SSL offloading: add more unit tests

Author: weizhouapache

core/src/main/java/com/cloud/network/HAProxyConfigurator.java

@@ -731,7 +731,7 @@ public String[][] generateFwRules(final LoadBalancerConfigCommand lbCmd) {
 
     @Override
     public SslCertEntry[] generateSslCertEntries(LoadBalancerConfigCommand lbCmd) {
-        final Set<SslCertEntry> sslCertEntries = new HashSet<SslCertEntry>();
+        final Set<SslCertEntry> sslCertEntries = new HashSet<>();
         for (final LoadBalancerTO lbTO : lbCmd.getLoadBalancers()) {
             if (lbTO.getSslCert() != null) {
                 addSslCertEntry(sslCertEntries, lbTO);

core/src/test/java/com/cloud/agent/resource/virtualnetwork/model/LoadBalancerRuleTest.java

@@ -0,0 +1,45 @@
+// Licensed to the Apache Software Foundation (ASF) under one
+// or more contributor license agreements.  See the NOTICE file
+// distributed with this work for additional information
+// regarding copyright ownership.  The ASF licenses this file
+// to you under the Apache License, Version 2.0 (the
+// "License"); you may not use this file except in compliance
+// with the License.  You may obtain a copy of the License at
+//
+//   http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing,
+// software distributed under the License is distributed on an
+// "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+// KIND, either express or implied.  See the License for the
+// specific language governing permissions and limitations
+// under the License.
+package com.cloud.agent.resource.virtualnetwork.model;
+
+import org.junit.Assert;
+import org.junit.Test;
+
+public class LoadBalancerRuleTest {
+
+    @Test
+    public void testSslCertEntry() {
+        String name = "name";
+        String cert = "cert";
+        String key = "key1";
+        String chain = "chain";
+        String password = "password";
+        LoadBalancerRule.SslCertEntry sslCertEntry = new LoadBalancerRule.SslCertEntry(name, cert, key, chain, password);
+
+        Assert.assertEquals(name, sslCertEntry.getName());
+        Assert.assertEquals(cert, sslCertEntry.getCert());
+        Assert.assertEquals(key, sslCertEntry.getKey());
+        Assert.assertEquals(chain, sslCertEntry.getChain());
+        Assert.assertEquals(password, sslCertEntry.getPassword());
+
+        LoadBalancerRule loadBalancerRule = new LoadBalancerRule();
+        loadBalancerRule.setSslCerts(new LoadBalancerRule.SslCertEntry[]{sslCertEntry});
+
+        Assert.assertEquals(1, loadBalancerRule.getSslCerts().length);
+        Assert.assertEquals(sslCertEntry, loadBalancerRule.getSslCerts()[0]);
+    }
+}

server/src/main/java/com/cloud/network/router/VirtualNetworkApplianceManagerImpl.java

@@ -1762,7 +1762,7 @@ private void updateWithLbRules(final DomainRouterJoinVO routerJoinVO, final Stri
         }
     }
 
-    private void updateWithLbRuleSslCertificates(final StringBuilder loadBalancingData, LoadBalancerVO loadBalancerVO, String sourceIp) {
+    protected void updateWithLbRuleSslCertificates(final StringBuilder loadBalancingData, LoadBalancerVO loadBalancerVO, String sourceIp) {
         if (NetUtils.SSL_PROTO.equals(loadBalancerVO.getLbProtocol())) {
             final LbSslCert sslCert = _lbMgr.getLbSslCert(loadBalancerVO.getId());
             if (sslCert != null && ! sslCert.isRevoked()) {

server/src/test/java/com/cloud/network/lb/LoadBalancingRulesManagerImplTest.java

@@ -18,11 +18,25 @@
 package com.cloud.network.lb;
 
 import com.cloud.network.Network;
+import com.cloud.network.NetworkModel;
+import com.cloud.network.dao.LoadBalancerCertMapDao;
+import com.cloud.network.dao.LoadBalancerCertMapVO;
+import com.cloud.network.dao.LoadBalancerDao;
 import com.cloud.network.dao.LoadBalancerVO;
 import com.cloud.network.dao.NetworkDao;
 import com.cloud.network.dao.NetworkVO;
+import com.cloud.network.dao.SslCertVO;
+import com.cloud.user.Account;
+import com.cloud.user.AccountManager;
+import com.cloud.user.AccountVO;
+import com.cloud.user.User;
+import com.cloud.user.UserVO;
+import com.cloud.utils.db.EntityManager;
 import com.cloud.utils.exception.CloudRuntimeException;
+import com.cloud.utils.net.NetUtils;
+import org.apache.cloudstack.acl.SecurityChecker;
 import org.apache.cloudstack.api.ServerApiException;
+import org.apache.cloudstack.context.CallContext;
 import org.apache.cloudstack.engine.orchestration.service.NetworkOrchestrationService;
 import org.junit.Assert;
 import org.junit.Test;
@@ -36,6 +50,7 @@
 import java.util.ArrayList;
 import java.util.Arrays;
 import java.util.List;
+import java.util.UUID;
 
 import static org.mockito.Mockito.when;
 
@@ -48,6 +63,21 @@ public class LoadBalancingRulesManagerImplTest{
     @Mock
     NetworkOrchestrationService _networkMgr;
 
+    @Mock
+    LoadBalancerDao _lbDao;
+
+    @Mock
+    EntityManager _entityMgr;
+
+    @Mock
+    AccountManager _accountMgr;
+
+    @Mock
+    NetworkModel _networkModel;
+
+    @Mock
+    LoadBalancerCertMapDao _lbCertMapDao;
+
     @Spy
     @InjectMocks
     LoadBalancingRulesManagerImpl lbr = new LoadBalancingRulesManagerImpl();
@@ -101,4 +131,40 @@ public void testGetLoadBalancerServiceProviderFail() {
 
         Network.Provider provider = lbr.getLoadBalancerServiceProvider(loadBalancerMock);
     }
+
+    @Test
+    public void testAssignCertToLoadBalancer() throws Exception{
+        long accountId = 10L;
+        long lbRuleId = 2L;
+        long certId = 3L;
+        long networkId = 4L;
+
+        AccountVO account = new AccountVO("testaccount", 1L, "networkdomain", Account.Type.NORMAL, "uuid");
+        account.setId(accountId);
+        UserVO user = new UserVO(1, "testuser", "password", "firstname", "lastName", "email", "timezone",
+                UUID.randomUUID().toString(), User.Source.UNKNOWN);
+        CallContext.register(user, account);
+
+        LoadBalancerVO loadBalancerMock = Mockito.mock(LoadBalancerVO.class);
+        when(_lbDao.findById(lbRuleId)).thenReturn(loadBalancerMock);
+        when(loadBalancerMock.getId()).thenReturn(lbRuleId);
+        when(loadBalancerMock.getAccountId()).thenReturn(accountId);
+        when(loadBalancerMock.getNetworkId()).thenReturn(networkId);
+        when(loadBalancerMock.getLbProtocol()).thenReturn(NetUtils.SSL_PROTO);
+
+        SslCertVO certVO = Mockito.mock(SslCertVO.class);
+        when(_entityMgr.findById(SslCertVO.class, certId)).thenReturn(certVO);
+        when(certVO.getAccountId()).thenReturn(accountId);
+
+        LoadBalancerCertMapVO certMapRule = Mockito.mock(LoadBalancerCertMapVO.class);
+        when(_lbCertMapDao.findByLbRuleId(lbRuleId)).thenReturn(certMapRule);
+
+        Mockito.doNothing().when(_accountMgr).checkAccess(Mockito.any(Account.class), Mockito.isNull(SecurityChecker.AccessType.class), Mockito.eq(true), Mockito.any(LoadBalancerVO.class));
+
+        Mockito.doReturn("LB").when(lbr).getLBCapability(networkId, Network.Capability.SslTermination.getName());
+        Mockito.doReturn(true).when(lbr).applyLoadBalancerConfig(lbRuleId);
+
+        lbr.assignCertToLoadBalancer(lbRuleId, certId, true);
+
+    }
 }

server/src/test/java/com/cloud/network/router/VirtualNetworkApplianceManagerImplTest.java

@@ -40,6 +40,7 @@
 import com.cloud.network.dao.IPAddressDao;
 import com.cloud.network.dao.LoadBalancerDao;
 import com.cloud.network.dao.LoadBalancerVMMapDao;
+import com.cloud.network.dao.LoadBalancerVO;
 import com.cloud.network.dao.MonitoringServiceDao;
 import com.cloud.network.dao.NetworkDao;
 import com.cloud.network.dao.NetworkVO;
@@ -54,6 +55,8 @@
 import com.cloud.network.dao.UserIpv6AddressDao;
 import com.cloud.network.dao.VirtualRouterProviderDao;
 import com.cloud.network.dao.VpnUserDao;
+import com.cloud.network.lb.LoadBalancingRule;
+import com.cloud.network.lb.LoadBalancingRulesManager;
 import com.cloud.network.rules.dao.PortForwardingRulesDao;
 import com.cloud.network.vpc.VpcVO;
 import com.cloud.network.vpc.dao.VpcDao;
@@ -67,6 +70,7 @@
 import com.cloud.user.dao.UserDao;
 import com.cloud.user.dao.UserStatisticsDao;
 import com.cloud.user.dao.UserStatsLogDao;
+import com.cloud.utils.net.NetUtils;
 import com.cloud.vm.DomainRouterVO;
 import com.cloud.vm.VirtualMachine;
 import com.cloud.vm.VirtualMachineManager;
@@ -259,6 +263,9 @@ public class VirtualNetworkApplianceManagerImplTest {
     @Mock
     private BGPService bgpService;
 
+    @Mock
+    private LoadBalancingRulesManager _lbMgr;
+
     //    @InjectMocks
     //    private VirtualNetworkApplianceManagerImpl virtualNetworkApplianceManagerImpl;
 
@@ -391,4 +398,21 @@ public void testFinalizeNetworkRulesForVpcNetwork() {
 
         Mockito.verify(_commandSetupHelper).createBgpPeersCommands(bgpPeers, router, cmds, network);
     }
+
+    @Test
+    public void testUpdateWithLbRuleSslCertificates() {
+        StringBuilder loadBalancingData = new StringBuilder();
+        LoadBalancerVO loadBalancer = Mockito.mock(LoadBalancerVO.class);
+        when(loadBalancer.getLbProtocol()).thenReturn(NetUtils.SSL_PROTO);
+        when(loadBalancer.getId()).thenReturn(1L);
+        when(loadBalancer.getSourcePortStart()).thenReturn(443);
+        LoadBalancingRule.LbSslCert lbSslCert = Mockito.mock(LoadBalancingRule.LbSslCert.class);
+        when(lbSslCert.isRevoked()).thenReturn(false);
+        when(_lbMgr.getLbSslCert(1L)).thenReturn(lbSslCert);
+        String sourceIp = "1.2.3.4";
+
+        virtualNetworkApplianceManagerImpl.updateWithLbRuleSslCertificates(loadBalancingData, loadBalancer, sourceIp);
+
+        Assert.assertEquals(",sslcert=1_2_3_4-443.pem",  loadBalancingData.toString());
+    }
 }