feat(AV-199348, AV-203300, AV-203299): Netscaler bug fixes

vmware · Apr 4, 2024 · 3bcafaa · 3bcafaa
1 parent eb561ab
commit 3bcafaa
Show file tree

Hide file tree

Showing 5 changed files with 13 additions and 2 deletions.
diff --git a/python/avi/migrationtools/ansible/ansible_constant.py b/python/avi/migrationtools/ansible/ansible_constant.py
@@ -25,7 +25,7 @@
     'SeProperties', 'ControllerProperties', 'CloudProperties', 'ALBServicesConfig']
 
 
-SKIP_FIELDS = ['uuid', 'url', 'ref_key', 'se_uuids', 'key_passphrase',
+SKIP_FIELDS = ['uuid', 'url', 'ref_key', 'se_uuids',
                'extension']
 HTTP_TYPE = 'http'
 SSL_TYPE = 'ssl'

diff --git a/python/avi/migrationtools/avi_migration_utils.py b/python/avi/migrationtools/avi_migration_utils.py
@@ -193,12 +193,16 @@ def is_certificate_key_protected(self, key_file):
         :param key_file: Path of key file
         :return: Return True if key is passphrase protected else return False
         """
+        if '/Common/' in key_file:
+            key_file = key_file.replace('/Common/', '')
+        if ':Common:' in key_file:
+            key_file = key_file.replace(':Common:', '')
         try:
             child = pexpect.spawn(
                 'openssl rsa -in %s -check -noout' % key_file)
             # Expect for enter pass phrase if key is protected else it will raise
             # an exception
-            child.expect('Enter pass phrase for')
+            child.expect('Enter pass phrase for %s' %  key_file)
             update_count('warning')
             return True
         except Exception as e:

diff --git a/python/avi/migrationtools/f5_converter/profile_converter.py b/python/avi/migrationtools/f5_converter/profile_converter.py
@@ -263,6 +263,8 @@ def update_key_cert_obj(
         key_passphrase = None
         # Get the key passphrase for key_file
         if is_key_protected and self.f5_passphrase_keys:
+            if ":" in key_file_name:
+                key_file_name = key_file_name.split(":")[-1]
             key_passphrase = self.f5_passphrase_keys.get(key_file_name, None)
 
         if is_key_protected and not key_passphrase:

diff --git a/python/avi/migrationtools/netscaler_converter/policy_converter.py b/python/avi/migrationtools/netscaler_converter/policy_converter.py
@@ -551,6 +551,7 @@ def query_converter(self, rule, policy_name, bind_patset, patset_config,
                                 'HTTP.REQ.URL.STARTSWITH' in query.upper() or \
                                 'HTTP.REQ.URL.PATH_AND_QUERY.CONTAINS' \
                                 in query.upper():
+                    element = element.strip('"') if element.startswith('"/') else element
                     element = re.sub('[\\\/]', '', element)
                 match["query"]["match_str"].append(element)
 

diff --git a/python/avi/migrationtools/netscaler_converter/profile_converter.py b/python/avi/migrationtools/netscaler_converter/profile_converter.py
@@ -351,6 +351,8 @@ def convert_ssl_service_profile(self, set_ssl_service, bind_ssl_service,
                     accepted_versions.append({'type': 'SSL_VERSION_TLS1_1'})
                 if ssl_service.get('tls12', 'ENABLED') == 'ENABLED':
                     accepted_versions.append({'type': 'SSL_VERSION_TLS1_2'})
+                if ssl_service.get('tls13', '') == 'ENABLED':
+                    accepted_versions.append({'type': 'SSL_VERSION_TLS1_3'})
                 if accepted_versions:
                     ssl_profile['accepted_versions'] = accepted_versions
                 else:
@@ -674,6 +676,8 @@ def get_key_cert(self, ssl_mappings, ssl_key_and_cert, input_dir,
                 key_passphrase = None
                 # Get the key passphrase for key_file
                 if self.netscalar_passphrase_keys:
+                    if ":" in key_file_name:
+                        key_file_name = key_file_name.split(":")[-1]
                     key_passphrase = self.netscalar_passphrase_keys.get(
                         key_file_name, None)
                 # if key is protected and does not find passphrase key