caddy-frontend: Improve generated haproxy backend configuration

Avoid creating needless entries and minimise needless newlines, and reflect
this in test data, as in such case no backend_log is created, as nothing is
configured on backend Haproxy level.

software/caddy-frontend/buildout.hash.cfg

@@ -54,7 +54,7 @@ md5sum = 266f175dbdfc588af7a86b0b1884fe73
 
 [template-backend-haproxy-configuration]
 _update_hash_filename_ = templates/backend-haproxy.cfg.in
-md5sum = 80081a7ded0029bb24b4fe2d06b6ae95
+md5sum = 9b261b30eb7931e0e8f1e5dcba4696b8
 
 [template-log-access]
 _update_hash_filename_ = templates/template-log-access.conf.in

software/caddy-frontend/templates/backend-haproxy.cfg.in

@@ -14,27 +14,30 @@ defaults
   timeout connect {{ configuration['backend-connect-timeout'] }}s
   retries {{ configuration['backend-connect-retries'] }}
 
+{%- set SCHEME_PREFIX_MAPPING = { 'http': 'http_backend', 'https': 'https_backend'} %}
 {%- macro frontend_entry(slave_instance, scheme, wildcard) %}
 {#-   wildcard switch allows to put dangerous entries in the end, as haproxy parses with first match #}
-{%-   set host_list = (slave_instance.get('server-alias') or  '').split() %}
-{%-   if slave_instance.get('custom_domain') not in host_list %}
-{%-     do host_list.append(slave_instance.get('custom_domain')) %}
-{%-   endif %}
-{%-   set matched = {'count': 0} %}
-{%-   for host in host_list %}
-{#-     Match up to the end or optional port (starting with ':') #}
-{#-     Please note that this matching is quite sensitive to changes and hard to test, so avoid needless changes #}
-{%-     if wildcard and host.startswith('*.') %}
-{%-       do matched.__setitem__('count', matched['count'] + 1) %}
+{%-   if slave_instance[SCHEME_PREFIX_MAPPING[scheme]]['hostname'] and slave_instance[SCHEME_PREFIX_MAPPING[scheme]]['port'] %}
+{%-     set host_list = (slave_instance.get('server-alias') or  '').split() %}
+{%-     if slave_instance.get('custom_domain') not in host_list %}
+{%-       do host_list.append(slave_instance.get('custom_domain')) %}
+{%-     endif %}
+{%-     set matched = {'count': 0} %}
+{%-     for host in host_list %}
+{#-       Match up to the end or optional port (starting with ':') #}
+{#-       Please note that this matching is quite sensitive to changes and hard to test, so avoid needless changes #}
+{%-       if wildcard and host.startswith('*.') %}
+{%-         do matched.__setitem__('count', matched['count'] + 1) %}
 # match wildcard {{ host }}
   acl is_{{ slave_instance['slave_reference'] }} hdr_reg(host) -i {{ host[2:] }}($|:.*)
-{%-     elif not wildcard and not host.startswith('*.') %}
-{%-       do matched.__setitem__('count', matched['count'] + 1) %}
+{%-       elif not wildcard and not host.startswith('*.') %}
+{%-         do matched.__setitem__('count', matched['count'] + 1) %}
   acl is_{{ slave_instance['slave_reference'] }} hdr_reg(host) -i ^{{ host }}($|:.*)
-{%-     endif %}
-{%-   endfor %}
-{%-   if matched['count'] > 0 %}
+{%-       endif %}
+{%-     endfor %}
+{%-     if matched['count'] > 0 %}
   use_backend {{ slave_instance['slave_reference'] }}-{{ scheme }} if is_{{ slave_instance['slave_reference'] }}
+{%-     endif %}
 {%-   endif %}
 {%- endmacro %}
 
@@ -49,59 +52,58 @@ frontend statistic
 
 frontend http-backend
   bind {{ configuration['local-ipv4'] }}:{{ configuration['http-port'] }}
-{%- for slave_instance in backend_slave_list %}
+{%- for slave_instance in backend_slave_list -%}
 {{ frontend_entry(slave_instance, 'http', False) }}
 {%- endfor %}
-{%- for slave_instance in backend_slave_list %}
+{%- for slave_instance in backend_slave_list -%}
 {{ frontend_entry(slave_instance, 'http', True) }}
 {%- endfor %}
 
 frontend https-backend
   bind {{ configuration['local-ipv4'] }}:{{ configuration['https-port'] }}
-{%- for slave_instance in backend_slave_list %}
+{%- for slave_instance in backend_slave_list -%}
 {{ frontend_entry(slave_instance, 'https', False) }}
 {%- endfor %}
-{%- for slave_instance in backend_slave_list %}
+{%- for slave_instance in backend_slave_list -%}
 {{ frontend_entry(slave_instance, 'https', True) }}
 {%- endfor %}
 
