caddy-frontend: Solve ATS configuration asymmetry

Accessing http with path starting with /HTTPS/ would result with 503 responses
from ATS itself.

Test is covering the problem and also asserting that fix does not damage https
access with path starting with /HTTP/

software/caddy-frontend/buildout.hash.cfg

@@ -22,7 +22,7 @@ md5sum = 5784bea3bd608913769ff9a8afcccb68
 
 [profile-caddy-frontend]
 filename = instance-apache-frontend.cfg.in
-md5sum = a6a626fd1579fd1d4b80ea67433ca16a
+md5sum = dd6542a91746e6e3720eaa1590792dbe
 
 [profile-caddy-replicate]
 filename = instance-apache-replicate.cfg.in
@@ -30,7 +30,7 @@ md5sum = 1248911409cbeea980a838b04ee451d2
 
 [profile-slave-list]
 _update_hash_filename_ = templates/apache-custom-slave-list.cfg.in
-md5sum = 8ce1d5bf09662d941f940be7e6493918
+md5sum = a745fb8d61a7e2646e3aa55edf73e5a6
 
 [profile-replicate-publish-slave-information]
 _update_hash_filename_ = templates/replicate-publish-slave-information.cfg.in

software/caddy-frontend/instance-apache-frontend.cfg.in

@@ -508,7 +508,7 @@ filename = logging.yaml
 {%- raw %}
 template = inline:
   map /HTTPS/ http://{{ ipv4 }}:{{ https_port }}
-  map / http://{{ ipv4 }}:{{ http_port }}
+  map /HTTP/ http://{{ ipv4 }}:{{ http_port }}
 {%- endraw %}
 extra-context =
   raw ipv4 {{ instance_parameter_dict['ipv4-random'] }}

software/caddy-frontend/templates/apache-custom-slave-list.cfg.in

@@ -5,7 +5,7 @@
 {%- set frontend_slave_list = [] %}
 {%- set part_list = [] %}
 {%- set cache_port = caddy_configuration.get('cache-port') %}
-{%- set cache_access = "http://%s:%s" % (instance_parameter_dict['ipv4-random'], cache_port) %}
+{%- set cache_access = "http://%s:%s/HTTP" % (instance_parameter_dict['ipv4-random'], cache_port) %}
 {%- set ssl_cache_access = "http://%s:%s/HTTPS" % (instance_parameter_dict['ipv4-random'], cache_port) %}
 {%- set backend_haproxy_http_url = 'http://%s:%s' % (instance_parameter_dict['ipv4-random'], backend_haproxy_configuration['http-port']) %}
 {%- set backend_haproxy_https_url = 'http://%s:%s' % (instance_parameter_dict['ipv4-random'], backend_haproxy_configuration['https-port']) %}

software/caddy-frontend/test/test.py

@@ -1485,6 +1485,11 @@ class TestSlave(SlaveHttpFrontendTestCase, TestDataMixin):
         'enable_cache': True,
         'disable-via-header': True,
       },
+      'enable_cache-https-only': {
+        'url': cls.backend_url,
+        'https-only': False,
+        'enable_cache': True,
+      },
       'enable-http2-false': {
         'url': cls.backend_url,
         'enable-http2': False,
@@ -1681,9 +1686,9 @@ class TestSlave(SlaveHttpFrontendTestCase, TestDataMixin):
       'monitor-base-url': 'https://[%s]:8401' % self._ipv6_address,
       'backend-client-caucase-url': 'http://[%s]:8990' % self._ipv6_address,
       'domain': 'example.com',
-      'accepted-slave-amount': '50',
+      'accepted-slave-amount': '51',
       'rejected-slave-amount': '0',
-      'slave-amount': '50',
+      'slave-amount': '51',
       'rejected-slave-dict': {
       },
       'warning-slave-dict': {
@@ -3669,6 +3674,61 @@ class TestSlave(SlaveHttpFrontendTestCase, TestDataMixin):
       result.headers['Location']
     )
 
+  def test_enable_cache_https_only(self):
+    parameter_dict = self.assertSlaveBase('enable_cache-https-only')
+
+    result = fakeHTTPSResult(
+      parameter_dict['domain'],
+      'test-path/deep/.././deeper', headers={
+        'X-Reply-Header-Cache-Control': 'max-age=1, stale-while-'
+        'revalidate=3600, stale-if-error=3600'})
+
+    self.assertEqualResultJson(result, 'Path', '/test-path/deeper')
+
+    headers = result.headers.copy()
+
+    self.assertKeyWithPop('Server', headers)
+    self.assertKeyWithPop('Date', headers)
+    self.assertKeyWithPop('Age', headers)
+
+    # drop keys appearing randomly in headers
+    headers.pop('Transfer-Encoding', None)
+    headers.pop('Content-Length', None)
+    headers.pop('Connection', None)
+    headers.pop('Keep-Alive', None)
+
+    self.assertEqual(
+      {
+        'Content-type': 'application/json',
+        'Set-Cookie': 'secured=value;secure, nonsecured=value',
+        'Cache-Control': 'max-age=1, stale-while-revalidate=3600, '
+                         'stale-if-error=3600'
+      },
+      headers
+    )
+
+    result = fakeHTTPResult(
+      parameter_dict['domain'],
+      'HTTPS/test', headers={
+        'X-Reply-Header-Cache-Control': 'max-age=1, stale-while-'
+        'revalidate=3600, stale-if-error=3600'})
+
+    self.assertEqual(httplib.OK, result.status_code)
+    self.assertEqualResultJson(result, 'Path', '/HTTPS/test')
+
+    headers = result.headers.copy()
+
+    result = fakeHTTPSResult(
+      parameter_dict['domain'],
+      'HTTP/test', headers={
+        'X-Reply-Header-Cache-Control': 'max-age=1, stale-while-'
+        'revalidate=3600, stale-if-error=3600'})
+
+    self.assertEqual(httplib.OK, result.status_code)
+    self.assertEqualResultJson(result, 'Path', '/HTTP/test')
+
+    headers = result.headers.copy()
+
   def test_enable_cache(self):
     parameter_dict = self.assertSlaveBase('enable_cache')
 

software/caddy-frontend/test/test_data/test.TestSlave.test_file_list_log-CADDY.txt

@@ -55,6 +55,9 @@ T-2/var/log/httpd/_enable_cache-disable-no-cache-request_error_log
 T-2/var/log/httpd/_enable_cache-disable-via-header_access_log
 T-2/var/log/httpd/_enable_cache-disable-via-header_backend_log
 T-2/var/log/httpd/_enable_cache-disable-via-header_error_log
+T-2/var/log/httpd/_enable_cache-https-only_access_log
+T-2/var/log/httpd/_enable_cache-https-only_backend_log
+T-2/var/log/httpd/_enable_cache-https-only_error_log
 T-2/var/log/httpd/_enable_cache_access_log
 T-2/var/log/httpd/_enable_cache_backend_log
 T-2/var/log/httpd/_enable_cache_custom_domain_access_log

software/caddy-frontend/test/test_data/test.TestSlaveGlobalDisableHttp2.test_file_list_log-CADDY.txt

@@ -55,6 +55,9 @@ T-2/var/log/httpd/_enable_cache-disable-no-cache-request_error_log
 T-2/var/log/httpd/_enable_cache-disable-via-header_access_log
 T-2/var/log/httpd/_enable_cache-disable-via-header_backend_log
 T-2/var/log/httpd/_enable_cache-disable-via-header_error_log
+T-2/var/log/httpd/_enable_cache-https-only_access_log
+T-2/var/log/httpd/_enable_cache-https-only_backend_log
+T-2/var/log/httpd/_enable_cache-https-only_error_log
 T-2/var/log/httpd/_enable_cache_access_log
 T-2/var/log/httpd/_enable_cache_backend_log
 T-2/var/log/httpd/_enable_cache_custom_domain_access_log