Commit 8934b28e authored by Łukasz Nowak's avatar Łukasz Nowak

caddy-frontend: Drop customized configuration support

Customized configuration support is not used since introduction of
Caddy software, so there is no need to support it anymore.
parent ff1ccc6b
...@@ -237,14 +237,6 @@ Will append the specified path to the "VirtualHostRoot" of the zope's VirtualHos ...@@ -237,14 +237,6 @@ Will append the specified path to the "VirtualHostRoot" of the zope's VirtualHos
"path" is an optional parameter, ignored if not specified. "path" is an optional parameter, ignored if not specified.
Example of value: "/erp5/web_site_module/hosting/" Example of value: "/erp5/web_site_module/hosting/"
caddy_custom_https
~~~~~~~~~~~~~~~~~~
Raw Caddy configuration in python template format (i.e. write "%%" for one "%") for the slave listening to the https port. Its content will be templatified in order to access functionalities such as cache access, ssl certificates... The list is available above.
caddy_custom_http
~~~~~~~~~~~~~~~~~
Raw Caddy configuration in python template format (i.e. write "%%" for one "%") for the slave listening to the http port. Its content will be templatified in order to access functionalities such as cache access, ssl certificates... The list is available above
url url
~~~ ~~~
Necessary to activate cache. ``url`` of backend to use. Necessary to activate cache. ``url`` of backend to use.
...@@ -359,33 +351,6 @@ Request slave frontend instance so that https://[1:2:3:4:5:6:7:8]:1234 will be:: ...@@ -359,33 +351,6 @@ Request slave frontend instance so that https://[1:2:3:4:5:6:7:8]:1234 will be::
partition_parameter_kw={ partition_parameter_kw={
"url":"https://[1:2:3:4:5:6:7:8]:1234", "url":"https://[1:2:3:4:5:6:7:8]:1234",
"caddy_custom_https":'
https://www.example.com:%(https_port)s, https://example.com:%(https_port)s {
bind %(local_ipv4)s
tls %(certificate)s %(certificate)s
log / %(access_log)s {combined}
errors %(error_log)s
proxy / https://[1:2:3:4:5:6:7:8]:1234 {
transparent
timeout 600s
insecure_skip_verify
}
}
"caddy_custom_http":'
http://www.example.com:%(http_port)s, http://example.com:%(http_port)s {
bind %(local_ipv4)s
log / %(access_log)s {combined}
errors %(error_log)s
proxy / https://[1:2:3:4:5:6:7:8]:1234/ {
transparent
timeout 600s
insecure_skip_verify
}
}
Simple Cache Example - XXX - to be written Simple Cache Example - XXX - to be written
------------------------------------------ ------------------------------------------
...@@ -402,40 +367,6 @@ Request slave frontend instance so that https://[1:2:3:4:5:6:7:8]:1234 will be:: ...@@ -402,40 +367,6 @@ Request slave frontend instance so that https://[1:2:3:4:5:6:7:8]:1234 will be::
"domain": "www.example.org", "domain": "www.example.org",
"enable_cache": "True", "enable_cache": "True",
"caddy_custom_https":'
ServerName www.example.org
ServerAlias www.example.org
ServerAlias example.org
ServerAdmin geronimo@example.org
SSLEngine on
SSLProxyEngine on
# Rewrite part
ProxyVia On
ProxyPreserveHost On
ProxyTimeout 600
RewriteEngine On
RewriteRule ^/(.*) %(cache_access)s/$1 [L,P]',
"caddy_custom_http":'
