def test_load_certificates(self, mock_oslo): listener = sample_configs.sample_listener_tuple(tls=True, sni=True, client_ca_cert=True) client = mock.MagicMock() context = mock.Mock() context.project_id = '12345' with mock.patch.object(cert_parser, 'get_host_names') as cp: with mock.patch.object(cert_parser, '_map_cert_tls_container'): cp.return_value = {'cn': 'fakeCN'} cert_parser.load_certificates_data(client, listener, context) # Ensure upload_cert is called three times calls_cert_mngr = [ mock.call.get_cert(context, 'cont_id_1', check_only=True), mock.call.get_cert(context, 'cont_id_2', check_only=True), mock.call.get_cert(context, 'cont_id_3', check_only=True) ] client.assert_has_calls(calls_cert_mngr) # Test asking for nothing listener = sample_configs.sample_listener_tuple(tls=False, sni=False, client_ca_cert=False) client = mock.MagicMock() with mock.patch.object(cert_parser, '_map_cert_tls_container') as mock_map: result = cert_parser.load_certificates_data(client, listener) mock_map.assert_not_called() ref_empty_dict = {'tls_cert': None, 'sni_certs': []} self.assertEqual(ref_empty_dict, result) mock_oslo.assert_called()
def test_load_certificates(self, mock_oslo): listener = sample_configs_combined.sample_listener_tuple( tls=True, sni=True, client_ca_cert=True) client = mock.MagicMock() context = mock.Mock() context.project_id = '12345' with mock.patch.object(cert_parser, 'get_host_names') as cp: with mock.patch.object(cert_parser, '_map_cert_tls_container'): cp.return_value = {'cn': 'fakeCN'} cert_parser.load_certificates_data(client, listener, context) # Ensure upload_cert is called three times calls_cert_mngr = [ mock.call.get_cert(context, 'cont_id_1', check_only=True), mock.call.get_cert(context, 'cont_id_2', check_only=True), mock.call.get_cert(context, 'cont_id_3', check_only=True) ] client.assert_has_calls(calls_cert_mngr) # Test asking for nothing listener = sample_configs_combined.sample_listener_tuple( tls=False, sni=False, client_ca_cert=False) client = mock.MagicMock() with mock.patch.object(cert_parser, '_map_cert_tls_container') as mock_map: result = cert_parser.load_certificates_data(client, listener) mock_map.assert_not_called() ref_empty_dict = {'tls_cert': None, 'sni_certs': []} self.assertEqual(ref_empty_dict, result) mock_oslo.assert_called()
def test_load_certificates(self): listener = sample_configs.sample_listener_tuple(tls=True, sni=True) client = mock.MagicMock() with mock.patch.object(cert_parser, 'get_host_names') as cp: with mock.patch.object(cert_parser, '_map_cert_tls_container'): cp.return_value = {'cn': 'fakeCN'} cert_parser.load_certificates_data(client, listener) # Ensure upload_cert is called three times calls_cert_mngr = [ mock.call.get_cert('12345', 'cont_id_1', check_only=True), mock.call.get_cert('12345', 'cont_id_2', check_only=True), mock.call.get_cert('12345', 'cont_id_3', check_only=True) ] client.assert_has_calls(calls_cert_mngr)
def _process_tls_certificates(self, listener): """Processes TLS data from the listener. Converts and uploads PEM data to the Amphora API return TLS_CERT and SNI_CERTS """ data = [] certs = cert_parser.load_certificates_data( self.cert_manager, listener) sni_containers = certs['sni_certs'] tls_cert = certs['tls_cert'] if certs['tls_cert'] is not None: data.append(cert_parser.build_pem(tls_cert)) if sni_containers: for sni_cont in sni_containers: data.append(cert_parser.build_pem(sni_cont)) if data: cert_dir = os.path.join(self.amp_config.base_cert_dir, listener.id) listener_cert = '{0}/{1}.pem'.format(cert_dir, tls_cert.primary_cn) self._exec_on_amphorae( listener.load_balancer.amphorae, [ 'chmod 600 {0}/*.pem'.format(cert_dir)], make_dir=cert_dir, data=data, upload_dir=listener_cert) return certs
