From 04b55dab961ad5fe02d69890fde686dc659416e0 Mon Sep 17 00:00:00 2001 From: Noah Mickus Date: Mon, 20 Apr 2020 16:48:10 -0500 Subject: [PATCH] Add cipher list support for octavia Added a property "tls_ciphers" to pools.py and listeners.py for a storing a string of tls cipers in OpenSSL cipher string format. Story: 2006627 Task: 37190 Change-Id: Iaf1178cf2131f12f501318fa8dd2548b218132fc --- openstack/load_balancer/v2/listener.py | 3 +++ openstack/load_balancer/v2/pool.py | 3 +++ openstack/tests/unit/load_balancer/test_listener.py | 4 ++++ openstack/tests/unit/load_balancer/test_pool.py | 6 +++++- ...add-cipher-list-support-to-octavia-b6b2b0053ca6b184.yaml | 6 ++++++ 5 files changed, 21 insertions(+), 1 deletion(-) create mode 100644 releasenotes/notes/add-cipher-list-support-to-octavia-b6b2b0053ca6b184.yaml diff --git a/openstack/load_balancer/v2/listener.py b/openstack/load_balancer/v2/listener.py index 88ccfef74..455595a81 100644 --- a/openstack/load_balancer/v2/listener.py +++ b/openstack/load_balancer/v2/listener.py @@ -32,6 +32,7 @@ class Listener(resource.Resource, resource.TagMixin): 'sni_container_refs', 'insert_headers', 'load_balancer_id', 'timeout_client_data', 'timeout_member_connect', 'timeout_member_data', 'timeout_tcp_inspect', 'allowed_cidrs', + 'tls_ciphers', is_admin_state_up='admin_state_up', **resource.TagMixin._tag_query_parameters ) @@ -91,6 +92,8 @@ class Listener(resource.Resource, resource.TagMixin): #: Time, in milliseconds, to wait for additional TCP packets for content #: inspection. timeout_tcp_inspect = resource.Body('timeout_tcp_inspect', type=int) + #: Stores a cipher string in OpenSSL format. + tls_ciphers = resource.Body('tls_ciphers') class ListenerStats(resource.Resource): diff --git a/openstack/load_balancer/v2/pool.py b/openstack/load_balancer/v2/pool.py index 8794e9ce1..2766b381b 100644 --- a/openstack/load_balancer/v2/pool.py +++ b/openstack/load_balancer/v2/pool.py @@ -29,6 +29,7 @@ class Pool(resource.Resource, resource.TagMixin): 'health_monitor_id', 'lb_algorithm', 'listener_id', 'loadbalancer_id', 'description', 'name', 'project_id', 'protocol', 'created_at', 'updated_at', 'provisioning_status', 'operating_status', + 'tls_ciphers', is_admin_state_up='admin_state_up', **resource.TagMixin._tag_query_parameters ) @@ -64,6 +65,8 @@ class Pool(resource.Resource, resource.TagMixin): protocol = resource.Body('protocol') #: Provisioning status of the pool provisioning_status = resource.Body('provisioning_status') + #: Stores a string of cipher strings in OpenSSL format. + tls_ciphers = resource.Body('tls_ciphers') #: A JSON object specifying the session persistence for the pool. session_persistence = resource.Body('session_persistence', type=dict) #: Timestamp when the pool was updated diff --git a/openstack/tests/unit/load_balancer/test_listener.py b/openstack/tests/unit/load_balancer/test_listener.py index 299e61e94..6c34d34cc 100644 --- a/openstack/tests/unit/load_balancer/test_listener.py +++ b/openstack/tests/unit/load_balancer/test_listener.py @@ -41,6 +41,7 @@ EXAMPLE = { 'timeout_member_connect': 5000, 'timeout_member_data': 50000, 'timeout_tcp_inspect': 0, + 'tls_ciphers': 'ECDHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES128-GCM-SHA256' } EXAMPLE_STATS = { @@ -103,6 +104,8 @@ class TestListener(base.TestCase): test_listener.timeout_member_data) self.assertEqual(EXAMPLE['timeout_tcp_inspect'], test_listener.timeout_tcp_inspect) + self.assertEqual(EXAMPLE['tls_ciphers'], + test_listener.tls_ciphers) self.assertDictEqual( {'limit': 'limit', @@ -133,6 +136,7 @@ class TestListener(base.TestCase): 'timeout_member_connect': 'timeout_member_connect', 'timeout_member_data': 'timeout_member_data', 'timeout_tcp_inspect': 'timeout_tcp_inspect', + 'tls_ciphers': 'tls_ciphers', }, test_listener._query_mapping._mapping) diff --git a/openstack/tests/unit/load_balancer/test_pool.py b/openstack/tests/unit/load_balancer/test_pool.py index efecf5b2d..412449e9d 100644 --- a/openstack/tests/unit/load_balancer/test_pool.py +++ b/openstack/tests/unit/load_balancer/test_pool.py @@ -34,7 +34,8 @@ EXAMPLE = { 'updated_at': '2017-07-17T12:16:57.233772', 'health_monitor': 'healthmonitor', 'health_monitor_id': uuid.uuid4(), - 'members': [{'id': uuid.uuid4()}] + 'members': [{'id': uuid.uuid4()}], + 'tls_ciphers': 'ECDHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES128-GCM-SHA256' } @@ -81,6 +82,8 @@ class TestPool(base.TestCase): self.assertEqual(EXAMPLE['health_monitor_id'], test_pool.health_monitor_id) self.assertEqual(EXAMPLE['members'], test_pool.members) + self.assertEqual(EXAMPLE['tls_ciphers'], + test_pool.tls_ciphers) self.assertDictEqual( {'limit': 'limit', @@ -103,5 +106,6 @@ class TestPool(base.TestCase): 'listener_id': 'listener_id', 'loadbalancer_id': 'loadbalancer_id', 'protocol': 'protocol', + 'tls_ciphers': 'tls_ciphers', }, test_pool._query_mapping._mapping) diff --git a/releasenotes/notes/add-cipher-list-support-to-octavia-b6b2b0053ca6b184.yaml b/releasenotes/notes/add-cipher-list-support-to-octavia-b6b2b0053ca6b184.yaml new file mode 100644 index 000000000..e29879d5d --- /dev/null +++ b/releasenotes/notes/add-cipher-list-support-to-octavia-b6b2b0053ca6b184.yaml @@ -0,0 +1,6 @@ +--- +features: + - | + Added the ``tls_ciphers`` properties to listener.py + and pool.py for storing stings of tls ciphers in + OpenSSL cipher string format.