ServerName www.example.org
ServerAlias www.example.org
ServerAlias example.org
ServerAdmin geronimo@example.org
SSLProxyEngine on
# Rewrite part
ProxyVia On
ProxyPreserveHost On
ProxyTimeout 600
RewriteEngine On
# Not using HTTPS? Ask that guy over there.
# Dummy redirection to https. Note: will work only if https listens
# on standard port (443).
RewriteRule ^/(.*) %(cache_access)s/$1 [L,P],
}
)
Advanced example - XXX - to be written Advanced example - XXX - to be written
-------------------------------------- --------------------------------------
...@@ -457,56 +388,6 @@ the proxy:: ...@@ -457,56 +388,6 @@ the proxy::
"path":"/erp5", "path":"/erp5",
"domain":"example.org", "domain":"example.org",
"caddy_custom_https":'
ServerName www.example.org
ServerAlias www.example.org
ServerAdmin example.org
SSLEngine on
SSLProxyEngine on
SSLProtocol all -SSLv2 -SSLv3
SSLCipherSuite ECDH+AESGCM:DH+AESGCM:ECDH+AES256:DH+AES256:ECDH+AES128:DH+AES:ECDH+3DES:DH+3DES:RSA+AESGCM:RSA+AES:RSA+3DES:HIGH:!aNULL:!MD5
SSLHonorCipherOrder on
# Use personal ssl certificates
SSLCertificateFile %(ssl_crt)s
SSLCertificateKeyFile %(ssl_key)s
SSLCACertificateFile %(ssl_ca_crt)s
SSLCertificateChainFile %(ssl_ca_crt)s
# Configure personal logs
ErrorLog "%(error_log)s"
LogLevel info
LogFormat "%%h %%l %%{REMOTE_USER}i %%t \"%%r\" %%>s %%b \"%%{Referer}i\" \"%%{User-Agent}i\" %%D" combined
CustomLog "%(access_log)s" combined
# Rewrite part
ProxyVia On
ProxyPreserveHost On
ProxyTimeout 600
RewriteEngine On
# Redirect / to /index.html
RewriteRule ^/$ /index.html [R=302,L]
# Use cache
RewriteRule ^/(.*) %(cache_access)s/VirtualHostBase/https/www.example.org:443/erp5/VirtualHostRoot/$1 [L,P]',
"caddy_custom_http":'
ServerName www.example.org
ServerAlias www.example.org
ServerAlias example.org
ServerAdmin geronimo@example.org
SSLProxyEngine on
# Rewrite part
ProxyVia On
ProxyPreserveHost On
ProxyTimeout 600
RewriteEngine On
# Configure personal logs
ErrorLog "%(error_log)s"
LogLevel info
LogFormat "%%h %%l %%{REMOTE_USER}i %%t \"%%r\" %%>s %%b \"%%{Referer}i\" \"%%{User-Agent}i\" %%D" combined
CustomLog "%(access_log)s" combined
# Not using HTTPS? Ask that guy over there.
# Dummy redirection to https. Note: will work only if https listens
# on standard port (443).
RewriteRule ^/(.*)$ https://%%{SERVER_NAME}%%{REQUEST_URI}',
"ssl_key":"-----BEGIN RSA PRIVATE KEY----- "ssl_key":"-----BEGIN RSA PRIVATE KEY-----
XXXXXXX..........XXXXXXXXXXXXXXX XXXXXXX..........XXXXXXXXXXXXXXX
-----END RSA PRIVATE KEY-----", -----END RSA PRIVATE KEY-----",
......
...@@ -14,7 +14,7 @@ ...@@ -14,7 +14,7 @@
# not need these here). # not need these here).
[template] [template]
filename = instance.cfg.in filename = instance.cfg.in
md5sum = 816bc8179cf4195a35e07f22c36679fa md5sum = a351f22e3f74cb3c76ac92ac482c1ecc
[template-common] [template-common]
filename = instance-common.cfg.in filename = instance-common.cfg.in
...@@ -22,19 +22,15 @@ md5sum = c801b7f9f11f0965677c22e6bbe9281b ...@@ -22,19 +22,15 @@ md5sum = c801b7f9f11f0965677c22e6bbe9281b
[template-apache-frontend] [template-apache-frontend]
filename = instance-apache-frontend.cfg.in filename = instance-apache-frontend.cfg.in
md5sum = 60aefa15002b04665a95a6c197eac5ab md5sum = cbdf668a230bf6e95b52cb94111f94e0
[template-caddy-replicate] [template-caddy-replicate]
filename = instance-apache-replicate.cfg.in filename = instance-apache-replicate.cfg.in
md5sum = 087bd9404cd120bd7602a9fbfcddc064 md5sum = a544bf7586f5945bbf108abe9818c7dd
[template-slave-list] [template-slave-list]
filename = templates/apache-custom-slave-list.cfg.in filename = templates/apache-custom-slave-list.cfg.in
md5sum = d96fea7dd4d7f0a157c86d25a263d8e1 md5sum = 7f63eaa17c6bfa86b3810456414a39e5
[template-slave-configuration]
filename = templates/custom-virtualhost.conf.in
md5sum = 54ae95597a126ae552c3a913ddf29e5e
[template-replicate-publish-slave-information] [template-replicate-publish-slave-information]
filename = templates/replicate-publish-slave-information.cfg.in filename = templates/replicate-publish-slave-information.cfg.in
......
...@@ -119,7 +119,6 @@ template_default_slave_virtualhost = ${template-default-slave-virtualhost:target ...@@ -119,7 +119,6 @@ template_default_slave_virtualhost = ${template-default-slave-virtualhost:target
template_empty = ${template-empty:target} template_empty = ${template-empty:target}
template_log_access = ${template-log-access:target} template_log_access = ${template-log-access:target}
template_not_found_html = ${template-not-found-html:target} template_not_found_html = ${template-not-found-html:target}
template_slave_configuration = ${template-slave-configuration:target}
template_slave_list = ${template-slave-list:target} template_slave_list = ${template-slave-list:target}
template_trafficserver_records_config = ${template-trafficserver-records-config:location} template_trafficserver_records_config = ${template-trafficserver-records-config:location}
template_trafficserver_records_config_filename = ${template-trafficserver-records-config:filename} template_trafficserver_records_config_filename = ${template-trafficserver-records-config:filename}
...@@ -179,10 +178,6 @@ mode = 640 ...@@ -179,10 +178,6 @@ mode = 640
<=download-template <=download-template
filename = apache-custom-slave-list.cfg.in filename = apache-custom-slave-list.cfg.in
[template-slave-configuration]
<=download-template
filename = custom-virtualhost.conf.in
[template-replicate-publish-slave-information] [template-replicate-publish-slave-information]
<=download-template <=download-template
filename = replicate-publish-slave-information.cfg.in filename = replicate-publish-slave-information.cfg.in
......