def get_certificates(self, obj, context=None): """Fetches certificates and creates dict out of octavia objects :param obj: octavia listener or pool object :param context: optional oslo_context :return: certificate dict """ certificates = [] cert_dict = cert_parser.load_certificates_data(self.cert_manager, obj, context) cert_dict['container_id'] = [] if obj.tls_certificate_id: cert_dict['container_id'].append(obj.tls_certificate_id.split('/')[-1]) if hasattr(obj, 'sni_containers') and obj.sni_containers: cert_dict['container_id'].extend([sni.tls_container_id.split('/')[-1] for sni in obj.sni_containers]) # Note, the first cert is the TLS default cert if cert_dict['tls_cert'] is not None: certificates.append({ 'id': '{}{}'.format(constants.PREFIX_CERTIFICATE, cert_dict['tls_cert'].id), 'as3': m_cert.get_certificate( 'Container {}'.format(', '.join(cert_dict['container_id'])), cert_dict['tls_cert']) }) for sni_cert in cert_dict['sni_certs']: certificates.append({ 'id': '{}{}'.format(constants.PREFIX_CERTIFICATE, sni_cert.id), 'as3': m_cert.get_certificate( 'Container {}'.format(', '.join(cert_dict['container_id'])), sni_cert) }) return certificates
def _process_tls_certificates(self, listener): """Processes TLS data from the listener. Converts and uploads PEM data to the Amphora API return TLS_CERT and SNI_CERTS """ tls_cert = None sni_certs = [] certs = [] data = cert_parser.load_certificates_data(self.cert_manager, listener) if data['tls_cert'] is not None: tls_cert = data['tls_cert'] certs.append(tls_cert) if data['sni_certs']: sni_certs = data['sni_certs'] certs.extend(sni_certs) for cert in certs: pem = cert_parser.build_pem(cert) md5 = hashlib.md5(six.b(pem)).hexdigest() name = '{cn}.pem'.format(cn=cert.primary_cn) self._apply(self._upload_cert, listener, pem, md5, name) return {'tls_cert': tls_cert, 'sni_certs': sni_certs}
def _process_tls_certificates(self, listener): """Processes TLS data from the listener. Converts and uploads PEM data to the Amphora API return TLS_CERT and SNI_CERTS """ data = [] certs = cert_parser.load_certificates_data(self.cert_manager, listener) sni_containers = certs['sni_certs'] tls_cert = certs['tls_cert'] if certs['tls_cert'] is not None: data.append(cert_parser.build_pem(tls_cert)) if sni_containers: for sni_cont in sni_containers: data.append(cert_parser.build_pem(sni_cont)) if data: cert_dir = os.path.join(self.amp_config.base_cert_dir, listener.id) listener_cert = '{0}/{1}.pem'.format(cert_dir, tls_cert.primary_cn) self._exec_on_amphorae(listener.load_balancer.amphorae, ['chmod 600 {0}/*.pem'.format(cert_dir)], make_dir=cert_dir, data=data, upload_dir=listener_cert) return certs
def _process_tls_certificates(self, listener): """Processes TLS data from the listener. Converts and uploads PEM data to the Amphora API return TLS_CERT and SNI_CERTS """ tls_cert = None sni_certs = [] certs = [] data = cert_parser.load_certificates_data( self.cert_manager, listener) if data['tls_cert'] is not None: tls_cert = data['tls_cert'] certs.append(tls_cert) if data['sni_certs']: sni_certs = data['sni_certs'] certs.extend(sni_certs) for cert in certs: pem = cert_parser.build_pem(cert) md5 = hashlib.md5(six.b(pem)).hexdigest() name = '{cn}.pem'.format(cn=cert.primary_cn) self._apply(self._upload_cert, listener, pem, md5, name) return {'tls_cert': tls_cert, 'sni_certs': sni_certs}
