Commit 25ce84fc authored by Łukasz Nowak's avatar Łukasz Nowak

Update Release Candidate

parents f01ecbb1 69e1c0c9
...@@ -28,7 +28,7 @@ md5sum = 4f4d1e7de19c77157be0c2a825b31026 ...@@ -28,7 +28,7 @@ md5sum = 4f4d1e7de19c77157be0c2a825b31026
shared = true shared = true
patch-options = -p1 patch-options = -p1
patches = patches =
${:_profile_base_location_}/trafficserver-8.1-stale-negative-cache-not-returnable.patch#e1a2f8a23f00cee1301ccf1a84e46763 https://github.com/apache/trafficserver/commit/3d0492f7276bb93aff499f637ff843c45908b193.patch#f23dd950acc0395fe7bc72264987c013
configure-options = configure-options =
--with-openssl=${openssl:location} --with-openssl=${openssl:location}
--with-pcre=${pcre:location} --with-pcre=${pcre:location}
......
--- trafficserver-8.1.1/proxy/http/HttpTransact.cc.orig 2020-12-01 00:30:26.000000000 +0100
+++ trafficserver-8.1.1/proxy/http/HttpTransact.cc 2021-01-11 11:35:41.946893735 +0100
@@ -5752,6 +5752,7 @@
HttpTransact::is_stale_cache_response_returnable(State *s)
{
HTTPHdr *cached_response = s->cache_info.object_read->response_get();
+ HTTPStatus cache_response_code = cached_response->status_get();
// First check if client allows cached response
// Note does_client_permit_lookup was set to
@@ -5760,6 +5761,12 @@
if (!s->cache_info.directives.does_client_permit_lookup) {
return false;
}
+ // We don't serve stale negative cache.
+ if (cache_response_code == HTTP_STATUS_INTERNAL_SERVER_ERROR || cache_response_code == HTTP_STATUS_GATEWAY_TIMEOUT ||
+ cache_response_code == HTTP_STATUS_BAD_GATEWAY || cache_response_code == HTTP_STATUS_SERVICE_UNAVAILABLE) {
+ TxnDebug("http_trans", "[is_stale_cache_response_returnable] stale negative cache");
+ return false;
+ }
// Spec says that we can not serve a stale document with a
// "must-revalidate header"
// How about "s-maxage" and "no-cache" directives?
...@@ -60,14 +60,12 @@ This is to deploy an entire frontend server with a public IPv4. If you want to ...@@ -60,14 +60,12 @@ This is to deploy an entire frontend server with a public IPv4. If you want to
First, you will need to request a "master" instance of Caddy Frontend with: First, you will need to request a "master" instance of Caddy Frontend with:
* A ``domain`` parameter where the frontend will be available * A ``domain`` parameter where the frontend will be available
* A ``public-ipv4`` parameter to state which public IPv4 will be used
like:: like::
<?xml version='1.0' encoding='utf-8'?> <?xml version='1.0' encoding='utf-8'?>
<instance> <instance>
<parameter id="domain">moulefrite.org</parameter> <parameter id="domain">moulefrite.org</parameter>
<parameter id="public-ipv4">xxx.xxx.xxx.xxx</parameter>
</instance> </instance>
Then, it is possible to request many slave instances (currently only from slapconsole, UI doesn't work yet) of Caddy Frontend, like:: Then, it is possible to request many slave instances (currently only from slapconsole, UI doesn't work yet) of Caddy Frontend, like::
...@@ -189,10 +187,6 @@ Name of the domain to be used (example: mydomain.com). Sub domains of this domai ...@@ -189,10 +187,6 @@ Name of the domain to be used (example: mydomain.com). Sub domains of this domai
Using the IP given by the Master Instance. "domain" is a mandatory Parameter. Using the IP given by the Master Instance. "domain" is a mandatory Parameter.
public-ipv4
~~~~~~~~~~~
Public ipv4 of the frontend (the one Caddy will be indirectly listening to)
port port
~~~~ ~~~~
Port used by Caddy. Optional parameter, defaults to 4443. Port used by Caddy. Optional parameter, defaults to 4443.
......
...@@ -14,7 +14,7 @@ ...@@ -14,7 +14,7 @@
# not need these here). # not need these here).
[template] [template]
filename = instance.cfg.in filename = instance.cfg.in
md5sum = 28bf0c4c75c028bed79fc38786831b3e md5sum = de69a8c408ce4f228fc22eacb7e96657
[profile-common] [profile-common]
filename = instance-common.cfg.in filename = instance-common.cfg.in
...@@ -22,15 +22,15 @@ md5sum = 5784bea3bd608913769ff9a8afcccb68 ...@@ -22,15 +22,15 @@ md5sum = 5784bea3bd608913769ff9a8afcccb68
[profile-caddy-frontend] [profile-caddy-frontend]
filename = instance-apache-frontend.cfg.in filename = instance-apache-frontend.cfg.in
md5sum = e8db3179e3278c6390a786cdcc947173 md5sum = a6a626fd1579fd1d4b80ea67433ca16a
[profile-caddy-replicate] [profile-caddy-replicate]
filename = instance-apache-replicate.cfg.in filename = instance-apache-replicate.cfg.in
md5sum = 2329022227099971a57f710832509153 md5sum = 7cb8157d2b368ab3b281ea42f743eb9c
[profile-slave-list] [profile-slave-list]
_update_hash_filename_ = templates/apache-custom-slave-list.cfg.in _update_hash_filename_ = templates/apache-custom-slave-list.cfg.in
md5sum = 2cbcdff6fe75ec469ab7d6accd72f83c md5sum = 772c04c165fdae91299fd909e061f926
[profile-replicate-publish-slave-information] [profile-replicate-publish-slave-information]
_update_hash_filename_ = templates/replicate-publish-slave-information.cfg.in _update_hash_filename_ = templates/replicate-publish-slave-information.cfg.in
...@@ -46,11 +46,11 @@ md5sum = 88af61e7abbf30dc99a1a2526161128d ...@@ -46,11 +46,11 @@ md5sum = 88af61e7abbf30dc99a1a2526161128d
[template-default-slave-virtualhost] [template-default-slave-virtualhost]
_update_hash_filename_ = templates/default-virtualhost.conf.in _update_hash_filename_ = templates/default-virtualhost.conf.in
md5sum = bd9e269130bac989faa639e0903814e2 md5sum = a0ae858a3db8825c22d33d323392f588
[template-backend-haproxy-configuration] [template-backend-haproxy-configuration]
_update_hash_filename_ = templates/backend-haproxy.cfg.in _update_hash_filename_ = templates/backend-haproxy.cfg.in
md5sum = 5c807d34198f334b143cfa9263f6bc4e md5sum = 0923a9227c131d2f1e11d7ddd5b15673
[template-empty] [template-empty]
_update_hash_filename_ = templates/empty.in _update_hash_filename_ = templates/empty.in
......
...@@ -287,6 +287,7 @@ extra-context = ...@@ -287,6 +287,7 @@ extra-context =
key backend_client_caucase_url :backend-client-caucase-url key backend_client_caucase_url :backend-client-caucase-url
import urlparse_module urlparse import urlparse_module urlparse
import furl_module furl import furl_module furl
import urllib_module urllib
key master_key_download_url :master_key_download_url key master_key_download_url :master_key_download_url
key autocert caddy-directory:autocert key autocert caddy-directory:autocert
key caddy_log_directory caddy-directory:slave-log key caddy_log_directory caddy-directory:slave-log
......
...@@ -15,13 +15,13 @@ ...@@ -15,13 +15,13 @@
'enable-http2-by-default', 'enable-http2-by-default',
'global-disable-http2', 'global-disable-http2',
'mpm-graceful-shutdown-timeout', 'mpm-graceful-shutdown-timeout',
'public-ipv4',
're6st-verification-url', 're6st-verification-url',
'backend-connect-timeout', 'backend-connect-timeout',
'backend-connect-retries', 'backend-connect-retries',
'ciphers', 'ciphers',
'request-timeout', 'request-timeout',
'authenticate-to-backend', 'authenticate-to-backend',
'strict-transport-security',
] ]
%} %}
{% set aikc_enabled = slapparameter_dict.get('automatic-internal-kedifa-caucase-csr', 'true').lower() in TRUE_VALUES %} {% set aikc_enabled = slapparameter_dict.get('automatic-internal-kedifa-caucase-csr', 'true').lower() in TRUE_VALUES %}
...@@ -135,23 +135,30 @@ context = ...@@ -135,23 +135,30 @@ context =
{% if backend_active_check_http_version not in ['HTTP/1.1', 'HTTP/1.0'] %} {% if backend_active_check_http_version not in ['HTTP/1.1', 'HTTP/1.0'] %}
{% do slave_error_list.append('Wrong backend-active-check-http-version %s' % (backend_active_check_http_version,)) %} {% do slave_error_list.append('Wrong backend-active-check-http-version %s' % (backend_active_check_http_version,)) %}
{% endif %} {% endif %}
{% set backend_active_check_timeout = (slave.get('backend-active-check-timeout') or '2') | int(False) %} {% set backend_active_check_timeout = (slave.get('backend-active-check-timeout') or '2') | int(false) %}
{% if backend_active_check_timeout in [False] or backend_active_check_timeout <= 0 %} {% if backend_active_check_timeout is false or backend_active_check_timeout <= 0 %}
{% do slave_error_list.append('Wrong backend-active-check-timeout %s' % (slave.get('backend-active-check-timeout'),)) %} {% do slave_error_list.append('Wrong backend-active-check-timeout %s' % (slave.get('backend-active-check-timeout'),)) %}
{% endif %} {% endif %}
{% set backend_active_check_interval = (slave.get('backend-active-check-interval') or '5') | int(False) %} {% set backend_active_check_interval = (slave.get('backend-active-check-interval') or '5') | int(false) %}
{% if backend_active_check_interval in [False] or backend_active_check_interval <= 0 %} {% if backend_active_check_interval is false or backend_active_check_interval <= 0 %}
{% do slave_error_list.append('Wrong backend-active-check-interval %s' % (slave.get('backend-active-check-interval'),)) %} {% do slave_error_list.append('Wrong backend-active-check-interval %s' % (slave.get('backend-active-check-interval'),)) %}
{% endif %} {% endif %}
{% set backend_active_check_rise = (slave.get('backend-active-check-rise') or '1') | int(False) %} {% set backend_active_check_rise = (slave.get('backend-active-check-rise') or '1') | int(false) %}
{% if backend_active_check_rise in [False] or backend_active_check_rise <= 0 %} {% if backend_active_check_rise is false or backend_active_check_rise <= 0 %}
{% do slave_error_list.append('Wrong backend-active-check-rise %s' % (slave.get('backend-active-check-rise'),)) %} {% do slave_error_list.append('Wrong backend-active-check-rise %s' % (slave.get('backend-active-check-rise'),)) %}
{% endif %} {% endif %}
{% set backend_active_check_fall = (slave.get('backend-active-check-fall') or '1') | int(False) %} {% set backend_active_check_fall = (slave.get('backend-active-check-fall') or '1') | int(false) %}
{% if backend_active_check_fall in [False] or backend_active_check_fall <= 0 %} {% if backend_active_check_fall is false or backend_active_check_fall <= 0 %}
{% do slave_error_list.append('Wrong backend-active-check-fall %s' % (slave.get('backend-active-check-fall'),)) %} {% do slave_error_list.append('Wrong backend-active-check-fall %s' % (slave.get('backend-active-check-fall'),)) %}
{% endif %} {% endif %}
{% endif %} {% endif %}
{# Check virtualhostroot-http-port and virtualhostroot-https-port #}
{% for key in ['virtualhostroot-http-port', 'virtualhostroot-https-port'] %}
{% set value = (slave.get(key) or '1') | int(false) %}
{% if value is false or value < 0 %}
{% do slave_error_list.append('Wrong %s %r' % (key, slave.get(key))) %}
{% endif %}
{% endfor %}
{# Check ciphers #} {# Check ciphers #}
{% set slave_cipher_list = slave.get('ciphers', '').strip().split() %} {% set slave_cipher_list = slave.get('ciphers', '').strip().split() %}
{% if slave_cipher_list %} {% if slave_cipher_list %}
...@@ -161,6 +168,11 @@ context = ...@@ -161,6 +168,11 @@ context =
{% endif %} {% endif %}
{% endfor %} {% endfor %}
{% endif %} {% endif %}
{# Check strict-transport-security #}
{% set strict_transport_security = (slave.get('strict-transport-security') or '0') | int(false) %}
{% if strict_transport_security is false or strict_transport_security < 0 %}
{% do slave_error_list.append('Wrong strict-transport-security %s' % (slave.get('strict-transport-security'),)) %}
{% endif %}
{% set custom_domain = slave.get('custom_domain') %} {% set custom_domain = slave.get('custom_domain') %}
{% if custom_domain and custom_domain in used_host_list %} {% if custom_domain and custom_domain in used_host_list %}
{% do slave_error_list.append('custom_domain %r clashes' % (custom_domain,)) %} {% do slave_error_list.append('custom_domain %r clashes' % (custom_domain,)) %}
...@@ -264,7 +276,7 @@ config-monitor-username = ${monitor-instance-parameter:username} ...@@ -264,7 +276,7 @@ config-monitor-username = ${monitor-instance-parameter:username}
config-monitor-password = ${monitor-htpasswd:passwd} config-monitor-password = ${monitor-htpasswd:passwd}
software-type = {{frontend_type}} software-type = {{frontend_type}}
return = private-ipv4 public-ipv4 slave-instance-information-list monitor-base-url backend-client-csr_id-url csr_id-url csr_id-certificate backend-haproxy-statistic-url return = slave-instance-information-list monitor-base-url backend-client-csr_id-url csr_id-url csr_id-certificate backend-haproxy-statistic-url
{#- Send only needed parameters to frontend nodes #} {#- Send only needed parameters to frontend nodes #}
{%- set base_node_configuration_dict = {} %} {%- set base_node_configuration_dict = {} %}
......
...@@ -50,17 +50,6 @@ ...@@ -50,17 +50,6 @@
"title": "Duration of the graceful shutdown period. Warning: Changing the parameter will result in restarting Caddy process.", "title": "Duration of the graceful shutdown period. Warning: Changing the parameter will result in restarting Caddy process.",
"type": "integer" "type": "integer"
}, },
"nginx-domain": {
"description": "Base Domain for create subdomains (ie.: example2.com) for websocket, notebook and eventsource.",
"pattern": "^([a-zA-Z0-9]([a-zA-Z0-9\\-]{0,61}[a-zA-Z0-9])?\\.)+[a-zA-Z]{2,6}$",
"title": "[NOT IMPLEMENTED] Nginx Domain",
"type": "string"
},
"public-ipv4": {
"description": "Public ipv4 of the frontend (the one Caddy will be indirectly listening to).",
"title": "Public IPv4",
"type": "string"
},
"re6st-verification-url": { "re6st-verification-url": {
"description": "Url to verify if the internet and/or re6stnet is working.", "description": "Url to verify if the internet and/or re6stnet is working.",
"title": "Test Verification URL", "title": "Test Verification URL",
...@@ -118,6 +107,12 @@ ...@@ -118,6 +107,12 @@
], ],
"title": "Authenticate to backend", "title": "Authenticate to backend",
"type": "string" "type": "string"
},
"strict-transport-security": {
"title": "Strict Transport Security",
"description": "Enables Strict Transport Security (HSTS) on the slave, the default 0 results with option disabled. More information: https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Strict-Transport-Security",
"default": "0",
"type": "integer"
} }
}, },
"title": "Input Parameters", "title": "Input Parameters",
......
...@@ -285,6 +285,32 @@ ...@@ -285,6 +285,32 @@
"description": "Amount of bad responses from the backend to consider it down.", "description": "Amount of bad responses from the backend to consider it down.",
"default": "1", "default": "1",
"type": "integer" "type": "integer"
},
"strict-transport-security": {
"title": "Strict Transport Security",
"description": "Enables Strict Transport Security (HSTS) on the slave, the default 0 results with option disabled. More information: https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Strict-Transport-Security",
"default": "0",
"type": "integer"
},
"strict-transport-security-sub-domains": {
"title": "Strict Transport Security Sub Domains",
"description": "Configures Strict Transport Security for sub domains.",
"enum": [
"false",
"true"
],
"type": "string",
"default": "false"
},
"strict-transport-security-preload": {
"title": "Strict Transport Security Preload",
"description": "Configures Strict Transport Security preload mechanism.",
"enum": [
"false",
"true"
],
"type": "string",
"default": "false"
} }
}, },
"title": "Input Parameters", "title": "Input Parameters",
......
...@@ -18,10 +18,6 @@ ...@@ -18,10 +18,6 @@
"description": "List of URLs to access logs", "description": "List of URLs to access logs",
"type": "array" "type": "array"
}, },
"public-ipv4": {
"description": "Public IPv4 to be included on DNS",
"type": "string"
},
"replication_number": { "replication_number": {
"description": "Number of nodes the slave is replicated", "description": "Number of nodes the slave is replicated",
"type": "integer" "type": "integer"
......
...@@ -78,7 +78,6 @@ cert = ${slap-connection:cert-file} ...@@ -78,7 +78,6 @@ cert = ${slap-connection:cert-file}
# All parameters are available through the configuration.XX syntax. # All parameters are available through the configuration.XX syntax.
# All possible parameters should have a default. # All possible parameters should have a default.
configuration.domain = example.org configuration.domain = example.org
configuration.public-ipv4 =
configuration.port = 4443 configuration.port = 4443
configuration.plain_http_port = 8080 configuration.plain_http_port = 8080
configuration.plain_nginx_port = 8081 configuration.plain_nginx_port = 8081
...@@ -107,3 +106,4 @@ configuration.backend-haproxy-statistic-port = 21444 ...@@ -107,3 +106,4 @@ configuration.backend-haproxy-statistic-port = 21444
configuration.authenticate-to-backend = False configuration.authenticate-to-backend = False
configuration.rotate-num = 4000 configuration.rotate-num = 4000
configuration.slave-introspection-https-port = 22443 configuration.slave-introspection-https-port = 22443
configuration.strict-transport-security = 0
...@@ -2,6 +2,7 @@ ...@@ -2,6 +2,7 @@
{%- set kedifa_updater_mapping = [] %} {%- set kedifa_updater_mapping = [] %}
{%- set cached_server_dict = {} %} {%- set cached_server_dict = {} %}
{%- set backend_slave_list = [] %} {%- set backend_slave_list = [] %}
{%- set frontend_slave_list = [] %}
{%- set part_list = [] %} {%- set part_list = [] %}
{%- set cache_port = caddy_configuration.get('cache-port') %} {%- set cache_port = caddy_configuration.get('cache-port') %}
{%- set cache_access = "http://%s:%s" % (instance_parameter_dict['ipv4-random'], cache_port) %} {%- set cache_access = "http://%s:%s" % (instance_parameter_dict['ipv4-random'], cache_port) %}
...@@ -39,16 +40,39 @@ context = ...@@ -39,16 +40,39 @@ context =
[slave-password] [slave-password]
[slave-htpasswd] [slave-htpasswd]
{#- Loop thought slave list to set up slaves #} {#- Prepare configuration parameters #}
{%- set DEFAULT_PORT = {'http': 80, 'https': 443, '': None} %} {%- set DEFAULT_PORT = {'http': 80, 'https': 443, '': None} %}
{%- for slave_instance in slave_instance_list %} {%- for key in ['enable-http2-by-default', 'global-disable-http2'] %}
{#- prepare backend parameters #} {%- do configuration.__setitem__(key, ('' ~ configuration[key]).lower() in TRUE_VALUES) %}
{%- for key, prefix in [('url', 'http_backend'), ('https-url', 'https_backend')] %}
{%- set parsed = urlparse_module.urlparse(slave_instance.get(key, '').strip()) %}
{%- set info_dict = {'scheme': parsed.scheme, 'hostname': parsed.hostname, 'port': parsed.port or DEFAULT_PORT[parsed.scheme], 'path': parsed.path, 'fragment': parsed.fragment} %}
{%- do slave_instance.__setitem__(prefix, info_dict) %}
{%- endfor %} {%- endfor %}
{#- Loop thought slave list to set up slaves #}
{%- for slave_instance in slave_instance_list %}
{#- Prepare slave parameters: #}
{#- * convert strings to booleans (as slapproxy and SlapOS Master differ a bit) #}
{#- * create real lists from string lists #}
{#- * setup defaults to simplify other profiles #}
{#- * stabilise values for backend #}
{%- for key, prefix in [('url', 'http_backend'), ('https-url', 'https_backend')] %}
{%- set parsed = urlparse_module.urlparse(slave_instance.get(key, '').strip()) %}
{%- set info_dict = {'scheme': parsed.scheme, 'hostname': parsed.hostname, 'port': parsed.port or DEFAULT_PORT[parsed.scheme], 'path': parsed.path, 'fragment': parsed.fragment} %}
{%- do slave_instance.__setitem__(prefix, info_dict) %}
{%- endfor %}
{%- do slave_instance.__setitem__('ssl_proxy_verify', ('' ~ slave_instance.get('ssl-proxy-verify', '')).lower() in TRUE_VALUES) %} {%- do slave_instance.__setitem__('ssl_proxy_verify', ('' ~ slave_instance.get('ssl-proxy-verify', '')).lower() in TRUE_VALUES) %}
{%- do slave_instance.__setitem__('enable-http2', ('' ~ slave_instance.get('enable-http2', configuration['enable-http2-by-default'])).lower() in TRUE_VALUES) %}
{%- for key in ['https-only', 'websocket-transparent'] %}
{%- do slave_instance.__setitem__(key, ('' ~ slave_instance.get(key, 'true')).lower() in TRUE_VALUES) %}
{%- endfor %}
{%- for key in ['enable_cache', 'disable-no-cache-request', 'disable-via-header', 'prefer-gzip-encoding-to-backend', 'strict-transport-security-sub-domains', 'strict-transport-security-preload'] %}
{%- do slave_instance.__setitem__(key, ('' ~ slave_instance.get(key, 'false')).lower() in TRUE_VALUES) %}
{%- endfor %}
{%- for key in ['disabled-cookie-list'] %}
{%- do slave_instance.__setitem__(key, slave_instance.get(key, '').split()) %}
{%- endfor %}
{%- for key, default in [('virtualhostroot-http-port', '80'), ('virtualhostroot-https-port', '443')] %}
{%- do slave_instance.__setitem__(key, int(slave_instance.get(key, default))) %}
{%- endfor %}
{%- do slave_instance.__setitem__('default-path', slave_instance.get('default-path', '').strip('/') | urlencode) %}
{%- do slave_instance.__setitem__('path', slave_instance.get('path', '').strip('/')) %}
{#- Manage ciphers #} {#- Manage ciphers #}
{%- set slave_ciphers = slave_instance.get('ciphers', '').strip().split() %} {%- set slave_ciphers = slave_instance.get('ciphers', '').strip().split() %}
{%- if slave_ciphers %} {%- if slave_ciphers %}
...@@ -56,10 +80,10 @@ context = ...@@ -56,10 +80,10 @@ context =
{%- else %} {%- else %}
{%- set slave_cipher_list = configuration['ciphers'].strip() %} {%- set slave_cipher_list = configuration['ciphers'].strip() %}
{%- endif %} {%- endif %}
{%- do slave_instance.__setitem__('cipher_list', slave_cipher_list) %} {%- do slave_instance.__setitem__('ciphers', slave_cipher_list) %}
{#- Manage common instance parameters #} {#- Manage common instance parameters #}
{%- set slave_type = slave_instance.get('type', '') %} {%- set slave_type = slave_instance.get('type', '') %}
{%- set enable_cache = (('' ~ slave_instance.get('enable_cache', '')).lower() in TRUE_VALUES and slave_type != 'redirect') %} {%- set enable_cache = (slave_instance['enable_cache'] and slave_type != 'redirect') %}
{%- set slave_reference = slave_instance.get('slave_reference') %} {%- set slave_reference = slave_instance.get('slave_reference') %}
{%- set slave_kedifa = slave_kedifa_information.get(slave_reference) %} {%- set slave_kedifa = slave_kedifa_information.get(slave_reference) %}
{#- Setup backend URLs for front facing Caddy #} {#- Setup backend URLs for front facing Caddy #}
...@@ -103,15 +127,13 @@ context = ...@@ -103,15 +127,13 @@ context =
{%- do part_list.extend([slave_ln_section]) %} {%- do part_list.extend([slave_ln_section]) %}
{%- do part_list.extend([slave_section_title]) %} {%- do part_list.extend([slave_section_title]) %}
{%- set slave_log_folder = '${logrotate-directory:logrotate-backup}/' + slave_reference + "-logs" %} {%- set slave_log_folder = '${logrotate-directory:logrotate-backup}/' + slave_reference + "-logs" %}
{#- Pass HTTP2 switch #}
{%- do slave_instance.__setitem__('enable_http2_by_default', configuration['enable-http2-by-default']) %}
{%- do slave_instance.__setitem__('global_disable_http2', configuration['global-disable-http2']) %}
{#- Pass backend timeout values #} {#- Pass backend timeout values #}
{%- for key in ['backend-connect-timeout', 'backend-connect-retries', 'request-timeout', 'authenticate-to-backend'] %} {%- for key in ['backend-connect-timeout', 'backend-connect-retries', 'request-timeout', 'authenticate-to-backend', 'strict-transport-security'] %}
{%- if slave_instance.get(key, '') == '' %} {%- if slave_instance.get(key, '') == '' %}
{%- do slave_instance.__setitem__(key, configuration[key]) %} {%- do slave_instance.__setitem__(key, configuration[key]) %}
{%- endif %} {%- endif %}
{%- endfor %} {%- endfor %}
{%- do slave_instance.__setitem__('strict-transport-security', int(slave_instance['strict-transport-security'])) %}
{%- do slave_instance.__setitem__('authenticate-to-backend', ('' ~ slave_instance.get('authenticate-to-backend', '')).lower() in TRUE_VALUES) %} {%- do slave_instance.__setitem__('authenticate-to-backend', ('' ~ slave_instance.get('authenticate-to-backend', '')).lower() in TRUE_VALUES) %}
{#- Setup active check #} {#- Setup active check #}
{%- do slave_instance.__setitem__('backend-active-check', ('' ~ slave_instance.get('backend-active-check', '')).lower() in TRUE_VALUES) %} {%- do slave_instance.__setitem__('backend-active-check', ('' ~ slave_instance.get('backend-active-check', '')).lower() in TRUE_VALUES) %}
...@@ -157,7 +179,6 @@ context = ...@@ -157,7 +179,6 @@ context =
{%- set slave_log_access_url = urlparse_module.unquote(furled.tostr()) %} {%- set slave_log_access_url = urlparse_module.unquote(furled.tostr()) %}
{%- do slave_publish_dict.__setitem__('log-access', slave_log_access_url) %} {%- do slave_publish_dict.__setitem__('log-access', slave_log_access_url) %}
{%- do slave_publish_dict.__setitem__('slave-reference', slave_reference) %} {%- do slave_publish_dict.__setitem__('slave-reference', slave_reference) %}
{%- do slave_publish_dict.__setitem__('public-ipv4', configuration['public-ipv4']) %}
{%- do slave_publish_dict.__setitem__('backend-client-caucase-url', backend_client_caucase_url) %} {%- do slave_publish_dict.__setitem__('backend-client-caucase-url', backend_client_caucase_url) %}
{#- Set slave domain if none was defined #} {#- Set slave domain if none was defined #}
{%- if slave_instance.get('custom_domain', None) == None %} {%- if slave_instance.get('custom_domain', None) == None %}
...@@ -168,6 +189,28 @@ context = ...@@ -168,6 +189,28 @@ context =
{%- do slave_publish_dict.__setitem__('url', "http://%s" % slave_instance.get('custom_domain')) %} {%- do slave_publish_dict.__setitem__('url', "http://%s" % slave_instance.get('custom_domain')) %}
{%- do slave_publish_dict.__setitem__('site_url', "http://%s" % slave_instance.get('custom_domain')) %} {%- do slave_publish_dict.__setitem__('site_url', "http://%s" % slave_instance.get('custom_domain')) %}
{%- do slave_publish_dict.__setitem__('secure_access', 'https://%s' % slave_instance.get('custom_domain')) %} {%- do slave_publish_dict.__setitem__('secure_access', 'https://%s' % slave_instance.get('custom_domain')) %}
{%- set host_list = slave_instance.get('server-alias', '').split() %}
{%- if slave_instance.get('custom_domain') not in host_list %}
{%- do host_list.append(slave_instance.get('custom_domain')) %}
{%- endif %}
{%- do slave_instance.__setitem__('host_list', host_list) %}
{%- do slave_instance.__setitem__('type', slave_instance.get('type', '')) %}
{%- set websocket_path_list = [] %}
{%- for websocket_path in slave_instance.get('websocket-path-list', '').split() %}
{%- set websocket_path = websocket_path.strip('/') %}
{#- Unquote the path, so %20 and similar can be represented correctly #}
{%- set websocket_path = urllib_module.unquote(websocket_path.strip()) %}
{%- if websocket_path %}
{%- do websocket_path_list.append(websocket_path) %}
{%- endif %}
{%- endfor %}
{%- do slave_instance.__setitem__('websocket-path-list', websocket_path_list) %}
{%- do slave_instance.__setitem__('enable_h2', not configuration['global-disable-http2'] and slave_instance['enable-http2']) %}
{%- if slave_instance['type'] in ['notebook', 'websocket'] %}
{# websocket style needs http 1.1 max #}
{%- do slave_instance.__setitem__('enable_h2', False) %}
{%- endif %}
{%- do slave_instance.__setitem__('default-path', slave_instance.get('default-path', '').strip('/') | urlencode) %}
[slave-log-directory-dict] [slave-log-directory-dict]
{{slave_reference}} = {{ slave_log_folder }} {{slave_reference}} = {{ slave_log_folder }}
...@@ -224,12 +267,13 @@ command = {{ software_parameter_dict['htpasswd'] }} -cb ${:file} {{ slave_refere ...@@ -224,12 +267,13 @@ command = {{ software_parameter_dict['htpasswd'] }} -cb ${:file} {{ slave_refere
{%- do slave_parameter_dict.__setitem__('certificate', certificate )%} {%- do slave_parameter_dict.__setitem__('certificate', certificate )%}
{#- Set ssl certificates for each slave #} {#- Set ssl certificates for each slave #}
{%- for cert_name in ('ssl_csr', 'ssl_proxy_ca_crt')%} {%- for cert_name in ('ssl_csr', 'ssl_proxy_ca_crt')%}
{%- set cert_file_key = 'path_to_' + cert_name %}
{%- if cert_name in slave_instance %} {%- if cert_name in slave_instance %}
{%- set cert_title = '%s-%s' % (slave_reference, cert_name.replace('ssl_', '')) %} {%- set cert_title = '%s-%s' % (slave_reference, cert_name.replace('ssl_', '')) %}
{%- set cert_file = '/'.join([custom_ssl_directory, cert_title.replace('-','.')]) %} {%- set cert_file = '/'.join([custom_ssl_directory, cert_title.replace('-','.')]) %}
{%- do part_list.append(cert_title) %} {%- do part_list.append(cert_title) %}
{%- do slave_parameter_dict.__setitem__(cert_name, cert_file) %} {%- do slave_parameter_dict.__setitem__(cert_name, cert_file) %}
{%- do slave_instance.__setitem__('path_to_' + cert_name, cert_file) %} {%- do slave_instance.__setitem__(cert_file_key, cert_file) %}
{#- Store certificates on fs #} {#- Store certificates on fs #}
[{{ cert_title }}] [{{ cert_title }}]
< = jinja2-template-base < = jinja2-template-base
...@@ -241,7 +285,9 @@ extra-context = ...@@ -241,7 +285,9 @@ extra-context =
{#- Store certificate in config #} {#- Store certificate in config #}
[{{ cert_title + '-config' }}] [{{ cert_title + '-config' }}]
value = {{ dumps(slave_instance.get(cert_name)) }} value = {{ dumps(slave_instance.get(cert_name)) }}
{%- endif %} {%- else %}
{%- do slave_instance.__setitem__(cert_file_key, None) %}
{%- endif %} {#- if cert_name in slave_instance #}
{%- endfor %} {%- endfor %}
{#- Set Up Certs #} {#- Set Up Certs #}
{%- if 'ssl_key' in slave_instance and 'ssl_crt' in slave_instance %} {%- if 'ssl_key' in slave_instance and 'ssl_crt' in slave_instance %}
...@@ -273,7 +319,7 @@ http_port = {{ dumps('' ~ configuration['plain_http_port']) }} ...@@ -273,7 +319,7 @@ http_port = {{ dumps('' ~ configuration['plain_http_port']) }}
local_ipv4 = {{ dumps('' ~ instance_parameter_dict['ipv4-random']) }} local_ipv4 = {{ dumps('' ~ instance_parameter_dict['ipv4-random']) }}
{%- for key, value in slave_instance.iteritems() %} {%- for key, value in slave_instance.iteritems() %}
{%- if value is not none %} {%- if value is not none %}
{{ key }} = {{ dumps('' ~ value) }} {{ key }} = {{ dumps(value) }}
{%- endif %} {%- endif %}
{%- endfor %} {%- endfor %}
...@@ -284,7 +330,6 @@ rendered = {{ caddy_configuration_directory }}/${:filename} ...@@ -284,7 +330,6 @@ rendered = {{ caddy_configuration_directory }}/${:filename}
template = {{ template_default_slave_configuration }} template = {{ template_default_slave_configuration }}
extra-context = extra-context =
section slave_parameter {{ slave_configuration_section_name }} section slave_parameter {{ slave_configuration_section_name }}
import urllib_module urllib
filename = {{ '%s.conf' % slave_reference }} filename = {{ '%s.conf' % slave_reference }}
{{ '\n' }} {{ '\n' }}
...@@ -329,6 +374,7 @@ recipe = slapos.cookbook:publish ...@@ -329,6 +374,7 @@ recipe = slapos.cookbook:publish
{%- else %} {%- else %}
{%- do slave_instance_information_list.append(slave_publish_dict) %} {%- do slave_instance_information_list.append(slave_publish_dict) %}
{%- endif %} {%- endif %}
{%- do frontend_slave_list.append(slave_instance) %}
{%- if slave_type != 'redirect' %} {%- if slave_type != 'redirect' %}
{%- do backend_slave_list.append(slave_instance) %} {%- do backend_slave_list.append(slave_instance) %}
{%- endif %} {%- endif %}
...@@ -389,8 +435,6 @@ hash-existing-files = ${buildout:directory}/software_release/buildout.cfg ...@@ -389,8 +435,6 @@ hash-existing-files = ${buildout:directory}/software_release/buildout.cfg
{#- Publish information for the instance #} {#- Publish information for the instance #}
[publish-caddy-information] [publish-caddy-information]
recipe = slapos.cookbook:publish.serialised recipe = slapos.cookbook:publish.serialised
public-ipv4 = {{ configuration['public-ipv4'] }}
private-ipv4 = {{ instance_parameter_dict['ipv4-random'] }}
{%- if configuration['extra_slave_instance_list'] %} {%- if configuration['extra_slave_instance_list'] %}
{#- sort_keys are important in order to avoid shuffling parameters on each run #} {#- sort_keys are important in order to avoid shuffling parameters on each run #}
slave-instance-information-list = {{ json_module.dumps(slave_instance_information_list, sort_keys=True) }} slave-instance-information-list = {{ json_module.dumps(slave_instance_information_list, sort_keys=True) }}
......
...@@ -18,12 +18,8 @@ defaults ...@@ -18,12 +18,8 @@ defaults
{%- macro frontend_entry(slave_instance, scheme, wildcard) %} {%- macro frontend_entry(slave_instance, scheme, wildcard) %}
{#- wildcard switch allows to put dangerous entries in the end, as haproxy parses with first match #} {#- wildcard switch allows to put dangerous entries in the end, as haproxy parses with first match #}
{%- if slave_instance[SCHEME_PREFIX_MAPPING[scheme]]['hostname'] and slave_instance[SCHEME_PREFIX_MAPPING[scheme]]['port'] %} {%- if slave_instance[SCHEME_PREFIX_MAPPING[scheme]]['hostname'] and slave_instance[SCHEME_PREFIX_MAPPING[scheme]]['port'] %}
{%- set host_list = (slave_instance.get('server-alias') or '').split() %}
{%- if slave_instance.get('custom_domain') not in host_list %}
{%- do host_list.append(slave_instance.get('custom_domain')) %}
{%- endif %}
{%- set matched = {'count': 0} %} {%- set matched = {'count': 0} %}
{%- for host in host_list %} {%- for host in slave_instance['host_list'] %}
{#- Match up to the end or optional port (starting with ':') #} {#- Match up to the end or optional port (starting with ':') #}
{#- Please note that this matching is quite sensitive to changes and hard to test, so avoid needless changes #} {#- Please note that this matching is quite sensitive to changes and hard to test, so avoid needless changes #}
{%- if wildcard and host.startswith('*.') %} {%- if wildcard and host.startswith('*.') %}
...@@ -80,10 +76,9 @@ frontend https-backend ...@@ -80,10 +76,9 @@ frontend https-backend
{%- do ssl_list.append('crt %s' % (configuration['certificate'],)) %} {%- do ssl_list.append('crt %s' % (configuration['certificate'],)) %}
{%- endif %} {%- endif %}
{%- do ssl_list.append('ssl verify') %} {%- do ssl_list.append('ssl verify') %}
{%- set path_to_ssl_proxy_ca_crt = slave_instance.get('path_to_ssl_proxy_ca_crt') %}
{%- if slave_instance['ssl_proxy_verify'] %} {%- if slave_instance['ssl_proxy_verify'] %}
{%- if path_to_ssl_proxy_ca_crt %} {%- if slave_instance['path_to_ssl_proxy_ca_crt'] %}
{%- do ssl_list.append('required ca-file %s' % (path_to_ssl_proxy_ca_crt,)) %} {%- do ssl_list.append('required ca-file %s' % (slave_instance['path_to_ssl_proxy_ca_crt'],)) %}
{%- else %} {%- else %}
{#- Backend SSL shall be verified, but not CA provided, disallow connection #} {#- Backend SSL shall be verified, but not CA provided, disallow connection #}
{#- Simply dropping hostname from the dict will result with ignoring it... #} {#- Simply dropping hostname from the dict will result with ignoring it... #}
......
{%- set TRUE_VALUES = ['y', 'yes', '1', 'true'] %}
{%- set enable_cache = slave_parameter.get('enable_cache', '').lower() in TRUE_VALUES %}
{%- set disable_no_cache_header = slave_parameter.get('disable-no-cache-request', '').lower() in TRUE_VALUES %}
{%- set disable_via_header = slave_parameter.get('disable-via-header', '').lower() in TRUE_VALUES %}
{%- set prefer_gzip = slave_parameter.get('prefer-gzip-encoding-to-backend', '').lower() in TRUE_VALUES %}
{%- set proxy_append_list = [('', 'Default proxy configuration')] %} {%- set proxy_append_list = [('', 'Default proxy configuration')] %}
{%- if prefer_gzip %} {%- if slave_parameter['prefer-gzip-encoding-to-backend'] %}
{%- do proxy_append_list.append(('prefer-gzip', 'Proxy which always overrides Accept-Encoding to gzip if such is found')) %} {%- do proxy_append_list.append(('prefer-gzip', 'Proxy which always overrides Accept-Encoding to gzip if such is found')) %}
{%- endif %} {#- if prefer_gzip #} {%- endif %} {#- if slave_parameter['prefer-gzip-encoding-to-backend'] #}
{%- set server_alias_list = slave_parameter.get('server-alias', '').split() %}
{%- set enable_h2 = slave_parameter['global_disable_http2'].lower() not in TRUE_VALUES and slave_parameter.get('enable-http2', slave_parameter['enable_http2_by_default']).lower() in TRUE_VALUES %}
{%- set disabled_cookie_list = slave_parameter.get('disabled-cookie-list', '').split() %}
{%- set https_only = slave_parameter.get('https-only', 'true').lower() in TRUE_VALUES %}
{%- set slave_type = slave_parameter.get('type', '') %}
{%- set host_list = server_alias_list %}
{%- set cipher_list = slave_parameter.get('cipher_list', '').strip() %}
{%- if slave_parameter.get('custom_domain') not in host_list %}
{%- do host_list.append(slave_parameter.get('custom_domain')) %}
{%- endif %}
{%- set http_host_list = [] %} {%- set http_host_list = [] %}
{%- set https_host_list = [] %} {%- set https_host_list = [] %}
{%- for host in host_list %} {%- for host in slave_parameter['host_list'] %}
{%- do http_host_list.append('http://%s:%s' % (host, slave_parameter['http_port'] )) %} {%- do http_host_list.append('http://%s:%s' % (host, slave_parameter['http_port'] )) %}
{%- do https_host_list.append('https://%s:%s' % (host, slave_parameter['https_port'] )) %} {%- do https_host_list.append('https://%s:%s' % (host, slave_parameter['https_port'] )) %}
{%- endfor %} {#- for host in host_list #} {%- endfor %} {#- for host in slave_parameter['host_list'] #}
{%- set default_path = slave_parameter.get('default-path', '').strip('/') | urlencode %}
{%- set websocket_path_list = [] %}
{%- for websocket_path in slave_parameter.get('websocket-path-list', '').split() %}
{%- set websocket_path = websocket_path.strip('/') %}
{#- Unquote the path, so %20 and similar can be represented correctly #}
{%- set websocket_path = urllib_module.unquote(websocket_path.strip()) %}
{%- if websocket_path %}
{%- do websocket_path_list.append(websocket_path) %}
{%- endif %}
{%- endfor %}
{%- set websocket_transparent = slave_parameter.get('websocket-transparent', 'true').lower() in TRUE_VALUES %}
{%- if slave_type in ['notebook', 'websocket'] %}
{# websocket style needs http 1.1 max #}
{%- set enable_h2 = False %}
{%- endif %}
{%- macro proxy_header() %} {%- macro proxy_header() %}
timeout {{ slave_parameter['request-timeout'] }}s timeout {{ slave_parameter['request-timeout'] }}s
...@@ -48,9 +18,24 @@ ...@@ -48,9 +18,24 @@
try_interval 250ms try_interval 250ms
{%- endmacro %} {# proxy_header #} {%- endmacro %} {# proxy_header #}
{%- macro hsts_header(tls) %}
{%- if tls %}
{%- if slave_parameter['strict-transport-security'] > 0 %}
{%- set strict_transport_security = ['max-age=%i' % (slave_parameter['strict-transport-security'],)] %}
{%- if slave_parameter['strict-transport-security-sub-domains'] %}
{%- do strict_transport_security.append('; includeSubDomains') %}
{%- endif %}
{%- if slave_parameter['strict-transport-security-preload'] %}
{%- do strict_transport_security.append('; preload') %}
{%- endif %}
header_downstream Strict-Transport-Security "{{ ''.join(strict_transport_security) }}"
{%- endif %}
{%- endif %}
{%- endmacro %} {# hsts_header #}
{%- for tls in [True, False] %} {%- for tls in [True, False] %}
{%- if tls %} {%- if tls %}
{%- set backend_url = slave_parameter.get('backend-https-url', slave_parameter.get('backend-http-url')) %} {%- set backend_url = slave_parameter.get('backend-https-url', slave_parameter['backend-http-url']) %}
# SSL enabled hosts # SSL enabled hosts
{{ https_host_list|join(', ') }} { {{ https_host_list|join(', ') }} {
{%- else %} {%- else %}
...@@ -61,28 +46,28 @@ ...@@ -61,28 +46,28 @@
bind {{ slave_parameter['local_ipv4'] }} bind {{ slave_parameter['local_ipv4'] }}
{%- if tls %} {%- if tls %}
tls {{ slave_parameter['certificate'] }} {{ slave_parameter['certificate'] }} { tls {{ slave_parameter['certificate'] }} {{ slave_parameter['certificate'] }} {
{%- if cipher_list %} {%- if slave_parameter['ciphers'] %}
ciphers {{ cipher_list }} ciphers {{ slave_parameter['ciphers'] }}
{%- endif %} {%- endif %}
{%- if enable_h2 %} {%- if slave_parameter['enable_h2'] %}
# Allow HTTP2 # Allow http2
alpn h2 http/1.1 alpn h2 http/1.1
{%- else %} {#- if enable_h2 #} {%- else %} {#- if slave_parameter['enable_h2'] #}
# Disallow HTTP2 # Disallow HTTP2
alpn http/1.1 alpn http/1.1
{%- endif %} {#- if enable_h2 #} {%- endif %} {#- if slave_parameter['enable_h2'] #}
} {# tls #} } {# tls #}
{%- endif %} {#- if tls #} {%- endif %} {#- if tls #}
log / {{ slave_parameter.get('access_log') }} "{remote} - {>REMOTE_USER} [{when}] \"{method} {uri} {proto}\" {status} {size} \"{>Referer}\" \"{>User-Agent}\" {latency_ms}" { log / {{ slave_parameter['access_log'] }} "{remote} - {>REMOTE_USER} [{when}] \"{method} {uri} {proto}\" {status} {size} \"{>Referer}\" \"{>User-Agent}\" {latency_ms}" {
rotate_size 0 rotate_size 0
} }
errors {{ slave_parameter.get('error_log') }} { errors {{ slave_parameter['error_log'] }} {
rotate_size 0 rotate_size 0
} }
{%- if not (slave_type == 'zope' and backend_url) %} {%- if not (slave_parameter['type'] == 'zope' and backend_url) %}
{% if prefer_gzip and not (not tls and https_only) %} {% if slave_parameter['prefer-gzip-encoding-to-backend'] and not (not tls and slave_parameter['https-only']) %}
rewrite { rewrite {
regexp (.*) regexp (.*)
if {>Accept-Encoding} match "(^gzip,.*|.*, gzip,.*|.*, gzip$|^gzip$)" if {>Accept-Encoding} match "(^gzip,.*|.*, gzip,.*|.*, gzip$|^gzip$)"
...@@ -93,90 +78,92 @@ ...@@ -93,90 +78,92 @@
if {>Accept-Encoding} not_match "(^gzip,.*|.*, gzip,.*|.*, gzip$|^gzip$)" if {>Accept-Encoding} not_match "(^gzip,.*|.*, gzip,.*|.*, gzip$|^gzip$)"
to {1} to {1}
} }
{% elif slave_type not in ['notebook', 'websocket'] %} {% elif slave_parameter['type'] not in ['notebook', 'websocket'] %}
rewrite { rewrite {
regexp (.*) regexp (.*)
to {1} to {1}
} }
{% endif %} {# elif slave_type != 'notebook' #} {% endif %} {# elif slave_parameter['type'] != 'notebook' #}
{%- endif %} {#- if not (slave_type == 'zope' and backend_url) #} {%- endif %} {#- if not (slave_parameter['type'] == 'zope' and backend_url) #}
{%- if not tls and https_only %} {%- if not tls and slave_parameter['https-only'] %}
# Enforced redirection to SSL-enabled host # Enforced redirection to SSL-enabled host
redir 302 { redir 302 {
/ https://{host}{rewrite_uri} / https://{host}{rewrite_uri}
} }
{%- elif slave_type == 'zope' and backend_url %} {%- elif slave_parameter['type'] == 'zope' and backend_url %}
# Zope configuration # Zope configuration
{%- for (proxy_name, proxy_comment) in proxy_append_list %} {%- for (proxy_name, proxy_comment) in proxy_append_list %}
# {{ proxy_comment }} # {{ proxy_comment }}
proxy "/{{ proxy_name }}" {{ backend_url }} { proxy "/{{ proxy_name }}" {{ backend_url }} {
{{ proxy_header() }} {{ proxy_header() }}
{{ hsts_header(tls) }}
{%- if proxy_name == 'prefer-gzip' %} {%- if proxy_name == 'prefer-gzip' %}
without /prefer-gzip without /prefer-gzip
header_upstream Accept-Encoding gzip header_upstream Accept-Encoding gzip
{%- endif %} {#- if proxy_name == 'prefer-gzip' #} {%- endif %} {#- if proxy_name == 'prefer-gzip' #}
{%- for disabled_cookie in disabled_cookie_list %} {%- for disabled_cookie in slave_parameter['disabled-cookie-list'] %}
# Remove cookie {{ disabled_cookie }} from client Cookies # Remove cookie {{ disabled_cookie }} from client Cookies
header_upstream Cookie "(.*)(^{{ disabled_cookie }}=[^;]*; |; {{ disabled_cookie }}=[^;]*|^{{ disabled_cookie }}=[^;]*$)(.*)" "$1 $3" header_upstream Cookie "(.*)(^{{ disabled_cookie }}=[^;]*; |; {{ disabled_cookie }}=[^;]*|^{{ disabled_cookie }}=[^;]*$)(.*)" "$1 $3"
{%- endfor %} {#- for disabled_cookie in disabled_cookie_list #} {%- endfor %} {#- for disabled_cookie in slave_parameter['disabled-cookie-list'] #}
{%- if disable_via_header %} {%- if slave_parameter['disable-via-header'] %}
header_downstream -Via header_downstream -Via
{%- endif %} {#- if disable_via_header #} {%- endif %} {#- if slave_parameter['disable-via-header'] #}
{%- if disable_no_cache_header %} {%- if slave_parameter['disable-no-cache-request'] %}
header_upstream -Cache-Control header_upstream -Cache-Control
header_upstream -Pragma header_upstream -Pragma
{%- endif %} {#- if disable_no_cache_header #} {%- endif %} {#- if slave_parameter['disable-no-cache-request'] #}
transparent transparent
} {# proxy #} } {# proxy #}
{%- endfor %} {#- for (proxy_name, proxy_comment) in proxy_append_list #} {%- endfor %} {#- for (proxy_name, proxy_comment) in proxy_append_list #}
{%- if default_path %} {%- if slave_parameter['default-path'] %}
redir 301 { redir 301 {
if {path} is / if {path} is /
/ {scheme}://{host}/{{ default_path }} / {scheme}://{host}/{{ slave_parameter['default-path'] }}
} {# redir #} } {# redir #}
{%- endif %} {#- if default_path #} {%- endif %} {#- if slave_parameter['default-path'] #}
{%- if prefer_gzip and not (not tls and https_only) %} {%- if slave_parameter['prefer-gzip-encoding-to-backend'] and not (not tls and slave_parameter['https-only']) %}
rewrite { rewrite {
regexp (.*) regexp (.*)
if {>Accept-Encoding} match "(^gzip,.*|.*, gzip,.*|.*, gzip$|^gzip$)" if {>Accept-Encoding} match "(^gzip,.*|.*, gzip,.*|.*, gzip$|^gzip$)"
{%- if tls %} {%- if tls %}
to /prefer-gzip/VirtualHostBase/{scheme}%2F%2F{hostonly}:{{ slave_parameter.get('virtualhostroot-https-port', '443') | int }}%2F{{ slave_parameter.get('path', '').strip('/') }}%2FVirtualHostRoot/{1} to /prefer-gzip/VirtualHostBase/{scheme}%2F%2F{hostonly}:{{ slave_parameter['virtualhostroot-https-port'] }}%2F{{ slave_parameter['path'] }}%2FVirtualHostRoot/{1}
{%- else %} {%- else %}
to /prefer-gzip/VirtualHostBase/{scheme}%2F%2F{hostonly}:{{ slave_parameter.get('virtualhostroot-http-port', '80') | int }}%2F{{ slave_parameter.get('path', '').strip('/') }}%2FVirtualHostRoot/{1} to /prefer-gzip/VirtualHostBase/{scheme}%2F%2F{hostonly}:{{ slave_parameter['virtualhostroot-http-port'] }}%2F{{ slave_parameter['path'] }}%2FVirtualHostRoot/{1}
{%- endif %} {%- endif %}
} }
rewrite { rewrite {
regexp (.*) regexp (.*)
if {>Accept-Encoding} not_match "(^gzip,.*|.*, gzip,.*|.*, gzip$|^gzip$)" if {>Accept-Encoding} not_match "(^gzip,.*|.*, gzip,.*|.*, gzip$|^gzip$)"
{%- if tls %} {%- if tls %}
to /VirtualHostBase/{scheme}%2F%2F{hostonly}:{{ slave_parameter.get('virtualhostroot-https-port', '443') | int }}%2F{{ slave_parameter.get('path', '').strip('/') }}%2FVirtualHostRoot/{1} to /VirtualHostBase/{scheme}%2F%2F{hostonly}:{{ slave_parameter['virtualhostroot-https-port'] }}%2F{{ slave_parameter['path'] }}%2FVirtualHostRoot/{1}
{%- else %} {%- else %}
to /VirtualHostBase/{scheme}%2F%2F{hostonly}:{{ slave_parameter.get('virtualhostroot-http-port', '80') | int }}%2F{{ slave_parameter.get('path', '').strip('/') }}%2FVirtualHostRoot/{1} to /VirtualHostBase/{scheme}%2F%2F{hostonly}:{{ slave_parameter['virtualhostroot-http-port'] }}%2F{{ slave_parameter['path'] }}%2FVirtualHostRoot/{1}
{%- endif %} {%- endif %}
} }
{%- else %} {%- else %}
rewrite { rewrite {
regexp (.*) regexp (.*)
{%- if tls %} {%- if tls %}
to /VirtualHostBase/{scheme}%2F%2F{hostonly}:{{ slave_parameter.get('virtualhostroot-https-port', '443') | int }}%2F{{ slave_parameter.get('path', '').strip('/') }}%2FVirtualHostRoot/{1} to /VirtualHostBase/{scheme}%2F%2F{hostonly}:{{ slave_parameter['virtualhostroot-https-port'] }}%2F{{ slave_parameter['path'] }}%2FVirtualHostRoot/{1}
{%- else %} {%- else %}
to /VirtualHostBase/{scheme}%2F%2F{hostonly}:{{ slave_parameter.get('virtualhostroot-http-port', '80') | int }}%2F{{ slave_parameter.get('path', '').strip('/') }}%2FVirtualHostRoot/{1} to /VirtualHostBase/{scheme}%2F%2F{hostonly}:{{ slave_parameter['virtualhostroot-http-port'] }}%2F{{ slave_parameter['path'] }}%2FVirtualHostRoot/{1}
{%- endif %} {%- endif %}
} {# rewrite #} } {# rewrite #}
{%- endif %} {#- if prefer_gzip #} {%- endif %} {#- if slave_parameter['prefer-gzip-encoding-to-backend'] #}
{%- elif slave_type == 'redirect' %} {%- elif slave_parameter['type'] == 'redirect' %}
{%- if backend_url %} {%- if backend_url %}
# Redirect configuration # Redirect configuration
redir 302 { redir 302 {
/ {{ backend_url }}{rewrite_uri} / {{ backend_url }}{rewrite_uri}
} }
{%- endif %} {%- endif %}
{%- elif slave_type == 'notebook' %} {%- elif slave_parameter['type'] == 'notebook' %}
proxy / {{ backend_url }} { proxy / {{ backend_url }} {
{{ proxy_header() }} {{ proxy_header() }}
{{ hsts_header(tls) }}
transparent transparent
} }
rewrite { rewrite {
...@@ -185,25 +172,28 @@ ...@@ -185,25 +172,28 @@
} }
proxy /proxy/ {{ backend_url }} { proxy /proxy/ {{ backend_url }} {
{{ proxy_header() }} {{ proxy_header() }}
{{ hsts_header(tls) }}
transparent transparent
websocket websocket
without /proxy/ without /proxy/
} }
{%- elif slave_type == 'websocket' %} {%- elif slave_parameter['type'] == 'websocket' %}
{%- if websocket_path_list %} {%- if slave_parameter['websocket-path-list'] %}
proxy / {{ backend_url }} { proxy / {{ backend_url }} {
{{ proxy_header() }} {{ proxy_header() }}
{%- if websocket_transparent %} {{ hsts_header(tls) }}
{%- if slave_parameter['websocket-transparent'] %}
transparent transparent
{%- else %} {%- else %}
header_upstream Host {host} header_upstream Host {host}
{%- endif %} {%- endif %}
} }
{%- for websocket_path in websocket_path_list %} {%- for websocket_path in slave_parameter['websocket-path-list'] %}
proxy "/{{ websocket_path }}" {{ backend_url }} { proxy "/{{ websocket_path }}" {{ backend_url }} {
{{ proxy_header() }} {{ proxy_header() }}
{{ hsts_header(tls) }}
websocket websocket
{%- if websocket_transparent %} {%- if slave_parameter['websocket-transparent'] %}
transparent transparent
{%- else %} {%- else %}
header_upstream Host {host} header_upstream Host {host}
...@@ -213,49 +203,51 @@ ...@@ -213,49 +203,51 @@
{%- else %} {%- else %}
proxy / {{ backend_url }} { proxy / {{ backend_url }} {
{{ proxy_header() }} {{ proxy_header() }}
{{ hsts_header(tls) }}
websocket websocket
{%- if websocket_transparent %} {%- if slave_parameter['websocket-transparent'] %}
transparent transparent
{%- else %} {%- else %}
header_upstream Host {host} header_upstream Host {host}
{%- endif %} {%- endif %}
} }
{%- endif %} {%- endif %}
{%- else %} {#- if slave_type == 'zope' and backend_url #} {%- else %} {#- if slave_parameter['type'] == 'zope' and backend_url #}
# Default configuration # Default configuration
{%- if default_path %} {%- if slave_parameter['default-path'] %}
redir 301 { redir 301 {
if {path} is / if {path} is /
/ {scheme}://{host}/{{ default_path }} / {scheme}://{host}/{{ slave_parameter['default-path'] }}
} {# redir #} } {# redir #}
{%- endif %} {#- if default_path #} {%- endif %} {#- if slave_parameter['default-path'] #}
{%- if backend_url %} {%- if backend_url %}
{%- for (proxy_name, proxy_comment) in proxy_append_list %} {%- for (proxy_name, proxy_comment) in proxy_append_list %}
# {{ proxy_comment }} # {{ proxy_comment }}
proxy "/{{ proxy_name }}" {{ backend_url }} { proxy "/{{ proxy_name }}" {{ backend_url }} {
{{ proxy_header() }} {{ proxy_header() }}
{{ hsts_header(tls) }}
{%- if proxy_name == 'prefer-gzip' %} {%- if proxy_name == 'prefer-gzip' %}
without /prefer-gzip without /prefer-gzip
header_upstream Accept-Encoding gzip header_upstream Accept-Encoding gzip
{%- endif %} {#- if proxy_name == 'prefer-gzip' #} {%- endif %} {#- if proxy_name == 'prefer-gzip' #}
{%- for disabled_cookie in disabled_cookie_list %} {%- for disabled_cookie in slave_parameter['disabled-cookie-list'] %}
# Remove cookie {{ disabled_cookie }} from client Cookies # Remove cookie {{ disabled_cookie }} from client Cookies
header_upstream Cookie "(.*)(^{{ disabled_cookie }}=[^;]*; |; {{ disabled_cookie }}=[^;]*|^{{ disabled_cookie }}=[^;]*$)(.*)" "$1 $3" header_upstream Cookie "(.*)(^{{ disabled_cookie }}=[^;]*; |; {{ disabled_cookie }}=[^;]*|^{{ disabled_cookie }}=[^;]*$)(.*)" "$1 $3"
{%- endfor %} {#- for disabled_cookie in disabled_cookie_list #} {%- endfor %} {#- for disabled_cookie in slave_parameter['disabled-cookie-list'] #}
{%- if disable_via_header %} {%- if slave_parameter['disable-via-header'] %}
header_downstream -Via header_downstream -Via
{%- endif %} {#- if disable_via_header #} {%- endif %} {#- if slave_parameter['disable-via-header'] #}
{%- if disable_no_cache_header %} {%- if slave_parameter['disable-no-cache-request'] %}
header_upstream -Cache-Control header_upstream -Cache-Control
header_upstream -Pragma header_upstream -Pragma
{%- endif %} {#- if disable_no_cache_header #} {%- endif %} {#- if slave_parameter['disable-no-cache-request'] #}
transparent transparent
} {# proxy #} } {# proxy #}
{%- endfor %} {#- for (proxy_name, proxy_comment) in proxy_append_list #} {%- endfor %} {#- for (proxy_name, proxy_comment) in proxy_append_list #}
{%- endif %} {#- if backend_url #} {%- endif %} {#- if backend_url #}
{%- endif %} {#- if slave_type == 'zope' and backend_url #} {%- endif %} {#- if slave_parameter['type'] == 'zope' and backend_url #}
} {# https_host_list|join(', ') #} } {# https_host_list|join(', ') #}
{%- endfor %} {#- for tls in [True, False] #} {%- endfor %} {#- for tls in [True, False] #}
...@@ -84,6 +84,9 @@ KEDIFA_PORT = '15080' ...@@ -84,6 +84,9 @@ KEDIFA_PORT = '15080'
# has to be not partition one # has to be not partition one
SOURCE_IP = '127.0.0.1' SOURCE_IP = '127.0.0.1'
# IP on which test run, in order to mimic HTTP[s] access
TEST_IP = os.environ['SLAPOS_TEST_IPV4']
# "--resolve" inspired from https://stackoverflow.com/a/44378047/9256748 # "--resolve" inspired from https://stackoverflow.com/a/44378047/9256748
DNS_CACHE = {} DNS_CACHE = {}
...@@ -254,11 +257,11 @@ def subprocess_output(*args, **kwargs): ...@@ -254,11 +257,11 @@ def subprocess_output(*args, **kwargs):
return subprocess_status_output(*args, **kwargs)[1] return subprocess_status_output(*args, **kwargs)[1]
def isHTTP2(domain, ip): def isHTTP2(domain):
curl_command = 'curl --http2 -v -k -H "Host: %(domain)s" ' \ curl_command = 'curl --http2 -v -k -H "Host: %(domain)s" ' \
'https://%(domain)s:%(https_port)s/ '\ 'https://%(domain)s:%(https_port)s/ '\
'--resolve %(domain)s:%(https_port)s:%(ip)s' % dict( '--resolve %(domain)s:%(https_port)s:%(ip)s' % dict(
ip=ip, domain=domain, https_port=HTTPS_PORT) ip=TEST_IP, domain=domain, https_port=HTTPS_PORT)
prc = subprocess.Popen( prc = subprocess.Popen(
curl_command.split(), stdout=subprocess.PIPE, stderr=subprocess.PIPE curl_command.split(), stdout=subprocess.PIPE, stderr=subprocess.PIPE
) )
...@@ -395,7 +398,7 @@ class TestDataMixin(object): ...@@ -395,7 +398,7 @@ class TestDataMixin(object):
self.assertTestData(runtime_data, hash_value_dict=hash_value_dict) self.assertTestData(runtime_data, hash_value_dict=hash_value_dict)
def fakeHTTPSResult(domain, real_ip, path, port=HTTPS_PORT, def fakeHTTPSResult(domain, path, port=HTTPS_PORT,
headers=None, cookies=None, source_ip=SOURCE_IP): headers=None, cookies=None, source_ip=SOURCE_IP):
if headers is None: if headers is None:
headers = {} headers = {}
...@@ -414,7 +417,7 @@ def fakeHTTPSResult(domain, real_ip, path, port=HTTPS_PORT, ...@@ -414,7 +417,7 @@ def fakeHTTPSResult(domain, real_ip, path, port=HTTPS_PORT,
session.mount('https://', new_source) session.mount('https://', new_source)
socket_getaddrinfo = socket.getaddrinfo socket_getaddrinfo = socket.getaddrinfo
try: try:
add_custom_dns(domain, port, real_ip) add_custom_dns(domain, port, TEST_IP)
socket.getaddrinfo = new_getaddrinfo socket.getaddrinfo = new_getaddrinfo
return session.get( return session.get(
'https://%s:%s/%s' % (domain, port, path), 'https://%s:%s/%s' % (domain, port, path),
...@@ -427,7 +430,7 @@ def fakeHTTPSResult(domain, real_ip, path, port=HTTPS_PORT, ...@@ -427,7 +430,7 @@ def fakeHTTPSResult(domain, real_ip, path, port=HTTPS_PORT,
socket.getaddrinfo = socket_getaddrinfo socket.getaddrinfo = socket_getaddrinfo
def fakeHTTPResult(domain, real_ip, path, port=HTTP_PORT, def fakeHTTPResult(domain, path, port=HTTP_PORT,
headers=None, source_ip=SOURCE_IP): headers=None, source_ip=SOURCE_IP):
if headers is None: if headers is None:
headers = {} headers = {}
...@@ -445,7 +448,7 @@ def fakeHTTPResult(domain, real_ip, path, port=HTTP_PORT, ...@@ -445,7 +448,7 @@ def fakeHTTPResult(domain, real_ip, path, port=HTTP_PORT,
session.mount('http://', new_source) session.mount('http://', new_source)
session.mount('https://', new_source) session.mount('https://', new_source)
return session.get( return session.get(
'http://%s:%s/%s' % (real_ip, port, path), 'http://%s:%s/%s' % (TEST_IP, port, path),
headers=headers, headers=headers,
allow_redirects=False, allow_redirects=False,
) )
...@@ -921,7 +924,7 @@ class HttpFrontendTestCase(SlapOSInstanceTestCase): ...@@ -921,7 +924,7 @@ class HttpFrontendTestCase(SlapOSInstanceTestCase):
def waitForCaddy(cls): def waitForCaddy(cls):
def method(): def method():
fakeHTTPSResult( fakeHTTPSResult(
cls._ipv4_address, cls._ipv4_address, cls._ipv4_address,
'/', '/',
) )
cls.waitForMethod('waitForCaddy', method) cls.waitForMethod('waitForCaddy', method)
...@@ -1038,10 +1041,10 @@ class SlaveHttpFrontendTestCase(HttpFrontendTestCase): ...@@ -1038,10 +1041,10 @@ class SlaveHttpFrontendTestCase(HttpFrontendTestCase):