...@@ -147,7 +147,6 @@ context = ...@@ -147,7 +147,6 @@ context =
[software-release-path] [software-release-path]
template-empty = {{ parameter_dict['template_empty'] }} template-empty = {{ parameter_dict['template_empty'] }}
template-slave-configuration = {{ parameter_dict['template_slave_configuration'] }}
template-default-slave-virtualhost = {{ parameter_dict['template_default_slave_virtualhost'] }} template-default-slave-virtualhost = {{ parameter_dict['template_default_slave_virtualhost'] }}
template-cached-slave-virtualhost = {{ parameter_dict['template_cached_slave_virtualhost'] }} template-cached-slave-virtualhost = {{ parameter_dict['template_cached_slave_virtualhost'] }}
caddy-location = {{ parameter_dict['caddy_location'] }} caddy-location = {{ parameter_dict['caddy_location'] }}
...@@ -249,7 +248,6 @@ extra-context = ...@@ -249,7 +248,6 @@ extra-context =
key local_ipv6 :local_ipv6 key local_ipv6 :local_ipv6
key global_ipv6 slap-network-information:global-ipv6 key global_ipv6 slap-network-information:global-ipv6
key empty_template software-release-path:template-empty key empty_template software-release-path:template-empty
key template_custom_slave_configuration software-release-path:template-slave-configuration
key template_default_slave_configuration software-release-path:template-default-slave-virtualhost key template_default_slave_configuration software-release-path:template-default-slave-virtualhost
key template_cached_slave_configuration software-release-path:template-cached-slave-virtualhost key template_cached_slave_configuration software-release-path:template-cached-slave-virtualhost
key software_type :software_type key software_type :software_type
...@@ -278,19 +276,6 @@ extra-context = ...@@ -278,19 +276,6 @@ extra-context =
key apache_certificate apache-certificate:rendered key apache_certificate apache-certificate:rendered
# BBB: SlapOS Master non-zero knowledge END # BBB: SlapOS Master non-zero knowledge END
[dynamic-virtualhost-template-slave]
<= jinja2-template-base
template = {{ parameter_dict['template_slave_configuration'] }}
rendered = ${directory:template}/slave-virtualhost.conf.in
# BBB: apache_custom_https and apache_custom_http
extra-context =
key https_port configuration:port
key http_port configuration:plain_http_port
key apache_custom_https configuration:apache_custom_https
key apache_custom_http configuration:apache_custom_http
key caddy_custom_https configuration:caddy_custom_https
key caddy_custom_http configuration:caddy_custom_http
# Deploy Caddy Frontend with Jinja power # Deploy Caddy Frontend with Jinja power
[dynamic-caddy-frontend-template] [dynamic-caddy-frontend-template]
< = jinja2-template-base < = jinja2-template-base
......
...@@ -78,13 +78,12 @@ context = ...@@ -78,13 +78,12 @@ context =
}) %} }) %}
{% endfor %} {% endfor %}
{% set authorized_slave_string_list = slapparameter_dict.pop('-frontend-authorized-slave-string', '').split() %} {% set authorized_slave_string_list = [] %}
{% set authorized_slave_list = [] %} {% set authorized_slave_list = [] %}
{% set rejected_slave_dict = {} %} {% set rejected_slave_dict = {} %}
{% set rejected_slave_title_dict = {} %} {% set rejected_slave_title_dict = {} %}
{% set warning_slave_dict = {} %} {% set warning_slave_dict = {} %}
{% set used_host_list = [] %} {% set used_host_list = [] %}
{% set unauthorized_message = 'slave not authorized' %}
{% for slave in sorted(slave_instance_list) %} {% for slave in sorted(slave_instance_list) %}
{% set slave_error_list = [] %} {% set slave_error_list = [] %}
{% set slave_warning_list = [] %} {% set slave_warning_list = [] %}
...@@ -104,7 +103,6 @@ context = ...@@ -104,7 +103,6 @@ context =
{% endif %} {% endif %}
{% endfor %} {% endfor %}
{% endif %} {% endif %}
{# BBB: apache_custom_https AND apache_custom_http #}
{% set custom_domain = slave.get('custom_domain') %} {% set custom_domain = slave.get('custom_domain') %}
{% if custom_domain and custom_domain in used_host_list %} {% if custom_domain and custom_domain in used_host_list %}
{% do slave_error_list.append('custom_domain %r clashes' % (custom_domain,)) %} {% do slave_error_list.append('custom_domain %r clashes' % (custom_domain,)) %}
...@@ -133,15 +131,6 @@ context = ...@@ -133,15 +131,6 @@ context =
{% endfor %} {% endfor %}
{% do slave.__setitem__('server-alias', ' '.join(slave_server_alias_unclashed)) %} {% do slave.__setitem__('server-alias', ' '.join(slave_server_alias_unclashed)) %}
{% endif %} {% endif %}
{% for key in ['caddy_custom_http', 'caddy_custom_https', 'apache_custom_http', 'apache_custom_https'] %}
{% if slave.get(key) %}
{% if not slave.get('slave_reference') in authorized_slave_string_list %}
{% if not unauthorized_message in slave_error_list %}
{% do slave_error_list.append(unauthorized_message) %}
{% endif %}
{% endif %}
{% endif %}
{% endfor %} {# for key in ['caddy_custom_http', 'caddy_custom_https', 'apache_custom_http', 'apache_custom_https'] #}
{% if slave.get('url') %} {% if slave.get('url') %}
{% if subprocess_module.call([caddy_backend_url_validator, '' ~ slave['url']]) == 1 %} {% if subprocess_module.call([caddy_backend_url_validator, '' ~ slave['url']]) == 1 %}
{% do slave_error_list.append('slave url %r invalid' % (slave['url'],)) %} {% do slave_error_list.append('slave url %r invalid' % (slave['url'],)) %}
......
