caddy-frontend: Validate virtualhostroot-http[s]-port

Since recent change the virtualhostroot-https-port and
virtualhostroot-http-port are casted to integer during configuration
generation so it's require to validate this input and reject incorrect values.

software/caddy-frontend/buildout.hash.cfg

@@ -26,7 +26,7 @@ md5sum = a6a626fd1579fd1d4b80ea67433ca16a
 
 [profile-caddy-replicate]
 filename = instance-apache-replicate.cfg.in
-md5sum = 2329022227099971a57f710832509153
+md5sum = 5fb1da6ff50234870f25a86ae51f5d5e
 
 [profile-slave-list]
 _update_hash_filename_ = templates/apache-custom-slave-list.cfg.in

software/caddy-frontend/instance-apache-replicate.cfg.in

@@ -152,6 +152,13 @@ context =
 {%       do slave_error_list.append('Wrong backend-active-check-fall %s' % (slave.get('backend-active-check-fall'),)) %}
 {%     endif %}
 {%   endif %}
+{#   Check virtualhostroot-http-port and virtualhostroot-https-port #}
+{%   for key in ['virtualhostroot-http-port', 'virtualhostroot-https-port'] %}
+{%     set value = (slave.get(key) or '1') | int(False) %}
+{%     if value in [False] or value < 0 %}
+{%       do slave_error_list.append('Wrong %s %r' % (key, slave.get(key))) %}
+{%     endif %}
+{%   endfor %}
 {#   Check ciphers #}
 {%   set slave_cipher_list = slave.get('ciphers', '').strip().split() %}
 {%   if slave_cipher_list %}

software/caddy-frontend/test/test.py

@@ -6541,8 +6541,8 @@ class TestSlaveRejectReportUnsafeDamaged(SlaveHttpFrontendTestCase):
       'monitor-base-url': 'https://[%s]:8401' % self._ipv6_address,
       'backend-client-caucase-url': 'http://[%s]:8990' % self._ipv6_address,
       'domain': 'example.com',
-      'accepted-slave-amount': '7',
-      'rejected-slave-amount': '24',
+      'accepted-slave-amount': '5',
+      'rejected-slave-amount': '26',
       'slave-amount': '31',
       'rejected-slave-dict': {
         '_HTTPS-URL': ['slave https-url "https://[fd46::c2ae]:!py!u\'123123\'"'
@@ -6575,6 +6575,10 @@ class TestSlaveRejectReportUnsafeDamaged(SlaveHttpFrontendTestCase):
         '_BAD-BACKEND': [
           "slave https-url 'http://host.domain:badport' invalid",
           "slave url 'http://1:2:3:4' invalid"],
+        '_VIRTUALHOSTROOT-HTTP-PORT-UNSAFE': [
+          "Wrong virtualhostroot-http-port '${section:option}'"],
+        '_VIRTUALHOSTROOT-HTTPS-PORT-UNSAFE': [
+          "Wrong virtualhostroot-https-port '${section:option}'"],
         '_EMPTY-BACKEND': [
           "slave https-url '' invalid",
           "slave url '' invalid"],
@@ -6711,60 +6715,27 @@ class TestSlaveRejectReportUnsafeDamaged(SlaveHttpFrontendTestCase):
   def test_virtualhostroot_http_port_unsafe(self):
     parameter_dict = self.parseSlaveParameterDict(
       'VIRTUALHOSTROOT-HTTP-PORT-UNSAFE')
-    self.assertLogAccessUrlWithPop(parameter_dict)
-    self.assertKedifaKeysWithPop(parameter_dict)
     self.assertEqual(
       {
-        'domain': 'virtualhostroothttpportunsafe.example.com',
-        'replication_number': '1',
-        'url': 'http://virtualhostroothttpportunsafe.example.com',
-        'site_url': 'http://virtualhostroothttpportunsafe.example.com',
-        'secure_access':
-        'https://virtualhostroothttpportunsafe.example.com',
-        'public-ipv4': self._ipv4_address,
-        'backend-client-caucase-url': 'http://[%s]:8990' % self._ipv6_address,
+        'request-error-list': [
+          "Wrong virtualhostroot-http-port '${section:option}'"
+        ]
       },
       parameter_dict
     )
 
-    result = fakeHTTPResult(
-      parameter_dict['domain'], parameter_dict['public-ipv4'], 'test-path')
-
-    self.assertEqual(httplib.FOUND, result.status_code)
-
   def test_virtualhostroot_https_port_unsafe(self):
     parameter_dict = self.parseSlaveParameterDict(
       'VIRTUALHOSTROOT-HTTPS-PORT-UNSAFE')
-    self.assertLogAccessUrlWithPop(parameter_dict)
-    self.assertKedifaKeysWithPop(parameter_dict)
     self.assertEqual(
       {
-        'domain': 'virtualhostroothttpsportunsafe.example.com',
-        'replication_number': '1',
-        'url': 'http://virtualhostroothttpsportunsafe.example.com',
-        'site_url': 'http://virtualhostroothttpsportunsafe.example.com',
-        'secure_access':
-        'https://virtualhostroothttpsportunsafe.example.com',
-        'public-ipv4': self._ipv4_address,
-        'backend-client-caucase-url': 'http://[%s]:8990' % self._ipv6_address,
+        'request-error-list': [
+          "Wrong virtualhostroot-https-port '${section:option}'"
+        ]
       },
       parameter_dict
     )
 
-    result = fakeHTTPSResult(
-      parameter_dict['domain'], parameter_dict['public-ipv4'], 'test-path')
-
-    self.assertEqual(
-      self.certificate_pem,
-      der2pem(result.peercert))
-
-    self.assertEqualResultJson(
-      result,
-      'Path',
-      '/VirtualHostBase/https//virtualhostroothttpsportunsafe'
-      '.example.com:0//VirtualHostRoot/test-path'
-    )
-
   def default_path_unsafe(self):
     parameter_dict = self.parseSlaveParameterDict('DEFAULT-PATH-UNSAFE')
     self.assertLogAccessUrlWithPop(parameter_dict)