Support alrogithms other than sha1

neutron-vpnaas now supports sha1, sha256, sha384, sha512 for IKE policy auth_algorithm and IPsec policy auth_algorithm. Change-Id: I7d8f3116500230113f66de71a781d13f3ca7b2d9 Closes-Bug: #1803386
2018-12-17 04:25:03 +09:00 · 2018-12-17 04:25:03 +09:00 · 5157219107
commit 5157219107
parent f0c89106fd
5 changed files with 30 additions and 10 deletions
--- a/neutron_vpnaas_dashboard/dashboards/project/vpn/forms.py
+++ b/neutron_vpnaas_dashboard/dashboards/project/vpn/forms.py
@ -92,11 +92,12 @@ class UpdateIKEPolicy(forms.SelfHandlingForm):
    name = forms.CharField(max_length=80, label=_("Name"), required=False)
    description = forms.CharField(
        required=False, max_length=80, label=_("Description"))
-    # Currently this field has only one choice, so mark it as readonly.
    auth_algorithm = forms.ThemableChoiceField(
        label=_("Authorization algorithm"),
-        choices=[('sha1', _('sha1'))],
-        widget=forms.TextInput(attrs={'readonly': 'readonly'}),
+        choices=[('sha1', _('sha1')),
+                 ('sha256', _('sha256')),
+                 ('sha384', _('sha384')),
+                 ('sha512', _('sha512'))],
        required=False)
    encryption_algorithm = forms.ThemableChoiceField(
        label=_("Encryption algorithm"),
@ -171,8 +172,10 @@ class UpdateIPsecPolicy(forms.SelfHandlingForm):
    # Currently this field has only one choice, so mark it as readonly.
    auth_algorithm = forms.ThemableChoiceField(
        label=_("Authorization algorithm"),
-        choices=[('sha1', _('sha1'))],
-        widget=forms.TextInput(attrs={'readonly': 'readonly'}),
+        choices=[('sha1', _('sha1')),
+                 ('sha256', _('sha256')),
+                 ('sha384', _('sha384')),
+                 ('sha512', _('sha512'))],
        required=False)
    encapsulation_mode = forms.ThemableChoiceField(
        label=_("Encapsulation mode"),
--- a/neutron_vpnaas_dashboard/dashboards/project/vpn/templates/vpn/_add_ike_policy_help.html
+++ b/neutron_vpnaas_dashboard/dashboards/project/vpn/templates/vpn/_add_ike_policy_help.html
@ -5,8 +5,9 @@
 <dl class="dl-readable">
  <dt>{% trans 'Authorization algorithm' %}</dt>
  <dd>{% trans 'Auth algorithm limited to SHA1 only.' %}</dd>
+  <dd>{% trans 'Valid algorithms are sha1, sha256, sha384 and sha512.' %}</dd>
  <dt>{% trans 'Encryption algorithm' %}</dt>
-  <dd>{% trans 'The type of algorithm (3des, aes-128, aes-192, aes-256) used in the IKE policy.' %}</dd>
+  <dd>{% trans 'Valid algorithms are 3des, aes-128, aes-192 and aes-256.' %}</dd>
  <dt>{% trans 'IKE version' %}</dt>
  <dd>{% trans 'The type of version (v1/v2) that needs to be filtered.' %}</dd>
  <dt>{% trans 'Lifetime' %}</dt>
--- a/neutron_vpnaas_dashboard/dashboards/project/vpn/templates/vpn/_add_ipsec_policy_help.html
+++ b/neutron_vpnaas_dashboard/dashboards/project/vpn/templates/vpn/_add_ipsec_policy_help.html
@ -4,11 +4,11 @@
 <p>{% trans 'An IPsec policy is an association of the following attributes' %}</p>
 <dl class="dl-readable">
  <dt>{% trans 'Authorization algorithm' %}</dt>
-  <dd>{% trans 'Auth algorithm limited to SHA1 only.' %}</dd>
+  <dd>{% trans 'Valid algorithms are sha1, sha256, sha384 and sha512.' %}</dd>
  <dt>{% trans 'Encapsulation mode' %}</dt>
  <dd>{% trans 'The type of IPsec tunnel (tunnel/transport) to be used.' %}</dd>
  <dt>{% trans 'Encryption algorithm' %}</dt>
-  <dd>{% trans 'The type of algorithm (3des, aes-128, aes-192, aes-256) used in the IPsec policy.' %}</dd>
+  <dd>{% trans 'Valid algorithms are 3des, aes-128, aes-192 and aes-256.' %}</dd>
  <dt>{% trans 'Lifetime' %}</dt>
  <dd>{% trans "Life time consists of units and value. Units in 'seconds' and the default value is 3600." %}</dd>
  <dt>{% trans 'Perfect Forward Secrecy' %}</dt>
--- a/neutron_vpnaas_dashboard/dashboards/project/vpn/workflows.py
+++ b/neutron_vpnaas_dashboard/dashboards/project/vpn/workflows.py
@ -249,7 +249,12 @@ class AddIKEPolicyAction(workflows.Action):
    def __init__(self, request, *args, **kwargs):
        super(AddIKEPolicyAction, self).__init__(request, *args, **kwargs)

-        auth_algorithm_choices = [("sha1", "sha1")]
+        auth_algorithm_choices = [
+            ("sha1", "sha1"),
+            ('sha256', _('sha256')),
+            ('sha384', _('sha384')),
+            ('sha512', _('sha512')),
+        ]
        self.fields['auth_algorithm'].choices = auth_algorithm_choices
        # Currently this field has only one choice, so mark it as readonly.
        self.fields['auth_algorithm'].widget.attrs['readonly'] = True
@ -352,7 +357,12 @@ class AddIPsecPolicyAction(workflows.Action):
    def __init__(self, request, *args, **kwargs):
        super(AddIPsecPolicyAction, self).__init__(request, *args, **kwargs)

-        auth_algorithm_choices = [("sha1", "sha1")]
+        auth_algorithm_choices = [
+            ("sha1", "sha1"),
+            ('sha256', _('sha256')),
+            ('sha384', _('sha384')),
+            ('sha512', _('sha512')),
+        ]
        self.fields['auth_algorithm'].choices = auth_algorithm_choices
        # Currently this field has only one choice, so mark it as readonly.
        self.fields['auth_algorithm'].widget.attrs['readonly'] = True
--- a/releasenotes/notes/auth-algorithm-fbfe0831ab8dc346.yaml
+++ b/releasenotes/notes/auth-algorithm-fbfe0831ab8dc346.yaml
@ -0,0 +1,6 @@
+---
+features:
+  - |
+    neutron-vpnaas-dashboard now supports all auth algorithms.
+    neutron-vpnaas supports sha1, sha256, sha384, sha512
+    for IKE policy auth_algorithm and IPsec policy auth_algorithm.