Add TLS protocols for listener and pool model

Parameter added to the listener and pool model for TLS protocols.
Constants TLS_VERSIONS, SSL_VERSION_3, TLS_VERSION_1,
TLS_VERSION_1_1, TLS_VERSION_1_2, and TLS_VERSION_1_3 were added.

Change-Id: Ie54640201a0f4905d19841af5913972646b317bf
Co-authored-by: Steven Glasford <stevenglasford@gmail.com>
Story: 2006733
Task: 37186
This commit is contained in:
Steven Glasford 2020-03-26 18:25:57 -05:00 committed by Luke Tollefson
parent 3e1278391f
commit 6bec133036
4 changed files with 42 additions and 2 deletions

View File

@ -133,7 +133,7 @@ class Listener(BaseDataModel):
client_ca_tls_container_data=Unset, client_ca_tls_container_data=Unset,
client_authentication=Unset, client_crl_container_ref=Unset, client_authentication=Unset, client_crl_container_ref=Unset,
client_crl_container_data=Unset, project_id=Unset, client_crl_container_data=Unset, project_id=Unset,
allowed_cidrs=Unset, tls_ciphers=Unset): allowed_cidrs=Unset, tls_versions=Unset, tls_ciphers=Unset):
self.admin_state_up = admin_state_up self.admin_state_up = admin_state_up
self.connection_limit = connection_limit self.connection_limit = connection_limit
@ -162,6 +162,7 @@ class Listener(BaseDataModel):
self.client_crl_container_data = client_crl_container_data self.client_crl_container_data = client_crl_container_data
self.project_id = project_id self.project_id = project_id
self.allowed_cidrs = allowed_cidrs self.allowed_cidrs = allowed_cidrs
self.tls_versions = tls_versions
self.tls_ciphers = tls_ciphers self.tls_ciphers = tls_ciphers
@ -174,7 +175,7 @@ class Pool(BaseDataModel):
tls_container_data=Unset, ca_tls_container_ref=Unset, tls_container_data=Unset, ca_tls_container_ref=Unset,
ca_tls_container_data=Unset, crl_container_ref=Unset, ca_tls_container_data=Unset, crl_container_ref=Unset,
crl_container_data=Unset, tls_enabled=Unset, crl_container_data=Unset, tls_enabled=Unset,
project_id=Unset, tls_ciphers=Unset): project_id=Unset, tls_versions=Unset, tls_ciphers=Unset):
self.admin_state_up = admin_state_up self.admin_state_up = admin_state_up
self.description = description self.description = description
@ -195,6 +196,7 @@ class Pool(BaseDataModel):
self.crl_container_data = crl_container_data self.crl_container_data = crl_container_data
self.tls_enabled = tls_enabled self.tls_enabled = tls_enabled
self.project_id = project_id self.project_id = project_id
self.tls_versions = tls_versions
self.tls_ciphers = tls_ciphers self.tls_ciphers = tls_ciphers

View File

@ -251,6 +251,12 @@ TLS_CIPHERS = 'tls_ciphers'
TLS_CONTAINER_DATA = 'tls_container_data' TLS_CONTAINER_DATA = 'tls_container_data'
TLS_CONTAINER_REF = 'tls_container_ref' TLS_CONTAINER_REF = 'tls_container_ref'
TLS_ENABLED = 'tls_enabled' TLS_ENABLED = 'tls_enabled'
TLS_VERSIONS = 'tls_versions'
SSL_VERSION_3 = 'SSLv3'
TLS_VERSION_1 = 'TLSv1'
TLS_VERSION_1_1 = 'TLSv1.1'
TLS_VERSION_1_2 = 'TLSv1.2'
TLS_VERSION_1_3 = 'TLSv1.3'
TYPE = 'type' TYPE = 'type'
URL_PATH = 'url_path' URL_PATH = 'url_path'
VALUE = 'value' VALUE = 'value'

View File

@ -17,6 +17,7 @@ from copy import deepcopy
from oslo_utils import uuidutils from oslo_utils import uuidutils
from octavia_lib.api.drivers import data_models from octavia_lib.api.drivers import data_models
from octavia_lib.common import constants
from octavia_lib.tests.unit import base from octavia_lib.tests.unit import base
@ -101,6 +102,11 @@ class TestProviderDataModels(base.TestCase):
client_crl_container_data=None, client_crl_container_data=None,
client_crl_container_ref=None, client_crl_container_ref=None,
allowed_cidrs=None, allowed_cidrs=None,
tls_versions=[constants.SSL_VERSION_3,
constants.TLS_VERSION_1,
constants.TLS_VERSION_1_1,
constants.TLS_VERSION_1_2,
constants.TLS_VERSION_1_3],
tls_ciphers=None) tls_ciphers=None)
self.ref_lb = data_models.LoadBalancer( self.ref_lb = data_models.LoadBalancer(
@ -169,6 +175,11 @@ class TestProviderDataModels(base.TestCase):
listener_id=self.listener_id, listener_id=self.listener_id,
protocol='avian', protocol='avian',
session_persistence=self.session_persistence, session_persistence=self.session_persistence,
tls_versions=[constants.SSL_VERSION_3,
constants.TLS_VERSION_1,
constants.TLS_VERSION_1_1,
constants.TLS_VERSION_1_2,
constants.TLS_VERSION_1_3],
tls_ciphers=None) tls_ciphers=None)
self.ref_l7rule_dict = {'admin_state_up': True, self.ref_l7rule_dict = {'admin_state_up': True,
@ -237,6 +248,11 @@ class TestProviderDataModels(base.TestCase):
'client_crl_container_data': None, 'client_crl_container_data': None,
'client_crl_container_ref': None, 'client_crl_container_ref': None,
'allowed_cidrs': None, 'allowed_cidrs': None,
'tls_versions': [constants.SSL_VERSION_3,
constants.TLS_VERSION_1,
constants.TLS_VERSION_1_1,
constants.TLS_VERSION_1_2,
constants.TLS_VERSION_1_3],
'tls_ciphers': None} 'tls_ciphers': None}
self.ref_lb_dict_with_listener = { self.ref_lb_dict_with_listener = {
@ -305,6 +321,11 @@ class TestProviderDataModels(base.TestCase):
'listener_id': self.listener_id, 'listener_id': self.listener_id,
'protocol': 'avian', 'protocol': 'avian',
'session_persistence': self.session_persistence, 'session_persistence': self.session_persistence,
'tls_versions': [constants.SSL_VERSION_3,
constants.TLS_VERSION_1,
constants.TLS_VERSION_1_1,
constants.TLS_VERSION_1_2,
constants.TLS_VERSION_1_3],
'tls_ciphers': None} 'tls_ciphers': None}
def test_equality(self): def test_equality(self):
@ -345,9 +366,11 @@ class TestProviderDataModels(base.TestCase):
ref_list_dict.pop('l7policies', None) ref_list_dict.pop('l7policies', None)
ref_list_dict.pop('sni_container_data', None) ref_list_dict.pop('sni_container_data', None)
ref_list_dict.pop('sni_container_refs', None) ref_list_dict.pop('sni_container_refs', None)
ref_list_dict.pop('tls_versions', None)
ref_pool_dict = deepcopy(self.ref_pool_dict) ref_pool_dict = deepcopy(self.ref_pool_dict)
ref_pool_dict['healthmonitor'] = None ref_pool_dict['healthmonitor'] = None
ref_pool_dict.pop('members', None) ref_pool_dict.pop('members', None)
ref_pool_dict.pop('tls_versions', None)
ref_l7policy_dict = deepcopy(self.ref_l7policy_dict) ref_l7policy_dict = deepcopy(self.ref_l7policy_dict)
ref_l7policy_dict.pop('rules', None) ref_l7policy_dict.pop('rules', None)

View File

@ -0,0 +1,9 @@
---
features:
- |
Added a parameter called ``tls_versions`` for
passing allowed TLS versions to pools and listeners.
The available TLS versions have corresponding
constants. The constants are prefixed with
``TLS_VERSION`` (except SSLv3 which is
``SSL_VERSION_3``).