def test_load_certificates(self, mock_oslo): listener = sample_configs_combined.sample_listener_tuple( tls=True, sni=True, client_ca_cert=True) client = mock.MagicMock() context = mock.Mock() context.project_id = '12345' with mock.patch.object(cert_parser, 'get_host_names') as cp: with mock.patch.object(cert_parser, '_map_cert_tls_container'): cp.return_value = {'cn': 'fakeCN'} cert_parser.load_certificates_data(client, listener, context) # Ensure upload_cert is called three times calls_cert_mngr = [ mock.call.get_cert(context, 'cont_id_1', check_only=True), mock.call.get_cert(context, 'cont_id_2', check_only=True), mock.call.get_cert(context, 'cont_id_3', check_only=True) ] client.assert_has_calls(calls_cert_mngr) # Test asking for nothing listener = sample_configs_combined.sample_listener_tuple( tls=False, sni=False, client_ca_cert=False) client = mock.MagicMock() with mock.patch.object(cert_parser, '_map_cert_tls_container') as mock_map: result = cert_parser.load_certificates_data(client, listener) mock_map.assert_not_called() ref_empty_dict = {'tls_cert': None, 'sni_certs': []} self.assertEqual(ref_empty_dict, result) mock_oslo.assert_called()
def test_render_template_udp_listener_with_http_health_monitor(self): exp = ("# Configuration for Loadbalancer sample_loadbalancer_id_1\n" "# Configuration for Listener sample_listener_id_1\n\n" "net_namespace amphora-haproxy\n\n" "virtual_server 10.0.0.2 80 {\n" " lb_algo rr\n" " lb_kind NAT\n" " protocol UDP\n" " delay_loop 30\n" " delay_before_retry 30\n" " retry 3\n\n\n" " # Configuration for Pool sample_pool_id_1\n" " # Configuration for HealthMonitor sample_monitor_id_1\n" " # Configuration for Member sample_member_id_1\n" " real_server 10.0.0.99 82 {\n" " weight 13\n" " uthreshold 98\n" " HTTP_GET {\n" " url {\n" " path /index.html\n" " status_code 200\n" " }\n" " url {\n" " path /index.html\n" " status_code 201\n" " }\n" " connect_ip 10.0.0.99\n" " connect_port 82\n" " connect_timeout 31\n" " }\n" " }\n\n" " # Configuration for Member sample_member_id_2\n" " real_server 10.0.0.98 82 {\n" " weight 13\n" " uthreshold 98\n" " HTTP_GET {\n" " url {\n" " path /index.html\n" " status_code 200\n" " }\n" " url {\n" " path /index.html\n" " status_code 201\n" " }\n" " connect_ip 10.0.0.98\n" " connect_port 82\n" " connect_timeout 31\n" " }\n" " }\n\n" "}\n\n") listener = sample_configs_combined.sample_listener_tuple( proto=constants.PROTOCOL_UDP, monitor_proto=constants.HEALTH_MONITOR_HTTP, connection_limit=98, persistence=False, monitor_expected_codes='200-201') rendered_obj = self.udp_jinja_cfg.render_loadbalancer_obj(listener) self.assertEqual(exp, rendered_obj)
def test_render_template_udp_with_disabled_pool(self): exp = ("# Configuration for Loadbalancer sample_loadbalancer_id_1\n" "# Configuration for Listener sample_listener_id_1\n\n" "net_namespace amphora-haproxy\n\n" "virtual_server 10.0.0.2 80 {\n" " lb_algo rr\n" " lb_kind NAT\n" " protocol UDP\n\n\n" " # Pool sample_pool_id_1 is disabled\n" " # Configuration for Member sample_member_id_1\n" " real_server 10.0.0.99 82 {\n" " weight 13\n\n" " }\n\n" " # Configuration for Member sample_member_id_2\n" " real_server 10.0.0.98 82 {\n" " weight 13\n\n" " }\n\n" "}\n\n") rendered_obj = self.lvs_jinja_cfg.render_loadbalancer_obj( sample_configs_combined.sample_listener_tuple( proto=constants.PROTOCOL_UDP, monitor=False, persistence=False, alloc_default_pool=True, pool_enabled=False)) self.assertEqual(exp, rendered_obj)
