1) self.fail("No Exception?") except listener.ParsingError: pass
def test_transform_loadbalancer(self): in_listener = sample_configs.sample_listener_tuple() ret = self.jinja_cfg._transform_loadbalancer( in_listener.load_balancer, in_listener, None) self.assertEqual(sample_configs.RET_LB, ret)
def test_transform_loadbalancer_with_l7(self): in_amphora = sample_configs.sample_amphora_tuple() in_listener = sample_configs.sample_listener_tuple(l7=True) ret = self.jinja_cfg._transform_loadbalancer( in_amphora, in_listener.load_balancer, in_listener, None) self.assertEqual(sample_configs.RET_LB_L7, ret)
def test_transform_listener(self): in_listener = sample_configs.sample_listener_tuple() ret = self.jinja_cfg._transform_listener(in_listener, None) self.assertEqual(sample_configs.RET_LISTENER, ret)
def test_parse_haproxy_config(self): # template_tls tls_tupe = sample_configs.sample_tls_container_tuple( certificate='imaCert1', private_key='imaPrivateKey1', primary_cn='FakeCN') rendered_obj = self.jinja_cfg.render_loadbalancer_obj( sample_configs.sample_amphora_tuple(), sample_configs.sample_listener_tuple(proto='TERMINATED_HTTPS', tls=True, sni=True), tls_tupe) path = agent_util.config_path(LISTENER_ID1) self.useFixture(test_utils.OpenFixture(path, rendered_obj)) res = listener._parse_haproxy_file(LISTENER_ID1) self.assertEqual('TERMINATED_HTTPS', res['mode']) self.assertEqual('/var/lib/octavia/sample_listener_id_1.sock', res['stats_socket']) self.assertEqual( '/var/lib/octavia/certs/sample_listener_id_1/FakeCN.pem', res['ssl_crt']) # render_template_tls_no_sni rendered_obj = self.jinja_cfg.render_loadbalancer_obj( sample_configs.sample_amphora_tuple(), sample_configs.sample_listener_tuple( proto='TERMINATED_HTTPS', tls=True), tls_cert=sample_configs.sample_tls_container_tuple( certificate='ImAalsdkfjCert', private_key='ImAsdlfksdjPrivateKey', primary_cn="FakeCN")) self.useFixture(test_utils.OpenFixture(path, rendered_obj)) res = listener._parse_haproxy_file(LISTENER_ID1) self.assertEqual('TERMINATED_HTTPS', res['mode']) self.assertEqual(BASE_AMP_PATH + '/sample_listener_id_1.sock', res['stats_socket']) self.assertEqual( BASE_CRT_PATH + '/sample_listener_id_1/FakeCN.pem', res['ssl_crt']) # render_template_http rendered_obj = self.jinja_cfg.render_loadbalancer_obj( sample_configs.sample_amphora_tuple(), sample_configs.sample_listener_tuple()) self.useFixture(test_utils.OpenFixture(path, rendered_obj)) res = listener._parse_haproxy_file(LISTENER_ID1) self.assertEqual('HTTP', res['mode']) self.assertEqual(BASE_AMP_PATH + '/sample_listener_id_1.sock', res['stats_socket']) self.assertIsNone(res['ssl_crt']) # template_https rendered_obj = self.jinja_cfg.render_loadbalancer_obj( sample_configs.sample_amphora_tuple(), sample_configs.sample_listener_tuple(proto='HTTPS')) self.useFixture(test_utils.OpenFixture(path, rendered_obj)) res = listener._parse_haproxy_file(LISTENER_ID1) self.assertEqual('TCP', res['mode']) self.assertEqual(BASE_AMP_PATH + '/sample_listener_id_1.sock', res['stats_socket']) self.assertIsNone(res['ssl_crt']) # Bogus format self.useFixture(test_utils.OpenFixture(path, 'Bogus')) try: res = listener._parse_haproxy_file(LISTENER_ID1) self.fail("No Exception?") except listener.ParsingError: pass
def test_parse_haproxy_config(self): # template_tls tls_tupe = sample_configs.sample_tls_container_tuple( certificate="imaCert1", private_key="imaPrivateKey1", primary_cn="FakeCN" ) rendered_obj = self.jinja_cfg.render_loadbalancer_obj( sample_configs.sample_listener_tuple(proto="TERMINATED_HTTPS", tls=True, sni=True), tls_tupe ) m = mock.mock_open(read_data=rendered_obj) with mock.patch("%s.open" % BUILTINS, m, create=True): res = listener._parse_haproxy_file("123") self.assertEqual("TERMINATED_HTTPS", res["mode"]) self.assertEqual("/var/lib/octavia/sample_listener_id_1.sock", res["stats_socket"]) self.assertEqual("/var/lib/octavia/certs/sample_listener_id_1/FakeCN.pem", res["ssl_crt"]) # render_template_tls_no_sni rendered_obj = self.jinja_cfg.render_loadbalancer_obj( sample_configs.sample_listener_tuple(proto="TERMINATED_HTTPS", tls=True), tls_cert=sample_configs.sample_tls_container_tuple( certificate="ImAalsdkfjCert", private_key="ImAsdlfksdjPrivateKey", primary_cn="FakeCN" ), ) m = mock.mock_open(read_data=rendered_obj) with mock.patch("%s.open" % BUILTINS, m, create=True): res = listener._parse_haproxy_file("123") self.assertEqual("TERMINATED_HTTPS", res["mode"]) self.assertEqual(BASE_AMP_PATH + "/sample_listener_id_1.sock", res["stats_socket"]) self.assertEqual(BASE_CRT_PATH + "/sample_listener_id_1/FakeCN.pem", res["ssl_crt"]) # render_template_http rendered_obj = self.jinja_cfg.render_loadbalancer_obj(sample_configs.sample_listener_tuple()) m = mock.mock_open(read_data=rendered_obj) with mock.patch("%s.open" % BUILTINS, m, create=True): res = listener._parse_haproxy_file("123") self.assertEqual("HTTP", res["mode"]) self.assertEqual(BASE_AMP_PATH + "/sample_listener_id_1.sock", res["stats_socket"]) self.assertIsNone(res["ssl_crt"]) # template_https rendered_obj = self.jinja_cfg.render_loadbalancer_obj(sample_configs.sample_listener_tuple(proto="HTTPS")) m = mock.mock_open(read_data=rendered_obj) with mock.patch("%s.open" % BUILTINS, m, create=True): res = listener._parse_haproxy_file("123") self.assertEqual("TCP", res["mode"]) self.assertEqual(BASE_AMP_PATH + "/sample_listener_id_1.sock", res["stats_socket"]) self.assertIsNone(res["ssl_crt"]) # Bogus format m = mock.mock_open(read_data="Bogus") with mock.patch("%s.open" % BUILTINS, m, create=True): try: res = listener._parse_haproxy_file("123") self.fail("No Exception?") except listener.ParsingError: pass