openstack/neutron-vpnaas-dashboard
Code Issues Proposed changes

Add aggressive negotiation mode for ikepolicy

Browse Source 
The phase1 negotiation mode adds support for aggressive mode,
which can be selected when creating an ikepolicy.

Change-Id: Idd11861ec3d6cca09beea68832999a9f3410281e
Partial-Bug: #1701413
This commit is contained in:
zhanghao 2020-06-23 02:21:33 -04:00
parent 2fa5af2c2b
commit 484b57e436
6 changed files with 27 additions and 9 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

5
neutron_vpnaas_dashboard/dashboards/project/vpn/forms.py
View File

@ -128,11 +128,10 @@ class UpdateIKEPolicy(forms.SelfHandlingForm):
('group5', _('group5')), ('group5', _('group5')),
('group14', _('group14'))], ('group14', _('group14'))],
required=False) required=False)
# Currently this field has only one choice, so mark it as readonly.
phase1_negotiation_mode = forms.ThemableChoiceField( phase1_negotiation_mode = forms.ThemableChoiceField(
label=_("IKE Phase1 negotiation mode"), label=_("IKE Phase1 negotiation mode"),
choices=[('main', 'main')], choices=[('main', 'main'),
widget=forms.TextInput(attrs={'readonly': 'readonly'}), ('aggressive', 'aggressive')],
required=False) required=False)
failure_url = 'horizon:project:vpn:index' failure_url = 'horizon:project:vpn:index'

2
neutron_vpnaas_dashboard/dashboards/project/vpn/templates/vpn/_add_ike_policy_help.html
View File

@ -14,7 +14,7 @@
<dt>{% trans 'Perfect Forward Secrecy' %}</dt> <dt>{% trans 'Perfect Forward Secrecy' %}</dt>
<dd>{% trans 'PFS limited to using Diffie-Hellman groups 2, 5 (default) and 14.' %}</dd> <dd>{% trans 'PFS limited to using Diffie-Hellman groups 2, 5 (default) and 14.' %}</dd>
<dt>{% trans 'IKE Phase 1 negotiation mode' %}</dt> <dt>{% trans 'IKE Phase 1 negotiation mode' %}</dt>
<dd>{% trans "Limited to 'main' mode only." %}</dd> <dd>{% trans "Phase 1 negotiation mode limited to using 'main' and 'aggressive'." %}</dd>
</dl> </dl>
<p>{% trans "All fields are optional." %}</p> <p>{% trans "All fields are optional." %}</p>

4
neutron_vpnaas_dashboard/dashboards/project/vpn/tests.py
View File

@ -92,12 +92,12 @@ class VPNTests(test.TestCase):
def test_index_vpnservices(self): def test_index_vpnservices(self):
self.setup_mocks() self.setup_mocks()
res = self.client.get(self.INDEX_URL) res = self.client.get(self.INDEX_URL + '?tab=vpntabs__vpnservices')
self.assertTemplateUsed(res, '%s/vpn/index.html' self.assertTemplateUsed(res, '%s/vpn/index.html'
% self.DASHBOARD) % self.DASHBOARD)
self.assertTemplateUsed(res, 'horizon/common/_detail_table.html') self.assertTemplateUsed(res, 'horizon/common/_detail_table.html')
self.assertEqual(len(res.context['table'].data), self.assertEqual(len(res.context['vpnservicestable_table'].data),
len(self.vpnservices.list())) len(self.vpnservices.list()))
self.check_mocks() self.check_mocks()

5
neutron_vpnaas_dashboard/dashboards/project/vpn/workflows.py
View File

@ -282,11 +282,10 @@ class AddIKEPolicyAction(workflows.Action):
self.fields['pfs'].choices = pfs_choices self.fields['pfs'].choices = pfs_choices
self.fields['pfs'].initial = "group5" self.fields['pfs'].initial = "group5"
phase1_neg_mode_choices = [("main", "main")] phase1_neg_mode_choices = [("main", "main"),
("aggressive", "aggressive")]
self.fields[ self.fields[
'phase1_negotiation_mode'].choices = phase1_neg_mode_choices 'phase1_negotiation_mode'].choices = phase1_neg_mode_choices
# Currently this field has only one choice, so mark it as readonly.
self.fields['phase1_negotiation_mode'].widget.attrs['readonly'] = True
class Meta(object): class Meta(object):
name = _("Add New IKE Policy") name = _("Add New IKE Policy")

15
neutron_vpnaas_dashboard/test/test_data/vpnaas_data.py
View File

@ -101,6 +101,21 @@ def data(TEST):
'encryption_algorithm': 'aes-256', 'encryption_algorithm': 'aes-256',
'ike_version': 'v1', 'ike_version': 'v1',
'lifetime': {'units': 'seconds', 'value': 3600}, 'lifetime': {'units': 'seconds', 'value': 3600},
'phase1_negotiation_mode': 'aggressive',
'pfs': 'group5',
'ipsecsiteconns': []}
TEST.api_ikepolicies.add(ikepolicy_dict)
TEST.ikepolicies.add(vpn.IKEPolicy(ikepolicy_dict))
# 3rd IKE policy
ikepolicy_dict = {'id': 'a1f009b7-0ffa-43a7-ba19-dcabb0b4c983',
'tenant_id': '1',
'name': 'ikepolicy_3',
'description': 'ikepolicy description',
'auth_algorithm': 'sha1',
'encryption_algorithm': 'aes-256',
'ike_version': 'v1',
'lifetime': {'units': 'seconds', 'value': 3600},
'phase1_negotiation_mode': 'main', 'phase1_negotiation_mode': 'main',
'pfs': 'group5', 'pfs': 'group5',
'ipsecsiteconns': []} 'ipsecsiteconns': []}

5
releasenotes/notes/add-aggressive-negotiation-mode-ad665f5cfda2e08b.yaml Normal file
View File

@ -0,0 +1,5 @@
---
features:
- |
The ``phase1 negotiation mode`` supports the ``aggressive`` option for IKE
policy.