def setUp(self): super(TestAmphoraInfo, self).setUp() self.osutils_mock = mock.MagicMock() self.amp_info = amphora_info.AmphoraInfo(self.osutils_mock) self.udp_driver = mock.MagicMock() # setup a fake haproxy config file templater = jinja_cfg.JinjaTemplater(base_amp_path=self.BASE_AMP_PATH, base_crt_dir=self.BASE_CRT_PATH) tls_tupel = { 'cont_id_1': sample_configs_combined.sample_tls_container_tuple( id='tls_container_id', certificate='imaCert1', private_key='imaPrivateKey1', primary_cn='FakeCN') } self.rendered_haproxy_cfg = templater.render_loadbalancer_obj( sample_configs_combined.sample_amphora_tuple(), [ sample_configs_combined.sample_listener_tuple( proto='TERMINATED_HTTPS', tls=True, sni=True) ], tls_tupel) path = util.config_path(self.LB_ID_1) self.useFixture(test_utils.OpenFixture(path, self.rendered_haproxy_cfg))
def test_render_template_sctp_no_other_resources(self): exp = ("# Configuration for Loadbalancer sample_loadbalancer_id_1\n" "# Configuration for Listener sample_listener_id_1\n\n" "net_namespace amphora-haproxy\n\n\n") rendered_obj = self.lvs_jinja_cfg.render_loadbalancer_obj( sample_configs_combined.sample_listener_tuple( proto=lib_consts.PROTOCOL_SCTP, monitor=False, persistence=False, alloc_default_pool=False)) self.assertEqual(exp, rendered_obj)
def test_udp_transform_listener(self): in_listener = sample_configs_combined.sample_listener_tuple( proto=constants.PROTOCOL_UDP, persistence_type=constants.SESSION_PERSISTENCE_SOURCE_IP, persistence_timeout=33, persistence_granularity='255.0.0.0', monitor_proto=constants.HEALTH_MONITOR_UDP_CONNECT, connection_limit=98) ret = self.udp_jinja_cfg._transform_listener(in_listener) self.assertEqual(sample_configs_combined.RET_UDP_LISTENER, ret) in_listener = sample_configs_combined.sample_listener_tuple( proto=constants.PROTOCOL_UDP, persistence_type=constants.SESSION_PERSISTENCE_SOURCE_IP, persistence_timeout=33, persistence_granularity='255.0.0.0', monitor_proto=constants.HEALTH_MONITOR_UDP_CONNECT, connection_limit=-1) ret = self.udp_jinja_cfg._transform_listener(in_listener) sample_configs_combined.RET_UDP_LISTENER.pop('connection_limit') self.assertEqual(sample_configs_combined.RET_UDP_LISTENER, ret)
def test_render_template_disabled_udp_listener(self): exp = ("# Configuration for Loadbalancer sample_loadbalancer_id_1\n" "# Listener sample_listener_id_1 is disabled\n\n" "net_namespace amphora-haproxy\n\n") rendered_obj = self.udp_jinja_cfg.render_loadbalancer_obj( sample_configs_combined.sample_listener_tuple( enabled=False, proto=constants.PROTOCOL_UDP, persistence_type=constants.SESSION_PERSISTENCE_SOURCE_IP, persistence_timeout=33, persistence_granularity='255.255.0.0', monitor_proto=constants.HEALTH_MONITOR_UDP_CONNECT, connection_limit=98)) self.assertEqual(exp, rendered_obj)
def test_render_template_udp_source_ip(self): exp = ("# Configuration for Loadbalancer sample_loadbalancer_id_1\n" "# Configuration for Listener sample_listener_id_1\n\n" "net_namespace amphora-haproxy\n\n" "virtual_server 10.0.0.2 80 {\n" " lb_algo rr\n" " lb_kind NAT\n" " protocol UDP\n" " persistence_timeout 33\n" " persistence_granularity 255.255.0.0\n" " delay_loop 30\n" " delay_before_retry 31\n" " retry 3\n\n\n" " # Configuration for Pool sample_pool_id_1\n" " # Configuration for HealthMonitor sample_monitor_id_1\n" " # Configuration