Add Octavia support for HSTS

HTTP Strict Transport Security (HSTS) support has been added to Octavia. Depends-On: https://review.opendev.org/c/openstack/octavia/+/880806 Depends-On: https://review.opendev.org/c/openstack/octavia-lib/+/880821 Partial-Bug: #2017972 Change-Id: I0c73d01360931acbb2c18822b312312c87cf4b15
2023-04-26 14:29:54 +02:00 · 2023-04-26 14:29:54 +02:00 · 1d43b6b13a
commit 1d43b6b13a
parent b93ea39ea5
3 changed files with 27 additions and 0 deletions
--- a/openstack/load_balancer/v2/listener.py
+++ b/openstack/load_balancer/v2/listener.py
@ -49,6 +49,9 @@ class Listener(resource.Resource, tag.TagMixin):
        'tls_ciphers',
        'tls_versions',
        'alpn_protocols',
+        'hsts_max_age',
+        is_hsts_include_subdomains='hsts_include_subdomains',
+        is_hsts_preload='hsts_preload',
        is_admin_state_up='admin_state_up',
        **tag.TagMixin._tag_query_parameters
    )
@ -71,6 +74,16 @@ class Listener(resource.Resource, tag.TagMixin):
    default_tls_container_ref = resource.Body('default_tls_container_ref')
    #: Description for the listener.
    description = resource.Body('description')
+    #: Defines whether the `include_subdomains` directive is used for HSTS or
+    #: not
+    is_hsts_include_subdomains = resource.Body(
+        'hsts_include_subdomains', type=bool
+    )
+    #: Enables HTTP Strict Transport Security (HSTS) and sets the `max_age`
+    #: directive to given value
+    hsts_max_age = resource.Body('hsts_max_age', type=int)
+    #: Defines whether the `hsts_preload` directive is used for HSTS or not
+    is_hsts_preload = resource.Body('hsts_preload', type=bool)
    #: Dictionary of additional headers insertion into HTTP header.
    insert_headers = resource.Body('insert_headers', type=dict)
    #: The administrative state of the listener, which is up
--- a/openstack/tests/unit/load_balancer/test_listener.py
+++ b/openstack/tests/unit/load_balancer/test_listener.py
@ -40,6 +40,9 @@ EXAMPLE = {
    'updated_at': '2017-07-17T12:16:57.233772',
    'operating_status': 'ONLINE',
    'provisioning_status': 'ACTIVE',
+    'hsts_include_subdomains': True,
+    'hsts_max_age': 30_000_000,
+    'hsts_preload': False,
    'timeout_client_data': 50000,
    'timeout_member_connect': 5000,
    'timeout_member_data': 50000,
@ -102,6 +105,9 @@ class TestListener(base.TestCase):
        )
        self.assertEqual(EXAMPLE['created_at'], test_listener.created_at)
        self.assertEqual(EXAMPLE['updated_at'], test_listener.updated_at)
+        self.assertTrue(test_listener.is_hsts_include_subdomains)
+        self.assertEqual(EXAMPLE['hsts_max_age'], test_listener.hsts_max_age)
+        self.assertFalse(test_listener.is_hsts_preload)
        self.assertEqual(
            EXAMPLE['provisioning_status'], test_listener.provisioning_status
        )
@ -143,6 +149,9 @@ class TestListener(base.TestCase):
                'operating_status': 'operating_status',
                'provisioning_status': 'provisioning_status',
                'is_admin_state_up': 'admin_state_up',
+                'is_hsts_include_subdomains': 'hsts_include_subdomains',
+                'hsts_max_age': 'hsts_max_age',
+                'is_hsts_preload': 'hsts_preload',
                'allowed_cidrs': 'allowed_cidrs',
                'connection_limit': 'connection_limit',
                'default_pool_id': 'default_pool_id',
--- a/releasenotes/notes/add-octavia-listener-hsts-fields-50c621b71e56dc13.yaml
+++ b/releasenotes/notes/add-octavia-listener-hsts-fields-50c621b71e56dc13.yaml
@ -0,0 +1,5 @@
+---
+features:
+  - |
+    Added new fields to loadbalancer create/update listener API in order to
+    support new HTTP Strict Transport Security support.