Add ALPN support for pools

Users can define a list of application layer protocols to be negotiated
over a secure connection with members. For example, users can limit to
HTTP/2 or to HTTP/2 and HTTP/1.1 but exclude HTTP/1.0.

Change-Id: I6afbbf40949b6ad5fbe5ffaff01034c1cf8b16c9

octaviaclient/osc/v2/constants.py

@@ -115,7 +115,8 @@ POOL_ROWS = (
     'tls_enabled',
     'tls_ciphers',
     'tls_versions',
-    'tags')
+    'tags',
+    'alpn_protocols')
 
 POOL_COLUMNS = (
     'id',

octaviaclient/osc/v2/pool.py

@@ -146,6 +146,15 @@ class CreatePool(command.ShowOne):
             help="Set the TLS protocol version to be used "
                  "by the pool (can be set multiple times)."
         )
+        parser.add_argument(
+            '--alpn-protocol',
+            dest='alpn_protocols',
+            metavar='<alpn_protocols>',
+            nargs='?',
+            action='append',
+            help="Set the ALPN protocol to be used "
+                 "by the pool (can be set multiple times)."
+        )
 
         _tag.add_tag_option_to_parser_for_create(
             parser, 'pool')
@@ -387,7 +396,15 @@ class SetPool(command.Command):
             action='append',
             help="Set the TLS protocol version to be used "
                  "by the pool (can be set multiple times)."
-
+        )
+        parser.add_argument(
+            '--alpn-protocol',
+            dest='alpn_protocols',
+            metavar='<alpn_protocols>',
+            nargs='?',
+            action='append',
+            help="Set the ALPN protocol to be used "
+                 "by the pool (can be set multiple times)."
         )
 
         _tag.add_tag_option_to_parser_for_set(parser, 'pool')
@@ -472,6 +489,11 @@ class UnsetPool(command.Command):
             action='store_true',
             help='Wait for action to complete',
         )
+        parser.add_argument(
+            '--alpn-protocols',
+            action='store_true',
+            help="Clear all ALPN protocols from the pool."
+        )
 
         _tag.add_tag_option_to_parser_for_unset(parser, 'pool')
 

octaviaclient/osc/v2/utils.py

@@ -287,6 +287,7 @@ def get_pool_attrs(client_manager, parsed_args):
         'disable_tls': ('tls_enabled', lambda x: False),
         'tls_ciphers': ('tls_ciphers', str),
         'tls_versions': ('tls_versions', list),
+        'alpn_protocols': ('alpn_protocols', list),
     }
     add_tags_attr_map(attr_map)
 

octaviaclient/tests/unit/osc/v2/constants.py

@@ -163,6 +163,7 @@ POOL_ATTRS = {
     "tls_ciphers": "ECDHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES128-GCM-SHA256",
     "tls_versions": ['TLSv1.1', 'TLSv1.2'],
     "tags": ["foo", "bar"],
+    "alpn_protocols": ['h2', 'http/1.1']
 }
 
 QUOTA_ATTRS = {

octaviaclient/tests/unit/osc/v2/test_pool.py

@@ -185,7 +185,9 @@ class TestPoolCreate(TestPool):
                    '--crl-container-ref', self._po.crl_container_ref,
                    '--tls-ciphers', self._po.tls_ciphers,
                    '--tls-version', self._po.tls_versions[0],
-                   '--tls-version', self._po.tls_versions[1]]
+                   '--tls-version', self._po.tls_versions[1],
+                   '--alpn-protocol', self._po.alpn_protocols[0],
+                   '--alpn-protocol', self._po.alpn_protocols[1]]
 
         verifylist = [
             ('loadbalancer', 'mock_lb_id'),
@@ -197,7 +199,8 @@ class TestPoolCreate(TestPool):
             ('ca_tls_container_ref', self._po.ca_tls_container_ref),
             ('crl_container_ref', self._po.crl_container_ref),
             ('tls_ciphers', self._po.tls_ciphers),
-            ('tls_versions', self._po.tls_versions)
+            ('tls_versions', self._po.tls_versions),
+            ('alpn_protocols', self._po.alpn_protocols),
         ]
 
         parsed_args = self.check_parser(self.cmd, arglist, verifylist)
@@ -294,12 +297,15 @@ class TestPoolSet(TestPool):
                    '--crl-container-ref', new_crl_id, '--enable-tls',
                    '--tls-ciphers', self._po.tls_ciphers,
                    '--tls-version', self._po.tls_versions[0],
-                   '--tls-version', self._po.tls_versions[1]]
+                   '--tls-version', self._po.tls_versions[1],
+                   '--alpn-protocol', self._po.alpn_protocols[0],
+                   '--alpn-protocol', self._po.alpn_protocols[1]]
         verifylist = [
             ('pool', self._po.id),
             ('name', 'new_name'),
             ('tls_ciphers', self._po.tls_ciphers),
-            ('tls_versions', self._po.tls_versions)
+            ('tls_versions', self._po.tls_versions),
+            ('alpn_protocols', self._po.alpn_protocols)
         ]
         parsed_args = self.check_parser(self.cmd, arglist, verifylist)
         self.cmd.take_action(parsed_args)
@@ -310,7 +316,9 @@ class TestPoolSet(TestPool):
                                         'crl_container_ref': new_crl_id,
                                         'tls_enabled': True,
                                         'tls_ciphers': self._po.tls_ciphers,
-                                        'tls_versions': self._po.tls_versions
+                                        'tls_versions': self._po.tls_versions,
+                                        'alpn_protocols':
+                                            self._po.alpn_protocols,
                                         }})
 
     @mock.patch('osc_lib.utils.wait_for_status')

releasenotes/notes/add-pool-tls-alpn-support-59758ea78c78952e.yaml

@@ -0,0 +1,7 @@
+---
+features:
+  - |
+    Added ALPN support for pools with parameter ``--alpn-protocol`` (can
+    be set multiple times). Users can define a list of application layer
+    protocols to be negotiated over a secure connection. For example, users
+    can limit to HTTP/2 or to HTTP/2 and HTTP/1.1 but exclude HTTP/1.0.