Merge "Add a mixed HTTP and HTTPS scenario test"
diff --git a/octavia_tempest_plugin/tests/barbican_scenario/v2/test_tls_barbican.py b/octavia_tempest_plugin/tests/barbican_scenario/v2/test_tls_barbican.py
index 5f7ad51..e3d7ee3 100644
--- a/octavia_tempest_plugin/tests/barbican_scenario/v2/test_tls_barbican.py
+++ b/octavia_tempest_plugin/tests/barbican_scenario/v2/test_tls_barbican.py
@@ -38,15 +38,19 @@
class TLSWithBarbicanTest(test_base.LoadBalancerBaseTestWithCompute):
-
@classmethod
def skip_checks(cls):
super(TLSWithBarbicanTest, cls).skip_checks()
+ if not CONF.loadbalancer_feature_enabled.l7_protocol_enabled:
+ raise cls.skipException(
+ '[loadbalancer_feature_enabled] "l7_protocol_enabled" is '
+ 'False in the tempest configuration. TLS tests will be '
+ 'skipped.')
if not CONF.loadbalancer_feature_enabled.terminated_tls_enabled:
- raise cls.skipException('[loadbalancer-feature-enabled] '
- '"terminated_tls_enabled" is False in '
- 'the tempest configuration. TLS tests '
- 'will be skipped.')
+ raise cls.skipException(
+ '[loadbalancer-feature-enabled] "terminated_tls_enabled" is '
+ 'False in the tempest configuration. TLS tests will be '
+ 'skipped.')
if not CONF.validation.run_validation:
raise cls.skipException('Traffic tests will not work without '
'run_validation enabled.')
@@ -342,6 +346,60 @@
# Validate the certificate is signed by the ca_cert we created
sock.do_handshake()
+ @decorators.idempotent_id('dcf11f78-7af3-4832-b716-9a01648f439c')
+ def test_mixed_http_https_traffic(self):
+
+ listener_name = data_utils.rand_name("lb_member_listener1-tls")
+ listener_kwargs = {
+ const.NAME: listener_name,
+ const.PROTOCOL: const.TERMINATED_HTTPS,
+ const.PROTOCOL_PORT: '443',
+ const.LOADBALANCER_ID: self.lb_id,
+ const.DEFAULT_POOL_ID: self.pool_id,
+ const.DEFAULT_TLS_CONTAINER_REF: self.server_secret_ref,
+ }
+ listener = self.mem_listener_client.create_listener(**listener_kwargs)
+ self.listener_id = listener[const.ID]
+ self.addCleanup(
+ self.mem_listener_client.cleanup_listener,
+ self.listener_id,
+ lb_client=self.mem_lb_client, lb_id=self.lb_id)
+
+ waiters.wait_for_status(self.mem_lb_client.show_loadbalancer,
+ self.lb_id, const.PROVISIONING_STATUS,
+ const.ACTIVE,
+ CONF.load_balancer.build_interval,
+ CONF.load_balancer.build_timeout)
+
+ listener_name = data_utils.rand_name("lb_member_listener2-http-tls")
+ listener_kwargs = {
+ const.NAME: listener_name,
+ const.PROTOCOL: const.HTTP,
+ const.PROTOCOL_PORT: '80',
+ const.LOADBALANCER_ID: self.lb_id,
+ const.DEFAULT_POOL_ID: self.pool_id,
+ }
+ listener = self.mem_listener_client.create_listener(**listener_kwargs)
+ self.listener2_id = listener[const.ID]
+ self.addCleanup(
+ self.mem_listener_client.cleanup_listener,
+ self.listener2_id,
+ lb_client=self.mem_lb_client, lb_id=self.lb_id)
+
+ waiters.wait_for_status(self.mem_lb_client.show_loadbalancer,
+ self.lb_id, const.PROVISIONING_STATUS,
+ const.ACTIVE,
+ CONF.load_balancer.build_interval,
+ CONF.load_balancer.build_timeout)
+
+ # Test HTTPS listener load balancing.
+ # Note: certificate validation tests will follow this test
+ self.check_members_balanced(self.lb_vip_address, protocol='https',
+ verify=False, protocol_port=443)
+
+ # Test HTTP listener load balancing.
+ self.check_members_balanced(self.lb_vip_address)
+
@decorators.idempotent_id('08405802-4411-4454-b008-8607408f424a')
def test_basic_tls_SNI_traffic(self):