"Fossies" - the Fresh Open Source Software Archive

Member "octavia-8.0.0/octavia/tests/unit/common/jinja/haproxy/combined_listeners/test_jinja_cfg.py" (14 Apr 2021, 84059 Bytes) of package /linux/misc/openstack/octavia-8.0.0.tar.gz:


As a special service "Fossies" has tried to format the requested source page into HTML format using (guessed) Python source code syntax highlighting (style: standard) with prefixed line numbers. Alternatively you can here view or download the uninterpreted source code file. See also the latest Fossies "Diffs" side-by-side code changes report for "test_jinja_cfg.py": 7.1.1_vs_8.0.0.

    1 # Copyright 2014 OpenStack Foundation
    2 # All Rights Reserved.
    3 #
    4 #    Licensed under the Apache License, Version 2.0 (the "License"); you may
    5 #    not use this file except in compliance with the License. You may obtain
    6 #    a copy of the License at
    7 #
    8 #         http://www.apache.org/licenses/LICENSE-2.0
    9 #
   10 #    Unless required by applicable law or agreed to in writing, software
   11 #    distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
   12 #    WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
   13 #    License for the specific language governing permissions and limitations
   14 #    under the License.
   15 
   16 import copy
   17 import os
   18 
   19 from oslo_config import cfg
   20 from oslo_config import fixture as oslo_fixture
   21 
   22 from octavia.common import constants
   23 from octavia.common.jinja.haproxy.combined_listeners import jinja_cfg
   24 from octavia.tests.unit import base
   25 from octavia.tests.unit.common.sample_configs import sample_configs_combined
   26 
   27 CONF = cfg.CONF
   28 
   29 
   30 class TestHaproxyCfg(base.TestCase):
   31     def setUp(self):
   32         super().setUp()
   33         self.jinja_cfg = jinja_cfg.JinjaTemplater(
   34             base_amp_path='/var/lib/octavia',
   35             base_crt_dir='/var/lib/octavia/certs')
   36 
   37     def test_get_template(self):
   38         template = self.jinja_cfg._get_template()
   39         self.assertEqual('haproxy.cfg.j2', template.name)
   40 
   41     def test_render_template_tls(self):
   42         conf = oslo_fixture.Config(cfg.CONF)
   43         conf.config(group="haproxy_amphora", base_cert_dir='/fake_cert_dir')
   44         FAKE_CRT_LIST_FILENAME = os.path.join(
   45             CONF.haproxy_amphora.base_cert_dir,
   46             'sample_loadbalancer_id_1/sample_listener_id_1.pem')
   47         fe = ("frontend sample_listener_id_1\n"
   48               "    maxconn {maxconn}\n"
   49               "    redirect scheme https if !{{ ssl_fc }}\n"
   50               "    bind 10.0.0.2:443 "
   51               "ssl crt-list {crt_list} "
   52               "ca-file /var/lib/octavia/certs/sample_loadbalancer_id_1/"
   53               "client_ca.pem verify required crl-file /var/lib/octavia/"
   54               "certs/sample_loadbalancer_id_1/SHA_ID.pem ciphers {ciphers} "
   55               "no-sslv3 no-tlsv10 no-tlsv11 alpn {alpn}\n"
   56               "    mode http\n"
   57               "    default_backend sample_pool_id_1:sample_listener_id_1\n"
   58               "    timeout client 50000\n").format(
   59             maxconn=constants.HAPROXY_DEFAULT_MAXCONN,
   60             crt_list=FAKE_CRT_LIST_FILENAME,
   61             ciphers=constants.CIPHERS_OWASP_SUITE_B,
   62             alpn=",".join(constants.AMPHORA_SUPPORTED_ALPN_PROTOCOLS))
   63         be = ("backend sample_pool_id_1:sample_listener_id_1\n"
   64               "    mode http\n"
   65               "    balance roundrobin\n"
   66               "    cookie SRV insert indirect nocache\n"
   67               "    timeout check 31s\n"
   68               "    option httpchk GET /index.html HTTP/1.0\\r\\n\n"
   69               "    http-check expect rstatus 418\n"
   70               "    fullconn {maxconn}\n"
   71               "    option allbackups\n"
   72               "    timeout connect 5000\n"
   73               "    timeout server 50000\n"
   74               "    server sample_member_id_1 10.0.0.99:82 "
   75               "weight 13 check inter 30s fall 3 rise 2 "
   76               "cookie sample_member_id_1\n"
   77               "    server sample_member_id_2 10.0.0.98:82 "
   78               "weight 13 check inter 30s fall 3 rise 2 cookie "
   79               "sample_member_id_2\n\n").format(
   80             maxconn=constants.HAPROXY_DEFAULT_MAXCONN)
   81         tls_tupe = {'cont_id_1':
   82                     sample_configs_combined.sample_tls_container_tuple(
   83                         id='tls_container_id',
   84                         certificate='imaCert1', private_key='imaPrivateKey1',
   85                         primary_cn='FakeCN'),
   86                     'cont_id_ca': 'client_ca.pem',
   87                     'cont_id_crl': 'SHA_ID.pem'}
   88         rendered_obj = self.jinja_cfg.render_loadbalancer_obj(
   89             sample_configs_combined.sample_amphora_tuple(),
   90             [sample_configs_combined.sample_listener_tuple(
   91                 proto='TERMINATED_HTTPS', tls=True, sni=True,
   92                 client_ca_cert=True, client_crl_cert=True)],
   93             tls_tupe)
   94         self.assertEqual(
   95             sample_configs_combined.sample_base_expected_config(
   96                 frontend=fe, backend=be),
   97             rendered_obj)
   98 
   99     def test_render_template_tls_no_sni(self):
  100         conf = oslo_fixture.Config(cfg.CONF)
  101         conf.config(group="haproxy_amphora", base_cert_dir='/fake_cert_dir')
  102         FAKE_CRT_LIST_FILENAME = os.path.join(
  103             CONF.haproxy_amphora.base_cert_dir,
  104             'sample_loadbalancer_id_1/sample_listener_id_1.pem')
  105         fe = ("frontend sample_listener_id_1\n"
  106               "    maxconn {maxconn}\n"
  107               "    redirect scheme https if !{{ ssl_fc }}\n"
  108               "    bind 10.0.0.2:443 ssl crt-list {crt_list}"
  109               "   ciphers {ciphers} no-sslv3 no-tlsv10 no-tlsv11 alpn {alpn}\n"
  110               "    mode http\n"
  111               "    default_backend sample_pool_id_1:sample_listener_id_1\n"
  112               "    timeout client 50000\n").format(
  113             maxconn=constants.HAPROXY_DEFAULT_MAXCONN,
  114             crt_list=FAKE_CRT_LIST_FILENAME,
  115             ciphers=constants.CIPHERS_OWASP_SUITE_B,
  116             alpn=",".join(constants.AMPHORA_SUPPORTED_ALPN_PROTOCOLS))
  117         be = ("backend sample_pool_id_1:sample_listener_id_1\n"
  118               "    mode http\n"
  119               "    balance roundrobin\n"
  120               "    cookie SRV insert indirect nocache\n"
  121               "    timeout check 31s\n"
  122               "    option httpchk GET /index.html HTTP/1.0\\r\\n\n"
  123               "    http-check expect rstatus 418\n"
  124               "    fullconn {maxconn}\n"
  125               "    option allbackups\n"
  126               "    timeout connect 5000\n"
  127               "    timeout server 50000\n"
  128               "    server sample_member_id_1 10.0.0.99:82 "
  129               "weight 13 check inter 30s fall 3 rise 2 "
  130               "cookie sample_member_id_1\n"
  131               "    server sample_member_id_2 10.0.0.98:82 "
  132               "weight 13 check inter 30s fall 3 rise 2 "
  133               "cookie sample_member_id_2\n\n").format(
  134             maxconn=constants.HAPROXY_DEFAULT_MAXCONN)
  135         rendered_obj = self.jinja_cfg.render_loadbalancer_obj(
  136             sample_configs_combined.sample_amphora_tuple(),
  137             [sample_configs_combined.sample_listener_tuple(
  138                 proto='TERMINATED_HTTPS', tls=True)],
  139             tls_certs={'cont_id_1':
  140                        sample_configs_combined.sample_tls_container_tuple(
  141                            id='tls_container_id',
  142                            certificate='ImAalsdkfjCert',
  143                            private_key='ImAsdlfksdjPrivateKey',
  144                            primary_cn="FakeCN")})
  145         self.assertEqual(
  146             sample_configs_combined.sample_base_expected_config(
  147                 frontend=fe, backend=be),
  148             rendered_obj)
  149 
  150     def test_render_template_tls_no_ciphers(self):
  151         conf = oslo_fixture.Config(cfg.CONF)
  152         conf.config(group="haproxy_amphora", base_cert_dir='/fake_cert_dir')
  153         FAKE_CRT_LIST_FILENAME = os.path.join(
  154             CONF.haproxy_amphora.base_cert_dir,
  155             'sample_loadbalancer_id_1/sample_listener_id_1.pem')
  156         fe = ("frontend sample_listener_id_1\n"
  157               "    maxconn {maxconn}\n"
  158               "    redirect scheme https if !{{ ssl_fc }}\n"
  159               "    bind 10.0.0.2:443 ssl crt-list {crt_list}    "
  160               "no-sslv3 no-tlsv10 no-tlsv11 alpn {alpn}\n"
  161               "    mode http\n"
  162               "    default_backend sample_pool_id_1:sample_listener_id_1\n"
  163               "    timeout client 50000\n").format(
  164             maxconn=constants.HAPROXY_DEFAULT_MAXCONN,
  165             crt_list=FAKE_CRT_LIST_FILENAME,
  166             alpn=",".join(constants.AMPHORA_SUPPORTED_ALPN_PROTOCOLS))
  167         be = ("backend sample_pool_id_1:sample_listener_id_1\n"
  168               "    mode http\n"
  169               "    balance roundrobin\n"
  170               "    cookie SRV insert indirect nocache\n"
  171               "    timeout check 31s\n"
  172               "    option httpchk GET /index.html HTTP/1.0\\r\\n\n"
  173               "    http-check expect rstatus 418\n"
  174               "    fullconn {maxconn}\n"
  175               "    option allbackups\n"
  176               "    timeout connect 5000\n"
  177               "    timeout server 50000\n"
  178               "    server sample_member_id_1 10.0.0.99:82 "
  179               "weight 13 check inter 30s fall 3 rise 2 "
  180               "cookie sample_member_id_1\n"
  181               "    server sample_member_id_2 10.0.0.98:82 "
  182               "weight 13 check inter 30s fall 3 rise 2 "
  183               "cookie sample_member_id_2\n\n").format(
  184             maxconn=constants.HAPROXY_DEFAULT_MAXCONN)
  185         rendered_obj = self.jinja_cfg.render_loadbalancer_obj(
  186             sample_configs_combined.sample_amphora_tuple(),
  187             [sample_configs_combined.sample_listener_tuple(
  188                 proto='TERMINATED_HTTPS', tls=True, tls_ciphers=None)],
  189             tls_certs={'cont_id_1':
  190                        sample_configs_combined.sample_tls_container_tuple(
  191                            id='tls_container_id',
  192                            certificate='ImAalsdkfjCert',
  193                            private_key='ImAsdlfksdjPrivateKey',
  194                            primary_cn="FakeCN")})
  195         self.assertEqual(
  196             sample_configs_combined.sample_base_expected_config(
  197                 frontend=fe, backend=be),
  198             rendered_obj)
  199 
  200     def test_render_template_tls_no_versions(self):
  201         conf = oslo_fixture.Config(cfg.CONF)
  202         conf.config(group="haproxy_amphora", base_cert_dir='/fake_cert_dir')
  203         FAKE_CRT_LIST_FILENAME = os.path.join(
  204             CONF.haproxy_amphora.base_cert_dir,
  205             'sample_loadbalancer_id_1/sample_listener_id_1.pem')
  206         fe = ("frontend sample_listener_id_1\n"
  207               "    maxconn {maxconn}\n"
  208               "    redirect scheme https if !{{ ssl_fc }}\n"
  209               "    bind 10.0.0.2:443 "
  210               "ssl crt-list {crt_list} "
  211               "ca-file /var/lib/octavia/certs/sample_loadbalancer_id_1/"
  212               "client_ca.pem verify required crl-file /var/lib/octavia/"
  213               "certs/sample_loadbalancer_id_1/SHA_ID.pem ciphers {ciphers} "
  214               "alpn {alpn}\n"
  215               "    mode http\n"
  216               "    default_backend sample_pool_id_1:sample_listener_id_1\n"
  217               "    timeout client 50000\n").format(
  218             maxconn=constants.HAPROXY_DEFAULT_MAXCONN,
  219             crt_list=FAKE_CRT_LIST_FILENAME,
  220             ciphers=constants.CIPHERS_OWASP_SUITE_B,
  221             alpn=",".join(constants.AMPHORA_SUPPORTED_ALPN_PROTOCOLS))
  222         be = ("backend sample_pool_id_1:sample_listener_id_1\n"
  223               "    mode http\n"
  224               "    balance roundrobin\n"
  225               "    cookie SRV insert indirect nocache\n"
  226               "    timeout check 31s\n"
  227               "    option httpchk GET /index.html HTTP/1.0\\r\\n\n"
  228               "    http-check expect rstatus 418\n"
  229               "    fullconn {maxconn}\n"
  230               "    option allbackups\n"
  231               "    timeout connect 5000\n"
  232               "    timeout server 50000\n"
  233               "    server sample_member_id_1 10.0.0.99:82 "
  234               "weight 13 check inter 30s fall 3 rise 2 "
  235               "cookie sample_member_id_1\n"
  236               "    server sample_member_id_2 10.0.0.98:82 "
  237               "weight 13 check inter 30s fall 3 rise 2 cookie "
  238               "sample_member_id_2\n\n").format(
  239             maxconn=constants.HAPROXY_DEFAULT_MAXCONN)
  240         tls_tupe = {'cont_id_1':
  241                     sample_configs_combined.sample_tls_container_tuple(
  242                         id='tls_container_id',
  243                         certificate='imaCert1', private_key='imaPrivateKey1',
  244                         primary_cn='FakeCN'),
  245                     'cont_id_ca': 'client_ca.pem',
  246                     'cont_id_crl': 'SHA_ID.pem'}
  247         rendered_obj = self.jinja_cfg.render_loadbalancer_obj(
  248             sample_configs_combined.sample_amphora_tuple(),
  249             [sample_configs_combined.sample_listener_tuple(
  250                 proto='TERMINATED_HTTPS', tls=True, sni=True,
  251                 client_ca_cert=True, client_crl_cert=True, tls_versions=None)],
  252             tls_tupe)
  253         self.assertEqual(
  254             sample_configs_combined.sample_base_expected_config(
  255                 frontend=fe, backend=be),
  256             rendered_obj)
  257 
  258     def test_render_template_tls_no_ciphers_or_versions(self):
  259         conf = oslo_fixture.Config(cfg.CONF)
  260         conf.config(group="haproxy_amphora", base_cert_dir='/fake_cert_dir')
  261         FAKE_CRT_LIST_FILENAME = os.path.join(
  262             CONF.haproxy_amphora.base_cert_dir,
  263             'sample_loadbalancer_id_1/sample_listener_id_1.pem')
  264         fe = ("frontend sample_listener_id_1\n"
  265               "    maxconn {maxconn}\n"
  266               "    redirect scheme https if !{{ ssl_fc }}\n"
  267               "    bind 10.0.0.2:443 ssl crt-list {crt_list}    "
  268               "alpn {alpn}\n"
  269               "    mode http\n"
  270               "    default_backend sample_pool_id_1:sample_listener_id_1\n"
  271               "    timeout client 50000\n").format(
  272             maxconn=constants.HAPROXY_DEFAULT_MAXCONN,
  273             crt_list=FAKE_CRT_LIST_FILENAME,
  274             alpn=",".join(constants.AMPHORA_SUPPORTED_ALPN_PROTOCOLS))
  275         be = ("backend sample_pool_id_1:sample_listener_id_1\n"
  276               "    mode http\n"
  277               "    balance roundrobin\n"
  278               "    cookie SRV insert indirect nocache\n"
  279               "    timeout check 31s\n"
  280               "    option httpchk GET /index.html HTTP/1.0\\r\\n\n"
  281               "    http-check expect rstatus 418\n"
  282               "    fullconn {maxconn}\n"
  283               "    option allbackups\n"
  284               "    timeout connect 5000\n"
  285               "    timeout server 50000\n"
  286               "    server sample_member_id_1 10.0.0.99:82 "
  287               "weight 13 check inter 30s fall 3 rise 2 "
  288               "cookie sample_member_id_1\n"
  289               "    server sample_member_id_2 10.0.0.98:82 "
  290               "weight 13 check inter 30s fall 3 rise 2 "
  291               "cookie sample_member_id_2\n\n").format(
  292             maxconn=constants.HAPROXY_DEFAULT_MAXCONN)
  293         rendered_obj = self.jinja_cfg.render_loadbalancer_obj(
  294             sample_configs_combined.sample_amphora_tuple(),
  295             [sample_configs_combined.sample_listener_tuple(
  296                 proto='TERMINATED_HTTPS', tls=True, tls_ciphers=None,
  297                 tls_versions=None)],
  298             tls_certs={'cont_id_1':
  299                        sample_configs_combined.sample_tls_container_tuple(
  300                            id='tls_container_id',
  301                            certificate='ImAalsdkfjCert',
  302                            private_key='ImAsdlfksdjPrivateKey',
  303                            primary_cn="FakeCN")})
  304         self.assertEqual(
  305             sample_configs_combined.sample_base_expected_config(
  306                 frontend=fe, backend=be),
  307             rendered_obj)
  308 
  309     def test_render_template_tls_alpn(self):
  310         conf = oslo_fixture.Config(cfg.CONF)
  311         conf.config(group="haproxy_amphora", base_cert_dir='/fake_cert_dir')
  312         FAKE_CRT_LIST_FILENAME = os.path.join(
  313             CONF.haproxy_amphora.base_cert_dir,
  314             'sample_loadbalancer_id_1/sample_listener_id_1.pem')
  315         alpn_protocols = ['chip', 'dale']
  316         fe = ("frontend sample_listener_id_1\n"
  317               "    maxconn {maxconn}\n"
  318               "    redirect scheme https if !{{ ssl_fc }}\n"
  319               "    bind 10.0.0.2:443 ssl crt-list {crt_list}   "
  320               "ciphers {ciphers} no-sslv3 no-tlsv10 no-tlsv11 alpn {alpn}\n"
  321               "    mode http\n"
  322               "    default_backend sample_pool_id_1:sample_listener_id_1\n"
  323               "    timeout client 50000\n").format(
  324             maxconn=constants.HAPROXY_DEFAULT_MAXCONN,
  325             crt_list=FAKE_CRT_LIST_FILENAME,
  326             ciphers=constants.CIPHERS_OWASP_SUITE_B,
  327             alpn=",".join(alpn_protocols))
  328         be = ("backend sample_pool_id_1:sample_listener_id_1\n"
  329               "    mode http\n"
  330               "    balance roundrobin\n"
  331               "    cookie SRV insert indirect nocache\n"
  332               "    timeout check 31s\n"
  333               "    option httpchk GET /index.html HTTP/1.0\\r\\n\n"
  334               "    http-check expect rstatus 418\n"
  335               "    fullconn {maxconn}\n"
  336               "    option allbackups\n"
  337               "    timeout connect 5000\n"
  338               "    timeout server 50000\n"
  339               "    server sample_member_id_1 10.0.0.99:82 "
  340               "weight 13 check inter 30s fall 3 rise 2 "
  341               "cookie sample_member_id_1\n"
  342               "    server sample_member_id_2 10.0.0.98:82 "
  343               "weight 13 check inter 30s fall 3 rise 2 "
  344               "cookie sample_member_id_2\n\n").format(
  345             maxconn=constants.HAPROXY_DEFAULT_MAXCONN)
  346         rendered_obj = self.jinja_cfg.render_loadbalancer_obj(
  347             sample_configs_combined.sample_amphora_tuple(),
  348             [sample_configs_combined.sample_listener_tuple(
  349                 proto='TERMINATED_HTTPS', tls=True,
  350                 alpn_protocols=alpn_protocols)],
  351             tls_certs={'cont_id_1':
  352                        sample_configs_combined.sample_tls_container_tuple(
  353                            id='tls_container_id',
  354                            certificate='ImAalsdkfjCert',
  355                            private_key='ImAsdlfksdjPrivateKey',
  356                            primary_cn="FakeCN")})
  357         self.assertEqual(
  358             sample_configs_combined.sample_base_expected_config(
  359                 frontend=fe, backend=be),
  360             rendered_obj)
  361 
  362     def test_render_template_tls_no_alpn(self):
  363         conf = oslo_fixture.Config(cfg.CONF)
  364         conf.config(group="haproxy_amphora", base_cert_dir='/fake_cert_dir')
  365         FAKE_CRT_LIST_FILENAME = os.path.join(
  366             CONF.haproxy_amphora.base_cert_dir,
  367             'sample_loadbalancer_id_1/sample_listener_id_1.pem')
  368         fe = ("frontend sample_listener_id_1\n"
  369               "    maxconn {maxconn}\n"
  370               "    redirect scheme https if !{{ ssl_fc }}\n"
  371               "    bind 10.0.0.2:443 ssl crt-list {crt_list}   "
  372               "ciphers {ciphers} no-sslv3 no-tlsv10 no-tlsv11\n"
  373               "    mode http\n"
  374               "    default_backend sample_pool_id_1:sample_listener_id_1\n"
  375               "    timeout client 50000\n").format(
  376             maxconn=constants.HAPROXY_DEFAULT_MAXCONN,
  377             crt_list=FAKE_CRT_LIST_FILENAME,
  378             ciphers=constants.CIPHERS_OWASP_SUITE_B)
  379         be = ("backend sample_pool_id_1:sample_listener_id_1\n"
  380               "    mode http\n"
  381               "    balance roundrobin\n"
  382               "    cookie SRV insert indirect nocache\n"
  383               "    timeout check 31s\n"
  384               "    option httpchk GET /index.html HTTP/1.0\\r\\n\n"
  385               "    http-check expect rstatus 418\n"
  386               "    fullconn {maxconn}\n"
  387               "    option allbackups\n"
  388               "    timeout connect 5000\n"
  389               "    timeout server 50000\n"
  390               "    server sample_member_id_1 10.0.0.99:82 "
  391               "weight 13 check inter 30s fall 3 rise 2 "
  392               "cookie sample_member_id_1\n"
  393               "    server sample_member_id_2 10.0.0.98:82 "
  394               "weight 13 check inter 30s fall 3 rise 2 "
  395               "cookie sample_member_id_2\n\n").format(
  396             maxconn=constants.HAPROXY_DEFAULT_MAXCONN)
  397         rendered_obj = self.jinja_cfg.render_loadbalancer_obj(
  398             sample_configs_combined.sample_amphora_tuple(),
  399             [sample_configs_combined.sample_listener_tuple(
  400                 proto='TERMINATED_HTTPS', tls=True,
  401                 alpn_protocols=None)],
  402             tls_certs={'cont_id_1':
  403                        sample_configs_combined.sample_tls_container_tuple(
  404                            id='tls_container_id',
  405                            certificate='ImAalsdkfjCert',
  406                            private_key='ImAsdlfksdjPrivateKey',
  407                            primary_cn="FakeCN")})
  408         self.assertEqual(
  409             sample_configs_combined.sample_base_expected_config(
  410                 frontend=fe, backend=be),
  411             rendered_obj)
  412 
  413     def test_render_template_http(self):
  414         be = ("backend sample_pool_id_1:sample_listener_id_1\n"
  415               "    mode http\n"
  416               "    balance roundrobin\n"
  417               "    cookie SRV insert indirect nocache\n"
  418               "    timeout check 31s\n"
  419               "    option httpchk GET /index.html HTTP/1.0\\r\\n\n"
  420               "    http-check expect rstatus 418\n"
  421               "    fullconn {maxconn}\n"
  422               "    option allbackups\n"
  423               "    timeout connect 5000\n"
  424               "    timeout server 50000\n"
  425               "    server sample_member_id_1 10.0.0.99:82 "
  426               "weight 13 check inter 30s fall 3 rise 2 "
  427               "cookie sample_member_id_1\n"
  428               "    server sample_member_id_2 10.0.0.98:82 "
  429               "weight 13 check inter 30s fall 3 rise 2 "
  430               "cookie sample_member_id_2\n\n").format(
  431             maxconn=constants.HAPROXY_DEFAULT_MAXCONN)
  432         rendered_obj = self.jinja_cfg.render_loadbalancer_obj(
  433             sample_configs_combined.sample_amphora_tuple(),
  434             [sample_configs_combined.sample_listener_tuple()])
  435         self.assertEqual(
  436             sample_configs_combined.sample_base_expected_config(backend=be),
  437             rendered_obj)
  438 
  439     def test_render_template_member_backup(self):
  440         be = ("backend sample_pool_id_1:sample_listener_id_1\n"
  441               "    mode http\n"
  442               "    balance roundrobin\n"
  443               "    cookie SRV insert indirect nocache\n"
  444               "    timeout check 31s\n"
  445               "    option httpchk GET /index.html HTTP/1.0\\r\\n\n"
  446               "    http-check expect rstatus 418\n"
  447               "    fullconn {maxconn}\n"
  448               "    option allbackups\n"
  449               "    timeout connect 5000\n"
  450               "    timeout server 50000\n"
  451               "    server sample_member_id_1 10.0.0.99:82 "
  452               "weight 13 check inter 30s fall 3 rise 2 "
  453               "addr 192.168.1.1 port 9000 "
  454               "cookie sample_member_id_1\n"
  455               "    server sample_member_id_2 10.0.0.98:82 "
  456               "weight 13 check inter 30s fall 3 rise 2 "
  457               "addr 192.168.1.1 port 9000 "
  458               "cookie sample_member_id_2 backup\n\n").format(
  459             maxconn=constants.HAPROXY_DEFAULT_MAXCONN)
  460         rendered_obj = self.jinja_cfg.render_loadbalancer_obj(
  461             sample_configs_combined.sample_amphora_tuple(),
  462             [sample_configs_combined.sample_listener_tuple(
  463                 monitor_ip_port=True, backup_member=True)])
  464         self.assertEqual(
  465             sample_configs_combined.sample_base_expected_config(backend=be),
  466             rendered_obj)
  467 
  468     def test_render_template_custom_timeouts(self):
  469         fe = ("frontend sample_listener_id_1\n"
  470               "    maxconn {maxconn}\n"
  471               "    bind 10.0.0.2:80\n"
  472               "    mode http\n"
  473               "    default_backend sample_pool_id_1:sample_listener_id_1\n"
  474               "    timeout client 2\n").format(
  475             maxconn=constants.HAPROXY_DEFAULT_MAXCONN)
  476         be = ("backend sample_pool_id_1:sample_listener_id_1\n"
  477               "    mode http\n"
  478               "    balance roundrobin\n"
  479               "    cookie SRV insert indirect nocache\n"
  480               "    timeout check 31s\n"
  481               "    option httpchk GET /index.html HTTP/1.0\\r\\n\n"
  482               "    http-check expect rstatus 418\n"
  483               "    fullconn {maxconn}\n"
  484               "    option allbackups\n"
  485               "    timeout connect 1\n"
  486               "    timeout server 3\n"
  487               "    server sample_member_id_1 10.0.0.99:82 weight 13 "
  488               "check inter 30s fall 3 rise 2 cookie sample_member_id_1\n"
  489               "    server sample_member_id_2 10.0.0.98:82 weight 13 "
  490               "check inter 30s fall 3 rise 2 cookie "
  491               "sample_member_id_2\n\n").format(
  492             maxconn=constants.HAPROXY_DEFAULT_MAXCONN)
  493         rendered_obj = self.jinja_cfg.render_loadbalancer_obj(
  494             sample_configs_combined.sample_amphora_tuple(),
  495             [sample_configs_combined.sample_listener_tuple(
  496                 timeout_member_connect=1, timeout_client_data=2,
  497                 timeout_member_data=3)])
  498         self.assertEqual(
  499             sample_configs_combined.sample_base_expected_config(
  500                 frontend=fe, backend=be),
  501             rendered_obj)
  502 
  503     def test_render_template_null_timeouts(self):
  504         fe = ("frontend sample_listener_id_1\n"
  505               "    maxconn {maxconn}\n"
  506               "    bind 10.0.0.2:80\n"
  507               "    mode http\n"
  508               "    default_backend sample_pool_id_1:sample_listener_id_1\n"
  509               "    timeout client 50000\n").format(
  510             maxconn=constants.HAPROXY_DEFAULT_MAXCONN)
  511         be = ("backend sample_pool_id_1:sample_listener_id_1\n"
  512               "    mode http\n"
  513               "    balance roundrobin\n"
  514               "    cookie SRV insert indirect nocache\n"
  515               "    timeout check 31s\n"
  516               "    option httpchk GET /index.html HTTP/1.0\\r\\n\n"
  517               "    http-check expect rstatus 418\n"
  518               "    fullconn {maxconn}\n"
  519               "    option allbackups\n"
  520               "    timeout connect 5000\n"
  521               "    timeout server 50000\n"
  522               "    server sample_member_id_1 10.0.0.99:82 weight 13 "
  523               "check inter 30s fall 3 rise 2 cookie sample_member_id_1\n"
  524               "    server sample_member_id_2 10.0.0.98:82 weight 13 "
  525               "check inter 30s fall 3 rise 2 cookie "
  526               "sample_member_id_2\n\n").format(
  527             maxconn=constants.HAPROXY_DEFAULT_MAXCONN)
  528         rendered_obj = self.jinja_cfg.render_loadbalancer_obj(
  529             sample_configs_combined.sample_amphora_tuple(),
  530             [sample_configs_combined.sample_listener_tuple(
  531                 timeout_member_connect=None, timeout_client_data=None,
  532                 timeout_member_data=None)])
  533         self.assertEqual(
  534             sample_configs_combined.sample_base_expected_config(
  535                 frontend=fe, backend=be),
  536             rendered_obj)
  537 
  538     def test_render_template_member_monitor_addr_port(self):
  539         be = ("backend sample_pool_id_1:sample_listener_id_1\n"
  540               "    mode http\n"
  541               "    balance roundrobin\n"
  542               "    cookie SRV insert indirect nocache\n"
  543               "    timeout check 31s\n"
  544               "    option httpchk GET /index.html HTTP/1.0\\r\\n\n"
  545               "    http-check expect rstatus 418\n"
  546               "    fullconn {maxconn}\n"
  547               "    option allbackups\n"
  548               "    timeout connect 5000\n"
  549               "    timeout server 50000\n"
  550               "    server sample_member_id_1 10.0.0.99:82 "
  551               "weight 13 check inter 30s fall 3 rise 2 "
  552               "addr 192.168.1.1 port 9000 "
  553               "cookie sample_member_id_1\n"
  554               "    server sample_member_id_2 10.0.0.98:82 "
  555               "weight 13 check inter 30s fall 3 rise 2 "
  556               "addr 192.168.1.1 port 9000 "
  557               "cookie sample_member_id_2\n\n").format(
  558             maxconn=constants.HAPROXY_DEFAULT_MAXCONN)
  559         rendered_obj = self.jinja_cfg.render_loadbalancer_obj(
  560             sample_configs_combined.sample_amphora_tuple(),
  561             [sample_configs_combined.sample_listener_tuple(
  562                 monitor_ip_port=True)])
  563         self.assertEqual(
  564             sample_configs_combined.sample_base_expected_config(backend=be),
  565             rendered_obj)
  566 
  567     def test_render_template_https_real_monitor(self):
  568         fe = ("frontend sample_listener_id_1\n"
  569               "    maxconn {maxconn}\n"
  570               "    bind 10.0.0.2:443\n"
  571               "    mode tcp\n"
  572               "    default_backend sample_pool_id_1:sample_listener_id_1\n"
  573               "    timeout client 50000\n").format(
  574             maxconn=constants.HAPROXY_DEFAULT_MAXCONN)
  575         lg = ("    log-format 12345\\ sample_loadbalancer_id_1\\ %f\\ "
  576               "%ci\\ %cp\\ %t\\ -\\ -\\ %B\\ %U\\ "
  577               "%[ssl_c_verify]\\ %{+Q}[ssl_c_s_dn]\\ %b\\ %s\\ %Tt\\ "
  578               "%tsc\n\n")
  579         be = ("backend sample_pool_id_1:sample_listener_id_1\n"
  580               "    mode tcp\n"
  581               "    balance roundrobin\n"
  582               "    cookie SRV insert indirect nocache\n"
  583               "    timeout check 31s\n"
  584               "    option httpchk GET /index.html HTTP/1.0\\r\\n\n"
  585               "    http-check expect rstatus 418\n"
  586               "    fullconn {maxconn}\n"
  587               "    option allbackups\n"
  588               "    timeout connect 5000\n"
  589               "    timeout server 50000\n"
  590               "    server sample_member_id_1 10.0.0.99:82 "
  591               "weight 13 check check-ssl verify none inter 30s fall 3 rise 2 "
  592               "cookie sample_member_id_1\n"
  593               "    server sample_member_id_2 10.0.0.98:82 "
  594               "weight 13 check check-ssl verify none inter 30s fall 3 rise 2 "
  595               "cookie sample_member_id_2\n\n").format(
  596             maxconn=constants.HAPROXY_DEFAULT_MAXCONN)
  597         rendered_obj = self.jinja_cfg.render_loadbalancer_obj(
  598             sample_configs_combined.sample_amphora_tuple(),
  599             [sample_configs_combined.sample_listener_tuple(proto='HTTPS')])
  600         self.assertEqual(sample_configs_combined.sample_base_expected_config(
  601             frontend=fe, logging=lg, backend=be), rendered_obj)
  602 
  603     def test_render_template_https_hello_monitor(self):
  604         fe = ("frontend sample_listener_id_1\n"
  605               "    maxconn {maxconn}\n"
  606               "    bind 10.0.0.2:443\n"
  607               "    mode tcp\n"
  608               "    default_backend sample_pool_id_1:sample_listener_id_1\n"
  609               "    timeout client 50000\n").format(
  610             maxconn=constants.HAPROXY_DEFAULT_MAXCONN)
  611         lg = ("    log-format 12345\\ sample_loadbalancer_id_1\\ %f\\ "
  612               "%ci\\ %cp\\ %t\\ -\\ -\\ %B\\ %U\\ "
  613               "%[ssl_c_verify]\\ %{+Q}[ssl_c_s_dn]\\ %b\\ %s\\ %Tt\\ "
  614               "%tsc\n\n")
  615         be = ("backend sample_pool_id_1:sample_listener_id_1\n"
  616               "    mode tcp\n"
  617               "    balance roundrobin\n"
  618               "    cookie SRV insert indirect nocache\n"
  619               "    timeout check 31s\n"
  620               "    option ssl-hello-chk\n"
  621               "    fullconn {maxconn}\n"
  622               "    option allbackups\n"
  623               "    timeout connect 5000\n"
  624               "    timeout server 50000\n"
  625               "    server sample_member_id_1 10.0.0.99:82 "
  626               "weight 13 check inter 30s fall 3 rise 2 "
  627               "cookie sample_member_id_1\n"
  628               "    server sample_member_id_2 10.0.0.98:82 "
  629               "weight 13 check inter 30s fall 3 rise 2 "
  630               "cookie sample_member_id_2\n\n").format(
  631             maxconn=constants.HAPROXY_DEFAULT_MAXCONN)
  632         rendered_obj = self.jinja_cfg.render_loadbalancer_obj(
  633             sample_configs_combined.sample_amphora_tuple(),
  634             [sample_configs_combined.sample_listener_tuple(
  635                 proto='HTTPS', monitor_proto='TLS-HELLO')])
  636         self.assertEqual(sample_configs_combined.sample_base_expected_config(
  637             frontend=fe, logging=lg, backend=be), rendered_obj)
  638 
  639     def test_render_template_no_monitor_http(self):
  640         be = ("backend sample_pool_id_1:sample_listener_id_1\n"
  641               "    mode http\n"
  642               "    balance roundrobin\n"
  643               "    cookie SRV insert indirect nocache\n"
  644               "    fullconn {maxconn}\n"
  645               "    option allbackups\n"
  646               "    timeout connect 5000\n"
  647               "    timeout server 50000\n"
  648               "    server sample_member_id_1 10.0.0.99:82 weight 13 "
  649               "cookie sample_member_id_1\n"
  650               "    server sample_member_id_2 10.0.0.98:82 weight 13 "
  651               "cookie sample_member_id_2\n\n").format(
  652             maxconn=constants.HAPROXY_DEFAULT_MAXCONN)
  653         rendered_obj = self.jinja_cfg.render_loadbalancer_obj(
  654             sample_configs_combined.sample_amphora_tuple(),
  655             [sample_configs_combined.sample_listener_tuple(proto='HTTP',
  656                                                            monitor=False)])
  657         self.assertEqual(sample_configs_combined.sample_base_expected_config(
  658             backend=be), rendered_obj)
  659 
  660     def test_render_template_disabled_member(self):
  661         be = ("backend sample_pool_id_1:sample_listener_id_1\n"
  662               "    mode http\n"
  663               "    balance roundrobin\n"
  664               "    cookie SRV insert indirect nocache\n"
  665               "    fullconn {maxconn}\n"
  666               "    option allbackups\n"
  667               "    timeout connect 5000\n"
  668               "    timeout server 50000\n"
  669               "    server sample_member_id_1 10.0.0.99:82 weight 13 "
  670               "cookie sample_member_id_1\n"
  671               "    server sample_member_id_2 10.0.0.98:82 weight 13 "
  672               "cookie sample_member_id_2 disabled\n\n").format(
  673             maxconn=constants.HAPROXY_DEFAULT_MAXCONN)
  674         rendered_obj = self.jinja_cfg.render_loadbalancer_obj(
  675             sample_configs_combined.sample_amphora_tuple(),
  676             [sample_configs_combined.sample_listener_tuple(
  677                 proto='HTTP', monitor=False, disabled_member=True)])
  678         self.assertEqual(sample_configs_combined.sample_base_expected_config(
  679             backend=be), rendered_obj)
  680 
  681     def test_render_template_ping_monitor_http(self):
  682         be = ("backend sample_pool_id_1:sample_listener_id_1\n"
  683               "    mode http\n"
  684               "    balance roundrobin\n"
  685               "    cookie SRV insert indirect nocache\n"
  686               "    timeout check 31s\n"
  687               "    option external-check\n"
  688               "    external-check command /var/lib/octavia/ping-wrapper.sh\n"
  689               "    fullconn {maxconn}\n"
  690               "    option allbackups\n"
  691               "    timeout connect 5000\n"
  692               "    timeout server 50000\n"
  693               "    server sample_member_id_1 10.0.0.99:82 "
  694               "weight 13 check inter 30s fall 3 rise 2 "
  695               "cookie sample_member_id_1\n"
  696               "    server sample_member_id_2 10.0.0.98:82 "
  697               "weight 13 check inter 30s fall 3 rise 2 "
  698               "cookie sample_member_id_2\n\n").format(
  699             maxconn=constants.HAPROXY_DEFAULT_MAXCONN)
  700         go = "    maxconn {maxconn}\n    external-check\n\n".format(
  701             maxconn=constants.HAPROXY_DEFAULT_MAXCONN)
  702         rendered_obj = self.jinja_cfg.render_loadbalancer_obj(
  703             sample_configs_combined.sample_amphora_tuple(),
  704             [sample_configs_combined.sample_listener_tuple(
  705                 proto='HTTP', monitor_proto='PING')])
  706         self.assertEqual(sample_configs_combined.sample_base_expected_config(
  707             backend=be, global_opts=go), rendered_obj)
  708 
  709     def test_render_template_no_monitor_https(self):
  710         fe = ("frontend sample_listener_id_1\n"
  711               "    maxconn {maxconn}\n"
  712               "    bind 10.0.0.2:443\n"
  713               "    mode tcp\n"
  714               "    default_backend sample_pool_id_1:sample_listener_id_1\n"
  715               "    timeout client 50000\n").format(
  716             maxconn=constants.HAPROXY_DEFAULT_MAXCONN)
  717         lg = ("    log-format 12345\\ sample_loadbalancer_id_1\\ %f\\ "
  718               "%ci\\ %cp\\ %t\\ -\\ -\\ %B\\ %U\\ "
  719               "%[ssl_c_verify]\\ %{+Q}[ssl_c_s_dn]\\ %b\\ %s\\ %Tt\\ "
  720               "%tsc\n\n")
  721         be = ("backend sample_pool_id_1:sample_listener_id_1\n"
  722               "    mode tcp\n"
  723               "    balance roundrobin\n"
  724               "    cookie SRV insert indirect nocache\n"
  725               "    fullconn {maxconn}\n"
  726               "    option allbackups\n"
  727               "    timeout connect 5000\n"
  728               "    timeout server 50000\n"
  729               "    server sample_member_id_1 10.0.0.99:82 weight 13 "
  730               "cookie sample_member_id_1\n"
  731               "    server sample_member_id_2 10.0.0.98:82 weight 13 "
  732               "cookie sample_member_id_2\n\n").format(
  733             maxconn=constants.HAPROXY_DEFAULT_MAXCONN)
  734         rendered_obj = self.jinja_cfg.render_loadbalancer_obj(
  735             sample_configs_combined.sample_amphora_tuple(),
  736             [sample_configs_combined.sample_listener_tuple(proto='HTTPS',
  737                                                            monitor=False)])
  738         self.assertEqual(sample_configs_combined.sample_base_expected_config(
  739             frontend=fe, logging=lg, backend=be), rendered_obj)
  740 
  741     def test_render_template_health_monitor_http_check(self):
  742         be = ("backend sample_pool_id_1:sample_listener_id_1\n"
  743               "    mode http\n"
  744               "    balance roundrobin\n"
  745               "    cookie SRV insert indirect nocache\n"
  746               "    timeout check 31s\n"
  747               "    option httpchk GET /index.html HTTP/1.1\\r\\nHost:\\ "
  748               "testlab.com\n"
  749               "    http-check expect rstatus 418\n"
  750               "    fullconn {maxconn}\n"
  751               "    option allbackups\n"
  752               "    timeout connect 5000\n"
  753               "    timeout server 50000\n"
  754               "    server sample_member_id_1 10.0.0.99:82 "
  755               "weight 13 check inter 30s fall 3 rise 2 "
  756               "cookie sample_member_id_1\n"
  757               "    server sample_member_id_2 10.0.0.98:82 "
  758               "weight 13 check inter 30s fall 3 rise 2 "
  759               "cookie sample_member_id_2\n\n").format(
  760             maxconn=constants.HAPROXY_DEFAULT_MAXCONN)
  761         rendered_obj = self.jinja_cfg.render_loadbalancer_obj(
  762             sample_configs_combined.sample_amphora_tuple(),
  763             [sample_configs_combined.sample_listener_tuple(
  764                 proto='HTTP', monitor_proto='HTTP', hm_host_http_check=True)])
  765         self.assertEqual(sample_configs_combined.sample_base_expected_config(
  766             backend=be), rendered_obj)
  767 
  768     def test_render_template_no_persistence_https(self):
  769         fe = ("frontend sample_listener_id_1\n"
  770               "    maxconn {maxconn}\n"
  771               "    bind 10.0.0.2:443\n"
  772               "    mode tcp\n"
  773               "    default_backend sample_pool_id_1:sample_listener_id_1\n"
  774               "    timeout client 50000\n").format(
  775             maxconn=constants.HAPROXY_DEFAULT_MAXCONN)
  776         lg = ("    log-format 12345\\ sample_loadbalancer_id_1\\ %f\\ "
  777               "%ci\\ %cp\\ %t\\ -\\ -\\ %B\\ %U\\ "
  778               "%[ssl_c_verify]\\ %{+Q}[ssl_c_s_dn]\\ %b\\ %s\\ %Tt\\ "
  779               "%tsc\n\n")
  780         be = ("backend sample_pool_id_1:sample_listener_id_1\n"
  781               "    mode tcp\n"
  782               "    balance roundrobin\n"
  783               "    fullconn {maxconn}\n"
  784               "    option allbackups\n"
  785               "    timeout connect 5000\n"
  786               "    timeout server 50000\n"
  787               "    server sample_member_id_1 10.0.0.99:82 weight 13\n"
  788               "    server sample_member_id_2 10.0.0.98:82 "
  789               "weight 13\n\n").format(
  790                   maxconn=constants.HAPROXY_DEFAULT_MAXCONN)
  791         rendered_obj = self.jinja_cfg.render_loadbalancer_obj(
  792             sample_configs_combined.sample_amphora_tuple(),
  793             [sample_configs_combined.sample_listener_tuple(
  794                 proto='HTTPS', monitor=False, persistence=False)])
  795         self.assertEqual(sample_configs_combined.sample_base_expected_config(
  796             frontend=fe, logging=lg, backend=be), rendered_obj)
  797 
  798     def test_render_template_no_persistence_http(self):
  799         be = ("backend sample_pool_id_1:sample_listener_id_1\n"
  800               "    mode http\n"
  801               "    balance roundrobin\n"
  802               "    fullconn {maxconn}\n"
  803               "    option allbackups\n"
  804               "    timeout connect 5000\n"
  805               "    timeout server 50000\n"
  806               "    server sample_member_id_1 10.0.0.99:82 weight 13\n"
  807               "    server sample_member_id_2 10.0.0.98:82 "
  808               "weight 13\n\n").format(
  809                   maxconn=constants.HAPROXY_DEFAULT_MAXCONN)
  810         rendered_obj = self.jinja_cfg.render_loadbalancer_obj(
  811             sample_configs_combined.sample_amphora_tuple(),
  812             [sample_configs_combined.sample_listener_tuple(
  813                 proto='HTTP', monitor=False, persistence=False)])
  814         self.assertEqual(sample_configs_combined.sample_base_expected_config(
  815             backend=be), rendered_obj)
  816 
  817     def test_render_template_sourceip_persistence(self):
  818         be = ("backend sample_pool_id_1:sample_listener_id_1\n"
  819               "    mode http\n"
  820               "    balance roundrobin\n"
  821               "    stick-table type ip size 10k\n"
  822               "    stick on src\n"
  823               "    timeout check 31s\n"
  824               "    option httpchk GET /index.html HTTP/1.0\\r\\n\n"
  825               "    http-check expect rstatus 418\n"
  826               "    fullconn {maxconn}\n"
  827               "    option allbackups\n"
  828               "    timeout connect 5000\n"
  829               "    timeout server 50000\n"
  830               "    server sample_member_id_1 10.0.0.99:82 "
  831               "weight 13 check inter 30s fall 3 rise 2\n"
  832               "    server sample_member_id_2 10.0.0.98:82 "
  833               "weight 13 check inter 30s fall 3 rise 2\n\n").format(
  834             maxconn=constants.HAPROXY_DEFAULT_MAXCONN)
  835         rendered_obj = self.jinja_cfg.render_loadbalancer_obj(
  836             sample_configs_combined.sample_amphora_tuple(),
  837             [sample_configs_combined.sample_listener_tuple(
  838                 persistence_type='SOURCE_IP')])
  839         self.assertEqual(
  840             sample_configs_combined.sample_base_expected_config(backend=be),
  841             rendered_obj)
  842 
  843     def test_render_template_appcookie_persistence(self):
  844         be = ("backend sample_pool_id_1:sample_listener_id_1\n"
  845               "    mode http\n"
  846               "    balance roundrobin\n"
  847               "    stick-table type string len 64 size 10k\n"
  848               "    stick store-response res.cook(JSESSIONID)\n"
  849               "    stick match req.cook(JSESSIONID)\n"
  850               "    timeout check 31s\n"
  851               "    option httpchk GET /index.html HTTP/1.0\\r\\n\n"
  852               "    http-check expect rstatus 418\n"
  853               "    fullconn {maxconn}\n"
  854               "    option allbackups\n"
  855               "    timeout connect 5000\n"
  856               "    timeout server 50000\n"
  857               "    server sample_member_id_1 10.0.0.99:82 "
  858               "weight 13 check inter 30s fall 3 rise 2\n"
  859               "    server sample_member_id_2 10.0.0.98:82 "
  860               "weight 13 check inter 30s fall 3 rise 2\n\n").format(
  861             maxconn=constants.HAPROXY_DEFAULT_MAXCONN)
  862         rendered_obj = self.jinja_cfg.render_loadbalancer_obj(
  863             sample_configs_combined.sample_amphora_tuple(),
  864             [sample_configs_combined.sample_listener_tuple(
  865                 persistence_type='APP_COOKIE',
  866                 persistence_cookie='JSESSIONID')])
  867         self.assertEqual(
  868             sample_configs_combined.sample_base_expected_config(backend=be),
  869             rendered_obj)
  870 
  871     def test_render_template_unlimited_connections(self):
  872         sample_amphora = sample_configs_combined.sample_amphora_tuple()
  873         sample_listener = sample_configs_combined.sample_listener_tuple(
  874             proto='HTTPS', monitor=False)
  875         fe = ("frontend {listener_id}\n"
  876               "    maxconn {maxconn}\n"
  877               "    bind 10.0.0.2:443\n"
  878               "    mode tcp\n"
  879               "    default_backend {pool_id}:{listener_id}\n"
  880               "    timeout client 50000\n").format(
  881             maxconn=constants.HAPROXY_DEFAULT_MAXCONN,
  882             pool_id=sample_listener.default_pool.id,
  883             listener_id=sample_listener.id)
  884         lg = ("    log-format 12345\\ sample_loadbalancer_id_1\\ %f\\ "
  885               "%ci\\ %cp\\ %t\\ -\\ -\\ %B\\ %U\\ "
  886               "%[ssl_c_verify]\\ %{+Q}[ssl_c_s_dn]\\ %b\\ %s\\ %Tt\\ "
  887               "%tsc\n\n")
  888         be = ("backend {pool_id}:{listener_id}\n"
  889               "    mode tcp\n"
  890               "    balance roundrobin\n"
  891               "    cookie SRV insert indirect nocache\n"
  892               "    fullconn {maxconn}\n"
  893               "    option allbackups\n"
  894               "    timeout connect 5000\n"
  895               "    timeout server 50000\n"
  896               "    server sample_member_id_1 10.0.0.99:82 weight 13 "
  897               "cookie sample_member_id_1\n"
  898               "    server sample_member_id_2 10.0.0.98:82 weight 13 "
  899               "cookie sample_member_id_2\n\n").format(
  900             maxconn=constants.HAPROXY_DEFAULT_MAXCONN,
  901             pool_id=sample_listener.default_pool.id,
  902             listener_id=sample_listener.id)
  903         rendered_obj = self.jinja_cfg.render_loadbalancer_obj(
  904             sample_amphora,
  905             [sample_listener])
  906         self.assertEqual(sample_configs_combined.sample_base_expected_config(
  907             frontend=fe, logging=lg, backend=be), rendered_obj)
  908 
  909     def test_render_template_limited_connections(self):
  910         fe = ("frontend sample_listener_id_1\n"
  911               "    maxconn 2014\n"
  912               "    bind 10.0.0.2:443\n"
  913               "    mode tcp\n"
  914               "    default_backend sample_pool_id_1:sample_listener_id_1\n"
  915               "    timeout client 50000\n")
  916         lg = ("    log-format 12345\\ sample_loadbalancer_id_1\\ %f\\ "
  917               "%ci\\ %cp\\ %t\\ -\\ -\\ %B\\ %U\\ "
  918               "%[ssl_c_verify]\\ %{+Q}[ssl_c_s_dn]\\ %b\\ %s\\ %Tt\\ "
  919               "%tsc\n\n")
  920         be = ("backend sample_pool_id_1:sample_listener_id_1\n"
  921               "    mode tcp\n"
  922               "    balance roundrobin\n"
  923               "    cookie SRV insert indirect nocache\n"
  924               "    fullconn 2014\n"
  925               "    option allbackups\n"
  926               "    timeout connect 5000\n"
  927               "    timeout server 50000\n"
  928               "    server sample_member_id_1 10.0.0.99:82 weight 13 "
  929               "cookie sample_member_id_1\n"
  930               "    server sample_member_id_2 10.0.0.98:82 weight 13 "
  931               "cookie sample_member_id_2\n\n")
  932         g_opts = "    maxconn 2014\n\n"
  933         rendered_obj = self.jinja_cfg.render_loadbalancer_obj(
  934             sample_configs_combined.sample_amphora_tuple(),
  935             [sample_configs_combined.sample_listener_tuple(
  936                 proto='HTTPS', monitor=False, connection_limit=2014)])
  937         self.assertEqual(sample_configs_combined.sample_base_expected_config(
  938             frontend=fe, logging=lg, backend=be, global_opts=g_opts),
  939             rendered_obj)
  940 
  941     def test_render_template_l7policies(self):
  942         fe = ("frontend sample_listener_id_1\n"
  943               "    maxconn {maxconn}\n"
  944               "    bind 10.0.0.2:80\n"
  945               "    mode http\n"
  946               "        acl sample_l7rule_id_1 path -m beg /api\n"
  947               "    use_backend sample_pool_id_2:sample_listener_id_1"
  948               " if sample_l7rule_id_1\n"
  949               "        acl sample_l7rule_id_2 req.hdr(Some-header) -m sub "
  950               "This\\ string\\\\\\ with\\ stuff\n"
  951               "        acl sample_l7rule_id_3 req.cook(some-cookie) -m reg "
  952               "this.*|that\n"
  953               "    redirect code 302 location http://www.example.com if "
  954               "!sample_l7rule_id_2 sample_l7rule_id_3\n"
  955               "        acl sample_l7rule_id_4 path_end -m str jpg\n"
  956               "        acl sample_l7rule_id_5 req.hdr(host) -i -m end "
  957               ".example.com\n"
  958               "    http-request deny if sample_l7rule_id_4 "
  959               "sample_l7rule_id_5\n"
  960               "        acl sample_l7rule_id_2 req.hdr(Some-header) -m sub "
  961               "This\\ string\\\\\\ with\\ stuff\n"
  962               "        acl sample_l7rule_id_3 req.cook(some-cookie) -m reg "
  963               "this.*|that\n"
  964               "    redirect code 302 prefix https://example.com if "
  965               "!sample_l7rule_id_2 sample_l7rule_id_3\n"
  966               "    default_backend sample_pool_id_1:sample_listener_id_1\n"
  967               "    timeout client 50000\n").format(
  968             maxconn=constants.HAPROXY_DEFAULT_MAXCONN)
  969         be = ("backend sample_pool_id_1:sample_listener_id_1\n"
  970               "    mode http\n"
  971               "    balance roundrobin\n"
  972               "    cookie SRV insert indirect nocache\n"
  973               "    timeout check 31s\n"
  974               "    option httpchk GET /index.html HTTP/1.0\\r\\n\n"
  975               "    http-check expect rstatus 418\n"
  976               "    fullconn {maxconn}\n"
  977               "    option allbackups\n"
  978               "    timeout connect 5000\n"
  979               "    timeout server 50000\n"
  980               "    server sample_member_id_1 10.0.0.99:82 weight 13 check "
  981               "inter 30s fall 3 rise 2 cookie sample_member_id_1\n"
  982               "    server sample_member_id_2 10.0.0.98:82 weight 13 check "
  983               "inter 30s fall 3 rise 2 cookie sample_member_id_2\n"
  984               "\n"
  985               "backend sample_pool_id_2:sample_listener_id_1\n"
  986               "    mode http\n"
  987               "    balance roundrobin\n"
  988               "    cookie SRV insert indirect nocache\n"
  989               "    timeout check 31s\n"
  990               "    option httpchk GET /healthmon.html HTTP/1.0\\r\\n\n"
  991               "    http-check expect rstatus 418\n"
  992               "    fullconn {maxconn}\n"
  993               "    option allbackups\n"
  994               "    timeout connect 5000\n"
  995               "    timeout server 50000\n"
  996               "    server sample_member_id_3 10.0.0.97:82 weight 13 check "
  997               "inter 30s fall 3 rise 2 cookie sample_member_id_3\n\n").format(
  998             maxconn=constants.HAPROXY_DEFAULT_MAXCONN)
  999         rendered_obj = self.jinja_cfg.render_loadbalancer_obj(
 1000             sample_configs_combined.sample_amphora_tuple(),
 1001             [sample_configs_combined.sample_listener_tuple(l7=True)])
 1002         self.assertEqual(sample_configs_combined.sample_base_expected_config(
 1003             frontend=fe, backend=be), rendered_obj)
 1004 
 1005     def test_render_template_http_xff(self):
 1006         be = ("backend sample_pool_id_1:sample_listener_id_1\n"
 1007               "    mode http\n"
 1008               "    balance roundrobin\n"
 1009               "    cookie SRV insert indirect nocache\n"
 1010               "    timeout check 31s\n"
 1011               "    option httpchk GET /index.html HTTP/1.0\\r\\n\n"
 1012               "    http-check expect rstatus 418\n"
 1013               "    option forwardfor\n"
 1014               "    fullconn {maxconn}\n"
 1015               "    option allbackups\n"
 1016               "    timeout connect 5000\n"
 1017               "    timeout server 50000\n"
 1018               "    server sample_member_id_1 10.0.0.99:82 "
 1019               "weight 13 check inter 30s fall 3 rise 2 "
 1020               "cookie sample_member_id_1\n"
 1021               "    server sample_member_id_2 10.0.0.98:82 "
 1022               "weight 13 check inter 30s fall 3 rise 2 "
 1023               "cookie sample_member_id_2\n\n").format(
 1024             maxconn=constants.HAPROXY_DEFAULT_MAXCONN)
 1025         rendered_obj = self.jinja_cfg.render_loadbalancer_obj(
 1026             sample_configs_combined.sample_amphora_tuple(),
 1027             [sample_configs_combined.sample_listener_tuple(
 1028                 insert_headers={'X-Forwarded-For': 'true'})])
 1029         self.assertEqual(
 1030             sample_configs_combined.sample_base_expected_config(backend=be),
 1031             rendered_obj)
 1032 
 1033     def test_render_template_http_xff_xfport(self):
 1034         be = ("backend sample_pool_id_1:sample_listener_id_1\n"
 1035               "    mode http\n"
 1036               "    balance roundrobin\n"
 1037               "    cookie SRV insert indirect nocache\n"
 1038               "    timeout check 31s\n"
 1039               "    option httpchk GET /index.html HTTP/1.0\\r\\n\n"
