Add TLS enabled support for pools
Bump openstacksdk to 0.53.0, it provides the tls_enabled flag for Octavia pools. Story 2008368 Task 41277 Change-Id: I41559e3f2d13e5adbb850f28f058b72404e28124
This commit is contained in:
Gregory Thiemonge
parent
daae6d1fcd
commit
400c1194e0
|
|
@ -41,7 +41,7 @@ msgpack-python==0.4.0
|
||||||
munch==2.1.0
|
munch==2.1.0
|
||||||
netaddr==0.7.18
|
netaddr==0.7.18
|
||||||
netifaces==0.10.4
|
netifaces==0.10.4
|
||||||
openstacksdk==0.46.0
|
openstacksdk==0.53.0
|
||||||
os-client-config==1.28.0
|
os-client-config==1.28.0
|
||||||
os-service-types==1.7.0
|
os-service-types==1.7.0
|
||||||
osc-lib==1.8.0
|
osc-lib==1.8.0
|
||||||
|
|
@ -86,7 +86,7 @@ python-novaclient==9.1.0
|
||||||
python-subunit==1.0.0
|
python-subunit==1.0.0
|
||||||
python-swiftclient==3.2.0
|
python-swiftclient==3.2.0
|
||||||
pytz==2013.6
|
pytz==2013.6
|
||||||
PyYAML==3.12
|
PyYAML==3.13
|
||||||
rcssmin==1.0.6
|
rcssmin==1.0.6
|
||||||
repoze.lru==0.7
|
repoze.lru==0.7
|
||||||
requests==2.14.2
|
requests==2.14.2
|
||||||
|
|
|
||||||
|
|
@ -255,6 +255,7 @@ def create_pool(request, **kwargs):
|
||||||
name=data['pool'].get('name'),
|
name=data['pool'].get('name'),
|
||||||
description=data['pool'].get('description'),
|
description=data['pool'].get('description'),
|
||||||
admin_state_up=data['pool'].get('admin_state_up'),
|
admin_state_up=data['pool'].get('admin_state_up'),
|
||||||
|
tls_enabled=data['pool'].get('tls_enabled'),
|
||||||
# Replace empty string by None (uses default tls cipher string)
|
# Replace empty string by None (uses default tls cipher string)
|
||||||
tls_ciphers=data['pool'].get('tls_ciphers') or None,
|
tls_ciphers=data['pool'].get('tls_ciphers') or None,
|
||||||
)
|
)
|
||||||
|
|
@ -534,6 +535,7 @@ def update_pool(request, **kwargs):
|
||||||
name=data['pool'].get('name'),
|
name=data['pool'].get('name'),
|
||||||
description=data['pool'].get('description'),
|
description=data['pool'].get('description'),
|
||||||
admin_state_up=data['pool'].get('admin_state_up'),
|
admin_state_up=data['pool'].get('admin_state_up'),
|
||||||
|
tls_enabled=data['pool'].get('tls_enabled'),
|
||||||
# Replace empty string by None (uses default tls cipher string)
|
# Replace empty string by None (uses default tls cipher string)
|
||||||
tls_ciphers=data['pool'].get('tls_ciphers') or None,
|
tls_ciphers=data['pool'].get('tls_ciphers') or None,
|
||||||
)
|
)
|
||||||
|
|
|
||||||
|
|
@ -52,7 +52,7 @@
|
||||||
item="ctrl.pool"
|
item="ctrl.pool"
|
||||||
property-groups="[[
|
property-groups="[[
|
||||||
'id', 'name', 'description', 'project_id', 'created_at', 'updated_at',
|
'id', 'name', 'description', 'project_id', 'created_at', 'updated_at',
|
||||||
'session_persistence', 'health_monitor_id', 'tls_ciphers']]">
|
'session_persistence', 'health_monitor_id', 'tls_enabled', 'tls_ciphers']]">
|
||||||
</hz-resource-property-list>
|
</hz-resource-property-list>
|
||||||
</div>
|
</div>
|
||||||
</uib-tab>
|
</uib-tab>
|
||||||
|
|
|
||||||
|
|
@ -5,5 +5,5 @@
|
||||||
['name', 'id', 'project_id'],
|
['name', 'id', 'project_id'],
|
||||||
['created_at', 'updated_at', 'description'],
|
['created_at', 'updated_at', 'description'],
|
||||||
['protocol', 'lb_algorithm', 'session_persistence'],
|
['protocol', 'lb_algorithm', 'session_persistence'],
|
||||||
['health_monitor_id']]">
|
['health_monitor_id', 'tls_enabled']]">
|
||||||
</hz-resource-property-list>
|
</hz-resource-property-list>
|
||||||
|
|
|
||||||
|
|
@ -176,6 +176,10 @@
|
||||||
loadbalancers: gettext('Load Balancers'),
|
loadbalancers: gettext('Load Balancers'),
|
||||||
listeners: gettext('Listeners'),
|
listeners: gettext('Listeners'),
|
||||||
members: gettext('Members'),
|
members: gettext('Members'),
|
||||||
|
tls_enabled: {
|
||||||
|
label: gettext('TLS Enabled'),
|
||||||
|
filters: ['yesno']
|
||||||
|
},
|
||||||
tls_ciphers: gettext('TLS Cipher String')
|
tls_ciphers: gettext('TLS Cipher String')
|
||||||
};
|
};
|
||||||
}
|
}
|
||||||
|
|
|
||||||
|
|
@ -203,6 +203,7 @@
|
||||||
cookie_name: null
|
cookie_name: null
|
||||||
},
|
},
|
||||||
admin_state_up: true,
|
admin_state_up: true,
|
||||||
|
tls_enabled: false,
|
||||||
tls_ciphers: null
|
tls_ciphers: null
|
||||||
},
|
},
|
||||||
monitor: {
|
monitor: {
|
||||||
|
|
@ -539,6 +540,9 @@
|
||||||
// otherwise has to match it.
|
// otherwise has to match it.
|
||||||
var protocol = finalSpec.listener ? finalSpec.listener.protocol : finalSpec.pool.protocol;
|
var protocol = finalSpec.listener ? finalSpec.listener.protocol : finalSpec.pool.protocol;
|
||||||
finalSpec.pool.protocol = protocol === 'TERMINATED_HTTPS' ? 'HTTP' : protocol;
|
finalSpec.pool.protocol = protocol === 'TERMINATED_HTTPS' ? 'HTTP' : protocol;
|
||||||
|
if (!finalSpec.pool.tls_enabled) {
|
||||||
|
delete finalSpec.pool.tls_ciphers;
|
||||||
|
}
|
||||||
if (angular.isObject(finalSpec.pool.session_persistence)) {
|
if (angular.isObject(finalSpec.pool.session_persistence)) {
|
||||||
if (!finalSpec.pool.session_persistence.type) {
|
if (!finalSpec.pool.session_persistence.type) {
|
||||||
finalSpec.pool.session_persistence = null;
|
finalSpec.pool.session_persistence = null;
|
||||||
|
|
@ -841,6 +845,7 @@
|
||||||
spec.lb_algorithm = pool.lb_algorithm;
|
spec.lb_algorithm = pool.lb_algorithm;
|
||||||
spec.admin_state_up = pool.admin_state_up;
|
spec.admin_state_up = pool.admin_state_up;
|
||||||
spec.session_persistence = pool.session_persistence;
|
spec.session_persistence = pool.session_persistence;
|
||||||
|
spec.tls_enabled = pool.tls_enabled;
|
||||||
spec.tls_ciphers = pool.tls_ciphers;
|
spec.tls_ciphers = pool.tls_ciphers;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
|
||||||
|
|
@ -1301,7 +1301,7 @@
|
||||||
expect(Object.keys(model.spec.listener).length).toBe(16);
|
expect(Object.keys(model.spec.listener).length).toBe(16);
|
||||||
expect(Object.keys(model.spec.l7policy).length).toBe(8);
|
expect(Object.keys(model.spec.l7policy).length).toBe(8);
|
||||||
expect(Object.keys(model.spec.l7rule).length).toBe(7);
|
expect(Object.keys(model.spec.l7rule).length).toBe(7);
|
||||||
expect(Object.keys(model.spec.pool).length).toBe(8);
|
expect(Object.keys(model.spec.pool).length).toBe(9);
|
||||||
expect(Object.keys(model.spec.monitor).length).toBe(11);
|
expect(Object.keys(model.spec.monitor).length).toBe(11);
|
||||||
expect(model.spec.members).toEqual([]);
|
expect(model.spec.members).toEqual([]);
|
||||||
});
|
});
|
||||||
|
|
@ -2378,6 +2378,53 @@
|
||||||
expect(finalSpec.pool.lb_algorithm).toBe('ROUND_ROBIN');
|
expect(finalSpec.pool.lb_algorithm).toBe('ROUND_ROBIN');
|
||||||
expect(finalSpec.pool.session_persistence.type).toBe('APP_COOKIE');
|
expect(finalSpec.pool.session_persistence.type).toBe('APP_COOKIE');
|
||||||
expect(finalSpec.pool.session_persistence.cookie_name).toBe('cookie_name');
|
expect(finalSpec.pool.session_persistence.cookie_name).toBe('cookie_name');
|
||||||
|
expect(finalSpec.pool.tls_ciphers).toBeUndefined();
|
||||||
|
|
||||||
|
expect(finalSpec.members.length).toBe(2);
|
||||||
|
expect(finalSpec.members[0].id).toBe('1234');
|
||||||
|
expect(finalSpec.members[0].address).toBe('1.2.3.4');
|
||||||
|
expect(finalSpec.members[0].subnet_id).toBe('subnet-1');
|
||||||
|
expect(finalSpec.members[0].protocol_port).toBe(80);
|
||||||
|
expect(finalSpec.members[0].weight).toBe(1);
|
||||||
|
expect(finalSpec.members[1].id).toBe('5678');
|
||||||
|
expect(finalSpec.members[1].address).toBe('5.6.7.8');
|
||||||
|
expect(finalSpec.members[1].subnet_id).toBe('subnet-1');
|
||||||
|
expect(finalSpec.members[1].protocol_port).toBe(80);
|
||||||
|
expect(finalSpec.members[1].weight).toBe(1);
|
||||||
|
|
||||||
|
expect(finalSpec.monitor.type).toBe('HTTP');
|
||||||
|
expect(finalSpec.monitor.delay).toBe(1);
|
||||||
|
expect(finalSpec.monitor.max_retries).toBe(1);
|
||||||
|
expect(finalSpec.monitor.max_retries_down).toBe(1);
|
||||||
|
expect(finalSpec.monitor.timeout).toBe(1);
|
||||||
|
});
|
||||||
|
});
|
||||||
|
|
||||||
|
describe('Model submit function (edit pool tls_enabled)', function() {
|
||||||
|
|
||||||
|
beforeEach(function() {
|
||||||
|
includeChildResources = true;
|
||||||
|
listenerResources.pool.tls_enabled = true;
|
||||||
|
listenerResources.pool.tls_ciphers = "A:B:C";
|
||||||
|
model.initialize('pool', 'poolId', 'loadbalancerId');
|
||||||
|
scope.$apply();
|
||||||
|
});
|
||||||
|
|
||||||
|
it('should set final spec properties', function() {
|
||||||
|
|
||||||
|
var finalSpec = model.submit();
|
||||||
|
|
||||||
|
expect(finalSpec.loadbalancer).toBeUndefined();
|
||||||
|
expect(finalSpec.listener).toBeUndefined();
|
||||||
|
|
||||||
|
expect(finalSpec.pool.name).toBe('Pool 1');
|
||||||
|
expect(finalSpec.pool.description).toBe('pool description');
|
||||||
|
expect(finalSpec.pool.protocol).toBe('HTTP');
|
||||||
|
expect(finalSpec.pool.lb_algorithm).toBe('ROUND_ROBIN');
|
||||||
|
expect(finalSpec.pool.session_persistence.type).toBe('APP_COOKIE');
|
||||||
|
expect(finalSpec.pool.session_persistence.cookie_name).toBe('cookie_name');
|
||||||
|
expect(finalSpec.pool.tls_enabled).toBe(true);
|
||||||
|
expect(finalSpec.pool.tls_ciphers).toBe("A:B:C");
|
||||||
|
|
||||||
expect(finalSpec.members.length).toBe(2);
|
expect(finalSpec.members.length).toBe(2);
|
||||||
expect(finalSpec.members[0].id).toBe('1234');
|
expect(finalSpec.members[0].id).toBe('1234');
|
||||||
|
|
|
||||||
|
|
@ -42,6 +42,13 @@
|
||||||
</li>
|
</li>
|
||||||
</ul>
|
</ul>
|
||||||
</p>
|
</p>
|
||||||
|
<p>
|
||||||
|
<strong translate>TLS Enabled:</strong>
|
||||||
|
<translate>
|
||||||
|
Enable TLS for backend re-encryption, communications between the load
|
||||||
|
balancer and the member servers are encrypted.
|
||||||
|
</translate>
|
||||||
|
</p>
|
||||||
<p>
|
<p>
|
||||||
<strong translate>TLS Cipher String:</strong>
|
<strong translate>TLS Cipher String:</strong>
|
||||||
<translate>
|
<translate>
|
||||||
|
|
|
||||||
|
|
@ -86,6 +86,24 @@
|
||||||
|
|
||||||
<div class="row">
|
<div class="row">
|
||||||
|
|
||||||
|
<div class="col-xs-12 col-sm-8 col-md-6">
|
||||||
|
<div class="form-group">
|
||||||
|
<label class="control-label required" translate>TLS Enabled</label>
|
||||||
|
<div class="form-field">
|
||||||
|
<div class="btn-group">
|
||||||
|
<label class="btn btn-default"
|
||||||
|
ng-repeat="option in model.yesNoOptions"
|
||||||
|
ng-model="model.spec.pool.tls_enabled"
|
||||||
|
uib-btn-radio="option.value">{$ ::option.label $}</label>
|
||||||
|
</div>
|
||||||
|
</div>
|
||||||
|
</div>
|
||||||
|
</div>
|
||||||
|
|
||||||
|
</div>
|
||||||
|
|
||||||
|
<div class="row" ng-if="model.spec.pool.tls_enabled">
|
||||||
|
|
||||||
<div class="col-xs-12 col-sm-8 col-md-6">
|
<div class="col-xs-12 col-sm-8 col-md-6">
|
||||||
<div class="form-group"
|
<div class="form-group"
|
||||||
ng-class="{ 'has-error': poolDetailsForm.tls_ciphers.$invalid && poolDetailsForm.tls_ciphers.$dirty }">
|
ng-class="{ 'has-error': poolDetailsForm.tls_ciphers.$invalid && poolDetailsForm.tls_ciphers.$dirty }">
|
||||||
|
|
|
||||||
|
|
@ -0,0 +1,5 @@
|
||||||
|
---
|
||||||
|
features:
|
||||||
|
- |
|
||||||
|
Add TLS Enabled switch in the pool control form, allowing to enable/disable
|
||||||
|
TLS communications between a load balancer and its members.
|
||||||
|
|
@ -4,7 +4,7 @@
|
||||||
|
|
||||||
horizon>=17.1.0 # Apache-2.0
|
horizon>=17.1.0 # Apache-2.0
|
||||||
Babel!=2.4.0,>=2.3.4 # BSD
|
Babel!=2.4.0,>=2.3.4 # BSD
|
||||||
openstacksdk>=0.46.0 # Apache-2.0
|
openstacksdk>=0.53.0 # Apache-2.0
|
||||||
oslo.log>=3.36.0 # Apache-2.0
|
oslo.log>=3.36.0 # Apache-2.0
|
||||||
pbr!=2.1.0,>=2.0.0 # Apache-2.0
|
pbr!=2.1.0,>=2.0.0 # Apache-2.0
|
||||||
python-barbicanclient>=4.5.2 # Apache-2.0
|
python-barbicanclient>=4.5.2 # Apache-2.0
|
||||||
|
|
|
||||||
Loading…
Reference in New Issue