From db212fc304128c071eadd095ff9c19916bf57d9d Mon Sep 17 00:00:00 2001
From: Michael Johnson <johnsomor@gmail.com>
Date: Tue, 14 May 2019 17:47:34 -0700
Subject: [PATCH] Fix pool API handling of None/null updates

The current pool API does not properly handle clearing/reseting
values on update. There was a case where removing the CA and CRL
at the same time could be refused, requiring you to remove the
CRL first, then the CA reference. This patch resolves that issue.

This patch corrects this to appropriately handle None/null updates
to the pool parameters.

Change-Id: Iee8a12b693a09e96e59313e58beffe1b1985084f
Story: 2005374
Task: 31007
---
 octavia/api/v2/controllers/pool.py           | 9 ++++++---
 octavia/tests/functional/api/v2/test_pool.py | 1 +
 2 files changed, 7 insertions(+), 3 deletions(-)

diff --git a/octavia/api/v2/controllers/pool.py b/octavia/api/v2/controllers/pool.py
index 1185e303ff..617865d25a 100644
--- a/octavia/api/v2/controllers/pool.py
+++ b/octavia/api/v2/controllers/pool.py
@@ -330,10 +330,13 @@ class PoolsController(base.BaseController):
             validate.check_session_persistence(sp_dict)
 
         crl_ref = None
+        # If we got a crl_ref and it's not unset, use it
         if (pool.crl_container_ref and
                 pool.crl_container_ref != wtypes.Unset):
             crl_ref = pool.crl_container_ref
-        elif db_pool.crl_container_id:
+        # If we got Unset and a CRL exists in the DB, use the DB crl_ref
+        elif (db_pool.crl_container_id and
+              pool.crl_container_ref == wtypes.Unset):
             crl_ref = db_pool.crl_container_id
 
         ca_ref = None
@@ -350,8 +353,8 @@ class PoolsController(base.BaseController):
                     "specify a certificate revocation list."))
             if pool.ca_tls_container_ref:
                 ca_ref = pool.ca_tls_container_ref
-            elif db_ca_ref:
-                ca_ref = db_ca_ref
+        elif db_ca_ref and pool.ca_tls_container_ref == wtypes.Unset:
+            ca_ref = db_ca_ref
         elif crl_ref and not db_ca_ref:
             raise exceptions.ValidationException(detail=_(
                 "A CA reference is required to "
diff --git a/octavia/tests/functional/api/v2/test_pool.py b/octavia/tests/functional/api/v2/test_pool.py
index 154efb437e..cf1b065745 100644
--- a/octavia/tests/functional/api/v2/test_pool.py
+++ b/octavia/tests/functional/api/v2/test_pool.py
@@ -1373,6 +1373,7 @@ class TestPool(base.BaseAPITest):
                                        'sni_certs': [],
                                        'client_ca_cert': None}
         self.cert_manager_mock().get_secret.side_effect = [
+            sample_certs.X509_CA_CERT, sample_certs.X509_CA_CRL,
             sample_certs.X509_CA_CERT, sample_certs.X509_CA_CRL,
             sample_certs.X509_CA_CERT, sample_certs.X509_CA_CRL,
             sample_certs.X509_CA_CERT, sample_certs.X509_CA_CRL]