def _process_tls_certificates(self, listener, amphora=None, obj_id=None): """Processes TLS data from the listener. Converts and uploads PEM data to the Amphora API return TLS_CERT and SNI_CERTS """ tls_cert = None sni_certs = [] certs = [] data = cert_parser.load_certificates_data(self.cert_manager, listener) if data['tls_cert'] is not None: tls_cert = data['tls_cert'] certs.append(tls_cert) if data['sni_certs']: sni_certs = data['sni_certs'] certs.extend(sni_certs) if amphora and obj_id: for cert in certs: pem = cert_parser.build_pem(cert) md5 = hashlib.md5(pem).hexdigest() # nosec name = '{id}.pem'.format(id=cert.id) self._upload_cert(amphora, obj_id, pem, md5, name) return {'tls_cert': tls_cert, 'sni_certs': sni_certs}
def _process_pool_certs(self, listener, pool, amphora=None, obj_id=None): pool_cert_dict = dict() # Handle the client cert(s) and key if pool.tls_certificate_id: data = cert_parser.load_certificates_data(self.cert_manager, pool) pem = cert_parser.build_pem(data) try: pem = pem.encode('utf-8') except AttributeError: pass md5 = hashlib.md5(pem).hexdigest() # nosec name = '{id}.pem'.format(id=data.id) if amphora and obj_id: self._upload_cert(amphora, obj_id, pem=pem, md5=md5, name=name) pool_cert_dict['client_cert'] = os.path.join( CONF.haproxy_amphora.base_cert_dir, listener.id, name) if pool.ca_tls_certificate_id: name = self._process_secret(listener, pool.ca_tls_certificate_id, amphora, obj_id) pool_cert_dict['ca_cert'] = os.path.join( CONF.haproxy_amphora.base_cert_dir, listener.id, name) if pool.crl_container_id: name = self._process_secret(listener, pool.crl_container_id, amphora, obj_id) pool_cert_dict['crl'] = os.path.join( CONF.haproxy_amphora.base_cert_dir, listener.id, name) return pool_cert_dict
def _process_pool_certs(self, listener, pool): pool_cert_dict = dict() # Handle the cleint cert(s) and key if pool.tls_certificate_id: data = cert_parser.load_certificates_data(self.cert_manager, pool) pem = cert_parser.build_pem(data) try: pem = pem.encode('utf-8') except AttributeError: pass md5 = hashlib.md5(pem).hexdigest() # nosec name = '{id}.pem'.format(id=data.id) self._apply(self._upload_cert, listener, None, pem, md5, name) pool_cert_dict['client_cert'] = os.path.join( CONF.haproxy_amphora.base_cert_dir, listener.id, name) if pool.ca_tls_certificate_id: name = self._process_secret(listener, pool.ca_tls_certificate_id) pool_cert_dict['ca_cert'] = os.path.join( CONF.haproxy_amphora.base_cert_dir, listener.id, name) if pool.crl_container_id: name = self._process_secret(listener, pool.crl_container_id) pool_cert_dict['crl'] = os.path.join( CONF.haproxy_amphora.base_cert_dir, listener.id, name) return pool_cert_dict
def test_load_certificates(self): listener = sample_configs.sample_listener_tuple(tls=True, sni=True) client = mock.MagicMock() with mock.patch.object(cert_parser, 'get_host_names') as cp: with mock.patch.object(cert_parser, '_map_cert_tls_container'): cp.return_value = {'cn': 'fakeCN'} cert_parser.load_certificates_data(client, listener) # Ensure upload_cert is called three times calls_cert_mngr = [ mock.call.get_cert('cont_id_1', check_only=True), mock.call.get_cert('cont_id_2', check_only=True), mock.call.get_cert('cont_id_3', check_only=True) ] client.assert_has_calls(calls_cert_mngr)
