Commit c1e580e5 authored by Łukasz Nowak's avatar Łukasz Nowak Committed by Łukasz Nowak

caddy-frontend: Remove "server" pollution on slaves

Server returns slave list with request and publish keys, but only request keys
are important.

In order to avoid needless updates and nonsense data remove those polluted
keys before publishing information about each slave.
parent 7fa64ad5
...@@ -26,7 +26,7 @@ md5sum = 2903758a104186b7dae9573c3470be78 ...@@ -26,7 +26,7 @@ md5sum = 2903758a104186b7dae9573c3470be78
[template-caddy-replicate] [template-caddy-replicate]
filename = instance-apache-replicate.cfg.in filename = instance-apache-replicate.cfg.in
md5sum = 491a19d1747bbf795c27b094cf67114d md5sum = af2c92ff8abf56ea31289f6d7013bf62
[template-slave-list] [template-slave-list]
filename = templates/apache-custom-slave-list.cfg.in filename = templates/apache-custom-slave-list.cfg.in
......
{% if slap_software_type in software_type %} {% if slap_software_type in software_type %}
{#- SERVER_POLLUTED_KEY_LIST is a list of keys which comes from various SlapOS Master implementations, which mix request and publish keys on each slave information -#}
{%- set SERVER_POLLUTED_KEY_LIST = ['connection-parameter-hash', 'timestamp', 'slave_title', 'slap_software_type'] -%}
{%- set TRUE_VALUES = ['y', 'yes', '1', 'true'] -%} {%- set TRUE_VALUES = ['y', 'yes', '1', 'true'] -%}
{%- set GOOD_CIPHER_LIST = ['ECDHE-ECDSA-AES256-GCM-SHA384', 'ECDHE-RSA-AES256-GCM-SHA384', 'ECDHE-ECDSA-AES128-GCM-SHA256', 'ECDHE-RSA-AES128-GCM-SHA256', 'ECDHE-ECDSA-WITH-CHACHA20-POLY1305', 'ECDHE-RSA-WITH-CHACHA20-POLY1305', 'ECDHE-RSA-AES256-CBC-SHA', 'ECDHE-RSA-AES128-CBC-SHA', 'ECDHE-ECDSA-AES256-CBC-SHA', 'ECDHE-ECDSA-AES128-CBC-SHA', 'RSA-AES256-CBC-SHA', 'RSA-AES128-CBC-SHA', 'ECDHE-RSA-3DES-EDE-CBC-SHA', 'RSA-3DES-EDE-CBC-SHA'] %} {%- set GOOD_CIPHER_LIST = ['ECDHE-ECDSA-AES256-GCM-SHA384', 'ECDHE-RSA-AES256-GCM-SHA384', 'ECDHE-ECDSA-AES128-GCM-SHA256', 'ECDHE-RSA-AES128-GCM-SHA256', 'ECDHE-ECDSA-WITH-CHACHA20-POLY1305', 'ECDHE-RSA-WITH-CHACHA20-POLY1305', 'ECDHE-RSA-AES256-CBC-SHA', 'ECDHE-RSA-AES128-CBC-SHA', 'ECDHE-ECDSA-AES256-CBC-SHA', 'ECDHE-ECDSA-AES128-CBC-SHA', 'RSA-AES256-CBC-SHA', 'RSA-AES128-CBC-SHA', 'ECDHE-RSA-3DES-EDE-CBC-SHA', 'RSA-3DES-EDE-CBC-SHA'] %}
{% set aikc_enabled = slapparameter_dict.get('automatic-internal-kedifa-caucase-csr', 'true').lower() in TRUE_VALUES %} {% set aikc_enabled = slapparameter_dict.get('automatic-internal-kedifa-caucase-csr', 'true').lower() in TRUE_VALUES %}
...@@ -183,7 +185,12 @@ context = ...@@ -183,7 +185,12 @@ context =
{% endif %} {% endif %}
{% endif %} {% endif %}
{% if len(slave_error_list) == 0 %} {% if len(slave_error_list) == 0 %}
{% do authorized_slave_list.append(slave) %} {# Cleanup slave from not needed keys which come from implementation of SlapOS Master #}
{% set authorized_slave = slave.copy() %}
{% for key in SERVER_POLLUTED_KEY_LIST %}
{% do authorized_slave.pop(key, None) %}
{% endfor %}
{% do authorized_slave_list.append(authorized_slave) %}
{% else %} {% else %}
{% do rejected_slave_dict.__setitem__(slave.get('slave_reference'), slave_error_list) %} {% do rejected_slave_dict.__setitem__(slave.get('slave_reference'), slave_error_list) %}
{% do rejected_slave_title_dict.__setitem__(slave.get('slave_title'), slave_error_list) %} {% do rejected_slave_title_dict.__setitem__(slave.get('slave_title'), slave_error_list) %}
...@@ -294,7 +301,7 @@ config-monitor-password = ${monitor-htpasswd:passwd} ...@@ -294,7 +301,7 @@ config-monitor-password = ${monitor-htpasswd:passwd}
config-{{ key }} = {{ dumps(slapparameter_dict[key]) }} config-{{ key }} = {{ dumps(slapparameter_dict[key]) }}
{%- endif %} {%- endif %}
{%- endfor %} {%- endfor %}
config-slave-list = {{ dumps(slave_instance_list) }} config-slave-list = {{ dumps(authorized_slave_list) }}
config-cluster-identification = {{ cluster_identification }} config-cluster-identification = {{ cluster_identification }}
{% set frontend_software_url_key = "-frontend-software-release-url" %} {% set frontend_software_url_key = "-frontend-software-release-url" %}
......
...@@ -975,6 +975,14 @@ class SlaveHttpFrontendTestCase(HttpFrontendTestCase): ...@@ -975,6 +975,14 @@ class SlaveHttpFrontendTestCase(HttpFrontendTestCase):
return parameter_dict return parameter_dict
def getMasterPartitionPath(self):
return '/' + os.path.join(
*glob.glob(
os.path.join(
self.instance_path, '*', 'etc', 'Caddyfile-rejected-slave'
)
)[0].split('/')[:-2])
class TestSlave(SlaveHttpFrontendTestCase, TestDataMixin): class TestSlave(SlaveHttpFrontendTestCase, TestDataMixin):
caddy_custom_https = '''# caddy_custom_https_filled_in_accepted caddy_custom_https = '''# caddy_custom_https_filled_in_accepted
...@@ -1495,6 +1503,18 @@ http://apachecustomhttpsaccepted.example.com:%%(http_port)s { ...@@ -1495,6 +1503,18 @@ http://apachecustomhttpsaccepted.example.com:%%(http_port)s {
result_missing.text result_missing.text
) )
def test_server_polluted_keys_removed(self):
buildout_file = os.path.join(
self.getMasterPartitionPath(), 'buildout-switch-softwaretype.cfg')
for line in [
q for q in open(buildout_file).readlines()
if q.startswith('config-slave-list') or q.startswith(
'config-extra_slave_instance_list')]:
self.assertFalse('slave_title' in line)
self.assertFalse('slap_software_type' in line)
self.assertFalse('connection-parameter-hash' in line)
self.assertFalse('timestamp' in line)
def test_url(self): def test_url(self):
parameter_dict = self.assertSlaveBase('Url') parameter_dict = self.assertSlaveBase('Url')
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment