Commit 25ce84fc authored by Łukasz Nowak's avatar Łukasz Nowak

Update Release Candidate

parents f01ecbb1 69e1c0c9
......@@ -28,7 +28,7 @@ md5sum = 4f4d1e7de19c77157be0c2a825b31026
shared = true
patch-options = -p1
patches =
${:_profile_base_location_}/trafficserver-8.1-stale-negative-cache-not-returnable.patch#e1a2f8a23f00cee1301ccf1a84e46763
https://github.com/apache/trafficserver/commit/3d0492f7276bb93aff499f637ff843c45908b193.patch#f23dd950acc0395fe7bc72264987c013
configure-options =
--with-openssl=${openssl:location}
--with-pcre=${pcre:location}
......
--- trafficserver-8.1.1/proxy/http/HttpTransact.cc.orig 2020-12-01 00:30:26.000000000 +0100
+++ trafficserver-8.1.1/proxy/http/HttpTransact.cc 2021-01-11 11:35:41.946893735 +0100
@@ -5752,6 +5752,7 @@
HttpTransact::is_stale_cache_response_returnable(State *s)
{
HTTPHdr *cached_response = s->cache_info.object_read->response_get();
+ HTTPStatus cache_response_code = cached_response->status_get();
// First check if client allows cached response
// Note does_client_permit_lookup was set to
@@ -5760,6 +5761,12 @@
if (!s->cache_info.directives.does_client_permit_lookup) {
return false;
}
+ // We don't serve stale negative cache.
+ if (cache_response_code == HTTP_STATUS_INTERNAL_SERVER_ERROR || cache_response_code == HTTP_STATUS_GATEWAY_TIMEOUT ||
+ cache_response_code == HTTP_STATUS_BAD_GATEWAY || cache_response_code == HTTP_STATUS_SERVICE_UNAVAILABLE) {
+ TxnDebug("http_trans", "[is_stale_cache_response_returnable] stale negative cache");
+ return false;
+ }
// Spec says that we can not serve a stale document with a
// "must-revalidate header"
// How about "s-maxage" and "no-cache" directives?
......@@ -60,14 +60,12 @@ This is to deploy an entire frontend server with a public IPv4. If you want to
First, you will need to request a "master" instance of Caddy Frontend with:
* A ``domain`` parameter where the frontend will be available
* A ``public-ipv4`` parameter to state which public IPv4 will be used
like::
<?xml version='1.0' encoding='utf-8'?>
<instance>
<parameter id="domain">moulefrite.org</parameter>
<parameter id="public-ipv4">xxx.xxx.xxx.xxx</parameter>
</instance>
Then, it is possible to request many slave instances (currently only from slapconsole, UI doesn't work yet) of Caddy Frontend, like::
......@@ -189,10 +187,6 @@ Name of the domain to be used (example: mydomain.com). Sub domains of this domai
Using the IP given by the Master Instance. "domain" is a mandatory Parameter.
public-ipv4
~~~~~~~~~~~
Public ipv4 of the frontend (the one Caddy will be indirectly listening to)
port
~~~~
Port used by Caddy. Optional parameter, defaults to 4443.
......
......@@ -14,7 +14,7 @@
# not need these here).
[template]
filename = instance.cfg.in
md5sum = 28bf0c4c75c028bed79fc38786831b3e
md5sum = de69a8c408ce4f228fc22eacb7e96657
[profile-common]
filename = instance-common.cfg.in
......@@ -22,15 +22,15 @@ md5sum = 5784bea3bd608913769ff9a8afcccb68
[profile-caddy-frontend]
filename = instance-apache-frontend.cfg.in
md5sum = e8db3179e3278c6390a786cdcc947173
md5sum = a6a626fd1579fd1d4b80ea67433ca16a
[profile-caddy-replicate]
filename = instance-apache-replicate.cfg.in
md5sum = 2329022227099971a57f710832509153
md5sum = 7cb8157d2b368ab3b281ea42f743eb9c
[profile-slave-list]
_update_hash_filename_ = templates/apache-custom-slave-list.cfg.in
md5sum = 2cbcdff6fe75ec469ab7d6accd72f83c
md5sum = 772c04c165fdae91299fd909e061f926
[profile-replicate-publish-slave-information]
_update_hash_filename_ = templates/replicate-publish-slave-information.cfg.in
......@@ -46,11 +46,11 @@ md5sum = 88af61e7abbf30dc99a1a2526161128d
[template-default-slave-virtualhost]
_update_hash_filename_ = templates/default-virtualhost.conf.in
md5sum = bd9e269130bac989faa639e0903814e2
md5sum = a0ae858a3db8825c22d33d323392f588
[template-backend-haproxy-configuration]
_update_hash_filename_ = templates/backend-haproxy.cfg.in
md5sum = 5c807d34198f334b143cfa9263f6bc4e
md5sum = 0923a9227c131d2f1e11d7ddd5b15673
[template-empty]
_update_hash_filename_ = templates/empty.in
......
......@@ -287,6 +287,7 @@ extra-context =
key backend_client_caucase_url :backend-client-caucase-url
import urlparse_module urlparse
import furl_module furl
import urllib_module urllib
key master_key_download_url :master_key_download_url
key autocert caddy-directory:autocert
key caddy_log_directory caddy-directory:slave-log
......
......@@ -15,13 +15,13 @@
'enable-http2-by-default',
'global-disable-http2',
'mpm-graceful-shutdown-timeout',
'public-ipv4',
're6st-verification-url',
'backend-connect-timeout',
'backend-connect-retries',
'ciphers',
'request-timeout',
'authenticate-to-backend',
'strict-transport-security',
]
%}
{% set aikc_enabled = slapparameter_dict.get('automatic-internal-kedifa-caucase-csr', 'true').lower() in TRUE_VALUES %}
......@@ -135,23 +135,30 @@ context =
{% if backend_active_check_http_version not in ['HTTP/1.1', 'HTTP/1.0'] %}
{% do slave_error_list.append('Wrong backend-active-check-http-version %s' % (backend_active_check_http_version,)) %}
{% endif %}
{% set backend_active_check_timeout = (slave.get('backend-active-check-timeout') or '2') | int(False) %}
{% if backend_active_check_timeout in [False] or backend_active_check_timeout <= 0 %}
{% set backend_active_check_timeout = (slave.get('backend-active-check-timeout') or '2') | int(false) %}
{% if backend_active_check_timeout is false or backend_active_check_timeout <= 0 %}
{% do slave_error_list.append('Wrong backend-active-check-timeout %s' % (slave.get('backend-active-check-timeout'),)) %}
{% endif %}
{% set backend_active_check_interval = (slave.get('backend-active-check-interval') or '5') | int(False) %}
{% if backend_active_check_interval in [False] or backend_active_check_interval <= 0 %}
{% set backend_active_check_interval = (slave.get('backend-active-check-interval') or '5') | int(false) %}
{% if backend_active_check_interval is false or backend_active_check_interval <= 0 %}
{% do slave_error_list.append('Wrong backend-active-check-interval %s' % (slave.get('backend-active-check-interval'),)) %}
{% endif %}
{% set backend_active_check_rise = (slave.get('backend-active-check-rise') or '1') | int(False) %}
{% if backend_active_check_rise in [False] or backend_active_check_rise <= 0 %}
{% set backend_active_check_rise = (slave.get('backend-active-check-rise') or '1') | int(false) %}
{% if backend_active_check_rise is false or backend_active_check_rise <= 0 %}
{% do slave_error_list.append('Wrong backend-active-check-rise %s' % (slave.get('backend-active-check-rise'),)) %}
{% endif %}
{% set backend_active_check_fall = (slave.get('backend-active-check-fall') or '1') | int(False) %}
{% if backend_active_check_fall in [False] or backend_active_check_fall <= 0 %}
{% set backend_active_check_fall = (slave.get('backend-active-check-fall') or '1') | int(false) %}
{% if backend_active_check_fall is false or backend_active_check_fall <= 0 %}
{% do slave_error_list.append('Wrong backend-active-check-fall %s' % (slave.get('backend-active-check-fall'),)) %}
{% endif %}
{% endif %}
{# Check virtualhostroot-http-port and virtualhostroot-https-port #}
{% for key in ['virtualhostroot-http-port', 'virtualhostroot-https-port'] %}
{% set value = (slave.get(key) or '1') | int(false) %}
{% if value is false or value < 0 %}
{% do slave_error_list.append('Wrong %s %r' % (key, slave.get(key))) %}
{% endif %}
{% endfor %}
{# Check ciphers #}
{% set slave_cipher_list = slave.get('ciphers', '').strip().split() %}
{% if slave_cipher_list %}
......@@ -161,6 +168,11 @@ context =
{% endif %}
{% endfor %}
{% endif %}
{# Check strict-transport-security #}
{% set strict_transport_security = (slave.get('strict-transport-security') or '0') | int(false) %}
{% if strict_transport_security is false or strict_transport_security < 0 %}
{% do slave_error_list.append('Wrong strict-transport-security %s' % (slave.get('strict-transport-security'),)) %}
{% endif %}
{% set custom_domain = slave.get('custom_domain') %}
{% if custom_domain and custom_domain in used_host_list %}
{% do slave_error_list.append('custom_domain %r clashes' % (custom_domain,)) %}
......@@ -264,7 +276,7 @@ config-monitor-username = ${monitor-instance-parameter:username}
config-monitor-password = ${monitor-htpasswd:passwd}
software-type = {{frontend_type}}
return = private-ipv4 public-ipv4 slave-instance-information-list monitor-base-url backend-client-csr_id-url csr_id-url csr_id-certificate backend-haproxy-statistic-url
return = slave-instance-information-list monitor-base-url backend-client-csr_id-url csr_id-url csr_id-certificate backend-haproxy-statistic-url
{#- Send only needed parameters to frontend nodes #}
{%- set base_node_configuration_dict = {} %}
......
......@@ -50,17 +50,6 @@
"title": "Duration of the graceful shutdown period. Warning: Changing the parameter will result in restarting Caddy process.",
"type": "integer"
},
"nginx-domain": {
"description": "Base Domain for create subdomains (ie.: example2.com) for websocket, notebook and eventsource.",
"pattern": "^([a-zA-Z0-9]([a-zA-Z0-9\\-]{0,61}[a-zA-Z0-9])?\\.)+[a-zA-Z]{2,6}$",
"title": "[NOT IMPLEMENTED] Nginx Domain",
"type": "string"
},
"public-ipv4": {
"description": "Public ipv4 of the frontend (the one Caddy will be indirectly listening to).",
"title": "Public IPv4",
"type": "string"
},
"re6st-verification-url": {
"description": "Url to verify if the internet and/or re6stnet is working.",
"title": "Test Verification URL",
......@@ -118,6 +107,12 @@
],
"title": "Authenticate to backend",
"type": "string"
},
"strict-transport-security": {
"title": "Strict Transport Security",
"description": "Enables Strict Transport Security (HSTS) on the slave, the default 0 results with option disabled. More information: https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Strict-Transport-Security",
"default": "0",
"type": "integer"
}
},
"title": "Input Parameters",
......
......@@ -285,6 +285,32 @@
"description": "Amount of bad responses from the backend to consider it down.",
"default": "1",
"type": "integer"
},
"strict-transport-security": {
"title": "Strict Transport Security",
"description": "Enables Strict Transport Security (HSTS) on the slave, the default 0 results with option disabled. More information: https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Strict-Transport-Security",
"default": "0",
"type": "integer"
},
"strict-transport-security-sub-domains": {
"title": "Strict Transport Security Sub Domains",
"description": "Configures Strict Transport Security for sub domains.",
"enum": [
"false",
"true"
],
"type": "string",
"default": "false"
},
"strict-transport-security-preload": {
"title": "Strict Transport Security Preload",
"description": "Configures Strict Transport Security preload mechanism.",
"enum": [
"false",
"true"
],
"type": "string",
"default": "false"
}
},
"title": "Input Parameters",
......
......@@ -18,10 +18,6 @@
"description": "List of URLs to access logs",
"type": "array"
},
"public-ipv4": {
"description": "Public IPv4 to be included on DNS",
"type": "string"
},
"replication_number": {
"description": "Number of nodes the slave is replicated",
"type": "integer"
......
......@@ -78,7 +78,6 @@ cert = ${slap-connection:cert-file}
# All parameters are available through the configuration.XX syntax.
# All possible parameters should have a default.
configuration.domain = example.org
configuration.public-ipv4 =
configuration.port = 4443
configuration.plain_http_port = 8080
configuration.plain_nginx_port = 8081
......@@ -107,3 +106,4 @@ configuration.backend-haproxy-statistic-port = 21444
configuration.authenticate-to-backend = False
configuration.rotate-num = 4000
configuration.slave-introspection-https-port = 22443
configuration.strict-transport-security = 0
......@@ -2,6 +2,7 @@
{%- set kedifa_updater_mapping = [] %}
{%- set cached_server_dict = {} %}
{%- set backend_slave_list = [] %}
{%- set frontend_slave_list = [] %}
{%- set part_list = [] %}
{%- set cache_port = caddy_configuration.get('cache-port') %}
{%- set cache_access = "http://%s:%s" % (instance_parameter_dict['ipv4-random'], cache_port) %}
......@@ -39,16 +40,39 @@ context =
[slave-password]
[slave-htpasswd]
{#- Loop thought slave list to set up slaves #}
{#- Prepare configuration parameters #}
{%- set DEFAULT_PORT = {'http': 80, 'https': 443, '': None} %}
{%- for key in ['enable-http2-by-default', 'global-disable-http2'] %}
{%- do configuration.__setitem__(key, ('' ~ configuration[key]).lower() in TRUE_VALUES) %}
{%- endfor %}
{#- Loop thought slave list to set up slaves #}
{%- for slave_instance in slave_instance_list %}
{#- prepare backend parameters #}
{#- Prepare slave parameters: #}
{#- * convert strings to booleans (as slapproxy and SlapOS Master differ a bit) #}
{#- * create real lists from string lists #}
{#- * setup defaults to simplify other profiles #}
{#- * stabilise values for backend #}
{%- for key, prefix in [('url', 'http_backend'), ('https-url', 'https_backend')] %}
{%- set parsed = urlparse_module.urlparse(slave_instance.get(key, '').strip()) %}
{%- set info_dict = {'scheme': parsed.scheme, 'hostname': parsed.hostname, 'port': parsed.port or DEFAULT_PORT[parsed.scheme], 'path': parsed.path, 'fragment': parsed.fragment} %}
{%- do slave_instance.__setitem__(prefix, info_dict) %}
{%- endfor %}
{%- do slave_instance.__setitem__('ssl_proxy_verify', ('' ~ slave_instance.get('ssl-proxy-verify', '')).lower() in TRUE_VALUES) %}
{%- do slave_instance.__setitem__('enable-http2', ('' ~ slave_instance.get('enable-http2', configuration['enable-http2-by-default'])).lower() in TRUE_VALUES) %}
{%- for key in ['https-only', 'websocket-transparent'] %}
{%- do slave_instance.__setitem__(key, ('' ~ slave_instance.get(key, 'true')).lower() in TRUE_VALUES) %}
{%- endfor %}
{%- for key in ['enable_cache', 'disable-no-cache-request', 'disable-via-header', 'prefer-gzip-encoding-to-backend', 'strict-transport-security-sub-domains', 'strict-transport-security-preload'] %}
{%- do slave_instance.__setitem__(key, ('' ~ slave_instance.get(key, 'false')).lower() in TRUE_VALUES) %}
{%- endfor %}
{%- for key in ['disabled-cookie-list'] %}
{%- do slave_instance.__setitem__(key, slave_instance.get(key, '').split()) %}
{%- endfor %}
{%- for key, default in [('virtualhostroot-http-port', '80'), ('virtualhostroot-https-port', '443')] %}
{%- do slave_instance.__setitem__(key, int(slave_instance.get(key, default))) %}
{%- endfor %}
{%- do slave_instance.__setitem__('default-path', slave_instance.get('default-path', '').strip('/') | urlencode) %}
{%- do slave_instance.__setitem__('path', slave_instance.get('path', '').strip('/')) %}
{#- Manage ciphers #}
{%- set slave_ciphers = slave_instance.get('ciphers', '').strip().split() %}
{%- if slave_ciphers %}
......@@ -56,10 +80,10 @@ context =
{%- else %}
{%- set slave_cipher_list = configuration['ciphers'].strip() %}
{%- endif %}
{%- do slave_instance.__setitem__('cipher_list', slave_cipher_list) %}
{%- do slave_instance.__setitem__('ciphers', slave_cipher_list) %}
{#- Manage common instance parameters #}
{%- set slave_type = slave_instance.get('type', '') %}
{%- set enable_cache = (('' ~ slave_instance.get('enable_cache', '')).lower() in TRUE_VALUES and slave_type != 'redirect') %}
{%- set enable_cache = (slave_instance['enable_cache'] and slave_type != 'redirect') %}
{%- set slave_reference = slave_instance.get('slave_reference') %}
{%- set slave_kedifa = slave_kedifa_information.get(slave_reference) %}
{#- Setup backend URLs for front facing Caddy #}
......@@ -103,15 +127,13 @@ context =
{%- do part_list.extend([slave_ln_section]) %}
{%- do part_list.extend([slave_section_title]) %}
{%- set slave_log_folder = '${logrotate-directory:logrotate-backup}/' + slave_reference + "-logs" %}
{#- Pass HTTP2 switch #}
{%- do slave_instance.__setitem__('enable_http2_by_default', configuration['enable-http2-by-default']) %}
{%- do slave_instance.__setitem__('global_disable_http2', configuration['global-disable-http2']) %}
{#- Pass backend timeout values #}
{%- for key in ['backend-connect-timeout', 'backend-connect-retries', 'request-timeout', 'authenticate-to-backend'] %}
{%- for key in ['backend-connect-timeout', 'backend-connect-retries', 'request-timeout', 'authenticate-to-backend', 'strict-transport-security'] %}
{%- if slave_instance.get(key, '') == '' %}
{%- do slave_instance.__setitem__(key, configuration[key]) %}
{%- endif %}
{%- endfor %}
{%- do slave_instance.__setitem__('strict-transport-security', int(slave_instance['strict-transport-security'])) %}
{%- do slave_instance.__setitem__('authenticate-to-backend', ('' ~ slave_instance.get('authenticate-to-backend', '')).lower() in TRUE_VALUES) %}
{#- Setup active check #}
{%- do slave_instance.__setitem__('backend-active-check', ('' ~ slave_instance.get('backend-active-check', '')).lower() in TRUE_VALUES) %}
......@@ -157,7 +179,6 @@ context =
{%- set slave_log_access_url = urlparse_module.unquote(furled.tostr()) %}
{%- do slave_publish_dict.__setitem__('log-access', slave_log_access_url) %}
{%- do slave_publish_dict.__setitem__('slave-reference', slave_reference) %}
{%- do slave_publish_dict.__setitem__('public-ipv4', configuration['public-ipv4']) %}
{%- do slave_publish_dict.__setitem__('backend-client-caucase-url', backend_client_caucase_url) %}
{#- Set slave domain if none was defined #}
{%- if slave_instance.get('custom_domain', None) == None %}
......@@ -168,6 +189,28 @@ context =
{%- do slave_publish_dict.__setitem__('url', "http://%s" % slave_instance.get('custom_domain')) %}
{%- do slave_publish_dict.__setitem__('site_url', "http://%s" % slave_instance.get('custom_domain')) %}
{%- do slave_publish_dict.__setitem__('secure_access', 'https://%s' % slave_instance.get('custom_domain')) %}
{%- set host_list = slave_instance.get('server-alias', '').split() %}
{%- if slave_instance.get('custom_domain') not in host_list %}
{%- do host_list.append(slave_instance.get('custom_domain')) %}
{%- endif %}
{%- do slave_instance.__setitem__('host_list', host_list) %}
{%- do slave_instance.__setitem__('type', slave_instance.get('type', '')) %}
{%- set websocket_path_list = [] %}
{%- for websocket_path in slave_instance.get('websocket-path-list', '').split() %}
{%- set websocket_path = websocket_path.strip('/') %}
{#- Unquote the path, so %20 and similar can be represented correctly #}
{%- set websocket_path = urllib_module.unquote(websocket_path.strip()) %}
{%- if websocket_path %}
{%- do websocket_path_list.append(websocket_path) %}
{%- endif %}
{%- endfor %}
{%- do slave_instance.__setitem__('websocket-path-list', websocket_path_list) %}
{%- do slave_instance.__setitem__('enable_h2', not configuration['global-disable-http2'] and slave_instance['enable-http2']) %}
{%- if slave_instance['type'] in ['notebook', 'websocket'] %}
{# websocket style needs http 1.1 max #}
{%- do slave_instance.__setitem__('enable_h2', False) %}
{%- endif %}
{%- do slave_instance.__setitem__('default-path', slave_instance.get('default-path', '').strip('/') | urlencode) %}
[slave-log-directory-dict]
{{slave_reference}} = {{ slave_log_folder }}
......@@ -224,12 +267,13 @@ command = {{ software_parameter_dict['htpasswd'] }} -cb ${:file} {{ slave_refere
{%- do slave_parameter_dict.__setitem__('certificate', certificate )%}
{#- Set ssl certificates for each slave #}
{%- for cert_name in ('ssl_csr', 'ssl_proxy_ca_crt')%}
{%- set cert_file_key = 'path_to_' + cert_name %}
{%- if cert_name in slave_instance %}
{%- set cert_title = '%s-%s' % (slave_reference, cert_name.replace('ssl_', '')) %}
{%- set cert_file = '/'.join([custom_ssl_directory, cert_title.replace('-','.')]) %}
{%- do part_list.append(cert_title) %}
{%- do slave_parameter_dict.__setitem__(cert_name, cert_file) %}
{%- do slave_instance.__setitem__('path_to_' + cert_name, cert_file) %}
{%- do slave_instance.__setitem__(cert_file_key, cert_file) %}
{#- Store certificates on fs #}
[{{ cert_title }}]
< = jinja2-template-base
......@@ -241,7 +285,9 @@ extra-context =
{#- Store certificate in config #}
[{{ cert_title + '-config' }}]
value = {{ dumps(slave_instance.get(cert_name)) }}
{%- endif %}
{%- else %}
{%- do slave_instance.__setitem__(cert_file_key, None) %}
{%- endif %} {#- if cert_name in slave_instance #}
{%- endfor %}
{#- Set Up Certs #}
{%- if 'ssl_key' in slave_instance and 'ssl_crt' in slave_instance %}
......@@ -273,7 +319,7 @@ http_port = {{ dumps('' ~ configuration['plain_http_port']) }}
local_ipv4 = {{ dumps('' ~ instance_parameter_dict['ipv4-random']) }}
{%- for key, value in slave_instance.iteritems() %}
{%- if value is not none %}
{{ key }} = {{ dumps('' ~ value) }}
{{ key }} = {{ dumps(value) }}
{%- endif %}
{%- endfor %}
......@@ -284,7 +330,6 @@ rendered = {{ caddy_configuration_directory }}/${:filename}
template = {{ template_default_slave_configuration }}
extra-context =
section slave_parameter {{ slave_configuration_section_name }}
import urllib_module urllib
filename = {{ '%s.conf' % slave_reference }}
{{ '\n' }}
......@@ -329,6 +374,7 @@ recipe = slapos.cookbook:publish
{%- else %}
{%- do slave_instance_information_list.append(slave_publish_dict) %}
{%- endif %}
{%- do frontend_slave_list.append(slave_instance) %}
{%- if slave_type != 'redirect' %}
{%- do backend_slave_list.append(slave_instance) %}
{%- endif %}
......@@ -389,8 +435,6 @@ hash-existing-files = ${buildout:directory}/software_release/buildout.cfg
{#- Publish information for the instance #}
[publish-caddy-information]
recipe = slapos.cookbook:publish.serialised
public-ipv4 = {{ configuration['public-ipv4'] }}
private-ipv4 = {{ instance_parameter_dict['ipv4-random'] }}
{%- if configuration['extra_slave_instance_list'] %}
{#- sort_keys are important in order to avoid shuffling parameters on each run #}
slave-instance-information-list = {{ json_module.dumps(slave_instance_information_list, sort_keys=True) }}
......
......@@ -18,12 +18,8 @@ defaults
{%- macro frontend_entry(slave_instance, scheme, wildcard) %}
{#- wildcard switch allows to put dangerous entries in the end, as haproxy parses with first match #}
{%- if slave_instance[SCHEME_PREFIX_MAPPING[scheme]]['hostname'] and slave_instance[SCHEME_PREFIX_MAPPING[scheme]]['port'] %}
{%- set host_list = (slave_instance.get('server-alias') or '').split() %}
{%- if slave_instance.get('custom_domain') not in host_list %}
{%- do host_list.append(slave_instance.get('custom_domain')) %}
{%- endif %}
{%- set matched = {'count': 0} %}
{%- for host in host_list %}
{%- for host in slave_instance['host_list'] %}
{#- Match up to the end or optional port (starting with ':') #}
{#- Please note that this matching is quite sensitive to changes and hard to test, so avoid needless changes #}
{%- if wildcard and host.startswith('*.') %}
......@@ -80,10 +76,9 @@ frontend https-backend
{%- do ssl_list.append('crt %s' % (configuration['certificate'],)) %}
{%- endif %}
{%- do ssl_list.append('ssl verify') %}
{%- set path_to_ssl_proxy_ca_crt = slave_instance.get('path_to_ssl_proxy_ca_crt') %}
{%- if slave_instance['ssl_proxy_verify'] %}
{%- if path_to_ssl_proxy_ca_crt %}
{%- do ssl_list.append('required ca-file %s' % (path_to_ssl_proxy_ca_crt,)) %}
{%- if slave_instance['path_to_ssl_proxy_ca_crt'] %}
{%- do ssl_list.append('required ca-file %s' % (slave_instance['path_to_ssl_proxy_ca_crt'],)) %}
{%- else %}
{#- Backend SSL shall be verified, but not CA provided, disallow connection #}
{#- Simply dropping hostname from the dict will result with ignoring it... #}
......
{%- set TRUE_VALUES = ['y', 'yes', '1', 'true'] %}
{%- set enable_cache = slave_parameter.get('enable_cache', '').lower() in TRUE_VALUES %}
{%- set disable_no_cache_header = slave_parameter.get('disable-no-cache-request', '').lower() in TRUE_VALUES %}
{%- set disable_via_header = slave_parameter.get('disable-via-header', '').lower() in TRUE_VALUES %}
{%- set prefer_gzip = slave_parameter.get('prefer-gzip-encoding-to-backend', '').lower() in TRUE_VALUES %}
{%- set proxy_append_list = [('', 'Default proxy configuration')] %}
{%- if prefer_gzip %}
{%- if slave_parameter['prefer-gzip-encoding-to-backend'] %}
{%- do proxy_append_list.append(('prefer-gzip', 'Proxy which always overrides Accept-Encoding to gzip if such is found')) %}
{%- endif %} {#- if prefer_gzip #}
{%- set server_alias_list = slave_parameter.get('server-alias', '').split() %}
{%- set enable_h2 = slave_parameter['global_disable_http2'].lower() not in TRUE_VALUES and slave_parameter.get('enable-http2', slave_parameter['enable_http2_by_default']).lower() in TRUE_VALUES %}
{%- set disabled_cookie_list = slave_parameter.get('disabled-cookie-list', '').split() %}
{%- set https_only = slave_parameter.get('https-only', 'true').lower() in TRUE_VALUES %}
{%- set slave_type = slave_parameter.get('type', '') %}
{%- set host_list = server_alias_list %}
{%- set cipher_list = slave_parameter.get('cipher_list', '').strip() %}
{%- if slave_parameter.get('custom_domain') not in host_list %}
{%- do host_list.append(slave_parameter.get('custom_domain')) %}
{%- endif %}
{%- endif %} {#- if slave_parameter['prefer-gzip-encoding-to-backend'] #}
{%- set http_host_list = [] %}
{%- set https_host_list = [] %}
{%- for host in host_list %}
{%- for host in slave_parameter['host_list'] %}
{%- do http_host_list.append('http://%s:%s' % (host, slave_parameter['http_port'] )) %}
{%- do https_host_list.append('https://%s:%s' % (host, slave_parameter['https_port'] )) %}
{%- endfor %} {#- for host in host_list #}
{%- set default_path = slave_parameter.get('default-path', '').strip('/') | urlencode %}
{%- set websocket_path_list = [] %}
{%- for websocket_path in slave_parameter.get('websocket-path-list', '').split() %}
{%- set websocket_path = websocket_path.strip('/') %}
{#- Unquote the path, so %20 and similar can be represented correctly #}
{%- set websocket_path = urllib_module.unquote(websocket_path.strip()) %}
{%- if websocket_path %}
{%- do websocket_path_list.append(websocket_path) %}
{%- endif %}
{%- endfor %}
{%- set websocket_transparent = slave_parameter.get('websocket-transparent', 'true').lower() in TRUE_VALUES %}
{%- if slave_type in ['notebook', 'websocket'] %}
{# websocket style needs http 1.1 max #}
{%- set enable_h2 = False %}
{%- endif %}
{%- endfor %} {#- for host in slave_parameter['host_list'] #}
{%- macro proxy_header() %}
timeout {{ slave_parameter['request-timeout'] }}s
......@@ -48,9 +18,24 @@
try_interval 250ms
{%- endmacro %} {# proxy_header #}
{%- macro hsts_header(tls) %}
{%- if tls %}
{%- if slave_parameter['strict-transport-security'] > 0 %}
{%- set strict_transport_security = ['max-age=%i' % (slave_parameter['strict-transport-security'],)] %}
{%- if slave_parameter['strict-transport-security-sub-domains'] %}
{%- do strict_transport_security.append('; includeSubDomains') %}
{%- endif %}
{%- if slave_parameter['strict-transport-security-preload'] %}
{%- do strict_transport_security.append('; preload') %}
{%- endif %}
header_downstream Strict-Transport-Security "{{ ''.join(strict_transport_security) }}"
{%- endif %}
{%- endif %}
{%- endmacro %} {# hsts_header #}
{%- for tls in [True, False] %}
{%- if tls %}
{%- set backend_url = slave_parameter.get('backend-https-url', slave_parameter.get('backend-http-url')) %}
{%- set backend_url = slave_parameter.get('backend-https-url', slave_parameter['backend-http-url']) %}
# SSL enabled hosts
{{ https_host_list|join(', ') }} {
{%- else %}
......@@ -61,28 +46,28 @@
bind {{ slave_parameter['local_ipv4'] }}
{%- if tls %}
tls {{ slave_parameter['certificate'] }} {{ slave_parameter['certificate'] }} {
{%- if cipher_list %}
ciphers {{ cipher_list }}
{%- if slave_parameter['ciphers'] %}
ciphers {{ slave_parameter['ciphers'] }}
{%- endif %}
{%- if enable_h2 %}
# Allow HTTP2
{%- if slave_parameter['enable_h2'] %}
# Allow http2
alpn h2 http/1.1
{%- else %} {#- if enable_h2 #}
{%- else %} {#- if slave_parameter['enable_h2'] #}
# Disallow HTTP2
alpn http/1.1
{%- endif %} {#- if enable_h2 #}
{%- endif %} {#- if slave_parameter['enable_h2'] #}
} {# tls #}
{%- endif %} {#- if tls #}
log / {{ slave_parameter.get('access_log') }} "{remote} - {>REMOTE_USER} [{when}] \"{method} {uri} {proto}\" {status} {size} \"{>Referer}\" \"{>User-Agent}\" {latency_ms}" {
log / {{ slave_parameter['access_log'] }} "{remote} - {>REMOTE_USER} [{when}] \"{method} {uri} {proto}\" {status} {size} \"{>Referer}\" \"{>User-Agent}\" {latency_ms}" {
rotate_size 0
}
errors {{ slave_parameter.get('error_log') }} {
errors {{ slave_parameter['error_log'] }} {
rotate_size 0
}
{%- if not (slave_type == 'zope' and backend_url) %}
{% if prefer_gzip and not (not tls and https_only) %}
{%- if not (slave_parameter['type'] == 'zope' and backend_url) %}
{% if slave_parameter['prefer-gzip-encoding-to-backend'] and not (not tls and slave_parameter['https-only']) %}
rewrite {
regexp (.*)
if {>Accept-Encoding} match "(^gzip,.*|.*, gzip,.*|.*, gzip$|^gzip$)"
......@@ -93,90 +78,92 @@
if {>Accept-Encoding} not_match "(^gzip,.*|.*, gzip,.*|.*, gzip$|^gzip$)"
to {1}
}
{% elif slave_type not in ['notebook', 'websocket'] %}
{% elif slave_parameter['type'] not in ['notebook', 'websocket'] %}
rewrite {
regexp (.*)
to {1}
}
{% endif %} {# elif slave_type != 'notebook' #}
{%- endif %} {#- if not (slave_type == 'zope' and backend_url) #}
{% endif %} {# elif slave_parameter['type'] != 'notebook' #}
{%- endif %} {#- if not (slave_parameter['type'] == 'zope' and backend_url) #}
{%- if not tls and https_only %}
{%- if not tls and slave_parameter['https-only'] %}
# Enforced redirection to SSL-enabled host
redir 302 {
/ https://{host}{rewrite_uri}
}
{%- elif slave_type == 'zope' and backend_url %}
{%- elif slave_parameter['type'] == 'zope' and backend_url %}
# Zope configuration
{%- for (proxy_name, proxy_comment) in proxy_append_list %}
# {{ proxy_comment }}
proxy "/{{ proxy_name }}" {{ backend_url }} {
{{ proxy_header() }}
{{ hsts_header(tls) }}
{%- if proxy_name == 'prefer-gzip' %}
without /prefer-gzip
header_upstream Accept-Encoding gzip
{%- endif %} {#- if proxy_name == 'prefer-gzip' #}
{%- for disabled_cookie in disabled_cookie_list %}
{%- for disabled_cookie in slave_parameter['disabled-cookie-list'] %}
# Remove cookie {{ disabled_cookie }} from client Cookies
header_upstream Cookie "(.*)(^{{ disabled_cookie }}=[^;]*; |; {{ disabled_cookie }}=[^;]*|^{{ disabled_cookie }}=[^;]*$)(.*)" "$1 $3"
{%- endfor %} {#- for disabled_cookie in disabled_cookie_list #}
{%- endfor %} {#- for disabled_cookie in slave_parameter['disabled-cookie-list'] #}
{%- if disable_via_header %}
{%- if slave_parameter['disable-via-header'] %}
header_downstream -Via
{%- endif %} {#- if disable_via_header #}
{%- endif %} {#- if slave_parameter['disable-via-header'] #}
{%- if disable_no_cache_header %}
{%- if slave_parameter['disable-no-cache-request'] %}
header_upstream -Cache-Control
header_upstream -Pragma
{%- endif %} {#- if disable_no_cache_header #}
{%- endif %} {#- if slave_parameter['disable-no-cache-request'] #}
transparent
} {# proxy #}
{%- endfor %} {#- for (proxy_name, proxy_comment) in proxy_append_list #}
{%- if default_path %}
{%- if slave_parameter['default-path'] %}
redir 301 {
if {path} is /
/ {scheme}://{host}/{{ default_path }}
/ {scheme}://{host}/{{ slave_parameter['default-path'] }}
} {# redir #}
{%- endif %} {#- if default_path #}
{%- if prefer_gzip and not (not tls and https_only) %}
{%- endif %} {#- if slave_parameter['default-path'] #}
{%- if slave_parameter['prefer-gzip-encoding-to-backend'] and not (not tls and slave_parameter['https-only']) %}
rewrite {
regexp (.*)
if {>Accept-Encoding} match "(^gzip,.*|.*, gzip,.*|.*, gzip$|^gzip$)"
{%- if tls %}
to /prefer-gzip/VirtualHostBase/{scheme}%2F%2F{hostonly}:{{ slave_parameter.get('virtualhostroot-https-port', '443') | int }}%2F{{ slave_parameter.get('path', '').strip('/') }}%2FVirtualHostRoot/{1}
to /prefer-gzip/VirtualHostBase/{scheme}%2F%2F{hostonly}:{{ slave_parameter['virtualhostroot-https-port'] }}%2F{{ slave_parameter['path'] }}%2FVirtualHostRoot/{1}
{%- else %}
to /prefer-gzip/VirtualHostBase/{scheme}%2F%2F{hostonly}:{{ slave_parameter.get('virtualhostroot-http-port', '80') | int }}%2F{{ slave_parameter.get('path', '').strip('/') }}%2FVirtualHostRoot/{1}
to /prefer-gzip/VirtualHostBase/{scheme}%2F%2F{hostonly}:{{ slave_parameter['virtualhostroot-http-port'] }}%2F{{ slave_parameter['path'] }}%2FVirtualHostRoot/{1}
{%- endif %}
}
rewrite {
regexp (.*)
if {>Accept-Encoding} not_match "(^gzip,.*|.*, gzip,.*|.*, gzip$|^gzip$)"
{%- if tls %}
to /VirtualHostBase/{scheme}%2F%2F{hostonly}:{{ slave_parameter.get('virtualhostroot-https-port', '443') | int }}%2F{{ slave_parameter.get('path', '').strip('/') }}%2FVirtualHostRoot/{1}
to /VirtualHostBase/{scheme}%2F%2F{hostonly}:{{ slave_parameter['virtualhostroot-https-port'] }}%2F{{ slave_parameter['path'] }}%2FVirtualHostRoot/{1}
{%- else %}
to /VirtualHostBase/{scheme}%2F%2F{hostonly}:{{ slave_parameter.get('virtualhostroot-http-port', '80') | int }}%2F{{ slave_parameter.get('path', '').strip('/') }}%2FVirtualHostRoot/{1}
to /VirtualHostBase/{scheme}%2F%2F{hostonly}:{{ slave_parameter['virtualhostroot-http-port'] }}%2F{{ slave_parameter['path'] }}%2FVirtualHostRoot/{1}
{%- endif %}
}
{%- else %}
rewrite {
regexp (.*)
{%- if tls %}
to /VirtualHostBase/{scheme}%2F%2F{hostonly}:{{ slave_parameter.get('virtualhostroot-https-port', '443') | int }}%2F{{ slave_parameter.get('path', '').strip('/') }}%2FVirtualHostRoot/{1}
to /VirtualHostBase/{scheme}%2F%2F{hostonly}:{{ slave_parameter['virtualhostroot-https-port'] }}%2F{{ slave_parameter['path'] }}%2FVirtualHostRoot/{1}
{%- else %}
to /VirtualHostBase/{scheme}%2F%2F{hostonly}:{{ slave_parameter.get('virtualhostroot-http-port', '80') | int }}%2F{{ slave_parameter.get('path', '').strip('/') }}%2FVirtualHostRoot/{1}
to /VirtualHostBase/{scheme}%2F%2F{hostonly}:{{ slave_parameter['virtualhostroot-http-port'] }}%2F{{ slave_parameter['path'] }}%2FVirtualHostRoot/{1}
{%- endif %}
} {# rewrite #}
{%- endif %} {#- if prefer_gzip #}
{%- elif slave_type == 'redirect' %}
{%- endif %} {#- if slave_parameter['prefer-gzip-encoding-to-backend'] #}
{%- elif slave_parameter['type'] == 'redirect' %}
{%- if backend_url %}
# Redirect configuration
redir 302 {
/ {{ backend_url }}{rewrite_uri}
}
{%- endif %}
{%- elif slave_type == 'notebook' %}
{%- elif slave_parameter['type'] == 'notebook' %}
proxy / {{ backend_url }} {
{{ proxy_header() }}
{{ hsts_header(tls) }}
transparent
}
rewrite {
......@@ -185,25 +172,28 @@
}
proxy /proxy/ {{ backend_url }} {
{{ proxy_header() }}
{{ hsts_header(tls) }}
transparent
websocket
without /proxy/
}
{%- elif slave_type == 'websocket' %}
{%- if websocket_path_list %}
{%- elif slave_parameter['type'] == 'websocket' %}
{%- if slave_parameter['websocket-path-list'] %}
proxy / {{ backend_url }} {
{{ proxy_header() }}
{%- if websocket_transparent %}
{{ hsts_header(tls) }}
{%- if slave_parameter['websocket-transparent'] %}
transparent
{%- else %}
header_upstream Host {host}
{%- endif %}
}
{%- for websocket_path in websocket_path_list %}
{%- for websocket_path in slave_parameter['websocket-path-list'] %}
proxy "/{{ websocket_path }}" {{ backend_url }} {
{{ proxy_header() }}
{{ hsts_header(tls) }}
websocket
{%- if websocket_transparent %}
{%- if slave_parameter['websocket-transparent'] %}
transparent
{%- else %}
header_upstream Host {host}
......@@ -213,49 +203,51 @@
{%- else %}
proxy / {{ backend_url }} {
{{ proxy_header() }}
{{ hsts_header(tls) }}
websocket
{%- if websocket_transparent %}
{%- if slave_parameter['websocket-transparent'] %}
transparent
{%- else %}
header_upstream Host {host}
{%- endif %}
}
{%- endif %}
{%- else %} {#- if slave_type == 'zope' and backend_url #}
{%- else %} {#- if slave_parameter['type'] == 'zope' and backend_url #}
# Default configuration
{%- if default_path %}
{%- if slave_parameter['default-path'] %}
redir 301 {
if {path} is /
/ {scheme}://{host}/{{ default_path }}
/ {scheme}://{host}/{{ slave_parameter['default-path'] }}
} {# redir #}
{%- endif %} {#- if default_path #}
{%- endif %} {#- if slave_parameter['default-path'] #}
{%- if backend_url %}
{%- for (proxy_name, proxy_comment) in proxy_append_list %}
# {{ proxy_comment }}
proxy "/{{ proxy_name }}" {{ backend_url }} {
{{ proxy_header() }}
{{ hsts_header(tls) }}
{%- if proxy_name == 'prefer-gzip' %}
without /prefer-gzip
header_upstream Accept-Encoding gzip
{%- endif %} {#- if proxy_name == 'prefer-gzip' #}
{%- for disabled_cookie in disabled_cookie_list %}
{%- for disabled_cookie in slave_parameter['disabled-cookie-list'] %}
# Remove cookie {{ disabled_cookie }} from client Cookies
header_upstream Cookie "(.*)(^{{ disabled_cookie }}=[^;]*; |; {{ disabled_cookie }}=[^;]*|^{{ disabled_cookie }}=[^;]*$)(.*)" "$1 $3"
{%- endfor %} {#- for disabled_cookie in disabled_cookie_list #}
{%- endfor %} {#- for disabled_cookie in slave_parameter['disabled-cookie-list'] #}
{%- if disable_via_header %}
{%- if slave_parameter['disable-via-header'] %}
header_downstream -Via
{%- endif %} {#- if disable_via_header #}
{%- endif %} {#- if slave_parameter['disable-via-header'] #}
{%- if disable_no_cache_header %}
{%- if slave_parameter['disable-no-cache-request'] %}
header_upstream -Cache-Control
header_upstream -Pragma
{%- endif %} {#- if disable_no_cache_header #}