def _process_tls_certificates(self, listener, amphora=None, obj_id=None): """Processes TLS data from the listener. Converts and uploads PEM data to the Amphora API return TLS_CERT and SNI_CERTS """ tls_cert = None sni_certs = [] certs = [] cert_filename_list = [] data = cert_parser.load_certificates_data(self.cert_manager, listener) if data['tls_cert'] is not None: tls_cert = data['tls_cert'] # Note, the first cert is the TLS default cert certs.append(tls_cert) if data['sni_certs']: sni_certs = data['sni_certs'] certs.extend(sni_certs) if amphora and obj_id: for cert in certs: pem = cert_parser.build_pem(cert) md5 = hashlib.md5(pem).hexdigest() # nosec name = '{id}.pem'.format(id=cert.id) cert_filename_list.append( os.path.join(CONF.haproxy_amphora.base_cert_dir, obj_id, name)) self._upload_cert(amphora, obj_id, pem, md5, name) if certs: # Build and upload the crt-list file for haproxy crt_list = "\n".join(cert_filename_list) crt_list = f'{crt_list}\n'.encode('utf-8') md5 = hashlib.md5(crt_list).hexdigest() # nosec name = '{id}.pem'.format(id=listener.id) self._upload_cert(amphora, obj_id, crt_list, md5, name) return {'tls_cert': tls_cert, 'sni_certs': sni_certs}
def pool_dict_to_provider_dict(pool_dict): new_pool_dict = _base_to_provider_dict(pool_dict, include_project_id=True) new_pool_dict['pool_id'] = new_pool_dict.pop('id') # Pull the certs out of the certificate manager to pass to the provider if 'tls_certificate_id' in new_pool_dict: new_pool_dict['tls_container_ref'] = new_pool_dict.pop( 'tls_certificate_id') if 'ca_tls_certificate_id' in new_pool_dict: new_pool_dict['ca_tls_container_ref'] = new_pool_dict.pop( 'ca_tls_certificate_id') if 'crl_container_id' in new_pool_dict: new_pool_dict['crl_container_ref'] = new_pool_dict.pop( 'crl_container_id') pool_obj = data_models.Pool(**pool_dict) if (pool_obj.tls_certificate_id or pool_obj.ca_tls_certificate_id or pool_obj.crl_container_id): cert_manager = stevedore_driver.DriverManager( namespace='octavia.cert_manager', name=CONF.certificates.cert_manager, invoke_on_load=True, ).driver cert_dict = cert_parser.load_certificates_data(cert_manager, pool_obj) if 'tls_cert' in cert_dict and cert_dict['tls_cert']: new_pool_dict['tls_container_data'] = ( cert_dict['tls_cert'].to_dict()) if pool_obj.ca_tls_certificate_id: cert = _get_secret_data(cert_manager, pool_obj.project_id, pool_obj.ca_tls_certificate_id) new_pool_dict['ca_tls_container_data'] = cert if pool_obj.crl_container_id: crl_file = _get_secret_data(cert_manager, pool_obj.project_id, pool_obj.crl_container_id) new_pool_dict['crl_container_data'] = crl_file # Remove the DB back references if ('session_persistence' in new_pool_dict and new_pool_dict['session_persistence']): if 'pool_id' in new_pool_dict['session_persistence']: del new_pool_dict['session_persistence']['pool_id'] if 'pool' in new_pool_dict['session_persistence']: del new_pool_dict['session_persistence']['pool'] if 'l7policies' in new_pool_dict: del new_pool_dict['l7policies'] if 'listeners' in new_pool_dict: del new_pool_dict['listeners'] if 'load_balancer' in new_pool_dict: del new_pool_dict['load_balancer'] if 'load_balancer_id' in new_pool_dict: new_pool_dict['loadbalancer_id'] = new_pool_dict.pop( 'load_balancer_id') if 'health_monitor' in new_pool_dict: hm = new_pool_dict.pop('health_monitor') if hm: new_pool_dict['healthmonitor'] = hm_dict_to_provider_dict(hm) else: new_pool_dict['healthmonitor'] = None if 'members' in new_pool_dict and new_pool_dict['members']: members = new_pool_dict.pop('members') provider_members = [] for member in members: provider_member = member_dict_to_provider_dict(member) provider_members.append(provider_member) new_pool_dict['members'] = provider_members return new_pool_dict
def listener_dict_to_provider_dict(listener_dict): new_listener_dict = _base_to_provider_dict(listener_dict, include_project_id=True) new_listener_dict['listener_id'] = new_listener_dict.pop('id') if 'load_balancer_id' in new_listener_dict: new_listener_dict['loadbalancer_id'] = new_listener_dict.pop( 'load_balancer_id') # Pull the certs out of the certificate manager to pass to the provider if 'tls_certificate_id' in new_listener_dict: new_listener_dict['default_tls_container_ref'] = new_listener_dict.pop( 'tls_certificate_id') if 'sni_containers' in new_listener_dict: sni_refs = [] sni_containers = new_listener_dict.pop('sni_containers') for sni in sni_containers: if 'tls_container_id' in sni: sni_refs.append(sni['tls_container_id']) else: raise exceptions.ValidationException( detail=_('Invalid SNI container on listener')) new_listener_dict['sni_container_refs'] = sni_refs if 'sni_container_refs' in listener_dict: listener_dict['sni_containers'] = listener_dict.pop( 'sni_container_refs') if 'client_ca_tls_certificate_id' in new_listener_dict: new_listener_dict['client_ca_tls_container_ref'] = ( new_listener_dict.pop('client_ca_tls_certificate_id')) if 'client_crl_container_id' in new_listener_dict: new_listener_dict['client_crl_container_ref'] = ( new_listener_dict.pop('client_crl_container_id')) listener_obj = data_models.Listener(**listener_dict) if (listener_obj.tls_certificate_id or listener_obj.sni_containers or listener_obj.client_ca_tls_certificate_id): SNI_objs = [] for sni in listener_obj.sni_containers: if isinstance(sni, dict): if 'listener' in sni: del sni['listener'] sni_obj = data_models.SNI(**sni) SNI_objs.append(sni_obj) elif isinstance(sni, six.string_types): sni_obj = data_models.SNI(tls_container_id=sni) SNI_objs.append(sni_obj) else: raise exceptions.ValidationException( detail=_('Invalid SNI container on listener')) listener_obj.sni_containers = SNI_objs cert_manager = stevedore_driver.DriverManager( namespace='octavia.cert_manager', name=CONF.certificates.cert_manager, invoke_on_load=True, ).driver cert_dict = cert_parser.load_certificates_data(cert_manager, listener_obj) if 'tls_cert' in cert_dict and cert_dict['tls_cert']: new_listener_dict['default_tls_container_data'] = ( cert_dict['tls_cert'].to_dict()) if 'sni_certs' in cert_dict and cert_dict['sni_certs']: sni_data_list = [] for sni in cert_dict['sni_certs']: sni_data_list.append(sni.to_dict()) new_listener_dict['sni_container_data'] = sni_data_list if listener_obj.client_ca_tls_certificate_id: cert = _get_secret_data(cert_manager, listener_obj.project_id, listener_obj.client_ca_tls_certificate_id) new_listener_dict['client_ca_tls_container_data'] = cert if listener_obj.client_crl_container_id: crl_file = _get_secret_data(cert_manager, listener_obj.project_id, listener_obj.client_crl_container_id) new_listener_dict['client_crl_container_data'] = crl_file # Remove the DB back references if 'load_balancer' in new_listener_dict: del new_listener_dict['load_balancer'] if 'peer_port' in new_listener_dict: del new_listener_dict['peer_port'] if 'pools' in new_listener_dict: del new_listener_dict['pools'] if 'stats' in new_listener_dict: del new_listener_dict['stats'] if ('default_pool' in new_listener_dict and new_listener_dict['default_pool']): pool = new_listener_dict.pop('default_pool') new_listener_dict['default_pool'] = pool_dict_to_provider_dict(pool) provider_l7policies = [] if 'l7policies' in new_listener_dict: l7policies = new_listener_dict.pop('l7policies') or [] for l7policy in l7policies: provider_l7policy = l7policy_dict_to_provider_dict(l7policy) provider_l7policies.append(provider_l7policy) new_listener_dict['l7policies'] = provider_l7policies return new_listener_dict
def listener_dict_to_provider_dict(listener_dict, for_delete=False): new_listener_dict = _base_to_provider_dict(listener_dict, include_project_id=True) new_listener_dict['listener_id'] = new_listener_dict.pop('id') if 'load_balancer_id' in new_listener_dict: new_listener_dict['loadbalancer_id'] = new_listener_dict.pop( 'load_balancer_id') # Pull the certs out of the certificate manager to pass to the provider if 'tls_certificate_id' in new_listener_dict: new_listener_dict['default_tls_container_ref'] = new_listener_dict.pop( 'tls_certificate_id') if 'sni_containers' in new_listener_dict: sni_refs = [] sni_containers = new_listener_dict.pop('sni_containers') for sni in sni_containers: if 'tls_container_id' in sni: sni_refs.append(sni['tls_container_id']) else: raise exceptions.ValidationException( detail=_('Invalid SNI container on listener')) new_listener_dict['sni_container_refs'] = sni_refs if 'sni_container_refs' in listener_dict: listener_dict['sni_containers'] = listener_dict.pop( 'sni_container_refs') if 'client_ca_tls_certificate_id' in new_listener_dict: new_listener_dict['client_ca_tls_container_ref'] = ( new_listener_dict.pop('client_ca_tls_certificate_id')) if 'client_crl_container_id' in new_listener_dict: new_listener_dict['client_crl_container_ref'] = ( new_listener_dict.pop('client_crl_container_id')) listener_obj = data_models.Listener(**listener_dict) if (listener_obj.tls_certificate_id or listener_obj.sni_containers or listener_obj.client_ca_tls_certificate_id): SNI_objs = [] for sni in listener_obj.sni_containers: if isinstance(sni, dict): if 'listener' in sni: del sni['listener'] sni_obj = data_models.SNI(**sni) SNI_objs.append(sni_obj) elif isinstance(sni, str): sni_obj = data_models.SNI(tls_container_id=sni) SNI_objs.append(sni_obj) else: raise exceptions.ValidationException( detail=_('Invalid SNI container on listener')) listener_obj.sni_containers = SNI_objs cert_manager = stevedore_driver.DriverManager( namespace='octavia.cert_manager', name=CONF.certificates.cert_manager, invoke_on_load=True, ).driver try: cert_dict = cert_parser.load_certificates_data( cert_manager, listener_obj) except Exception as e: with excutils.save_and_reraise_exception() as ctxt: LOG.warning('Unable to retrieve certificate(s) due to %s.', str(e)) if for_delete: ctxt.reraise = False cert_dict = {} if 'tls_cert' in cert_dict and cert_dict['tls_cert']: new_listener_dict['default_tls_container_data'] = ( cert_dict['tls_cert'].to_dict(recurse=True)) if 'sni_certs' in cert_dict and cert_dict['sni_certs']: sni_data_list = [] for sni in cert_dict['sni_certs']: sni_data_list.append(sni.to_dict(recurse=True)) new_listener_dict['sni_container_data'] = sni_data_list if listener_obj.client_ca_tls_certificate_id: cert = _get_secret_data(cert_manager, listener_obj.project_id, listener_obj.client_ca_tls_certificate_id) new_listener_dict['client_ca_tls_container_data'] = cert if listener_obj.client_crl_container_id: crl_file = _get_secret_data(cert_manager, listener_obj.project_id, listener_obj.client_crl_container_id) new_listener_dict['client_crl_container_data'] = crl_file # Format the allowed_cidrs if ('allowed_cidrs' in new_listener_dict and new_listener_dict['allowed_cidrs'] and 'cidr' in new_listener_dict['allowed_cidrs'][0]): cidrs_dict_list = new_listener_dict.pop('allowed_cidrs') new_listener_dict['allowed_cidrs'] = [ cidr_dict['cidr'] for cidr_dict in cidrs_dict_list ] # Remove the DB back references if 'load_balancer' in new_listener_dict: del new_listener_dict['load_balancer'] if 'peer_port' in new_listener_dict: del new_listener_dict['peer_port'] if 'pools' in new_listener_dict: del new_listener_dict['pools'] if 'stats' in new_listener_dict: del new_listener_dict['stats'] if ('default_pool' in new_listener_dict and new_listener_dict['default_pool']): pool = new_listener_dict.pop('default_pool') new_listener_dict['default_pool'] = pool_dict_to_provider_dict( pool, for_delete=for_delete) provider_l7policies = [] if 'l7policies' in new_listener_dict: l7policies = new_listener_dict.pop('l7policies') or [] for l7policy in l7policies: provider_l7policy = l7policy_dict_to_provider_dict(l7policy) provider_l7policies.append(provider_l7policy) new_listener_dict['l7policies'] = provider_l7policies return new_listener_dict
def listener_dict_to_provider_dict(listener_dict): new_listener_dict = _base_to_provider_dict(listener_dict) new_listener_dict['listener_id'] = new_listener_dict.pop('id') if 'load_balancer_id' in new_listener_dict: new_listener_dict['loadbalancer_id'] = new_listener_dict.pop( 'load_balancer_id') # Pull the certs out of the certificate manager to pass to the provider if 'tls_certificate_id' in new_listener_dict: new_listener_dict['default_tls_container_ref'] = new_listener_dict.pop( 'tls_certificate_id') if 'sni_containers' in new_listener_dict: new_listener_dict['sni_container_refs'] = new_listener_dict.pop( 'sni_containers') if 'sni_container_refs' in listener_dict: listener_dict['sni_containers'] = listener_dict.pop( 'sni_container_refs') if 'client_ca_tls_certificate_id' in new_listener_dict: new_listener_dict['client_ca_tls_container_ref'] = ( new_listener_dict.pop('client_ca_tls_certificate_id')) if 'client_crl_container_id' in new_listener_dict: new_listener_dict['client_crl_container_ref'] = ( new_listener_dict.pop('client_crl_container_id')) listener_obj = data_models.Listener(**listener_dict) if (listener_obj.tls_certificate_id or listener_obj.sni_containers or listener_obj.client_ca_tls_certificate_id): SNI_objs = [] for sni in listener_obj.sni_containers: if isinstance(sni, dict): sni_obj = data_models.SNI(**sni) SNI_objs.append(sni_obj) elif isinstance(sni, six.string_types): sni_obj = data_models.SNI(tls_container_id=sni) SNI_objs.append(sni_obj) else: raise exceptions.ValidationException( detail=_('Invalid SNI container on listener')) listener_obj.sni_containers = SNI_objs cert_manager = stevedore_driver.DriverManager( namespace='octavia.cert_manager', name=CONF.certificates.cert_manager, invoke_on_load=True, ).driver cert_dict = cert_parser.load_certificates_data(cert_manager, listener_obj) if 'tls_cert' in cert_dict and cert_dict['tls_cert']: new_listener_dict['default_tls_container_data'] = ( cert_dict['tls_cert'].to_dict()) if 'sni_certs' in cert_dict and cert_dict['sni_certs']: sni_data_list = [] for sni in cert_dict['sni_certs']: sni_data_list.append(sni.to_dict()) new_listener_dict['sni_container_data'] = sni_data_list if listener_obj.client_ca_tls_certificate_id: cert = _get_secret_data(cert_manager, listener_obj.project_id, listener_obj.client_ca_tls_certificate_id) new_listener_dict['client_ca_tls_container_data'] = cert if listener_obj.client_crl_container_id: crl_file = _get_secret_data(cert_manager, listener_obj.project_id, listener_obj.client_crl_container_id) new_listener_dict['client_crl_container_data'] = crl_file # Remove the DB back references if 'load_balancer' in new_listener_dict: del new_listener_dict['load_balancer'] if 'peer_port' in new_listener_dict: del new_listener_dict['peer_port'] if 'pools' in new_listener_dict: del new_listener_dict['pools'] if 'stats' in new_listener_dict: del new_listener_dict['stats'] if ('default_pool' in new_listener_dict and new_listener_dict['default_pool']): pool = new_listener_dict.pop('default_pool') new_listener_dict['default_pool'] = pool_dict_to_provider_dict(pool) provider_l7policies = [] if 'l7policies' in new_listener_dict: l7policies = new_listener_dict.pop('l7policies') for l7policy in l7policies: provider_l7policy = l7policy_dict_to_provider_dict(l7policy) provider_l7policies.append(provider_l7policy) new_listener_dict['l7policies'] = provider_l7policies return new_listener_dict
def pool_dict_to_provider_dict(pool_dict): new_pool_dict = _base_to_provider_dict(pool_dict) new_pool_dict['pool_id'] = new_pool_dict.pop('id') # Pull the certs out of the certificate manager to pass to the provider if 'tls_certificate_id' in new_pool_dict: new_pool_dict['tls_container_ref'] = new_pool_dict.pop( 'tls_certificate_id') if 'ca_tls_certificate_id' in new_pool_dict: new_pool_dict['ca_tls_container_ref'] = new_pool_dict.pop( 'ca_tls_certificate_id') if 'crl_container_id' in new_pool_dict: new_pool_dict['crl_container_ref'] = new_pool_dict.pop( 'crl_container_id') pool_obj = data_models.Pool(**pool_dict) if (pool_obj.tls_certificate_id or pool_obj.ca_tls_certificate_id or pool_obj.crl_container_id): cert_manager = stevedore_driver.DriverManager( namespace='octavia.cert_manager', name=CONF.certificates.cert_manager, invoke_on_load=True, ).driver cert_dict = cert_parser.load_certificates_data(cert_manager, pool_obj) if 'tls_cert' in cert_dict and cert_dict['tls_cert']: new_pool_dict['tls_container_data'] = ( cert_dict['tls_cert'].to_dict()) if pool_obj.ca_tls_certificate_id: cert = _get_secret_data(cert_manager, pool_obj.project_id, pool_obj.ca_tls_certificate_id) new_pool_dict['ca_tls_container_data'] = cert if pool_obj.crl_container_id: crl_file = _get_secret_data(cert_manager, pool_obj.project_id, pool_obj.crl_container_id) new_pool_dict['crl_container_data'] = crl_file # Remove the DB back references if ('session_persistence' in new_pool_dict and new_pool_dict['session_persistence']): if 'pool_id' in new_pool_dict['session_persistence']: del new_pool_dict['session_persistence']['pool_id'] if 'pool' in new_pool_dict['session_persistence']: del new_pool_dict['session_persistence']['pool'] if 'l7policies' in new_pool_dict: del new_pool_dict['l7policies'] if 'listeners' in new_pool_dict: del new_pool_dict['listeners'] if 'load_balancer' in new_pool_dict: del new_pool_dict['load_balancer'] if 'load_balancer_id' in new_pool_dict: new_pool_dict['loadbalancer_id'] = new_pool_dict.pop( 'load_balancer_id') if 'health_monitor' in new_pool_dict and new_pool_dict['health_monitor']: hm = new_pool_dict.pop('health_monitor') new_pool_dict['healthmonitor'] = hm_dict_to_provider_dict(hm) if 'members' in new_pool_dict and new_pool_dict['members']: members = new_pool_dict.pop('members') provider_members = [] for member in members: provider_member = member_dict_to_provider_dict(member) provider_members.append(provider_member) new_pool_dict['members'] = provider_members return new_pool_dict