 1040               "    http-check expect rstatus 418\n"
 1041               "    option forwardfor\n"
 1042               "    http-request set-header X-Forwarded-Port %[dst_port]\n"
 1043               "    fullconn {maxconn}\n"
 1044               "    option allbackups\n"
 1045               "    timeout connect 5000\n"
 1046               "    timeout server 50000\n"
 1047               "    server sample_member_id_1 10.0.0.99:82 "
 1048               "weight 13 check inter 30s fall 3 rise 2 "
 1049               "cookie sample_member_id_1\n"
 1050               "    server sample_member_id_2 10.0.0.98:82 "
 1051               "weight 13 check inter 30s fall 3 rise 2 "
 1052               "cookie sample_member_id_2\n\n").format(
 1053             maxconn=constants.HAPROXY_DEFAULT_MAXCONN)
 1054         rendered_obj = self.jinja_cfg.render_loadbalancer_obj(
 1055             sample_configs_combined.sample_amphora_tuple(),
 1056             [sample_configs_combined.sample_listener_tuple(
 1057                 insert_headers={'X-Forwarded-For': 'true',
 1058                                 'X-Forwarded-Port': 'true'})])
 1059         self.assertEqual(
 1060             sample_configs_combined.sample_base_expected_config(backend=be),
 1061             rendered_obj)
 1062 
 1063     def test_render_template_pool_proxy_protocol(self):
 1064         be = ("backend sample_pool_id_1:sample_listener_id_1\n"
 1065               "    mode http\n"
 1066               "    balance roundrobin\n"
 1067               "    cookie SRV insert indirect nocache\n"
 1068               "    timeout check 31s\n"
 1069               "    fullconn {maxconn}\n"
 1070               "    option allbackups\n"
 1071               "    timeout connect 5000\n"
 1072               "    timeout server 50000\n"
 1073               "    server sample_member_id_1 10.0.0.99:82 "
 1074               "weight 13 check inter 30s fall 3 rise 2 "
 1075               "cookie sample_member_id_1 send-proxy\n"
 1076               "    server sample_member_id_2 10.0.0.98:82 "
 1077               "weight 13 check inter 30s fall 3 rise 2 "
 1078               "cookie sample_member_id_2 send-proxy\n\n").format(
 1079             maxconn=constants.HAPROXY_DEFAULT_MAXCONN)
 1080         rendered_obj = self.jinja_cfg.render_loadbalancer_obj(
 1081             sample_configs_combined.sample_amphora_tuple(),
 1082             [sample_configs_combined.sample_listener_tuple(be_proto='PROXY')])
 1083         self.assertEqual(
 1084             sample_configs_combined.sample_base_expected_config(backend=be),
 1085             rendered_obj)
 1086 
 1087     def test_render_template_pool_cert(self):
 1088         feature_compatibility = {constants.POOL_ALPN: True}
 1089         cert_file_path = os.path.join(self.jinja_cfg.base_crt_dir,
 1090                                       'sample_listener_id_1', 'fake path')
 1091         be = ("backend sample_pool_id_1:sample_listener_id_1\n"
 1092               "    mode http\n"
 1093               "    balance roundrobin\n"
 1094               "    cookie SRV insert indirect nocache\n"
 1095               "    timeout check 31s\n"
 1096               "    option httpchk GET /index.html HTTP/1.0\\r\\n\n"
 1097               "    http-check expect rstatus 418\n"
 1098               "    fullconn {maxconn}\n"
 1099               "    option allbackups\n"
 1100               "    timeout connect 5000\n"
 1101               "    timeout server 50000\n"
 1102               "    server sample_member_id_1 10.0.0.99:82 weight 13 "
 1103               "check inter 30s fall 3 rise 2 cookie sample_member_id_1 "
 1104               "{opts} alpn {alpn}\n"
 1105               "    server sample_member_id_2 10.0.0.98:82 weight 13 "
 1106               "check inter 30s fall 3 rise 2 cookie sample_member_id_2 "
 1107               "{opts} alpn {alpn}\n\n").format(
 1108             maxconn=constants.HAPROXY_DEFAULT_MAXCONN,
 1109             opts="ssl crt %s verify none sni ssl_fc_sni" % cert_file_path +
 1110                  " ciphers " + constants.CIPHERS_OWASP_SUITE_B +
 1111                  " no-sslv3 no-tlsv10 no-tlsv11",
 1112             alpn=",".join(constants.AMPHORA_SUPPORTED_ALPN_PROTOCOLS))
 1113         rendered_obj = self.jinja_cfg.render_loadbalancer_obj(
 1114             sample_configs_combined.sample_amphora_tuple(),
 1115             [sample_configs_combined.sample_listener_tuple(
 1116                 pool_cert=True, tls_enabled=True,
 1117                 backend_tls_ciphers=constants.CIPHERS_OWASP_SUITE_B)],
 1118             tls_certs={
 1119                 'sample_pool_id_1':
 1120                     {'client_cert': cert_file_path,
 1121                      'ca_cert': None, 'crl': None}},
 1122             feature_compatibility=feature_compatibility)
 1123         self.assertEqual(
 1124             sample_configs_combined.sample_base_expected_config(backend=be),
 1125             rendered_obj)
 1126 
 1127     def test_render_template_pool_cert_no_alpn(self):
 1128         feature_compatibility = {constants.POOL_ALPN: False}
 1129         cert_file_path = os.path.join(self.jinja_cfg.base_crt_dir,
 1130                                       'sample_listener_id_1', 'fake path')
 1131         be = ("backend sample_pool_id_1:sample_listener_id_1\n"
 1132               "    mode http\n"
 1133               "    balance roundrobin\n"
 1134               "    cookie SRV insert indirect nocache\n"
 1135               "    timeout check 31s\n"
 1136               "    option httpchk GET /index.html HTTP/1.0\\r\\n\n"
 1137               "    http-check expect rstatus 418\n"
 1138               "    fullconn {maxconn}\n"
 1139               "    option allbackups\n"
 1140               "    timeout connect 5000\n"
 1141               "    timeout server 50000\n"
 1142               "    server sample_member_id_1 10.0.0.99:82 weight 13 "
 1143               "check inter 30s fall 3 rise 2 cookie sample_member_id_1 "
 1144               "{opts}\n"
 1145               "    server sample_member_id_2 10.0.0.98:82 weight 13 "
 1146               "check inter 30s fall 3 rise 2 cookie sample_member_id_2 "
 1147               "{opts}\n\n").format(
 1148             maxconn=constants.HAPROXY_DEFAULT_MAXCONN,
 1149             opts="ssl crt %s verify none sni ssl_fc_sni" % cert_file_path +
 1150                  " ciphers " + constants.CIPHERS_OWASP_SUITE_B +
 1151                  " no-sslv3 no-tlsv10 no-tlsv11")
 1152         rendered_obj = self.jinja_cfg.render_loadbalancer_obj(
 1153             sample_configs_combined.sample_amphora_tuple(),
 1154             [sample_configs_combined.sample_listener_tuple(
 1155                 pool_cert=True, tls_enabled=True,
 1156                 backend_tls_ciphers=constants.CIPHERS_OWASP_SUITE_B)],
 1157             tls_certs={
 1158                 'sample_pool_id_1':
 1159                     {'client_cert': cert_file_path,
 1160                      'ca_cert': None, 'crl': None}},
 1161             feature_compatibility=feature_compatibility)
 1162         self.assertEqual(
 1163             sample_configs_combined.sample_base_expected_config(backend=be),
 1164             rendered_obj)
 1165 
 1166     def test_render_template_pool_cert_no_versions(self):
 1167         feature_compatibility = {constants.POOL_ALPN: True}
 1168         cert_file_path = os.path.join(self.jinja_cfg.base_crt_dir,
 1169                                       'sample_listener_id_1', 'fake path')
 1170         be = ("backend sample_pool_id_1:sample_listener_id_1\n"
 1171               "    mode http\n"
 1172               "    balance roundrobin\n"
 1173               "    cookie SRV insert indirect nocache\n"
 1174               "    timeout check 31s\n"
 1175               "    option httpchk GET /index.html HTTP/1.0\\r\\n\n"
 1176               "    http-check expect rstatus 418\n"
 1177               "    fullconn {maxconn}\n"
 1178               "    option allbackups\n"
 1179               "    timeout connect 5000\n"
 1180               "    timeout server 50000\n"
 1181               "    server sample_member_id_1 10.0.0.99:82 weight 13 "
 1182               "check inter 30s fall 3 rise 2 cookie sample_member_id_1 "
 1183               "{opts} alpn {alpn}\n"
 1184               "    server sample_member_id_2 10.0.0.98:82 weight 13 "
 1185               "check inter 30s fall 3 rise 2 cookie sample_member_id_2 "
 1186               "{opts} alpn {alpn}\n\n").format(
 1187             maxconn=constants.HAPROXY_DEFAULT_MAXCONN,
 1188             opts="ssl crt %s verify none sni ssl_fc_sni" % cert_file_path +
 1189                  " ciphers " + constants.CIPHERS_OWASP_SUITE_B,
 1190             alpn=",".join(constants.AMPHORA_SUPPORTED_ALPN_PROTOCOLS))
 1191         rendered_obj = self.jinja_cfg.render_loadbalancer_obj(
 1192             sample_configs_combined.sample_amphora_tuple(),
 1193             [sample_configs_combined.sample_listener_tuple(
 1194                 pool_cert=True, tls_enabled=True,
 1195                 backend_tls_ciphers=constants.CIPHERS_OWASP_SUITE_B,
 1196                 backend_tls_versions=None)],
 1197             tls_certs={
 1198                 'sample_pool_id_1':
 1199                     {'client_cert': cert_file_path,
 1200                      'ca_cert': None, 'crl': None}},
 1201             feature_compatibility=feature_compatibility)
 1202         self.assertEqual(
 1203             sample_configs_combined.sample_base_expected_config(backend=be),
 1204             rendered_obj)
 1205 
 1206     def test_render_template_pool_cert_no_ciphers(self):
 1207         feature_compatibility = {constants.POOL_ALPN: True}
 1208         cert_file_path = os.path.join(self.jinja_cfg.base_crt_dir,
 1209                                       'sample_listener_id_1', 'fake path')
 1210         be = ("backend sample_pool_id_1:sample_listener_id_1\n"
 1211               "    mode http\n"
 1212               "    balance roundrobin\n"
 1213               "    cookie SRV insert indirect nocache\n"
 1214               "    timeout check 31s\n"
 1215               "    option httpchk GET /index.html HTTP/1.0\\r\\n\n"
 1216               "    http-check expect rstatus 418\n"
 1217               "    fullconn {maxconn}\n"
 1218               "    option allbackups\n"
 1219               "    timeout connect 5000\n"
 1220               "    timeout server 50000\n"
 1221               "    server sample_member_id_1 10.0.0.99:82 weight 13 "
 1222               "check inter 30s fall 3 rise 2 cookie sample_member_id_1 "
 1223               "{opts} alpn {alpn}\n"
 1224               "    server sample_member_id_2 10.0.0.98:82 weight 13 "
 1225               "check inter 30s fall 3 rise 2 cookie sample_member_id_2 "
 1226               "{opts} alpn {alpn}\n\n").format(
 1227             maxconn=constants.HAPROXY_DEFAULT_MAXCONN,
 1228             opts="ssl crt %s verify none sni ssl_fc_sni" % cert_file_path +
 1229                  " no-sslv3 no-tlsv10 no-tlsv11",
 1230             alpn=",".join(constants.AMPHORA_SUPPORTED_ALPN_PROTOCOLS))
 1231         rendered_obj = self.jinja_cfg.render_loadbalancer_obj(
 1232             sample_configs_combined.sample_amphora_tuple(),
 1233             [sample_configs_combined.sample_listener_tuple(
 1234                 pool_cert=True, tls_enabled=True)],
 1235             tls_certs={
 1236                 'sample_pool_id_1':
 1237                     {'client_cert': cert_file_path,
 1238                      'ca_cert': None, 'crl': None}},
 1239             feature_compatibility=feature_compatibility)
 1240         self.assertEqual(
 1241             sample_configs_combined.sample_base_expected_config(backend=be),
 1242             rendered_obj)
 1243 
 1244     def test_render_template_pool_cert_no_ciphers_or_versions_or_alpn(self):
 1245         cert_file_path = os.path.join(self.jinja_cfg.base_crt_dir,
 1246                                       'sample_listener_id_1', 'fake path')
 1247         be = ("backend sample_pool_id_1:sample_listener_id_1\n"
 1248               "    mode http\n"
 1249               "    balance roundrobin\n"
 1250               "    cookie SRV insert indirect nocache\n"
 1251               "    timeout check 31s\n"
 1252               "    option httpchk GET /index.html HTTP/1.0\\r\\n\n"
 1253               "    http-check expect rstatus 418\n"
 1254               "    fullconn {maxconn}\n"
 1255               "    option allbackups\n"
 1256               "    timeout connect 5000\n"
 1257               "    timeout server 50000\n"
 1258               "    server sample_member_id_1 10.0.0.99:82 weight 13 "
 1259               "check inter 30s fall 3 rise 2 cookie sample_member_id_1 "
 1260               "{opts}\n"
 1261               "    server sample_member_id_2 10.0.0.98:82 weight 13 "
 1262               "check inter 30s fall 3 rise 2 cookie sample_member_id_2 "
 1263               "{opts}\n\n").format(
 1264             maxconn=constants.HAPROXY_DEFAULT_MAXCONN,
 1265             opts="ssl crt %s verify none sni ssl_fc_sni" % cert_file_path)
 1266         rendered_obj = self.jinja_cfg.render_loadbalancer_obj(
 1267             sample_configs_combined.sample_amphora_tuple(),
 1268             [sample_configs_combined.sample_listener_tuple(
 1269                 pool_cert=True, tls_enabled=True, backend_tls_versions=None,
 1270                 backend_alpn_protocols=None)],
 1271             tls_certs={
 1272                 'sample_pool_id_1':
 1273                     {'client_cert': cert_file_path,
 1274                      'ca_cert': None, 'crl': None}})
 1275         self.assertEqual(
 1276             sample_configs_combined.sample_base_expected_config(backend=be),
 1277             rendered_obj)
 1278 
 1279     def test_render_template_pool_no_alpn(self):
 1280         be = ("backend sample_pool_id_1:sample_listener_id_1\n"
 1281               "    mode http\n"
 1282               "    balance roundrobin\n"
 1283               "    cookie SRV insert indirect nocache\n"
 1284               "    timeout check 31s\n"
 1285               "    option httpchk GET /index.html HTTP/1.0\\r\\n\n"
 1286               "    http-check expect rstatus 418\n"
 1287               "    fullconn {maxconn}\n"
 1288               "    option allbackups\n"
 1289               "    timeout connect 5000\n"
 1290               "    timeout server 50000\n"
 1291               "    server sample_member_id_1 10.0.0.99:82 weight 13 "
 1292               "check inter 30s fall 3 rise 2 cookie sample_member_id_1\n"
 1293               "    server sample_member_id_2 10.0.0.98:82 weight 13 "
 1294               "check inter 30s fall 3 rise 2 cookie sample_member_id_2"
 1295               "\n\n").format(
 1296             maxconn=constants.HAPROXY_DEFAULT_MAXCONN)
 1297         rendered_obj = self.jinja_cfg.render_loadbalancer_obj(
 1298             sample_configs_combined.sample_amphora_tuple(),
 1299             [sample_configs_combined.sample_listener_tuple(
 1300                 backend_alpn_protocols=None)])
 1301         self.assertEqual(
 1302             sample_configs_combined.sample_base_expected_config(backend=be),
 1303             rendered_obj)
 1304 
 1305     def test_render_template_with_full_pool_cert(self):
 1306         feature_compatibility = {constants.POOL_ALPN: True}
 1307         pool_client_cert = '/foo/cert.pem'
 1308         pool_ca_cert = '/foo/ca.pem'
 1309         pool_crl = '/foo/crl.pem'
 1310         be = ("backend sample_pool_id_1:sample_listener_id_1\n"
 1311               "    mode http\n"
 1312               "    balance roundrobin\n"
 1313               "    cookie SRV insert indirect nocache\n"
 1314               "    timeout check 31s\n"
 1315               "    option httpchk GET /index.html HTTP/1.0\\r\\n\n"
 1316               "    http-check expect rstatus 418\n"
 1317               "    fullconn {maxconn}\n"
 1318               "    option allbackups\n"
 1319               "    timeout connect 5000\n"
 1320               "    timeout server 50000\n"
 1321               "    server sample_member_id_1 10.0.0.99:82 weight 13 "
 1322               "check inter 30s fall 3 rise 2 cookie sample_member_id_1 "
 1323               "{opts} alpn {alpn}\n"
 1324               "    server sample_member_id_2 10.0.0.98:82 weight 13 "
 1325               "check inter 30s fall 3 rise 2 cookie sample_member_id_2 "
 1326               "{opts} alpn {alpn}\n\n").format(
 1327             maxconn=constants.HAPROXY_DEFAULT_MAXCONN,
 1328             opts="%s %s %s %s %s %s" % (
 1329                 "ssl", "crt", pool_client_cert,
 1330                 "ca-file %s" % pool_ca_cert,
 1331                 "crl-file %s" % pool_crl,
 1332                 "verify required sni ssl_fc_sni no-sslv3 no-tlsv10 no-tlsv11"),
 1333             alpn=",".join(constants.AMPHORA_SUPPORTED_ALPN_PROTOCOLS))
 1334         rendered_obj = self.jinja_cfg.render_loadbalancer_obj(
 1335             sample_configs_combined.sample_amphora_tuple(),
 1336             [sample_configs_combined.sample_listener_tuple(
 1337                 pool_cert=True, pool_ca_cert=True, pool_crl=True,
 1338                 tls_enabled=True)],
 1339             tls_certs={
 1340                 'sample_pool_id_1':
 1341                     {'client_cert': pool_client_cert,
 1342                      'ca_cert': pool_ca_cert,
 1343                      'crl': pool_crl}},
 1344             feature_compatibility=feature_compatibility)
 1345         self.assertEqual(
 1346             sample_configs_combined.sample_base_expected_config(backend=be),
 1347             rendered_obj)
 1348 
 1349     def test_transform_session_persistence(self):
 1350         in_persistence = (
 1351             sample_configs_combined.sample_session_persistence_tuple())
 1352         ret = self.jinja_cfg._transform_session_persistence(
 1353             in_persistence, {})
 1354         self.assertEqual(sample_configs_combined.RET_PERSISTENCE, ret)
 1355 
 1356     def test_transform_health_monitor(self):
 1357         in_persistence = sample_configs_combined.sample_health_monitor_tuple()
 1358         ret = self.jinja_cfg._transform_health_monitor(in_persistence, {})
 1359         self.assertEqual(sample_configs_combined.RET_MONITOR_1, ret)
 1360 
 1361     def test_transform_member(self):
 1362         in_member = sample_configs_combined.sample_member_tuple(
 1363             'sample_member_id_1', '10.0.0.99')
 1364         ret = self.jinja_cfg._transform_member(in_member, {})
 1365         self.assertEqual(sample_configs_combined.RET_MEMBER_1, ret)
 1366 
 1367     def test_transform_pool(self):
 1368         in_pool = sample_configs_combined.sample_pool_tuple()
 1369         ret = self.jinja_cfg._transform_pool(in_pool, {}, False)
 1370         self.assertEqual(sample_configs_combined.RET_POOL_1, ret)
 1371 
 1372     def test_transform_pool_2(self):
 1373         in_pool = sample_configs_combined.sample_pool_tuple(sample_pool=2)
 1374         ret = self.jinja_cfg._transform_pool(in_pool, {}, False)
 1375         self.assertEqual(sample_configs_combined.RET_POOL_2, ret)
 1376 
 1377     def test_transform_pool_http_reuse(self):
 1378         in_pool = sample_configs_combined.sample_pool_tuple(sample_pool=2)
 1379         ret = self.jinja_cfg._transform_pool(
 1380             in_pool, {constants.HTTP_REUSE: True}, False)
 1381         expected_config = copy.copy(sample_configs_combined.RET_POOL_2)
 1382         expected_config[constants.HTTP_REUSE] = True
 1383         self.assertEqual(expected_config, ret)
 1384 
 1385     def test_transform_pool_cert(self):
 1386         in_pool = sample_configs_combined.sample_pool_tuple(pool_cert=True)
 1387         cert_path = os.path.join(self.jinja_cfg.base_crt_dir,
 1388                                  'test_listener_id', 'pool_cert.pem')
 1389         ret = self.jinja_cfg._transform_pool(
 1390             in_pool, {}, False, pool_tls_certs={'client_cert': cert_path})
 1391         expected_config = copy.copy(sample_configs_combined.RET_POOL_1)
 1392         expected_config['client_cert'] = cert_path
 1393         self.assertEqual(expected_config, ret)
 1394 
 1395     def test_transform_listener(self):
 1396         in_listener = sample_configs_combined.sample_listener_tuple()
 1397         ret = self.jinja_cfg._transform_listener(in_listener, None, {},
 1398                                                  in_listener.load_balancer)
 1399         self.assertEqual(sample_configs_combined.RET_LISTENER, ret)
 1400 
 1401     def test_transform_listener_with_l7(self):
 1402         in_listener = sample_configs_combined.sample_listener_tuple(l7=True)
 1403         ret = self.jinja_cfg._transform_listener(in_listener, None, {},
 1404                                                  in_listener.load_balancer)
 1405         self.assertEqual(sample_configs_combined.RET_LISTENER_L7, ret)
 1406 
 1407     def test_transform_loadbalancer(self):
 1408         in_amphora = sample_configs_combined.sample_amphora_tuple()
 1409         in_listener = sample_configs_combined.sample_listener_tuple()
 1410         ret = self.jinja_cfg._transform_loadbalancer(
 1411             in_amphora, in_listener.load_balancer, [in_listener], None, {})
 1412         self.assertEqual(sample_configs_combined.RET_LB, ret)
 1413 
 1414     def test_transform_two_loadbalancers(self):
 1415         in_amphora = sample_configs_combined.sample_amphora_tuple()
 1416         in_listener1 = sample_configs_combined.sample_listener_tuple()
 1417         in_listener2 = sample_configs_combined.sample_listener_tuple()
 1418 
 1419         ret = self.jinja_cfg._transform_loadbalancer(
 1420             in_amphora, in_listener1.load_balancer,
 1421             [in_listener1, in_listener2], None, {})
 1422         self.assertEqual(ret['global_connection_limit'],
 1423                          constants.HAPROXY_DEFAULT_MAXCONN +
 1424                          constants.HAPROXY_DEFAULT_MAXCONN)
 1425 
 1426     def test_transform_many_loadbalancers(self):
 1427         in_amphora = sample_configs_combined.sample_amphora_tuple()
 1428 
 1429         in_listeners = []
 1430 
 1431         # Create many listeners, until the sum of connection_limits
 1432         # is greater than MAX_MAXCONN
 1433         connection_limit_sum = 0
 1434         while connection_limit_sum <= constants.HAPROXY_MAX_MAXCONN:
 1435             in_listener = (
 1436                 sample_configs_combined.sample_listener_tuple())
 1437             connection_limit_sum += constants.HAPROXY_DEFAULT_MAXCONN
 1438 
 1439             in_listeners.append(in_listener)
 1440 
 1441         ret = self.jinja_cfg._transform_loadbalancer(
 1442             in_amphora, in_listeners[0].load_balancer,
 1443             in_listeners, None, {})
 1444         self.assertEqual(ret['global_connection_limit'],
 1445                          constants.HAPROXY_MAX_MAXCONN)
 1446         self.assertLess(ret['global_connection_limit'],
 1447                         connection_limit_sum)
 1448 
 1449     def test_transform_amphora(self):
 1450         in_amphora = sample_configs_combined.sample_amphora_tuple()
 1451         ret = self.jinja_cfg._transform_amphora(in_amphora, {})
 1452         self.assertEqual(sample_configs_combined.RET_AMPHORA, ret)
 1453 
 1454     def test_transform_loadbalancer_with_l7(self):
 1455         in_amphora = sample_configs_combined.sample_amphora_tuple()
 1456         in_listener = sample_configs_combined.sample_listener_tuple(l7=True)
 1457         ret = self.jinja_cfg._transform_loadbalancer(
 1458             in_amphora, in_listener.load_balancer, [in_listener], None, {})
 1459         self.assertEqual(sample_configs_combined.RET_LB_L7, ret)
 1460 
 1461     def test_transform_l7policy(self):
 1462         in_l7policy = sample_configs_combined.sample_l7policy_tuple(
 1463             'sample_l7policy_id_1')
 1464         ret = self.jinja_cfg._transform_l7policy(in_l7policy, {}, False)
 1465         self.assertEqual(sample_configs_combined.RET_L7POLICY_1, ret)
 1466 
 1467     def test_transform_l7policy_2_8(self):
 1468         in_l7policy = sample_configs_combined.sample_l7policy_tuple(
 1469             'sample_l7policy_id_2', sample_policy=2)
 1470         ret = self.jinja_cfg._transform_l7policy(in_l7policy, {}, False)
 1471         self.assertEqual(sample_configs_combined.RET_L7POLICY_2, ret)
 1472 
 1473         # test invalid action without redirect_http_code
 1474         in_l7policy = sample_configs_combined.sample_l7policy_tuple(
 1475             'sample_l7policy_id_8', sample_policy=2, redirect_http_code=None)
 1476         ret = self.jinja_cfg._transform_l7policy(in_l7policy, {}, False)
 1477         self.assertEqual(sample_configs_combined.RET_L7POLICY_8, ret)
 1478 
 1479     def test_transform_l7policy_disabled_rule(self):
 1480         in_l7policy = sample_configs_combined.sample_l7policy_tuple(
 1481             'sample_l7policy_id_6', sample_policy=6)
 1482         ret = self.jinja_cfg._transform_l7policy(in_l7policy, {}, False)
 1483         self.assertEqual(sample_configs_combined.RET_L7POLICY_6, ret)
 1484 
 1485     def test_escape_haproxy_config_string(self):
 1486         self.assertEqual(self.jinja_cfg._escape_haproxy_config_string(
 1487             'string_with_none'), 'string_with_none')
 1488         self.assertEqual(self.jinja_cfg._escape_haproxy_config_string(
 1489             'string with spaces'), 'string\\ with\\ spaces')
 1490         self.assertEqual(self.jinja_cfg._escape_haproxy_config_string(
 1491             'string\\with\\backslashes'), 'string\\\\with\\\\backslashes')
 1492         self.assertEqual(self.jinja_cfg._escape_haproxy_config_string(
 1493             'string\\ with\\ all'), 'string\\\\\\ with\\\\\\ all')
 1494 
 1495     def test_render_template_no_log(self):
 1496         j_cfg = jinja_cfg.JinjaTemplater(
 1497             base_amp_path='/var/lib/octavia',
 1498             base_crt_dir='/var/lib/octavia/certs',
 1499             connection_logging=False)
 1500         defaults = ("defaults\n"
 1501                     "    no log\n"
 1502                     "    retries 3\n"
 1503                     "    option redispatch\n"
 1504                     "    option splice-request\n"
 1505                     "    option splice-response\n"
 1506                     "    option http-keep-alive\n\n")
 1507         rendered_obj = j_cfg.render_loadbalancer_obj(
 1508             sample_configs_combined.sample_amphora_tuple(),
 1509             [sample_configs_combined.sample_listener_tuple()]
 1510         )
 1511         self.assertEqual(
 1512             sample_configs_combined.sample_base_expected_config(
 1513                 defaults=defaults, logging="\n"),
 1514             rendered_obj)
 1515 
 1516     def test_http_reuse(self):
 1517         j_cfg = jinja_cfg.JinjaTemplater(
 1518             base_amp_path='/var/lib/octavia',
 1519             base_crt_dir='/var/lib/octavia/certs')
 1520 
 1521         sample_amphora = sample_configs_combined.sample_amphora_tuple()
 1522         sample_proxy_listener = sample_configs_combined.sample_listener_tuple(
 1523             be_proto='PROXY')
 1524         # With http-reuse
 1525         be = ("backend {pool_id}:{listener_id}\n"
 1526               "    mode http\n"
 1527               "    http-reuse safe\n"
 1528               "    balance roundrobin\n"
 1529               "    cookie SRV insert indirect nocache\n"
 1530               "    timeout check 31s\n"
 1531               "    fullconn {maxconn}\n"
 1532               "    option allbackups\n"
 1533               "    timeout connect 5000\n"
 1534               "    timeout server 50000\n"
 1535               "    server sample_member_id_1 10.0.0.99:82 "
 1536               "weight 13 check inter 30s fall 3 rise 2 "
 1537               "cookie sample_member_id_1 send-proxy\n"
 1538               "    server sample_member_id_2 10.0.0.98:82 "
 1539               "weight 13 check inter 30s fall 3 rise 2 "
 1540               "cookie sample_member_id_2 send-proxy\n\n").format(
 1541             maxconn=constants.HAPROXY_DEFAULT_MAXCONN,
 1542             pool_id=sample_proxy_listener.default_pool.id,
 1543             listener_id=sample_proxy_listener.id)
 1544         rendered_obj = j_cfg.build_config(
 1545             sample_amphora,
 1546             [sample_proxy_listener],
 1547             tls_certs=None,
 1548             haproxy_versions=("1", "8", "1"))
 1549         self.assertEqual(
 1550             sample_configs_combined.sample_base_expected_config(backend=be),
 1551             rendered_obj)
 1552 
 1553         # Without http-reuse
 1554         be = ("backend {pool_id}:{listener_id}\n"
 1555               "    mode http\n"
 1556               "    balance roundrobin\n"
 1557               "    cookie SRV insert indirect nocache\n"
 1558               "    timeout check 31s\n"
 1559               "    fullconn {maxconn}\n"
 1560               "    option allbackups\n"
 1561               "    timeout connect 5000\n"
 1562               "    timeout server 50000\n"
 1563               "    server sample_member_id_1 10.0.0.99:82 "
 1564               "weight 13 check inter 30s fall 3 rise 2 "
 1565               "cookie sample_member_id_1 send-proxy\n"
 1566               "    server sample_member_id_2 10.0.0.98:82 "
 1567               "weight 13 check inter 30s fall 3 rise 2 "
 1568               "cookie sample_member_id_2 send-proxy\n\n").format(
 1569             maxconn=constants.HAPROXY_DEFAULT_MAXCONN,
 1570             pool_id=sample_proxy_listener.default_pool.id,
 1571             listener_id=sample_proxy_listener.id)
 1572         rendered_obj = j_cfg.build_config(
 1573             sample_amphora,
 1574             [sample_proxy_listener],
 1575             tls_certs=None,
 1576             haproxy_versions=("1", "5", "18"))
 1577         self.assertEqual(
 1578             sample_configs_combined.sample_base_expected_config(backend=be),
 1579             rendered_obj)
 1580 
 1581     def test_ssl_types_l7rules(self):
 1582         j_cfg = jinja_cfg.JinjaTemplater(
 1583             base_amp_path='/var/lib/octavia',
 1584             base_crt_dir='/var/lib/octavia/certs')
 1585         fe = ("frontend sample_listener_id_1\n"
 1586               "    maxconn {maxconn}\n"
 1587               "    redirect scheme https if !{{ ssl_fc }}\n"
 1588               "    bind 10.0.0.2:443 ciphers {ciphers} "
 1589               "no-sslv3 no-tlsv10 no-tlsv11 alpn {alpn}\n"
 1590               "    mode http\n"
 1591               "        acl sample_l7rule_id_1 path -m beg /api\n"
 1592               "    use_backend sample_pool_id_2:sample_listener_id_1"
 1593               " if sample_l7rule_id_1\n"
 1594               "        acl sample_l7rule_id_2 req.hdr(Some-header) -m sub "
 1595               "This\\ string\\\\\\ with\\ stuff\n"
 1596               "        acl sample_l7rule_id_3 req.cook(some-cookie) -m reg "
 1597               "this.*|that\n"
 1598               "    redirect code 302 location http://www.example.com "
 1599               "if !sample_l7rule_id_2 sample_l7rule_id_3\n"
 1600               "        acl sample_l7rule_id_4 path_end -m str jpg\n"
 1601               "        acl sample_l7rule_id_5 req.hdr(host) -i -m end "
 1602               ".example.com\n"
 1603               "    http-request deny "
 1604               "if sample_l7rule_id_4 sample_l7rule_id_5\n"
 1605               "        acl sample_l7rule_id_2 req.hdr(Some-header) -m sub "
 1606               "This\\ string\\\\\\ with\\ stuff\n"
 1607               "        acl sample_l7rule_id_3 req.cook(some-cookie) -m reg "
 1608               "this.*|that\n"
 1609               "    redirect code 302 prefix https://example.com "
 1610               "if !sample_l7rule_id_2 sample_l7rule_id_3\n"
 1611               "        acl sample_l7rule_id_7 ssl_c_used\n"
 1612               "        acl sample_l7rule_id_8 ssl_c_verify eq 1\n"
 1613               "        acl sample_l7rule_id_9 ssl_c_s_dn(STREET) -m reg "
 1614               "^STREET.*NO\\\\.$\n"
 1615               "        acl sample_l7rule_id_10 ssl_c_s_dn(OU-3) -m beg "
 1616               "Orgnization\\ Bala\n"
 1617               "        acl sample_l7rule_id_11 path -m beg /api\n"
 1618               "    redirect code 302 location "
 1619               "http://www.ssl-type-l7rule-test.com "
 1620               "if sample_l7rule_id_7 !sample_l7rule_id_8 !sample_l7rule_id_9 "
 1621               "!sample_l7rule_id_10 sample_l7rule_id_11\n"
 1622               "    default_backend sample_pool_id_1:sample_listener_id_1\n"
 1623               "    timeout client 50000\n".format(
 1624                   maxconn=constants.HAPROXY_DEFAULT_MAXCONN,
 1625                   ciphers=constants.CIPHERS_OWASP_SUITE_B,
 1626                   alpn=",".join(constants.AMPHORA_SUPPORTED_ALPN_PROTOCOLS)))
 1627         be = ("backend sample_pool_id_1:sample_listener_id_1\n"
 1628               "    mode http\n"
 1629               "    balance roundrobin\n"
 1630               "    cookie SRV insert indirect nocache\n"
 1631               "    timeout check 31s\n"
 1632               "    option httpchk GET /index.html HTTP/1.0\\r\\n\n"
 1633               "    http-check expect rstatus 418\n"
 1634               "    fullconn {maxconn}\n"
 1635               "    option allbackups\n"
 1636               "    timeout connect 5000\n"
 1637               "    timeout server 50000\n"
 1638               "    server sample_member_id_1 10.0.0.99:82 weight 13 check "
 1639               "inter 30s fall 3 rise 2 cookie sample_member_id_1\n"
 1640               "    server sample_member_id_2 10.0.0.98:82 weight 13 check "
 1641               "inter 30s fall 3 rise 2 cookie sample_member_id_2\n\n"
 1642               "backend sample_pool_id_2:sample_listener_id_1\n"
 1643               "    mode http\n"
 1644               "    balance roundrobin\n"
 1645               "    cookie SRV insert indirect nocache\n"
 1646               "    timeout check 31s\n"
 1647               "    option httpchk GET /healthmon.html HTTP/1.0\\r\\n\n"
 1648               "    http-check expect rstatus 418\n"
 1649               "    fullconn {maxconn}\n"
 1650               "    option allbackups\n"
 1651               "    timeout connect 5000\n"
 1652               "    timeout server 50000\n"
 1653               "    server sample_member_id_3 10.0.0.97:82 weight 13 check "
 1654               "inter 30s fall 3 rise 2 cookie sample_member_id_3\n\n".format(
 1655                   maxconn=constants.HAPROXY_DEFAULT_MAXCONN))
 1656         sample_listener = sample_configs_combined.sample_listener_tuple(
 1657             proto=constants.PROTOCOL_TERMINATED_HTTPS, l7=True,
 1658             ssl_type_l7=True)
 1659         rendered_obj = j_cfg.build_config(
 1660             sample_configs_combined.sample_amphora_tuple(),
 1661             [sample_listener],
 1662             tls_certs=None,
 1663             haproxy_versions=("1", "5", "18"))
 1664         self.assertEqual(
 1665             sample_configs_combined.sample_base_expected_config(
 1666                 frontend=fe, backend=be),
 1667             rendered_obj)