Browse Source

Add TLS protocols for listener and pool model

Parameter added to the listener and pool model for TLS protocols.
Constants TLS_VERSIONS, SSL_VERSION_3, TLS_VERSION_1,
TLS_VERSION_1_1, TLS_VERSION_1_2, and TLS_VERSION_1_3 were added.

Change-Id: Ie54640201a0f4905d19841af5913972646b317bf
Co-authored-by: Steven Glasford <stevenglasford@gmail.com>
Story: 2006733
Task: 37186
changes/29/715329/5
Steven Glasford 2 years ago
committed by Luke Tollefson
parent
commit
6bec133036
  1. 6
      octavia_lib/api/drivers/data_models.py
  2. 6
      octavia_lib/common/constants.py
  3. 23
      octavia_lib/tests/unit/api/drivers/test_data_models.py
  4. 9
      releasenotes/notes/add-tls-protocols-for-listener-and-pool-model-e9083b85afc62ef0.yaml

6
octavia_lib/api/drivers/data_models.py

@ -133,7 +133,7 @@ class Listener(BaseDataModel):
client_ca_tls_container_data=Unset,
client_authentication=Unset, client_crl_container_ref=Unset,
client_crl_container_data=Unset, project_id=Unset,
allowed_cidrs=Unset, tls_ciphers=Unset):
allowed_cidrs=Unset, tls_versions=Unset, tls_ciphers=Unset):
self.admin_state_up = admin_state_up
self.connection_limit = connection_limit
@ -162,6 +162,7 @@ class Listener(BaseDataModel):
self.client_crl_container_data = client_crl_container_data
self.project_id = project_id
self.allowed_cidrs = allowed_cidrs
self.tls_versions = tls_versions
self.tls_ciphers = tls_ciphers
@ -174,7 +175,7 @@ class Pool(BaseDataModel):
tls_container_data=Unset, ca_tls_container_ref=Unset,
ca_tls_container_data=Unset, crl_container_ref=Unset,
crl_container_data=Unset, tls_enabled=Unset,
project_id=Unset, tls_ciphers=Unset):
project_id=Unset, tls_versions=Unset, tls_ciphers=Unset):
self.admin_state_up = admin_state_up
self.description = description
@ -195,6 +196,7 @@ class Pool(BaseDataModel):
self.crl_container_data = crl_container_data
self.tls_enabled = tls_enabled
self.project_id = project_id
self.tls_versions = tls_versions
self.tls_ciphers = tls_ciphers

6
octavia_lib/common/constants.py

@ -251,6 +251,12 @@ TLS_CIPHERS = 'tls_ciphers'
TLS_CONTAINER_DATA = 'tls_container_data'
TLS_CONTAINER_REF = 'tls_container_ref'
TLS_ENABLED = 'tls_enabled'
TLS_VERSIONS = 'tls_versions'
SSL_VERSION_3 = 'SSLv3'
TLS_VERSION_1 = 'TLSv1'
TLS_VERSION_1_1 = 'TLSv1.1'
TLS_VERSION_1_2 = 'TLSv1.2'
TLS_VERSION_1_3 = 'TLSv1.3'
TYPE = 'type'
URL_PATH = 'url_path'
VALUE = 'value'

23
octavia_lib/tests/unit/api/drivers/test_data_models.py

@ -17,6 +17,7 @@ from copy import deepcopy
from oslo_utils import uuidutils
from octavia_lib.api.drivers import data_models
from octavia_lib.common import constants
from octavia_lib.tests.unit import base
@ -101,6 +102,11 @@ class TestProviderDataModels(base.TestCase):
client_crl_container_data=None,
client_crl_container_ref=None,
allowed_cidrs=None,
tls_versions=[constants.SSL_VERSION_3,
constants.TLS_VERSION_1,
constants.TLS_VERSION_1_1,
constants.TLS_VERSION_1_2,
constants.TLS_VERSION_1_3],
tls_ciphers=None)
self.ref_lb = data_models.LoadBalancer(
@ -169,6 +175,11 @@ class TestProviderDataModels(base.TestCase):
listener_id=self.listener_id,
protocol='avian',
session_persistence=self.session_persistence,
tls_versions=[constants.SSL_VERSION_3,
constants.TLS_VERSION_1,
constants.TLS_VERSION_1_1,
constants.TLS_VERSION_1_2,
constants.TLS_VERSION_1_3],
tls_ciphers=None)
self.ref_l7rule_dict = {'admin_state_up': True,
@ -237,6 +248,11 @@ class TestProviderDataModels(base.TestCase):
'client_crl_container_data': None,
'client_crl_container_ref': None,
'allowed_cidrs': None,
'tls_versions': [constants.SSL_VERSION_3,
constants.TLS_VERSION_1,
constants.TLS_VERSION_1_1,
constants.TLS_VERSION_1_2,
constants.TLS_VERSION_1_3],
'tls_ciphers': None}
self.ref_lb_dict_with_listener = {
@ -305,6 +321,11 @@ class TestProviderDataModels(base.TestCase):
'listener_id': self.listener_id,
'protocol': 'avian',
'session_persistence': self.session_persistence,
'tls_versions': [constants.SSL_VERSION_3,
constants.TLS_VERSION_1,
constants.TLS_VERSION_1_1,
constants.TLS_VERSION_1_2,
constants.TLS_VERSION_1_3],
'tls_ciphers': None}
def test_equality(self):
@ -345,9 +366,11 @@ class TestProviderDataModels(base.TestCase):
ref_list_dict.pop('l7policies', None)
ref_list_dict.pop('sni_container_data', None)
ref_list_dict.pop('sni_container_refs', None)
ref_list_dict.pop('tls_versions', None)
ref_pool_dict = deepcopy(self.ref_pool_dict)
ref_pool_dict['healthmonitor'] = None
ref_pool_dict.pop('members', None)
ref_pool_dict.pop('tls_versions', None)
ref_l7policy_dict = deepcopy(self.ref_l7policy_dict)
ref_l7policy_dict.pop('rules', None)

9
releasenotes/notes/add-tls-protocols-for-listener-and-pool-model-e9083b85afc62ef0.yaml

@ -0,0 +1,9 @@
---
features:
- |
Added a parameter called ``tls_versions`` for
passing allowed TLS versions to pools and listeners.
The available TLS versions have corresponding
constants. The constants are prefixed with
``TLS_VERSION`` (except SSLv3 which is
``SSL_VERSION_3``).
Loading…
Cancel
Save