{%- endif %} {#- if slave_parameter['disable-no-cache-request'] #}
transparent
} {# proxy #}
{%- endfor %} {#- for (proxy_name, proxy_comment) in proxy_append_list #}
{%- endif %} {#- if backend_url #}
{%- endif %} {#- if slave_type == 'zope' and backend_url #}
{%- endif %} {#- if slave_parameter['type'] == 'zope' and backend_url #}
} {# https_host_list|join(', ') #}
{%- endfor %} {#- for tls in [True, False] #}
......@@ -84,6 +84,9 @@ KEDIFA_PORT = '15080'
# has to be not partition one
SOURCE_IP = '127.0.0.1'
# IP on which test run, in order to mimic HTTP[s] access
TEST_IP = os.environ['SLAPOS_TEST_IPV4']
# "--resolve" inspired from https://stackoverflow.com/a/44378047/9256748
DNS_CACHE = {}
......@@ -254,11 +257,11 @@ def subprocess_output(*args, **kwargs):
return subprocess_status_output(*args, **kwargs)[1]
def isHTTP2(domain, ip):
def isHTTP2(domain):
curl_command = 'curl --http2 -v -k -H "Host: %(domain)s" ' \
'https://%(domain)s:%(https_port)s/ '\
'--resolve %(domain)s:%(https_port)s:%(ip)s' % dict(
ip=ip, domain=domain, https_port=HTTPS_PORT)
ip=TEST_IP, domain=domain, https_port=HTTPS_PORT)
prc = subprocess.Popen(
curl_command.split(), stdout=subprocess.PIPE, stderr=subprocess.PIPE
)
......@@ -395,7 +398,7 @@ class TestDataMixin(object):
self.assertTestData(runtime_data, hash_value_dict=hash_value_dict)
def fakeHTTPSResult(domain, real_ip, path, port=HTTPS_PORT,
def fakeHTTPSResult(domain, path, port=HTTPS_PORT,
headers=None, cookies=None, source_ip=SOURCE_IP):
if headers is None:
headers = {}
......@@ -414,7 +417,7 @@ def fakeHTTPSResult(domain, real_ip, path, port=HTTPS_PORT,
session.mount('https://', new_source)
socket_getaddrinfo = socket.getaddrinfo
try:
add_custom_dns(domain, port, real_ip)
add_custom_dns(domain, port, TEST_IP)
socket.getaddrinfo = new_getaddrinfo
return session.get(
'https://%s:%s/%s' % (domain, port, path),
......@@ -427,7 +430,7 @@ def fakeHTTPSResult(domain, real_ip, path, port=HTTPS_PORT,
socket.getaddrinfo = socket_getaddrinfo
def fakeHTTPResult(domain, real_ip, path, port=HTTP_PORT,
def fakeHTTPResult(domain, path, port=HTTP_PORT,
headers=None, source_ip=SOURCE_IP):
if headers is None:
headers = {}
......@@ -445,7 +448,7 @@ def fakeHTTPResult(domain, real_ip, path, port=HTTP_PORT,
session.mount('http://', new_source)
session.mount('https://', new_source)
return session.get(
'http://%s:%s/%s' % (real_ip, port, path),
'http://%s:%s/%s' % (TEST_IP, port, path),
headers=headers,
allow_redirects=False,
)
......@@ -921,7 +924,7 @@ class HttpFrontendTestCase(SlapOSInstanceTestCase):
def waitForCaddy(cls):
def method():
fakeHTTPSResult(
cls._ipv4_address, cls._ipv4_address,
cls._ipv4_address,
'/',
)
cls.waitForMethod('waitForCaddy', method)
......@@ -1038,10 +1041,10 @@ class SlaveHttpFrontendTestCase(HttpFrontendTestCase):
def waitForSlave(cls):
def method():
for parameter_dict in cls.getSlaveConnectionParameterDictList():
if 'domain' in parameter_dict and 'public-ipv4' in parameter_dict:
if 'domain' in parameter_dict:
try:
fakeHTTPSResult(
parameter_dict['domain'], parameter_dict['public-ipv4'], '/')
parameter_dict['domain'], '/')
except requests.exceptions.InvalidURL:
# ignore slaves to which connection is impossible by default
continue
......@@ -1117,7 +1120,6 @@ class SlaveHttpFrontendTestCase(HttpFrontendTestCase):
'url': 'http://%s.example.com' % (hostname, ),
'site_url': 'http://%s.example.com' % (hostname, ),
'secure_access': 'https://%s.example.com' % (hostname, ),
'public-ipv4': self._ipv4_address,
'backend-client-caucase-url': 'http://[%s]:8990' % self._ipv6_address,
},
parameter_dict
......@@ -1192,7 +1194,6 @@ class TestSlave(SlaveHttpFrontendTestCase, TestDataMixin):
def getInstanceParameterDict(cls):
return {
'domain': 'example.com',
'public-ipv4': cls._ipv4_address,
'port': HTTPS_PORT,
'plain_http_port': HTTP_PORT,
'kedifa_port': KEDIFA_PORT,
......@@ -1246,18 +1247,26 @@ class TestSlave(SlaveHttpFrontendTestCase, TestDataMixin):
'backend-connect-timeout': 10,
'backend-connect-retries': 5,
'request-timeout': 15,
'strict-transport-security': '200',
'strict-transport-security-sub-domains': True,
'strict-transport-security-preload': True,
},
'server-alias': {
'url': cls.backend_url,
'server-alias': 'alias1.example.com alias2.example.com',
'strict-transport-security': '200',
},
'server-alias-empty': {
'url': cls.backend_url,
'server-alias': '',
'strict-transport-security': '200',
'strict-transport-security-sub-domains': True,
},
'server-alias-wildcard': {
'url': cls.backend_url,
'server-alias': '*.alias1.example.com',
'strict-transport-security': '200',
'strict-transport-security-preload': True,
},
'server-alias-duplicated': {
'url': cls.backend_url,
......@@ -1701,7 +1710,7 @@ class TestSlave(SlaveHttpFrontendTestCase, TestDataMixin):
def test_empty(self):
parameter_dict = self.assertSlaveBase('empty')
result = fakeHTTPSResult(
parameter_dict['domain'], parameter_dict['public-ipv4'], 'test-path')
parameter_dict['domain'], 'test-path')
self.assertEqual(
self.certificate_pem,
der2pem(result.peercert))
......@@ -1709,7 +1718,7 @@ class TestSlave(SlaveHttpFrontendTestCase, TestDataMixin):
self.assertEqual(httplib.SERVICE_UNAVAILABLE, result.status_code)
result_http = fakeHTTPResult(
parameter_dict['domain'], parameter_dict['public-ipv4'], 'test-path')
parameter_dict['domain'], 'test-path')
self.assertEqual(
httplib.FOUND,
result_http.status_code
......@@ -1722,7 +1731,7 @@ class TestSlave(SlaveHttpFrontendTestCase, TestDataMixin):
# check that 404 is as configured
result_missing = fakeHTTPSResult(
'forsuredoesnotexists.example.com', parameter_dict['public-ipv4'], '')
'forsuredoesnotexists.example.com', '')
self.assertEqual(httplib.NOT_FOUND, result_missing.status_code)
self.assertEqual(
"""<html>
......@@ -1806,7 +1815,6 @@ class TestSlave(SlaveHttpFrontendTestCase, TestDataMixin):
'url': 'http://%s.example.com' % (hostname, ),
'site_url': 'http://%s.example.com' % (hostname, ),
'secure_access': 'https://%s.example.com' % (hostname, ),
'public-ipv4': self._ipv4_address,
'backend-client-caucase-url': 'http://[%s]:8990' % self._ipv6_address,
'warning-list': [
"slave url ' %s ' has been converted to '%s'" % (
......@@ -1816,7 +1824,7 @@ class TestSlave(SlaveHttpFrontendTestCase, TestDataMixin):
)
result = fakeHTTPSResult(
parameter_dict['domain'], parameter_dict['public-ipv4'],
parameter_dict['domain'],
'test-path/deep/.././deeper',
headers={
'Timeout': '10', # more than default backend-connect-timeout == 5
......@@ -1828,6 +1836,7 @@ class TestSlave(SlaveHttpFrontendTestCase, TestDataMixin):
self.certificate_pem,
der2pem(result.peercert))
self.assertNotIn('Strict-Transport-Security', result.headers)
self.assertEqualResultJson(result, 'Path', '/test-path/deeper')
try:
......@@ -1878,7 +1887,7 @@ class TestSlave(SlaveHttpFrontendTestCase, TestDataMixin):
log_regexp)
result_http = fakeHTTPResult(
parameter_dict['domain'], parameter_dict['public-ipv4'],
parameter_dict['domain'],
'test-path/deep/.././deeper')
self.assertEqual(
......@@ -1956,7 +1965,7 @@ class TestSlave(SlaveHttpFrontendTestCase, TestDataMixin):
# 4. check that you can access this backend via frontend
# (so it means that auth to backend worked)
result = fakeHTTPSResult(
parameter_dict['domain'], parameter_dict['public-ipv4'],
parameter_dict['domain'],
'test-path/deep/.././deeper',
headers={
'Timeout': '10', # more than default backend-connect-timeout == 5
......@@ -2045,7 +2054,7 @@ class TestSlave(SlaveHttpFrontendTestCase, TestDataMixin):
# 4. check that you can access this backend via frontend
# (so it means that auth to backend worked)
result = fakeHTTPSResult(
parameter_dict['domain'], parameter_dict['public-ipv4'],
parameter_dict['domain'],
'test-path/deep/.././deeper',
headers={
'Timeout': '10', # more than default backend-connect-timeout == 5
......@@ -2074,7 +2083,7 @@ class TestSlave(SlaveHttpFrontendTestCase, TestDataMixin):
parameter_dict = self.assertSlaveBase('auth-to-backend-backend-ignore')
result = fakeHTTPSResult(
parameter_dict['domain'], parameter_dict['public-ipv4'],
parameter_dict['domain'],
'test-path/deep/.././deeper',
headers={
'Timeout': '10', # more than default backend-connect-timeout == 5
......@@ -2103,7 +2112,7 @@ class TestSlave(SlaveHttpFrontendTestCase, TestDataMixin):
)
result_http = fakeHTTPResult(
parameter_dict['domain'], parameter_dict['public-ipv4'],
parameter_dict['domain'],
'test-path/deep/.././deeper')
self.assertEqual(
......@@ -2130,7 +2139,6 @@ class TestSlave(SlaveHttpFrontendTestCase, TestDataMixin):
'url': 'http://%s.example.com' % (hostname, ),
'site_url': 'http://%s.example.com' % (hostname, ),
'secure_access': 'https://%s.example.com' % (hostname, ),
'public-ipv4': self._ipv4_address,
'backend-client-caucase-url': 'http://[%s]:8990' % self._ipv6_address,
'warning-list': [
"slave url ' %s ' has been converted to '%s'" % (
......@@ -2140,7 +2148,7 @@ class TestSlave(SlaveHttpFrontendTestCase, TestDataMixin):
)
result_compressed = fakeHTTPSResult(
parameter_dict['domain'], parameter_dict['public-ipv4'],
parameter_dict['domain'],
'test-path/deep/.././deeper',
headers={
'Accept-Encoding': 'gzip',
......@@ -2162,7 +2170,7 @@ class TestSlave(SlaveHttpFrontendTestCase, TestDataMixin):
)
result_not_compressed = fakeHTTPSResult(
parameter_dict['domain'], parameter_dict['public-ipv4'],
parameter_dict['domain'],
'test-path/deep/.././deeper',
headers={
'Accept-Encoding': 'gzip',
......@@ -2183,7 +2191,6 @@ class TestSlave(SlaveHttpFrontendTestCase, TestDataMixin):
'url': 'http://%s.example.com' % (hostname, ),
'site_url': 'http://%s.example.com' % (hostname, ),
'secure_access': 'https://%s.example.com' % (hostname, ),
'public-ipv4': self._ipv4_address,
'backend-client-caucase-url': 'http://[%s]:8990' % self._ipv6_address,
'warning-list': [
"slave url ' %s ' has been converted to '%s'" % (
......@@ -2192,7 +2199,7 @@ class TestSlave(SlaveHttpFrontendTestCase, TestDataMixin):
parameter_dict
)
result = fakeHTTPSResult(
parameter_dict['domain'], parameter_dict['public-ipv4'],
parameter_dict['domain'],
'test-path/deep/.././deeper',
headers={
'Accept-Encoding': 'gzip',
......@@ -2224,7 +2231,6 @@ class TestSlave(SlaveHttpFrontendTestCase, TestDataMixin):
'url': 'http://url.example.com',
'site_url': 'http://url.example.com',
'secure_access': 'https://url.example.com',
'public-ipv4': self._ipv4_address,
},
parameter_dict
)
......@@ -2248,7 +2254,7 @@ class TestSlave(SlaveHttpFrontendTestCase, TestDataMixin):
parameter_dict = self.assertSlaveBase('type-zope-path')
result = fakeHTTPSResult(
parameter_dict['domain'], parameter_dict['public-ipv4'],
parameter_dict['domain'],
'test-path/deep/.././deeper')
self.assertEqual(
......@@ -2268,7 +2274,7 @@ class TestSlave(SlaveHttpFrontendTestCase, TestDataMixin):
parameter_dict = self.assertSlaveBase('type-zope-default-path')
result = fakeHTTPSResult(
parameter_dict['domain'], parameter_dict['public-ipv4'], '')
parameter_dict['domain'], '')
self.assertEqual(
self.certificate_pem,
......@@ -2290,29 +2296,35 @@ class TestSlave(SlaveHttpFrontendTestCase, TestDataMixin):
parameter_dict = self.assertSlaveBase('server-alias')
result = fakeHTTPSResult(
parameter_dict['domain'], parameter_dict['public-ipv4'],
parameter_dict['domain'],
'test-path/deep/.././deeper')
self.assertEqual(
self.certificate_pem,
der2pem(result.peercert))
self.assertEqual(
'max-age=200', result.headers['Strict-Transport-Security'])
self.assertEqualResultJson(result, 'Path', '/test-path/deeper')
result = fakeHTTPSResult(
'alias1.example.com', parameter_dict['public-ipv4'],
'alias1.example.com',
'test-path/deep/.././deeper')
self.assertEqual(
self.certificate_pem,
der2pem(result.peercert))
self.assertEqual(
'max-age=200', result.headers['Strict-Transport-Security'])
self.assertEqualResultJson(result, 'Path', '/test-path/deeper')
result = fakeHTTPSResult(
'alias2.example.com', parameter_dict['public-ipv4'],
'alias2.example.com',
'test-path/deep/.././deeper')
self.assertEqual(
'max-age=200', result.headers['Strict-Transport-Security'])
self.assertEqual(
self.certificate_pem,
der2pem(result.peercert))
......@@ -2321,7 +2333,7 @@ class TestSlave(SlaveHttpFrontendTestCase, TestDataMixin):
parameter_dict = self.assertSlaveBase('server-alias-empty')
result = fakeHTTPSResult(
parameter_dict['domain'], parameter_dict['public-ipv4'],
parameter_dict['domain'],
'test-path/deep/.././deeper',
headers={
'Timeout': '10', # more than default backend-connect-timeout == 5
......@@ -2333,6 +2345,9 @@ class TestSlave(SlaveHttpFrontendTestCase, TestDataMixin):
self.certificate_pem,
der2pem(result.peercert))
self.assertEqual(
'max-age=200; includeSubDomains',
result.headers['Strict-Transport-Security'])
self.assertEqualResultJson(result, 'Path', '/test-path/deeper')
try:
......@@ -2360,28 +2375,33 @@ class TestSlave(SlaveHttpFrontendTestCase, TestDataMixin):
'url': 'http://serveraliaswildcard.example.com',
'site_url': 'http://serveraliaswildcard.example.com',
'secure_access': 'https://serveraliaswildcard.example.com',
'public-ipv4': self._ipv4_address,
'backend-client-caucase-url': 'http://[%s]:8990' % self._ipv6_address,
},
parameter_dict
)
result = fakeHTTPSResult(
parameter_dict['domain'], parameter_dict['public-ipv4'], 'test-path')
parameter_dict['domain'], 'test-path')
self.assertEqual(
self.certificate_pem,
der2pem(result.peercert))
self.assertEqual(
'max-age=200; preload',
result.headers['Strict-Transport-Security'])
self.assertEqualResultJson(result, 'Path', '/test-path')
result = fakeHTTPSResult(
'wild.alias1.example.com', parameter_dict['public-ipv4'], 'test-path')
'wild.alias1.example.com', 'test-path')
self.assertEqual(
self.certificate_pem,
der2pem(result.peercert))
self.assertEqual(
'max-age=200; preload',
result.headers['Strict-Transport-Security'])
self.assertEqualResultJson(result, 'Path', '/test-path')
def test_server_alias_duplicated(self):
......@@ -2395,14 +2415,13 @@ class TestSlave(SlaveHttpFrontendTestCase, TestDataMixin):
'url': 'http://serveraliasduplicated.example.com',
'site_url': 'http://serveraliasduplicated.example.com',
'secure_access': 'https://serveraliasduplicated.example.com',
'public-ipv4': self._ipv4_address,
'backend-client-caucase-url': 'http://[%s]:8990' % self._ipv6_address,
},
parameter_dict
)
result = fakeHTTPSResult(
parameter_dict['domain'], parameter_dict['public-ipv4'], 'test-path')
parameter_dict['domain'], 'test-path')
self.assertEqual(
self.certificate_pem,
......@@ -2411,7 +2430,7 @@ class TestSlave(SlaveHttpFrontendTestCase, TestDataMixin):
self.assertEqualResultJson(result, 'Path', '/test-path')
result = fakeHTTPSResult(
'alias3.example.com', parameter_dict['public-ipv4'], 'test-path')
'alias3.example.com', 'test-path')
self.assertEqual(
self.certificate_pem,
......@@ -2431,14 +2450,13 @@ class TestSlave(SlaveHttpFrontendTestCase, TestDataMixin):
'url': 'http://alias4.example.com',
'site_url': 'http://alias4.example.com',
'secure_access': 'https://alias4.example.com',
'public-ipv4': self._ipv4_address,
'backend-client-caucase-url': 'http://[%s]:8990' % self._ipv6_address,
},
parameter_dict
)
result = fakeHTTPSResult(
parameter_dict['domain'], parameter_dict['public-ipv4'], 'test-path')
parameter_dict['domain'], 'test-path')
self.assertEqual(
self.certificate_pem,
......@@ -2464,7 +2482,6 @@ class TestSlave(SlaveHttpFrontendTestCase, TestDataMixin):
'site_url': 'http://customdomainsslcrtsslkeysslcacrt.example.com',
'secure_access':
'https://customdomainsslcrtsslkeysslcacrt.example.com',
'public-ipv4': self._ipv4_address,
'backend-client-caucase-url': 'http://[%s]:8990' % self._ipv6_address,
},
parameter_dict
......@@ -2488,7 +2505,7 @@ class TestSlave(SlaveHttpFrontendTestCase, TestDataMixin):
self.runKedifaUpdater()
result = fakeHTTPSResult(
parameter_dict['domain'], parameter_dict['public-ipv4'], 'test-path')
parameter_dict['domain'], 'test-path')
self.assertEqual(
self.customdomain_ca_certificate_pem,
......@@ -2516,7 +2533,6 @@ class TestSlave(SlaveHttpFrontendTestCase, TestDataMixin):
'site_url': 'http://sslcacrtonly.example.com',
'secure_access':
'https://sslcacrtonly.example.com',
'public-ipv4': self._ipv4_address,
'backend-client-caucase-url': 'http://[%s]:8990' % self._ipv6_address,
},
parameter_dict
......@@ -2549,7 +2565,6 @@ class TestSlave(SlaveHttpFrontendTestCase, TestDataMixin):
'site_url': 'http://sslcacrtgarbage.example.com',
'secure_access':
'https://sslcacrtgarbage.example.com',
'public-ipv4': self._ipv4_address,
'backend-client-caucase-url': 'http://[%s]:8990' % self._ipv6_address,
},
parameter_dict
......@@ -2575,7 +2590,7 @@ class TestSlave(SlaveHttpFrontendTestCase, TestDataMixin):
self.runKedifaUpdater()
result = fakeHTTPSResult(
parameter_dict['domain'], parameter_dict['public-ipv4'], 'test-path')
parameter_dict['domain'], 'test-path')
self.assertEqual(
ca_certificate_pem,
......@@ -2604,7 +2619,6 @@ class TestSlave(SlaveHttpFrontendTestCase, TestDataMixin):
'site_url': 'http://sslcacrtdoesnotmatch.example.com',
'secure_access':
'https://sslcacrtdoesnotmatch.example.com',
'public-ipv4': self._ipv4_address,
'backend-client-caucase-url': 'http://[%s]:8990' % self._ipv6_address,
},
parameter_dict
......@@ -2626,7 +2640,7 @@ class TestSlave(SlaveHttpFrontendTestCase, TestDataMixin):
self.runKedifaUpdater()
result = fakeHTTPSResult(
parameter_dict['domain'], parameter_dict['public-ipv4'], 'test-path')
parameter_dict['domain'], 'test-path')
self.assertEqual(
self.certificate_pem,
......@@ -2646,7 +2660,7 @@ class TestSlave(SlaveHttpFrontendTestCase, TestDataMixin):
parameter_dict = self.assertSlaveBase('https-only')
result = fakeHTTPSResult(
parameter_dict['domain'], parameter_dict['public-ipv4'],
parameter_dict['domain'],
'test-path/deep/.././deeper')
self.assertEqual(
......@@ -2656,7 +2670,7 @@ class TestSlave(SlaveHttpFrontendTestCase, TestDataMixin):
self.assertEqualResultJson(result, 'Path', '/test-path/deeper')
result_http = fakeHTTPResult(
parameter_dict['domain'], parameter_dict['public-ipv4'],
parameter_dict['domain'],
'test-path/deep/.././deeper')
self.assertEqualResultJson(result_http, 'Path', '/test-path/deeper')
......@@ -2674,14 +2688,13 @@ class TestSlave(SlaveHttpFrontendTestCase, TestDataMixin):
'url': 'http://%s.example.com' % (hostname, ),
'site_url': 'http://%s.example.com' % (hostname, ),
'secure_access': 'https://%s.example.com' % (hostname, ),
'public-ipv4': self._ipv4_address,
'backend-client-caucase-url': 'http://[%s]:8990' % self._ipv6_address,
},
parameter_dict
)
result = fakeHTTPSResult(
parameter_dict['domain'], parameter_dict['public-ipv4'], 'test-path')
parameter_dict['domain'], 'test-path')
self.assertEqual(
self.certificate_pem,
......@@ -2702,14 +2715,13 @@ class TestSlave(SlaveHttpFrontendTestCase, TestDataMixin):
'url': 'http://%s.example.com' % (hostname, ),
'site_url': 'http://%s.example.com' % (hostname, ),
'secure_access': 'https://%s.example.com' % (hostname, ),
'public-ipv4': self._ipv4_address,
'backend-client-caucase-url': 'http://[%s]:8990' % self._ipv6_address,
},
parameter_dict
)
result = fakeHTTPSResult(
parameter_dict['domain'], parameter_dict['public-ipv4'], 'test-path')
parameter_dict['domain'], 'test-path')
self.assertEqual(
self.certificate_pem,
......@@ -2718,7 +2730,7 @@ class TestSlave(SlaveHttpFrontendTestCase, TestDataMixin):
self.assertEqualResultJson(result, 'Path', '/test-path')
result = fakeHTTPSResult(
'mycustomdomainserveralias1.example.com', parameter_dict['public-ipv4'],
'mycustomdomainserveralias1.example.com',
'test-path/deep/.././deeper')
self.assertEqual(
......@@ -2738,14 +2750,13 @@ class TestSlave(SlaveHttpFrontendTestCase, TestDataMixin):
'url': 'http://*.customdomain.example.com',
'site_url': 'http://*.customdomain.example.com',
'secure_access': 'https://*.customdomain.example.com',
'public-ipv4': self._ipv4_address,
'backend-client-caucase-url': 'http://[%s]:8990' % self._ipv6_address,
},
parameter_dict
)
result = fakeHTTPSResult(
'wild.customdomain.example.com', parameter_dict['public-ipv4'],
'wild.customdomain.example.com',
'test-path')
self.assertEqual(
......@@ -2768,7 +2779,6 @@ class TestSlave(SlaveHttpFrontendTestCase, TestDataMixin):
'url': 'http://%s.example.com' % (hostname, ),
'site_url': 'http://%s.example.com' % (hostname, ),
'secure_access': 'https://%s.example.com' % (hostname, ),
'public-ipv4': self._ipv4_address,
'backend-client-caucase-url': 'http://[%s]:8990' % self._ipv6_address,
},
parameter_dict
......@@ -2789,7 +2799,7 @@ class TestSlave(SlaveHttpFrontendTestCase, TestDataMixin):
self.runKedifaUpdater()
result = fakeHTTPSResult(
parameter_dict['domain'], parameter_dict['public-ipv4'], 'test-path')
parameter_dict['domain'], 'test-path')
self.assertEqual(
self.customdomain_certificate_pem,
......@@ -2801,7 +2811,7 @@ class TestSlave(SlaveHttpFrontendTestCase, TestDataMixin):
parameter_dict = self.assertSlaveBase('type-zope')
result = fakeHTTPSResult(
parameter_dict['domain'], parameter_dict['public-ipv4'],
parameter_dict['domain'],
'test-path/deep/.././deeper')
self.assertEqual(
......@@ -2822,7 +2832,7 @@ class TestSlave(SlaveHttpFrontendTestCase, TestDataMixin):
)
result = fakeHTTPResult(
parameter_dict['domain'], parameter_dict['public-ipv4'],
parameter_dict['domain'],
'test-path/deep/.././deeper')
self.assertEqual(
......@@ -2841,7 +2851,7 @@ class TestSlave(SlaveHttpFrontendTestCase, TestDataMixin):
'type-zope-prefer-gzip-encoding-to-backend-https-only')
result = fakeHTTPSResult(
parameter_dict['domain'], parameter_dict['public-ipv4'],
parameter_dict['domain'],
'test-path/deep/.././deeper')
self.assertEqual(
......@@ -2863,7 +2873,7 @@ class TestSlave(SlaveHttpFrontendTestCase, TestDataMixin):
)
result = fakeHTTPResult(
parameter_dict['domain'], parameter_dict['public-ipv4'],
parameter_dict['domain'],
'test-path/deep/.././deeper')
self.assertEqualResultJson(
......@@ -2875,7 +2885,7 @@ class TestSlave(SlaveHttpFrontendTestCase, TestDataMixin):
)
result = fakeHTTPSResult(
parameter_dict['domain'], parameter_dict['public-ipv4'],
parameter_dict['domain'],
'test-path/deep/.././deeper',
headers={'Accept-Encoding': 'gzip, deflate'})
......@@ -2900,7 +2910,7 @@ class TestSlave(SlaveHttpFrontendTestCase, TestDataMixin):
'gzip', result.json()['Incoming Headers']['accept-encoding'])
result = fakeHTTPResult(
parameter_dict['domain'], parameter_dict['public-ipv4'],
parameter_dict['domain'],
'test-path/deep/.././deeper',
headers={'Accept-Encoding': 'gzip, deflate'})
......@@ -2919,7 +2929,7 @@ class TestSlave(SlaveHttpFrontendTestCase, TestDataMixin):
'type-zope-prefer-gzip-encoding-to-backend')
result = fakeHTTPSResult(
parameter_dict['domain'], parameter_dict['public-ipv4'],
parameter_dict['domain'],
'test-path/deep/.././deeper')
self.assertEqual(
......@@ -2941,7 +2951,7 @@ class TestSlave(SlaveHttpFrontendTestCase, TestDataMixin):
)
result = fakeHTTPResult(
parameter_dict['domain'], parameter_dict['public-ipv4'],
parameter_dict['domain'],
'test-path/deep/.././deeper')
self.assertEqual(
......@@ -2956,7 +2966,7 @@ class TestSlave(SlaveHttpFrontendTestCase, TestDataMixin):
)
result = fakeHTTPSResult(
parameter_dict['domain'], parameter_dict['public-ipv4'],
parameter_dict['domain'],
'test-path/deep/.././deeper',
headers={'Accept-Encoding': 'gzip, deflate'})
......@@ -2981,7 +2991,7 @@ class TestSlave(SlaveHttpFrontendTestCase, TestDataMixin):
'gzip', result.json()['Incoming Headers']['accept-encoding'])
result = fakeHTTPResult(
parameter_dict['domain'], parameter_dict['public-ipv4'],
parameter_dict['domain'],
'test-path/deep/.././deeper',
headers={'Accept-Encoding': 'gzip, deflate'})
......@@ -3001,7 +3011,7 @@ class TestSlave(SlaveHttpFrontendTestCase, TestDataMixin):
'type-zope-virtualhostroot-http-port')
result = fakeHTTPResult(
parameter_dict['domain'], parameter_dict['public-ipv4'], 'test-path')
parameter_dict['domain'], 'test-path')
self.assertEqualResultJson(
result,
......@@ -3015,7 +3025,7 @@ class TestSlave(SlaveHttpFrontendTestCase, TestDataMixin):
'type-zope-virtualhostroot-https-port')
result = fakeHTTPSResult(
parameter_dict['domain'], parameter_dict['public-ipv4'], 'test-path')
parameter_dict['domain'], 'test-path')
self.assertEqual(
self.certificate_pem,
......@@ -3041,14 +3051,13 @@ class TestSlave(SlaveHttpFrontendTestCase, TestDataMixin):
'url': 'http://%s.example.com' % (hostname, ),
'site_url': 'http://%s.example.com' % (hostname, ),
'secure_access': 'https://%s.example.com' % (hostname, ),
'public-ipv4': self._ipv4_address,
'backend-client-caucase-url': 'http://[%s]:8990' % self._ipv6_address,
},
parameter_dict
)
result = fakeHTTPSResult(
parameter_dict['domain'], parameter_dict['public-ipv4'],
parameter_dict['domain'],
'test-path',
HTTPS_PORT)
......@@ -3059,7 +3068,7 @@ class TestSlave(SlaveHttpFrontendTestCase, TestDataMixin):
self.assertEqualResultJson(result, 'Path', '/test-path')
result = fakeHTTPSResult(
parameter_dict['domain'], parameter_dict['public-ipv4'],
parameter_dict['domain'],
'test/terminals/websocket/test',
HTTPS_PORT)
......@@ -3069,14 +3078,14 @@ class TestSlave(SlaveHttpFrontendTestCase, TestDataMixin):
self.assertEqualResultJson(result, 'Path', '/terminals/websocket')
self.assertFalse(
isHTTP2(parameter_dict['domain'], parameter_dict['public-ipv4']))
isHTTP2(parameter_dict['domain']))
def test_type_websocket(self):
parameter_dict = self.assertSlaveBase(
'type-websocket')
result = fakeHTTPSResult(
parameter_dict['domain'], parameter_dict['public-ipv4'], 'test-path',
parameter_dict['domain'], 'test-path',
headers={'Connection': 'Upgrade'})
self.assertEqual(
......@@ -3099,14 +3108,14 @@ class TestSlave(SlaveHttpFrontendTestCase, TestDataMixin):
)
self.assertTrue('x-real-ip' in j['Incoming Headers'])
self.assertFalse(
isHTTP2(parameter_dict['domain'], parameter_dict['public-ipv4']))
isHTTP2(parameter_dict['domain']))
def test_type_websocket_websocket_transparent_false(self):
parameter_dict = self.assertSlaveBase(
'type-websocket-websocket-transparent-false')
result = fakeHTTPSResult(
parameter_dict['domain'], parameter_dict['public-ipv4'], 'test-path',
parameter_dict['domain'], 'test-path',
headers={'Connection': 'Upgrade'})
self.assertEqual(
......@@ -3132,14 +3141,14 @@ class TestSlave(SlaveHttpFrontendTestCase, TestDataMixin):
)
self.assertFalse('x-real-ip' in j['Incoming Headers'])
self.assertFalse(
isHTTP2(parameter_dict['domain'], parameter_dict['public-ipv4']))
isHTTP2(parameter_dict['domain']))
def test_type_websocket_websocket_path_list(self):
parameter_dict = self.assertSlaveBase(
'type-websocket-websocket-path-list')
result = fakeHTTPSResult(
parameter_dict['domain'], parameter_dict['public-ipv4'], 'test-path',
parameter_dict['domain'], 'test-path',
headers={'Connection': 'Upgrade'})
self.assertEqual(
......@@ -3152,7 +3161,7 @@ class TestSlave(SlaveHttpFrontendTestCase, TestDataMixin):
'/test-path'
)
self.assertFalse(
isHTTP2(parameter_dict['domain'], parameter_dict['public-ipv4']))
isHTTP2(parameter_dict['domain']))
try:
j = result.json()
except Exception:
......@@ -3161,7 +3170,7 @@ class TestSlave(SlaveHttpFrontendTestCase, TestDataMixin):
self.assertTrue('x-real-ip' in j['Incoming Headers'])
result = fakeHTTPSResult(
parameter_dict['domain'], parameter_dict['public-ipv4'], 'ws/test-path',
parameter_dict['domain'], 'ws/test-path',
headers={'Connection': 'Upgrade'})
self.assertEqualResultJson(
......@@ -3170,7 +3179,7 @@ class TestSlave(SlaveHttpFrontendTestCase, TestDataMixin):
'/ws/test-path'
)
self.assertFalse(
isHTTP2(parameter_dict['domain'], parameter_dict['public-ipv4']))
isHTTP2(parameter_dict['domain']))
try:
j = result.json()
except Exception:
......@@ -3183,7 +3192,7 @@ class TestSlave(SlaveHttpFrontendTestCase, TestDataMixin):
self.assertTrue('x-real-ip' in j['Incoming Headers'])
result = fakeHTTPSResult(
parameter_dict['domain'], parameter_dict['public-ipv4'],
parameter_dict['domain'],
'with%20space/test-path', headers={'Connection': 'Upgrade'})
self.assertEqualResultJson(
......@@ -3192,7 +3201,7 @@ class TestSlave(SlaveHttpFrontendTestCase, TestDataMixin):
'/with%20space/test-path'
)
self.assertFalse(
isHTTP2(parameter_dict['domain'], parameter_dict['public-ipv4']))
isHTTP2(parameter_dict['domain']))
try:
j = result.json()
except Exception:
......@@ -3210,7 +3219,7 @@ class TestSlave(SlaveHttpFrontendTestCase, TestDataMixin):
'type-websocket-websocket-path-list-websocket-transparent-false')
result = fakeHTTPSResult(
parameter_dict['domain'], parameter_dict['public-ipv4'], 'test-path',
parameter_dict['domain'], 'test-path',
headers={'Connection': 'Upgrade'})
self.assertEqual(
......@@ -3223,7 +3232,7 @@ class TestSlave(SlaveHttpFrontendTestCase, TestDataMixin):
'/test-path'
)
self.assertFalse(
isHTTP2(parameter_dict['domain'], parameter_dict['public-ipv4']))
isHTTP2(parameter_dict['domain']))
try:
j = result.json()
except Exception:
......@@ -3235,7 +3244,7 @@ class TestSlave(SlaveHttpFrontendTestCase, TestDataMixin):
self.assertFalse('x-real-ip' in j['Incoming Headers'])
result = fakeHTTPSResult(
parameter_dict['domain'], parameter_dict['public-ipv4'], 'ws/test-path',
parameter_dict['domain'], 'ws/test-path',
headers={'Connection': 'Upgrade'})
self.assertEqualResultJson(
......@@ -3244,7 +3253,7 @@ class TestSlave(SlaveHttpFrontendTestCase, TestDataMixin):
'/ws/test-path'
)
self.assertFalse(
isHTTP2(parameter_dict['domain'], parameter_dict['public-ipv4']))
isHTTP2(parameter_dict['domain']))
try:
j = result.json()
except Exception:
......@@ -3259,7 +3268,7 @@ class TestSlave(SlaveHttpFrontendTestCase, TestDataMixin):
self.assertFalse('x-real-ip' in j['Incoming Headers'])
result = fakeHTTPSResult(
parameter_dict['domain'], parameter_dict['public-ipv4'],
parameter_dict['domain'],
'with%20space/test-path', headers={'Connection': 'Upgrade'})
self.assertEqualResultJson(
......@@ -3268,7 +3277,7 @@ class TestSlave(SlaveHttpFrontendTestCase, TestDataMixin):
'/with%20space/test-path'
)
self.assertFalse(
isHTTP2(parameter_dict['domain'], parameter_dict['public-ipv4']))
isHTTP2(parameter_dict['domain']))
try:
j = result.json()
except Exception:
......@@ -3298,14 +3307,13 @@ class TestSlave(SlaveHttpFrontendTestCase, TestDataMixin):
'url': 'http://typeeventsource.nginx.example.com',
'site_url': 'http://typeeventsource.nginx.example.com',
'secure_access': 'https://typeeventsource.nginx.example.com',
'public-ipv4': self._ipv4_address,
'backend-client-caucase-url': 'http://[%s]:8990' % self._ipv6_address,
},
parameter_dict
)
result = fakeHTTPSResult(
parameter_dict['domain'], parameter_dict['public-ipv4'], 'pub',
parameter_dict['domain'], 'pub',
# NGINX_HTTPS_PORT
)
......@@ -3335,7 +3343,7 @@ class TestSlave(SlaveHttpFrontendTestCase, TestDataMixin):
parameter_dict = self.assertSlaveBase('type-redirect')
result = fakeHTTPSResult(
parameter_dict['domain'], parameter_dict['public-ipv4'],
parameter_dict['domain'],
'test-path/deep/.././deeper')
self.assertEqual(
......@@ -3365,14 +3373,13 @@ class TestSlave(SlaveHttpFrontendTestCase, TestDataMixin):
'url': 'http://%s.example.com' % (hostname, ),
'site_url': 'http://%s.example.com' % (hostname, ),
'secure_access': 'https://%s.example.com' % (hostname, ),
'public-ipv4': self._ipv4_address,
'backend-client-caucase-url': 'http://[%s]:8990' % self._ipv6_address,
},
parameter_dict
)
result = fakeHTTPSResult(
parameter_dict['domain'], parameter_dict['public-ipv4'],
parameter_dict['domain'],
'test-path/deep/.././deeper')
self.assertEqual(
......@@ -3404,14 +3411,13 @@ class TestSlave(SlaveHttpFrontendTestCase, TestDataMixin):
'http://sslproxyverifysslproxycacrtunverified.example.com',
'secure_access':
'https://sslproxyverifysslproxycacrtunverified.example.com',
'public-ipv4': self._ipv4_address,
'backend-client-caucase-url': 'http://[%s]:8990' % self._ipv6_address,
},
parameter_dict
)
result = fakeHTTPSResult(
parameter_dict['domain'], parameter_dict['public-ipv4'], 'test-path')
parameter_dict['domain'], 'test-path')
self.assertEqual(
self.certificate_pem,
......@@ -3423,7 +3429,7 @@ class TestSlave(SlaveHttpFrontendTestCase, TestDataMixin):
)
result_http = fakeHTTPResult(
parameter_dict['domain'], parameter_dict['public-ipv4'], 'test-path')
parameter_dict['domain'], 'test-path')
self.assertEqual(
httplib.FOUND,
......@@ -3440,7 +3446,7 @@ class TestSlave(SlaveHttpFrontendTestCase, TestDataMixin):
parameter_dict = self.assertSlaveBase('ssl-proxy-verify_ssl_proxy_ca_crt')
result = fakeHTTPSResult(
parameter_dict['domain'], parameter_dict['public-ipv4'], 'test-path')
parameter_dict['domain'], 'test-path')
self.assertEqual(
self.certificate_pem,
......@@ -3462,7 +3468,7 @@ class TestSlave(SlaveHttpFrontendTestCase, TestDataMixin):
)
result_http = fakeHTTPResult(
parameter_dict['domain'], parameter_dict['public-ipv4'], 'test-path')
parameter_dict['domain'], 'test-path')
self.assertEqual(
httplib.FOUND,
......@@ -3479,7 +3485,7 @@ class TestSlave(SlaveHttpFrontendTestCase, TestDataMixin):
parameter_dict = self.assertSlaveBase('ssl-proxy-verify-unverified')
result = fakeHTTPSResult(
parameter_dict['domain'], parameter_dict['public-ipv4'], 'test-path')
parameter_dict['domain'], 'test-path')
self.assertEqual(
self.certificate_pem,
......@@ -3507,14 +3513,13 @@ class TestSlave(SlaveHttpFrontendTestCase, TestDataMixin):
'http://enablecachesslproxyverifysslproxycacrtunverified.example.com',
'secure_access':
'https://enablecachesslproxyverifysslproxycacrtunverified.example.com',
'public-ipv4': self._ipv4_address,
'backend-client-caucase-url': 'http://[%s]:8990' % self._ipv6_address,
},
parameter_dict
)
result = fakeHTTPSResult(
parameter_dict['domain'], parameter_dict['public-ipv4'],
parameter_dict['domain'],
'test-path/deep/.././deeper')
self.assertEqual(
......@@ -3527,7 +3532,7 @@ class TestSlave(SlaveHttpFrontendTestCase, TestDataMixin):
)
result_http = fakeHTTPResult(
parameter_dict['domain'], parameter_dict['public-ipv4'],
parameter_dict['domain'],
'test-path/deeper')
self.assertEqual(
......@@ -3546,7 +3551,7 @@ class TestSlave(SlaveHttpFrontendTestCase, TestDataMixin):
'enable_cache-ssl-proxy-verify_ssl_proxy_ca_crt')
result = fakeHTTPSResult(
parameter_dict['domain'], parameter_dict['public-ipv4'],
parameter_dict['domain'],
'test-path/deep/.././deeper')
self.assertEqual(
......@@ -3580,7 +3585,7 @@ class TestSlave(SlaveHttpFrontendTestCase, TestDataMixin):
'enable_cache-ssl-proxy-verify-unverified')
result = fakeHTTPSResult(
parameter_dict['domain'], parameter_dict['public-ipv4'], 'test-path')
parameter_dict['domain'], 'test-path')
self.assertEqual(
self.certificate_pem,
......@@ -3607,14 +3612,13 @@ class TestSlave(SlaveHttpFrontendTestCase, TestDataMixin):
'http://typezopesslproxyverifysslproxycacrtunverified.example.com',
'secure_access':
'https://typezopesslproxyverifysslproxycacrtunverified.example.com',
'public-ipv4': self._ipv4_address,
'backend-client-caucase-url': 'http://[%s]:8990' % self._ipv6_address,
},
parameter_dict
)
result = fakeHTTPSResult(
parameter_dict['domain'], parameter_dict['public-ipv4'], 'test-path')
parameter_dict['domain'], 'test-path')
self.assertEqual(
self.certificate_pem,
......@@ -3626,7 +3630,7 @@ class TestSlave(SlaveHttpFrontendTestCase, TestDataMixin):
)
result_http = fakeHTTPResult(
parameter_dict['domain'], parameter_dict['public-ipv4'], 'test-path')
parameter_dict['domain'], 'test-path')
self.assertEqual(
httplib.FOUND,
......@@ -3644,7 +3648,7 @@ class TestSlave(SlaveHttpFrontendTestCase, TestDataMixin):
'type-zope-ssl-proxy-verify_ssl_proxy_ca_crt')
result = fakeHTTPSResult(
parameter_dict['domain'], parameter_dict['public-ipv4'], 'test-path')
parameter_dict['domain'], 'test-path')
self.assertEqual(
self.certificate_pem,
......@@ -3665,7 +3669,7 @@ class TestSlave(SlaveHttpFrontendTestCase, TestDataMixin):
)
result = fakeHTTPResult(
parameter_dict['domain'], parameter_dict['public-ipv4'], 'test-path')
parameter_dict['domain'], 'test-path')
self.assertEqual(
httplib.FOUND,
......@@ -3683,7 +3687,7 @@ class TestSlave(SlaveHttpFrontendTestCase, TestDataMixin):
'type-zope-ssl-proxy-verify-unverified')
result = fakeHTTPSResult(
parameter_dict['domain'], parameter_dict['public-ipv4'], 'test-path')
parameter_dict['domain'], 'test-path')
self.assertEqual(
self.certificate_pem,
......@@ -3698,7 +3702,7 @@ class TestSlave(SlaveHttpFrontendTestCase, TestDataMixin):
parameter_dict = self.assertSlaveBase('monitor-ipv6-test')
result = fakeHTTPSResult(
parameter_dict['domain'], parameter_dict['public-ipv4'], 'test-path')
parameter_dict['domain'], 'test-path')
self.assertEqual(
self.certificate_pem,
......@@ -3707,7 +3711,7 @@ class TestSlave(SlaveHttpFrontendTestCase, TestDataMixin):
self.assertEqual(httplib.SERVICE_UNAVAILABLE, result.status_code)
result_http = fakeHTTPResult(
parameter_dict['domain'], parameter_dict['public-ipv4'], 'test-path')
parameter_dict['domain'], 'test-path')
self.assertEqual(
httplib.FOUND,
result_http.status_code
......@@ -3735,7 +3739,7 @@ class TestSlave(SlaveHttpFrontendTestCase, TestDataMixin):
parameter_dict = self.assertSlaveBase('monitor-ipv4-test')
result = fakeHTTPSResult(
parameter_dict['domain'], parameter_dict['public-ipv4'], 'test-path')
parameter_dict['domain'], 'test-path')
self.assertEqual(
self.certificate_pem,
......@@ -3744,7 +3748,7 @@ class TestSlave(SlaveHttpFrontendTestCase, TestDataMixin):
self.assertEqual(httplib.SERVICE_UNAVAILABLE, result.status_code)
result_http = fakeHTTPResult(
parameter_dict['domain'], parameter_dict['public-ipv4'], 'test-path')
parameter_dict['domain'], 'test-path')
self.assertEqual(
httplib.FOUND,
result_http.status_code
......@@ -3773,7 +3777,7 @@ class TestSlave(SlaveHttpFrontendTestCase, TestDataMixin):
parameter_dict = self.assertSlaveBase('ciphers')
result = fakeHTTPSResult(
parameter_dict['domain'], parameter_dict['public-ipv4'], 'test-path')
parameter_dict['domain'], 'test-path')
self.assertEqual(
self.certificate_pem,
......@@ -3782,7 +3786,7 @@ class TestSlave(SlaveHttpFrontendTestCase, TestDataMixin):
self.assertEqual(httplib.SERVICE_UNAVAILABLE, result.status_code)
result_http = fakeHTTPResult(
parameter_dict['domain'], parameter_dict['public-ipv4'], 'test-path')
parameter_dict['domain'], 'test-path')
self.assertEqual(
httplib.FOUND,
......@@ -3816,14 +3820,13 @@ class TestSlave(SlaveHttpFrontendTestCase, TestDataMixin):
'url': 'http://%s.example.com' % (hostname, ),
'site_url': 'http://%s.example.com' % (hostname, ),
'secure_access': 'https://%s.example.com' % (hostname, ),
'public-ipv4': self._ipv4_address,
'backend-client-caucase-url': 'http://[%s]:8990' % self._ipv6_address,
},
parameter_dict
)
result = fakeHTTPSResult(
parameter_dict['domain'], parameter_dict['public-ipv4'],
parameter_dict['domain'],
'test-path/deep/.././deeper', headers={
'X-Reply-Header-Cache-Control': 'max-age=1, stale-while-'
'revalidate=3600, stale-if-error=3600'})
......@@ -3865,7 +3868,7 @@ class TestSlave(SlaveHttpFrontendTestCase, TestDataMixin):
parameter_dict = self.assertSlaveBase('enable_cache_server_alias')
result = fakeHTTPSResult(
parameter_dict['domain'], parameter_dict['public-ipv4'],
parameter_dict['domain'],
'test-path/deep/.././deeper', headers={
'X-Reply-Header-Cache-Control': 'max-age=1, stale-while-'
'revalidate=3600, stale-if-error=3600'})
......@@ -3904,7 +3907,7 @@ class TestSlave(SlaveHttpFrontendTestCase, TestDataMixin):
)
result = fakeHTTPResult(
'enablecacheserveralias1.example.com', parameter_dict['public-ipv4'],
'enablecacheserveralias1.example.com',
'test-path/deep/.././deeper', headers={
'X-Reply-Header-Cache-Control': 'max-age=1, stale-while-'
'revalidate=3600, stale-if-error=3600'})
......@@ -3924,7 +3927,7 @@ class TestSlave(SlaveHttpFrontendTestCase, TestDataMixin):
source_ip = '127.0.0.1'
result = fakeHTTPSResult(
parameter_dict['domain'], parameter_dict['public-ipv4'],
parameter_dict['domain'],
'test-path/deep/.././deeper', headers={
'X-Reply-Header-Cache-Control': 'max-age=1, stale-while-'
'revalidate=3600, stale-if-error=3600',
......@@ -4073,7 +4076,7 @@ class TestSlave(SlaveHttpFrontendTestCase, TestDataMixin):
def checkResult(status_code, body):
result = fakeHTTPSResult(
parameter_dict['domain'], parameter_dict['public-ipv4'], path,
parameter_dict['domain'], path,
source_ip=source_ip
)
self.assertEqual(result.status_code, status_code)
......@@ -4118,7 +4121,7 @@ class TestSlave(SlaveHttpFrontendTestCase, TestDataMixin):
source_ip = '127.0.0.1'
result = fakeHTTPSResult(
parameter_dict['domain'], parameter_dict['public-ipv4'],
parameter_dict['domain'],
'test-path/deep/.././deeper', headers={
'X-Reply-Header-Cache-Control': 'max-age=1, stale-while-'
'revalidate=3600, stale-if-error=3600',
......@@ -4169,7 +4172,7 @@ class TestSlave(SlaveHttpFrontendTestCase, TestDataMixin):
self.stopServerProcess()
result = fakeHTTPSResult(
parameter_dict['domain'], parameter_dict['public-ipv4'],
parameter_dict['domain'],
'test-path/deep/.././deeper', headers={
'X-Reply-Header-Cache-Control': 'max-age=1',
},
......@@ -4185,7 +4188,7 @@ class TestSlave(SlaveHttpFrontendTestCase, TestDataMixin):
# check that timeout seen by ATS does not result in many queries done
# to the backend and that next request works like a charm
result = fakeHTTPSResult(
parameter_dict['domain'], parameter_dict['public-ipv4'],
parameter_dict['domain'],
'test_enable_cache_ats_timeout', headers={
'Timeout': '15',
'X-Reply-Header-Cache-Control': 'max-age=1, stale-while-'
......@@ -4252,7 +4255,7 @@ class TestSlave(SlaveHttpFrontendTestCase, TestDataMixin):
# the result is available immediately after
result = fakeHTTPSResult(
parameter_dict['domain'], parameter_dict['public-ipv4'],
parameter_dict['domain'],
'test-path/deep/.././deeper', headers={
'X-Reply-Header-Cache-Control': 'max-age=1, stale-while-'
'revalidate=3600, stale-if-error=3600'})
......@@ -4264,7 +4267,7 @@ class TestSlave(SlaveHttpFrontendTestCase, TestDataMixin):
'enable_cache-disable-no-cache-request')
result = fakeHTTPSResult(
parameter_dict['domain'], parameter_dict['public-ipv4'], 'test-path',
parameter_dict['domain'], 'test-path',
headers={'Pragma': 'no-cache', 'Cache-Control': 'something'})
self.assertEqual(
......@@ -4312,7 +4315,7 @@ class TestSlave(SlaveHttpFrontendTestCase, TestDataMixin):
parameter_dict = self.assertSlaveBase('enable_cache-disable-via-header')
result = fakeHTTPSResult(
parameter_dict['domain'], parameter_dict['public-ipv4'], 'test-path')
parameter_dict['domain'], 'test-path')
self.assertEqual(
self.certificate_pem,
......@@ -4353,7 +4356,7 @@ class TestSlave(SlaveHttpFrontendTestCase, TestDataMixin):
parameter_dict = self.assertSlaveBase('enable-http2-false')
result = fakeHTTPSResult(
parameter_dict['domain'], parameter_dict['public-ipv4'], 'test-path')
parameter_dict['domain'], 'test-path')
self.assertEqual(
self.certificate_pem,
......@@ -4381,13 +4384,13 @@ class TestSlave(SlaveHttpFrontendTestCase, TestDataMixin):
)
self.assertFalse(
isHTTP2(parameter_dict['domain'], parameter_dict['public-ipv4']))
isHTTP2(parameter_dict['domain']))
def test_enable_http2_default(self):
parameter_dict = self.assertSlaveBase('enable-http2-default')
result = fakeHTTPSResult(
parameter_dict['domain'], parameter_dict['public-ipv4'], 'test-path')
parameter_dict['domain'], 'test-path')
self.assertEqual(
self.certificate_pem,
......@@ -4415,14 +4418,14 @@ class TestSlave(SlaveHttpFrontendTestCase, TestDataMixin):
)
self.assertTrue(
isHTTP2(parameter_dict['domain'], parameter_dict['public-ipv4']))
isHTTP2(parameter_dict['domain']))
def test_prefer_gzip_encoding_to_backend_https_only(self):
parameter_dict = self.assertSlaveBase(
'prefer-gzip-encoding-to-backend-https-only')
result = fakeHTTPSResult(
parameter_dict['domain'], parameter_dict['public-ipv4'],
parameter_dict['domain'],
'test-path/deep/.././deeper',
headers={'Accept-Encoding': 'gzip, deflate'})
......@@ -4438,7 +4441,7 @@ class TestSlave(SlaveHttpFrontendTestCase, TestDataMixin):
'gzip', result.json()['Incoming Headers']['accept-encoding'])
result = fakeHTTPSResult(
parameter_dict['domain'], parameter_dict['public-ipv4'],
parameter_dict['domain'],
'test-path/deep/.././deeper',
headers={'Accept-Encoding': 'deflate'})
......@@ -4450,7 +4453,7 @@ class TestSlave(SlaveHttpFrontendTestCase, TestDataMixin):
'deflate', result.json()['Incoming Headers']['accept-encoding'])
result = fakeHTTPSResult(
parameter_dict['domain'], parameter_dict['public-ipv4'],
parameter_dict['domain'],
'test-path/deep/.././deeper')
self.assertEqual(
......@@ -4460,13 +4463,13 @@ class TestSlave(SlaveHttpFrontendTestCase, TestDataMixin):
self.assertEqualResultJson(result, 'Path', '/test-path/deeper')
result = fakeHTTPSResult(
parameter_dict['domain'], parameter_dict['public-ipv4'],
parameter_dict['domain'],
'test-path/deep/.././deeper')
self.assertEqualResultJson(result, 'Path', '/test-path/deeper')
result = fakeHTTPResult(
parameter_dict['domain'], parameter_dict['public-ipv4'],
parameter_dict['domain'],
'test-path/deep/.././deeper',
headers={'Accept-Encoding': 'gzip, deflate'})
......@@ -4479,7 +4482,7 @@ class TestSlave(SlaveHttpFrontendTestCase, TestDataMixin):
'gzip', result.json()['Incoming Headers']['accept-encoding'])
result = fakeHTTPResult(
parameter_dict['domain'], parameter_dict['public-ipv4'],
parameter_dict['domain'],
'test-path/deep/.././deeper',
headers={'Accept-Encoding': 'deflate'})
......@@ -4492,13 +4495,13 @@ class TestSlave(SlaveHttpFrontendTestCase, TestDataMixin):
'deflate', result.json()['Incoming Headers']['accept-encoding'])
result = fakeHTTPResult(
parameter_dict['domain'], parameter_dict['public-ipv4'],
parameter_dict['domain'],
'test-path/deep/.././deeper')
self.assertEqualResultJson(result, 'Path', '/test-path/deeper')
result = fakeHTTPResult(
parameter_dict['domain'], parameter_dict['public-ipv4'],
parameter_dict['domain'],
'test-path/deep/.././deeper')
self.assertEqualResultJson(result, 'Path', '/test-path/deeper')
......@@ -4508,7 +4511,7 @@ class TestSlave(SlaveHttpFrontendTestCase, TestDataMixin):
'prefer-gzip-encoding-to-backend')
result = fakeHTTPSResult(
parameter_dict['domain'], parameter_dict['public-ipv4'],
parameter_dict['domain'],
'test-path/deep/.././deeper',
headers={'Accept-Encoding': 'gzip, deflate'})
......@@ -4524,7 +4527,7 @@ class TestSlave(SlaveHttpFrontendTestCase, TestDataMixin):
'gzip', result.json()['Incoming Headers']['accept-encoding'])
result = fakeHTTPSResult(
parameter_dict['domain'], parameter_dict['public-ipv4'],
parameter_dict['domain'],
'test-path/deep/.././deeper',
headers={'Accept-Encoding': 'deflate'})
......@@ -4536,7 +4539,7 @@ class TestSlave(SlaveHttpFrontendTestCase, TestDataMixin):
'deflate', result.json()['Incoming Headers']['accept-encoding'])
result = fakeHTTPSResult(
parameter_dict['domain'], parameter_dict['public-ipv4'],
parameter_dict['domain'],
'test-path/deep/.././deeper')
self.assertEqual(
......@@ -4546,13 +4549,13 @@ class TestSlave(SlaveHttpFrontendTestCase, TestDataMixin):
self.assertEqualResultJson(result, 'Path', '/test-path/deeper')
result = fakeHTTPSResult(
parameter_dict['domain'], parameter_dict['public-ipv4'],
parameter_dict['domain'],
'test-path/deep/.././deeper')
self.assertEqualResultJson(result, 'Path', '/test-path/deeper')
result = fakeHTTPResult(
parameter_dict['domain'], parameter_dict['public-ipv4'],
parameter_dict['domain'],
'test-path/deep/.././deeper',
headers={'Accept-Encoding': 'gzip, deflate'})
......@@ -4567,7 +4570,7 @@ class TestSlave(SlaveHttpFrontendTestCase, TestDataMixin):
)
result = fakeHTTPResult(
parameter_dict['domain'], parameter_dict['public-ipv4'],
parameter_dict['domain'],
'test-path/deep/.././deeper',
headers={'Accept-Encoding': 'deflate'})
......@@ -4582,7 +4585,7 @@ class TestSlave(SlaveHttpFrontendTestCase, TestDataMixin):
)
result = fakeHTTPResult(
parameter_dict['domain'], parameter_dict['public-ipv4'],
parameter_dict['domain'],
'test-path/deep/.././deeper')
self.assertEqual(
......@@ -4596,7 +4599,7 @@ class TestSlave(SlaveHttpFrontendTestCase, TestDataMixin):
)
result = fakeHTTPResult(
parameter_dict['domain'], parameter_dict['public-ipv4'],
parameter_dict['domain'],
'test-path/deep/.././deeper')
self.assertEqual(
......@@ -4613,7 +4616,7 @@ class TestSlave(SlaveHttpFrontendTestCase, TestDataMixin):
parameter_dict = self.assertSlaveBase('disabled-cookie-list')
result = fakeHTTPSResult(
parameter_dict['domain'], parameter_dict['public-ipv4'], 'test-path',
parameter_dict['domain'], 'test-path',
cookies=dict(
Chocolate='absent',
Vanilia='absent',
......@@ -4635,17 +4638,21 @@ class TestSlave(SlaveHttpFrontendTestCase, TestDataMixin):
parameter_dict = self.assertSlaveBase('url_https-url')
result = fakeHTTPSResult(
parameter_dict['domain'], parameter_dict['public-ipv4'],
parameter_dict['domain'],
'test-path/deep/.././deeper')
self.assertEqual(
self.certificate_pem,
der2pem(result.peercert))
self.assertEqual(
'max-age=200; includeSubDomains; preload',
result.headers['Strict-Transport-Security'])
self.assertEqualResultJson(result, 'Path', '/https/test-path/deeper')
result_http = fakeHTTPResult(
parameter_dict['domain'], parameter_dict['public-ipv4'],
parameter_dict['domain'],
'test-path/deep/.././deeper')
self.assertEqual(
......@@ -4653,6 +4660,8 @@ class TestSlave(SlaveHttpFrontendTestCase, TestDataMixin):
result_http.status_code
)
self.assertNotIn('Strict-Transport-Security', result_http.headers)
self.assertEqual(
'https://urlhttpsurl.example.com:%s/test-path/deeper' % (HTTP_PORT,),
result_http.headers['Location']
......@@ -4675,7 +4684,6 @@ class TestReplicateSlave(SlaveHttpFrontendTestCase, TestDataMixin):
def getInstanceParameterDict(cls):
return {
'domain': 'example.com',
'public-ipv4': cls._ipv4_address,
'-frontend-quantity': 2,
'-sla-2-computer_guid': cls.slap._computer_id,
'-frontend-2-state': 'stopped',
......@@ -4705,14 +4713,13 @@ class TestReplicateSlave(SlaveHttpFrontendTestCase, TestDataMixin):
'url': 'http://replicate.example.com',
'site_url': 'http://replicate.example.com',
'secure_access': 'https://replicate.example.com',
'public-ipv4': self._ipv4_address,
'backend-client-caucase-url': 'http://[%s]:8990' % self._ipv6_address,
},
parameter_dict
)
result = fakeHTTPSResult(
parameter_dict['domain'], parameter_dict['public-ipv4'], 'test-path')
parameter_dict['domain'], 'test-path')
self.assertEqual(
self.certificate_pem,
......@@ -4721,7 +4728,7 @@ class TestReplicateSlave(SlaveHttpFrontendTestCase, TestDataMixin):
self.assertEqualResultJson(result, 'Path', '/test-path')
result_http = fakeHTTPResult(
parameter_dict['domain'], parameter_dict['public-ipv4'], 'test-path')
parameter_dict['domain'], 'test-path')
self.assertEqualResultJson(result_http, 'Path', '/test-path')
# prove 2nd frontend by inspection of the instance
......@@ -4743,7 +4750,6 @@ class TestReplicateSlaveOtherDestroyed(SlaveHttpFrontendTestCase):
def getInstanceParameterDict(cls):
return {
'domain': 'example.com',
'public-ipv4': cls._ipv4_address,
'-frontend-quantity': 2,
'-sla-2-computer_guid': cls.slap._computer_id,
'-frontend-2-state': 'destroyed',
......@@ -4783,7 +4789,6 @@ class TestEnableHttp2ByDefaultFalseSlave(SlaveHttpFrontendTestCase,
def getInstanceParameterDict(cls):
return {
'domain': 'example.com',
'public-ipv4': cls._ipv4_address,
'enable-http2-by-default': 'false',
'port': HTTPS_PORT,
'plain_http_port': HTTP_PORT,
......@@ -4820,14 +4825,13 @@ class TestEnableHttp2ByDefaultFalseSlave(SlaveHttpFrontendTestCase,
'site_url': 'http://enablehttp2default.example.com',
'secure_access':
'https://enablehttp2default.example.com',
'public-ipv4': self._ipv4_address,
'backend-client-caucase-url': 'http://[%s]:8990' % self._ipv6_address,
},
parameter_dict
)
self.assertFalse(
isHTTP2(parameter_dict['domain'], parameter_dict['public-ipv4']))
isHTTP2(parameter_dict['domain']))
def test_enable_http2_false(self):
parameter_dict = self.parseSlaveParameterDict('enable-http2-false')
......@@ -4841,14 +4845,13 @@ class TestEnableHttp2ByDefaultFalseSlave(SlaveHttpFrontendTestCase,
'site_url': 'http://enablehttp2false.example.com',
'secure_access':
'https://enablehttp2false.example.com',
'public-ipv4': self._ipv4_address,
'backend-client-caucase-url': 'http://[%s]:8990' % self._ipv6_address,
},
parameter_dict
)
self.assertFalse(
isHTTP2(parameter_dict['domain'], parameter_dict['public-ipv4']))
isHTTP2(parameter_dict['domain']))
def test_enable_http2_true(self):
parameter_dict = self.parseSlaveParameterDict('enable-http2-true')
......@@ -4862,14 +4865,13 @@ class TestEnableHttp2ByDefaultFalseSlave(SlaveHttpFrontendTestCase,
'site_url': 'http://enablehttp2true.example.com',
'secure_access':
'https://enablehttp2true.example.com',
'public-ipv4': self._ipv4_address,
'backend-client-caucase-url': 'http://[%s]:8990' % self._ipv6_address,
},
parameter_dict
)
self.assertTrue(
isHTTP2(parameter_dict['domain'], parameter_dict['public-ipv4']))
isHTTP2(parameter_dict['domain']))
class TestEnableHttp2ByDefaultDefaultSlave(SlaveHttpFrontendTestCase,
......@@ -4878,7 +4880,6 @@ class TestEnableHttp2ByDefaultDefaultSlave(SlaveHttpFrontendTestCase,
def getInstanceParameterDict(cls):
return {
'domain': 'example.com',
'public-ipv4': cls._ipv4_address,
'port': HTTPS_PORT,
'plain_http_port': HTTP_PORT,
'kedifa_port': KEDIFA_PORT,
......@@ -4914,14 +4915,13 @@ class TestEnableHttp2ByDefaultDefaultSlave(SlaveHttpFrontendTestCase,
'site_url': 'http://enablehttp2default.example.com',
'secure_access':
'https://enablehttp2default.example.com',
'public-ipv4': self._ipv4_address,
'backend-client-caucase-url': 'http://[%s]:8990' % self._ipv6_address,
},
parameter_dict
)
self.assertTrue(
isHTTP2(parameter_dict['domain'], parameter_dict['public-ipv4']))
isHTTP2(parameter_dict['domain']))
def test_enable_http2_false(self):
parameter_dict = self.parseSlaveParameterDict('enable-http2-false')
......@@ -4935,14 +4935,13 @@ class TestEnableHttp2ByDefaultDefaultSlave(SlaveHttpFrontendTestCase,
'site_url': 'http://enablehttp2false.example.com',
'secure_access':
'https://enablehttp2false.example.com',
'public-ipv4': self._ipv4_address,
'backend-client-caucase-url': 'http://[%s]:8990' % self._ipv6_address,
},
parameter_dict
)
self.assertFalse(
isHTTP2(parameter_dict['domain'], parameter_dict['public-ipv4']))
isHTTP2(parameter_dict['domain']))
def test_enable_http2_true(self):
parameter_dict = self.parseSlaveParameterDict('enable-http2-true')
......@@ -4957,13 +4956,12 @@ class TestEnableHttp2ByDefaultDefaultSlave(SlaveHttpFrontendTestCase,
'site_url': 'http://enablehttp2true.example.com',
'secure_access':
'https://enablehttp2true.example.com',
'public-ipv4': self._ipv4_address,
},
parameter_dict
)
self.assertTrue(
isHTTP2(parameter_dict['domain'], parameter_dict['public-ipv4']))
isHTTP2(parameter_dict['domain']))
class TestRe6stVerificationUrlDefaultSlave(SlaveHttpFrontendTestCase,
......@@ -5002,7 +5000,6 @@ class TestRe6stVerificationUrlDefaultSlave(SlaveHttpFrontendTestCase,
'url': 'http://default.None',
'site_url': 'http://default.None',
'secure_access': 'https://default.None',
'public-ipv4': 'None',
'backend-client-caucase-url': 'http://[%s]:8990' % self._ipv6_address,
},
parameter_dict
......@@ -5057,7 +5054,6 @@ class TestRe6stVerificationUrlSlave(SlaveHttpFrontendTestCase,
'url': 'http://default.None',
'site_url': 'http://default.None',
'secure_access': 'https://default.None',
'public-ipv4': 'None',
},
parameter_dict
)
......@@ -5078,59 +5074,6 @@ class TestRe6stVerificationUrlSlave(SlaveHttpFrontendTestCase,
)
@skip('Impossible to instantiate cluster with stopped partition')
class TestDefaultMonitorHttpdPort(SlaveHttpFrontendTestCase, TestDataMixin):
@classmethod
def getInstanceParameterDict(cls):
return {
'-frontend-1-state': 'stopped',
'port': HTTPS_PORT,
'plain_http_port': HTTP_PORT,
'kedifa_port': KEDIFA_PORT,
'caucase_port': CAUCASE_PORT,
}
@classmethod
def runKedifaUpdater(cls):
return
@classmethod
def getSlaveParameterDictDict(cls):
return {
'test': {
'url': cls.backend_url,
},
'testcached': {
'url': cls.backend_url,
'enable_cache': True,
},
}
def test(self):
parameter_dict = self.parseSlaveParameterDict('test')
self.assertKeyWithPop('log-access-url', parameter_dict)
self.assertKedifaKeysWithPop(parameter_dict)
self.assertEqual(
{
'domain': 'test.None', 'replication_number': '1',
'url': 'http://test.None', 'site_url': 'http://test.None',
'backend-client-caucase-url': 'http://[%s]:8990' % self._ipv6_address,
'secure_access': 'https://test.None', 'public-ipv4': 'None'},
parameter_dict
)
master_monitor_conf = open(os.path.join(
self.instance_path, 'T-0', 'etc',
'monitor-httpd.conf')).read()
slave_monitor_conf = open(os.path.join(
self.instance_path, 'T-2', 'etc',
'monitor-httpd.conf')).read()
self.assertTrue(
'Listen [%s]:8196' % (self._ipv6_address,) in master_monitor_conf)
self.assertTrue(
'Listen [%s]:8072' % (self._ipv6_address,) in slave_monitor_conf)
class TestSlaveGlobalDisableHttp2(TestSlave):
@classmethod
def getInstanceParameterDict(cls):
......@@ -5151,14 +5094,13 @@ class TestSlaveGlobalDisableHttp2(TestSlave):
'site_url': 'http://enablehttp2default.example.com',
'secure_access':
'https://enablehttp2default.example.com',
'public-ipv4': self._ipv4_address,
'backend-client-caucase-url': 'http://[%s]:8990' % self._ipv6_address,
},
parameter_dict
)
result = fakeHTTPSResult(
parameter_dict['domain'], parameter_dict['public-ipv4'], 'test-path')
parameter_dict['domain'], 'test-path')
self.assertEqual(
self.certificate_pem,
......@@ -5186,7 +5128,7 @@ class TestSlaveGlobalDisableHttp2(TestSlave):
)
self.assertFalse(
isHTTP2(parameter_dict['domain'], parameter_dict['public-ipv4']))
isHTTP2(parameter_dict['domain']))
class TestEnableHttp2ByDefaultFalseSlaveGlobalDisableHttp2(
......@@ -5211,14 +5153,13 @@ class TestEnableHttp2ByDefaultFalseSlaveGlobalDisableHttp2(
'site_url': 'http://enablehttp2true.example.com',
'secure_access':
'https://enablehttp2true.example.com',
'public-ipv4': self._ipv4_address,
'backend-client-caucase-url': 'http://[%s]:8990' % self._ipv6_address,
},
parameter_dict
)
self.assertFalse(
isHTTP2(parameter_dict['domain'], parameter_dict['public-ipv4']))
isHTTP2(parameter_dict['domain']))
class TestEnableHttp2ByDefaultDefaultSlaveGlobalDisableHttp2(
......@@ -5243,14 +5184,13 @@ class TestEnableHttp2ByDefaultDefaultSlaveGlobalDisableHttp2(
'site_url': 'http://enablehttp2true.example.com',
'secure_access':
'https://enablehttp2true.example.com',
'public-ipv4': self._ipv4_address,
'backend-client-caucase-url': 'http://[%s]:8990' % self._ipv6_address,
},
parameter_dict
)
self.assertFalse(
isHTTP2(parameter_dict['domain'], parameter_dict['public-ipv4']))
isHTTP2(parameter_dict['domain']))
def test_enable_http2_default(self):
parameter_dict = self.parseSlaveParameterDict('enable-http2-default')
......@@ -5264,14 +5204,13 @@ class TestEnableHttp2ByDefaultDefaultSlaveGlobalDisableHttp2(
'site_url': 'http://enablehttp2default.example.com',
'secure_access':
'https://enablehttp2default.example.com',
'public-ipv4': self._ipv4_address,
'backend-client-caucase-url': 'http://[%s]:8990' % self._ipv6_address,
},
parameter_dict
)
self.assertFalse(
isHTTP2(parameter_dict['domain'], parameter_dict['public-ipv4']))
isHTTP2(parameter_dict['domain']))
class TestSlaveSlapOSMasterCertificateCompatibilityOverrideMaster(
......@@ -5294,7 +5233,6 @@ class TestSlaveSlapOSMasterCertificateCompatibilityOverrideMaster(
def getInstanceParameterDict(cls):
return {
'domain': 'example.com',
'public-ipv4': cls._ipv4_address,
'apache-certificate': cls.certificate_pem,
'apache-key': cls.key_pem,
'port': HTTPS_PORT,
......@@ -5326,14 +5264,13 @@ class TestSlaveSlapOSMasterCertificateCompatibilityOverrideMaster(
'url': 'http://%s.example.com' % (hostname, ),
'site_url': 'http://%s.example.com' % (hostname, ),
'secure_access': 'https://%s.example.com' % (hostname, ),
'public-ipv4': self._ipv4_address,
'backend-client-caucase-url': 'http://[%s]:8990' % self._ipv6_address,
},
parameter_dict
)
result = fakeHTTPSResult(
parameter_dict['domain'], parameter_dict['public-ipv4'], 'test-path')
parameter_dict['domain'], 'test-path')
self.assertEqual(
self.certificate_pem,
......@@ -5356,7 +5293,7 @@ class TestSlaveSlapOSMasterCertificateCompatibilityOverrideMaster(
self.runKedifaUpdater()
result = fakeHTTPSResult(
parameter_dict['domain'], parameter_dict['public-ipv4'], 'test-path')
parameter_dict['domain'], 'test-path')
self.assertEqual(
certificate_pem,
......@@ -5433,7 +5370,6 @@ class TestSlaveSlapOSMasterCertificateCompatibility(
def getInstanceParameterDict(cls):
return {
'domain': 'example.com',
'public-ipv4': cls._ipv4_address,
'apache-certificate': cls.certificate_pem,
'apache-key': cls.key_pem,
'port': HTTPS_PORT,
......@@ -5599,14 +5535,13 @@ class TestSlaveSlapOSMasterCertificateCompatibility(
'url': 'http://%s.example.com' % (hostname, ),
'site_url': 'http://%s.example.com' % (hostname, ),
'secure_access': 'https://%s.example.com' % (hostname, ),
'public-ipv4': self._ipv4_address,
'backend-client-caucase-url': 'http://[%s]:8990' % self._ipv6_address,
},
parameter_dict
)
result = fakeHTTPSResult(
parameter_dict['domain'], parameter_dict['public-ipv4'], 'test-path')
parameter_dict['domain'], 'test-path')
self.assertEqual(
self.certificate_pem,
......@@ -5627,14 +5562,13 @@ class TestSlaveSlapOSMasterCertificateCompatibility(
'url': 'http://%s.example.com' % (hostname, ),
'site_url': 'http://%s.example.com' % (hostname, ),
'secure_access': 'https://%s.example.com' % (hostname, ),
'public-ipv4': self._ipv4_address,
'backend-client-caucase-url': 'http://[%s]:8990' % self._ipv6_address,
},
parameter_dict
)
result = fakeHTTPSResult(
parameter_dict['domain'], parameter_dict['public-ipv4'], 'test-path')
parameter_dict['domain'], 'test-path')
self.assertEqual(
self.certificate_pem,
......@@ -5661,7 +5595,7 @@ class TestSlaveSlapOSMasterCertificateCompatibility(
self.runKedifaUpdater()
result = fakeHTTPSResult(
parameter_dict['domain'], parameter_dict['public-ipv4'], 'test-path')
parameter_dict['domain'], 'test-path')
self.assertEqual(
certificate_pem,
......@@ -5683,7 +5617,6 @@ class TestSlaveSlapOSMasterCertificateCompatibility(
'url': 'http://%s.example.com' % (hostname, ),
'site_url': 'http://%s.example.com' % (hostname, ),
'secure_access': 'https://%s.example.com' % (hostname, ),
'public-ipv4': self._ipv4_address,
'backend-client-caucase-url': 'http://[%s]:8990' % self._ipv6_address,
'warning-list': [
'ssl_crt is obsolete, please use key-upload-url',
......@@ -5694,7 +5627,7 @@ class TestSlaveSlapOSMasterCertificateCompatibility(
)
result = fakeHTTPSResult(
parameter_dict['domain'], parameter_dict['public-ipv4'], 'test-path')
parameter_dict['domain'], 'test-path')
self.assertEqual(
self.ssl_from_slave_certificate_pem,
......@@ -5716,7 +5649,6 @@ class TestSlaveSlapOSMasterCertificateCompatibility(
'url': 'http://%s.example.com' % (hostname, ),
'site_url': 'http://%s.example.com' % (hostname, ),
'secure_access': 'https://%s.example.com' % (hostname, ),
'public-ipv4': self._ipv4_address,
'backend-client-caucase-url': 'http://[%s]:8990' % self._ipv6_address,
'warning-list': [
'ssl_crt is obsolete, please use key-upload-url',
......@@ -5727,7 +5659,7 @@ class TestSlaveSlapOSMasterCertificateCompatibility(
)
result = fakeHTTPSResult(
parameter_dict['domain'], parameter_dict['public-ipv4'], 'test-path')
parameter_dict['domain'], 'test-path')
self.assertEqual(
self.ssl_from_slave_kedifa_overrides_certificate_pem,
......@@ -5755,7 +5687,7 @@ class TestSlaveSlapOSMasterCertificateCompatibility(
self.runKedifaUpdater()
result = fakeHTTPSResult(
parameter_dict['domain'], parameter_dict['public-ipv4'], 'test-path')
parameter_dict['domain'], 'test-path')
self.assertEqual(
certificate_pem,
......@@ -5776,14 +5708,13 @@ class TestSlaveSlapOSMasterCertificateCompatibility(
'url': 'http://%s.example.com' % (hostname, ),
'site_url': 'http://%s.example.com' % (hostname, ),
'secure_access': 'https://%s.example.com' % (hostname, ),
'public-ipv4': self._ipv4_address,
'backend-client-caucase-url': 'http://[%s]:8990' % self._ipv6_address,
},
parameter_dict
)
result = fakeHTTPSResult(
parameter_dict['domain'], parameter_dict['public-ipv4'], 'test-path',
parameter_dict['domain'], 'test-path',
HTTPS_PORT)
self.assertEqual(
......@@ -5805,14 +5736,13 @@ class TestSlaveSlapOSMasterCertificateCompatibility(
'url': 'http://%s.example.com' % (hostname, ),
'site_url': 'http://%s.example.com' % (hostname, ),
'secure_access': 'https://%s.example.com' % (hostname, ),
'public-ipv4': self._ipv4_address,
'backend-client-caucase-url': 'http://[%s]:8990' % self._ipv6_address,
},
parameter_dict
)
result = fakeHTTPSResult(
parameter_dict['domain'], parameter_dict['public-ipv4'], 'test-path',
parameter_dict['domain'], 'test-path',
HTTPS_PORT)
self.assertEqual(
......@@ -5841,7 +5771,7 @@ class TestSlaveSlapOSMasterCertificateCompatibility(
self.runKedifaUpdater()
result = fakeHTTPSResult(
parameter_dict['domain'], parameter_dict['public-ipv4'], 'test-path',
parameter_dict['domain'], 'test-path',
HTTPS_PORT)
self.assertEqual(
......@@ -5863,7 +5793,6 @@ class TestSlaveSlapOSMasterCertificateCompatibility(
'url': 'http://%s.example.com' % (hostname, ),
'site_url': 'http://%s.example.com' % (hostname, ),
'secure_access': 'https://%s.example.com' % (hostname, ),
'public-ipv4': self._ipv4_address,
'backend-client-caucase-url': 'http://[%s]:8990' % self._ipv6_address,
'warning-list': [
'ssl_crt is obsolete, please use key-upload-url',
......@@ -5874,7 +5803,7 @@ class TestSlaveSlapOSMasterCertificateCompatibility(
)
result = fakeHTTPSResult(
parameter_dict['domain'], parameter_dict['public-ipv4'], 'test-path',
parameter_dict['domain'], 'test-path',
HTTPS_PORT)
self.assertEqual(
......@@ -5896,7 +5825,6 @@ class TestSlaveSlapOSMasterCertificateCompatibility(
'url': 'http://%s.example.com' % (hostname, ),
'site_url': 'http://%s.example.com' % (hostname, ),
'secure_access': 'https://%s.example.com' % (hostname, ),
'public-ipv4': self._ipv4_address,
'backend-client-caucase-url': 'http://[%s]:8990' % self._ipv6_address,
'warning-list': [
'ssl_crt is obsolete, please use key-upload-url',
......@@ -5907,7 +5835,7 @@ class TestSlaveSlapOSMasterCertificateCompatibility(
)
result = fakeHTTPSResult(
parameter_dict['domain'], parameter_dict['public-ipv4'], 'test-path',
parameter_dict['domain'], 'test-path',
HTTPS_PORT)
self.assertEqual(
......@@ -5936,7 +5864,7 @@ class TestSlaveSlapOSMasterCertificateCompatibility(
self.runKedifaUpdater()
result = fakeHTTPSResult(
parameter_dict['domain'], parameter_dict['public-ipv4'], 'test-path',
parameter_dict['domain'], 'test-path',
HTTPS_PORT)
self.assertEqual(
......@@ -5960,7 +5888,6 @@ class TestSlaveSlapOSMasterCertificateCompatibility(
'url': 'http://%s.example.com' % (hostname, ),
'site_url': 'http://%s.example.com' % (hostname, ),
'secure_access': 'https://%s.example.com' % (hostname, ),
'public-ipv4': self._ipv4_address,
'backend-client-caucase-url': 'http://[%s]:8990' % self._ipv6_address,
'warning-list': ['ssl_key is obsolete, please use key-upload-url',
'ssl_crt is obsolete, please use key-upload-url']
......@@ -5969,7 +5896,7 @@ class TestSlaveSlapOSMasterCertificateCompatibility(
)
result = fakeHTTPSResult(
parameter_dict['domain'], parameter_dict['public-ipv4'], 'test-path')
parameter_dict['domain'], 'test-path')
self.assertEqual(
self.customdomain_certificate_pem,
......@@ -5990,7 +5917,6 @@ class TestSlaveSlapOSMasterCertificateCompatibility(
'site_url': 'http://customdomainsslcrtsslkeysslcacrt.example.com',
'secure_access':
'https://customdomainsslcrtsslkeysslcacrt.example.com',
'public-ipv4': self._ipv4_address,
'backend-client-caucase-url': 'http://[%s]:8990' % self._ipv6_address,
'warning-list': [
'ssl_ca_crt is obsolete, please use key-upload-url',
......@@ -6002,7 +5928,7 @@ class TestSlaveSlapOSMasterCertificateCompatibility(
)
result = fakeHTTPSResult(
parameter_dict['domain'], parameter_dict['public-ipv4'], 'test-path')
parameter_dict['domain'], 'test-path')
self.assertEqual(
self.customdomain_ca_certificate_pem,
......@@ -6046,7 +5972,7 @@ class TestSlaveSlapOSMasterCertificateCompatibility(
self.slap.waitForInstance()
self.runKedifaUpdater()
result = fakeHTTPSResult(
parameter_dict['domain'], parameter_dict['public-ipv4'], 'test-path')
parameter_dict['domain'], 'test-path')
self.assertEqual(
customdomain_ca_certificate_pem,
......@@ -6079,7 +6005,6 @@ class TestSlaveSlapOSMasterCertificateCompatibility(
'site_url': 'http://sslcacrtgarbage.example.com',
'secure_access':
'https://sslcacrtgarbage.example.com',
'public-ipv4': self._ipv4_address,
'backend-client-caucase-url': 'http://[%s]:8990' % self._ipv6_address,
'warning-list': [
'ssl_ca_crt is obsolete, please use key-upload-url',
......@@ -6090,7 +6015,7 @@ class TestSlaveSlapOSMasterCertificateCompatibility(
)
result = fakeHTTPSResult(
parameter_dict['domain'], parameter_dict['public-ipv4'], 'test-path')
parameter_dict['domain'], 'test-path')
self.assertEqual(
self.sslcacrtgarbage_ca_certificate_pem,
......@@ -6111,7 +6036,6 @@ class TestSlaveSlapOSMasterCertificateCompatibility(
'site_url': 'http://sslcacrtdoesnotmatch.example.com',
'secure_access':
'https://sslcacrtdoesnotmatch.example.com',
'public-ipv4': self._ipv4_address,
'backend-client-caucase-url': 'http://[%s]:8990' % self._ipv6_address,
'warning-list': [
'ssl_ca_crt is obsolete, please use key-upload-url',
......@@ -6123,7 +6047,7 @@ class TestSlaveSlapOSMasterCertificateCompatibility(
)
result = fakeHTTPSResult(
parameter_dict['domain'], parameter_dict['public-ipv4'], 'test-path')
parameter_dict['domain'], 'test-path')
self.assertEqual(
self.certificate_pem,
......@@ -6175,7 +6099,6 @@ class TestSlaveSlapOSMasterCertificateCompatibilityUpdate(
'apache-certificate': cls.certificate_pem,
'apache-key': cls.key_pem,
})
cls.instance_parameter_dict['public-ipv4'] = cls._ipv4_address
return cls.instance_parameter_dict
@classmethod
......@@ -6225,14 +6148,13 @@ class TestSlaveSlapOSMasterCertificateCompatibilityUpdate(
'url': 'http://%s.example.com' % (hostname, ),
'site_url': 'http://%s.example.com' % (hostname, ),
'secure_access': 'https://%s.example.com' % (hostname, ),
'public-ipv4': self._ipv4_address,
'backend-client-caucase-url': 'http://[%s]:8990' % self._ipv6_address,
},
parameter_dict
)
result = fakeHTTPSResult(
parameter_dict['domain'], parameter_dict['public-ipv4'], 'test-path')
parameter_dict['domain'], 'test-path')
self.assertEqual(
self.certificate_pem,
......@@ -6257,7 +6179,7 @@ class TestSlaveSlapOSMasterCertificateCompatibilityUpdate(
self.runKedifaUpdater()
result = fakeHTTPSResult(
parameter_dict['domain'], parameter_dict['public-ipv4'], 'test-path')
parameter_dict['domain'], 'test-path')
self.assertEqual(
certificate_pem,
......@@ -6271,7 +6193,6 @@ class TestSlaveCiphers(SlaveHttpFrontendTestCase, TestDataMixin):
def getInstanceParameterDict(cls):
return {
'domain': 'example.com',
'public-ipv4': cls._ipv4_address,
'port': HTTPS_PORT,
'plain_http_port': HTTP_PORT,
'kedifa_port': KEDIFA_PORT,
......@@ -6320,7 +6241,7 @@ class TestSlaveCiphers(SlaveHttpFrontendTestCase, TestDataMixin):
parameter_dict = self.assertSlaveBase('default_ciphers')
result = fakeHTTPSResult(
parameter_dict['domain'], parameter_dict['public-ipv4'], 'test-path')
parameter_dict['domain'], 'test-path')
self.assertEqual(
self.certificate_pem,
......@@ -6329,7 +6250,7 @@ class TestSlaveCiphers(SlaveHttpFrontendTestCase, TestDataMixin):
self.assertEqual(httplib.OK, result.status_code)
result_http = fakeHTTPResult(
parameter_dict['domain'], parameter_dict['public-ipv4'], 'test-path')
parameter_dict['domain'], 'test-path')
self.assertEqual(httplib.FOUND, result_http.status_code)
configuration_file = glob.glob(
......@@ -6346,7 +6267,7 @@ class TestSlaveCiphers(SlaveHttpFrontendTestCase, TestDataMixin):
parameter_dict = self.assertSlaveBase('own_ciphers')
result = fakeHTTPSResult(
parameter_dict['domain'], parameter_dict['public-ipv4'], 'test-path')
parameter_dict['domain'], 'test-path')
self.assertEqual(
self.certificate_pem,
......@@ -6355,7 +6276,7 @@ class TestSlaveCiphers(SlaveHttpFrontendTestCase, TestDataMixin):
self.assertEqual(httplib.OK, result.status_code)
result_http = fakeHTTPResult(
parameter_dict['domain'], parameter_dict['public-ipv4'], 'test-path')
parameter_dict['domain'], 'test-path')
self.assertEqual(httplib.FOUND, result_http.status_code)
configuration_file = glob.glob(
......@@ -6379,7 +6300,6 @@ class TestSlaveRejectReportUnsafeDamaged(SlaveHttpFrontendTestCase):
def getInstanceParameterDict(cls):
return {
'domain': 'example.com',
'public-ipv4': cls._ipv4_address,
'port': HTTPS_PORT,
'plain_http_port': HTTP_PORT,
'kedifa_port': KEDIFA_PORT,
......@@ -6541,8 +6461,8 @@ class TestSlaveRejectReportUnsafeDamaged(SlaveHttpFrontendTestCase):
'monitor-base-url': 'https://[%s]:8401' % self._ipv6_address,
'backend-client-caucase-url': 'http://[%s]:8990' % self._ipv6_address,
'domain': 'example.com',
'accepted-slave-amount': '7',
'rejected-slave-amount': '24',
'accepted-slave-amount': '5',
'rejected-slave-amount': '26',
'slave-amount': '31',
'rejected-slave-dict': {
'_HTTPS-URL': ['slave https-url "https://[fd46::c2ae]:!py!u\'123123\'"'
......@@ -6575,6 +6495,10 @@ class TestSlaveRejectReportUnsafeDamaged(SlaveHttpFrontendTestCase):
'_BAD-BACKEND': [
"slave https-url 'http://host.domain:badport' invalid",
"slave url 'http://1:2:3:4' invalid"],
'_VIRTUALHOSTROOT-HTTP-PORT-UNSAFE': [
"Wrong virtualhostroot-http-port '${section:option}'"],
'_VIRTUALHOSTROOT-HTTPS-PORT-UNSAFE': [
"Wrong virtualhostroot-https-port '${section:option}'"],
'_EMPTY-BACKEND': [
"slave https-url '' invalid",
"slave url '' invalid"],
......@@ -6659,14 +6583,13 @@ class TestSlaveRejectReportUnsafeDamaged(SlaveHttpFrontendTestCase):
'url': 'http://serveraliassame.example.com',
'site_url': 'http://serveraliassame.example.com',
'secure_access': 'https://serveraliassame.example.com',
'public-ipv4': self._ipv4_address,
'backend-client-caucase-url': 'http://[%s]:8990' % self._ipv6_address,
},
parameter_dict
)
result = fakeHTTPSResult(
parameter_dict['domain'], parameter_dict['public-ipv4'], 'test-path')
parameter_dict['domain'], 'test-path')
self.assertEqual(
self.certificate_pem,
......@@ -6711,60 +6634,27 @@ class TestSlaveRejectReportUnsafeDamaged(SlaveHttpFrontendTestCase):
def test_virtualhostroot_http_port_unsafe(self):
parameter_dict = self.parseSlaveParameterDict(
'VIRTUALHOSTROOT-HTTP-PORT-UNSAFE')
self.assertLogAccessUrlWithPop(parameter_dict)
self.assertKedifaKeysWithPop(parameter_dict)
self.assertEqual(
{
'domain': 'virtualhostroothttpportunsafe.example.com',
'replication_number': '1',
'url': 'http://virtualhostroothttpportunsafe.example.com',
'site_url': 'http://virtualhostroothttpportunsafe.example.com',
'secure_access':
'https://virtualhostroothttpportunsafe.example.com',
'public-ipv4': self._ipv4_address,
'backend-client-caucase-url': 'http://[%s]:8990' % self._ipv6_address,
'request-error-list': [
"Wrong virtualhostroot-http-port '${section:option}'"
]
},
parameter_dict
)
result = fakeHTTPResult(
parameter_dict['domain'], parameter_dict['public-ipv4'], 'test-path')
self.assertEqual(httplib.FOUND, result.status_code)
def test_virtualhostroot_https_port_unsafe(self):
parameter_dict = self.parseSlaveParameterDict(
'VIRTUALHOSTROOT-HTTPS-PORT-UNSAFE')
self.assertLogAccessUrlWithPop(parameter_dict)
self.assertKedifaKeysWithPop(parameter_dict)
self.assertEqual(
{
'domain': 'virtualhostroothttpsportunsafe.example.com',
'replication_number': '1',
'url': 'http://virtualhostroothttpsportunsafe.example.com',
'site_url': 'http://virtualhostroothttpsportunsafe.example.com',
'secure_access':
'https://virtualhostroothttpsportunsafe.example.com',
'public-ipv4': self._ipv4_address,
'backend-client-caucase-url': 'http://[%s]:8990' % self._ipv6_address,
'request-error-list': [
"Wrong virtualhostroot-https-port '${section:option}'"
]
},
parameter_dict
)
result = fakeHTTPSResult(
parameter_dict['domain'], parameter_dict['public-ipv4'], 'test-path')
self.assertEqual(
self.certificate_pem,
der2pem(result.peercert))
self.assertEqualResultJson(
result,
'Path',
'/VirtualHostBase/https//virtualhostroothttpsportunsafe'
'.example.com:0//VirtualHostRoot/test-path'
)
def default_path_unsafe(self):
parameter_dict = self.parseSlaveParameterDict('DEFAULT-PATH-UNSAFE')
self.assertLogAccessUrlWithPop(parameter_dict)
......@@ -6776,14 +6666,13 @@ class TestSlaveRejectReportUnsafeDamaged(SlaveHttpFrontendTestCase):
'url': 'http://defaultpathunsafe.example.com',
'site_url': 'http://defaultpathunsafe.example.com',
'secure_access': 'https://defaultpathunsafe.example.com',
'public-ipv4': self._ipv4_address,
'backend-client-caucase-url': 'http://[%s]:8990' % self._ipv6_address,
},
parameter_dict
)
result = fakeHTTPSResult(
parameter_dict['domain'], parameter_dict['public-ipv4'], '')
parameter_dict['domain'], '')
self.assertEqual(
self.certificate_pem,
......@@ -6811,14 +6700,13 @@ class TestSlaveRejectReportUnsafeDamaged(SlaveHttpFrontendTestCase):
'url': 'http://monitoripv4testunsafe.example.com',
'site_url': 'http://monitoripv4testunsafe.example.com',
'secure_access': 'https://monitoripv4testunsafe.example.com',
'public-ipv4': self._ipv4_address,
'backend-client-caucase-url': 'http://[%s]:8990' % self._ipv6_address,
},
parameter_dict
)
result = fakeHTTPSResult(
parameter_dict['domain'], parameter_dict['public-ipv4'], 'test-path')
parameter_dict['domain'], 'test-path')
self.assertEqual(
self.certificate_pem,
......@@ -6827,7 +6715,7 @@ class TestSlaveRejectReportUnsafeDamaged(SlaveHttpFrontendTestCase):
self.assertEqual(httplib.SERVICE_UNAVAILABLE, result.status_code)
result_http = fakeHTTPResult(
parameter_dict['domain'], parameter_dict['public-ipv4'], 'test-path')
parameter_dict['domain'], 'test-path')
self.assertEqual(httplib.FOUND, result_http.status_code)
monitor_file = glob.glob(
......@@ -6856,14 +6744,13 @@ class TestSlaveRejectReportUnsafeDamaged(SlaveHttpFrontendTestCase):
'url': 'http://monitoripv6testunsafe.example.com',
'site_url': 'http://monitoripv6testunsafe.example.com',
'secure_access': 'https://monitoripv6testunsafe.example.com',
'public-ipv4': self._ipv4_address,
'backend-client-caucase-url': 'http://[%s]:8990' % self._ipv6_address,
},
parameter_dict
)
result = fakeHTTPSResult(
parameter_dict['domain'], parameter_dict['public-ipv4'], 'test-path')
parameter_dict['domain'], 'test-path')
self.assertEqual(
self.certificate_pem,
......@@ -6872,7 +6759,7 @@ class TestSlaveRejectReportUnsafeDamaged(SlaveHttpFrontendTestCase):
self.assertEqual(httplib.SERVICE_UNAVAILABLE, result.status_code)
result_http = fakeHTTPResult(
parameter_dict['domain'], parameter_dict['public-ipv4'], 'test-path')
parameter_dict['domain'], 'test-path')
self.assertEqual(httplib.FOUND, result_http.status_code)
monitor_file = glob.glob(
......@@ -6899,7 +6786,6 @@ class TestSlaveRejectReportUnsafeDamaged(SlaveHttpFrontendTestCase):
'url': 'http://duplicate.example.com',
'site_url': 'http://duplicate.example.com',
'secure_access': 'https://duplicate.example.com',
'public-ipv4': self._ipv4_address,
'backend-client-caucase-url': 'http://[%s]:8990' % self._ipv6_address,
},
parameter_dict
......@@ -6986,7 +6872,6 @@ class TestSlaveHostHaproxyClash(SlaveHttpFrontendTestCase, TestDataMixin):
def getInstanceParameterDict(cls):
return {
'domain': 'example.com',
'public-ipv4': cls._ipv4_address,
'port': HTTPS_PORT,
'plain_http_port': HTTP_PORT,
'kedifa_port': KEDIFA_PORT,
......@@ -7025,7 +6910,6 @@ class TestSlaveHostHaproxyClash(SlaveHttpFrontendTestCase, TestDataMixin):
'url': 'http://%s.example.com' % (hostname, ),
'site_url': 'http://%s.example.com' % (hostname, ),
'secure_access': 'https://%s.example.com' % (hostname, ),
'public-ipv4': self._ipv4_address,
'backend-client-caucase-url': 'http://[%s]:8990' % self._ipv6_address,
},
parameter_dict_wildcard
......@@ -7041,14 +6925,13 @@ class TestSlaveHostHaproxyClash(SlaveHttpFrontendTestCase, TestDataMixin):
'url': 'http://%s.example.com' % (hostname, ),
'site_url': 'http://%s.example.com' % (hostname, ),
'secure_access': 'https://%s.example.com' % (hostname, ),
'public-ipv4': self._ipv4_address,
'backend-client-caucase-url': 'http://[%s]:8990' % self._ipv6_address,
},
parameter_dict_specific
)
result_wildcard = fakeHTTPSResult(
'other.alias1.example.com', parameter_dict_wildcard['public-ipv4'],
'other.alias1.example.com',
'test-path',
headers={
'Timeout': '10', # more than default backend-connect-timeout == 5
......@@ -7059,7 +6942,7 @@ class TestSlaveHostHaproxyClash(SlaveHttpFrontendTestCase, TestDataMixin):
self.assertEqualResultJson(result_wildcard, 'Path', '/wildcard/test-path')
result_specific = fakeHTTPSResult(
'zspecific.alias1.example.com', parameter_dict_specific['public-ipv4'],
'zspecific.alias1.example.com',
'test-path',
headers={
'Timeout': '10', # more than default backend-connect-timeout == 5
......@@ -7124,13 +7007,13 @@ class TestPassedRequestParameter(HttpFrontendTestCase):
'enable-http2-by-default': True,
'global-disable-http2': True,
'mpm-graceful-shutdown-timeout': 2,
'public-ipv4': '255.255.255.255',
're6st-verification-url': 're6st-verification-url',
'backend-connect-timeout': 2,
'backend-connect-retries': 1,
'ciphers': 'ciphers',
'request-timeout': 100,
'authenticate-to-backend': True,
'strict-transport-security': 200,
# specific parameters
'-frontend-config-1-ram-cache-size': '512K',
'-frontend-config-2-ram-cache-size': '256K',
......@@ -7225,11 +7108,11 @@ class TestPassedRequestParameter(HttpFrontendTestCase):
u'mpm-graceful-shutdown-timeout': u'2',
u'plain_http_port': '11080',
u'port': '11443',
u'public-ipv4': u'255.255.255.255',
u'ram-cache-size': u'512K',
u're6st-verification-url': u're6st-verification-url',
u'request-timeout': u'100',
u'slave-kedifa-information': u'{}'
u'slave-kedifa-information': u'{}',
u'strict-transport-security': u'200'
},
'caddy-frontend-2': {
'X-software_release_url': self.frontend_2_sr,
......@@ -7253,11 +7136,11 @@ class TestPassedRequestParameter(HttpFrontendTestCase):
u'mpm-graceful-shutdown-timeout': u'2',
u'plain_http_port': u'11080',
u'port': u'11443',
u'public-ipv4': u'255.255.255.255',
u'ram-cache-size': u'256K',
u're6st-verification-url': u're6st-verification-url',
u'request-timeout': u'100',
u'slave-kedifa-information': u'{}'
u'slave-kedifa-information': u'{}',
u'strict-transport-security': u'200'
},
'caddy-frontend-3': {
'X-software_release_url': self.frontend_3_sr,
......@@ -7281,10 +7164,10 @@ class TestPassedRequestParameter(HttpFrontendTestCase):
u'mpm-graceful-shutdown-timeout': u'2',
u'plain_http_port': u'11080',
u'port': u'11443',
u'public-ipv4': u'255.255.255.255',
u're6st-verification-url': u're6st-verification-url',
u'request-timeout': u'100',
u'slave-kedifa-information': u'{}'
u'slave-kedifa-information': u'{}',
u'strict-transport-security': u'200'
},
'kedifa': {
'X-software_release_url': self.kedifa_sr,
......@@ -7326,12 +7209,12 @@ class TestPassedRequestParameter(HttpFrontendTestCase):
'mpm-graceful-shutdown-timeout': '2',
'plain_http_port': '11080',
'port': '11443',
'public-ipv4': '255.255.255.255',
're6st-verification-url': 're6st-verification-url',
'request-timeout': '100',
'root_instance_title': 'testing partition 0',
'slap_software_type': 'RootSoftwareInstance',
'slave_instance_list': []
'slave_instance_list': [],
'strict-transport-security': '200'
}
}
self.assertEqual(
......@@ -7345,7 +7228,6 @@ class TestSlaveBackendActiveCheck(SlaveHttpFrontendTestCase, TestDataMixin):
def getInstanceParameterDict(cls):
return {
'domain': 'example.com',
'public-ipv4': cls._ipv4_address,
'port': HTTPS_PORT,
'plain_http_port': HTTP_PORT,
'kedifa_port': KEDIFA_PORT,
......@@ -7434,7 +7316,7 @@ backend _backend-active-check-default-http
self._get_backend_haproxy_configuration()
)
result = fakeHTTPSResult(
parameter_dict['domain'], parameter_dict['public-ipv4'],
parameter_dict['domain'],
'test-path/deep/.././deeper',
headers={
'Timeout': '10', # more than default backend-connect-timeout == 5
......
......@@ -145,7 +145,15 @@ class BalancerTestCase(ERP5InstanceTestCase):
# XXX what is this ? should probably not be needed here
'name': cls.__name__,
'monitor-passwd': 'secret',
'apachedex-configuration': '--erp5-base +erp5 .*/VirtualHostRoot/erp5(/|\\?|$) --base +other / --skip-user-agent Zabbix --error-detail --js-embed --quiet',
'apachedex-configuration': [
'--logformat', '%h %l %u %t "%r" %>s %O "%{Referer}i" "%{User-Agent}i" %{ms}T',
'--erp5-base', '+erp5', '.*/VirtualHostRoot/erp5(/|\\?|$)',
'--base', '+other', '/',
'--skip-user-agent', 'Zabbix',
'--error-detail',
'--js-embed',
'--quiet',
],
'apachedex-promise-threshold': 100,
'haproxy-server-check-path': '/',
'zope-family-dict': {
......
......@@ -23,7 +23,7 @@ md5sum = 9340498841caa5771f40f8c9e561eacd
[jupyter-notebook-config]
filename = jupyter_notebook_config.py.jinja
md5sum = 6e01da7d35c1d65d4a450b0f011b296d
md5sum = 089e4c511a3c7b110471bf41ca2695a4
[erp5-kernel]
filename = ERP5kernel.py
......
......@@ -10,5 +10,12 @@ c = get_config()
c.NotebookApp.password = passwd("{{ password }}")
os.environ['PATH'] = "{{ gcc_location }}/bin" + os.pathsep + os.environ['PATH']
os.environ['PYTHONPATH'] = "{{ cythonplus_repository }}" + os.pathsep + os.environ['PYTHONPATH']
try:
os.environ['PATH'] = "{{ gcc_location }}/bin" + os.pathsep + os.environ['PATH']
except KeyError:
os.environ['PATH'] = "{{ gcc_location }}/bin"
try:
os.environ['PYTHONPATH'] = "{{ cythonplus_repository }}" + os.pathsep + os.environ['PYTHONPATH']
except KeyError:
os.environ['PYTHONPATH'] = "{{ cythonplus_repository }}"
......@@ -14,11 +14,11 @@
# not need these here).
[template-erp5]
filename = instance-erp5.cfg.in
md5sum = 2ef0ddc206c6b0982a37cfc21f23e423
md5sum = 4d0839e359c98ba3cd516903b72f798b
[template-balancer]
filename = instance-balancer.cfg.in
md5sum = 4998e62351f54700ee23a2ca8cd89329
md5sum = 9c67c77eab5195b2674e340fb44c48a2
[template-apache-backend-conf]
filename = apache-backend.conf.in
......
......@@ -259,14 +259,24 @@ command = ${monitor-generate-apachedex-report-wrapper:wrapper-path}
[monitor-generate-apachedex-report-wrapper]
recipe = slapos.cookbook:wrapper
wrapper-path = ${directory:bin}/${:command}
command-line = "{{ parameter_dict['run-apachedex-location'] }}" "{{ parameter_dict['apachedex-location'] }}" "${directory:apachedex}" ${monitor-publish-parameters:monitor-base-url}/private/apachedex --apache-log-list "${apachedex-parameters:apache-log-list}" --configuration "${apachedex-parameters:configuration}"
command-line = "{{ parameter_dict['run-apachedex-location'] }}" "{{ parameter_dict['apachedex-location'] }}" "${directory:apachedex}" ${monitor-publish-parameters:monitor-base-url}/private/apachedex --apache-log-list "${apachedex-parameters:apache-log-list}" --configuration ${apachedex-parameters:configuration}
command = generate-apachedex-report
[monitor-apachedex-report-config]
recipe = slapos.recipe.template:jinja2
rendered = ${directory:etc}/${:_buildout_section_name_}
template = inline:
{% for line in slapparameter_dict['apachedex-configuration'] %}
{# apachedex config files use shlex.split, so we need to quote the arguments. #}
{# BBB: in python 3 we can use shlex.quote instead. #}
{{ repr(line.encode('utf-8')) }}
{% endfor %}
[apachedex-parameters]
# XXX - Sample log file with curent date: apache_access.log-%(date)s.gz
# which will be equivalent to apache_access.log-20150112.gz if the date is 2015-01-12
apache-log-list = ${apache-conf-parameter-dict:access-log}
configuration = {{ slapparameter_dict['apachedex-configuration'] }}
configuration = ${monitor-apachedex-report-config:rendered}
promise-threshold = {{ slapparameter_dict['apachedex-promise-threshold'] }}
[{{ section('monitor-promise-apachedex-result') }}]
......
......@@ -374,8 +374,17 @@ config-shared-certificate-authority-path = ${directory:ca-dir}
config-backend-path-dict = {{ dumps(zope_backend_path_dict) }}
config-ssl-authentication-dict = {{ dumps(ssl_authentication_dict) }}
config-apachedex-promise-threshold = {{ dumps(monitor_dict.get('apachedex-promise-threshold', 70)) }}
config-apachedex-configuration = {{ dumps(monitor_dict.get('apachedex-configuration',
'--erp5-base +erp5 .*/VirtualHostRoot/erp5(/|\\?|$) --base +other / --skip-user-agent Zabbix --error-detail --js-embed --quiet')) }}
config-apachedex-configuration = {{
dumps(
monitor_dict.get(
'apachedex-configuration',
[
'--erp5-base', '+erp5', '.*/VirtualHostRoot/erp5(/|\\?|$)',
'--base', '+other', '/',
'--skip-user-agent', 'Zabbix',
'--error-detail',
'--js-embed',
'--quiet'])) }}
[request-frontend-base]
{% if has_frontend -%}
......
......@@ -623,7 +623,7 @@ zope.app.publication = 3.14.0
zope.app.testing = 3.8.1
# Pinned versions
APacheDEX = 1.6.2
APacheDEX = 1.8
Pillow = 6.2.2
Products.CMFActionIcons = 2.1.3
Products.DCWorkflowGraph = 0.4.1
......
......@@ -74,7 +74,7 @@ md5sum = b5ac16fdeed8863e465e955ba6d1e12a
[template-erp5]
filename = instance-erp5.cfg.in
md5sum = edfd681e3a477855a581f8d01c717a92
md5sum = 548d99118afa736e5a7c428b0c8ed560
[template-zeo]
filename = instance-zeo.cfg.in
......@@ -86,7 +86,7 @@ md5sum = c03f93f95333e6a61b857dcfab7f9c0e
[template-balancer]
filename = instance-balancer.cfg.in
md5sum = 4a119083eab1eadbaf44468eb4f3381f
md5sum = 8ad9137310ae0403d433bb3c0d93be9f
[template-haproxy-cfg]
filename = haproxy.cfg.in
......
......@@ -360,12 +360,22 @@ command = ${monitor-generate-apachedex-report-wrapper:wrapper-path}
[monitor-generate-apachedex-report-wrapper]
recipe = slapos.cookbook:wrapper
wrapper-path = ${directory:bin}/${:command}
command-line = "{{ parameter_dict['run-apachedex-location'] }}" "{{ parameter_dict['apachedex-location'] }}" "${directory:apachedex}" ${monitor-publish-parameters:monitor-base-url}/private/apachedex --apache-log-list "${apachedex-parameters:apache-log-list}" --configuration "${apachedex-parameters:configuration}"
command-line = "{{ parameter_dict['run-apachedex-location'] }}" "{{ parameter_dict['apachedex-location'] }}" "${directory:apachedex}" ${monitor-publish-parameters:monitor-base-url}/private/apachedex --apache-log-list "${apachedex-parameters:apache-log-list}" --configuration ${apachedex-parameters:configuration}
command = generate-apachedex-report
[monitor-apachedex-report-config]
recipe = slapos.recipe.template:jinja2
rendered = ${directory:etc}/${:_buildout_section_name_}
template = inline:
{% for line in slapparameter_dict['apachedex-configuration'] %}
{# apachedex config files use shlex.split, so we need to quote the arguments. #}
{# BBB: in python 3 we can use shlex.quote instead. #}
{{ repr(line.encode('utf-8')) }}
{% endfor %}
[apachedex-parameters]
apache-log-list = ${rsyslogd-cfg-parameter-dict:access-log-file}
configuration = {{ slapparameter_dict['apachedex-configuration'] }}
configuration = ${monitor-apachedex-report-config:rendered}
promise-threshold = {{ slapparameter_dict['apachedex-promise-threshold'] }}
[{{ section('monitor-promise-apachedex-result') }}]
......
......@@ -350,8 +350,18 @@ config-name = ${:name}
config-backend-path-dict = {{ dumps(zope_backend_path_dict) }}
config-ssl-authentication-dict = {{ dumps(ssl_authentication_dict) }}
config-apachedex-promise-threshold = {{ dumps(monitor_dict.get('apachedex-promise-threshold', 70)) }}
config-apachedex-configuration = {{ dumps(monitor_dict.get('apachedex-configuration',
'--erp5-base +erp5 .*/VirtualHostRoot/erp5(/|\\?|$) --base +other / --skip-user-agent Zabbix --error-detail --js-embed --quiet')) }}
config-apachedex-configuration = {{
dumps(
monitor_dict.get(
'apachedex-configuration',
[
'--logformat', '%h %l %u %t "%r" %>s %O "%{Referer}i" "%{User-Agent}i" %{ms}T',
'--erp5-base', '+erp5', '.*/VirtualHostRoot/erp5(/|\\?|$)',
'--base', '+other', '/',
'--skip-user-agent', 'Zabbix',
'--error-detail',
'--js-embed',
'--quiet'])) }}
[request-frontend-base]
{% if has_frontend -%}
......
......@@ -142,7 +142,7 @@ zc.recipe.egg = 2.0.3+slapos003
# Use own version of h.r.download to be able to open .xz and .lz archives
hexagonit.recipe.download = 1.7.post4
Jinja2 = 2.9.5
Jinja2 = 2.11.2
Importing = 1.10
MarkupSafe = 1.0
PyYAML = 3.13
......@@ -200,7 +200,7 @@ slapos.rebootstrap = 4.5
slapos.recipe.build = 0.46
slapos.recipe.cmmi = 0.16
slapos.recipe.template = 4.5
slapos.toolbox = 0.112
slapos.toolbox = 0.115
stevedore = 1.21.0
subprocess32 = 3.5.3
unicodecsv = 0.14.1
......
#!/bin/bash
set -e
# Go to master
git checkout master
# Clean up 1.0
git branch -D 1.0 || echo
# Checkout 1.0
git checkout 1.0
git checkout origin/1.0 -b 1.0
# Reset and Clean
git reset --hard origin/1.0
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment