caddy-frontend: Stabilise cached access

While reading templates/cached-virtualhost.conf.in it seems, that SSL-enabled host shall be exposed, but this is not true -- it is connecting to SSL backend, but listening on non-SSL. In order to stabilise this add assertsion to test_enable_cache which access cached ports directly and show its functionality, thus resolving added TODO.

caddy-frontend: Stabilise cached access
While reading templates/cached-virtualhost.conf.in it seems, that SSL-enabled host shall be exposed, but this is not true -- it is connecting to SSL backend, but listening on non-SSL. In order to stabilise this add assertsion to test_enable_cache which access cached ports directly and show its functionality, thus resolving added TODO.
0b606475 · Łukasz Nowak · a097f33f · 0b606475 · 0b606475 · 0b606475
Commit 0b606475 authored Jun 29, 2018 by Łukasz Nowak
4 changed files
--- a/software/caddy-frontend/TODO.rst
+++ b/software/caddy-frontend/TODO.rst
 Generally things to be done with ``caddy-frontend``:
- * **CRITICAL** fix templates/cached-virtualhost.conf.in SSL-enabled hosts with proper test
 * ``apache-ca-certificate`` shall be merged with ``apache-certificate``
 * (new) ``type:websocket`` slave
 * ``type:eventsource`` https://lab.nexedi.com/nexedi/slapos/merge_requests/312#note_58483

--- a/software/caddy-frontend/buildout.hash.cfg
+++ b/software/caddy-frontend/buildout.hash.cfg
@@ -54,7 +54,7 @@ md5sum = 9568465d1c1423343f7b043c8345f917
 [template-cached-slave-virtualhost]
 filename = templates/cached-virtualhost.conf.in
-md5sum = eafc7e73d7fe47ba9930343bcb876d63
+md5sum = 811b4fca0668b84655372687f234ee81
 [template-log-access]
 filename = templates/template-log-access.conf.in

--- a/software/caddy-frontend/templates/cached-virtualhost.conf.in
+++ b/software/caddy-frontend/templates/cached-virtualhost.conf.in
@@ -2,15 +2,15 @@
 {% set server_alias_list =  slave_parameter.get('server-alias', '').split() %}
 {% set ssl_proxy_verify = ('' ~ slave_parameter.get('ssl-proxy-verify', '')).lower() in TRUE_VALUES -%}
 {%- set host_list = [slave_parameter.get('custom_domain')] + server_alias_list -%}
-{%- set http_host_list = [] %}
+{%- set http_backend_host_list = [] %}
-{%- set https_host_list = [] %}
+{%- set https_backend_host_list = [] %}
 {%- for host in host_list %}
-{%-   do http_host_list.append('http://%s:%s' % (host, cached_port)) %}
+{%-   do http_backend_host_list.append('http://%s:%s' % (host, cached_port)) %}
-{%-   do https_host_list.append('http://%s:%s' % (host, ssl_cached_port)) %}
+{%-   do https_backend_host_list.append('http://%s:%s' % (host, ssl_cached_port)) %}
 {%- endfor %}
 # Only accept generic (i.e not Zope) backends on http
-{{ http_host_list|join(', ') }} {
+{{ http_backend_host_list|join(', ') }} {
  bind {{ local_ipv4 }}
 {%- if ssl_proxy_verify and 'ssl_proxy_ca_crt' in slave_parameter %}
    status 501 /
@@ -33,12 +33,11 @@
  }
 }
-{{ https_host_list|join(', ') }} {
+{{ https_backend_host_list|join(', ') }} {
  bind {{ local_ipv4 }}
 {%- if ssl_proxy_verify and 'ssl_proxy_ca_crt' in slave_parameter %}
    status 501 /
 {%- endif %}
-##  tls {{ slave_parameter.get('path_to_ssl_crt', slave_parameter.get('login_certificate')) }} {{ slave_parameter.get('path_to_ssl_key', slave_parameter.get('login_key')) }}
  proxy / {{ slave_parameter.get('https_backend_url', '') }} {
    # As backend is trusting REMOTE_USER header unset it always
    header_upstream -REMOTE_USER

--- a/software/caddy-frontend/test/test.py
+++ b/software/caddy-frontend/test/test.py
@@ -1727,6 +1727,42 @@ class TestSlave(SlaveHttpFrontendTestCase, TestDataMixin):
       'Set-Cookie': 'secured=value;secure, nonsecured=value'}
    )
+    result_direct = self.fakeHTTPResult(
+      parameter_dict['domain'], parameter_dict['public-ipv4'], 'test-path',
+      port=26011)
+    self.assertEqualResultJson(result_direct, 'Path', '/test-path')
+    try:
+      j = result_direct.json()
+    except Exception:
+      raise ValueError('JSON decode problem in:\n%s' % (result_direct.text,))
+    self.assertFalse('remote_user' in j['Incoming Headers'].keys())
+    self.assertEqual(
+      result_direct.headers['Set-Cookie'],
+      'secured=value;secure, nonsecured=value'
+    )
+    result_direct_https_backend = self.fakeHTTPResult(
+      parameter_dict['domain'], parameter_dict['public-ipv4'], 'test-path',
+      port=26012)
+    self.assertEqualResultJson(
+      result_direct_https_backend, 'Path', '/test-path')
+    try:
+      j = result_direct_https_backend.json()
+    except Exception:
+      raise ValueError('JSON decode problem in:\n%s' % (
+        result_direct_https_backend.text,))
+    self.assertFalse('remote_user' in j['Incoming Headers'].keys())
+    self.assertEqual(
+      result_direct_https_backend.headers['Set-Cookie'],
+      'secured=value;secure, nonsecured=value'
+    )
  def test_enable_cache_disable_no_cache_request(self):
    parameter_dict = self.slave_connection_parameter_dict_dict[
      'enable_cache-disable-no-cache-request']