Add textarea field for allowed_cidrs in the listener api

Change-Id: I5af4b0735bafca3e541558974140502454ce39db
2020-09-30 22:06:13 +02:00 · 2020-09-30 22:06:13 +02:00 · f4417cb97d
commit f4417cb97d
parent 4a188af317
9 changed files with 34 additions and 4 deletions
--- a/octavia_dashboard/api/rest/lbaasv2.py
+++ b/octavia_dashboard/api/rest/lbaasv2.py
@ -185,6 +185,7 @@ def create_listener(request, **kwargs):
        timeout_member_connect=data['listener'].get('timeout_member_connect'),
        timeout_member_data=data['listener'].get('timeout_member_data'),
        timeout_tcp_inspect=data['listener'].get('timeout_tcp_inspect'),
+        allowed_cidrs=data['listener'].get('allowed_cidrs')
    )

    if data.get('pool'):
@ -457,6 +458,7 @@ def update_listener(request, **kwargs):
        timeout_member_connect=data['listener'].get('timeout_member_connect'),
        timeout_member_data=data['listener'].get('timeout_member_data'),
        timeout_tcp_inspect=data['listener'].get('timeout_tcp_inspect'),
+        allowed_cidrs=data['listener'].get('allowed_cidrs')
    )

    if data.get('pool'):
--- a/octavia_dashboard/static/dashboard/project/lbaasv2/listeners/details/detail.html
+++ b/octavia_dashboard/static/dashboard/project/lbaasv2/listeners/details/detail.html
@ -53,7 +53,7 @@
         'id', 'name', 'description', 'project_id', 'created_at', 'updated_at',
         'connection_limit', 'insert_headers', 'default_pool_id',
         'timeout_client_data', 'timeout_member_connect',
-         'timeout_member_data', 'timeout_tcp_inspect'
+         'timeout_member_data', 'timeout_tcp_inspect', 'allowed_cidrs'
         ]]">
      </hz-resource-property-list>
    </div>
--- a/octavia_dashboard/static/dashboard/project/lbaasv2/listeners/details/drawer.html
+++ b/octavia_dashboard/static/dashboard/project/lbaasv2/listeners/details/drawer.html
@ -6,6 +6,6 @@
    ['created_at', 'updated_at', 'description'],
    ['protocol', 'protocol_port', 'connection_limit'],
    ['insert_headers', 'default_pool_id', 'timeout_client_data'],
-    ['timeout_member_connect', 'timeout_member_data', 'timeout_tcp_inspect']
+    ['timeout_member_connect', 'timeout_member_data', 'timeout_tcp_inspect', 'allowed_cidrs']
    ]">
 </hz-resource-property-list>
--- a/octavia_dashboard/static/dashboard/project/lbaasv2/listeners/listeners.module.js
+++ b/octavia_dashboard/static/dashboard/project/lbaasv2/listeners/listeners.module.js
@ -177,6 +177,10 @@
          loadBalancerService.nullFilter
        ]
      },
+      allowed_cidrs: {
+        label: gettext('Allowed Cidrs'),
+        filters: ['noValue']
+      },
      timeout_client_data: gettext('Client Data Timeout'),
      timeout_member_connect: gettext('Member Connect Timeout'),
      timeout_member_data: gettext('Member Data Timeout'),
--- a/octavia_dashboard/static/dashboard/project/lbaasv2/workflow/listener/listener.help.html
+++ b/octavia_dashboard/static/dashboard/project/lbaasv2/workflow/listener/listener.help.html
@ -62,3 +62,10 @@
  Backend member inactivity timeout in milliseconds. Default: 50000.
  </translate>
 </p>
+<p>
+  <strong translate>Allowed Cidrs:</strong>
+  <translate>
+  A newline separated list of cidrs to be allowed to connect to the listener.
+  An empty list means allow from any.
+  </translate>
+</p>
--- a/octavia_dashboard/static/dashboard/project/lbaasv2/workflow/listener/listener.html
+++ b/octavia_dashboard/static/dashboard/project/lbaasv2/workflow/listener/listener.html
@ -154,6 +154,17 @@
      </div>
    </div>

+    <div class="col-xs-12 col-sm-8 col-md-6">
+      <div class="form-group">
+        <label class="control-label" for="allowed_cidrs">
+          <translate>Allowed Cidrs</translate>
+        </label>
+        <textarea ng-model="model.spec.listener.allowed_cidrs" ng-trim="false" ng-list="&#10;"
+          rows="2" placeholder="0.0.0.0/0" id="allowed_cidrs" name="allowed_cidrs" class="form-control">
+        </textarea>
+
+      </div>
+    </div>
  </div>

  <h4 translate ng-if="model.spec.listener.protocol === 'HTTP' || model.spec.listener.protocol === 'TERMINATED_HTTPS'">Insert Headers</h4>
--- a/octavia_dashboard/static/dashboard/project/lbaasv2/workflow/model.service.js
+++ b/octavia_dashboard/static/dashboard/project/lbaasv2/workflow/model.service.js
@ -169,7 +169,8 @@
          timeout_client_data: 50000,
          timeout_member_connect: 5000,
          timeout_member_data: 50000,
-          timeout_tcp_inspect: 0
+          timeout_tcp_inspect: 0,
+          allowed_cidrs: null
        },
        l7policy: {
          id: null,
@ -801,6 +802,7 @@
      spec.timeout_member_connect = listener.timeout_member_connect;
      spec.timeout_member_data = listener.timeout_member_data;
      spec.timeout_tcp_inspect = listener.timeout_tcp_inspect;
+      spec.allowed_cidrs = listener.allowed_cidrs;
    }

    function setL7PolicySpec(l7policy) {
--- a/octavia_dashboard/static/dashboard/project/lbaasv2/workflow/model.service.spec.js
+++ b/octavia_dashboard/static/dashboard/project/lbaasv2/workflow/model.service.spec.js
@ -1298,7 +1298,7 @@
      it('has the right number of properties', function() {
        expect(Object.keys(model.spec).length).toBe(11);
        expect(Object.keys(model.spec.loadbalancer).length).toBe(7);
-        expect(Object.keys(model.spec.listener).length).toBe(14);
+        expect(Object.keys(model.spec.listener).length).toBe(15);
        expect(Object.keys(model.spec.l7policy).length).toBe(8);
        expect(Object.keys(model.spec.l7rule).length).toBe(7);
        expect(Object.keys(model.spec.pool).length).toBe(7);
--- a/releasenotes/notes/add-allowed-cidrs-ad205b1524da3d2c.yaml
+++ b/releasenotes/notes/add-allowed-cidrs-ad205b1524da3d2c.yaml
@ -0,0 +1,4 @@
+---
+features:
+  - |
+    Add the ability to set allowed_cidrs on the listeners