{ {
"$schema": "http://json-schema.org/draft-04/schema", "$schema": "http://json-schema.org/draft-04/schema",
"properties": { "properties": {
"-frontend-authorized-slave-string": {
"description": "List of SOFTINST-XXX of Slaves, separated by space which is allowed to use custom configuration.",
"title": "Authorized Slave String",
"type": "string"
},
"-frontend-quantity": { "-frontend-quantity": {
"description": "Quantity of Frontends Replicate.", "description": "Quantity of Frontends Replicate.",
"title": "Frontend Replication Quantity", "title": "Frontend Replication Quantity",
......
...@@ -53,20 +53,6 @@ ...@@ -53,20 +53,6 @@
"title": "HTTPS Only", "title": "HTTPS Only",
"type": "string" "type": "string"
}, },
"caddy_custom_http": {
"default": "",
"description": "Raw http configuration in python template format. Your site will be rejected if you use it without notification and approval of frontend administrators",
"textarea": true,
"title": "HTTP configuration",
"type": "string"
},
"caddy_custom_https": {
"default": "",
"description": "Raw https configuration in python template format. Your site will be rejected if you use it without notification and approval of frontend administrators",
"textarea": true,
"title": "HTTPS configuration",
"type": "string"
},
"default-path": { "default-path": {
"default": "", "default": "",
"description": "Provide default path to redirect user to when user access / (the site root)", "description": "Provide default path to redirect user to when user access / (the site root)",
......
...@@ -103,11 +103,6 @@ configuration.nginx_port = 9443 ...@@ -103,11 +103,6 @@ configuration.nginx_port = 9443
configuration.kedifa_port = 7879 configuration.kedifa_port = 7879
# Warning: Caucase takes also cacuase_port+1 # Warning: Caucase takes also cacuase_port+1
configuration.caucase_port = 8890 configuration.caucase_port = 8890
# BBB: apache_custom_https and apache_custom_http
configuration.apache_custom_https = ""
configuration.apache_custom_http = ""
configuration.caddy_custom_https = ""
configuration.caddy_custom_http = ""
configuration.apache-key = configuration.apache-key =
configuration.apache-certificate = configuration.apache-certificate =
configuration.open-port = 80 443 configuration.open-port = 80 443
......
...@@ -134,13 +134,10 @@ create = true ...@@ -134,13 +134,10 @@ create = true
{% do cached_server_dict.__setitem__(slave_reference, slave_configuration_section_name) %} {% do cached_server_dict.__setitem__(slave_reference, slave_configuration_section_name) %}
{% endif %} {% endif %}
{# BBB: apache_custom_https and apache_custom_http #} {% do slave_publish_dict.__setitem__('domain', slave_instance.get('custom_domain')) %}
{% if not slave_instance.has_key('caddy_custom_http') and not slave_instance.has_key('caddy_custom_https') and not slave_instance.has_key('apache_custom_http') and not slave_instance.has_key('apache_custom_https') %} {% do slave_publish_dict.__setitem__('url', "http://%s" % slave_instance.get('custom_domain')) %}
{% do slave_publish_dict.__setitem__('domain', slave_instance.get('custom_domain')) %} {% do slave_publish_dict.__setitem__('site_url', "http://%s" % slave_instance.get('custom_domain')) %}
{% do slave_publish_dict.__setitem__('url', "http://%s" % slave_instance.get('custom_domain')) %} {% do slave_publish_dict.__setitem__('secure_access', 'https://%s' % slave_instance.get('custom_domain')) %}
{% do slave_publish_dict.__setitem__('site_url', "http://%s" % slave_instance.get('custom_domain')) %}
{% do slave_publish_dict.__setitem__('secure_access', 'https://%s' % slave_instance.get('custom_domain')) %}
{% endif %}
[slave-log-directory-dict] [slave-log-directory-dict]
{{slave_reference}} = {{ slave_log_folder }} {{slave_reference}} = {{ slave_log_folder }}
...@@ -238,22 +235,6 @@ local_ipv4 = {{ dumps('' ~ local_ipv4) }} ...@@ -238,22 +235,6 @@ local_ipv4 = {{ dumps('' ~ local_ipv4) }}
cached_port = {{ dumps('' ~ cached_port) }} cached_port = {{ dumps('' ~ cached_port) }}
ssl_cached_port = {{ ('' ~ ssl_cached_port) }} ssl_cached_port = {{ ('' ~ ssl_cached_port) }}
request_timeout = {{ ('' ~ request_timeout) }} request_timeout = {{ ('' ~ request_timeout) }}
{# BBB: apache_custom_https and apache_custom_http #}
{% set caddy_custom_http_template = slave_instance.pop('caddy_custom_http', slave_instance.pop('apache_custom_http', '')) %}
