caddy-frontend: Remove "server" pollution on slaves

Server returns slave list with request and publish keys, but only request keys
are important.

In order to avoid needless updates and nonsense data remove those polluted
keys before publishing information about each slave.

software/caddy-frontend/buildout.hash.cfg

@@ -26,7 +26,7 @@ md5sum = 2903758a104186b7dae9573c3470be78
 
 [template-caddy-replicate]
 filename = instance-apache-replicate.cfg.in
-md5sum = 491a19d1747bbf795c27b094cf67114d
+md5sum = af2c92ff8abf56ea31289f6d7013bf62
 
 [template-slave-list]
 filename = templates/apache-custom-slave-list.cfg.in

software/caddy-frontend/instance-apache-replicate.cfg.in

 {% if slap_software_type in software_type %}
+{#- SERVER_POLLUTED_KEY_LIST is a list of keys which comes from various SlapOS Master implementations, which mix request and publish keys on each slave information -#}
+{%- set SERVER_POLLUTED_KEY_LIST = ['connection-parameter-hash', 'timestamp', 'slave_title', 'slap_software_type'] -%}
 {%- set TRUE_VALUES = ['y', 'yes', '1', 'true'] -%}
 {%- set GOOD_CIPHER_LIST = ['ECDHE-ECDSA-AES256-GCM-SHA384', 'ECDHE-RSA-AES256-GCM-SHA384', 'ECDHE-ECDSA-AES128-GCM-SHA256', 'ECDHE-RSA-AES128-GCM-SHA256', 'ECDHE-ECDSA-WITH-CHACHA20-POLY1305', 'ECDHE-RSA-WITH-CHACHA20-POLY1305', 'ECDHE-RSA-AES256-CBC-SHA', 'ECDHE-RSA-AES128-CBC-SHA', 'ECDHE-ECDSA-AES256-CBC-SHA', 'ECDHE-ECDSA-AES128-CBC-SHA', 'RSA-AES256-CBC-SHA', 'RSA-AES128-CBC-SHA', 'ECDHE-RSA-3DES-EDE-CBC-SHA', 'RSA-3DES-EDE-CBC-SHA'] %}
 {% set aikc_enabled = slapparameter_dict.get('automatic-internal-kedifa-caucase-csr', 'true').lower() in TRUE_VALUES %}
@@ -183,7 +185,12 @@ context =
 {%     endif %}
 {%   endif %}
 {%   if len(slave_error_list) == 0 %}
-{%     do authorized_slave_list.append(slave) %}
+{#   Cleanup slave from not needed keys which come from implementation of SlapOS Master #}
+{%     set authorized_slave = slave.copy() %}
+{%     for key in SERVER_POLLUTED_KEY_LIST %}
+{%       do authorized_slave.pop(key, None) %}
+{%     endfor %}
+{%     do authorized_slave_list.append(authorized_slave) %}
 {%   else %}
 {%     do rejected_slave_dict.__setitem__(slave.get('slave_reference'), slave_error_list) %}
 {%     do rejected_slave_title_dict.__setitem__(slave.get('slave_title'), slave_error_list) %}
@@ -294,7 +301,7 @@ config-monitor-password = ${monitor-htpasswd:passwd}
 config-{{ key }} = {{ dumps(slapparameter_dict[key]) }}
 {%-   endif %}
 {%- endfor %}
-config-slave-list = {{ dumps(slave_instance_list) }}
+config-slave-list = {{ dumps(authorized_slave_list) }}
 config-cluster-identification = {{ cluster_identification }}
 
 {% set frontend_software_url_key = "-frontend-software-release-url" %}

software/caddy-frontend/test/test.py

@@ -975,6 +975,14 @@ class SlaveHttpFrontendTestCase(HttpFrontendTestCase):
 
     return parameter_dict
 
+  def getMasterPartitionPath(self):
+    return '/' + os.path.join(
+      *glob.glob(
+        os.path.join(
+          self.instance_path, '*', 'etc', 'Caddyfile-rejected-slave'
+        )
+      )[0].split('/')[:-2])
+
 
 class TestSlave(SlaveHttpFrontendTestCase, TestDataMixin):
   caddy_custom_https = '''# caddy_custom_https_filled_in_accepted
@@ -1495,6 +1503,18 @@ http://apachecustomhttpsaccepted.example.com:%%(http_port)s {
       result_missing.text
     )
 
+  def test_server_polluted_keys_removed(self):
+    buildout_file = os.path.join(
+      self.getMasterPartitionPath(), 'buildout-switch-softwaretype.cfg')
+    for line in [
+      q for q in open(buildout_file).readlines()
+      if q.startswith('config-slave-list') or q.startswith(
+          'config-extra_slave_instance_list')]:
+      self.assertFalse('slave_title' in line)
+      self.assertFalse('slap_software_type' in line)
+      self.assertFalse('connection-parameter-hash' in line)
+      self.assertFalse('timestamp' in line)
+
   def test_url(self):
     parameter_dict = self.assertSlaveBase('Url')