From 21f1d672f419079ec2b8bfb98910313ccb4b04a8 Mon Sep 17 00:00:00 2001 From: Carlos Goncalves Date: Tue, 15 Sep 2020 18:51:29 +0000 Subject: [PATCH] Add ALPN support for pools Users can define a list of application layer protocols to be negotiated over a secure connection with members. For example, users can limit to HTTP/2 or to HTTP/2 and HTTP/1.1 but exclude HTTP/1.0. Change-Id: I6afbbf40949b6ad5fbe5ffaff01034c1cf8b16c9 --- octaviaclient/osc/v2/constants.py | 3 ++- octaviaclient/osc/v2/pool.py | 24 ++++++++++++++++++- octaviaclient/osc/v2/utils.py | 1 + octaviaclient/tests/unit/osc/v2/constants.py | 1 + octaviaclient/tests/unit/osc/v2/test_pool.py | 18 ++++++++++---- ...ool-tls-alpn-support-59758ea78c78952e.yaml | 7 ++++++ 6 files changed, 47 insertions(+), 7 deletions(-) create mode 100644 releasenotes/notes/add-pool-tls-alpn-support-59758ea78c78952e.yaml diff --git a/octaviaclient/osc/v2/constants.py b/octaviaclient/osc/v2/constants.py index eb26ae8..7dda5ae 100644 --- a/octaviaclient/osc/v2/constants.py +++ b/octaviaclient/osc/v2/constants.py @@ -115,7 +115,8 @@ POOL_ROWS = ( 'tls_enabled', 'tls_ciphers', 'tls_versions', - 'tags') + 'tags', + 'alpn_protocols') POOL_COLUMNS = ( 'id', diff --git a/octaviaclient/osc/v2/pool.py b/octaviaclient/osc/v2/pool.py index cc86501..1932faa 100644 --- a/octaviaclient/osc/v2/pool.py +++ b/octaviaclient/osc/v2/pool.py @@ -146,6 +146,15 @@ class CreatePool(command.ShowOne): help="Set the TLS protocol version to be used " "by the pool (can be set multiple times)." ) + parser.add_argument( + '--alpn-protocol', + dest='alpn_protocols', + metavar='', + nargs='?', + action='append', + help="Set the ALPN protocol to be used " + "by the pool (can be set multiple times)." + ) _tag.add_tag_option_to_parser_for_create( parser, 'pool') @@ -387,7 +396,15 @@ class SetPool(command.Command): action='append', help="Set the TLS protocol version to be used " "by the pool (can be set multiple times)." - + ) + parser.add_argument( + '--alpn-protocol', + dest='alpn_protocols', + metavar='', + nargs='?', + action='append', + help="Set the ALPN protocol to be used " + "by the pool (can be set multiple times)." ) _tag.add_tag_option_to_parser_for_set(parser, 'pool') @@ -472,6 +489,11 @@ class UnsetPool(command.Command): action='store_true', help='Wait for action to complete', ) + parser.add_argument( + '--alpn-protocols', + action='store_true', + help="Clear all ALPN protocols from the pool." + ) _tag.add_tag_option_to_parser_for_unset(parser, 'pool') diff --git a/octaviaclient/osc/v2/utils.py b/octaviaclient/osc/v2/utils.py index bc9c128..a12cca5 100644 --- a/octaviaclient/osc/v2/utils.py +++ b/octaviaclient/osc/v2/utils.py @@ -287,6 +287,7 @@ def get_pool_attrs(client_manager, parsed_args): 'disable_tls': ('tls_enabled', lambda x: False), 'tls_ciphers': ('tls_ciphers', str), 'tls_versions': ('tls_versions', list), + 'alpn_protocols': ('alpn_protocols', list), } add_tags_attr_map(attr_map) diff --git a/octaviaclient/tests/unit/osc/v2/constants.py b/octaviaclient/tests/unit/osc/v2/constants.py index c103ede..5d68375 100644 --- a/octaviaclient/tests/unit/osc/v2/constants.py +++ b/octaviaclient/tests/unit/osc/v2/constants.py @@ -163,6 +163,7 @@ POOL_ATTRS = { "tls_ciphers": "ECDHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES128-GCM-SHA256", "tls_versions": ['TLSv1.1', 'TLSv1.2'], "tags": ["foo", "bar"], + "alpn_protocols": ['h2', 'http/1.1'] } QUOTA_ATTRS = { diff --git a/octaviaclient/tests/unit/osc/v2/test_pool.py b/octaviaclient/tests/unit/osc/v2/test_pool.py index 4ef213e..5606499 100644 --- a/octaviaclient/tests/unit/osc/v2/test_pool.py +++ b/octaviaclient/tests/unit/osc/v2/test_pool.py @@ -185,7 +185,9 @@ class TestPoolCreate(TestPool): '--crl-container-ref', self._po.crl_container_ref, '--tls-ciphers', self._po.tls_ciphers, '--tls-version', self._po.tls_versions[0], - '--tls-version', self._po.tls_versions[1]] + '--tls-version', self._po.tls_versions[1], + '--alpn-protocol', self._po.alpn_protocols[0], + '--alpn-protocol', self._po.alpn_protocols[1]] verifylist = [ ('loadbalancer', 'mock_lb_id'), @@ -197,7 +199,8 @@ class TestPoolCreate(TestPool): ('ca_tls_container_ref', self._po.ca_tls_container_ref), ('crl_container_ref', self._po.crl_container_ref), ('tls_ciphers', self._po.tls_ciphers), - ('tls_versions', self._po.tls_versions) + ('tls_versions', self._po.tls_versions), + ('alpn_protocols', self._po.alpn_protocols), ] parsed_args = self.check_parser(self.cmd, arglist, verifylist) @@ -294,12 +297,15 @@ class TestPoolSet(TestPool): '--crl-container-ref', new_crl_id, '--enable-tls', '--tls-ciphers', self._po.tls_ciphers, '--tls-version', self._po.tls_versions[0], - '--tls-version', self._po.tls_versions[1]] + '--tls-version', self._po.tls_versions[1], + '--alpn-protocol', self._po.alpn_protocols[0], + '--alpn-protocol', self._po.alpn_protocols[1]] verifylist = [ ('pool', self._po.id), ('name', 'new_name'), ('tls_ciphers', self._po.tls_ciphers), - ('tls_versions', self._po.tls_versions) + ('tls_versions', self._po.tls_versions), + ('alpn_protocols', self._po.alpn_protocols) ] parsed_args = self.check_parser(self.cmd, arglist, verifylist) self.cmd.take_action(parsed_args) @@ -310,7 +316,9 @@ class TestPoolSet(TestPool): 'crl_container_ref': new_crl_id, 'tls_enabled': True, 'tls_ciphers': self._po.tls_ciphers, - 'tls_versions': self._po.tls_versions + 'tls_versions': self._po.tls_versions, + 'alpn_protocols': + self._po.alpn_protocols, }}) @mock.patch('osc_lib.utils.wait_for_status') diff --git a/releasenotes/notes/add-pool-tls-alpn-support-59758ea78c78952e.yaml b/releasenotes/notes/add-pool-tls-alpn-support-59758ea78c78952e.yaml new file mode 100644 index 0000000..88548b9 --- /dev/null +++ b/releasenotes/notes/add-pool-tls-alpn-support-59758ea78c78952e.yaml @@ -0,0 +1,7 @@ +--- +features: + - | + Added ALPN support for pools with parameter ``--alpn-protocol`` (can + be set multiple times). Users can define a list of application layer + protocols to be negotiated over a secure connection. For example, users + can limit to HTTP/2 or to HTTP/2 and HTTP/1.1 but exclude HTTP/1.0.