def test_render_template_tls_no_sni(self): fe = ("frontend sample_listener_id_1\n" " option tcplog\n" " maxconn 98\n" " redirect scheme https if !{ ssl_fc }\n" " bind 10.0.0.2:443 " "ssl crt /var/lib/octavia/certs/" "sample_listener_id_1/FakeCN.pem\n" " mode http\n" " default_backend sample_pool_id_1\n\n") be = ("backend sample_pool_id_1\n" " mode http\n" " balance roundrobin\n" " cookie SRV insert indirect nocache\n" " timeout check 31\n" " option httpchk GET /index.html\n" " http-check expect rstatus 418\n" " server sample_member_id_1 10.0.0.99:82 " "weight 13 check inter 30s fall 3 rise 2 " "cookie sample_member_id_1\n" " server sample_member_id_2 10.0.0.98:82 " "weight 13 check inter 30s fall 3 rise 2 " "cookie sample_member_id_2\n\n") rendered_obj = self.jinja_cfg.render_loadbalancer_obj( sample_configs.sample_amphora_tuple(), sample_configs.sample_listener_tuple( proto='TERMINATED_HTTPS', tls=True), tls_cert=sample_configs.sample_tls_container_tuple( certificate='ImAalsdkfjCert', private_key='ImAsdlfksdjPrivateKey', primary_cn="FakeCN")) self.assertEqual( sample_configs.sample_base_expected_config( frontend=fe, backend=be), rendered_obj)
def test_render_template_tls_no_sni(self): fe = ("frontend sample_listener_id_1\n" " option tcplog\n" " maxconn 98\n" " redirect scheme https if !{ ssl_fc }\n" " bind 10.0.0.2:443 " "ssl crt /var/lib/octavia/certs/" "sample_listener_id_1/FakeCN.pem\n" " mode http\n" " default_backend sample_pool_id_1\n\n") be = ("backend sample_pool_id_1\n" " mode http\n" " balance roundrobin\n" " cookie SRV insert indirect nocache\n" " timeout check 31\n" " option httpchk GET /index.html\n" " http-check expect rstatus 418\n" " server sample_member_id_1 10.0.0.99:82 " "weight 13 check inter 30s fall 3 rise 2 " "cookie sample_member_id_1\n" " server sample_member_id_2 10.0.0.98:82 " "weight 13 check inter 30s fall 3 rise 2 " "cookie sample_member_id_2\n\n") rendered_obj = self.jinja_cfg.render_loadbalancer_obj( sample_configs.sample_amphora_tuple(), sample_configs.sample_listener_tuple(proto='TERMINATED_HTTPS', tls=True), tls_cert=sample_configs.sample_tls_container_tuple( certificate='ImAalsdkfjCert', private_key='ImAsdlfksdjPrivateKey', primary_cn="FakeCN")) self.assertEqual( sample_configs.sample_base_expected_config(frontend=fe, backend=be), rendered_obj)
def test_build_pem(self): expected = 'imainter\nimainter2\nimacert\nimakey' tls_tupe = sample_configs.sample_tls_container_tuple( certificate='imacert', private_key='imakey', intermediates=['imainter', 'imainter2']) self.assertEqual(expected, cert_parser.build_pem(tls_tupe))
def test_render_template_tls(self): fe = ("frontend sample_listener_id_1\n" " option httplog\n" " maxconn {maxconn}\n" " redirect scheme https if !{{ ssl_fc }}\n" " bind 10.0.0.2:443 " "ssl crt /var/lib/octavia/certs/" "sample_listener_id_1/tls_container_id.pem " "crt /var/lib/octavia/certs/sample_listener_id_1\n" " mode http\n" " default_backend sample_pool_id_1\n" " timeout client 50000\n\n").format( maxconn=constants.HAPROXY_MAX_MAXCONN) be = ("backend sample_pool_id_1\n" " mode http\n" " http-reuse safe\n" " balance roundrobin\n" " cookie SRV insert indirect nocache\n" " timeout check 31s\n" " option httpchk GET /index.html\n" " http-check expect rstatus 