Adding cipher list Support for provider drivers

updated the data models for pools and listeners to add support for cipher lists and added the needed constants updated the test models to include the new parameters Change-Id: Id5f4c20abd40dd092558a711987953012d4ae67f Story: 2006627 Task: 37185
2020-03-26 16:35:51 +00:00 · 2020-03-26 16:35:51 +00:00 · 3e1278391f
commit 3e1278391f
parent c565e7b289
5 changed files with 23 additions and 6 deletions
--- a/octavia_lib/api/drivers/data_models.py
+++ b/octavia_lib/api/drivers/data_models.py
@ -133,7 +133,7 @@ class Listener(BaseDataModel):
                 client_ca_tls_container_data=Unset,
                 client_authentication=Unset, client_crl_container_ref=Unset,
                 client_crl_container_data=Unset, project_id=Unset,
-                 allowed_cidrs=Unset):
+                 allowed_cidrs=Unset, tls_ciphers=Unset):

        self.admin_state_up = admin_state_up
        self.connection_limit = connection_limit
@ -162,6 +162,7 @@ class Listener(BaseDataModel):
        self.client_crl_container_data = client_crl_container_data
        self.project_id = project_id
        self.allowed_cidrs = allowed_cidrs
+        self.tls_ciphers = tls_ciphers


 class Pool(BaseDataModel):
@ -173,7 +174,7 @@ class Pool(BaseDataModel):
                 tls_container_data=Unset, ca_tls_container_ref=Unset,
                 ca_tls_container_data=Unset, crl_container_ref=Unset,
                 crl_container_data=Unset, tls_enabled=Unset,
-                 project_id=Unset):
+                 project_id=Unset, tls_ciphers=Unset):

        self.admin_state_up = admin_state_up
        self.description = description
@ -194,6 +195,7 @@ class Pool(BaseDataModel):
        self.crl_container_data = crl_container_data
        self.tls_enabled = tls_enabled
        self.project_id = project_id
+        self.tls_ciphers = tls_ciphers


 class Member(BaseDataModel):
--- a/octavia_lib/common/constants.py
+++ b/octavia_lib/common/constants.py
@ -247,6 +247,7 @@ TIMEOUT_CLIENT_DATA = 'timeout_client_data'
 TIMEOUT_MEMBER_CONNECT = 'timeout_member_connect'
 TIMEOUT_MEMBER_DATA = 'timeout_member_data'
 TIMEOUT_TCP_INSPECT = 'timeout_tcp_inspect'
+TLS_CIPHERS = 'tls_ciphers'
 TLS_CONTAINER_DATA = 'tls_container_data'
 TLS_CONTAINER_REF = 'tls_container_ref'
 TLS_ENABLED = 'tls_enabled'
--- a/octavia_lib/tests/unit/api/drivers/test_data_models.py
+++ b/octavia_lib/tests/unit/api/drivers/test_data_models.py
@ -100,7 +100,8 @@ class TestProviderDataModels(base.TestCase):
            client_ca_tls_container_ref=None,
            client_crl_container_data=None,
            client_crl_container_ref=None,
-            allowed_cidrs=None)
+            allowed_cidrs=None,
+            tls_ciphers=None)

        self.ref_lb = data_models.LoadBalancer(
            admin_state_up=False,
@ -167,7 +168,8 @@ class TestProviderDataModels(base.TestCase):
            project_id=self.project_id,
            listener_id=self.listener_id,
            protocol='avian',
-            session_persistence=self.session_persistence)
+            session_persistence=self.session_persistence,
+            tls_ciphers=None)

        self.ref_l7rule_dict = {'admin_state_up': True,
                                'compare_type': 'STARTS_WITH',
@ -234,7 +236,8 @@ class TestProviderDataModels(base.TestCase):
            'client_ca_tls_container_ref': None,
            'client_crl_container_data': None,
            'client_crl_container_ref': None,
-            'allowed_cidrs': None, }
+            'allowed_cidrs': None,
+            'tls_ciphers': None}

        self.ref_lb_dict_with_listener = {
            'admin_state_up': False,
@ -301,7 +304,8 @@ class TestProviderDataModels(base.TestCase):
            'project_id': self.project_id,
            'listener_id': self.listener_id,
            'protocol': 'avian',
-            'session_persistence': self.session_persistence}
+            'session_persistence': self.session_persistence,
+            'tls_ciphers': None}

    def test_equality(self):
        second_ref_lb = deepcopy(self.ref_lb)
--- a/releasenotes/notes/adding-cipher-list-support-for-provider-drivers-6a4dbec2d0254aae.yaml
+++ b/releasenotes/notes/adding-cipher-list-support-for-provider-drivers-6a4dbec2d0254aae.yaml
@ -0,0 +1,6 @@
+---
+features:
+  - |
+    Added a parameter called ``tls_ciphers``
+    for passing OpenSSL cipher strings in pools
+    and listeners.
--- a/zuul.d/projects.yaml
+++ b/zuul.d/projects.yaml
@ -7,3 +7,7 @@
      - publish-openstack-docs-pti
      - release-notes-jobs-python3
      - octavia-tox-tips
+    check:
+      jobs:
+        - octavia-tox-functional-py37-tips:
+            voting: false