MINOR: add force_reload query parameter to SSL certificate resource paths

This option will force haproxy to reload, also causing haproxy to re-read
any new or updated SSL certificates.

Author: aiharos

configure_data_plane.go

@@ -528,8 +528,8 @@ func configureAPI(api *operations.DataPlaneAPI) http.Handler {
 	api.StorageGetAllStorageSSLCertificatesHandler = &handlers.StorageGetAllStorageSSLCertificatesHandlerImpl{Client: client}
 	api.StorageGetOneStorageSSLCertificateHandler = &handlers.StorageGetOneStorageSSLCertificateHandlerImpl{Client: client}
 	api.StorageDeleteStorageSSLCertificateHandler = &handlers.StorageDeleteStorageSSLCertificateHandlerImpl{Client: client}
-	api.StorageReplaceStorageSSLCertificateHandler = &handlers.StorageReplaceStorageSSLCertificateHandlerImpl{Client: client}
-	api.StorageCreateStorageSSLCertificateHandler = &handlers.StorageCreateStorageSSLCertificateHandlerImpl{Client: client}
+	api.StorageReplaceStorageSSLCertificateHandler = &handlers.StorageReplaceStorageSSLCertificateHandlerImpl{Client: client, ReloadAgent: ra}
+	api.StorageCreateStorageSSLCertificateHandler = &handlers.StorageCreateStorageSSLCertificateHandlerImpl{Client: client, ReloadAgent: ra}
 
 	// setup OpenAPI v3 specification handler
 	api.SpecificationOpenapiv3GetOpenapiv3SpecificationHandler = specification_openapiv3.GetOpenapiv3SpecificationHandlerFunc(func(params specification_openapiv3.GetOpenapiv3SpecificationParams, principal interface{}) middleware.Responder {

e2e/tests/storage_ssl_certificates/test.bats

@@ -22,6 +22,7 @@ load '../../libs/version'
 @test "Add a ssl certificate file" {
 
     refute dpa_docker_exec 'ls /etc/haproxy/ssl/1.pem'
+    pre_logs_count=$(docker logs dataplaneapi-e2e 2>&1 | wc -l)
 
     run dpa_curl_file_upload POST "/services/haproxy/storage/ssl_certificates" "@${BATS_TEST_DIRNAME}/1.pem;filename=1.pem"
     assert_success
@@ -32,6 +33,11 @@ load '../../libs/version'
     assert_equal $(get_json_path "$BODY" '.storage_name') "1.pem"
 
     assert dpa_docker_exec 'ls /etc/haproxy/ssl/1.pem'
+
+    # confirm haproxy wasn't reloaded or restarted
+    post_logs_count=$(docker logs dataplaneapi-e2e 2>&1 | wc -l)
+    new_logs_count=$(( $pre_logs_count - $post_logs_count ))
+    assert [ $new_logs_count = 0 ]
 }
 
 @test "Get a list of managed ssl certificate files" {
@@ -61,11 +67,19 @@ load '../../libs/version'
 }
 
 @test "Replace a ssl certificate file contents" {
+
+    pre_logs_count=$(docker logs dataplaneapi-e2e 2>&1 | wc -l)
+
     run dpa_curl_text_plain PUT "/services/haproxy/storage/ssl_certificates/1.pem" "@${BATS_TEST_DIRNAME}/2.pem"
     assert_success
 
     dpa_curl_status_body '$output'
     assert_equal $SC 202
+
+    # confirm haproxy wasn't reloaded or restarted
+    post_logs_count=$(docker logs dataplaneapi-e2e 2>&1 | wc -l)
+    new_logs_count=$(( $pre_logs_count - $post_logs_count ))
+    assert [ $new_logs_count = 0 ]
 }
 
 @test "Delete a ssl certificate file" {
@@ -77,3 +91,50 @@ load '../../libs/version'
 
     refute dpa_docker_exec 'ls /etc/haproxy/ssl/1.pem'
 }
+
+@test "Add a ssl certificate file and reload HAProxy" {
+
+    refute dpa_docker_exec 'ls /etc/haproxy/ssl/1.pem'
+
+    pre_logs_count=$(docker logs dataplaneapi-e2e 2>&1 | wc -l)
+
+    run dpa_curl_file_upload POST "/services/haproxy/storage/ssl_certificates?force_reload=true" "@${BATS_TEST_DIRNAME}/1.pem;filename=1.pem"
+    assert_success
+
+    dpa_curl_status_body '$output'
+    assert_equal $SC 201
+
+    assert_equal $(get_json_path "$BODY" '.storage_name') "1.pem"
+
+    assert dpa_docker_exec 'ls /etc/haproxy/ssl/1.pem'
+
+    post_logs_count=$(docker logs dataplaneapi-e2e 2>&1 | wc -l)
+    new_logs_count=$(( $pre_logs_count - $post_logs_count ))
+
+    new_logs=$(docker logs dataplaneapi-e2e 2>&1 | tail -n $new_logs_count)
+
+    echo -e "$new_logs" # this will help debugging if the test fails
+    assert echo -e "$new_logs" | head -n 1 | grep -q "Reexecuting Master process"
+}
+
+@test "Replace a ssl certificate file contents and reload HAPRoxy" {
+
+    pre_logs_count=$(docker logs dataplaneapi-e2e 2>&1 | wc -l)
+
+    run dpa_curl_text_plain PUT "/services/haproxy/storage/ssl_certificates/1.pem?force_reload=true" "@${BATS_TEST_DIRNAME}/2.pem"
+    assert_success
+
+    dpa_curl_status_body '$output'
+    assert_equal $SC 202
+
+    post_logs_count=$(docker logs dataplaneapi-e2e 2>&1 | wc -l)
+    new_logs_count=$(( $pre_logs_count - $post_logs_count ))
+
+    new_logs=$(docker logs dataplaneapi-e2e 2>&1 | tail -n $new_logs_count)
+
+    echo -e "$new_logs" # this will help debugging if the test fails
+    assert echo -e "$new_logs" | head -n 1 | grep -q "Reexecuting Master process"
+
+    # clean up after the test
+    dpa_docker_exec 'rm /etc/haproxy/ssl/1.pem'
+}

embedded_spec.go

@@ -21,6 +21,7 @@ import (
 	"github.com/go-openapi/runtime"
 	"github.com/go-openapi/runtime/middleware"
 	client_native "github.com/haproxytech/client-native/v2"
+	"github.com/haproxytech/dataplaneapi/haproxy"
 	"github.com/haproxytech/dataplaneapi/misc"
 	"github.com/haproxytech/dataplaneapi/operations/storage"
 	models "github.com/haproxytech/models/v2"
@@ -88,7 +89,8 @@ func (h *StorageDeleteStorageSSLCertificateHandlerImpl) Handle(params storage.De
 
 // StorageReplaceStorageSSLCertificateHandlerImpl implementation of the StorageReplaceStorageSSLCertificateHandler interface
 type StorageReplaceStorageSSLCertificateHandlerImpl struct {
-	Client *client_native.HAProxyClient
+	Client      *client_native.HAProxyClient
+	ReloadAgent haproxy.IReloadAgent
 }
 
 func (h *StorageReplaceStorageSSLCertificateHandlerImpl) Handle(params storage.ReplaceStorageSSLCertificateParams, principal interface{}) middleware.Responder {
@@ -102,12 +104,20 @@ func (h *StorageReplaceStorageSSLCertificateHandlerImpl) Handle(params storage.R
 		Description: "managed SSL file",
 		StorageName: filepath.Base(filename),
 	}
+	if *params.ForceReload {
+		err := h.ReloadAgent.ForceReload()
+		if err != nil {
+			e := misc.HandleError(err)
+			return storage.NewReplaceStorageMapFileDefault(int(*e.Code)).WithPayload(e)
+		}
+	}
 	return storage.NewReplaceStorageSSLCertificateAccepted().WithPayload(retf)
 }
 
 // StorageCreateStorageSSLCertificateHandlerImpl implementation of the StorageCreateStorageSSLCertificateHandler interface
 type StorageCreateStorageSSLCertificateHandlerImpl struct {
-	Client *client_native.HAProxyClient
+	Client      *client_native.HAProxyClient
+	ReloadAgent haproxy.IReloadAgent
 }
 
 func (h *StorageCreateStorageSSLCertificateHandlerImpl) Handle(params storage.CreateStorageSSLCertificateParams, principal interface{}) middleware.Responder {
@@ -125,5 +135,12 @@ func (h *StorageCreateStorageSSLCertificateHandlerImpl) Handle(params storage.Cr
 		Description: "managed SSL file",
 		StorageName: filepath.Base(filename),
 	}
+	if *params.ForceReload {
+		err := h.ReloadAgent.ForceReload()
+		if err != nil {
+			e := misc.HandleError(err)
+			return storage.NewReplaceStorageMapFileDefault(int(*e.Code)).WithPayload(e)
+		}
+	}
 	return storage.NewCreateStorageSSLCertificateCreated().WithPayload(retf)
 }