 {%- for slave_instance in backend_slave_list %}
-{%-   for (scheme, prefix) in [('http', 'http_backend'), ('https', 'https_backend')] %}
+{%-   for (scheme, prefix) in SCHEME_PREFIX_MAPPING.items() %}
 {%-     set info_dict = slave_instance[prefix] %}
-{%-     if info_dict['scheme'] == 'https' %}
-{%-       set ssl = [] %}
-{%-       if slave_instance['authenticate-to-backend'] %}
-{%-         set ssl = ['crt %s' % (configuration['certificate'],)] %}
-{%-       endif %}
-{%-       do ssl.append('ssl verify') %}
-{%-       set path_to_ssl_proxy_ca_crt = slave_instance.get('path_to_ssl_proxy_ca_crt') %}
-{%-       if slave_instance['ssl_proxy_verify'] %}
-{%-         if path_to_ssl_proxy_ca_crt %}
-{%-           do ssl.append('required ca-file %s' % (path_to_ssl_proxy_ca_crt,)) %}
+{%-     if info_dict['hostname'] and info_dict['port'] %}
+{%-       set ssl_list = [] %}
+{%-       if info_dict['scheme'] == 'https' %}
+{%-         if slave_instance['authenticate-to-backend'] %}
+{%-           do ssl_list.append('crt %s' % (configuration['certificate'],)) %}
+{%-         endif %}
+{%-         do ssl_list.append('ssl verify') %}
+{%-         set path_to_ssl_proxy_ca_crt = slave_instance.get('path_to_ssl_proxy_ca_crt') %}
+{%-         if slave_instance['ssl_proxy_verify'] %}
+{%-           if path_to_ssl_proxy_ca_crt %}
+{%-             do ssl_list.append('required ca-file %s' % (path_to_ssl_proxy_ca_crt,)) %}
+{%-           else %}
+{#-           Backend SSL shall be verified, but not CA provided, disallow connection #}
+{#-           Simply dropping hostname from the dict will result with ignoring it... #}
+{%-           do info_dict.__setitem__('hostname', '') %}
+{%-           endif %}
 {%-         else %}
-{#-         Backend SSL shall be verified, but not CA provided, disallow connection #}
-{#-         Simply dropping hostname from the dict will result with ignoring it... #}
-{%-         do info_dict.__setitem__('hostname', '') %}
+{%-           do ssl_list.append('none') %}
 {%-         endif %}
-{%-       else %}
-{%-         do ssl.append('none') %}
 {%-       endif %}
-{%-       set ssl = ' '.join(ssl) %}
-{%-     else %}
-{%-       set ssl = '' %}
-{%-     endif %}
 
 backend {{ slave_instance['slave_reference'] }}-{{ scheme }}
-{%-     set hostname = info_dict['hostname'] %}
-{%-     set port = info_dict['port'] %}
-{%-     set path = info_dict['path'].rstrip('/') %}
-{%-     if hostname and port %}
+{%-       set hostname = info_dict['hostname'] %}
+{%-       set port = info_dict['port'] %}
+{%-       set path = info_dict['path'].rstrip('/') %}
+{%-       if hostname and port %}
   timeout server {{ slave_instance['request-timeout'] }}s
   timeout connect {{ slave_instance['backend-connect-timeout'] }}s
   retries {{ slave_instance['backend-connect-retries'] }}
-  server backend {{ hostname }}:{{ port }} {{ ssl }}
-{%-       if path %}
+  server backend {{ hostname }}:{{ port }} {{ ' '.join(ssl_list) }}
+{%-         if path %}
   http-request set-path {{ path }}%[path]
+{%-         endif %}
 {%-       endif %}
 {%-     endif %}
 {%-   endfor %}

software/caddy-frontend/test/test.py

@@ -1801,15 +1801,18 @@ class TestSlave(SlaveHttpFrontendTestCase, TestDataMixin):
       self.instance_path, '*', 'etc', 'backend-haproxy.cfg'))[0]
     with open(backend_configuration_file) as fh:
       content = fh.read()
-      self.assertTrue("""backend _Url-http
+    self.assertIn("""backend _Url-http
   timeout server 12s
   timeout connect 5s
-  retries 3""" in content)
-      self.assertTrue("""  timeout queue 60s
+  retries 3""", content)
+    self.assertIn("""  timeout queue 60s
   timeout server 12s
   timeout client 12s
   timeout connect 5s
-  retries 3""" in content)
+  retries 3""", content)
+    # check that no needless entries are generated
+    self.assertIn("backend _Url-http\n", content)
+    self.assertNotIn("backend _Url-https\n", content)
 
   def test_auth_to_backend(self):
     parameter_dict = self.assertSlaveBase('auth-to-backend')

software/caddy-frontend/test/test_data/test.TestEnableHttp2ByDefaultDefaultSlave.test_file_list_log-CADDY.txt

@@ -13,13 +13,10 @@ T-2/var/log/httpd/_dummy-cached_access_log
 T-2/var/log/httpd/_dummy-cached_backend_log
 T-2/var/log/httpd/_dummy-cached_error_log
 T-2/var/log/httpd/_enable-http2-default_access_log
-T-2/var/log/httpd/_enable-http2-default_backend_log
 T-2/var/log/httpd/_enable-http2-default_error_log
 T-2/var/log/httpd/_enable-http2-false_access_log
-T-2/var/log/httpd/_enable-http2-false_backend_log
 T-2/var/log/httpd/_enable-http2-false_error_log
 T-2/var/log/httpd/_enable-http2-true_access_log
-T-2/var/log/httpd/_enable-http2-true_backend_log
 T-2/var/log/httpd/_enable-http2-true_error_log
 T-2/var/log/monitor-httpd-access.log
 T-2/var/log/monitor-httpd-error.log

software/caddy-frontend/test/test_data/test.TestEnableHttp2ByDefaultDefaultSlaveGlobalDisableHttp2.test_file_list_log-CADDY.txt

@@ -13,13 +13,10 @@ T-2/var/log/httpd/_dummy-cached_access_log
 T-2/var/log/httpd/_dummy-cached_backend_log
 T-2/var/log/httpd/_dummy-cached_error_log
 T-2/var/log/httpd/_enable-http2-default_access_log
-T-2/var/log/httpd/_enable-http2-default_backend_log
 T-2/var/log/httpd/_enable-http2-default_error_log
 T-2/var/log/httpd/_enable-http2-false_access_log
-T-2/var/log/httpd/_enable-http2-false_backend_log
 T-2/var/log/httpd/_enable-http2-false_error_log
 T-2/var/log/httpd/_enable-http2-true_access_log
-T-2/var/log/httpd/_enable-http2-true_backend_log
 T-2/var/log/httpd/_enable-http2-true_error_log
 T-2/var/log/monitor-httpd-access.log
 T-2/var/log/monitor-httpd-error.log

software/caddy-frontend/test/test_data/test.TestEnableHttp2ByDefaultFalseSlave.test_file_list_log-CADDY.txt

@@ -13,13 +13,10 @@ T-2/var/log/httpd/_dummy-cached_access_log
 T-2/var/log/httpd/_dummy-cached_backend_log
 T-2/var/log/httpd/_dummy-cached_error_log
 T-2/var/log/httpd/_enable-http2-default_access_log
-T-2/var/log/httpd/_enable-http2-default_backend_log
 T-2/var/log/httpd/_enable-http2-default_error_log
 T-2/var/log/httpd/_enable-http2-false_access_log
-T-2/var/log/httpd/_enable-http2-false_backend_log
 T-2/var/log/httpd/_enable-http2-false_error_log
 T-2/var/log/httpd/_enable-http2-true_access_log
-T-2/var/log/httpd/_enable-http2-true_backend_log
 T-2/var/log/httpd/_enable-http2-true_error_log
 T-2/var/log/monitor-httpd-access.log
 T-2/var/log/monitor-httpd-error.log

software/caddy-frontend/test/test_data/test.TestEnableHttp2ByDefaultFalseSlaveGlobalDisableHttp2.test_file_list_log-CADDY.txt

@@ -13,13 +13,10 @@ T-2/var/log/httpd/_dummy-cached_access_log
 T-2/var/log/httpd/_dummy-cached_backend_log
 T-2/var/log/httpd/_dummy-cached_error_log
 T-2/var/log/httpd/_enable-http2-default_access_log
-T-2/var/log/httpd/_enable-http2-default_backend_log
 T-2/var/log/httpd/_enable-http2-default_error_log
 T-2/var/log/httpd/_enable-http2-false_access_log
-T-2/var/log/httpd/_enable-http2-false_backend_log
 T-2/var/log/httpd/_enable-http2-false_error_log
 T-2/var/log/httpd/_enable-http2-true_access_log
-T-2/var/log/httpd/_enable-http2-true_backend_log
 T-2/var/log/httpd/_enable-http2-true_error_log
 T-2/var/log/monitor-httpd-access.log
 T-2/var/log/monitor-httpd-error.log

software/caddy-frontend/test/test_data/test.TestSlave.test_file_list_log-CADDY.txt

@@ -22,7 +22,6 @@ T-2/var/log/httpd/_auth-to-backend_access_log
 T-2/var/log/httpd/_auth-to-backend_backend_log
 T-2/var/log/httpd/_auth-to-backend_error_log
 T-2/var/log/httpd/_ciphers_access_log
-T-2/var/log/httpd/_ciphers_backend_log
 T-2/var/log/httpd/_ciphers_error_log
 T-2/var/log/httpd/_custom_domain_access_log
 T-2/var/log/httpd/_custom_domain_backend_log
@@ -43,7 +42,6 @@ T-2/var/log/httpd/_disabled-cookie-list_access_log
 T-2/var/log/httpd/_disabled-cookie-list_backend_log
 T-2/var/log/httpd/_disabled-cookie-list_error_log
 T-2/var/log/httpd/_empty_access_log
-T-2/var/log/httpd/_empty_backend_log
 T-2/var/log/httpd/_empty_error_log
 T-2/var/log/httpd/_enable-http2-default_access_log
 T-2/var/log/httpd/_enable-http2-default_backend_log
@@ -79,10 +77,8 @@ T-2/var/log/httpd/_https-only_access_log
 T-2/var/log/httpd/_https-only_backend_log
 T-2/var/log/httpd/_https-only_error_log
 T-2/var/log/httpd/_monitor-ipv4-test_access_log
-T-2/var/log/httpd/_monitor-ipv4-test_backend_log
 T-2/var/log/httpd/_monitor-ipv4-test_error_log
 T-2/var/log/httpd/_monitor-ipv6-test_access_log
-T-2/var/log/httpd/_monitor-ipv6-test_backend_log
 T-2/var/log/httpd/_monitor-ipv6-test_error_log
 T-2/var/log/httpd/_prefer-gzip-encoding-to-backend-https-only_access_log
 T-2/var/log/httpd/_prefer-gzip-encoding-to-backend-https-only_backend_log

software/caddy-frontend/test/test_data/test.TestSlaveGlobalDisableHttp2.test_file_list_log-CADDY.txt

@@ -22,7 +22,6 @@ T-2/var/log/httpd/_auth-to-backend_access_log
 T-2/var/log/httpd/_auth-to-backend_backend_log
 T-2/var/log/httpd/_auth-to-backend_error_log
 T-2/var/log/httpd/_ciphers_access_log
-T-2/var/log/httpd/_ciphers_backend_log
 T-2/var/log/httpd/_ciphers_error_log
 T-2/var/log/httpd/_custom_domain_access_log
 T-2/var/log/httpd/_custom_domain_backend_log
@@ -43,7 +42,6 @@ T-2/var/log/httpd/_disabled-cookie-list_access_log
 T-2/var/log/httpd/_disabled-cookie-list_backend_log
 T-2/var/log/httpd/_disabled-cookie-list_error_log
 T-2/var/log/httpd/_empty_access_log
-T-2/var/log/httpd/_empty_backend_log
 T-2/var/log/httpd/_empty_error_log
 T-2/var/log/httpd/_enable-http2-default_access_log
 T-2/var/log/httpd/_enable-http2-default_backend_log
@@ -79,10 +77,8 @@ T-2/var/log/httpd/_https-only_access_log
 T-2/var/log/httpd/_https-only_backend_log
 T-2/var/log/httpd/_https-only_error_log
 T-2/var/log/httpd/_monitor-ipv4-test_access_log
-T-2/var/log/httpd/_monitor-ipv4-test_backend_log
 T-2/var/log/httpd/_monitor-ipv4-test_error_log
 T-2/var/log/httpd/_monitor-ipv6-test_access_log
-T-2/var/log/httpd/_monitor-ipv6-test_backend_log
 T-2/var/log/httpd/_monitor-ipv6-test_error_log
 T-2/var/log/httpd/_prefer-gzip-encoding-to-backend-https-only_access_log
 T-2/var/log/httpd/_prefer-gzip-encoding-to-backend-https-only_backend_log