def waitForSlave(cls): def waitForSlave(cls):
def method(): def method():
for parameter_dict in cls.getSlaveConnectionParameterDictList(): for parameter_dict in cls.getSlaveConnectionParameterDictList():
if 'domain' in parameter_dict and 'public-ipv4' in parameter_dict: if 'domain' in parameter_dict:
try: try:
fakeHTTPSResult( fakeHTTPSResult(
parameter_dict['domain'], parameter_dict['public-ipv4'], '/') parameter_dict['domain'], '/')
except requests.exceptions.InvalidURL: except requests.exceptions.InvalidURL:
# ignore slaves to which connection is impossible by default # ignore slaves to which connection is impossible by default
continue continue
...@@ -1117,7 +1120,6 @@ class SlaveHttpFrontendTestCase(HttpFrontendTestCase): ...@@ -1117,7 +1120,6 @@ class SlaveHttpFrontendTestCase(HttpFrontendTestCase):
'url': 'http://%s.example.com' % (hostname, ), 'url': 'http://%s.example.com' % (hostname, ),
'site_url': 'http://%s.example.com' % (hostname, ), 'site_url': 'http://%s.example.com' % (hostname, ),
'secure_access': 'https://%s.example.com' % (hostname, ), 'secure_access': 'https://%s.example.com' % (hostname, ),
'public-ipv4': self._ipv4_address,
'backend-client-caucase-url': 'http://[%s]:8990' % self._ipv6_address, 'backend-client-caucase-url': 'http://[%s]:8990' % self._ipv6_address,
}, },
parameter_dict parameter_dict
...@@ -1192,7 +1194,6 @@ class TestSlave(SlaveHttpFrontendTestCase, TestDataMixin): ...@@ -1192,7 +1194,6 @@ class TestSlave(SlaveHttpFrontendTestCase, TestDataMixin):
def getInstanceParameterDict(cls): def getInstanceParameterDict(cls):
return { return {
'domain': 'example.com', 'domain': 'example.com',
'public-ipv4': cls._ipv4_address,
'port': HTTPS_PORT, 'port': HTTPS_PORT,
'plain_http_port': HTTP_PORT, 'plain_http_port': HTTP_PORT,
'kedifa_port': KEDIFA_PORT, 'kedifa_port': KEDIFA_PORT,
...@@ -1246,18 +1247,26 @@ class TestSlave(SlaveHttpFrontendTestCase, TestDataMixin): ...@@ -1246,18 +1247,26 @@ class TestSlave(SlaveHttpFrontendTestCase, TestDataMixin):
'backend-connect-timeout': 10, 'backend-connect-timeout': 10,
'backend-connect-retries': 5, 'backend-connect-retries': 5,
'request-timeout': 15, 'request-timeout': 15,
'strict-transport-security': '200',
'strict-transport-security-sub-domains': True,
'strict-transport-security-preload': True,
}, },
'server-alias': { 'server-alias': {
'url': cls.backend_url, 'url': cls.backend_url,
'server-alias': 'alias1.example.com alias2.example.com', 'server-alias': 'alias1.example.com alias2.example.com',
'strict-transport-security': '200',
}, },
'server-alias-empty': { 'server-alias-empty': {
'url': cls.backend_url, 'url': cls.backend_url,
'server-alias': '', 'server-alias': '',
'strict-transport-security': '200',
'strict-transport-security-sub-domains': True,
}, },
'server-alias-wildcard': { 'server-alias-wildcard': {
'url': cls.backend_url, 'url': cls.backend_url,
'server-alias': '*.alias1.example.com', 'server-alias': '*.alias1.example.com',
'strict-transport-security': '200',
'strict-transport-security-preload': True,
}, },
'server-alias-duplicated': { 'server-alias-duplicated': {
'url': cls.backend_url, 'url': cls.backend_url,
...@@ -1701,7 +1710,7 @@ class TestSlave(SlaveHttpFrontendTestCase, TestDataMixin): ...@@ -1701,7 +1710,7 @@ class TestSlave(SlaveHttpFrontendTestCase, TestDataMixin):
def test_empty(self): def test_empty(self):
parameter_dict = self.assertSlaveBase('empty') parameter_dict = self.assertSlaveBase('empty')
result = fakeHTTPSResult( result = fakeHTTPSResult(
parameter_dict['domain'], parameter_dict['public-ipv4'], 'test-path') parameter_dict['domain'], 'test-path')
self.assertEqual( self.assertEqual(
self.certificate_pem, self.certificate_pem,
der2pem(result.peercert)) der2pem(result.peercert))
...@@ -1709,7 +1718,7 @@ class TestSlave(SlaveHttpFrontendTestCase, TestDataMixin): ...@@ -1709,7 +1718,7 @@ class TestSlave(SlaveHttpFrontendTestCase, TestDataMixin):
self.assertEqual(httplib.SERVICE_UNAVAILABLE, result.status_code) self.assertEqual(httplib.SERVICE_UNAVAILABLE, result.status_code)
result_http = fakeHTTPResult( result_http = fakeHTTPResult(
parameter_dict['domain'], parameter_dict['public-ipv4'], 'test-path') parameter_dict['domain'], 'test-path')
self.assertEqual( self.assertEqual(
httplib.FOUND, httplib.FOUND,
result_http.status_code result_http.status_code
...@@ -1722,7 +1731,7 @@ class TestSlave(SlaveHttpFrontendTestCase, TestDataMixin): ...@@ -1722,7 +1731,7 @@ class TestSlave(SlaveHttpFrontendTestCase, TestDataMixin):
# check that 404 is as configured # check that 404 is as configured
result_missing = fakeHTTPSResult( result_missing = fakeHTTPSResult(
'forsuredoesnotexists.example.com', parameter_dict['public-ipv4'], '') 'forsuredoesnotexists.example.com', '')
self.assertEqual(httplib.NOT_FOUND, result_missing.status_code) self.assertEqual(httplib.NOT_FOUND, result_missing.status_code)
self.assertEqual( self.assertEqual(
"""<html> """<html>
...@@ -1806,7 +1815,6 @@ class TestSlave(SlaveHttpFrontendTestCase, TestDataMixin): ...@@ -1806,7 +1815,6 @@ class TestSlave(SlaveHttpFrontendTestCase, TestDataMixin):
'url': 'http://%s.example.com' % (hostname, ), 'url': 'http://%s.example.com' % (hostname, ),
'site_url': 'http://%s.example.com' % (hostname, ), 'site_url': 'http://%s.example.com' % (hostname, ),
'secure_access': 'https://%s.example.com' % (hostname, ), 'secure_access': 'https://%s.example.com' % (hostname, ),
'public-ipv4': self._ipv4_address,
'backend-client-caucase-url': 'http://[%s]:8990' % self._ipv6_address, 'backend-client-caucase-url': 'http://[%s]:8990' % self._ipv6_address,
'warning-list': [ 'warning-list': [
"slave url ' %s ' has been converted to '%s'" % ( "slave url ' %s ' has been converted to '%s'" % (
...@@ -1816,7 +1824,7 @@ class TestSlave(SlaveHttpFrontendTestCase, TestDataMixin): ...@@ -1816,7 +1824,7 @@ class TestSlave(SlaveHttpFrontendTestCase, TestDataMixin):
) )
result = fakeHTTPSResult( result = fakeHTTPSResult(
parameter_dict['domain'], parameter_dict['public-ipv4'], parameter_dict['domain'],
'test-path/deep/.././deeper', 'test-path/deep/.././deeper',
headers={ headers={
'Timeout': '10', # more than default backend-connect-timeout == 5 'Timeout': '10', # more than default backend-connect-timeout == 5
...@@ -1828,6 +1836,7 @@ class TestSlave(SlaveHttpFrontendTestCase, TestDataMixin): ...@@ -1828,6 +1836,7 @@ class TestSlave(SlaveHttpFrontendTestCase, TestDataMixin):
self.certificate_pem, self.certificate_pem,
der2pem(result.peercert)) der2pem(result.peercert))
self.assertNotIn('Strict-Transport-Security', result.headers)
self.assertEqualResultJson(result, 'Path', '/test-path/deeper') self.assertEqualResultJson(result, 'Path', '/test-path/deeper')
try: try:
...@@ -1878,7 +1887,7 @@ class TestSlave(SlaveHttpFrontendTestCase, TestDataMixin): ...@@ -1878,7 +1887,7 @@ class TestSlave(SlaveHttpFrontendTestCase, TestDataMixin):
log_regexp) log_regexp)
result_http = fakeHTTPResult( result_http = fakeHTTPResult(
parameter_dict['domain'], parameter_dict['public-ipv4'], parameter_dict['domain'],
'test-path/deep/.././deeper') 'test-path/deep/.././deeper')
self.assertEqual( self.assertEqual(
...@@ -1956,7 +1965,7 @@ class TestSlave(SlaveHttpFrontendTestCase, TestDataMixin): ...@@ -1956,7 +1965,7 @@ class TestSlave(SlaveHttpFrontendTestCase, TestDataMixin):
# 4. check that you can access this backend via frontend # 4. check that you can access this backend via frontend
# (so it means that auth to backend worked) # (so it means that auth to backend worked)
result = fakeHTTPSResult( result = fakeHTTPSResult(
parameter_dict['domain'], parameter_dict['public-ipv4'], parameter_dict['domain'],
'test-path/deep/.././deeper', 'test-path/deep/.././deeper',
headers={ headers={
'Timeout': '10', # more than default backend-connect-timeout == 5 'Timeout': '10', # more than default backend-connect-timeout == 5
...@@ -2045,7 +2054,7 @@ class TestSlave(SlaveHttpFrontendTestCase, TestDataMixin): ...@@ -2045,7 +2054,7 @@ class TestSlave(SlaveHttpFrontendTestCase, TestDataMixin):
# 4. check that you can access this backend via frontend # 4. check that you can access this backend via frontend
# (so it means that auth to backend worked) # (so it means that auth to backend worked)
result = fakeHTTPSResult( result = fakeHTTPSResult(
parameter_dict['domain'], parameter_dict['public-ipv4'], parameter_dict['domain'],
'test-path/deep/.././deeper', 'test-path/deep/.././deeper',
headers={ headers={
'Timeout': '10', # more than default backend-connect-timeout == 5 'Timeout': '10', # more than default backend-connect-timeout == 5
...@@ -2074,7 +2083,7 @@ class TestSlave(SlaveHttpFrontendTestCase, TestDataMixin): ...@@ -2074,7 +2083,7 @@ class TestSlave(SlaveHttpFrontendTestCase, TestDataMixin):
parameter_dict = self.assertSlaveBase('auth-to-backend-backend-ignore') parameter_dict = self.assertSlaveBase('auth-to-backend-backend-ignore')
result = fakeHTTPSResult( result = fakeHTTPSResult(
parameter_dict['domain'], parameter_dict['public-ipv4'], parameter_dict['domain'],
'test-path/deep/.././deeper', 'test-path/deep/.././deeper',
headers={ headers={
'Timeout': '10', # more than default backend-connect-timeout == 5 'Timeout': '10', # more than default backend-connect-timeout == 5
...@@ -2103,7 +2112,7 @@ class TestSlave(SlaveHttpFrontendTestCase, TestDataMixin): ...@@ -2103,7 +2112,7 @@ class TestSlave(SlaveHttpFrontendTestCase, TestDataMixin):
) )
result_http = fakeHTTPResult( result_http = fakeHTTPResult(
parameter_dict['domain'], parameter_dict['public-ipv4'], parameter_dict['domain'],
'test-path/deep/.././deeper') 'test-path/deep/.././deeper')
self.assertEqual( self.assertEqual(
...@@ -2130,7 +2139,6 @@ class TestSlave(SlaveHttpFrontendTestCase, TestDataMixin): ...@@ -2130,7 +2139,6 @@ class TestSlave(SlaveHttpFrontendTestCase, TestDataMixin):
'url': 'http://%s.example.com' % (hostname, ), 'url': 'http://%s.example.com' % (hostname, ),
'site_url': 'http://%s.example.com' % (hostname, ), 'site_url': 'http://%s.example.com' % (hostname, ),
'secure_access': 'https://%s.example.com' % (hostname, ), 'secure_access': 'https://%s.example.com' % (hostname, ),
'public-ipv4': self._ipv4_address,
'backend-client-caucase-url': 'http://[%s]:8990' % self._ipv6_address, 'backend-client-caucase-url': 'http://[%s]:8990' % self._ipv6_address,
'warning-list': [ 'warning-list': [
"slave url ' %s ' has been converted to '%s'" % ( "slave url ' %s ' has been converted to '%s'" % (
...@@ -2140,7 +2148,7 @@ class TestSlave(SlaveHttpFrontendTestCase, TestDataMixin): ...@@ -2140,7 +2148,7 @@ class TestSlave(SlaveHttpFrontendTestCase, TestDataMixin):
) )
result_compressed = fakeHTTPSResult( result_compressed = fakeHTTPSResult(
parameter_dict['domain'], parameter_dict['public-ipv4'], parameter_dict['domain'],
'test-path/deep/.././deeper', 'test-path/deep/.././deeper',
headers={ headers={
'Accept-Encoding': 'gzip', 'Accept-Encoding': 'gzip',
...@@ -2162,7 +2170,7 @@ class TestSlave(SlaveHttpFrontendTestCase, TestDataMixin): ...@@ -2162,7 +2170,7 @@ class TestSlave(SlaveHttpFrontendTestCase, TestDataMixin):
) )
result_not_compressed = fakeHTTPSResult( result_not_compressed = fakeHTTPSResult(
parameter_dict['domain'], parameter_dict['public-ipv4'], parameter_dict['domain'],
'test-path/deep/.././deeper', 'test-path/deep/.././deeper',
headers={ headers={
'Accept-Encoding': 'gzip', 'Accept-Encoding': 'gzip',
...@@ -2183,7 +2191,6 @@ class TestSlave(SlaveHttpFrontendTestCase, TestDataMixin): ...@@ -2183,7 +2191,6 @@ class TestSlave(SlaveHttpFrontendTestCase, TestDataMixin):
'url': 'http://%s.example.com' % (hostname, ), 'url': 'http://%s.example.com' % (hostname, ),
'site_url': 'http://%s.example.com' % (hostname, ), 'site_url': 'http://%s.example.com' % (hostname, ),
'secure_access': 'https://%s.example.com' % (hostname, ), 'secure_access': 'https://%s.example.com' % (hostname, ),
'public-ipv4': self._ipv4_address,
'backend-client-caucase-url': 'http://[%s]:8990' % self._ipv6_address, 'backend-client-caucase-url': 'http://[%s]:8990' % self._ipv6_address,
'warning-list': [ 'warning-list': [
"slave url ' %s ' has been converted to '%s'" % ( "slave url ' %s ' has been converted to '%s'" % (
...@@ -2192,7 +2199,7 @@ class TestSlave(SlaveHttpFrontendTestCase, TestDataMixin): ...@@ -2192,7 +2199,7 @@ class TestSlave(SlaveHttpFrontendTestCase, TestDataMixin):
parameter_dict parameter_dict
) )
result = fakeHTTPSResult( result = fakeHTTPSResult(
parameter_dict['domain'], parameter_dict['public-ipv4'], parameter_dict['domain'],
'test-path/deep/.././deeper', 'test-path/deep/.././deeper',
headers={ headers={
'Accept-Encoding': 'gzip', 'Accept-Encoding': 'gzip',
...@@ -2224,7 +2231,6 @@ class TestSlave(SlaveHttpFrontendTestCase, TestDataMixin): ...@@ -2224,7 +2231,6 @@ class TestSlave(SlaveHttpFrontendTestCase, TestDataMixin):
'url': 'http://url.example.com', 'url': 'http://url.example.com',
'site_url': 'http://url.example.com', 'site_url': 'http://url.example.com',
'secure_access': 'https://url.example.com', 'secure_access': 'https://url.example.com',
'public-ipv4': self._ipv4_address,
}, },
parameter_dict parameter_dict
) )
...@@ -2248,7 +2254,7 @@ class TestSlave(SlaveHttpFrontendTestCase, TestDataMixin): ...@@ -2248,7 +2254,7 @@ class TestSlave(SlaveHttpFrontendTestCase, TestDataMixin):
parameter_dict = self.assertSlaveBase('type-zope-path') parameter_dict = self.assertSlaveBase('type-zope-path')
result = fakeHTTPSResult( result = fakeHTTPSResult(
parameter_dict['domain'], parameter_dict['public-ipv4'], parameter_dict['domain'],
'test-path/deep/.././deeper') 'test-path/deep/.././deeper')
self.assertEqual( self.assertEqual(
...@@ -2268,7 +2274,7 @@ class TestSlave(SlaveHttpFrontendTestCase, TestDataMixin): ...@@ -2268,7 +2274,7 @@ class TestSlave(SlaveHttpFrontendTestCase, TestDataMixin):
parameter_dict = self.assertSlaveBase('type-zope-default-path') parameter_dict = self.assertSlaveBase('type-zope-default-path')
result = fakeHTTPSResult( result = fakeHTTPSResult(
parameter_dict['domain'], parameter_dict['public-ipv4'], '') parameter_dict['domain'], '')
self.assertEqual( self.assertEqual(
self.certificate_pem, self.certificate_pem,
...@@ -2290,29 +2296,35 @@ class TestSlave(SlaveHttpFrontendTestCase, TestDataMixin): ...@@ -2290,29 +2296,35 @@ class TestSlave(SlaveHttpFrontendTestCase, TestDataMixin):
parameter_dict = self.assertSlaveBase('server-alias') parameter_dict = self.assertSlaveBase('server-alias')
result = fakeHTTPSResult( result = fakeHTTPSResult(
parameter_dict['domain'], parameter_dict['public-ipv4'], parameter_dict['domain'],
'test-path/deep/.././deeper') 'test-path/deep/.././deeper')
self.assertEqual( self.assertEqual(
self.certificate_pem, self.certificate_pem,
der2pem(result.peercert)) der2pem(result.peercert))
self.assertEqual(
'max-age=200', result.headers['Strict-Transport-Security'])
self.assertEqualResultJson(result, 'Path', '/test-path/deeper') self.assertEqualResultJson(result, 'Path', '/test-path/deeper')
result = fakeHTTPSResult( result = fakeHTTPSResult(
'alias1.example.com', parameter_dict['public-ipv4'], 'alias1.example.com',
'test-path/deep/.././deeper') 'test-path/deep/.././deeper')
self.assertEqual( self.assertEqual(
self.certificate_pem, self.certificate_pem,
der2pem(result.peercert)) der2pem(result.peercert))
self.assertEqual(
'max-age=200', result.headers['Strict-Transport-Security'])
self.assertEqualResultJson(result, 'Path', '/test-path/deeper') self.assertEqualResultJson(result, 'Path', '/test-path/deeper')
result = fakeHTTPSResult( result = fakeHTTPSResult(
'alias2.example.com', parameter_dict['public-ipv4'], 'alias2.example.com',
'test-path/deep/.././deeper') 'test-path/deep/.././deeper')
self.assertEqual(
'max-age=200', result.headers['Strict-Transport-Security'])
self.assertEqual( self.assertEqual(
self.certificate_pem, self.certificate_pem,
der2pem(result.peercert)) der2pem(result.peercert))
...@@ -2321,7 +2333,7 @@ class TestSlave(SlaveHttpFrontendTestCase, TestDataMixin): ...@@ -2321,7 +2333,7 @@ class TestSlave(SlaveHttpFrontendTestCase, TestDataMixin):
parameter_dict = self.assertSlaveBase('server-alias-empty') parameter_dict = self.assertSlaveBase('server-alias-empty')
result = fakeHTTPSResult( result = fakeHTTPSResult(
parameter_dict['domain'], parameter_dict['public-ipv4'], parameter_dict['domain'],
'test-path/deep/.././deeper', 'test-path/deep/.././deeper',
headers={ headers={
'Timeout': '10', # more than default backend-connect-timeout == 5 'Timeout': '10', # more than default backend-connect-timeout == 5
...@@ -2333,6 +2345,9 @@ class TestSlave(SlaveHttpFrontendTestCase, TestDataMixin): ...@@ -2333,6 +2345,9 @@ class TestSlave(SlaveHttpFrontendTestCase, TestDataMixin):
self.certificate_pem, self.certificate_pem,
der2pem(result.peercert)) der2pem(result.peercert))
self.assertEqual(
'max-age=200; includeSubDomains',
result.headers['Strict-Transport-Security'])
self.assertEqualResultJson(result, 'Path', '/test-path/deeper') self.assertEqualResultJson(result, 'Path', '/test-path/deeper')
try: try:
...@@ -2360,28 +2375,33 @@ class TestSlave(SlaveHttpFrontendTestCase, TestDataMixin): ...@@ -2360,28 +2375,33 @@ class TestSlave(SlaveHttpFrontendTestCase, TestDataMixin):
'url': 'http://serveraliaswildcard.example.com', 'url': 'http://serveraliaswildcard.example.com',
'site_url': 'http://serveraliaswildcard.example.com', 'site_url': 'http://serveraliaswildcard.example.com',
'secure_access': 'https://serveraliaswildcard.example.com', 'secure_access': 'https://serveraliaswildcard.example.com',
'public-ipv4': self._ipv4_address,
'backend-client-caucase-url': 'http://[%s]:8990' % self._ipv6_address, 'backend-client-caucase-url': 'http://[%s]:8990' % self._ipv6_address,
}, },
parameter_dict parameter_dict
) )
result = fakeHTTPSResult( result = fakeHTTPSResult(
parameter_dict['domain'], parameter_dict['public-ipv4'], 'test-path') parameter_dict['domain'], 'test-path')
self.assertEqual( self.assertEqual(
self.certificate_pem, self.certificate_pem,
der2pem(result.peercert)) der2pem(result.peercert))
self.assertEqual(
'max-age=200; preload',
result.headers['Strict-Transport-Security'])
self.assertEqualResultJson(result, 'Path', '/test-path') self.assertEqualResultJson(result, 'Path', '/test-path')
result = fakeHTTPSResult( result = fakeHTTPSResult(
'wild.alias1.example.com', parameter_dict['public-ipv4'], 'test-path') 'wild.alias1.example.com', 'test-path')
self.assertEqual( self.assertEqual(
self.certificate_pem, self.certificate_pem,
der2pem(result.peercert)) der2pem(result.peercert))
self.assertEqual(
'max-age=200; preload',
result.headers['Strict-Transport-Security'])
self.assertEqualResultJson(result, 'Path', '/test-path') self.assertEqualResultJson(result, 'Path', '/test-path')
def test_server_alias_duplicated(self): def test_server_alias_duplicated(self):
...@@ -2395,14 +2415,13 @@ class TestSlave(SlaveHttpFrontendTestCase, TestDataMixin): ...@@ -2395,14 +2415,13 @@ class TestSlave(SlaveHttpFrontendTestCase, TestDataMixin):
'url': 'http://serveraliasduplicated.example.com', 'url': 'http://serveraliasduplicated.example.com',
'site_url': 'http://serveraliasduplicated.example.com', 'site_url': 'http://serveraliasduplicated.example.com',
'secure_access': 'https://serveraliasduplicated.example.com', 'secure_access': 'https://serveraliasduplicated.example.com',
'public-ipv4': self._ipv4_address,
'backend-client-caucase-url': 'http://[%s]:8990' % self._ipv6_address, 'backend-client-caucase-url': 'http://[%s]:8990' % self._ipv6_address,
}, },
parameter_dict parameter_dict
) )
result = fakeHTTPSResult( result = fakeHTTPSResult(
parameter_dict['domain'], parameter_dict['public-ipv4'], 'test-path') parameter_dict['domain'], 'test-path')
self.assertEqual( self.assertEqual(
self.certificate_pem, self.certificate_pem,
...@@ -2411,7 +2430,7 @@ class TestSlave(SlaveHttpFrontendTestCase, TestDataMixin): ...@@ -2411,7 +2430,7 @@ class TestSlave(SlaveHttpFrontendTestCase, TestDataMixin):
self.assertEqualResultJson(result, 'Path', '/test-path') self.assertEqualResultJson(result, 'Path', '/test-path')
result = fakeHTTPSResult( result = fakeHTTPSResult(
'alias3.example.com', parameter_dict['public-ipv4'], 'test-path') 'alias3.example.com', 'test-path')
self.assertEqual( self.assertEqual(
self.certificate_pem, self.certificate_pem,
...@@ -2431,14 +2450,13 @@ class TestSlave(SlaveHttpFrontendTestCase, TestDataMixin): ...@@ -2431,14 +2450,13 @@ class TestSlave(SlaveHttpFrontendTestCase, TestDataMixin):
'url': 'http://alias4.example.com', 'url': 'http://alias4.example.com',
'site_url': 'http://alias4.example.com', 'site_url': 'http://alias4.example.com',
'secure_access': 'https://alias4.example.com', 'secure_access': 'https://alias4.example.com',
'public-ipv4': self._ipv4_address,
'backend-client-caucase-url': 'http://[%s]:8990' % self._ipv6_address, 'backend-client-caucase-url': 'http://[%s]:8990' % self._ipv6_address,
}, },
parameter_dict parameter_dict
) )
result = fakeHTTPSResult( result = fakeHTTPSResult(
parameter_dict['domain'], parameter_dict['public-ipv4'], 'test-path') parameter_dict['domain'], 'test-path')
self.assertEqual( self.assertEqual(
self.certificate_pem, self.certificate_pem,
...@@ -2464,7 +2482,6 @@ class TestSlave(SlaveHttpFrontendTestCase, TestDataMixin): ...@@ -2464,7 +2482,6 @@ class TestSlave(SlaveHttpFrontendTestCase, TestDataMixin):
'site_url': 'http://customdomainsslcrtsslkeysslcacrt.example.com', 'site_url': 'http://customdomainsslcrtsslkeysslcacrt.example.com',
'secure_access': 'secure_access':
'https://customdomainsslcrtsslkeysslcacrt.example.com', 'https://customdomainsslcrtsslkeysslcacrt.example.com',
'public-ipv4': self._ipv4_address,
'backend-client-caucase-url': 'http://[%s]:8990' % self._ipv6_address, 'backend-client-caucase-url': 'http://[%s]:8990' % self._ipv6_address,
}, },
parameter_dict parameter_dict
...@@ -2488,7 +2505,7 @@ class TestSlave(SlaveHttpFrontendTestCase, TestDataMixin): ...@@ -2488,7 +2505,7 @@ class TestSlave(SlaveHttpFrontendTestCase, TestDataMixin):
self.runKedifaUpdater() self.runKedifaUpdater()
result = fakeHTTPSResult( result = fakeHTTPSResult(
parameter_dict['domain'], parameter_dict['public-ipv4'], 'test-path') parameter_dict['domain'], 'test-path')
self.assertEqual( self.assertEqual(
self.customdomain_ca_certificate_pem, self.customdomain_ca_certificate_pem,
...@@ -2516,7 +2533,6 @@ class TestSlave(SlaveHttpFrontendTestCase, TestDataMixin): ...@@ -2516,7 +2533,6 @@ class TestSlave(SlaveHttpFrontendTestCase, TestDataMixin):
'site_url': 'http://sslcacrtonly.example.com', 'site_url': 'http://sslcacrtonly.example.com',
'secure_access': 'secure_access':
'https://sslcacrtonly.example.com', 'https://sslcacrtonly.example.com',
'public-ipv4': self._ipv4_address,
'backend-client-caucase-url': 'http://[%s]:8990' % self._ipv6_address, 'backend-client-caucase-url': 'http://[%s]:8990' % self._ipv6_address,
}, },
parameter_dict parameter_dict
...@@ -2549,7 +2565,6 @@ class TestSlave(SlaveHttpFrontendTestCase, TestDataMixin): ...@@ -2549,7 +2565,6 @@ class TestSlave(SlaveHttpFrontendTestCase, TestDataMixin):
'site_url': 'http://sslcacrtgarbage.example.com', 'site_url': 'http://sslcacrtgarbage.example.com',
'secure_access': 'secure_access':
'https://sslcacrtgarbage.example.com', 'https://sslcacrtgarbage.example.com',
'public-ipv4': self._ipv4_address,
'backend-client-caucase-url': 'http://[%s]:8990' % self._ipv6_address, 'backend-client-caucase-url': 'http://[%s]:8990' % self._ipv6_address,
}, },
parameter_dict parameter_dict
...@@ -2575,7 +2590,7 @@ class TestSlave(SlaveHttpFrontendTestCase, TestDataMixin): ...@@ -2575,7 +2590,7 @@ class TestSlave(SlaveHttpFrontendTestCase, TestDataMixin):
self.runKedifaUpdater() self.runKedifaUpdater()
result = fakeHTTPSResult( result = fakeHTTPSResult(
parameter_dict['domain'], parameter_dict['public-ipv4'], 'test-path') parameter_dict['domain'], 'test-path')
self.assertEqual( self.assertEqual(
ca_certificate_pem, ca_certificate_pem,
...@@ -2604,7 +2619,6 @@ class TestSlave(SlaveHttpFrontendTestCase, TestDataMixin): ...@@ -2604,7 +2619,6 @@ class TestSlave(SlaveHttpFrontendTestCase, TestDataMixin):
'site_url': 'http://sslcacrtdoesnotmatch.example.com', 'site_url': 'http://sslcacrtdoesnotmatch.example.com',
'secure_access': 'secure_access':
'https://sslcacrtdoesnotmatch.example.com', 'https://sslcacrtdoesnotmatch.example.com',
'public-ipv4': self._ipv4_address,
'backend-client-caucase-url': 'http://[%s]:8990' % self._ipv6_address, 'backend-client-caucase-url': 'http://[%s]:8990' % self._ipv6_address,
}, },
parameter_dict parameter_dict
...@@ -2626,7 +2640,7 @@ class TestSlave(SlaveHttpFrontendTestCase, TestDataMixin): ...@@ -2626,7 +2640,7 @@ class TestSlave(SlaveHttpFrontendTestCase, TestDataMixin):
self.runKedifaUpdater() self.runKedifaUpdater()
result = fakeHTTPSResult( result = fakeHTTPSResult(
parameter_dict['domain'], parameter_dict['public-ipv4'], 'test-path') parameter_dict['domain'], 'test-path')
self.assertEqual( self.assertEqual(
self.certificate_pem, self.certificate_pem,
...@@ -2646,7 +2660,7 @@ class TestSlave(SlaveHttpFrontendTestCase, TestDataMixin): ...@@ -2646,7 +2660,7 @@ class TestSlave(SlaveHttpFrontendTestCase, TestDataMixin):
parameter_dict = self.assertSlaveBase('https-only') parameter_dict = self.assertSlaveBase('https-only')
result = fakeHTTPSResult( result = fakeHTTPSResult(
parameter_dict['domain'], parameter_dict['public-ipv4'], parameter_dict['domain'],
'test-path/deep/.././deeper') 'test-path/deep/.././deeper')
self.assertEqual( self.assertEqual(
...@@ -2656,7 +2670,7 @@ class TestSlave(SlaveHttpFrontendTestCase, TestDataMixin): ...@@ -2656,7 +2670,7 @@ class TestSlave(SlaveHttpFrontendTestCase, TestDataMixin):
self.assertEqualResultJson(result, 'Path', '/test-path/deeper') self.assertEqualResultJson(result, 'Path', '/test-path/deeper')
result_http = fakeHTTPResult( result_http = fakeHTTPResult(
parameter_dict['domain'], parameter_dict['public-ipv4'], parameter_dict['domain'],
'test-path/deep/.././deeper') 'test-path/deep/.././deeper')
self.assertEqualResultJson(result_http, 'Path', '/test-path/deeper') self.assertEqualResultJson(result_http, 'Path', '/test-path/deeper')
...@@ -2674,14 +2688,13 @@ class TestSlave(SlaveHttpFrontendTestCase, TestDataMixin): ...@@ -2674,14 +2688,13 @@ class TestSlave(SlaveHttpFrontendTestCase, TestDataMixin):
'url': 'http://%s.example.com' % (hostname, ), 'url': 'http://%s.example.com' % (hostname, ),
'site_url': 'http://%s.example.com' % (hostname, ), 'site_url': 'http://%s.example.com' % (hostname, ),
'secure_access': 'https://%s.example.com' % (hostname, ), 'secure_access': 'https://%s.example.com' % (hostname, ),
'public-ipv4': self._ipv4_address,
'backend-client-caucase-url': 'http://[%s]:8990' % self._ipv6_address, 'backend-client-caucase-url': 'http://[%s]:8990' % self._ipv6_address,
}, },
parameter_dict parameter_dict
) )
result = fakeHTTPSResult( result = fakeHTTPSResult(
parameter_dict['domain'], parameter_dict['public-ipv4'], 'test-path') parameter_dict['domain'], 'test-path')
self.assertEqual( self.assertEqual(
self.certificate_pem, self.certificate_pem,
...@@ -2702,14 +2715,13 @@ class TestSlave(SlaveHttpFrontendTestCase, TestDataMixin): ...@@ -2702,14 +2715,13 @@ class TestSlave(SlaveHttpFrontendTestCase, TestDataMixin):
'url': 'http://%s.example.com' % (hostname, ), 'url': 'http://%s.example.com' % (hostname, ),
'site_url': 'http://%s.example.com' % (hostname, ), 'site_url': 'http://%s.example.com' % (hostname, ),
'secure_access': 'https://%s.example.com' % (hostname, ), 'secure_access': 'https://%s.example.com' % (hostname, ),
'public-ipv4': self._ipv4_address,
'backend-client-caucase-url': 'http://[%s]:8990' % self._ipv6_address, 'backend-client-caucase-url': 'http://[%s]:8990' % self._ipv6_address,
}, },
parameter_dict parameter_dict
) )
result = fakeHTTPSResult( result = fakeHTTPSResult(
parameter_dict['domain'], parameter_dict['public-ipv4'], 'test-path') parameter_dict['domain'], 'test-path')
self.assertEqual( self.assertEqual(
self.certificate_pem, self.certificate_pem,
...@@ -2718,7 +2730,7 @@ class TestSlave(SlaveHttpFrontendTestCase, TestDataMixin): ...@@ -2718,7 +2730,7 @@ class TestSlave(SlaveHttpFrontendTestCase, TestDataMixin):
self.assertEqualResultJson(result, 'Path', '/test-path') self.assertEqualResultJson(result, 'Path', '/test-path')
result = fakeHTTPSResult( result = fakeHTTPSResult(
'mycustomdomainserveralias1.example.com', parameter_dict['public-ipv4'], 'mycustomdomainserveralias1.example.com',
'test-path/deep/.././deeper') 'test-path/deep/.././deeper')
self.assertEqual( self.assertEqual(
...@@ -2738,14 +2750,13 @@ class TestSlave(SlaveHttpFrontendTestCase, TestDataMixin): ...@@ -2738,14 +2750,13 @@ class TestSlave(SlaveHttpFrontendTestCase, TestDataMixin):
'url': 'http://*.customdomain.example.com', 'url': 'http://*.customdomain.example.com',
'site_url': 'http://*.customdomain.example.com', 'site_url': 'http://*.customdomain.example.com',
'secure_access': 'https://*.customdomain.example.com', 'secure_access': 'https://*.customdomain.example.com',
'public-ipv4': self._ipv4_address,
'backend-client-caucase-url': 'http://[%s]:8990' % self._ipv6_address, 'backend-client-caucase-url': 'http://[%s]:8990' % self._ipv6_address,
}, },
parameter_dict parameter_dict
) )
result = fakeHTTPSResult( result = fakeHTTPSResult(
'wild.customdomain.example.com', parameter_dict['public-ipv4'], 'wild.customdomain.example.com',
'test-path') 'test-path')
self.assertEqual( self.assertEqual(
...@@ -2768,7 +2779,6 @@ class TestSlave(SlaveHttpFrontendTestCase, TestDataMixin): ...@@ -2768,7 +2779,6 @@ class TestSlave(SlaveHttpFrontendTestCase, TestDataMixin):
'url': 'http://%s.example.com' % (hostname, ), 'url': 'http://%s.example.com' % (hostname, ),
'site_url': 'http://%s.example.com' % (hostname, ), 'site_url': 'http://%s.example.com' % (hostname, ),
'secure_access': 'https://%s.example.com' % (hostname, ), 'secure_access': 'https://%s.example.com' % (hostname, ),
'public-ipv4': self._ipv4_address,
'backend-client-caucase-url': 'http://[%s]:8990' % self._ipv6_address, 'backend-client-caucase-url': 'http://[%s]:8990' % self._ipv6_address,
}, },
parameter_dict parameter_dict
...@@ -2789,7 +2799,7 @@ class TestSlave(SlaveHttpFrontendTestCase, TestDataMixin): ...@@ -2789,7 +2799,7 @@ class TestSlave(SlaveHttpFrontendTestCase, TestDataMixin):
self.runKedifaUpdater() self.runKedifaUpdater()
result = fakeHTTPSResult( result = fakeHTTPSResult(
parameter_dict['domain'], parameter_dict['public-ipv4'], 'test-path') parameter_dict['domain'], 'test-path')
self.assertEqual( self.assertEqual(
self.customdomain_certificate_pem, self.customdomain_certificate_pem,
...@@ -2801,7 +2811,7 @@ class TestSlave(SlaveHttpFrontendTestCase, TestDataMixin): ...@@ -2801,7 +2811,7 @@ class TestSlave(SlaveHttpFrontendTestCase, TestDataMixin):
parameter_dict = self.assertSlaveBase('type-zope') parameter_dict = self.assertSlaveBase('type-zope')
result = fakeHTTPSResult( result = fakeHTTPSResult(
parameter_dict['domain'], parameter_dict['public-ipv4'], parameter_dict['domain'],
'test-path/deep/.././deeper') 'test-path/deep/.././deeper')
self.assertEqual( self.assertEqual(
...@@ -2822,7 +2832,7 @@ class TestSlave(SlaveHttpFrontendTestCase, TestDataMixin): ...@@ -2822,7 +2832,7 @@ class TestSlave(SlaveHttpFrontendTestCase, TestDataMixin):
) )
result = fakeHTTPResult( result = fakeHTTPResult(
parameter_dict['domain'], parameter_dict['public-ipv4'], parameter_dict['domain'],
'test-path/deep/.././deeper') 'test-path/deep/.././deeper')
self.assertEqual( self.assertEqual(
...@@ -2841,7 +2851,7 @@ class TestSlave(SlaveHttpFrontendTestCase, TestDataMixin): ...@@ -2841,7 +2851,7 @@ class TestSlave(SlaveHttpFrontendTestCase, TestDataMixin):
'type-zope-prefer-gzip-encoding-to-backend-https-only') 'type-zope-prefer-gzip-encoding-to-backend-https-only')
result = fakeHTTPSResult( result = fakeHTTPSResult(
parameter_dict['domain'], parameter_dict['public-ipv4'], parameter_dict['domain'],
'test-path/deep/.././deeper') 'test-path/deep/.././deeper')
self.assertEqual( self.assertEqual(
...@@ -2863,7 +2873,7 @@ class TestSlave(SlaveHttpFrontendTestCase, TestDataMixin): ...@@ -2863,7 +2873,7 @@ class TestSlave(SlaveHttpFrontendTestCase, TestDataMixin):
) )
result = fakeHTTPResult( result = fakeHTTPResult(
parameter_dict['domain'], parameter_dict['public-ipv4'], parameter_dict['domain'],
'test-path/deep/.././deeper') 'test-path/deep/.././deeper')
self.assertEqualResultJson( self.assertEqualResultJson(
...@@ -2875,7 +2885,7 @@ class TestSlave(SlaveHttpFrontendTestCase, TestDataMixin): ...@@ -2875,7 +2885,7 @@ class TestSlave(SlaveHttpFrontendTestCase, TestDataMixin):
) )
result = fakeHTTPSResult( result = fakeHTTPSResult(
parameter_dict['domain'], parameter_dict['public-ipv4'], parameter_dict['domain'],
'test-path/deep/.././deeper', 'test-path/deep/.././deeper',
headers={'Accept-Encoding': 'gzip, deflate'}) headers={'Accept-Encoding': 'gzip, deflate'})
...@@ -2900,7 +2910,7 @@ class TestSlave(SlaveHttpFrontendTestCase, TestDataMixin): ...@@ -2900,7 +2910,7 @@ class TestSlave(SlaveHttpFrontendTestCase, TestDataMixin):
'gzip', result.json()['Incoming Headers']['accept-encoding']) 'gzip', result.json()['Incoming Headers']['accept-encoding'])
result = fakeHTTPResult( result = fakeHTTPResult(
parameter_dict['domain'], parameter_dict['public-ipv4'], parameter_dict['domain'],
'test-path/deep/.././deeper', 'test-path/deep/.././deeper',
headers={'Accept-Encoding': 'gzip, deflate'}) headers={'Accept-Encoding': 'gzip, deflate'})
...@@ -2919,7 +2929,7 @@ class TestSlave(SlaveHttpFrontendTestCase, TestDataMixin): ...@@ -2919,7 +2929,7 @@ class TestSlave(SlaveHttpFrontendTestCase, TestDataMixin):
'type-zope-prefer-gzip-encoding-to-backend') 'type-zope-prefer-gzip-encoding-to-backend')
result = fakeHTTPSResult( result = fakeHTTPSResult(
parameter_dict['domain'], parameter_dict['public-ipv4'], parameter_dict['domain'],
'test-path/deep/.././deeper') 'test-path/deep/.././deeper')
self.assertEqual( self.assertEqual(
...@@ -2941,7 +2951,7 @@ class TestSlave(SlaveHttpFrontendTestCase, TestDataMixin): ...@@ -2941,7 +2951,7 @@ class TestSlave(SlaveHttpFrontendTestCase, TestDataMixin):
) )
result = fakeHTTPResult( result = fakeHTTPResult(
parameter_dict['domain'], parameter_dict['public-ipv4'], parameter_dict['domain'],
'test-path/deep/.././deeper') 'test-path/deep/.././deeper')
self.assertEqual( self.assertEqual(
...@@ -2956,7 +2966,7 @@ class TestSlave(SlaveHttpFrontendTestCase, TestDataMixin): ...@@ -2956,7 +2966,7 @@ class TestSlave(SlaveHttpFrontendTestCase, TestDataMixin):
) )
result = fakeHTTPSResult( result = fakeHTTPSResult(
parameter_dict['domain'], parameter_dict['public-ipv4'], parameter_dict['domain'],
'test-path/deep/.././deeper', 'test-path/deep/.././deeper',
headers={'Accept-Encoding': 'gzip, deflate'}) headers={'Accept-Encoding': 'gzip, deflate'})
...@@ -2981,7 +2991,7 @@ class TestSlave(SlaveHttpFrontendTestCase, TestDataMixin): ...@@ -2981,7 +2991,7 @@ class TestSlave(SlaveHttpFrontendTestCase, TestDataMixin):
'gzip', result.json()['Incoming Headers']['accept-encoding']) 'gzip', result.json()['Incoming Headers']['accept-encoding'])
result = fakeHTTPResult( result = fakeHTTPResult(
parameter_dict['domain'], parameter_dict['public-ipv4'], parameter_dict['domain'],
'test-path/deep/.././deeper', 'test-path/deep/.././deeper',
headers={'Accept-Encoding': 'gzip, deflate'}) headers={'Accept-Encoding': 'gzip, deflate'})
...@@ -3001,7 +3011,7 @@ class TestSlave(SlaveHttpFrontendTestCase, TestDataMixin): ...@@ -3001,7 +3011,7 @@ class TestSlave(SlaveHttpFrontendTestCase, TestDataMixin):
'type-zope-virtualhostroot-http-port') 'type-zope-virtualhostroot-http-port')
result = fakeHTTPResult( result = fakeHTTPResult(
parameter_dict['domain'], parameter_dict['public-ipv4'], 'test-path') parameter_dict['domain'], 'test-path')
self.assertEqualResultJson( self.assertEqualResultJson(
result, result,
...@@ -3015,7 +3025,7 @@ class TestSlave(SlaveHttpFrontendTestCase, TestDataMixin): ...@@ -3015,7 +3025,7 @@ class TestSlave(SlaveHttpFrontendTestCase, TestDataMixin):
'type-zope-virtualhostroot-https-port') 'type-zope-virtualhostroot-https-port')
result = fakeHTTPSResult( result = fakeHTTPSResult(
parameter_dict['domain'], parameter_dict['public-ipv4'], 'test-path') parameter_dict['domain'], 'test-path')
self.assertEqual( self.assertEqual(
self.certificate_pem, self.certificate_pem,
...@@ -3041,14 +3051,13 @@ class TestSlave(SlaveHttpFrontendTestCase, TestDataMixin): ...@@ -3041,14 +3051,13 @@ class TestSlave(SlaveHttpFrontendTestCase, TestDataMixin):
'url': 'http://%s.example.com' % (hostname, ), 'url': 'http://%s.example.com' % (hostname, ),
'site_url': 'http://%s.example.com' % (hostname, ), 'site_url': 'http://%s.example.com' % (hostname, ),
'secure_access': 'https://%s.example.com' % (hostname, ), 'secure_access': 'https://%s.example.com' % (hostname, ),
'public-ipv4': self._ipv4_address,
'backend-client-caucase-url': 'http://[%s]:8990' % self._ipv6_address, 'backend-client-caucase-url': 'http://[%s]:8990' % self._ipv6_address,
}, },
parameter_dict parameter_dict
) )
result = fakeHTTPSResult( result = fakeHTTPSResult(
parameter_dict['domain'], parameter_dict['public-ipv4'], parameter_dict['domain'],
'test-path', 'test-path',
HTTPS_PORT) HTTPS_PORT)
...@@ -3059,7 +3068,7 @@ class TestSlave(SlaveHttpFrontendTestCase, TestDataMixin): ...@@ -3059,7 +3068,7 @@ class TestSlave(SlaveHttpFrontendTestCase, TestDataMixin):
self.assertEqualResultJson(result, 'Path', '/test-path') self.assertEqualResultJson(result, 'Path', '/test-path')
result = fakeHTTPSResult( result = fakeHTTPSResult(
parameter_dict['domain'], parameter_dict['public-ipv4'], parameter_dict['domain'],
'test/terminals/websocket/test', 'test/terminals/websocket/test',
HTTPS_PORT) HTTPS_PORT)
...@@ -3069,14 +3078,14 @@ class TestSlave(SlaveHttpFrontendTestCase, TestDataMixin): ...@@ -3069,14 +3078,14 @@ class TestSlave(SlaveHttpFrontendTestCase, TestDataMixin):
self.assertEqualResultJson(result, 'Path', '/terminals/websocket') self.assertEqualResultJson(result, 'Path', '/terminals/websocket')
self.assertFalse( self.assertFalse(
isHTTP2(parameter_dict['domain'], parameter_dict['public-ipv4'])) isHTTP2(parameter_dict['domain']))
def test_type_websocket(self): def test_type_websocket(self):
parameter_dict = self.assertSlaveBase( parameter_dict = self.assertSlaveBase(
'type-websocket') 'type-websocket')
result = fakeHTTPSResult( result = fakeHTTPSResult(
parameter_dict['domain'], parameter_dict['public-ipv4'], 'test-path', parameter_dict['domain'], 'test-path',
headers={'Connection': 'Upgrade'}) headers={'Connection': 'Upgrade'})
self.assertEqual( self.assertEqual(
...@@ -3099,14 +3108,14 @@ class TestSlave(SlaveHttpFrontendTestCase, TestDataMixin): ...@@ -3099,14 +3108,14 @@ class TestSlave(SlaveHttpFrontendTestCase, TestDataMixin):
) )
self.assertTrue('x-real-ip' in j['Incoming Headers']) self.assertTrue('x-real-ip' in j['Incoming Headers'])
self.assertFalse( self.assertFalse(
isHTTP2(parameter_dict['domain'], parameter_dict['public-ipv4'])) isHTTP2(parameter_dict['domain']))
def test_type_websocket_websocket_transparent_false(self): def test_type_websocket_websocket_transparent_false(self):
parameter_dict = self.assertSlaveBase( parameter_dict = self.assertSlaveBase(
'type-websocket-websocket-transparent-false') 'type-websocket-websocket-transparent-false')
result = fakeHTTPSResult( result = fakeHTTPSResult(
parameter_dict['domain'], parameter_dict['public-ipv4'], 'test-path', parameter_dict['domain'], 'test-path',
headers={'Connection': 'Upgrade'}) headers={'Connection': 'Upgrade'})
self.assertEqual( self.assertEqual(
...@@ -3132,14 +3141,14 @@ class TestSlave(SlaveHttpFrontendTestCase, TestDataMixin): ...@@ -3132,14 +3141,14 @@ class TestSlave(SlaveHttpFrontendTestCase, TestDataMixin):
) )
self.assertFalse('x-real-ip' in j['Incoming Headers']) self.assertFalse('x-real-ip' in j['Incoming Headers'])
self.assertFalse( self.assertFalse(
isHTTP2(parameter_dict['domain'], parameter_dict['public-ipv4'])) isHTTP2(parameter_dict['domain']))
def test_type_websocket_websocket_path_list(self): def test_type_websocket_websocket_path_list(self):
parameter_dict = self.assertSlaveBase( parameter_dict = self.assertSlaveBase(
'type-websocket-websocket-path-list') 'type-websocket-websocket-path-list')
result = fakeHTTPSResult( result = fakeHTTPSResult(
parameter_dict['domain'], parameter_dict['public-ipv4'], 'test-path', parameter_dict['domain'], 'test-path',
headers={'Connection': 'Upgrade'}) headers={'Connection': 'Upgrade'})
self.assertEqual( self.assertEqual(
...@@ -3152,7 +3161,7 @@ class TestSlave(SlaveHttpFrontendTestCase, TestDataMixin): ...@@ -3152,7 +3161,7 @@ class TestSlave(SlaveHttpFrontendTestCase, TestDataMixin):
'/test-path' '/test-path'
) )
self.assertFalse( self.assertFalse(
isHTTP2(parameter_dict['domain'], parameter_dict['public-ipv4'])) isHTTP2(parameter_dict['domain']))
try: try:
j = result.json() j = result.json()
except Exception: except Exception:
...@@ -3161,7 +3170,7 @@ class TestSlave(SlaveHttpFrontendTestCase, TestDataMixin): ...@@ -3161,7 +3170,7 @@ class TestSlave(SlaveHttpFrontendTestCase, TestDataMixin):
self.assertTrue('x-real-ip' in j['Incoming Headers']) self.assertTrue('x-real-ip' in j['Incoming Headers'])
result = fakeHTTPSResult( result = fakeHTTPSResult(
parameter_dict['domain'], parameter_dict['public-ipv4'], 'ws/test-path', parameter_dict['domain'], 'ws/test-path',
headers={'Connection': 'Upgrade'}) headers={'Connection': 'Upgrade'})
self.assertEqualResultJson( self.assertEqualResultJson(
...@@ -3170,7 +3179,7 @@ class TestSlave(SlaveHttpFrontendTestCase, TestDataMixin): ...@@ -3170,7 +3179,7 @@ class TestSlave(SlaveHttpFrontendTestCase, TestDataMixin):
'/ws/test-path' '/ws/test-path'
) )
self.assertFalse( self.assertFalse(
isHTTP2(parameter_dict['domain'], parameter_dict['public-ipv4'])) isHTTP2(parameter_dict['domain']))
try: try:
j = result.json() j = result.json()
except Exception: except Exception:
...@@ -3183,7 +3192,7 @@ class TestSlave(SlaveHttpFrontendTestCase, TestDataMixin): ...@@ -3183,7 +3192,7 @@ class TestSlave(SlaveHttpFrontendTestCase, TestDataMixin):
self.assertTrue('x-real-ip' in j['Incoming Headers']) self.assertTrue('x-real-ip' in j['Incoming Headers'])
result = fakeHTTPSResult( result = fakeHTTPSResult(
parameter_dict['domain'], parameter_dict['public-ipv4'], parameter_dict['domain'],
'with%20space/test-path', headers={'Connection': 'Upgrade'}) 'with%20space/test-path', headers={'Connection': 'Upgrade'})
self.assertEqualResultJson( self.assertEqualResultJson(
...@@ -3192,7 +3201,7 @@ class TestSlave(SlaveHttpFrontendTestCase, TestDataMixin): ...@@ -3192,7 +3201,7 @@ class TestSlave(SlaveHttpFrontendTestCase, TestDataMixin):
'/with%20space/test-path' '/with%20space/test-path'
) )
self.assertFalse( self.assertFalse(
isHTTP2(parameter_dict['domain'], parameter_dict['public-ipv4'])) isHTTP2(parameter_dict['domain']))
try: try:
j = result.json() j = result.json()
except Exception: except Exception:
...@@ -3210,7 +3219,7 @@ class TestSlave(SlaveHttpFrontendTestCase, TestDataMixin): ...@@ -3210,7 +3219,7 @@ class TestSlave(SlaveHttpFrontendTestCase, TestDataMixin):
'type-websocket-websocket-path-list-websocket-transparent-false') 'type-websocket-websocket-path-list-websocket-transparent-false')
result = fakeHTTPSResult( result = fakeHTTPSResult(
parameter_dict['domain'], parameter_dict['public-ipv4'], 'test-path', parameter_dict['domain'], 'test-path',
headers={'Connection': 'Upgrade'}) headers={'Connection': 'Upgrade'})
self.assertEqual( self.assertEqual(
...@@ -3223,7 +3232,7 @@ class TestSlave(SlaveHttpFrontendTestCase, TestDataMixin): ...@@ -3223,7 +3232,7 @@ class TestSlave(SlaveHttpFrontendTestCase, TestDataMixin):
'/test-path' '/test-path'
) )
self.assertFalse( self.assertFalse(
isHTTP2(parameter_dict['domain'], parameter_dict['public-ipv4'])) isHTTP2(parameter_dict['domain']))
try: try:
j = result.json() j = result.json()
except Exception: except Exception:
...@@ -3235,7 +3244,7 @@ class TestSlave(SlaveHttpFrontendTestCase, TestDataMixin): ...@@ -3235,7 +3244,7 @@ class TestSlave(SlaveHttpFrontendTestCase, TestDataMixin):
self.assertFalse('x-real-ip' in j['Incoming Headers']) self.assertFalse('x-real-ip' in j['Incoming Headers'])
result = fakeHTTPSResult( result = fakeHTTPSResult(
parameter_dict['domain'], parameter_dict['public-ipv4'], 'ws/test-path', parameter_dict['domain'], 'ws/test-path',
headers={'Connection': 'Upgrade'}) headers={'Connection': 'Upgrade'})
self.assertEqualResultJson( self.assertEqualResultJson(
...@@ -3244,7 +3253,7 @@ class TestSlave(SlaveHttpFrontendTestCase, TestDataMixin): ...@@ -3244,7 +3253,7 @@ class TestSlave(SlaveHttpFrontendTestCase, TestDataMixin):
'/ws/test-path' '/ws/test-path'
) )
self.assertFalse( self.assertFalse(
isHTTP2(parameter_dict['domain'], parameter_dict['public-ipv4'])) isHTTP2(parameter_dict['domain']))
try: try:
j = result.json() j = result.json()
except Exception: except Exception:
...@@ -3259,7 +3268,7 @@ class TestSlave(SlaveHttpFrontendTestCase, TestDataMixin): ...@@ -3259,7 +3268,7 @@ class TestSlave(SlaveHttpFrontendTestCase, TestDataMixin):
self.assertFalse('x-real-ip' in j['Incoming Headers']) self.assertFalse('x-real-ip' in j['Incoming Headers'])
result = fakeHTTPSResult( result = fakeHTTPSResult(
parameter_dict['domain'], parameter_dict['public-ipv4'], parameter_dict['domain'],
'with%20space/test-path', headers={'Connection': 'Upgrade'}) 'with%20space/test-path', headers={'Connection': 'Upgrade'})
self.assertEqualResultJson( self.assertEqualResultJson(
...@@ -3268,7 +3277,7 @@ class TestSlave(SlaveHttpFrontendTestCase, TestDataMixin): ...@@ -3268,7 +3277,7 @@ class TestSlave(SlaveHttpFrontendTestCase, TestDataMixin):
'/with%20space/test-path' '/with%20space/test-path'
) )
self.assertFalse( self.assertFalse(
isHTTP2(parameter_dict['domain'], parameter_dict['public-ipv4'])) isHTTP2(parameter_dict['domain']))
try: try:
j = result.json() j = result.json()
except Exception: except Exception:
...@@ -3298,14 +3307,13 @@ class TestSlave(SlaveHttpFrontendTestCase, TestDataMixin): ...@@ -3298,14 +3307,13 @@ class TestSlave(SlaveHttpFrontendTestCase, TestDataMixin):
'url': 'http://typeeventsource.nginx.example.com', 'url': 'http://typeeventsource.nginx.example.com',
'site_url': 'http://typeeventsource.nginx.example.com', 'site_url': 'http://typeeventsource.nginx.example.com',
'secure_access': 'https://typeeventsource.nginx.example.com', 'secure_access': 'https://typeeventsource.nginx.example.com',
'public-ipv4': self._ipv4_address,
'backend-client-caucase-url': 'http://[%s]:8990' % self._ipv6_address, 'backend-client-caucase-url': 'http://[%s]:8990' % self._ipv6_address,
}, },
parameter_dict parameter_dict
) )
result = fakeHTTPSResult( result = fakeHTTPSResult(
parameter_dict['domain'], parameter_dict['public-ipv4'], 'pub', parameter_dict['domain'], 'pub',
# NGINX_HTTPS_PORT # NGINX_HTTPS_PORT
) )
...@@ -3335,7 +3343,7 @@ class TestSlave(SlaveHttpFrontendTestCase, TestDataMixin): ...@@ -3335,7 +3343,7 @@ class TestSlave(SlaveHttpFrontendTestCase, TestDataMixin):
parameter_dict = self.assertSlaveBase('type-redirect') parameter_dict = self.assertSlaveBase('type-redirect')
result = fakeHTTPSResult( result = fakeHTTPSResult(
parameter_dict['domain'], parameter_dict['public-ipv4'], parameter_dict['domain'],
'test-path/deep/.././deeper') 'test-path/deep/.././deeper')
self.assertEqual( self.assertEqual(
...@@ -3365,14 +3373,13 @@ class TestSlave(SlaveHttpFrontendTestCase, TestDataMixin): ...@@ -3365,14 +3373,13 @@ class TestSlave(SlaveHttpFrontendTestCase, TestDataMixin):
'url': 'http://%s.example.com' % (hostname, ), 'url': 'http://%s.example.com' % (hostname, ),
'site_url': 'http://%s.example.com' % (hostname, ), 'site_url': 'http://%s.example.com' % (hostname, ),
'secure_access': 'https://%s.example.com' % (hostname, ), 'secure_access': 'https://%s.example.com' % (hostname, ),
'public-ipv4': self._ipv4_address,
'backend-client-caucase-url': 'http://[%s]:8990' % self._ipv6_address, 'backend-client-caucase-url': 'http://[%s]:8990' % self._ipv6_address,
}, },
parameter_dict parameter_dict
) )
result = fakeHTTPSResult( result = fakeHTTPSResult(
parameter_dict['domain'], parameter_dict['public-ipv4'], parameter_dict['domain'],
'test-path/deep/.././deeper') 'test-path/deep/.././deeper')
self.assertEqual( self.assertEqual(
...@@ -3404,14 +3411,13 @@ class TestSlave(SlaveHttpFrontendTestCase, TestDataMixin): ...@@ -3404,14 +3411,13 @@ class TestSlave(SlaveHttpFrontendTestCase, TestDataMixin):
'http://sslproxyverifysslproxycacrtunverified.example.com', 'http://sslproxyverifysslproxycacrtunverified.example.com',
'secure_access': 'secure_access':
'https://sslproxyverifysslproxycacrtunverified.example.com', 'https://sslproxyverifysslproxycacrtunverified.example.com',
'public-ipv4': self._ipv4_address,
'backend-client-caucase-url': 'http://[%s]:8990' % self._ipv6_address, 'backend-client-caucase-url': 'http://[%s]:8990' % self._ipv6_address,
}, },
parameter_dict parameter_dict
) )
result = fakeHTTPSResult( result = fakeHTTPSResult(
parameter_dict['domain'], parameter_dict['public-ipv4'], 'test-path') parameter_dict['domain'], 'test-path')
self.assertEqual( self.assertEqual(
self.certificate_pem, self.certificate_pem,
...@@ -3423,7 +3429,7 @@ class TestSlave(SlaveHttpFrontendTestCase, TestDataMixin): ...@@ -3423,7 +3429,7 @@ class TestSlave(SlaveHttpFrontendTestCase, TestDataMixin):
) )
result_http = fakeHTTPResult( result_http = fakeHTTPResult(
parameter_dict['domain'], parameter_dict['public-ipv4'], 'test-path') parameter_dict['domain'], 'test-path')
self.assertEqual( self.assertEqual(
httplib.FOUND, httplib.FOUND,
...@@ -3440,7 +3446,7 @@ class TestSlave(SlaveHttpFrontendTestCase, TestDataMixin): ...@@ -3440,7 +3446,7 @@ class TestSlave(SlaveHttpFrontendTestCase, TestDataMixin):
parameter_dict = self.assertSlaveBase('ssl-proxy-verify_ssl_proxy_ca_crt') parameter_dict = self.assertSlaveBase('ssl-proxy-verify_ssl_proxy_ca_crt')
result = fakeHTTPSResult( result = fakeHTTPSResult(
parameter_dict['domain'], parameter_dict['public-ipv4'], 'test-path') parameter_dict['domain'], 'test-path')
self.assertEqual( self.assertEqual(
self.certificate_pem, self.certificate_pem,
...@@ -3462,7 +3468,7 @@ class TestSlave(SlaveHttpFrontendTestCase, TestDataMixin): ...@@ -3462,7 +3468,7 @@ class TestSlave(SlaveHttpFrontendTestCase, TestDataMixin):
) )
result_http = fakeHTTPResult( result_http = fakeHTTPResult(
parameter_dict['domain'], parameter_dict['public-ipv4'], 'test-path') parameter_dict['domain'], 'test-path')
self.assertEqual( self.assertEqual(
httplib.FOUND, httplib.FOUND,
...@@ -3479,7 +3485,7 @@ class TestSlave(SlaveHttpFrontendTestCase, TestDataMixin): ...@@ -3479,7 +3485,7 @@ class TestSlave(SlaveHttpFrontendTestCase, TestDataMixin):
parameter_dict = self.assertSlaveBase('ssl-proxy-verify-unverified') parameter_dict = self.assertSlaveBase('ssl-proxy-verify-unverified')
result = fakeHTTPSResult( result = fakeHTTPSResult(
parameter_dict['domain'], parameter_dict['public-ipv4'], 'test-path') parameter_dict['domain'], 'test-path')
self.assertEqual( self.assertEqual(
self.certificate_pem, self.certificate_pem,
...@@ -3507,14 +3513,13 @@ class TestSlave(SlaveHttpFrontendTestCase, TestDataMixin): ...@@ -3507,14 +3513,13 @@ class TestSlave(SlaveHttpFrontendTestCase, TestDataMixin):
'http://enablecachesslproxyverifysslproxycacrtunverified.example.com', 'http://enablecachesslproxyverifysslproxycacrtunverified.example.com',
'secure_access': 'secure_access':
'https://enablecachesslproxyverifysslproxycacrtunverified.example.com', 'https://enablecachesslproxyverifysslproxycacrtunverified.example.com',
'public-ipv4': self._ipv4_address,
'backend-client-caucase-url': 'http://[%s]:8990' % self._ipv6_address, 'backend-client-caucase-url': 'http://[%s]:8990' % self._ipv6_address,
}, },
parameter_dict parameter_dict
) )
result = fakeHTTPSResult( result = fakeHTTPSResult(
parameter_dict['domain'], parameter_dict['public-ipv4'], parameter_dict['domain'],
'test-path/deep/.././deeper') 'test-path/deep/.././deeper')
self.assertEqual( self.assertEqual(
...@@ -3527,7 +3532,7 @@ class TestSlave(SlaveHttpFrontendTestCase, TestDataMixin): ...@@ -3527,7 +3532,7 @@ class TestSlave(SlaveHttpFrontendTestCase, TestDataMixin):
) )
result_http = fakeHTTPResult( result_http = fakeHTTPResult(
parameter_dict['domain'], parameter_dict['public-ipv4'], parameter_dict['domain'],
'test-path/deeper') 'test-path/deeper')
self.assertEqual( self.assertEqual(
...@@ -3546,7 +3551,7 @@ class TestSlave(SlaveHttpFrontendTestCase, TestDataMixin): ...@@ -3546,7 +3551,7 @@ class TestSlave(SlaveHttpFrontendTestCase, TestDataMixin):
'enable_cache-ssl-proxy-verify_ssl_proxy_ca_crt') 'enable_cache-ssl-proxy-verify_ssl_proxy_ca_crt')
result = fakeHTTPSResult( result = fakeHTTPSResult(
parameter_dict['domain'], parameter_dict['public-ipv4'], parameter_dict['domain'],
'test-path/deep/.././deeper') 'test-path/deep/.././deeper')
self.assertEqual( self.assertEqual(
...@@ -3580,7 +3585,7 @@ class TestSlave(SlaveHttpFrontendTestCase, TestDataMixin): ...@@ -3580,7 +3585,7 @@ class TestSlave(SlaveHttpFrontendTestCase, TestDataMixin):
'enable_cache-ssl-proxy-verify-unverified') 'enable_cache-ssl-proxy-verify-unverified')
result = fakeHTTPSResult( result = fakeHTTPSResult(
parameter_dict['domain'], parameter_dict['public-ipv4'], 'test-path') parameter_dict['domain'], 'test-path')
self.assertEqual( self.assertEqual(
self.certificate_pem, self.certificate_pem,
...@@ -3607,14 +3612,13 @@ class TestSlave(SlaveHttpFrontendTestCase, TestDataMixin): ...@@ -3607,14 +3612,13 @@ class TestSlave(SlaveHttpFrontendTestCase, TestDataMixin):
'http://typezopesslproxyverifysslproxycacrtunverified.example.com', 'http://typezopesslproxyverifysslproxycacrtunverified.example.com',
'secure_access': 'secure_access':
'https://typezopesslproxyverifysslproxycacrtunverified.example.com', 'https://typezopesslproxyverifysslproxycacrtunverified.example.com',
'public-ipv4': self._ipv4_address,
'backend-client-caucase-url': 'http://[%s]:8990' % self._ipv6_address, 'backend-client-caucase-url': 'http://[%s]:8990' % self._ipv6_address,
}, },
parameter_dict parameter_dict
) )
result = fakeHTTPSResult( result = fakeHTTPSResult(
parameter_dict['domain'], parameter_dict['public-ipv4'], 'test-path') parameter_dict['domain'], 'test-path')
self.assertEqual( self.assertEqual(
self.certificate_pem, self.certificate_pem,
...@@ -3626,7 +3630,7 @@ class TestSlave(SlaveHttpFrontendTestCase, TestDataMixin): ...@@ -3626,7 +3630,7 @@ class TestSlave(SlaveHttpFrontendTestCase, TestDataMixin):
) )
result_http = fakeHTTPResult( result_http = fakeHTTPResult(
parameter_dict['domain'], parameter_dict['public-ipv4'], 'test-path') parameter_dict['domain'], 'test-path')
self.assertEqual( self.assertEqual(
httplib.FOUND, httplib.FOUND,
...@@ -3644,7 +3648,7 @@ class TestSlave(SlaveHttpFrontendTestCase, TestDataMixin): ...@@ -3644,7 +3648,7 @@ class TestSlave(SlaveHttpFrontendTestCase, TestDataMixin):
'type-zope-ssl-proxy-verify_ssl_proxy_ca_crt') 'type-zope-ssl-proxy-verify_ssl_proxy_ca_crt')
result = fakeHTTPSResult( result = fakeHTTPSResult(
parameter_dict['domain'], parameter_dict['public-ipv4'], 'test-path') parameter_dict['domain'], 'test-path')
self.assertEqual( self.assertEqual(
self.certificate_pem, self.certificate_pem,
...@@ -3665,7 +3669,7 @@ class TestSlave(SlaveHttpFrontendTestCase, TestDataMixin): ...@@ -3665,7 +3669,7 @@ class TestSlave(SlaveHttpFrontendTestCase, TestDataMixin):
) )
result = fakeHTTPResult( result = fakeHTTPResult(
parameter_dict['domain'], parameter_dict['public-ipv4'], 'test-path') parameter_dict['domain'], 'test-path')
self.assertEqual( self.assertEqual(
httplib.FOUND, httplib.FOUND,
...@@ -3683,7 +3687,7 @@ class TestSlave(SlaveHttpFrontendTestCase, TestDataMixin): ...@@ -3683,7 +3687,7 @@ class TestSlave(SlaveHttpFrontendTestCase, TestDataMixin):
'type-zope-ssl-proxy-verify-unverified') 'type-zope-ssl-proxy-verify-unverified')
result = fakeHTTPSResult( result = fakeHTTPSResult(
parameter_dict['domain'], parameter_dict['public-ipv4'], 'test-path') parameter_dict['domain'], 'test-path')
self.assertEqual( self.assertEqual(
self.certificate_pem, self.certificate_pem,
...@@ -3698,7 +3702,7 @@ class TestSlave(SlaveHttpFrontendTestCase, TestDataMixin): ...@@ -3698,7 +3702,7 @@ class TestSlave(SlaveHttpFrontendTestCase, TestDataMixin):
parameter_dict = self.assertSlaveBase('monitor-ipv6-test') parameter_dict = self.assertSlaveBase('monitor-ipv6-test')
result = fakeHTTPSResult( result = fakeHTTPSResult(
parameter_dict['domain'], parameter_dict['public-ipv4'], 'test-path') parameter_dict['domain'], 'test-path')
self.assertEqual( self.assertEqual(
self.certificate_pem, self.certificate_pem,
...@@ -3707,7 +3711,7 @@ class TestSlave(SlaveHttpFrontendTestCase, TestDataMixin): ...@@ -3707,7 +3711,7 @@ class TestSlave(SlaveHttpFrontendTestCase, TestDataMixin):
self.assertEqual(httplib.SERVICE_UNAVAILABLE, result.status_code) self.assertEqual(httplib.SERVICE_UNAVAILABLE, result.status_code)
result_http = fakeHTTPResult( result_http = fakeHTTPResult(
parameter_dict['domain'], parameter_dict['public-ipv4'], 'test-path') parameter_dict['domain'], 'test-path')
self.assertEqual( self.assertEqual(
httplib.FOUND, httplib.FOUND,
result_http.status_code result_http.status_code
...@@ -3735,7 +3739,7 @@ class TestSlave(SlaveHttpFrontendTestCase, TestDataMixin): ...@@ -3735,7 +3739,7 @@ class TestSlave(SlaveHttpFrontendTestCase, TestDataMixin):
parameter_dict = self.assertSlaveBase('monitor-ipv4-test') parameter_dict = self.assertSlaveBase('monitor-ipv4-test')
result = fakeHTTPSResult( result = fakeHTTPSResult(
parameter_dict['domain'], parameter_dict['public-ipv4'], 'test-path') parameter_dict['domain'], 'test-path')
self.assertEqual( self.assertEqual(
self.certificate_pem, self.certificate_pem,
...@@ -3744,7 +3748,7 @@ class TestSlave(SlaveHttpFrontendTestCase, TestDataMixin): ...@@ -3744,7 +3748,7 @@ class TestSlave(SlaveHttpFrontendTestCase, TestDataMixin):
self.assertEqual(httplib.SERVICE_UNAVAILABLE, result.status_code) self.assertEqual(httplib.SERVICE_UNAVAILABLE, result.status_code)
result_http = fakeHTTPResult( result_http = fakeHTTPResult(
parameter_dict['domain'], parameter_dict['public-ipv4'], 'test-path') parameter_dict['domain'], 'test-path')
self.assertEqual( self.assertEqual(
httplib.FOUND, httplib.FOUND,
result_http.status_code result_http.status_code
...@@ -3773,7 +3777,7 @@ class TestSlave(SlaveHttpFrontendTestCase, TestDataMixin): ...@@ -3773,7 +3777,7 @@ class TestSlave(SlaveHttpFrontendTestCase, TestDataMixin):
parameter_dict = self.assertSlaveBase('ciphers') parameter_dict = self.assertSlaveBase('ciphers')
result = fakeHTTPSResult( result = fakeHTTPSResult(
parameter_dict['domain'], parameter_dict['public-ipv4'], 'test-path') parameter_dict['domain'], 'test-path')
self.assertEqual( self.assertEqual(
self.certificate_pem, self.certificate_pem,
...@@ -3782,7 +3786,7 @@ class TestSlave(SlaveHttpFrontendTestCase, TestDataMixin): ...@@ -3782,7 +3786,7 @@ class TestSlave(SlaveHttpFrontendTestCase, TestDataMixin):
self.assertEqual(httplib.SERVICE_UNAVAILABLE, result.status_code) self.assertEqual(httplib.SERVICE_UNAVAILABLE, result.status_code)
result_http = fakeHTTPResult( result_http = fakeHTTPResult(
parameter_dict['domain'], parameter_dict['public-ipv4'], 'test-path') parameter_dict['domain'], 'test-path')
self.assertEqual( self.assertEqual(
httplib.FOUND, httplib.FOUND,
...@@ -3816,14 +3820,13 @@ class TestSlave(SlaveHttpFrontendTestCase, TestDataMixin): ...@@ -3816,14 +3820,13 @@ class TestSlave(SlaveHttpFrontendTestCase, TestDataMixin):
'url': 'http://%s.example.com' % (hostname, ), 'url': 'http://%s.example.com' % (hostname, ),
'site_url': 'http://%s.example.com' % (hostname, ), 'site_url': 'http://%s.example.com' % (hostname, ),
'secure_access': 'https://%s.example.com' % (hostname, ), 'secure_access': 'https://%s.example.com' % (hostname, ),
'public-ipv4': self._ipv4_address,
'backend-client-caucase-url': 'http://[%s]:8990' % self._ipv6_address, 'backend-client-caucase-url': 'http://[%s]:8990' % self._ipv6_address,
}, },
parameter_dict parameter_dict
) )
result = fakeHTTPSResult( result = fakeHTTPSResult(
parameter_dict['domain'], parameter_dict['public-ipv4'], parameter_dict['domain'],
'test-path/deep/.././deeper', headers={ 'test-path/deep/.././deeper', headers={
'X-Reply-Header-Cache-Control': 'max-age=1, stale-while-' 'X-Reply-Header-Cache-Control': 'max-age=1, stale-while-'
'revalidate=3600, stale-if-error=3600'}) 'revalidate=3600, stale-if-error=3600'})
...@@ -3865,7 +3868,7 @@ class TestSlave(SlaveHttpFrontendTestCase, TestDataMixin): ...@@ -3865,7 +3868,7 @@ class TestSlave(SlaveHttpFrontendTestCase, TestDataMixin):
parameter_dict = self.assertSlaveBase('enable_cache_server_alias') parameter_dict = self.assertSlaveBase('enable_cache_server_alias')
result = fakeHTTPSResult( result = fakeHTTPSResult(
parameter_dict['domain'], parameter_dict['public-ipv4'], parameter_dict['domain'],
'test-path/deep/.././deeper', headers={ 'test-path/deep/.././deeper', headers={
'X-Reply-Header-Cache-Control': 'max-age=1, stale-while-' 'X-Reply-Header-Cache-Control': 'max-age=1, stale-while-'
'revalidate=3600, stale-if-error=3600'}) 'revalidate=3600, stale-if-error=3600'})
...@@ -3904,7 +3907,7 @@ class TestSlave(SlaveHttpFrontendTestCase, TestDataMixin): ...@@ -3904,7 +3907,7 @@ class TestSlave(SlaveHttpFrontendTestCase, TestDataMixin):
) )
result = fakeHTTPResult( result = fakeHTTPResult(
'enablecacheserveralias1.example.com', parameter_dict['public-ipv4'], 'enablecacheserveralias1.example.com',
'test-path/deep/.././deeper', headers={ 'test-path/deep/.././deeper', headers={
'X-Reply-Header-Cache-Control': 'max-age=1, stale-while-' 'X-Reply-Header-Cache-Control': 'max-age=1, stale-while-'
'revalidate=3600, stale-if-error=3600'}) 'revalidate=3600, stale-if-error=3600'})
...@@ -3924,7 +3927,7 @@ class TestSlave(SlaveHttpFrontendTestCase, TestDataMixin): ...@@ -3924,7 +3927,7 @@ class TestSlave(SlaveHttpFrontendTestCase, TestDataMixin):
source_ip = '127.0.0.1' source_ip = '127.0.0.1'
result = fakeHTTPSResult( result = fakeHTTPSResult(
parameter_dict['domain'], parameter_dict['public-ipv4'], parameter_dict['domain'],
'test-path/deep/.././deeper', headers={ 'test-path/deep/.././deeper', headers={
'X-Reply-Header-Cache-Control': 'max-age=1, stale-while-' 'X-Reply-Header-Cache-Control': 'max-age=1, stale-while-'
'revalidate=3600, stale-if-error=3600', 'revalidate=3600, stale-if-error=3600',
...@@ -4073,7 +4076,7 @@ class TestSlave(SlaveHttpFrontendTestCase, TestDataMixin): ...@@ -4073,7 +4076,7 @@ class TestSlave(SlaveHttpFrontendTestCase, TestDataMixin):
def checkResult(status_code, body): def checkResult(status_code, body):
result = fakeHTTPSResult( result = fakeHTTPSResult(
parameter_dict['domain'], parameter_dict['public-ipv4'], path, parameter_dict['domain'], path,
source_ip=source_ip source_ip=source_ip
) )
self.assertEqual(result.status_code, status_code) self.assertEqual(result.status_code, status_code)
...@@ -4118,7 +4121,7 @@ class TestSlave(SlaveHttpFrontendTestCase, TestDataMixin): ...@@ -4118,7 +4121,7 @@ class TestSlave(SlaveHttpFrontendTestCase, TestDataMixin):
source_ip = '127.0.0.1' source_ip = '127.0.0.1'
result = fakeHTTPSResult( result = fakeHTTPSResult(
parameter_dict['domain'], parameter_dict['public-ipv4'], parameter_dict['domain'],
'test-path/deep/.././deeper', headers={ 'test-path/deep/.././deeper', headers={
'X-Reply-Header-Cache-Control': 'max-age=1, stale-while-' 'X-Reply-Header-Cache-Control': 'max-age=1, stale-while-'
'revalidate=3600, stale-if-error=3600', 'revalidate=3600, stale-if-error=3600',
...@@ -4169,7 +4172,7 @@ class TestSlave(SlaveHttpFrontendTestCase, TestDataMixin): ...@@ -4169,7 +4172,7 @@ class TestSlave(SlaveHttpFrontendTestCase, TestDataMixin):
self.stopServerProcess() self.stopServerProcess()
result = fakeHTTPSResult( result = fakeHTTPSResult(
parameter_dict['domain'], parameter_dict['public-ipv4'], parameter_dict['domain'],
'test-path/deep/.././deeper', headers={ 'test-path/deep/.././deeper', headers={
'X-Reply-Header-Cache-Control': 'max-age=1', 'X-Reply-Header-Cache-Control': 'max-age=1',
}, },
...@@ -4185,7 +4188,7 @@ class TestSlave(SlaveHttpFrontendTestCase, TestDataMixin): ...@@ -4185,7 +4188,7 @@ class TestSlave(SlaveHttpFrontendTestCase, TestDataMixin):
# check that timeout seen by ATS does not result in many queries done # check that timeout seen by ATS does not result in many queries done
# to the backend and that next request works like a charm # to the backend and that next request works like a charm
result = fakeHTTPSResult( result = fakeHTTPSResult(
parameter_dict['domain'], parameter_dict['public-ipv4'], parameter_dict['domain'],
'test_enable_cache_ats_timeout', headers={ 'test_enable_cache_ats_timeout', headers={
'Timeout': '15', 'Timeout': '15',
'X-Reply-Header-Cache-Control': 'max-age=1, stale-while-' 'X-Reply-Header-Cache-Control': 'max-age=1, stale-while-'
...@@ -4252,7 +4255,7 @@ class TestSlave(SlaveHttpFrontendTestCase, TestDataMixin): ...@@ -4252,7 +4255,7 @@ class TestSlave(SlaveHttpFrontendTestCase, TestDataMixin):
# the result is available immediately after # the result is available immediately after
result = fakeHTTPSResult( result = fakeHTTPSResult(
parameter_dict['domain'], parameter_dict['public-ipv4'], parameter_dict['domain'],
'test-path/deep/.././deeper', headers={ 'test-path/deep/.././deeper', headers={
'X-Reply-Header-Cache-Control': 'max-age=1, stale-while-' 'X-Reply-Header-Cache-Control': 'max-age=1, stale-while-'
'revalidate=3600, stale-if-error=3600'}) 'revalidate=3600, stale-if-error=3600'})
...@@ -4264,7 +4267,7 @@ class TestSlave(SlaveHttpFrontendTestCase, TestDataMixin): ...@@ -4264,7 +4267,7 @@ class TestSlave(SlaveHttpFrontendTestCase, TestDataMixin):
'enable_cache-disable-no-cache-request') 'enable_cache-disable-no-cache-request')
result = fakeHTTPSResult( result = fakeHTTPSResult(
parameter_dict['domain'], parameter_dict['public-ipv4'], 'test-path', parameter_dict['domain'], 'test-path',
headers={'Pragma': 'no-cache', 'Cache-Control': 'something'}) headers={'Pragma': 'no-cache', 'Cache-Control': 'something'})
self.assertEqual( self.assertEqual(
...@@ -4312,7 +4315,7 @@ class TestSlave(SlaveHttpFrontendTestCase, TestDataMixin): ...@@ -4312,7 +4315,7 @@ class TestSlave(SlaveHttpFrontendTestCase, TestDataMixin):
parameter_dict = self.assertSlaveBase('enable_cache-disable-via-header') parameter_dict = self.assertSlaveBase('enable_cache-disable-via-header')
result = fakeHTTPSResult( result = fakeHTTPSResult(
parameter_dict['domain'], parameter_dict['public-ipv4'], 'test-path') parameter_dict['domain'], 'test-path')
self.assertEqual( self.assertEqual(
self.certificate_pem, self.certificate_pem,
...@@ -4353,7 +4356,7 @@ class TestSlave(SlaveHttpFrontendTestCase, TestDataMixin): ...@@ -4353,7 +4356,7 @@ class TestSlave(SlaveHttpFrontendTestCase, TestDataMixin):
parameter_dict = self.assertSlaveBase('enable-http2-false') parameter_dict = self.assertSlaveBase('enable-http2-false')
result = fakeHTTPSResult( result = fakeHTTPSResult(
parameter_dict['domain'], parameter_dict['public-ipv4'], 'test-path') parameter_dict['domain'], 'test-path')
self.assertEqual( self.assertEqual(
self.certificate_pem, self.certificate_pem,
...@@ -4381,13 +4384,13 @@ class TestSlave(SlaveHttpFrontendTestCase, TestDataMixin): ...@@ -4381,13 +4384,13 @@ class TestSlave(SlaveHttpFrontendTestCase, TestDataMixin):
) )
self.assertFalse( self.assertFalse(
isHTTP2(parameter_dict['domain'], parameter_dict['public-ipv4'])) isHTTP2(parameter_dict['domain']))
def test_enable_http2_default(self): def test_enable_http2_default(self):
parameter_dict = self.assertSlaveBase('enable-http2-default') parameter_dict = self.assertSlaveBase('enable-http2-default')
result = fakeHTTPSResult( result = fakeHTTPSResult(
parameter_dict['domain'], parameter_dict['public-ipv4'], 'test-path') parameter_dict['domain'], 'test-path')
self.assertEqual( self.assertEqual(
self.certificate_pem, self.certificate_pem,
...@@ -4415,14 +4418,14 @@ class TestSlave(SlaveHttpFrontendTestCase, TestDataMixin): ...@@ -4415,14 +4418,14 @@ class TestSlave(SlaveHttpFrontendTestCase, TestDataMixin):
) )
self.assertTrue( self.assertTrue(
isHTTP2(parameter_dict['domain'], parameter_dict['public-ipv4'])) isHTTP2(parameter_dict['domain']))
def test_prefer_gzip_encoding_to_backend_https_only(self): def test_prefer_gzip_encoding_to_backend_https_only(self):
parameter_dict = self.assertSlaveBase( parameter_dict = self.assertSlaveBase(
'prefer-gzip-encoding-to-backend-https-only') 'prefer-gzip-encoding-to-backend-https-only')
result = fakeHTTPSResult( result = fakeHTTPSResult(
parameter_dict['domain'], parameter_dict['public-ipv4'], parameter_dict['domain'],
'test-path/deep/.././deeper', 'test-path/deep/.././deeper',
headers={'Accept-Encoding': 'gzip, deflate'}) headers={'Accept-Encoding': 'gzip, deflate'})
...@@ -4438,7 +4441,7 @@ class TestSlave(SlaveHttpFrontendTestCase, TestDataMixin): ...@@ -4438,7 +4441,7 @@ class TestSlave(SlaveHttpFrontendTestCase, TestDataMixin):
'gzip', result.json()['Incoming Headers']['accept-encoding']) 'gzip', result.json()['Incoming Headers']['accept-encoding'])
result = fakeHTTPSResult( result = fakeHTTPSResult(
parameter_dict['domain'], parameter_dict['public-ipv4'], parameter_dict['domain'],
'test-path/deep/.././deeper', 'test-path/deep/.././deeper',
headers={'Accept-Encoding': 'deflate'}) headers={'Accept-Encoding': 'deflate'})
...@@ -4450,7 +4453,7 @@ class TestSlave(SlaveHttpFrontendTestCase, TestDataMixin): ...@@ -4450,7 +4453,7 @@ class TestSlave(SlaveHttpFrontendTestCase, TestDataMixin):
'deflate', result.json()['Incoming Headers']['accept-encoding']) 'deflate', result.json()['Incoming Headers']['accept-encoding'])
result = fakeHTTPSResult( result = fakeHTTPSResult(
parameter_dict['domain'], parameter_dict['public-ipv4'], parameter_dict['domain'],
'test-path/deep/.././deeper') 'test-path/deep/.././deeper')
self.assertEqual( self.assertEqual(
...@@ -4460,13 +4463,13 @@ class TestSlave(SlaveHttpFrontendTestCase, TestDataMixin): ...@@ -4460,13 +4463,13 @@ class TestSlave(SlaveHttpFrontendTestCase, TestDataMixin):
self.assertEqualResultJson(result, 'Path', '/test-path/deeper') self.assertEqualResultJson(result, 'Path', '/test-path/deeper')
result = fakeHTTPSResult( result = fakeHTTPSResult(
parameter_dict['domain'], parameter_dict['public-ipv4'], parameter_dict['domain'],
'test-path/deep/.././deeper') 'test-path/deep/.././deeper')
self.assertEqualResultJson(result, 'Path', '/test-path/deeper') self.assertEqualResultJson(result, 'Path', '/test-path/deeper')
result = fakeHTTPResult( result = fakeHTTPResult(
parameter_dict['domain'], parameter_dict['public-ipv4'], parameter_dict['domain'],
'test-path/deep/.././deeper', 'test-path/deep/.././deeper',
headers={'Accept-Encoding': 'gzip, deflate'}) headers={'Accept-Encoding': 'gzip, deflate'})
...@@ -4479,7 +4482,7 @@ class TestSlave(SlaveHttpFrontendTestCase, TestDataMixin): ...@@ -4479,7 +4482,7 @@ class TestSlave(SlaveHttpFrontendTestCase, TestDataMixin):
'gzip', result.json()['Incoming Headers']['accept-encoding']) 'gzip', result.json()['Incoming Headers']['accept-encoding'])
result = fakeHTTPResult( result = fakeHTTPResult(
parameter_dict['domain'], parameter_dict['public-ipv4'], parameter_dict['domain'],
'test-path/deep/.././deeper', 'test-path/deep/.././deeper',
headers={'Accept-Encoding': 'deflate'}) headers={'Accept-Encoding': 'deflate'})
...@@ -4492,13 +4495,13 @@ class TestSlave(SlaveHttpFrontendTestCase, TestDataMixin): ...@@ -4492,13 +4495,13 @@ class TestSlave(SlaveHttpFrontendTestCase, TestDataMixin):
'deflate', result.json()['Incoming Headers']['accept-encoding']) 'deflate', result.json()['Incoming Headers']['accept-encoding'])
result = fakeHTTPResult( result = fakeHTTPResult(
parameter_dict['domain'], parameter_dict['public-ipv4'], parameter_dict['domain'],
'test-path/deep/.././deeper') 'test-path/deep/.././deeper')
self.assertEqualResultJson(result, 'Path', '/test-path/deeper') self.assertEqualResultJson(result, 'Path', '/test-path/deeper')
result = fakeHTTPResult( result = fakeHTTPResult(
parameter_dict['domain'], parameter_dict['public-ipv4'], parameter_dict['domain'],
'test-path/deep/.././deeper') 'test-path/deep/.././deeper')
self.assertEqualResultJson(result, 'Path', '/test-path/deeper') self.assertEqualResultJson(result, 'Path', '/test-path/deeper')
...@@ -4508,7 +4511,7 @@ class TestSlave(SlaveHttpFrontendTestCase, TestDataMixin): ...@@ -4508,7 +4511,7 @@ class TestSlave(SlaveHttpFrontendTestCase, TestDataMixin):
'prefer-gzip-encoding-to-backend') 'prefer-gzip-encoding-to-backend')
result = fakeHTTPSResult( result = fakeHTTPSResult(
parameter_dict['domain'], parameter_dict['public-ipv4'], parameter_dict['domain'],
'test-path/deep/.././deeper', 'test-path/deep/.././deeper',
headers={'Accept-Encoding': 'gzip, deflate'}) headers={'Accept-Encoding': 'gzip, deflate'})
...@@ -4524,7 +4527,7 @@ class TestSlave(SlaveHttpFrontendTestCase, TestDataMixin): ...@@ -4524,7 +4527,7 @@ class TestSlave(SlaveHttpFrontendTestCase, TestDataMixin):
'gzip', result.json()['Incoming Headers']['accept-encoding']) 'gzip', result.json()['Incoming Headers']['accept-encoding'])
result = fakeHTTPSResult( result = fakeHTTPSResult(
parameter_dict['domain'], parameter_dict['public-ipv4'], parameter_dict['domain'],
'test-path/deep/.././deeper', 'test-path/deep/.././deeper',
headers={'Accept-Encoding': 'deflate'}) headers={'Accept-Encoding': 'deflate'})
...@@ -4536,7 +4539,7 @@ class TestSlave(SlaveHttpFrontendTestCase, TestDataMixin): ...@@ -4536,7 +4539,7 @@ class TestSlave(SlaveHttpFrontendTestCase, TestDataMixin):
'deflate', result.json()['Incoming Headers']['accept-encoding']) 'deflate', result.json()['Incoming Headers']['accept-encoding'])
result = fakeHTTPSResult( result = fakeHTTPSResult(
parameter_dict['domain'], parameter_dict['public-ipv4'], parameter_dict['domain'],
'test-path/deep/.././deeper') 'test-path/deep/.././deeper')
self.assertEqual( self.assertEqual(
...@@ -4546,13 +4549,13 @@ class TestSlave(SlaveHttpFrontendTestCase, TestDataMixin): ...@@ -4546,13 +4549,13 @@ class TestSlave(SlaveHttpFrontendTestCase, TestDataMixin):
self.assertEqualResultJson(result, 'Path', '/test-path/deeper') self.assertEqualResultJson(result, 'Path', '/test-path/deeper')
result = fakeHTTPSResult( result = fakeHTTPSResult(
parameter_dict['domain'], parameter_dict['public-ipv4'], parameter_dict['domain'],
'test-path/deep/.././deeper') 'test-path/deep/.././deeper')
self.assertEqualResultJson(result, 'Path', '/test-path/deeper') self.assertEqualResultJson(result, 'Path', '/test-path/deeper')
result = fakeHTTPResult( result = fakeHTTPResult(
parameter_dict['domain'], parameter_dict['public-ipv4'], parameter_dict['domain'],
'test-path/deep/.././deeper', 'test-path/deep/.././deeper',
headers={'Accept-Encoding': 'gzip, deflate'}) headers={'Accept-Encoding': 'gzip, deflate'})
...@@ -4567,7 +4570,7 @@ class TestSlave(SlaveHttpFrontendTestCase, TestDataMixin): ...@@ -4567,7 +4570,7 @@ class TestSlave(SlaveHttpFrontendTestCase, TestDataMixin):
) )
result = fakeHTTPResult( result = fakeHTTPResult(
parameter_dict['domain'], parameter_dict['public-ipv4'], parameter_dict['domain'],
'test-path/deep/.././deeper', 'test-path/deep/.././deeper',
headers={'Accept-Encoding': 'deflate'}) headers={'Accept-Encoding': 'deflate'})
...@@ -4582,7 +4585,7 @@ class TestSlave(SlaveHttpFrontendTestCase, TestDataMixin): ...@@ -4582,7 +4585,7 @@ class TestSlave(SlaveHttpFrontendTestCase, TestDataMixin):
) )
result = fakeHTTPResult( result = fakeHTTPResult(
parameter_dict['domain'], parameter_dict['public-ipv4'], parameter_dict['domain'],
'test-path/deep/.././deeper') 'test-path/deep/.././deeper')
self.assertEqual( self.assertEqual(
...@@ -4596,7 +4599,7 @@ class TestSlave(SlaveHttpFrontendTestCase, TestDataMixin): ...@@ -4596,7 +4599,7 @@ class TestSlave(SlaveHttpFrontendTestCase, TestDataMixin):
) )
result = fakeHTTPResult( result = fakeHTTPResult(
parameter_dict['domain'], parameter_dict['public-ipv4'], parameter_dict['domain'],
'test-path/deep/.././deeper') 'test-path/deep/.././deeper')
self.assertEqual( self.assertEqual(
...@@ -4613,7 +4616,7 @@ class TestSlave(SlaveHttpFrontendTestCase, TestDataMixin): ...@@ -4613,7 +4616,7 @@ class TestSlave(SlaveHttpFrontendTestCase, TestDataMixin):
parameter_dict = self.assertSlaveBase('disabled-cookie-list') parameter_dict = self.assertSlaveBase('disabled-cookie-list')
result = fakeHTTPSResult( result = fakeHTTPSResult(
parameter_dict['domain'], parameter_dict['public-ipv4'], 'test-path', parameter_dict['domain'], 'test-path',
cookies=dict( cookies=dict(
Chocolate='absent', Chocolate='absent',
Vanilia='absent', Vanilia='absent',
...@@ -4635,17 +4638,21 @@ class TestSlave(SlaveHttpFrontendTestCase, TestDataMixin): ...@@ -4635,17 +4638,21 @@ class TestSlave(SlaveHttpFrontendTestCase, TestDataMixin):
parameter_dict = self.assertSlaveBase('url_https-url') parameter_dict = self.assertSlaveBase('url_https-url')
result = fakeHTTPSResult( result = fakeHTTPSResult(
parameter_dict['domain'], parameter_dict['public-ipv4'], parameter_dict['domain'],
'test-path/deep/.././deeper') 'test-path/deep/.././deeper')
self.assertEqual( self.assertEqual(
self.certificate_pem, self.certificate_pem,
der2pem(result.peercert)) der2pem(result.peercert))
self.assertEqual(
'max-age=200; includeSubDomains; preload',
result.headers['Strict-Transport-Security'])
self.assertEqualResultJson(result, 'Path', '/https/test-path/deeper') self.assertEqualResultJson(result, 'Path', '/https/test-path/deeper')
result_http = fakeHTTPResult( result_http = fakeHTTPResult(
parameter_dict['domain'], parameter_dict['public-ipv4'], parameter_dict['domain'],
'test-path/deep/.././deeper') 'test-path/deep/.././deeper')
self.assertEqual( self.assertEqual(
...@@ -4653,6 +4660,8 @@ class TestSlave(SlaveHttpFrontendTestCase, TestDataMixin): ...@@ -4653,6 +4660,8 @@ class TestSlave(SlaveHttpFrontendTestCase, TestDataMixin):
result_http.status_code result_http.status_code
) )
self.assertNotIn('Strict-Transport-Security', result_http.headers)
self.assertEqual( self.assertEqual(
'https://urlhttpsurl.example.com:%s/test-path/deeper' % (HTTP_PORT,), 'https://urlhttpsurl.example.com:%s/test-path/deeper' % (HTTP_PORT,),
result_http.headers['Location'] result_http.headers['Location']
...@@ -4675,7 +4684,6 @@ class TestReplicateSlave(SlaveHttpFrontendTestCase, TestDataMixin): ...@@ -4675,7 +4684,6 @@ class TestReplicateSlave(SlaveHttpFrontendTestCase, TestDataMixin):
def getInstanceParameterDict(cls): def getInstanceParameterDict(cls):
return { return {
'domain': 'example.com', 'domain': 'example.com',
'public-ipv4': cls._ipv4_address,
'-frontend-quantity': 2, '-frontend-quantity': 2,
'-sla-2-computer_guid': cls.slap._computer_id, '-sla-2-computer_guid': cls.slap._computer_id,
'-frontend-2-state': 'stopped', '-frontend-2-state': 'stopped',
...@@ -4705,14 +4713,13 @@ class TestReplicateSlave(SlaveHttpFrontendTestCase, TestDataMixin): ...@@ -4705,14 +4713,13 @@ class TestReplicateSlave(SlaveHttpFrontendTestCase, TestDataMixin):
'url': 'http://replicate.example.com', 'url': 'http://replicate.example.com',
'site_url': 'http://replicate.example.com', 'site_url': 'http://replicate.example.com',
'secure_access': 'https://replicate.example.com', 'secure_access': 'https://replicate.example.com',
'public-ipv4': self._ipv4_address,
'backend-client-caucase-url': 'http://[%s]:8990' % self._ipv6_address, 'backend-client-caucase-url': 'http://[%s]:8990' % self._ipv6_address,
}, },
parameter_dict parameter_dict
) )
result = fakeHTTPSResult( result = fakeHTTPSResult(
parameter_dict['domain'], parameter_dict['public-ipv4'], 'test-path') parameter_dict['domain'], 'test-path')
self.assertEqual( self.assertEqual(
self.certificate_pem, self.certificate_pem,
...@@ -4721,7 +4728,7 @@ class TestReplicateSlave(SlaveHttpFrontendTestCase, TestDataMixin): ...@@ -4721,7 +4728,7 @@ class TestReplicateSlave(SlaveHttpFrontendTestCase, TestDataMixin):
self.assertEqualResultJson(result, 'Path', '/test-path') self.assertEqualResultJson(result, 'Path', '/test-path')
result_http = fakeHTTPResult( result_http = fakeHTTPResult(
parameter_dict['domain'], parameter_dict['public-ipv4'], 'test-path') parameter_dict['domain'], 'test-path')
self.assertEqualResultJson(result_http, 'Path', '/test-path') self.assertEqualResultJson(result_http, 'Path', '/test-path')
# prove 2nd frontend by inspection of the instance # prove 2nd frontend by inspection of the instance
...@@ -4743,7 +4750,6 @@ class TestReplicateSlaveOtherDestroyed(SlaveHttpFrontendTestCase): ...@@ -4743,7 +4750,6 @@ class TestReplicateSlaveOtherDestroyed(SlaveHttpFrontendTestCase):
def getInstanceParameterDict(cls): def getInstanceParameterDict(cls):
return { return {
'domain': 'example.com', 'domain': 'example.com',
'public-ipv4': cls._ipv4_address,
'-frontend-quantity': 2, '-frontend-quantity': 2,
'-sla-2-computer_guid': cls.slap._computer_id, '-sla-2-computer_guid': cls.slap._computer_id,
'-frontend-2-state': 'destroyed', '-frontend-2-state': 'destroyed',
...@@ -4783,7 +4789,6 @@ class TestEnableHttp2ByDefaultFalseSlave(SlaveHttpFrontendTestCase, ...@@ -4783,7 +4789,6 @@ class TestEnableHttp2ByDefaultFalseSlave(SlaveHttpFrontendTestCase,
def getInstanceParameterDict(cls): def getInstanceParameterDict(cls):
return { return {
'domain': 'example.com', 'domain': 'example.com',
'public-ipv4': cls._ipv4_address,
'enable-http2-by-default': 'false', 'enable-http2-by-default': 'false',
'port': HTTPS_PORT, 'port': HTTPS_PORT,
'plain_http_port': HTTP_PORT, 'plain_http_port': HTTP_PORT,
...@@ -4820,14 +4825,13 @@ class TestEnableHttp2ByDefaultFalseSlave(SlaveHttpFrontendTestCase, ...@@ -4820,14 +4825,13 @@ class TestEnableHttp2ByDefaultFalseSlave(SlaveHttpFrontendTestCase,
'site_url': 'http://enablehttp2default.example.com', 'site_url': 'http://enablehttp2default.example.com',
'secure_access': 'secure_access':
'https://enablehttp2default.example.com', 'https://enablehttp2default.example.com',
'public-ipv4': self._ipv4_address,
'backend-client-caucase-url': 'http://[%s]:8990' % self._ipv6_address, 'backend-client-caucase-url': 'http://[%s]:8990' % self._ipv6_address,
}, },
parameter_dict parameter_dict
) )
self.assertFalse( self.assertFalse(
isHTTP2(parameter_dict['domain'], parameter_dict['public-ipv4'])) isHTTP2(parameter_dict['domain']))
def test_enable_http2_false(self): def test_enable_http2_false(self):
parameter_dict = self.parseSlaveParameterDict('enable-http2-false') parameter_dict = self.parseSlaveParameterDict('enable-http2-false')
...@@ -4841,14 +4845,13 @@ class TestEnableHttp2ByDefaultFalseSlave(SlaveHttpFrontendTestCase, ...@@ -4841,14 +4845,13 @@ class TestEnableHttp2ByDefaultFalseSlave(SlaveHttpFrontendTestCase,
'site_url': 'http://enablehttp2false.example.com', 'site_url': 'http://enablehttp2false.example.com',
'secure_access': 'secure_access':
'https://enablehttp2false.example.com', 'https://enablehttp2false.example.com',
'public-ipv4': self._ipv4_address,
'backend-client-caucase-url': 'http://[%s]:8990' % self._ipv6_address, 'backend-client-caucase-url': 'http://[%s]:8990' % self._ipv6_address,
}, },
parameter_dict parameter_dict
) )
self.assertFalse( self.assertFalse(
isHTTP2(parameter_dict['domain'], parameter_dict['public-ipv4'])) isHTTP2(parameter_dict['domain']))
def test_enable_http2_true(self): def test_enable_http2_true(self):
parameter_dict = self.parseSlaveParameterDict('enable-http2-true') parameter_dict = self.parseSlaveParameterDict('enable-http2-true')
...@@ -4862,14 +4865,13 @@ class TestEnableHttp2ByDefaultFalseSlave(SlaveHttpFrontendTestCase, ...@@ -4862,14 +4865,13 @@ class TestEnableHttp2ByDefaultFalseSlave(SlaveHttpFrontendTestCase,
'site_url': 'http://enablehttp2true.example.com', 'site_url': 'http://enablehttp2true.example.com',
'secure_access': 'secure_access':
'https://enablehttp2true.example.com', 'https://enablehttp2true.example.com',
'public-ipv4': self._ipv4_address,
'backend-client-caucase-url': 'http://[%s]:8990' % self._ipv6_address, 'backend-client-caucase-url': 'http://[%s]:8990' % self._ipv6_address,
}, },
parameter_dict parameter_dict
) )
self.assertTrue( self.assertTrue(
isHTTP2(parameter_dict['domain'], parameter_dict['public-ipv4'])) isHTTP2(parameter_dict['domain']))
class TestEnableHttp2ByDefaultDefaultSlave(SlaveHttpFrontendTestCase, class TestEnableHttp2ByDefaultDefaultSlave(SlaveHttpFrontendTestCase,
...@@ -4878,7 +4880,6 @@ class TestEnableHttp2ByDefaultDefaultSlave(SlaveHttpFrontendTestCase, ...@@ -4878,7 +4880,6 @@ class TestEnableHttp2ByDefaultDefaultSlave(SlaveHttpFrontendTestCase,
def getInstanceParameterDict(cls): def getInstanceParameterDict(cls):
return { return {
'domain': 'example.com', 'domain': 'example.com',
'public-ipv4': cls._ipv4_address,
'port': HTTPS_PORT, 'port': HTTPS_PORT,
'plain_http_port': HTTP_PORT, 'plain_http_port': HTTP_PORT,
'kedifa_port': KEDIFA_PORT, 'kedifa_port': KEDIFA_PORT,
...@@ -4914,14 +4915,13 @@ class TestEnableHttp2ByDefaultDefaultSlave(SlaveHttpFrontendTestCase, ...@@ -4914,14 +4915,13 @@ class TestEnableHttp2ByDefaultDefaultSlave(SlaveHttpFrontendTestCase,
'site_url': 'http://enablehttp2default.example.com', 'site_url': 'http://enablehttp2default.example.com',
'secure_access': 'secure_access':
'https://enablehttp2default.example.com', 'https://enablehttp2default.example.com',
'public-ipv4': self._ipv4_address,
'backend-client-caucase-url': 'http://[%s]:8990' % self._ipv6_address, 'backend-client-caucase-url': 'http://[%s]:8990' % self._ipv6_address,
}, },
parameter_dict parameter_dict
) )
self.assertTrue( self.assertTrue(
isHTTP2(parameter_dict['domain'], parameter_dict['public-ipv4'])) isHTTP2(parameter_dict['domain']))
def test_enable_http2_false(self): def test_enable_http2_false(self):
parameter_dict = self.parseSlaveParameterDict('enable-http2-false') parameter_dict = self.parseSlaveParameterDict('enable-http2-false')
...@@ -4935,14 +4935,13 @@ class TestEnableHttp2ByDefaultDefaultSlave(SlaveHttpFrontendTestCase, ...@@ -4935,14 +4935,13 @@ class TestEnableHttp2ByDefaultDefaultSlave(SlaveHttpFrontendTestCase,
'site_url': 'http://enablehttp2false.example.com', 'site_url': 'http://enablehttp2false.example.com',
'secure_access': 'secure_access':
'https://enablehttp2false.example.com', 'https://enablehttp2false.example.com',
'public-ipv4': self._ipv4_address,
'backend-client-caucase-url': 'http://[%s]:8990' % self._ipv6_address, 'backend-client-caucase-url': 'http://[%s]:8990' % self._ipv6_address,
}, },
parameter_dict parameter_dict
) )
self.assertFalse( self.assertFalse(
isHTTP2(parameter_dict['domain'], parameter_dict['public-ipv4'])) isHTTP2(parameter_dict['domain']))
def test_enable_http2_true(self): def test_enable_http2_true(self):
parameter_dict = self.parseSlaveParameterDict('enable-http2-true') parameter_dict = self.parseSlaveParameterDict('enable-http2-true')
...@@ -4957,13 +4956,12 @@ class TestEnableHttp2ByDefaultDefaultSlave(SlaveHttpFrontendTestCase, ...@@ -4957,13 +4956,12 @@ class TestEnableHttp2ByDefaultDefaultSlave(SlaveHttpFrontendTestCase,
'site_url': 'http://enablehttp2true.example.com', 'site_url': 'http://enablehttp2true.example.com',
'secure_access': 'secure_access':
'https://enablehttp2true.example.com', 'https://enablehttp2true.example.com',
'public-ipv4': self._ipv4_address,
}, },
parameter_dict parameter_dict
) )
self.assertTrue( self.assertTrue(
isHTTP2(parameter_dict['domain'], parameter_dict['public-ipv4'])) isHTTP2(parameter_dict['domain']))
class TestRe6stVerificationUrlDefaultSlave(SlaveHttpFrontendTestCase, class TestRe6stVerificationUrlDefaultSlave(SlaveHttpFrontendTestCase,
...@@ -5002,7 +5000,6 @@ class TestRe6stVerificationUrlDefaultSlave(SlaveHttpFrontendTestCase, ...@@ -5002,7 +5000,6 @@ class TestRe6stVerificationUrlDefaultSlave(SlaveHttpFrontendTestCase,
'url': 'http://default.None', 'url': 'http://default.None',
'site_url': 'http://default.None', 'site_url': 'http://default.None',
'secure_access': 'https://default.None', 'secure_access': 'https://default.None',
'public-ipv4': 'None',
'backend-client-caucase-url': 'http://[%s]:8990' % self._ipv6_address, 'backend-client-caucase-url': 'http://[%s]:8990' % self._ipv6_address,
}, },
parameter_dict parameter_dict
...@@ -5057,7 +5054,6 @@ class TestRe6stVerificationUrlSlave(SlaveHttpFrontendTestCase, ...@@ -5057,7 +5054,6 @@ class TestRe6stVerificationUrlSlave(SlaveHttpFrontendTestCase,
'url': 'http://default.None', 'url': 'http://default.None',
'site_url': 'http://default.None', 'site_url': 'http://default.None',
'secure_access': 'https://default.None', 'secure_access': 'https://default.None',
'public-ipv4': 'None',
}, },
parameter_dict parameter_dict
) )
...@@ -5078,59 +5074,6 @@ class TestRe6stVerificationUrlSlave(SlaveHttpFrontendTestCase, ...@@ -5078,59 +5074,6 @@ class TestRe6stVerificationUrlSlave(SlaveHttpFrontendTestCase,
) )
@skip('Impossible to instantiate cluster with stopped partition')
class TestDefaultMonitorHttpdPort(SlaveHttpFrontendTestCase, TestDataMixin):
@classmethod
def getInstanceParameterDict(cls):
return {
'-frontend-1-state': 'stopped',
'port': HTTPS_PORT,
'plain_http_port': HTTP_PORT,
'kedifa_port': KEDIFA_PORT,
'caucase_port': CAUCASE_PORT,
}
@classmethod
def runKedifaUpdater(cls):
return
@classmethod
def getSlaveParameterDictDict(cls):
return {
'test': {
'url': cls.backend_url,
},
'testcached': {
'url': cls.backend_url,
'enable_cache': True,
},
}
def test(self):
parameter_dict = self.parseSlaveParameterDict('test')
self.assertKeyWithPop('log-access-url', parameter_dict)
self.assertKedifaKeysWithPop(parameter_dict)
self.assertEqual(
{
'domain': 'test.None', 'replication_number': '1',
'url': 'http://test.None', 'site_url': 'http://test.None',
'backend-client-caucase-url': 'http://[%s]:8990' % self._ipv6_address,
'secure_access': 'https://test.None', 'public-ipv4': 'None'},
parameter_dict
)
master_monitor_conf = open(os.path.join(
self.instance_path, 'T-0', 'etc',
'monitor-httpd.conf')).read()
slave_monitor_conf = open(os.path.join(
self.instance_path, 'T-2', 'etc',
'monitor-httpd.conf')).read()
self.assertTrue(
'Listen [%s]:8196' % (self._ipv6_address,) in master_monitor_conf)
self.assertTrue(
'Listen [%s]:8072' % (self._ipv6_address,) in slave_monitor_conf)
class TestSlaveGlobalDisableHttp2(TestSlave): class TestSlaveGlobalDisableHttp2(TestSlave):
@classmethod @classmethod
def getInstanceParameterDict(cls): def getInstanceParameterDict(cls):
...@@ -5151,14 +5094,13 @@ class TestSlaveGlobalDisableHttp2(TestSlave): ...@@ -5151,14 +5094,13 @@ class TestSlaveGlobalDisableHttp2(TestSlave):
'site_url': 'http://enablehttp2default.example.com', 'site_url': 'http://enablehttp2default.example.com',
'secure_access': 'secure_access':
'https://enablehttp2default.example.com', 'https://enablehttp2default.example.com',
'public-ipv4': self._ipv4_address,
'backend-client-caucase-url': 'http://[%s]:8990' % self._ipv6_address, 'backend-client-caucase-url': 'http://[%s]:8990' % self._ipv6_address,
}, },
parameter_dict parameter_dict
) )
result = fakeHTTPSResult( result = fakeHTTPSResult(
parameter_dict['domain'], parameter_dict['public-ipv4'], 'test-path') parameter_dict['domain'], 'test-path')
self.assertEqual( self.assertEqual(
self.certificate_pem, self.certificate_pem,
...@@ -5186,7 +5128,7 @@ class TestSlaveGlobalDisableHttp2(TestSlave): ...@@ -5186,7 +5128,7 @@ class TestSlaveGlobalDisableHttp2(TestSlave):
) )
self.assertFalse( self.assertFalse(
isHTTP2(parameter_dict['domain'], parameter_dict['public-ipv4'])) isHTTP2(parameter_dict['domain']))
class TestEnableHttp2ByDefaultFalseSlaveGlobalDisableHttp2( class TestEnableHttp2ByDefaultFalseSlaveGlobalDisableHttp2(
...@@ -5211,14 +5153,13 @@ class TestEnableHttp2ByDefaultFalseSlaveGlobalDisableHttp2( ...@@ -5211,14 +5153,13 @@ class TestEnableHttp2ByDefaultFalseSlaveGlobalDisableHttp2(
'site_url': 'http://enablehttp2true.example.com', 'site_url': 'http://enablehttp2true.example.com',
'secure_access': 'secure_access':
'https://enablehttp2true.example.com', 'https://enablehttp2true.example.com',
'public-ipv4': self._ipv4_address,
'backend-client-caucase-url': 'http://[%s]:8990' % self._ipv6_address, 'backend-client-caucase-url': 'http://[%s]:8990' % self._ipv6_address,
}, },
parameter_dict parameter_dict
) )
self.assertFalse( self.assertFalse(
isHTTP2(parameter_dict['domain'], parameter_dict['public-ipv4'])) isHTTP2(parameter_dict['domain']))
class TestEnableHttp2ByDefaultDefaultSlaveGlobalDisableHttp2( class TestEnableHttp2ByDefaultDefaultSlaveGlobalDisableHttp2(
...@@ -5243,14 +5184,13 @@ class TestEnableHttp2ByDefaultDefaultSlaveGlobalDisableHttp2( ...@@ -5243,14 +5184,13 @@ class TestEnableHttp2ByDefaultDefaultSlaveGlobalDisableHttp2(
'site_url': 'http://enablehttp2true.example.com', 'site_url': 'http://enablehttp2true.example.com',
'secure_access': 'secure_access':
'https://enablehttp2true.example.com', 'https://enablehttp2true.example.com',
'public-ipv4': self._ipv4_address,
'backend-client-caucase-url': 'http://[%s]:8990' % self._ipv6_address, 'backend-client-caucase-url': 'http://[%s]:8990' % self._ipv6_address,
}, },
parameter_dict parameter_dict
) )
self.assertFalse( self.assertFalse(
isHTTP2(parameter_dict['domain'], parameter_dict['public-ipv4'])) isHTTP2(parameter_dict['domain']))
def test_enable_http2_default(self): def test_enable_http2_default(self):
parameter_dict = self.parseSlaveParameterDict('enable-http2-default') parameter_dict = self.parseSlaveParameterDict('enable-http2-default')
...@@ -5264,14 +5204,13 @@ class TestEnableHttp2ByDefaultDefaultSlaveGlobalDisableHttp2( ...@@ -5264,14 +5204,13 @@ class TestEnableHttp2ByDefaultDefaultSlaveGlobalDisableHttp2(
'site_url': 'http://enablehttp2default.example.com', 'site_url': 'http://enablehttp2default.example.com',
'secure_access': 'secure_access':
'https://enablehttp2default.example.com', 'https://enablehttp2default.example.com',
'public-ipv4': self._ipv4_address,
'backend-client-caucase-url': 'http://[%s]:8990' % self._ipv6_address, 'backend-client-caucase-url': 'http://[%s]:8990' % self._ipv6_address,
}, },
parameter_dict parameter_dict
) )
self.assertFalse( self.assertFalse(
isHTTP2(parameter_dict['domain'], parameter_dict['public-ipv4'])) isHTTP2(parameter_dict['domain']))
class TestSlaveSlapOSMasterCertificateCompatibilityOverrideMaster( class TestSlaveSlapOSMasterCertificateCompatibilityOverrideMaster(
...@@ -5294,7 +5233,6 @@ class TestSlaveSlapOSMasterCertificateCompatibilityOverrideMaster( ...@@ -5294,7 +5233,6 @@ class TestSlaveSlapOSMasterCertificateCompatibilityOverrideMaster(
def getInstanceParameterDict(cls): def getInstanceParameterDict(cls):
return { return {
'domain': 'example.com', 'domain': 'example.com',
'public-ipv4': cls._ipv4_address,
'apache-certificate': cls.certificate_pem, 'apache-certificate': cls.certificate_pem,
'apache-key': cls.key_pem, 'apache-key': cls.key_pem,
'port': HTTPS_PORT, 'port': HTTPS_PORT,
...@@ -5326,14 +5264,13 @@ class TestSlaveSlapOSMasterCertificateCompatibilityOverrideMaster( ...@@ -5326,14 +5264,13 @@ class TestSlaveSlapOSMasterCertificateCompatibilityOverrideMaster(
'url': 'http://%s.example.com' % (hostname, ), 'url': 'http://%s.example.com' % (hostname, ),
'site_url': 'http://%s.example.com' % (hostname, ), 'site_url': 'http://%s.example.com' % (hostname, ),
'secure_access': 'https://%s.example.com' % (hostname, ), 'secure_access': 'https://%s.example.com' % (hostname, ),
'public-ipv4': self._ipv4_address,
'backend-client-caucase-url': 'http://[%s]:8990' % self._ipv6_address, 'backend-client-caucase-url': 'http://[%s]:8990' % self._ipv6_address,
}, },
parameter_dict parameter_dict
) )
result = fakeHTTPSResult( result = fakeHTTPSResult(
parameter_dict['domain'], parameter_dict['public-ipv4'], 'test-path') parameter_dict['domain'], 'test-path')
self.assertEqual( self.assertEqual(
self.certificate_pem, self.certificate_pem,
...@@ -5356,7 +5293,7 @@ class TestSlaveSlapOSMasterCertificateCompatibilityOverrideMaster( ...@@ -5356,7 +5293,7 @@ class TestSlaveSlapOSMasterCertificateCompatibilityOverrideMaster(
self.runKedifaUpdater() self.runKedifaUpdater()
result = fakeHTTPSResult( result = fakeHTTPSResult(
parameter_dict['domain'], parameter_dict['public-ipv4'], 'test-path') parameter_dict['domain'], 'test-path')
self.assertEqual( self.assertEqual(
certificate_pem, certificate_pem,
...@@ -5433,7 +5370,6 @@ class TestSlaveSlapOSMasterCertificateCompatibility( ...@@ -5433,7 +5370,6 @@ class TestSlaveSlapOSMasterCertificateCompatibility(
def getInstanceParameterDict(cls): def getInstanceParameterDict(cls):
return { return {
'domain': 'example.com', 'domain': 'example.com',
'public-ipv4': cls._ipv4_address,
'apache-certificate': cls.certificate_pem, 'apache-certificate': cls.certificate_pem,
'apache-key': cls.key_pem, 'apache-key': cls.key_pem,
'port': HTTPS_PORT, 'port': HTTPS_PORT,
...@@ -5599,14 +5535,13 @@ class TestSlaveSlapOSMasterCertificateCompatibility( ...@@ -5599,14 +5535,13 @@ class TestSlaveSlapOSMasterCertificateCompatibility(
'url': 'http://%s.example.com' % (hostname, ), 'url': 'http://%s.example.com' % (hostname, ),
'site_url': 'http://%s.example.com' % (hostname, ), 'site_url': 'http://%s.example.com' % (hostname, ),
'secure_access': 'https://%s.example.com' % (hostname, ), 'secure_access': 'https://%s.example.com' % (hostname, ),
'public-ipv4': self._ipv4_address,
'backend-client-caucase-url': 'http://[%s]:8990' % self._ipv6_address, 'backend-client-caucase-url': 'http://[%s]:8990' % self._ipv6_address,
}, },
parameter_dict parameter_dict
) )
result = fakeHTTPSResult( result = fakeHTTPSResult(
parameter_dict['domain'], parameter_dict['public-ipv4'], 'test-path') parameter_dict['domain'], 'test-path')
self.assertEqual( self.assertEqual(
self.certificate_pem, self.certificate_pem,
...@@ -5627,14 +5562,13 @@ class TestSlaveSlapOSMasterCertificateCompatibility( ...@@ -5627,14 +5562,13 @@ class TestSlaveSlapOSMasterCertificateCompatibility(
'url': 'http://%s.example.com' % (hostname, ), 'url': 'http://%s.example.com' % (hostname, ),
'site_url': 'http://%s.example.com' % (hostname, ), 'site_url': 'http://%s.example.com' % (hostname, ),
'secure_access': 'https://%s.example.com' % (hostname, ), 'secure_access': 'https://%s.example.com' % (hostname, ),
'public-ipv4': self._ipv4_address,
'backend-client-caucase-url': 'http://[%s]:8990' % self._ipv6_address, 'backend-client-caucase-url': 'http://[%s]:8990' % self._ipv6_address,
}, },
parameter_dict parameter_dict
) )
result = fakeHTTPSResult( result = fakeHTTPSResult(
parameter_dict['domain'], parameter_dict['public-ipv4'], 'test-path') parameter_dict['domain'], 'test-path')
self.assertEqual( self.assertEqual(
self.certificate_pem, self.certificate_pem,
...@@ -5661,7 +5595,7 @@ class TestSlaveSlapOSMasterCertificateCompatibility( ...@@ -5661,7 +5595,7 @@ class TestSlaveSlapOSMasterCertificateCompatibility(
self.runKedifaUpdater() self.runKedifaUpdater()
result = fakeHTTPSResult( result = fakeHTTPSResult(
parameter_dict['domain'], parameter_dict['public-ipv4'], 'test-path') parameter_dict['domain'], 'test-path')
self.assertEqual( self.assertEqual(
certificate_pem, certificate_pem,
...@@ -5683,7 +5617,6 @@ class TestSlaveSlapOSMasterCertificateCompatibility( ...@@ -5683,7 +5617,6 @@ class TestSlaveSlapOSMasterCertificateCompatibility(
'url': 'http://%s.example.com' % (hostname, ), 'url': 'http://%s.example.com' % (hostname, ),
'site_url': 'http://%s.example.com' % (hostname, ), 'site_url': 'http://%s.example.com' % (hostname, ),
'secure_access': 'https://%s.example.com' % (hostname, ), 'secure_access': 'https://%s.example.com' % (hostname, ),
'public-ipv4': self._ipv4_address,
'backend-client-caucase-url': 'http://[%s]:8990' % self._ipv6_address, 'backend-client-caucase-url': 'http://[%s]:8990' % self._ipv6_address,
'warning-list': [ 'warning-list': [
'ssl_crt is obsolete, please use key-upload-url', 'ssl_crt is obsolete, please use key-upload-url',
...@@ -5694,7 +5627,7 @@ class TestSlaveSlapOSMasterCertificateCompatibility( ...@@ -5694,7 +5627,7 @@ class TestSlaveSlapOSMasterCertificateCompatibility(
) )
result = fakeHTTPSResult( result = fakeHTTPSResult(
parameter_dict['domain'], parameter_dict['public-ipv4'], 'test-path') parameter_dict['domain'], 'test-path')
self.assertEqual( self.assertEqual(
self.ssl_from_slave_certificate_pem, self.ssl_from_slave_certificate_pem,
...@@ -5716,7 +5649,6 @@ class TestSlaveSlapOSMasterCertificateCompatibility( ...@@ -5716,7 +5649,6 @@ class TestSlaveSlapOSMasterCertificateCompatibility(
'url': 'http://%s.example.com' % (hostname, ), 'url': 'http://%s.example.com' % (hostname, ),
'site_url': 'http://%s.example.com' % (hostname, ), 'site_url': 'http://%s.example.com' % (hostname, ),
'secure_access': 'https://%s.example.com' % (hostname, ), 'secure_access': 'https://%s.example.com' % (hostname, ),
'public-ipv4': self._ipv4_address,
'backend-client-caucase-url': 'http://[%s]:8990' % self._ipv6_address, 'backend-client-caucase-url': 'http://[%s]:8990' % self._ipv6_address,
'warning-list': [ 'warning-list': [
'ssl_crt is obsolete, please use key-upload-url', 'ssl_crt is obsolete, please use key-upload-url',
...@@ -5727,7 +5659,7 @@ class TestSlaveSlapOSMasterCertificateCompatibility( ...@@ -5727,7 +5659,7 @@ class TestSlaveSlapOSMasterCertificateCompatibility(
) )
result = fakeHTTPSResult( result = fakeHTTPSResult(
parameter_dict['domain'], parameter_dict['public-ipv4'], 'test-path') parameter_dict['domain'], 'test-path')
self.assertEqual( self.assertEqual(
self.ssl_from_slave_kedifa_overrides_certificate_pem, self.ssl_from_slave_kedifa_overrides_certificate_pem,
...@@ -5755,7 +5687,7 @@ class TestSlaveSlapOSMasterCertificateCompatibility( ...@@ -5755,7 +5687,7 @@ class TestSlaveSlapOSMasterCertificateCompatibility(
self.runKedifaUpdater() self.runKedifaUpdater()
result = fakeHTTPSResult( result = fakeHTTPSResult(
parameter_dict['domain'], parameter_dict['public-ipv4'], 'test-path') parameter_dict['domain'], 'test-path')
self.assertEqual( self.assertEqual(
certificate_pem, certificate_pem,
...@@ -5776,14 +5708,13 @@ class TestSlaveSlapOSMasterCertificateCompatibility( ...@@ -5776,14 +5708,13 @@ class TestSlaveSlapOSMasterCertificateCompatibility(
'url': 'http://%s.example.com' % (hostname, ), 'url': 'http://%s.example.com' % (hostname, ),
'site_url': 'http://%s.example.com' % (hostname, ), 'site_url': 'http://%s.example.com' % (hostname, ),
'secure_access': 'https://%s.example.com' % (hostname, ), 'secure_access': 'https://%s.example.com' % (hostname, ),
'public-ipv4': self._ipv4_address,
'backend-client-caucase-url': 'http://[%s]:8990' % self._ipv6_address, 'backend-client-caucase-url': 'http://[%s]:8990' % self._ipv6_address,
}, },
parameter_dict parameter_dict
) )
result = fakeHTTPSResult( result = fakeHTTPSResult(
parameter_dict['domain'], parameter_dict['public-ipv4'], 'test-path', parameter_dict['domain'], 'test-path',
HTTPS_PORT) HTTPS_PORT)
self.assertEqual( self.assertEqual(
...@@ -5805,14 +5736,13 @@ class TestSlaveSlapOSMasterCertificateCompatibility( ...@@ -5805,14 +5736,13 @@ class TestSlaveSlapOSMasterCertificateCompatibility(
'url': 'http://%s.example.com' % (hostname, ), 'url': 'http://%s.example.com' % (hostname, ),
'site_url': 'http://%s.example.com' % (hostname, ), 'site_url': 'http://%s.example.com' % (hostname, ),
'secure_access': 'https://%s.example.com' % (hostname, ), 'secure_access': 'https://%s.example.com' % (hostname, ),
'public-ipv4': self._ipv4_address,
'backend-client-caucase-url': 'http://[%s]:8990' % self._ipv6_address, 'backend-client-caucase-url': 'http://[%s]:8990' % self._ipv6_address,
}, },
parameter_dict parameter_dict
) )
result = fakeHTTPSResult( result = fakeHTTPSResult(
parameter_dict['domain'], parameter_dict['public-ipv4'], 'test-path', parameter_dict['domain'], 'test-path',
HTTPS_PORT) HTTPS_PORT)
self.assertEqual( self.assertEqual(
...@@ -5841,7 +5771,7 @@ class TestSlaveSlapOSMasterCertificateCompatibility( ...@@ -5841,7 +5771,7 @@ class TestSlaveSlapOSMasterCertificateCompatibility(
self.runKedifaUpdater() self.runKedifaUpdater()
result = fakeHTTPSResult( result = fakeHTTPSResult(
parameter_dict['domain'], parameter_dict['public-ipv4'], 'test-path', parameter_dict['domain'], 'test-path',
HTTPS_PORT) HTTPS_PORT)
self.assertEqual( self.assertEqual(
...@@ -5863,7 +5793,6 @@ class TestSlaveSlapOSMasterCertificateCompatibility( ...@@ -5863,7 +5793,6 @@ class TestSlaveSlapOSMasterCertificateCompatibility(
'url': 'http://%s.example.com' % (hostname, ), 'url': 'http://%s.example.com' % (hostname, ),
'site_url': 'http://%s.example.com' % (hostname, ), 'site_url': 'http://%s.example.com' % (hostname, ),
'secure_access': 'https://%s.example.com' % (hostname, ), 'secure_access': 'https://%s.example.com' % (hostname, ),
'public-ipv4': self._ipv4_address,
'backend-client-caucase-url': 'http://[%s]:8990' % self._ipv6_address, 'backend-client-caucase-url': 'http://[%s]:8990' % self._ipv6_address,
'warning-list': [ 'warning-list': [
'ssl_crt is obsolete, please use key-upload-url', 'ssl_crt is obsolete, please use key-upload-url',
...@@ -5874,7 +5803,7 @@ class TestSlaveSlapOSMasterCertificateCompatibility( ...@@ -5874,7 +5803,7 @@ class TestSlaveSlapOSMasterCertificateCompatibility(
) )
result = fakeHTTPSResult( result = fakeHTTPSResult(
parameter_dict['domain'], parameter_dict['public-ipv4'], 'test-path', parameter_dict['domain'], 'test-path',
HTTPS_PORT) HTTPS_PORT)
self.assertEqual( self.assertEqual(
...@@ -5896,7 +5825,6 @@ class TestSlaveSlapOSMasterCertificateCompatibility( ...@@ -5896,7 +5825,6 @@ class TestSlaveSlapOSMasterCertificateCompatibility(
'url': 'http://%s.example.com' % (hostname, ), 'url': 'http://%s.example.com' % (hostname, ),
'site_url': 'http://%s.example.com' % (hostname, ), 'site_url': 'http://%s.example.com' % (hostname, ),
'secure_access': 'https://%s.example.com' % (hostname, ), 'secure_access': 'https://%s.example.com' % (hostname, ),
'public-ipv4': self._ipv4_address,
'backend-client-caucase-url': 'http://[%s]:8990' % self._ipv6_address, 'backend-client-caucase-url': 'http://[%s]:8990' % self._ipv6_address,
'warning-list': [ 'warning-list': [
'ssl_crt is obsolete, please use key-upload-url', 'ssl_crt is obsolete, please use key-upload-url',
...@@ -5907,7 +5835,7 @@ class TestSlaveSlapOSMasterCertificateCompatibility( ...@@ -5907,7 +5835,7 @@ class TestSlaveSlapOSMasterCertificateCompatibility(
) )
result = fakeHTTPSResult( result = fakeHTTPSResult(
parameter_dict['domain'], parameter_dict['public-ipv4'], 'test-path', parameter_dict['domain'], 'test-path',
HTTPS_PORT) HTTPS_PORT)
self.assertEqual( self.assertEqual(
...@@ -5936,7 +5864,7 @@ class TestSlaveSlapOSMasterCertificateCompatibility( ...@@ -5936,7 +5864,7 @@ class TestSlaveSlapOSMasterCertificateCompatibility(
self.runKedifaUpdater() self.runKedifaUpdater()
result = fakeHTTPSResult( result = fakeHTTPSResult(
parameter_dict['domain'], parameter_dict['public-ipv4'], 'test-path', parameter_dict['domain'], 'test-path',
HTTPS_PORT) HTTPS_PORT)
self.assertEqual( self.assertEqual(
...@@ -5960,7 +5888,6 @@ class TestSlaveSlapOSMasterCertificateCompatibility( ...@@ -5960,7 +5888,6 @@ class TestSlaveSlapOSMasterCertificateCompatibility(
'url': 'http://%s.example.com' % (hostname, ), 'url': 'http://%s.example.com' % (hostname, ),
'site_url': 'http://%s.example.com' % (hostname, ), 'site_url': 'http://%s.example.com' % (hostname, ),
'secure_access': 'https://%s.example.com' % (hostname, ), 'secure_access': 'https://%s.example.com' % (hostname, ),
'public-ipv4': self._ipv4_address,
'backend-client-caucase-url': 'http://[%s]:8990' % self._ipv6_address, 'backend-client-caucase-url': 'http://[%s]:8990' % self._ipv6_address,
'warning-list': ['ssl_key is obsolete, please use key-upload-url', 'warning-list': ['ssl_key is obsolete, please use key-upload-url',
'ssl_crt is obsolete, please use key-upload-url'] 'ssl_crt is obsolete, please use key-upload-url']
...@@ -5969,7 +5896,7 @@ class TestSlaveSlapOSMasterCertificateCompatibility( ...@@ -5969,7 +5896,7 @@ class TestSlaveSlapOSMasterCertificateCompatibility(
) )
result = fakeHTTPSResult( result = fakeHTTPSResult(
parameter_dict['domain'], parameter_dict['public-ipv4'], 'test-path') parameter_dict['domain'], 'test-path')
self.assertEqual( self.assertEqual(
self.customdomain_certificate_pem, self.customdomain_certificate_pem,
...@@ -5990,7 +5917,6 @@ class TestSlaveSlapOSMasterCertificateCompatibility( ...@@ -5990,7 +5917,6 @@ class TestSlaveSlapOSMasterCertificateCompatibility(
'site_url': 'http://customdomainsslcrtsslkeysslcacrt.example.com', 'site_url': 'http://customdomainsslcrtsslkeysslcacrt.example.com',
'secure_access': 'secure_access':
'https://customdomainsslcrtsslkeysslcacrt.example.com', 'https://customdomainsslcrtsslkeysslcacrt.example.com',
'public-ipv4': self._ipv4_address,
'backend-client-caucase-url': 'http://[%s]:8990' % self._ipv6_address, 'backend-client-caucase-url': 'http://[%s]:8990' % self._ipv6_address,
'warning-list': [ 'warning-list': [
'ssl_ca_crt is obsolete, please use key-upload-url', 'ssl_ca_crt is obsolete, please use key-upload-url',
...@@ -6002,7 +5928,7 @@ class TestSlaveSlapOSMasterCertificateCompatibility( ...@@ -6002,7 +5928,7 @@ class TestSlaveSlapOSMasterCertificateCompatibility(
) )
result = fakeHTTPSResult( result = fakeHTTPSResult(
parameter_dict['domain'], parameter_dict['public-ipv4'], 'test-path') parameter_dict['domain'], 'test-path')
self.assertEqual( self.assertEqual(
self.customdomain_ca_certificate_pem, self.customdomain_ca_certificate_pem,
...@@ -6046,7 +5972,7 @@ class TestSlaveSlapOSMasterCertificateCompatibility( ...@@ -6046,7 +5972,7 @@ class TestSlaveSlapOSMasterCertificateCompatibility(
self.slap.waitForInstance() self.slap.waitForInstance()
self.runKedifaUpdater() self.runKedifaUpdater()
result = fakeHTTPSResult( result = fakeHTTPSResult(
parameter_dict['domain'], parameter_dict['public-ipv4'], 'test-path') parameter_dict['domain'], 'test-path')
self.assertEqual( self.assertEqual(
customdomain_ca_certificate_pem, customdomain_ca_certificate_pem,
...@@ -6079,7 +6005,6 @@ class TestSlaveSlapOSMasterCertificateCompatibility( ...@@ -6079,7 +6005,6 @@ class TestSlaveSlapOSMasterCertificateCompatibility(
'site_url': 'http://sslcacrtgarbage.example.com', 'site_url': 'http://sslcacrtgarbage.example.com',
'secure_access': 'secure_access':
'https://sslcacrtgarbage.example.com', 'https://sslcacrtgarbage.example.com',
'public-ipv4': self._ipv4_address,
'backend-client-caucase-url': 'http://[%s]:8990' % self._ipv6_address, 'backend-client-caucase-url': 'http://[%s]:8990' % self._ipv6_address,
'warning-list': [ 'warning-list': [
'ssl_ca_crt is obsolete, please use key-upload-url', 'ssl_ca_crt is obsolete, please use key-upload-url',
...@@ -6090,7 +6015,7 @@ class TestSlaveSlapOSMasterCertificateCompatibility( ...@@ -6090,7 +6015,7 @@ class TestSlaveSlapOSMasterCertificateCompatibility(
) )
result = fakeHTTPSResult( result = fakeHTTPSResult(
parameter_dict['domain'], parameter_dict['public-ipv4'], 'test-path') parameter_dict['domain'], 'test-path')
self.assertEqual( self.assertEqual(
self.sslcacrtgarbage_ca_certificate_pem, self.sslcacrtgarbage_ca_certificate_pem,
...@@ -6111,7 +6036,6 @@ class TestSlaveSlapOSMasterCertificateCompatibility( ...@@ -6111,7 +6036,6 @@ class TestSlaveSlapOSMasterCertificateCompatibility(
'site_url': 'http://sslcacrtdoesnotmatch.example.com', 'site_url': 'http://sslcacrtdoesnotmatch.example.com',
'secure_access': 'secure_access':
'https://sslcacrtdoesnotmatch.example.com', 'https://sslcacrtdoesnotmatch.example.com',
'public-ipv4': self._ipv4_address,
'backend-client-caucase-url': 'http://[%s]:8990' % self._ipv6_address, 'backend-client-caucase-url': 'http://[%s]:8990' % self._ipv6_address,
'warning-list': [ 'warning-list': [
'ssl_ca_crt is obsolete, please use key-upload-url', 'ssl_ca_crt is obsolete, please use key-upload-url',
...@@ -6123,7 +6047,7 @@ class TestSlaveSlapOSMasterCertificateCompatibility( ...@@ -6123,7 +6047,7 @@ class TestSlaveSlapOSMasterCertificateCompatibility(
) )
result = fakeHTTPSResult( result = fakeHTTPSResult(
parameter_dict['domain'], parameter_dict['public-ipv4'], 'test-path') parameter_dict['domain'], 'test-path')
self.assertEqual( self.assertEqual(
self.certificate_pem, self.certificate_pem,
...@@ -6175,7 +6099,6 @@ class TestSlaveSlapOSMasterCertificateCompatibilityUpdate( ...@@ -6175,7 +6099,6 @@ class TestSlaveSlapOSMasterCertificateCompatibilityUpdate(
'apache-certificate': cls.certificate_pem, 'apache-certificate': cls.certificate_pem,
'apache-key': cls.key_pem, 'apache-key': cls.key_pem,
}) })
cls.instance_parameter_dict['public-ipv4'] = cls._ipv4_address
return cls.instance_parameter_dict return cls.instance_parameter_dict
@classmethod @classmethod
...@@ -6225,14 +6148,13 @@ class TestSlaveSlapOSMasterCertificateCompatibilityUpdate( ...@@ -6225,14 +6148,13 @@ class TestSlaveSlapOSMasterCertificateCompatibilityUpdate(
'url': 'http://%s.example.com' % (hostname, ), 'url': 'http://%s.example.com' % (hostname, ),
'site_url': 'http://%s.example.com' % (hostname, ), 'site_url': 'http://%s.example.com' % (hostname, ),
'secure_access': 'https://%s.example.com' % (hostname, ), 'secure_access': 'https://%s.example.com' % (hostname, ),
'public-ipv4': self._ipv4_address,
'backend-client-caucase-url': 'http://[%s]:8990' % self._ipv6_address, 'backend-client-caucase-url': 'http://[%s]:8990' % self._ipv6_address,
}, },
parameter_dict parameter_dict
) )
result = fakeHTTPSResult( result = fakeHTTPSResult(
parameter_dict['domain'], parameter_dict['public-ipv4'], 'test-path') parameter_dict['domain'], 'test-path')
self.assertEqual( self.assertEqual(
self.certificate_pem, self.certificate_pem,
...@@ -6257,7 +6179,7 @@ class TestSlaveSlapOSMasterCertificateCompatibilityUpdate( ...@@ -6257,7 +6179,7 @@ class TestSlaveSlapOSMasterCertificateCompatibilityUpdate(
self.runKedifaUpdater() self.runKedifaUpdater()
result = fakeHTTPSResult( result = fakeHTTPSResult(
parameter_dict['domain'], parameter_dict['public-ipv4'], 'test-path') parameter_dict['domain'], 'test-path')
self.assertEqual( self.assertEqual(
certificate_pem, certificate_pem,
...@@ -6271,7 +6193,6 @@ class TestSlaveCiphers(SlaveHttpFrontendTestCase, TestDataMixin): ...@@ -6271,7 +6193,6 @@ class TestSlaveCiphers(SlaveHttpFrontendTestCase, TestDataMixin):
def getInstanceParameterDict(cls): def getInstanceParameterDict(cls):
return { return {
'domain': 'example.com', 'domain': 'example.com',
'public-ipv4': cls._ipv4_address,
'port': HTTPS_PORT, 'port': HTTPS_PORT,
'plain_http_port': HTTP_PORT, 'plain_http_port': HTTP_PORT,
'kedifa_port': KEDIFA_PORT, 'kedifa_port': KEDIFA_PORT,
...@@ -6320,7 +6241,7 @@ class TestSlaveCiphers(SlaveHttpFrontendTestCase, TestDataMixin): ...@@ -6320,7 +6241,7 @@ class TestSlaveCiphers(SlaveHttpFrontendTestCase, TestDataMixin):
parameter_dict = self.assertSlaveBase('default_ciphers') parameter_dict = self.assertSlaveBase('default_ciphers')
result = fakeHTTPSResult( result = fakeHTTPSResult(
parameter_dict['domain'], parameter_dict['public-ipv4'], 'test-path') parameter_dict['domain'], 'test-path')
self.assertEqual( self.assertEqual(
self.certificate_pem, self.certificate_pem,
...@@ -6329,7 +6250,7 @@ class TestSlaveCiphers(SlaveHttpFrontendTestCase, TestDataMixin): ...@@ -6329,7 +6250,7 @@ class TestSlaveCiphers(SlaveHttpFrontendTestCase, TestDataMixin):
self.assertEqual(httplib.OK, result.status_code) self.assertEqual(httplib.OK, result.status_code)
result_http = fakeHTTPResult( result_http = fakeHTTPResult(
parameter_dict['domain'], parameter_dict['public-ipv4'], 'test-path') parameter_dict['domain'], 'test-path')
self.assertEqual(httplib.FOUND, result_http.status_code) self.assertEqual(httplib.FOUND, result_http.status_code)
configuration_file = glob.glob( configuration_file = glob.glob(
...@@ -6346,7 +6267,7 @@ class TestSlaveCiphers(SlaveHttpFrontendTestCase, TestDataMixin): ...@@ -6346,7 +6267,7 @@ class TestSlaveCiphers(SlaveHttpFrontendTestCase, TestDataMixin):
parameter_dict = self.assertSlaveBase('own_ciphers') parameter_dict = self.assertSlaveBase('own_ciphers')
result = fakeHTTPSResult( result = fakeHTTPSResult(
parameter_dict['domain'], parameter_dict['public-ipv4'], 'test-path') parameter_dict['domain'], 'test-path')
self.assertEqual( self.assertEqual(
self.certificate_pem, self.certificate_pem,
...@@ -6355,7 +6276,7 @@ class TestSlaveCiphers(SlaveHttpFrontendTestCase, TestDataMixin): ...@@ -6355,7 +6276,7 @@ class TestSlaveCiphers(SlaveHttpFrontendTestCase, TestDataMixin):
self.assertEqual(httplib.OK, result.status_code) self.assertEqual(httplib.OK, result.status_code)
result_http = fakeHTTPResult( result_http = fakeHTTPResult(
parameter_dict['domain'], parameter_dict['public-ipv4'], 'test-path') parameter_dict['domain'], 'test-path')
self.assertEqual(httplib.FOUND, result_http.status_code) self.assertEqual(httplib.FOUND, result_http.status_code)
configuration_file = glob.glob( configuration_file = glob.glob(
...@@ -6379,7 +6300,6 @@ class TestSlaveRejectReportUnsafeDamaged(SlaveHttpFrontendTestCase): ...@@ -6379,7 +6300,6 @@ class TestSlaveRejectReportUnsafeDamaged(SlaveHttpFrontendTestCase):
def getInstanceParameterDict(cls): def getInstanceParameterDict(cls):
return { return {
'domain': 'example.com', 'domain': 'example.com',
'public-ipv4': cls._ipv4_address,
'port': HTTPS_PORT, 'port': HTTPS_PORT,
'plain_http_port': HTTP_PORT, 'plain_http_port': HTTP_PORT,
'kedifa_port': KEDIFA_PORT, 'kedifa_port': KEDIFA_PORT,
...@@ -6541,8 +6461,8 @@ class TestSlaveRejectReportUnsafeDamaged(SlaveHttpFrontendTestCase): ...@@ -6541,8 +6461,8 @@ class TestSlaveRejectReportUnsafeDamaged(SlaveHttpFrontendTestCase):
'monitor-base-url': 'https://[%s]:8401' % self._ipv6_address, 'monitor-base-url': 'https://[%s]:8401' % self._ipv6_address,
'backend-client-caucase-url': 'http://[%s]:8990' % self._ipv6_address, 'backend-client-caucase-url': 'http://[%s]:8990' % self._ipv6_address,
'domain': 'example.com', 'domain': 'example.com',
'accepted-slave-amount': '7', 'accepted-slave-amount': '5',
'rejected-slave-amount': '24', 'rejected-slave-amount': '26',
'slave-amount': '31', 'slave-amount': '31',
'rejected-slave-dict': { 'rejected-slave-dict': {
'_HTTPS-URL': ['slave https-url "https://[fd46::c2ae]:!py!u\'123123\'"' '_HTTPS-URL': ['slave https-url "https://[fd46::c2ae]:!py!u\'123123\'"'
...@@ -6575,6 +6495,10 @@ class TestSlaveRejectReportUnsafeDamaged(SlaveHttpFrontendTestCase): ...@@ -6575,6 +6495,10 @@ class TestSlaveRejectReportUnsafeDamaged(SlaveHttpFrontendTestCase):
'_BAD-BACKEND': [ '_BAD-BACKEND': [
"slave https-url 'http://host.domain:badport' invalid", "slave https-url 'http://host.domain:badport' invalid",
"slave url 'http://1:2:3:4' invalid"], "slave url 'http://1:2:3:4' invalid"],
'_VIRTUALHOSTROOT-HTTP-PORT-UNSAFE': [
"Wrong virtualhostroot-http-port '${section:option}'"],
'_VIRTUALHOSTROOT-HTTPS-PORT-UNSAFE': [
"Wrong virtualhostroot-https-port '${section:option}'"],
'_EMPTY-BACKEND': [ '_EMPTY-BACKEND': [
"slave https-url '' invalid", "slave https-url '' invalid",
"slave url '' invalid"], "slave url '' invalid"],
...@@ -6659,14 +6583,13 @@ class TestSlaveRejectReportUnsafeDamaged(SlaveHttpFrontendTestCase): ...@@ -6659,14 +6583,13 @@ class TestSlaveRejectReportUnsafeDamaged(SlaveHttpFrontendTestCase):
'url': 'http://serveraliassame.example.com', 'url': 'http://serveraliassame.example.com',
'site_url': 'http://serveraliassame.example.com', 'site_url': 'http://serveraliassame.example.com',
'secure_access': 'https://serveraliassame.example.com', 'secure_access': 'https://serveraliassame.example.com',
'public-ipv4': self._ipv4_address,
'backend-client-caucase-url': 'http://[%s]:8990' % self._ipv6_address, 'backend-client-caucase-url': 'http://[%s]:8990' % self._ipv6_address,
}, },
parameter_dict parameter_dict
) )
result = fakeHTTPSResult( result = fakeHTTPSResult(
parameter_dict['domain'], parameter_dict['public-ipv4'], 'test-path') parameter_dict['domain'], 'test-path')
self.assertEqual( self.assertEqual(
self.certificate_pem, self.certificate_pem,
...@@ -6711,60 +6634,27 @@ class TestSlaveRejectReportUnsafeDamaged(SlaveHttpFrontendTestCase): ...@@ -6711,60 +6634,27 @@ class TestSlaveRejectReportUnsafeDamaged(SlaveHttpFrontendTestCase):
def test_virtualhostroot_http_port_unsafe(self): def test_virtualhostroot_http_port_unsafe(self):
parameter_dict = self.parseSlaveParameterDict( parameter_dict = self.parseSlaveParameterDict(
'VIRTUALHOSTROOT-HTTP-PORT-UNSAFE') 'VIRTUALHOSTROOT-HTTP-PORT-UNSAFE')
self.assertLogAccessUrlWithPop(parameter_dict)
self.assertKedifaKeysWithPop(parameter_dict)
self.assertEqual( self.assertEqual(
{ {
'domain': 'virtualhostroothttpportunsafe.example.com', 'request-error-list': [
'replication_number': '1', "Wrong virtualhostroot-http-port '${section:option}'"
'url': 'http://virtualhostroothttpportunsafe.example.com', ]
'site_url': 'http://virtualhostroothttpportunsafe.example.com',
'secure_access':
'https://virtualhostroothttpportunsafe.example.com',
'public-ipv4': self._ipv4_address,
'backend-client-caucase-url': 'http://[%s]:8990' % self._ipv6_address,
}, },
parameter_dict parameter_dict
) )
result = fakeHTTPResult(
parameter_dict['domain'], parameter_dict['public-ipv4'], 'test-path')
self.assertEqual(httplib.FOUND, result.status_code)
def test_virtualhostroot_https_port_unsafe(self): def test_virtualhostroot_https_port_unsafe(self):
parameter_dict = self.parseSlaveParameterDict( parameter_dict = self.parseSlaveParameterDict(
'VIRTUALHOSTROOT-HTTPS-PORT-UNSAFE') 'VIRTUALHOSTROOT-HTTPS-PORT-UNSAFE')
self.assertLogAccessUrlWithPop(parameter_dict)
self.assertKedifaKeysWithPop(parameter_dict)
self.assertEqual( self.assertEqual(
{ {
'domain': 'virtualhostroothttpsportunsafe.example.com', 'request-error-list': [
'replication_number': '1', "Wrong virtualhostroot-https-port '${section:option}'"
'url': 'http://virtualhostroothttpsportunsafe.example.com', ]
'site_url': 'http://virtualhostroothttpsportunsafe.example.com',
'secure_access':
'https://virtualhostroothttpsportunsafe.example.com',
'public-ipv4': self._ipv4_address,
'backend-client-caucase-url': 'http://[%s]:8990' % self._ipv6_address,
}, },
parameter_dict parameter_dict
) )
result = fakeHTTPSResult(
parameter_dict['domain'], parameter_dict['public-ipv4'], 'test-path')
self.assertEqual(
self.certificate_pem,
der2pem(result.peercert))
self.assertEqualResultJson(
result,
'Path',
'/VirtualHostBase/https//virtualhostroothttpsportunsafe'
'.example.com:0//VirtualHostRoot/test-path'
)
def default_path_unsafe(self): def default_path_unsafe(self):
parameter_dict = self.parseSlaveParameterDict('DEFAULT-PATH-UNSAFE') parameter_dict = self.parseSlaveParameterDict('DEFAULT-PATH-UNSAFE')
self.assertLogAccessUrlWithPop(parameter_dict) self.assertLogAccessUrlWithPop(parameter_dict)
...@@ -6776,14 +6666,13 @@ class TestSlaveRejectReportUnsafeDamaged(SlaveHttpFrontendTestCase): ...@@ -6776,14 +6666,13 @@ class TestSlaveRejectReportUnsafeDamaged(SlaveHttpFrontendTestCase):
'url': 'http://defaultpathunsafe.example.com', 'url': 'http://defaultpathunsafe.example.com',
'site_url': 'http://defaultpathunsafe.example.com', 'site_url': 'http://defaultpathunsafe.example.com',
'secure_access': 'https://defaultpathunsafe.example.com', 'secure_access': 'https://defaultpathunsafe.example.com',
'public-ipv4': self._ipv4_address,
'backend-client-caucase-url': 'http://[%s]:8990' % self._ipv6_address, 'backend-client-caucase-url': 'http://[%s]:8990' % self._ipv6_address,
}, },
parameter_dict parameter_dict
) )
result = fakeHTTPSResult( result = fakeHTTPSResult(
parameter_dict['domain'], parameter_dict['public-ipv4'], '') parameter_dict['domain'], '')
self.assertEqual( self.assertEqual(
self.certificate_pem, self.certificate_pem,
...@@ -6811,14 +6700,13 @@ class TestSlaveRejectReportUnsafeDamaged(SlaveHttpFrontendTestCase): ...@@ -6811,14 +6700,13 @@ class TestSlaveRejectReportUnsafeDamaged(SlaveHttpFrontendTestCase):
'url': 'http://monitoripv4testunsafe.example.com', 'url': 'http://monitoripv4testunsafe.example.com',
'site_url': 'http://monitoripv4testunsafe.example.com', 'site_url': 'http://monitoripv4testunsafe.example.com',
'secure_access': 'https://monitoripv4testunsafe.example.com', 'secure_access': 'https://monitoripv4testunsafe.example.com',
'public-ipv4': self._ipv4_address,
'backend-client-caucase-url': 'http://[%s]:8990' % self._ipv6_address, 'backend-client-caucase-url': 'http://[%s]:8990' % self._ipv6_address,
}, },
parameter_dict parameter_dict
) )
result = fakeHTTPSResult( result = fakeHTTPSResult(
parameter_dict['domain'], parameter_dict['public-ipv4'], 'test-path') parameter_dict['domain'], 'test-path')
self.assertEqual( self.assertEqual(
self.certificate_pem, self.certificate_pem,
...@@ -6827,7 +6715,7 @@ class TestSlaveRejectReportUnsafeDamaged(SlaveHttpFrontendTestCase): ...@@ -6827,7 +6715,7 @@ class TestSlaveRejectReportUnsafeDamaged(SlaveHttpFrontendTestCase):
self.assertEqual(httplib.SERVICE_UNAVAILABLE, result.status_code) self.assertEqual(httplib.SERVICE_UNAVAILABLE, result.status_code)
result_http = fakeHTTPResult( result_http = fakeHTTPResult(
parameter_dict['domain'], parameter_dict['public-ipv4'], 'test-path') parameter_dict['domain'], 'test-path')
self.assertEqual(httplib.FOUND, result_http.status_code) self.assertEqual(httplib.FOUND, result_http.status_code)
monitor_file = glob.glob( monitor_file = glob.glob(
...@@ -6856,14 +6744,13 @@ class TestSlaveRejectReportUnsafeDamaged(SlaveHttpFrontendTestCase): ...@@ -6856,14 +6744,13 @@ class TestSlaveRejectReportUnsafeDamaged(SlaveHttpFrontendTestCase):
'url': 'http://monitoripv6testunsafe.example.com', 'url': 'http://monitoripv6testunsafe.example.com',
'site_url': 'http://monitoripv6testunsafe.example.com', 'site_url': 'http://monitoripv6testunsafe.example.com',
'secure_access': 'https://monitoripv6testunsafe.example.com', 'secure_access': 'https://monitoripv6testunsafe.example.com',
'public-ipv4': self._ipv4_address,
'backend-client-caucase-url': 'http://[%s]:8990' % self._ipv6_address, 'backend-client-caucase-url': 'http://[%s]:8990' % self._ipv6_address,
}, },
parameter_dict parameter_dict
) )
result = fakeHTTPSResult( result = fakeHTTPSResult(
parameter_dict['domain'], parameter_dict['public-ipv4'], 'test-path') parameter_dict['domain'], 'test-path')
self.assertEqual( self.assertEqual(
self.certificate_pem, self.certificate_pem,
...@@ -6872,7 +6759,7 @@ class TestSlaveRejectReportUnsafeDamaged(SlaveHttpFrontendTestCase): ...@@ -6872,7 +6759,7 @@ class TestSlaveRejectReportUnsafeDamaged(SlaveHttpFrontendTestCase):
self.assertEqual(httplib.SERVICE_UNAVAILABLE, result.status_code) self.assertEqual(httplib.SERVICE_UNAVAILABLE, result.status_code)
result_http = fakeHTTPResult( result_http = fakeHTTPResult(
parameter_dict['domain'], parameter_dict['public-ipv4'], 'test-path') parameter_dict['domain'], 'test-path')
self.assertEqual(httplib.FOUND, result_http.status_code) self.assertEqual(httplib.FOUND, result_http.status_code)
monitor_file = glob.glob( monitor_file = glob.glob(
...@@ -6899,7 +6786,6 @@ class TestSlaveRejectReportUnsafeDamaged(SlaveHttpFrontendTestCase): ...@@ -6899,7 +6786,6 @@ class TestSlaveRejectReportUnsafeDamaged(SlaveHttpFrontendTestCase):
'url': 'http://duplicate.example.com', 'url': 'http://duplicate.example.com',
'site_url': 'http://duplicate.example.com', 'site_url': 'http://duplicate.example.com',
'secure_access': 'https://duplicate.example.com', 'secure_access': 'https://duplicate.example.com',
'public-ipv4': self._ipv4_address,
'backend-client-caucase-url': 'http://[%s]:8990' % self._ipv6_address, 'backend-client-caucase-url': 'http://[%s]:8990' % self._ipv6_address,
}, },
parameter_dict parameter_dict
...@@ -6986,7 +6872,6 @@ class TestSlaveHostHaproxyClash(SlaveHttpFrontendTestCase, TestDataMixin): ...@@ -6986,7 +6872,6 @@ class TestSlaveHostHaproxyClash(SlaveHttpFrontendTestCase, TestDataMixin):
def getInstanceParameterDict(cls): def getInstanceParameterDict(cls):
return { return {
'domain': 'example.com', 'domain': 'example.com',
'public-ipv4': cls._ipv4_address,
'port': HTTPS_PORT, 'port': HTTPS_PORT,
'plain_http_port': HTTP_PORT, 'plain_http_port': HTTP_PORT,
'kedifa_port': KEDIFA_PORT, 'kedifa_port': KEDIFA_PORT,
...@@ -7025,7 +6910,6 @@ class TestSlaveHostHaproxyClash(SlaveHttpFrontendTestCase, TestDataMixin): ...@@ -7025,7 +6910,6 @@ class TestSlaveHostHaproxyClash(SlaveHttpFrontendTestCase, TestDataMixin):
'url': 'http://%s.example.com' % (hostname, ), 'url': 'http://%s.example.com' % (hostname, ),
'site_url': 'http://%s.example.com' % (hostname, ), 'site_url': 'http://%s.example.com' % (hostname, ),
'secure_access': 'https://%s.example.com' % (hostname, ), 'secure_access': 'https://%s.example.com' % (hostname, ),
'public-ipv4': self._ipv4_address,
'backend-client-caucase-url': 'http://[%s]:8990' % self._ipv6_address, 'backend-client-caucase-url': 'http://[%s]:8990' % self._ipv6_address,
}, },
parameter_dict_wildcard parameter_dict_wildcard
...@@ -7041,14 +6925,13 @@ class TestSlaveHostHaproxyClash(SlaveHttpFrontendTestCase, TestDataMixin): ...@@ -7041,14 +6925,13 @@ class TestSlaveHostHaproxyClash(SlaveHttpFrontendTestCase, TestDataMixin):
'url': 'http://%s.example.com' % (hostname, ), 'url': 'http://%s.example.com' % (hostname, ),
'site_url': 'http://%s.example.com' % (hostname, ), 'site_url': 'http://%s.example.com' % (hostname, ),
'secure_access': 'https://%s.example.com' % (hostname, ), 'secure_access': 'https://%s.example.com' % (hostname, ),
'public-ipv4': self._ipv4_address,
'backend-client-caucase-url': 'http://[%s]:8990' % self._ipv6_address, 'backend-client-caucase-url': 'http://[%s]:8990' % self._ipv6_address,
}, },
parameter_dict_specific parameter_dict_specific
) )
result_wildcard = fakeHTTPSResult( result_wildcard = fakeHTTPSResult(
'other.alias1.example.com', parameter_dict_wildcard['public-ipv4'], 'other.alias1.example.com',
'test-path', 'test-path',
headers={ headers={
'Timeout': '10', # more than default backend-connect-timeout == 5 'Timeout': '10', # more than default backend-connect-timeout == 5
...@@ -7059,7 +6942,7 @@ class TestSlaveHostHaproxyClash(SlaveHttpFrontendTestCase, TestDataMixin): ...@@ -7059,7 +6942,7 @@ class TestSlaveHostHaproxyClash(SlaveHttpFrontendTestCase, TestDataMixin):
self.assertEqualResultJson(result_wildcard, 'Path', '/wildcard/test-path') self.assertEqualResultJson(result_wildcard, 'Path', '/wildcard/test-path')
result_specific = fakeHTTPSResult( result_specific = fakeHTTPSResult(
'zspecific.alias1.example.com', parameter_dict_specific['public-ipv4'], 'zspecific.alias1.example.com',
'test-path', 'test-path',
headers={ headers={
'Timeout': '10', # more than default backend-connect-timeout == 5 'Timeout': '10', # more than default backend-connect-timeout == 5
...@@ -7124,13 +7007,13 @@ class TestPassedRequestParameter(HttpFrontendTestCase): ...@@ -7124,13 +7007,13 @@ class TestPassedRequestParameter(HttpFrontendTestCase):
'enable-http2-by-default': True, 'enable-http2-by-default': True,
'global-disable-http2': True, 'global-disable-http2': True,
'mpm-graceful-shutdown-timeout': 2, 'mpm-graceful-shutdown-timeout': 2,
'public-ipv4': '255.255.255.255',
're6st-verification-url': 're6st-verification-url', 're6st-verification-url': 're6st-verification-url',
'backend-connect-timeout': 2, 'backend-connect-timeout': 2,
'backend-connect-retries': 1, 'backend-connect-retries': 1,
'ciphers': 'ciphers', 'ciphers': 'ciphers',
'request-timeout': 100, 'request-timeout': 100,
'authenticate-to-backend': True, 'authenticate-to-backend': True,
'strict-transport-security': 200,
# specific parameters # specific parameters
'-frontend-config-1-ram-cache-size': '512K', '-frontend-config-1-ram-cache-size': '512K',
'-frontend-config-2-ram-cache-size': '256K', '-frontend-config-2-ram-cache-size': '256K',
...@@ -7225,11 +7108,11 @@ class TestPassedRequestParameter(HttpFrontendTestCase): ...@@ -7225,11 +7108,11 @@ class TestPassedRequestParameter(HttpFrontendTestCase):
u'mpm-graceful-shutdown-timeout': u'2', u'mpm-graceful-shutdown-timeout': u'2',
u'plain_http_port': '11080', u'plain_http_port': '11080',
u'port': '11443', u'port': '11443',
u'public-ipv4': u'255.255.255.255',
u'ram-cache-size': u'512K', u'ram-cache-size': u'512K',
u're6st-verification-url': u're6st-verification-url', u're6st-verification-url': u're6st-verification-url',
u'request-timeout': u'100', u'request-timeout': u'100',
u'slave-kedifa-information': u'{}' u'slave-kedifa-information': u'{}',
u'strict-transport-security': u'200'
}, },
'caddy-frontend-2': { 'caddy-frontend-2': {
'X-software_release_url': self.frontend_2_sr, 'X-software_release_url': self.frontend_2_sr,
...@@ -7253,11 +7136,11 @@ class TestPassedRequestParameter(HttpFrontendTestCase): ...@@ -7253,11 +7136,11 @@ class TestPassedRequestParameter(HttpFrontendTestCase):
u'mpm-graceful-shutdown-timeout': u'2', u'mpm-graceful-shutdown-timeout': u'2',
u'plain_http_port': u'11080', u'plain_http_port': u'11080',
u'port': u'11443', u'port': u'11443',
u'public-ipv4': u'255.255.255.255',
u'ram-cache-size': u'256K', u'ram-cache-size': u'256K',
u're6st-verification-url': u're6st-verification-url', u're6st-verification-url': u're6st-verification-url',
u'request-timeout': u'100', u'request-timeout': u'100',
u'slave-kedifa-information': u'{}' u'slave-kedifa-information': u'{}',
u'strict-transport-security': u'200'
}, },
'caddy-frontend-3': { 'caddy-frontend-3': {
'X-software_release_url': self.frontend_3_sr, 'X-software_release_url': self.frontend_3_sr,
...@@ -7281,10 +7164,10 @@ class TestPassedRequestParameter(HttpFrontendTestCase): ...@@ -7281,10 +7164,10 @@ class TestPassedRequestParameter(HttpFrontendTestCase):
u'mpm-graceful-shutdown-timeout': u'2', u'mpm-graceful-shutdown-timeout': u'2',
u'plain_http_port': u'11080', u'plain_http_port': u'11080',
u'port': u'11443', u'port': u'11443',
u'public-ipv4': u'255.255.255.255',
u're6st-verification-url': u're6st-verification-url', u're6st-verification-url': u're6st-verification-url',
u'request-timeout': u'100', u'request-timeout': u'100',
u'slave-kedifa-information': u'{}' u'slave-kedifa-information': u'{}',
u'strict-transport-security': u'200'
}, },
'kedifa': { 'kedifa': {
'X-software_release_url': self.kedifa_sr, 'X-software_release_url': self.kedifa_sr,
...@@ -7326,12 +7209,12 @@ class TestPassedRequestParameter(HttpFrontendTestCase): ...@@ -7326,12 +7209,12 @@ class TestPassedRequestParameter(HttpFrontendTestCase):
'mpm-graceful-shutdown-timeout': '2', 'mpm-graceful-shutdown-timeout': '2',
'plain_http_port': '11080', 'plain_http_port': '11080',
'port': '11443', 'port': '11443',
'public-ipv4': '255.255.255.255',
're6st-verification-url': 're6st-verification-url', 're6st-verification-url': 're6st-verification-url',
'request-timeout': '100', 'request-timeout': '100',
'root_instance_title': 'testing partition 0', 'root_instance_title': 'testing partition 0',
'slap_software_type': 'RootSoftwareInstance', 'slap_software_type': 'RootSoftwareInstance',
'slave_instance_list': [] 'slave_instance_list': [],
'strict-transport-security': '200'
} }
} }
self.assertEqual( self.assertEqual(
...@@ -7345,7 +7228,6 @@ class TestSlaveBackendActiveCheck(SlaveHttpFrontendTestCase, TestDataMixin): ...@@ -7345,7 +7228,6 @@ class TestSlaveBackendActiveCheck(SlaveHttpFrontendTestCase, TestDataMixin):
def getInstanceParameterDict(cls): def getInstanceParameterDict(cls):
return { return {
'domain': 'example.com', 'domain': 'example.com',
'public-ipv4': cls._ipv4_address,
'port': HTTPS_PORT, 'port': HTTPS_PORT,
'plain_http_port': HTTP_PORT, 'plain_http_port': HTTP_PORT,
'kedifa_port': KEDIFA_PORT, 'kedifa_port': KEDIFA_PORT,
...@@ -7434,7 +7316,7 @@ backend _backend-active-check-default-http ...@@ -7434,7 +7316,7 @@ backend _backend-active-check-default-http
self._get_backend_haproxy_configuration() self._get_backend_haproxy_configuration()
) )
result = fakeHTTPSResult( result = fakeHTTPSResult(
parameter_dict['domain'], parameter_dict['public-ipv4'], parameter_dict['domain'],
'test-path/deep/.././deeper', 'test-path/deep/.././deeper',
headers={ headers={
'Timeout': '10', # more than default backend-connect-timeout == 5 'Timeout': '10', # more than default backend-connect-timeout == 5
......
...@@ -145,7 +145,15 @@ class BalancerTestCase(ERP5InstanceTestCase): ...@@ -145,7 +145,15 @@ class BalancerTestCase(ERP5InstanceTestCase):
# XXX what is this ? should probably not be needed here # XXX what is this ? should probably not be needed here
'name': cls.__name__, 'name': cls.__name__,
'monitor-passwd': 'secret', 'monitor-passwd': 'secret',
'apachedex-configuration': '--erp5-base +erp5 .*/VirtualHostRoot/erp5(/|\\?|$) --base +other / --skip-user-agent Zabbix --error-detail --js-embed --quiet', 'apachedex-configuration': [
'--logformat', '%h %l %u %t "%r" %>s %O "%{Referer}i" "%{User-Agent}i" %{ms}T',
'--erp5-base', '+erp5', '.*/VirtualHostRoot/erp5(/|\\?|$)',
'--base', '+other', '/',
'--skip-user-agent', 'Zabbix',
'--error-detail',
'--js-embed',
'--quiet',
],
'apachedex-promise-threshold': 100, 'apachedex-promise-threshold': 100,
'haproxy-server-check-path': '/', 'haproxy-server-check-path': '/',
'zope-family-dict': { 'zope-family-dict': {
......
...@@ -23,7 +23,7 @@ md5sum = 9340498841caa5771f40f8c9e561eacd ...@@ -23,7 +23,7 @@ md5sum = 9340498841caa5771f40f8c9e561eacd
[jupyter-notebook-config] [jupyter-notebook-config]
filename = jupyter_notebook_config.py.jinja filename = jupyter_notebook_config.py.jinja
md5sum = 6e01da7d35c1d65d4a450b0f011b296d md5sum = 089e4c511a3c7b110471bf41ca2695a4
[erp5-kernel] [erp5-kernel]
filename = ERP5kernel.py filename = ERP5kernel.py
......
...@@ -10,5 +10,12 @@ c = get_config() ...@@ -10,5 +10,12 @@ c = get_config()
c.NotebookApp.password = passwd("{{ password }}") c.NotebookApp.password = passwd("{{ password }}")
os.environ['PATH'] = "{{ gcc_location }}/bin" + os.pathsep + os.environ['PATH'] try:
os.environ['PYTHONPATH'] = "{{ cythonplus_repository }}" + os.pathsep + os.environ['PYTHONPATH'] os.environ['PATH'] = "{{ gcc_location }}/bin" + os.pathsep + os.environ['PATH']
except KeyError:
os.environ['PATH'] = "{{ gcc_location }}/bin"
try:
os.environ['PYTHONPATH'] = "{{ cythonplus_repository }}" + os.pathsep + os.environ['PYTHONPATH']
except KeyError:
os.environ['PYTHONPATH'] = "{{ cythonplus_repository }}"
...@@ -14,11 +14,11 @@ ...@@ -14,11 +14,11 @@
# not need these here). # not need these here).
[template-erp5] [template-erp5]
filename = instance-erp5.cfg.in filename = instance-erp5.cfg.in
md5sum = 2ef0ddc206c6b0982a37cfc21f23e423 md5sum = 4d0839e359c98ba3cd516903b72f798b
[template-balancer] [template-balancer]
filename = instance-balancer.cfg.in filename = instance-balancer.cfg.in
md5sum = 4998e62351f54700ee23a2ca8cd89329 md5sum = 9c67c77eab5195b2674e340fb44c48a2
[template-apache-backend-conf] [template-apache-backend-conf]
filename = apache-backend.conf.in filename = apache-backend.conf.in
......
...@@ -259,14 +259,24 @@ command = ${monitor-generate-apachedex-report-wrapper:wrapper-path} ...@@ -259,14 +259,24 @@ command = ${monitor-generate-apachedex-report-wrapper:wrapper-path}
[monitor-generate-apachedex-report-wrapper] [monitor-generate-apachedex-report-wrapper]
recipe = slapos.cookbook:wrapper recipe = slapos.cookbook:wrapper
wrapper-path = ${directory:bin}/${:command} wrapper-path = ${directory:bin}/${:command}
command-line = "{{ parameter_dict['run-apachedex-location'] }}" "{{ parameter_dict['apachedex-location'] }}" "${directory:apachedex}" ${monitor-publish-parameters:monitor-base-url}/private/apachedex --apache-log-list "${apachedex-parameters:apache-log-list}" --configuration "${apachedex-parameters:configuration}" command-line = "{{ parameter_dict['run-apachedex-location'] }}" "{{ parameter_dict['apachedex-location'] }}" "${directory:apachedex}" ${monitor-publish-parameters:monitor-base-url}/private/apachedex --apache-log-list "${apachedex-parameters:apache-log-list}" --configuration ${apachedex-parameters:configuration}
command = generate-apachedex-report command = generate-apachedex-report
[monitor-apachedex-report-config]
recipe = slapos.recipe.template:jinja2
rendered = ${directory:etc}/${:_buildout_section_name_}
template = inline:
{% for line in slapparameter_dict['apachedex-configuration'] %}
{# apachedex config files use shlex.split, so we need to quote the arguments. #}
{# BBB: in python 3 we can use shlex.quote instead. #}
{{ repr(line.encode('utf-8')) }}
{% endfor %}
[apachedex-parameters] [apachedex-parameters]
# XXX - Sample log file with curent date: apache_access.log-%(date)s.gz # XXX - Sample log file with curent date: apache_access.log-%(date)s.gz
# which will be equivalent to apache_access.log-20150112.gz if the date is 2015-01-12 # which will be equivalent to apache_access.log-20150112.gz if the date is 2015-01-12
apache-log-list = ${apache-conf-parameter-dict:access-log} apache-log-list = ${apache-conf-parameter-dict:access-log}
configuration = {{ slapparameter_dict['apachedex-configuration'] }} configuration = ${monitor-apachedex-report-config:rendered}
promise-threshold = {{ slapparameter_dict['apachedex-promise-threshold'] }} promise-threshold = {{ slapparameter_dict['apachedex-promise-threshold'] }}
[{{ section('monitor-promise-apachedex-result') }}] [{{ section('monitor-promise-apachedex-result') }}]
......
...@@ -374,8 +374,17 @@ config-shared-certificate-authority-path = ${directory:ca-dir} ...@@ -374,8 +374,17 @@ config-shared-certificate-authority-path = ${directory:ca-dir}
config-backend-path-dict = {{ dumps(zope_backend_path_dict) }} config-backend-path-dict = {{ dumps(zope_backend_path_dict) }}
config-ssl-authentication-dict = {{ dumps(ssl_authentication_dict) }} config-ssl-authentication-dict = {{ dumps(ssl_authentication_dict) }}
config-apachedex-promise-threshold = {{ dumps(monitor_dict.get('apachedex-promise-threshold', 70)) }} config-apachedex-promise-threshold = {{ dumps(monitor_dict.get('apachedex-promise-threshold', 70)) }}
config-apachedex-configuration = {{ dumps(monitor_dict.get('apachedex-configuration', config-apachedex-configuration = {{
'--erp5-base +erp5 .*/VirtualHostRoot/erp5(/|\\?|$) --base +other / --skip-user-agent Zabbix --error-detail --js-embed --quiet')) }} dumps(
monitor_dict.get(
'apachedex-configuration',
[
'--erp5-base', '+erp5', '.*/VirtualHostRoot/erp5(/|\\?|$)',
'--base', '+other', '/',
'--skip-user-agent', 'Zabbix',
'--error-detail',
'--js-embed',
'--quiet'])) }}
[request-frontend-base] [request-frontend-base]
{% if has_frontend -%} {% if has_frontend -%}
......
...@@ -623,7 +623,7 @@ zope.app.publication = 3.14.0 ...@@ -623,7 +623,7 @@ zope.app.publication = 3.14.0
zope.app.testing = 3.8.1 zope.app.testing = 3.8.1
# Pinned versions # Pinned versions
APacheDEX = 1.6.2 APacheDEX = 1.8
Pillow = 6.2.2 Pillow = 6.2.2
Products.CMFActionIcons = 2.1.3 Products.CMFActionIcons = 2.1.3
Products.DCWorkflowGraph = 0.4.1 Products.DCWorkflowGraph = 0.4.1
......
...@@ -74,7 +74,7 @@ md5sum = b5ac16fdeed8863e465e955ba6d1e12a ...@@ -74,7 +74,7 @@ md5sum = b5ac16fdeed8863e465e955ba6d1e12a
[template-erp5] [template-erp5]
filename = instance-erp5.cfg.in filename = instance-erp5.cfg.in
md5sum = edfd681e3a477855a581f8d01c717a92 md5sum = 548d99118afa736e5a7c428b0c8ed560
[template-zeo] [template-zeo]
filename = instance-zeo.cfg.in filename = instance-zeo.cfg.in
...@@ -86,7 +86,7 @@ md5sum = c03f93f95333e6a61b857dcfab7f9c0e ...@@ -86,7 +86,7 @@ md5sum = c03f93f95333e6a61b857dcfab7f9c0e
[template-balancer] [template-balancer]
filename = instance-balancer.cfg.in filename = instance-balancer.cfg.in
md5sum = 4a119083eab1eadbaf44468eb4f3381f md5sum = 8ad9137310ae0403d433bb3c0d93be9f
[template-haproxy-cfg] [template-haproxy-cfg]
filename = haproxy.cfg.in filename = haproxy.cfg.in
......
...@@ -360,12 +360,22 @@ command = ${monitor-generate-apachedex-report-wrapper:wrapper-path} ...@@ -360,12 +360,22 @@ command = ${monitor-generate-apachedex-report-wrapper:wrapper-path}
[monitor-generate-apachedex-report-wrapper] [monitor-generate-apachedex-report-wrapper]
recipe = slapos.cookbook:wrapper recipe = slapos.cookbook:wrapper
wrapper-path = ${directory:bin}/${:command} wrapper-path = ${directory:bin}/${:command}
command-line = "{{ parameter_dict['run-apachedex-location'] }}" "{{ parameter_dict['apachedex-location'] }}" "${directory:apachedex}" ${monitor-publish-parameters:monitor-base-url}/private/apachedex --apache-log-list "${apachedex-parameters:apache-log-list}" --configuration "${apachedex-parameters:configuration}" command-line = "{{ parameter_dict['run-apachedex-location'] }}" "{{ parameter_dict['apachedex-location'] }}" "${directory:apachedex}" ${monitor-publish-parameters:monitor-base-url}/private/apachedex --apache-log-list "${apachedex-parameters:apache-log-list}" --configuration ${apachedex-parameters:configuration}
command = generate-apachedex-report command = generate-apachedex-report
[monitor-apachedex-report-config]
recipe = slapos.recipe.template:jinja2
rendered = ${directory:etc}/${:_buildout_section_name_}
template = inline:
{% for line in slapparameter_dict['apachedex-configuration'] %}
{# apachedex config files use shlex.split, so we need to quote the arguments. #}
{# BBB: in python 3 we can use shlex.quote instead. #}
{{ repr(line.encode('utf-8')) }}
{% endfor %}
[apachedex-parameters] [apachedex-parameters]
apache-log-list = ${rsyslogd-cfg-parameter-dict:access-log-file} apache-log-list = ${rsyslogd-cfg-parameter-dict:access-log-file}
configuration = {{ slapparameter_dict['apachedex-configuration'] }} configuration = ${monitor-apachedex-report-config:rendered}
promise-threshold = {{ slapparameter_dict['apachedex-promise-threshold'] }} promise-threshold = {{ slapparameter_dict['apachedex-promise-threshold'] }}
[{{ section('monitor-promise-apachedex-result') }}] [{{ section('monitor-promise-apachedex-result') }}]
......
...@@ -350,8 +350,18 @@ config-name = ${:name} ...@@ -350,8 +350,18 @@ config-name = ${:name}
config-backend-path-dict = {{ dumps(zope_backend_path_dict) }} config-backend-path-dict = {{ dumps(zope_backend_path_dict) }}
config-ssl-authentication-dict = {{ dumps(ssl_authentication_dict) }} config-ssl-authentication-dict = {{ dumps(ssl_authentication_dict) }}
config-apachedex-promise-threshold = {{ dumps(monitor_dict.get('apachedex-promise-threshold', 70)) }} config-apachedex-promise-threshold = {{ dumps(monitor_dict.get('apachedex-promise-threshold', 70)) }}
config-apachedex-configuration = {{ dumps(monitor_dict.get('apachedex-configuration', config-apachedex-configuration = {{
'--erp5-base +erp5 .*/VirtualHostRoot/erp5(/|\\?|$) --base +other / --skip-user-agent Zabbix --error-detail --js-embed --quiet')) }} dumps(
monitor_dict.get(
'apachedex-configuration',
[
'--logformat', '%h %l %u %t "%r" %>s %O "%{Referer}i" "%{User-Agent}i" %{ms}T',
'--erp5-base', '+erp5', '.*/VirtualHostRoot/erp5(/|\\?|$)',
'--base', '+other', '/',
'--skip-user-agent', 'Zabbix',
'--error-detail',
'--js-embed',
'--quiet'])) }}
[request-frontend-base] [request-frontend-base]
{% if has_frontend -%} {% if has_frontend -%}
......
...@@ -142,7 +142,7 @@ zc.recipe.egg = 2.0.3+slapos003 ...@@ -142,7 +142,7 @@ zc.recipe.egg = 2.0.3+slapos003
# Use own version of h.r.download to be able to open .xz and .lz archives # Use own version of h.r.download to be able to open .xz and .lz archives
hexagonit.recipe.download = 1.7.post4 hexagonit.recipe.download = 1.7.post4
Jinja2 = 2.9.5 Jinja2 = 2.11.2
Importing = 1.10 Importing = 1.10
MarkupSafe = 1.0 MarkupSafe = 1.0
PyYAML = 3.13 PyYAML = 3.13
...@@ -200,7 +200,7 @@ slapos.rebootstrap = 4.5 ...@@ -200,7 +200,7 @@ slapos.rebootstrap = 4.5
slapos.recipe.build = 0.46 slapos.recipe.build = 0.46
slapos.recipe.cmmi = 0.16 slapos.recipe.cmmi = 0.16
slapos.recipe.template = 4.5 slapos.recipe.template = 4.5
slapos.toolbox = 0.112 slapos.toolbox = 0.115
stevedore = 1.21.0 stevedore = 1.21.0
subprocess32 = 3.5.3 subprocess32 = 3.5.3
unicodecsv = 0.14.1 unicodecsv = 0.14.1
......
#!/bin/bash #!/bin/bash
set -e
# Go to master
git checkout master
# Clean up 1.0
git branch -D 1.0 || echo
# Checkout 1.0 # Checkout 1.0
git checkout 1.0 git checkout origin/1.0 -b 1.0
# Reset and Clean # Reset and Clean
git reset --hard origin/1.0 git reset --hard origin/1.0
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment