caddy-frontend: Fix slave authorization

Because of checking slave id in a whole string, slaves which shall not be
authorized has been put on authorized list.

Example: -frontend-authorized-slave-string == "custom_http",
         slave_id = "custom" has been authorized.

software/caddy-frontend/buildout.hash.cfg

@@ -22,11 +22,11 @@ md5sum = c801b7f9f11f0965677c22e6bbe9281b
 
 [template-apache-frontend]
 filename = instance-apache-frontend.cfg.in
-md5sum = 3bf520c34753cf9ee9e665e9ef7fb469
+md5sum = ab1795f92e32655d05c662c965d2b1f5
 
 [template-apache-replicate]
 filename = instance-apache-replicate.cfg.in
-md5sum = 1576859772052bcb85ff2b5a7b786410
+md5sum = f49cf291a0e46eddcf4bc4b4710e88d8
 
 [template-slave-list]
 filename = templates/apache-custom-slave-list.cfg.in

software/caddy-frontend/instance-apache-replicate.cfg.in

@@ -64,7 +64,7 @@ context =
                                   }) %}
 {% endfor %}
 
-{% set authorized_slave_string = slapparameter_dict.pop('-frontend-authorized-slave-string', '') %}
+{% set authorized_slave_string_list = slapparameter_dict.pop('-frontend-authorized-slave-string', '').split() %}
 {% set authorized_slave_list = [] %}
 {% set rejected_slave_dict = {} %}
 {% set used_host_list = [] %}
@@ -93,7 +93,7 @@ context =
 {%   endif %}
 {%   for key in ['caddy_custom_http', 'caddy_custom_https', 'apache_custom_http', 'apache_custom_https'] %}
 {%     if slave.get(key) %}
-{%       if not slave.get('slave_reference') in authorized_slave_string %}
+{%       if not slave.get('slave_reference') in authorized_slave_string_list %}
 {%         if not unauthorised_message in slave_error_list %}
 {%           do slave_error_list.append(unauthorised_message) %}
 {%         endif %}

software/caddy-frontend/test/test.py

@@ -708,6 +708,12 @@ http://apachecustomhttpsaccepted.example.com:%%(http_port)s {
         'caddy_custom_http': cls.caddy_custom_http % dict(
           url=cls.backend_url),
       },
+      # this has to be rejected
+      'caddy_custom_http_s': {
+        'url': cls.backend_url,
+        'caddy_custom_https': '# caddy_custom_https_filled_in_rejected_2',
+        'caddy_custom_http': '# caddy_custom_http_filled_in_rejected_2',
+      },
       'prefer-gzip-encoding-to-backend': {
         'url': cls.backend_url,
         'prefer-gzip-encoding-to-backend': 'true',
@@ -753,7 +759,8 @@ http://apachecustomhttpsaccepted.example.com:%%(http_port)s {
       'slave-amount': '35',
       'rejected-slave-dict':
       '{"_apache_custom_http_s-rejected": ["slave not authorised"], '
-      '"_caddy_custom_http_s-rejected": ["slave not authorised"]}'
+      '"_caddy_custom_http_s-rejected": ["slave not authorised"], '
+      '"_caddy_custom_http_s": ["slave not authorised"]'
     }
 
     self.assertEqual(
@@ -2190,6 +2197,27 @@ http://apachecustomhttpsaccepted.example.com:%%(http_port)s {
       if 'caddy_custom_http_filled_in_rejected' in open(q).read()]
     self.assertEqual([], configuration_file_with_custom_http_list)
 
+  def test_caddy_custom_http_s(self):
+    parameter_dict = self.slave_connection_parameter_dict_dict[
+      'caddy_custom_http_s']
+    self.assertEqual(
+      {
+        'request-error-list': '["slave not authorised"]'
+      },
+      parameter_dict)
+    slave_configuration_file_list = glob.glob(os.path.join(
+      self.instance_path, '*', 'etc', '*slave-conf.d', '*.conf'))
+    # no configuration file contains provided custom http
+    configuration_file_with_custom_https_list = [
+      q for q in slave_configuration_file_list
+      if 'caddy_custom_https_filled_in_rejected_2' in open(q).read()]
+    self.assertEqual([], configuration_file_with_custom_https_list)
+
+    configuration_file_with_custom_http_list = [
+      q for q in slave_configuration_file_list
+      if 'caddy_custom_http_filled_in_rejected_2' in open(q).read()]
+    self.assertEqual([], configuration_file_with_custom_http_list)
+
   def test_caddy_custom_http_s_accepted(self):
     parameter_dict = self.slave_connection_parameter_dict_dict[
       'caddy_custom_http_s-accepted']