From 5157219107c4d940922dfc80cc4b04119ec0d5cf Mon Sep 17 00:00:00 2001 From: Akihiro Motoki Date: Mon, 17 Dec 2018 04:25:03 +0900 Subject: [PATCH] Support alrogithms other than sha1 neutron-vpnaas now supports sha1, sha256, sha384, sha512 for IKE policy auth_algorithm and IPsec policy auth_algorithm. Change-Id: I7d8f3116500230113f66de71a781d13f3ca7b2d9 Closes-Bug: #1803386 --- .../dashboards/project/vpn/forms.py | 13 ++++++++----- .../vpn/templates/vpn/_add_ike_policy_help.html | 3 ++- .../vpn/templates/vpn/_add_ipsec_policy_help.html | 4 ++-- .../dashboards/project/vpn/workflows.py | 14 ++++++++++++-- .../notes/auth-algorithm-fbfe0831ab8dc346.yaml | 6 ++++++ 5 files changed, 30 insertions(+), 10 deletions(-) create mode 100644 releasenotes/notes/auth-algorithm-fbfe0831ab8dc346.yaml diff --git a/neutron_vpnaas_dashboard/dashboards/project/vpn/forms.py b/neutron_vpnaas_dashboard/dashboards/project/vpn/forms.py index b737807..7c70543 100644 --- a/neutron_vpnaas_dashboard/dashboards/project/vpn/forms.py +++ b/neutron_vpnaas_dashboard/dashboards/project/vpn/forms.py @@ -92,11 +92,12 @@ class UpdateIKEPolicy(forms.SelfHandlingForm): name = forms.CharField(max_length=80, label=_("Name"), required=False) description = forms.CharField( required=False, max_length=80, label=_("Description")) - # Currently this field has only one choice, so mark it as readonly. auth_algorithm = forms.ThemableChoiceField( label=_("Authorization algorithm"), - choices=[('sha1', _('sha1'))], - widget=forms.TextInput(attrs={'readonly': 'readonly'}), + choices=[('sha1', _('sha1')), + ('sha256', _('sha256')), + ('sha384', _('sha384')), + ('sha512', _('sha512'))], required=False) encryption_algorithm = forms.ThemableChoiceField( label=_("Encryption algorithm"), @@ -171,8 +172,10 @@ class UpdateIPsecPolicy(forms.SelfHandlingForm): # Currently this field has only one choice, so mark it as readonly. auth_algorithm = forms.ThemableChoiceField( label=_("Authorization algorithm"), - choices=[('sha1', _('sha1'))], - widget=forms.TextInput(attrs={'readonly': 'readonly'}), + choices=[('sha1', _('sha1')), + ('sha256', _('sha256')), + ('sha384', _('sha384')), + ('sha512', _('sha512'))], required=False) encapsulation_mode = forms.ThemableChoiceField( label=_("Encapsulation mode"), diff --git a/neutron_vpnaas_dashboard/dashboards/project/vpn/templates/vpn/_add_ike_policy_help.html b/neutron_vpnaas_dashboard/dashboards/project/vpn/templates/vpn/_add_ike_policy_help.html index 9530618..d375243 100644 --- a/neutron_vpnaas_dashboard/dashboards/project/vpn/templates/vpn/_add_ike_policy_help.html +++ b/neutron_vpnaas_dashboard/dashboards/project/vpn/templates/vpn/_add_ike_policy_help.html @@ -5,8 +5,9 @@
{% trans 'Authorization algorithm' %}
{% trans 'Auth algorithm limited to SHA1 only.' %}
+
{% trans 'Valid algorithms are sha1, sha256, sha384 and sha512.' %}
{% trans 'Encryption algorithm' %}
-
{% trans 'The type of algorithm (3des, aes-128, aes-192, aes-256) used in the IKE policy.' %}
+
{% trans 'Valid algorithms are 3des, aes-128, aes-192 and aes-256.' %}
{% trans 'IKE version' %}
{% trans 'The type of version (v1/v2) that needs to be filtered.' %}
{% trans 'Lifetime' %}
diff --git a/neutron_vpnaas_dashboard/dashboards/project/vpn/templates/vpn/_add_ipsec_policy_help.html b/neutron_vpnaas_dashboard/dashboards/project/vpn/templates/vpn/_add_ipsec_policy_help.html index 9b9fa5b..7883846 100644 --- a/neutron_vpnaas_dashboard/dashboards/project/vpn/templates/vpn/_add_ipsec_policy_help.html +++ b/neutron_vpnaas_dashboard/dashboards/project/vpn/templates/vpn/_add_ipsec_policy_help.html @@ -4,11 +4,11 @@

{% trans 'An IPsec policy is an association of the following attributes' %}

{% trans 'Authorization algorithm' %}
-
{% trans 'Auth algorithm limited to SHA1 only.' %}
+
{% trans 'Valid algorithms are sha1, sha256, sha384 and sha512.' %}
{% trans 'Encapsulation mode' %}
{% trans 'The type of IPsec tunnel (tunnel/transport) to be used.' %}
{% trans 'Encryption algorithm' %}
-
{% trans 'The type of algorithm (3des, aes-128, aes-192, aes-256) used in the IPsec policy.' %}
+
{% trans 'Valid algorithms are 3des, aes-128, aes-192 and aes-256.' %}
{% trans 'Lifetime' %}
{% trans "Life time consists of units and value. Units in 'seconds' and the default value is 3600." %}
{% trans 'Perfect Forward Secrecy' %}
diff --git a/neutron_vpnaas_dashboard/dashboards/project/vpn/workflows.py b/neutron_vpnaas_dashboard/dashboards/project/vpn/workflows.py index 36cf298..f93108d 100644 --- a/neutron_vpnaas_dashboard/dashboards/project/vpn/workflows.py +++ b/neutron_vpnaas_dashboard/dashboards/project/vpn/workflows.py @@ -249,7 +249,12 @@ class AddIKEPolicyAction(workflows.Action): def __init__(self, request, *args, **kwargs): super(AddIKEPolicyAction, self).__init__(request, *args, **kwargs) - auth_algorithm_choices = [("sha1", "sha1")] + auth_algorithm_choices = [ + ("sha1", "sha1"), + ('sha256', _('sha256')), + ('sha384', _('sha384')), + ('sha512', _('sha512')), + ] self.fields['auth_algorithm'].choices = auth_algorithm_choices # Currently this field has only one choice, so mark it as readonly. self.fields['auth_algorithm'].widget.attrs['readonly'] = True @@ -352,7 +357,12 @@ class AddIPsecPolicyAction(workflows.Action): def __init__(self, request, *args, **kwargs): super(AddIPsecPolicyAction, self).__init__(request, *args, **kwargs) - auth_algorithm_choices = [("sha1", "sha1")] + auth_algorithm_choices = [ + ("sha1", "sha1"), + ('sha256', _('sha256')), + ('sha384', _('sha384')), + ('sha512', _('sha512')), + ] self.fields['auth_algorithm'].choices = auth_algorithm_choices # Currently this field has only one choice, so mark it as readonly. self.fields['auth_algorithm'].widget.attrs['readonly'] = True diff --git a/releasenotes/notes/auth-algorithm-fbfe0831ab8dc346.yaml b/releasenotes/notes/auth-algorithm-fbfe0831ab8dc346.yaml new file mode 100644 index 0000000..d709b3f --- /dev/null +++ b/releasenotes/notes/auth-algorithm-fbfe0831ab8dc346.yaml @@ -0,0 +1,6 @@ +--- +features: + - | + neutron-vpnaas-dashboard now supports all auth algorithms. + neutron-vpnaas supports sha1, sha256, sha384, sha512 + for IKE policy auth_algorithm and IPsec policy auth_algorithm.