for Member sample_member_id_1\n" " real_server 10.0.0.99 82 {\n" " weight 13\n" " uthreshold 98\n" " delay_before_retry 31\n" " retry 3\n" " MISC_CHECK {\n" " misc_path \"/var/lib/octavia/lvs/check/" "udp_check.sh 10.0.0.99 82\"\n" " misc_timeout 30\n" " }\n" " }\n\n" " # Configuration for Member sample_member_id_2\n" " real_server 10.0.0.98 82 {\n" " weight 13\n" " uthreshold 98\n" " delay_before_retry 31\n" " retry 3\n" " MISC_CHECK {\n" " misc_path \"/var/lib/octavia/lvs/check/" "udp_check.sh 10.0.0.98 82\"\n" " misc_timeout 30\n" " }\n" " }\n\n" "}\n\n") rendered_obj = self.udp_jinja_cfg.render_loadbalancer_obj( sample_configs_combined.sample_listener_tuple( proto=constants.PROTOCOL_UDP, persistence_type=constants.SESSION_PERSISTENCE_SOURCE_IP, persistence_timeout=33, persistence_granularity='255.255.0.0', monitor_proto=constants.HEALTH_MONITOR_UDP_CONNECT, connection_limit=98)) self.assertEqual(exp, rendered_obj)
def test_render_template_udp_with_health_monitor_ip_port(self): exp = ("# Configuration for Loadbalancer sample_loadbalancer_id_1\n" "# Configuration for Listener sample_listener_id_1\n\n" "net_namespace amphora-haproxy\n\n" "virtual_server 10.0.0.2 80 {\n" " lb_algo rr\n" " lb_kind NAT\n" " protocol UDP\n" " delay_loop 30\n" " delay_before_retry 31\n" " retry 3\n\n\n" " # Configuration for Pool sample_pool_id_1\n" " # Configuration for HealthMonitor sample_monitor_id_1\n" " # Configuration for Member sample_member_id_1\n" " real_server 10.0.0.99 82 {\n" " weight 13\n" " uthreshold 98\n" " delay_before_retry 31\n" " retry 3\n" " MISC_CHECK {\n" " misc_path \"/var/lib/octavia/lvs/check/" "udp_check.sh 192.168.1.1 9000\"\n" " misc_timeout 30\n" " }\n" " }\n\n" " # Configuration for Member sample_member_id_2\n" " real_server 10.0.0.98 82 {\n" " weight 13\n" " uthreshold 98\n" " delay_before_retry 31\n" " retry 3\n" " MISC_CHECK {\n" " misc_path \"/var/lib/octavia/lvs/check/" "udp_check.sh 192.168.1.1 9000\"\n" " misc_timeout 30\n" " }\n" " }\n\n" "}\n\n") rendered_obj = self.udp_jinja_cfg.render_loadbalancer_obj( sample_configs_combined.sample_listener_tuple( proto=constants.PROTOCOL_UDP, monitor_ip_port=True, monitor_proto=constants.HEALTH_MONITOR_UDP_CONNECT, persistence=False, connection_limit=98)) self.assertEqual(exp, rendered_obj)
def test_render_template_udp_with_pool_no_member(self): exp = ("# Configuration for Loadbalancer sample_loadbalancer_id_1\n" "# Configuration for Listener sample_listener_id_1\n\n" "net_namespace amphora-haproxy\n\n" "virtual_server 10.0.0.2 80 {\n" " lb_algo rr\n" " lb_kind NAT\n" " protocol UDP\n\n\n" " # Configuration for Pool sample_pool_id_0\n" "}\n\n") rendered_obj = self.udp_jinja_cfg.render_loadbalancer_obj( sample_configs_combined.sample_listener_tuple( proto=constants.PROTOCOL_UDP, monitor=False, persistence=False, alloc_default_pool=True, sample_default_pool=0)) self.assertEqual(exp, rendered_obj)
def test_render_template_sctp_listener_with_tcp_health_monitor(self): exp = ("# Configuration for Loadbalancer sample_loadbalancer_id_1\n" "# Configuration for Listener sample_listener_id_1\n\n" "net_namespace amphora-haproxy\n\n" "virtual_server 10.0.0.2 80 {\n" " lb_algo rr\n" " lb_kind NAT\n" " protocol SCTP\n" " delay_loop 30\n" " delay_before_retry 30\n" " retry 3\n\n\n" " # Configuration for Pool sample_pool_id_1\n" " # Configuration for HealthMonitor sample_monitor_id_1\n" " # Configuration for Member sample_member_id_1\n" " real_server 10.0.0.99 82 {\n" " weight 13\n" " uthreshold 98\n" " TCP_CHECK {\n" " connect_ip 10.0.0.99\n" " connect_port 82\n" " connect_timeout 31\n" " }\n" " }\n\n" " # Configuration for Member sample_member_id_2\n" " real_server 10.0.0.98 82 {\n" " weight 13\n" " uthreshold 98\n" " TCP_CHECK {\n" " connect_ip 10.0.0.98\n" " connect_port 82\n" " connect_timeout 31\n" " }\n" " }\n\n" "}\n\n") listener = sample_configs_combined.sample_listener_tuple( proto=lib_consts.PROTOCOL_SCTP, monitor_proto=constants.HEALTH_MONITOR_TCP, connection_limit=98, persistence=False) rendered_obj = self.lvs_jinja_cfg.render_loadbalancer_obj(listener) self.assertEqual(exp, rendered_obj)
def test_parse_haproxy_config(self): # template_tls tls_tupe = { 'cont_id_1': sample_configs_combined.sample_tls_container_tuple( id='tls_container_id', certificate='imaCert1', private_key='imaPrivateKey1', primary_cn='FakeCN') } rendered_obj = self.jinja_cfg.render_loadbalancer_obj( sample_configs_combined.sample_amphora_tuple(), [ sample_configs_combined.sample_listener_tuple( proto='TERMINATED_HTTPS', tls=True, sni=True) ], tls_tupe) path = util.config_path(LISTENER_ID1) self.useFixture(test_utils.OpenFixture(path, rendered_obj)) res = util.parse_haproxy_file(LISTENER_ID1) listener_dict = res[1]['sample_listener_id_1'] self.assertEqual('TERMINATED_HTTPS', listener_dict['mode']) self.assertEqual('/var/lib/octavia/sample_loadbalancer_id_1.sock', res[0]) self.assertEqual( '/var/lib/octavia/certs/sample_loadbalancer_id_1/' 'tls_container_id.pem crt /var/lib/octavia/certs/' 'sample_loadbalancer_id_1', listener_dict['ssl_crt']) # render_template_tls_no_sni rendered_obj = self.jinja_cfg.render_loadbalancer_obj( sample_configs_combined.sample_amphora_tuple(), [ sample_configs_combined.sample_listener_tuple( proto='TERMINATED_HTTPS', tls=True) ], tls_certs={ 'cont_id_1': sample_configs_combined.sample_tls_container_tuple( id='tls_container_id', certificate='ImAalsdkfjCert', private_key='ImAsdlfksdjPrivateKey', primary_cn="FakeCN") }) self.useFixture(test_utils.OpenFixture(path, rendered_obj)) res = util.parse_haproxy_file(LISTENER_ID1) listener_dict = res[1]['sample_listener_id_1'] self.assertEqual('TERMINATED_HTTPS', listener_dict['mode']) self.assertEqual(BASE_AMP_PATH + '/sample_loadbalancer_id_1.sock', res[0]) self.assertEqual( BASE_CRT_PATH + '/sample_loadbalancer_id_1/tls_container_id.pem', listener_dict['ssl_crt']) # render_template_http rendered_obj = self.jinja_cfg.render_loadbalancer_obj( sample_configs_combined.sample_amphora_tuple(), [sample_configs_combined.sample_listener_tuple()]) self.useFixture(test_utils.OpenFixture(path, rendered_obj)) res = util.parse_haproxy_file(LISTENER_ID1) listener_dict = res[1]['sample_listener_id_1'] self.assertEqual('HTTP', listener_dict['mode']) self.assertEqual(BASE_AMP_PATH + '/sample_loadbalancer_id_1.sock', res[0]) self.assertIsNone(listener_dict.get('ssl_crt', None)) # template_https rendered_obj = self.jinja_cfg.render_loadbalancer_obj( sample_configs_combined.sample_amphora_tuple(), [sample_configs_combined.sample_listener_tuple(proto='HTTPS')]) self.useFixture(test_utils.OpenFixture(path, rendered_obj)) res = util.parse_haproxy_file(LISTENER_ID1) listener_dict = res[1]['sample_listener_id_1'] self.assertEqual('TCP', listener_dict['mode']) self.assertEqual(BASE_AMP_PATH + '/sample_loadbalancer_id_1.sock', res[0]) self.assertIsNone(listener_dict.get('ssl_crt', None)) # Bogus format self.useFixture(test_utils.OpenFixture(path, 'Bogus')) try: res = util.parse_haproxy_file(LISTENER_ID1) self.fail("No Exception?") except util.ParsingError: pass # Bad listener mode fake_cfg = 'stats socket foo\nfrontend {}\nmode\n'.format(LISTENER_ID1) self.useFixture(test_utils.OpenFixture(path, fake_cfg)) self.assertRaises(util.ParsingError, util.parse_haproxy_file, LISTENER_ID1)
def test_parse_haproxy_config(self): self.CONF.config(group="haproxy_amphora", base_cert_dir='/fake_cert_dir') FAKE_CRT_LIST_FILENAME = os.path.join( CONF.haproxy_amphora.base_cert_dir, 'sample_loadbalancer_id_1/sample_listener_id_1.pem') rendered_obj = self.jinja_cfg.render_loadbalancer_obj( sample_configs_combined.sample_amphora_tuple(), [ sample_configs_combined.sample_listener_tuple( proto='TERMINATED_HTTPS', tls=True, sni=True) ]) path = util.config_path(LISTENER_ID1) self.useFixture(test_utils.OpenFixture(path, rendered_obj)) res = util.parse_haproxy_file(LISTENER_ID1) listener_dict = res[1]['sample_listener_id_1'] # NOTE: parse_haproxy_file makes mode TERMINATED_HTTPS even though # the haproxy.cfg needs mode HTTP self.assertEqual('TERMINATED_HTTPS', listener_dict['mode']) self.assertEqual('/var/lib/octavia/sample_loadbalancer_id_1.sock', res[0]) self.assertEqual(FAKE_CRT_LIST_FILENAME, listener_dict['ssl_crt']) # render_template_tls_no_sni rendered_obj = self.jinja_cfg.render_loadbalancer_obj( sample_configs_combined.sample_amphora_tuple(), [ sample_configs_combined.sample_listener_tuple( proto='TERMINATED_HTTPS', tls=True) ]) self.useFixture(test_utils.OpenFixture(path, rendered_obj)) res = util.parse_haproxy_file(LISTENER_ID1) listener_dict = res[1]['sample_listener_id_1'] self.assertEqual('TERMINATED_HTTPS', listener_dict['mode']) self.assertEqual(BASE_AMP_PATH + '/sample_loadbalancer_id_1.sock', res[0]) self.assertEqual(FAKE_CRT_LIST_FILENAME, listener_dict['ssl_crt']) # render_template_http rendered_obj = self.jinja_cfg.render_loadbalancer_obj( sample_configs_combined.sample_amphora_tuple(), [sample_configs_combined.sample_listener_tuple()]) self.useFixture(test_utils.OpenFixture(path, rendered_obj)) res = util.parse_haproxy_file(LISTENER_ID1) listener_dict = res[1]['sample_listener_id_1'] self.assertEqual('HTTP', listener_dict['mode']) self.assertEqual(BASE_AMP_PATH + '/sample_loadbalancer_id_1.sock', res[0]) self.assertIsNone(listener_dict.get('ssl_crt', None)) # template_https rendered_obj = self.jinja_cfg.render_loadbalancer_obj( sample_configs_combined.sample_amphora_tuple(), [sample_configs_combined.sample_listener_tuple(proto='HTTPS')]) self.useFixture(test_utils.OpenFixture(path, rendered_obj)) res = util.parse_haproxy_file(LISTENER_ID1) listener_dict = res[1]['sample_listener_id_1'] self.assertEqual('TCP', listener_dict['mode']) self.assertEqual(BASE_AMP_PATH + '/sample_loadbalancer_id_1.sock', res[0]) self.assertIsNone(listener_dict.get('ssl_crt', None)) # Bogus format self.useFixture(test_utils.OpenFixture(path, 'Bogus')) try: res = util.parse_haproxy_file(LISTENER_ID1) self.fail("No Exception?") except util.ParsingError: pass # Bad listener mode fake_cfg = 'stats socket foo\nfrontend {}\nmode\n'.format(LISTENER_ID1) self.useFixture(test_utils.OpenFixture(path, fake_cfg)) self.assertRaises(util.ParsingError, util.parse_haproxy_file, LISTENER_ID1)