Add cipher list support for octavia

Added a property "tls_ciphers" to pools.py and
    listeners.py for a storing a string of tls cipers
    in OpenSSL cipher string format.

    Story: 2006627
    Task: 37190

Change-Id: Iaf1178cf2131f12f501318fa8dd2548b218132fc
This commit is contained in:
Noah Mickus 2020-04-20 16:48:10 -05:00
parent a53edeeaac
commit 04b55dab96
5 changed files with 21 additions and 1 deletions

View File

@ -32,6 +32,7 @@ class Listener(resource.Resource, resource.TagMixin):
'sni_container_refs', 'insert_headers', 'load_balancer_id', 'sni_container_refs', 'insert_headers', 'load_balancer_id',
'timeout_client_data', 'timeout_member_connect', 'timeout_client_data', 'timeout_member_connect',
'timeout_member_data', 'timeout_tcp_inspect', 'allowed_cidrs', 'timeout_member_data', 'timeout_tcp_inspect', 'allowed_cidrs',
'tls_ciphers',
is_admin_state_up='admin_state_up', is_admin_state_up='admin_state_up',
**resource.TagMixin._tag_query_parameters **resource.TagMixin._tag_query_parameters
) )
@ -91,6 +92,8 @@ class Listener(resource.Resource, resource.TagMixin):
#: Time, in milliseconds, to wait for additional TCP packets for content #: Time, in milliseconds, to wait for additional TCP packets for content
#: inspection. #: inspection.
timeout_tcp_inspect = resource.Body('timeout_tcp_inspect', type=int) timeout_tcp_inspect = resource.Body('timeout_tcp_inspect', type=int)
#: Stores a cipher string in OpenSSL format.
tls_ciphers = resource.Body('tls_ciphers')
class ListenerStats(resource.Resource): class ListenerStats(resource.Resource):

View File

@ -29,6 +29,7 @@ class Pool(resource.Resource, resource.TagMixin):
'health_monitor_id', 'lb_algorithm', 'listener_id', 'loadbalancer_id', 'health_monitor_id', 'lb_algorithm', 'listener_id', 'loadbalancer_id',
'description', 'name', 'project_id', 'protocol', 'description', 'name', 'project_id', 'protocol',
'created_at', 'updated_at', 'provisioning_status', 'operating_status', 'created_at', 'updated_at', 'provisioning_status', 'operating_status',
'tls_ciphers',
is_admin_state_up='admin_state_up', is_admin_state_up='admin_state_up',
**resource.TagMixin._tag_query_parameters **resource.TagMixin._tag_query_parameters
) )
@ -64,6 +65,8 @@ class Pool(resource.Resource, resource.TagMixin):
protocol = resource.Body('protocol') protocol = resource.Body('protocol')
#: Provisioning status of the pool #: Provisioning status of the pool
provisioning_status = resource.Body('provisioning_status') provisioning_status = resource.Body('provisioning_status')
#: Stores a string of cipher strings in OpenSSL format.
tls_ciphers = resource.Body('tls_ciphers')
#: A JSON object specifying the session persistence for the pool. #: A JSON object specifying the session persistence for the pool.
session_persistence = resource.Body('session_persistence', type=dict) session_persistence = resource.Body('session_persistence', type=dict)
#: Timestamp when the pool was updated #: Timestamp when the pool was updated

View File

@ -41,6 +41,7 @@ EXAMPLE = {
'timeout_member_connect': 5000, 'timeout_member_connect': 5000,
'timeout_member_data': 50000, 'timeout_member_data': 50000,
'timeout_tcp_inspect': 0, 'timeout_tcp_inspect': 0,
'tls_ciphers': 'ECDHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES128-GCM-SHA256'
} }
EXAMPLE_STATS = { EXAMPLE_STATS = {
@ -103,6 +104,8 @@ class TestListener(base.TestCase):
test_listener.timeout_member_data) test_listener.timeout_member_data)
self.assertEqual(EXAMPLE['timeout_tcp_inspect'], self.assertEqual(EXAMPLE['timeout_tcp_inspect'],
test_listener.timeout_tcp_inspect) test_listener.timeout_tcp_inspect)
self.assertEqual(EXAMPLE['tls_ciphers'],
test_listener.tls_ciphers)
self.assertDictEqual( self.assertDictEqual(
{'limit': 'limit', {'limit': 'limit',
@ -133,6 +136,7 @@ class TestListener(base.TestCase):
'timeout_member_connect': 'timeout_member_connect', 'timeout_member_connect': 'timeout_member_connect',
'timeout_member_data': 'timeout_member_data', 'timeout_member_data': 'timeout_member_data',
'timeout_tcp_inspect': 'timeout_tcp_inspect', 'timeout_tcp_inspect': 'timeout_tcp_inspect',
'tls_ciphers': 'tls_ciphers',
}, },
test_listener._query_mapping._mapping) test_listener._query_mapping._mapping)

View File

@ -34,7 +34,8 @@ EXAMPLE = {
'updated_at': '2017-07-17T12:16:57.233772', 'updated_at': '2017-07-17T12:16:57.233772',
'health_monitor': 'healthmonitor', 'health_monitor': 'healthmonitor',
'health_monitor_id': uuid.uuid4(), 'health_monitor_id': uuid.uuid4(),
'members': [{'id': uuid.uuid4()}] 'members': [{'id': uuid.uuid4()}],
'tls_ciphers': 'ECDHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES128-GCM-SHA256'
} }
@ -81,6 +82,8 @@ class TestPool(base.TestCase):
self.assertEqual(EXAMPLE['health_monitor_id'], self.assertEqual(EXAMPLE['health_monitor_id'],
test_pool.health_monitor_id) test_pool.health_monitor_id)
self.assertEqual(EXAMPLE['members'], test_pool.members) self.assertEqual(EXAMPLE['members'], test_pool.members)
self.assertEqual(EXAMPLE['tls_ciphers'],
test_pool.tls_ciphers)
self.assertDictEqual( self.assertDictEqual(
{'limit': 'limit', {'limit': 'limit',
@ -103,5 +106,6 @@ class TestPool(base.TestCase):
'listener_id': 'listener_id', 'listener_id': 'listener_id',
'loadbalancer_id': 'loadbalancer_id', 'loadbalancer_id': 'loadbalancer_id',
'protocol': 'protocol', 'protocol': 'protocol',
'tls_ciphers': 'tls_ciphers',
}, },
test_pool._query_mapping._mapping) test_pool._query_mapping._mapping)

View File

@ -0,0 +1,6 @@
---
features:
- |
Added the ``tls_ciphers`` properties to listener.py
and pool.py for storing stings of tls ciphers in
OpenSSL cipher string format.