418\n" " fullconn {maxconn}\n" " option allbackups\n" " timeout connect 5000\n" " timeout server 50000\n" " server sample_member_id_1 10.0.0.99:82 " "weight 13 check inter 30s fall 3 rise 2 " "cookie sample_member_id_1\n" " server sample_member_id_2 10.0.0.98:82 " "weight 13 check inter 30s fall 3 rise 2 cookie " "sample_member_id_2\n\n").format( maxconn=constants.HAPROXY_MAX_MAXCONN) tls_tupe = sample_configs.sample_tls_container_tuple( id='tls_container_id', certificate='imaCert1', private_key='imaPrivateKey1', primary_cn='FakeCN') rendered_obj = self.jinja_cfg.render_loadbalancer_obj( sample_configs.sample_amphora_tuple(), sample_configs.sample_listener_tuple(proto='TERMINATED_HTTPS', tls=True, sni=True), tls_tupe) self.assertEqual( sample_configs.sample_base_expected_config(frontend=fe, backend=be), rendered_obj)
def test_parse_haproxy_config(self): # template_tls tls_tupe = sample_configs.sample_tls_container_tuple( id='tls_container_id', certificate='imaCert1', private_key='imaPrivateKey1', primary_cn='FakeCN') rendered_obj = self.jinja_cfg.render_loadbalancer_obj( sample_configs.sample_amphora_tuple(), sample_configs.sample_listener_tuple(proto='TERMINATED_HTTPS', tls=True, sni=True), tls_tupe) path = agent_util.config_path(LISTENER_ID1) self.useFixture(test_utils.OpenFixture(path, rendered_obj)) res = self.test_listener._parse_haproxy_file(LISTENER_ID1) self.assertEqual('TERMINATED_HTTPS', res['mode']) self.assertEqual('/var/lib/octavia/sample_listener_id_1.sock', res['stats_socket']) self.assertEqual( '/var/lib/octavia/certs/sample_listener_id_1/tls_container_id.pem', res['ssl_crt']) # render_template_tls_no_sni rendered_obj = self.jinja_cfg.render_loadbalancer_obj( sample_configs.sample_amphora_tuple(), sample_configs.sample_listener_tuple(proto='TERMINATED_HTTPS', tls=True), tls_cert=sample_configs.sample_tls_container_tuple( id='tls_container_id', certificate='ImAalsdkfjCert', private_key='ImAsdlfksdjPrivateKey', primary_cn="FakeCN")) self.useFixture(test_utils.OpenFixture(path, rendered_obj)) res = self.test_listener._parse_haproxy_file(LISTENER_ID1) self.assertEqual('TERMINATED_HTTPS', res['mode']) self.assertEqual(BASE_AMP_PATH + '/sample_listener_id_1.sock', res['stats_socket']) self.assertEqual( BASE_CRT_PATH + '/sample_listener_id_1/tls_container_id.pem', res['ssl_crt']) # render_template_http rendered_obj = self.jinja_cfg.render_loadbalancer_obj( sample_configs.sample_amphora_tuple(), sample_configs.sample_listener_tuple()) self.useFixture(test_utils.OpenFixture(path, rendered_obj)) res = self.test_listener._parse_haproxy_file(LISTENER_ID1) self.assertEqual('HTTP', res['mode']) self.assertEqual(BASE_AMP_PATH + '/sample_listener_id_1.sock', res['stats_socket']) self.assertIsNone(res['ssl_crt']) # template_https rendered_obj = self.jinja_cfg.render_loadbalancer_obj( sample_configs.sample_amphora_tuple(), sample_configs.sample_listener_tuple(proto='HTTPS')) self.useFixture(test_utils.OpenFixture(path, rendered_obj)) res = self.test_listener._parse_haproxy_file(LISTENER_ID1) self.assertEqual('TCP', res['mode']) self.assertEqual(BASE_AMP_PATH + '/sample_listener_id_1.sock', res['stats_socket']) self.assertIsNone(res['ssl_crt']) # Bogus format self.useFixture(test_utils.OpenFixture(path, 'Bogus')) try: res = self.test_listener._parse_haproxy_file(LISTENER_ID1) self.fail("No Exception?") except listener.ParsingError: pass
def test_parse_haproxy_config(self): # template_tls tls_tupe = sample_configs.sample_tls_container_tuple( certificate='imaCert1', private_key='imaPrivateKey1', primary_cn='FakeCN') rendered_obj = self.jinja_cfg.render_loadbalancer_obj( sample_configs.sample_amphora_tuple(), sample_configs.sample_listener_tuple(proto='TERMINATED_HTTPS', tls=True, sni=True), tls_tupe) path = agent_util.config_path(LISTENER_ID1) self.useFixture(test_utils.OpenFixture(path, rendered_obj)) res = listener._parse_haproxy_file(LISTENER_ID1) self.assertEqual('TERMINATED_HTTPS', res['mode']) self.assertEqual('/var/lib/octavia/sample_listener_id_1.sock', res['stats_socket']) self.assertEqual( '/var/lib/octavia/certs/sample_listener_id_1/FakeCN.pem', res['ssl_crt']) # render_template_tls_no_sni rendered_obj = self.jinja_cfg.render_loadbalancer_obj( sample_configs.sample_amphora_tuple(), sample_configs.sample_listener_tuple( proto='TERMINATED_HTTPS', tls=True), tls_cert=sample_configs.sample_tls_container_tuple( certificate='ImAalsdkfjCert', private_key='ImAsdlfksdjPrivateKey', primary_cn="FakeCN")) self.useFixture(test_utils.OpenFixture(path, rendered_obj)) res = listener._parse_haproxy_file(LISTENER_ID1) self.assertEqual('TERMINATED_HTTPS', res['mode']) self.assertEqual(BASE_AMP_PATH + '/sample_listener_id_1.sock', res['stats_socket']) self.assertEqual( BASE_CRT_PATH + '/sample_listener_id_1/FakeCN.pem', res['ssl_crt']) # render_template_http rendered_obj = self.jinja_cfg.render_loadbalancer_obj( sample_configs.sample_amphora_tuple(), sample_configs.sample_listener_tuple()) self.useFixture(test_utils.OpenFixture(path, rendered_obj)) res = listener._parse_haproxy_file(LISTENER_ID1) self.assertEqual('HTTP', res['mode']) self.assertEqual(BASE_AMP_PATH + '/sample_listener_id_1.sock', res['stats_socket']) self.assertIsNone(res['ssl_crt']) # template_https rendered_obj = self.jinja_cfg.render_loadbalancer_obj( sample_configs.sample_amphora_tuple(), sample_configs.sample_listener_tuple(proto='HTTPS')) self.useFixture(test_utils.OpenFixture(path, rendered_obj)) res = listener._parse_haproxy_file(LISTENER_ID1) self.assertEqual('TCP', res['mode']) self.assertEqual(BASE_AMP_PATH + '/sample_listener_id_1.sock', res['stats_socket']) self.assertIsNone(res['ssl_crt']) # Bogus format self.useFixture(test_utils.OpenFixture(path, 'Bogus')) try: res = listener._parse_haproxy_file(LISTENER_ID1) self.fail("No Exception?") except listener.ParsingError: pass
def test_parse_haproxy_config(self): # template_tls tls_tupe = sample_configs.sample_tls_container_tuple( certificate='imaCert1', private_key='imaPrivateKey1', primary_cn='FakeCN') rendered_obj = self.jinja_cfg.render_loadbalancer_obj( sample_configs.sample_listener_tuple(proto='TERMINATED_HTTPS', tls=True, sni=True), tls_tupe) m = mock.mock_open(read_data=rendered_obj) with mock.patch.object(builtins, 'open', m, create=True): res = listener._parse_haproxy_file('123') self.assertEqual('TERMINATED_HTTPS', res['mode']) self.assertEqual('/var/lib/octavia/sample_listener_id_1.sock', res['stats_socket']) self.assertEqual( '/var/lib/octavia/certs/sample_listener_id_1/FakeCN.pem', res['ssl_crt']) # render_template_tls_no_sni rendered_obj = self.jinja_cfg.render_loadbalancer_obj( sample_configs.sample_listener_tuple( proto='TERMINATED_HTTPS', tls=True), tls_cert=sample_configs.sample_tls_container_tuple( certificate='ImAalsdkfjCert', private_key='ImAsdlfksdjPrivateKey', primary_cn="FakeCN")) m = mock.mock_open(read_data=rendered_obj) with mock.patch.object(builtins, 'open', m, create=True): res = listener._parse_haproxy_file('123') self.assertEqual('TERMINATED_HTTPS', res['mode']) self.assertEqual(BASE_AMP_PATH + '/sample_listener_id_1.sock', res['stats_socket']) self.assertEqual( BASE_CRT_PATH + '/sample_listener_id_1/FakeCN.pem', res['ssl_crt']) # render_template_http rendered_obj = self.jinja_cfg.render_loadbalancer_obj( sample_configs.sample_listener_tuple()) m = mock.mock_open(read_data=rendered_obj) with mock.patch.object(builtins, 'open', m, create=True): res = listener._parse_haproxy_file('123') self.assertEqual('HTTP', res['mode']) self.assertEqual(BASE_AMP_PATH + '/sample_listener_id_1.sock', res['stats_socket']) self.assertIsNone(res['ssl_crt']) # template_https rendered_obj = self.jinja_cfg.render_loadbalancer_obj( sample_configs.sample_listener_tuple(proto='HTTPS')) m = mock.mock_open(read_data=rendered_obj) with mock.patch.object(builtins, 'open', m, create=True): res = listener._parse_haproxy_file('123') self.assertEqual('TCP', res['mode']) self.assertEqual(BASE_AMP_PATH + '/sample_listener_id_1.sock', res['stats_socket']) self.assertIsNone(res['ssl_crt']) # Bogus format m = mock.mock_open(read_data='Bogus') with mock.patch.object(builtins, 'open', m, create=True): try: res = listener._parse_haproxy_file('123') self.fail("No Exception?") except listener.ParsingError: pass
def test_parse_haproxy_config(self): # template_tls tls_tupe = sample_configs.sample_tls_container_tuple( certificate='imaCert1', private_key='imaPrivateKey1', primary_cn='FakeCN') rendered_obj = self.jinja_cfg.render_loadbalancer_obj( sample_configs.sample_listener_tuple(proto='TERMINATED_HTTPS', tls=True, sni=True), tls_tupe) m = mock.mock_open(read_data=rendered_obj) with mock.patch('%s.open' % BUILTINS, m, create=True): res = listener._parse_haproxy_file('123') self.assertEqual('TERMINATED_HTTPS', res['mode']) self.assertEqual('/var/lib/octavia/sample_listener_id_1.sock', res['stats_socket']) self.assertEqual( '/var/lib/octavia/certs/sample_listener_id_1/FakeCN.pem', res['ssl_crt']) # render_template_tls_no_sni rendered_obj = self.jinja_cfg.render_loadbalancer_obj( sample_configs.sample_listener_tuple(proto='TERMINATED_HTTPS', tls=True), tls_cert=sample_configs.sample_tls_container_tuple( certificate='ImAalsdkfjCert', private_key='ImAsdlfksdjPrivateKey', primary_cn="FakeCN")) m = mock.mock_open(read_data=rendered_obj) with mock.patch('%s.open' % BUILTINS, m, create=True): res = listener._parse_haproxy_file('123') self.assertEqual('TERMINATED_HTTPS', res['mode']) self.assertEqual(BASE_AMP_PATH + '/sample_listener_id_1.sock', res['stats_socket']) self.assertEqual( BASE_CRT_PATH + '/sample_listener_id_1/FakeCN.pem', res['ssl_crt']) # render_template_http rendered_obj = self.jinja_cfg.render_loadbalancer_obj( sample_configs.sample_listener_tuple()) m = mock.mock_open(read_data=rendered_obj) with mock.patch('%s.open' % BUILTINS, m, create=True): res = listener._parse_haproxy_file('123') self.assertEqual('HTTP', res['mode']) self.assertEqual(BASE_AMP_PATH + '/sample_listener_id_1.sock', res['stats_socket']) self.assertIsNone(res['ssl_crt']) # template_https rendered_obj = self.jinja_cfg.render_loadbalancer_obj( sample_configs.sample_listener_tuple(proto='HTTPS')) m = mock.mock_open(read_data=rendered_obj) with mock.patch('%s.open' % BUILTINS, m, create=True): res = listener._parse_haproxy_file('123') self.assertEqual('TCP', res['mode']) self.assertEqual(BASE_AMP_PATH + '/sample_listener_id_1.sock', res['stats_socket']) self.assertIsNone(res['ssl_crt']) # Bogus format m = mock.mock_open(read_data='Bogus') with mock.patch('%s.open' % BUILTINS, m, create=True): try: res = listener._parse_haproxy_file('123') self.fail("No Exception?") except listener.ParsingError: pass
def test_parse_haproxy_config(self): # template_tls tls_tupe = sample_configs.sample_tls_container_tuple( certificate="imaCert1", private_key="imaPrivateKey1", primary_cn="FakeCN" ) rendered_obj = self.jinja_cfg.render_loadbalancer_obj( sample_configs.sample_listener_tuple(proto="TERMINATED_HTTPS", tls=True, sni=True), tls_tupe ) m = mock.mock_open(read_data=rendered_obj) with mock.patch("%s.open" % BUILTINS, m, create=True): res = listener._parse_haproxy_file("123") self.assertEqual("TERMINATED_HTTPS", res["mode"]) self.assertEqual("/var/lib/octavia/sample_listener_id_1.sock", res["stats_socket"]) self.assertEqual("/var/lib/octavia/certs/sample_listener_id_1/FakeCN.pem", res["ssl_crt"]) # render_template_tls_no_sni rendered_obj = self.jinja_cfg.render_loadbalancer_obj( sample_configs.sample_listener_tuple(proto="TERMINATED_HTTPS", tls=True), tls_cert=sample_configs.sample_tls_container_tuple( certificate="ImAalsdkfjCert", private_key="ImAsdlfksdjPrivateKey", primary_cn="FakeCN" ), ) m = mock.mock_open(read_data=rendered_obj) with mock.patch("%s.open" % BUILTINS, m, create=True): res = listener._parse_haproxy_file("123") self.assertEqual("TERMINATED_HTTPS", res["mode"]) self.assertEqual(BASE_AMP_PATH + "/sample_listener_id_1.sock", res["stats_socket"]) self.assertEqual(BASE_CRT_PATH + "/sample_listener_id_1/FakeCN.pem", res["ssl_crt"]) # render_template_http rendered_obj = self.jinja_cfg.render_loadbalancer_obj(sample_configs.sample_listener_tuple()) m = mock.mock_open(read_data=rendered_obj) with mock.patch("%s.open" % BUILTINS, m, create=True): res = listener._parse_haproxy_file("123") self.assertEqual("HTTP", res["mode"]) self.assertEqual(BASE_AMP_PATH + "/sample_listener_id_1.sock", res["stats_socket"]) self.assertIsNone(res["ssl_crt"]) # template_https rendered_obj = self.jinja_cfg.render_loadbalancer_obj(sample_configs.sample_listener_tuple(proto="HTTPS")) m = mock.mock_open(read_data=rendered_obj) with mock.patch("%s.open" % BUILTINS, m, create=True): res = listener._parse_haproxy_file("123") self.assertEqual("TCP", res["mode"]) self.assertEqual(BASE_AMP_PATH + "/sample_listener_id_1.sock", res["stats_socket"]) self.assertIsNone(res["ssl_crt"]) # Bogus format m = mock.mock_open(read_data="Bogus") with mock.patch("%s.open" % BUILTINS, m, create=True): try: res = listener._parse_haproxy_file("123") self.fail("No Exception?") except listener.ParsingError: pass