{% set caddy_custom_https_template = slave_instance.pop('caddy_custom_https', slave_instance.pop('apache_custom_https', '')) %}
{% if caddy_custom_http_template is not none %}
{% set caddy_custom_http = ('' ~ caddy_custom_http_template) % slave_parameter_dict %}
caddy_custom_http = {{ dumps(caddy_custom_http) }}
{% else %}
{% set caddy_custom_http = None %}
{% endif %}
{% if caddy_custom_https_template is not none %}
{% set caddy_custom_https = ('' ~ caddy_custom_https_template) % slave_parameter_dict %}
caddy_custom_https = {{ dumps(caddy_custom_https) }}
{% else %}
{% set caddy_custom_https = None %}
{% endif %}
{{ '\n' }}
{% for key, value in slave_instance.iteritems() %} {% for key, value in slave_instance.iteritems() %}
{% if value is not none %} {% if value is not none %}
{{ key }} = {{ dumps('' ~ value) }} {{ key }} = {{ dumps('' ~ value) }}
...@@ -264,16 +245,10 @@ caddy_custom_https = {{ dumps(caddy_custom_https) }} ...@@ -264,16 +245,10 @@ caddy_custom_https = {{ dumps(caddy_custom_https) }}
< = jinja2-template-base < = jinja2-template-base
rendered = {{ caddy_configuration_directory }}/${:filename} rendered = {{ caddy_configuration_directory }}/${:filename}
{% if caddy_custom_http or caddy_custom_https %}
template = {{ template_custom_slave_configuration }}
extra-context =
section slave_parameter {{ slave_configuration_section_name }}
{% else %}
template = {{ template_default_slave_configuration }} template = {{ template_default_slave_configuration }}
extra-context = extra-context =
section slave_parameter {{ slave_configuration_section_name }} section slave_parameter {{ slave_configuration_section_name }}
import urllib_module urllib import urllib_module urllib
{% endif %}
filename = {{ '%s.conf' % slave_reference }} filename = {{ '%s.conf' % slave_reference }}
{{ '\n' }} {{ '\n' }}
......
{{ slave_parameter.get('caddy_custom_https', '') }}
{{ slave_parameter.get('caddy_custom_http', '') }}
...@@ -1044,73 +1044,11 @@ class TestMasterRequest(HttpFrontendTestCase, TestDataMixin): ...@@ -1044,73 +1044,11 @@ class TestMasterRequest(HttpFrontendTestCase, TestDataMixin):
class TestSlave(SlaveHttpFrontendTestCase, TestDataMixin): class TestSlave(SlaveHttpFrontendTestCase, TestDataMixin):
caddy_custom_https = '''# caddy_custom_https_filled_in_accepted
https://caddycustomhttpsaccepted.example.com:%%(https_port)s {
bind %%(local_ipv4)s
tls %%(certificate)s %%(certificate)s
log / %%(access_log)s {combined}
errors %%(error_log)s
proxy / %(url)s {
transparent
timeout 600s
insecure_skip_verify
}
}
'''
caddy_custom_http = '''# caddy_custom_http_filled_in_accepted
http://caddycustomhttpsaccepted.example.com:%%(http_port)s {
bind %%(local_ipv4)s
log / %%(access_log)s {combined}
errors %%(error_log)s
proxy / %(url)s {
transparent
timeout 600s
insecure_skip_verify
}
}
'''
apache_custom_https = '''# apache_custom_https_filled_in_accepted
https://apachecustomhttpsaccepted.example.com:%%(https_port)s {
bind %%(local_ipv4)s
tls %%(certificate)s %%(certificate)s
log / %%(access_log)s {combined}
errors %%(error_log)s
proxy / %(url)s {
transparent
timeout 600s
insecure_skip_verify
}
}
'''
apache_custom_http = '''# apache_custom_http_filled_in_accepted
http://apachecustomhttpsaccepted.example.com:%%(http_port)s {
bind %%(local_ipv4)s
log / %%(access_log)s {combined}
errors %%(error_log)s
proxy / %(url)s {
transparent
timeout 600s
insecure_skip_verify
}
}
'''
@classmethod @classmethod
def getInstanceParameterDict(cls): def getInstanceParameterDict(cls):
return { return {
'domain': 'example.com', 'domain': 'example.com',
'public-ipv4': cls._ipv4_address, 'public-ipv4': cls._ipv4_address,
'-frontend-authorized-slave-string':
'_apache_custom_http_s-accepted _caddy_custom_http_s-accepted',
'port': HTTPS_PORT, 'port': HTTPS_PORT,
'plain_http_port': HTTP_PORT, 'plain_http_port': HTTP_PORT,
'kedifa_port': KEDIFA_PORT, 'kedifa_port': KEDIFA_PORT,
...@@ -1344,36 +1282,6 @@ http://apachecustomhttpsaccepted.example.com:%%(http_port)s { ...@@ -1344,36 +1282,6 @@ http://apachecustomhttpsaccepted.example.com:%%(http_port)s {
'enable-http2-default': { 'enable-http2-default': {
'url': cls.backend_url, 'url': cls.backend_url,
}, },
# 'apache_custom_http_s-rejected': {
# 'url': cls.backend_url,
# 'apache_custom_https': '# apache_custom_https_filled_in_rejected',
# 'apache_custom_http': '# apache_custom_http_filled_in_rejected',
# },
'apache_custom_http_s-accepted': {
'url': cls.backend_url,
'apache_custom_https': cls.apache_custom_https % dict(
url=cls.backend_url),
'apache_custom_http': cls.apache_custom_http % dict(
url=cls.backend_url),
},
# 'caddy_custom_http_s-rejected': {
# 'url': cls.backend_url,
# 'caddy_custom_https': '# caddy_custom_https_filled_in_rejected',
# 'caddy_custom_http': '# caddy_custom_http_filled_in_rejected',
# },
'caddy_custom_http_s-accepted': {
'url': cls.backend_url,
'caddy_custom_https': cls.caddy_custom_https % dict(
url=cls.backend_url),
'caddy_custom_http': cls.caddy_custom_http % dict(
url=cls.backend_url),
},
# # this has to be rejected
# 'caddy_custom_http_s': {
# 'url': cls.backend_url,
# 'caddy_custom_https': '# caddy_custom_https_filled_in_rejected_2',
# 'caddy_custom_http': '# caddy_custom_http_filled_in_rejected_2',
# },
'prefer-gzip-encoding-to-backend': { 'prefer-gzip-encoding-to-backend': {
'url': cls.backend_url, 'url': cls.backend_url,
'prefer-gzip-encoding-to-backend': 'true', 'prefer-gzip-encoding-to-backend': 'true',
...@@ -1572,9 +1480,9 @@ http://apachecustomhttpsaccepted.example.com:%%(http_port)s { ...@@ -1572,9 +1480,9 @@ http://apachecustomhttpsaccepted.example.com:%%(http_port)s {
expected_parameter_dict = { expected_parameter_dict = {
'monitor-base-url': 'https://[%s]:8401' % self._ipv6_address, 'monitor-base-url': 'https://[%s]:8401' % self._ipv6_address,
'domain': 'example.com', 'domain': 'example.com',
'accepted-slave-amount': '54', 'accepted-slave-amount': '52',
'rejected-slave-amount': '0', 'rejected-slave-amount': '0',
'slave-amount': '54', 'slave-amount': '52',
'rejected-slave-dict': { 'rejected-slave-dict': {
} }
} }
...@@ -4062,186 +3970,6 @@ http://apachecustomhttpsaccepted.example.com:%%(http_port)s { ...@@ -4062,186 +3970,6 @@ http://apachecustomhttpsaccepted.example.com:%%(http_port)s {
self.assertEqual( self.assertEqual(
'Coffee=present', result.json()['Incoming Headers']['cookie']) 'Coffee=present', result.json()['Incoming Headers']['cookie'])
@skip('Not implemented in new test system')
def test_apache_custom_http_s_rejected(self):
parameter_dict = self.parseSlaveParameterDict(
'apache_custom_http_s-rejected')
self.assertEqual(
{
'request-error-list': ["slave not authorized"]
},
parameter_dict)
slave_configuration_file_list = glob.glob(os.path.join(
self.instance_path, '*', 'etc', '*slave-conf.d', '*.conf'))
# no configuration file contains provided custom http
configuration_file_with_custom_https_list = [
q for q in slave_configuration_file_list
if 'apache_custom_https_filled_in_rejected' in open(q).read()]
self.assertEqual([], configuration_file_with_custom_https_list)
configuration_file_with_custom_http_list = [
q for q in slave_configuration_file_list
if 'apache_custom_http_filled_in_rejected' in open(q).read()]
self.assertEqual([], configuration_file_with_custom_http_list)
def test_apache_custom_http_s_accepted(self):
parameter_dict = self.parseSlaveParameterDict(
'apache_custom_http_s-accepted')
self.assertLogAccessUrlWithPop(parameter_dict)
self.assertKedifaKeysWithPop(parameter_dict)
self.assertEqual(
{'replication_number': '1', 'public-ipv4': self._ipv4_address},
parameter_dict
)
result = fakeHTTPSResult(
'apachecustomhttpsaccepted.example.com',
parameter_dict['public-ipv4'], 'test-path')
self.assertEqual(
self.certificate_pem,
der2pem(result.peercert))
self.assertEqualResultJson(result, 'Path', '/test-path')
headers = result.headers.copy()
self.assertKeyWithPop('Server', headers)
self.assertKeyWithPop('Date', headers)
# drop vary-keys
headers.pop('Content-Length', None)
headers.pop('Transfer-Encoding', None)
headers.pop('Connection', None)
headers.pop('Keep-Alive', None)
self.assertEqual(
{
'Content-type': 'application/json',
'Set-Cookie': 'secured=value;secure, nonsecured=value'
},
headers
)
result_http = fakeHTTPResult(
'apachecustomhttpsaccepted.example.com',
parameter_dict['public-ipv4'], 'test-path')
self.assertEqualResultJson(result_http, 'Path', '/test-path')
slave_configuration_file_list = glob.glob(os.path.join(
self.instance_path, '*', 'etc', '*slave-conf.d', '*.conf'))
# no configuration file contains provided custom http
configuration_file_with_custom_https_list = [
q for q in slave_configuration_file_list
if 'apache_custom_https_filled_in_accepted' in open(q).read()]
self.assertEqual(1, len(configuration_file_with_custom_https_list))
configuration_file_with_custom_http_list = [
q for q in slave_configuration_file_list
if 'apache_custom_http_filled_in_accepted' in open(q).read()]
self.assertEqual(1, len(configuration_file_with_custom_http_list))
@skip('Not implemented in new test system')
def test_caddy_custom_http_s_rejected(self):
parameter_dict = self.parseSlaveParameterDict(
'caddy_custom_http_s-rejected')
self.assertEqual(
{
'request-error-list': ["slave not authorized"]
},
parameter_dict)
slave_configuration_file_list = glob.glob(os.path.join(
self.instance_path, '*', 'etc', '*slave-conf.d', '*.conf'))
# no configuration file contains provided custom http
configuration_file_with_custom_https_list = [
q for q in slave_configuration_file_list
if 'caddy_custom_https_filled_in_rejected' in open(q).read()]
self.assertEqual([], configuration_file_with_custom_https_list)
configuration_file_with_custom_http_list = [
q for q in slave_configuration_file_list
if 'caddy_custom_http_filled_in_rejected' in open(q).read()]
self.assertEqual([], configuration_file_with_custom_http_list)
@skip('Not implemented in new test system')
def test_caddy_custom_http_s(self):
parameter_dict = self.parseSlaveParameterDict(
'caddy_custom_http_s')
self.assertEqual(
{
'request-error-list': ["slave not authorized"]
},
parameter_dict)
slave_configuration_file_list = glob.glob(os.path.join(
self.instance_path, '*', 'etc', '*slave-conf.d', '*.conf'))
# no configuration file contains provided custom http
configuration_file_with_custom_https_list = [
q for q in slave_configuration_file_list
if 'caddy_custom_https_filled_in_rejected_2' in open(q).read()]
self.assertEqual([], configuration_file_with_custom_https_list)
configuration_file_with_custom_http_list = [
q for q in slave_configuration_file_list
if 'caddy_custom_http_filled_in_rejected_2' in open(q).read()]
self.assertEqual([], configuration_file_with_custom_http_list)
def test_caddy_custom_http_s_accepted(self):
parameter_dict = self.parseSlaveParameterDict(
'caddy_custom_http_s-accepted')
self.assertLogAccessUrlWithPop(parameter_dict)
self.assertKedifaKeysWithPop(parameter_dict)
self.assertEqual(
{'replication_number': '1', 'public-ipv4': self._ipv4_address},
parameter_dict
)
result = fakeHTTPSResult(
'caddycustomhttpsaccepted.example.com',
parameter_dict['public-ipv4'], 'test-path')
self.assertEqual(
self.certificate_pem,
der2pem(result.peercert))
self.assertEqualResultJson(result, 'Path', '/test-path')
headers = result.headers.copy()
self.assertKeyWithPop('Server', headers)
self.assertKeyWithPop('Date', headers)
# drop vary-keys
headers.pop('Content-Length', None)
headers.pop('Transfer-Encoding', None)
headers.pop('Connection', None)
headers.pop('Keep-Alive', None)
self.assertEqual(
{
'Content-type': 'application/json',
'Set-Cookie': 'secured=value;secure, nonsecured=value'
},
headers
)
result_http = fakeHTTPResult(
'caddycustomhttpsaccepted.example.com',
parameter_dict['public-ipv4'], 'test-path')
self.assertEqualResultJson(result_http, 'Path', '/test-path')
slave_configuration_file_list = glob.glob(os.path.join(
self.instance_path, '*', 'etc', '*slave-conf.d', '*.conf'))
# no configuration file contains provided custom http
configuration_file_with_custom_https_list = [
q for q in slave_configuration_file_list
if 'caddy_custom_https_filled_in_accepted' in open(q).read()]
self.assertEqual(1, len(configuration_file_with_custom_https_list))
configuration_file_with_custom_http_list = [
q for q in slave_configuration_file_list
if 'caddy_custom_http_filled_in_accepted' in open(q).read()]
self.assertEqual(1, len(configuration_file_with_custom_http_list))
def test_https_url(self): def test_https_url(self):
parameter_dict = self.assertSlaveBase('url_https-url') parameter_dict = self.assertSlaveBase('url_https-url')
...@@ -6585,8 +6313,6 @@ class TestSlaveCiphers(SlaveHttpFrontendTestCase, TestDataMixin): ...@@ -6585,8 +6313,6 @@ class TestSlaveCiphers(SlaveHttpFrontendTestCase, TestDataMixin):
return { return {
'domain': 'example.com', 'domain': 'example.com',
'public-ipv4': cls._ipv4_address, 'public-ipv4': cls._ipv4_address,
'-frontend-authorized-slave-string':
'_apache_custom_http_s-accepted _caddy_custom_http_s-accepted',
'port': HTTPS_PORT, 'port': HTTPS_PORT,
'plain_http_port': HTTP_PORT, 'plain_http_port': HTTP_PORT,
'kedifa_port': KEDIFA_PORT, 'kedifa_port': KEDIFA_PORT,
......
...@@ -26,10 +26,6 @@ T-2/var/log/httpd-cache-direct/_enable_cache_server_alias_error_log ...@@ -26,10 +26,6 @@ T-2/var/log/httpd-cache-direct/_enable_cache_server_alias_error_log
T-2/var/log/httpd-csr_id/expose-csr_id.log T-2/var/log/httpd-csr_id/expose-csr_id.log
T-2/var/log/httpd/_Url_access_log T-2/var/log/httpd/_Url_access_log
T-2/var/log/httpd/_Url_error_log T-2/var/log/httpd/_Url_error_log
T-2/var/log/httpd/_apache_custom_http_s-accepted_access_log
T-2/var/log/httpd/_apache_custom_http_s-accepted_error_log
T-2/var/log/httpd/_caddy_custom_http_s-accepted_access_log
T-2/var/log/httpd/_caddy_custom_http_s-accepted_error_log
T-2/var/log/httpd/_ciphers_access_log T-2/var/log/httpd/_ciphers_access_log
T-2/var/log/httpd/_ciphers_error_log T-2/var/log/httpd/_ciphers_error_log
T-2/var/log/httpd/_custom_domain_access_log T-2/var/log/httpd/_custom_domain_access_log
...@@ -135,4 +131,4 @@ T-2/var/log/httpd/_url_https-url_error_log ...@@ -135,4 +131,4 @@ T-2/var/log/httpd/_url_https-url_error_log
T-2/var/log/monitor-httpd-access.log T-2/var/log/monitor-httpd-access.log
T-2/var/log/monitor-httpd-error.log T-2/var/log/monitor-httpd-error.log
T-2/var/log/trafficserver/manager.log T-2/var/log/trafficserver/manager.log
T-2/var/log/trafficserver/traffic.out T-2/var/log/trafficserver/traffic.out
\ No newline at end of file
...@@ -26,10 +26,6 @@ T-2/var/log/httpd-cache-direct/_enable_cache_server_alias_error_log ...@@ -26,10 +26,6 @@ T-2/var/log/httpd-cache-direct/_enable_cache_server_alias_error_log
T-2/var/log/httpd-csr_id/expose-csr_id.log T-2/var/log/httpd-csr_id/expose-csr_id.log
T-2/var/log/httpd/_Url_access_log T-2/var/log/httpd/_Url_access_log
T-2/var/log/httpd/_Url_error_log T-2/var/log/httpd/_Url_error_log
T-2/var/log/httpd/_apache_custom_http_s-accepted_access_log
T-2/var/log/httpd/_apache_custom_http_s-accepted_error_log
T-2/var/log/httpd/_caddy_custom_http_s-accepted_access_log
T-2/var/log/httpd/_caddy_custom_http_s-accepted_error_log
T-2/var/log/httpd/_ciphers_access_log T-2/var/log/httpd/_ciphers_access_log
T-2/var/log/httpd/_ciphers_error_log T-2/var/log/httpd/_ciphers_error_log
T-2/var/log/httpd/_custom_domain_access_log T-2/var/log/httpd/_custom_domain_access_log
...@@ -135,4 +131,4 @@ T-2/var/log/httpd/_url_https-url_error_log ...@@ -135,4 +131,4 @@ T-2/var/log/httpd/_url_https-url_error_log
T-2/var/log/monitor-httpd-access.log T-2/var/log/monitor-httpd-access.log
T-2/var/log/monitor-httpd-error.log T-2/var/log/monitor-httpd-error.log
T-2/var/log/trafficserver/manager.log T-2/var/log/trafficserver/manager.log
T-2/var/log/trafficserver/traffic.out T-2/var/log/trafficserver/traffic.out
\ No newline at end of file
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment