Add ALPN support for pools
Users can define a list of application layer protocols to be negotiated over a secure connection with members. For example, users can limit to HTTP/2 or to HTTP/2 and HTTP/1.1 but exclude HTTP/1.0. Change-Id: I6afbbf40949b6ad5fbe5ffaff01034c1cf8b16c9
This commit is contained in:
parent
c170ddd592
commit
21f1d672f4
|
@ -115,7 +115,8 @@ POOL_ROWS = (
|
||||||
'tls_enabled',
|
'tls_enabled',
|
||||||
'tls_ciphers',
|
'tls_ciphers',
|
||||||
'tls_versions',
|
'tls_versions',
|
||||||
'tags')
|
'tags',
|
||||||
|
'alpn_protocols')
|
||||||
|
|
||||||
POOL_COLUMNS = (
|
POOL_COLUMNS = (
|
||||||
'id',
|
'id',
|
||||||
|
|
|
@ -146,6 +146,15 @@ class CreatePool(command.ShowOne):
|
||||||
help="Set the TLS protocol version to be used "
|
help="Set the TLS protocol version to be used "
|
||||||
"by the pool (can be set multiple times)."
|
"by the pool (can be set multiple times)."
|
||||||
)
|
)
|
||||||
|
parser.add_argument(
|
||||||
|
'--alpn-protocol',
|
||||||
|
dest='alpn_protocols',
|
||||||
|
metavar='<alpn_protocols>',
|
||||||
|
nargs='?',
|
||||||
|
action='append',
|
||||||
|
help="Set the ALPN protocol to be used "
|
||||||
|
"by the pool (can be set multiple times)."
|
||||||
|
)
|
||||||
|
|
||||||
_tag.add_tag_option_to_parser_for_create(
|
_tag.add_tag_option_to_parser_for_create(
|
||||||
parser, 'pool')
|
parser, 'pool')
|
||||||
|
@ -387,7 +396,15 @@ class SetPool(command.Command):
|
||||||
action='append',
|
action='append',
|
||||||
help="Set the TLS protocol version to be used "
|
help="Set the TLS protocol version to be used "
|
||||||
"by the pool (can be set multiple times)."
|
"by the pool (can be set multiple times)."
|
||||||
|
)
|
||||||
|
parser.add_argument(
|
||||||
|
'--alpn-protocol',
|
||||||
|
dest='alpn_protocols',
|
||||||
|
metavar='<alpn_protocols>',
|
||||||
|
nargs='?',
|
||||||
|
action='append',
|
||||||
|
help="Set the ALPN protocol to be used "
|
||||||
|
"by the pool (can be set multiple times)."
|
||||||
)
|
)
|
||||||
|
|
||||||
_tag.add_tag_option_to_parser_for_set(parser, 'pool')
|
_tag.add_tag_option_to_parser_for_set(parser, 'pool')
|
||||||
|
@ -472,6 +489,11 @@ class UnsetPool(command.Command):
|
||||||
action='store_true',
|
action='store_true',
|
||||||
help='Wait for action to complete',
|
help='Wait for action to complete',
|
||||||
)
|
)
|
||||||
|
parser.add_argument(
|
||||||
|
'--alpn-protocols',
|
||||||
|
action='store_true',
|
||||||
|
help="Clear all ALPN protocols from the pool."
|
||||||
|
)
|
||||||
|
|
||||||
_tag.add_tag_option_to_parser_for_unset(parser, 'pool')
|
_tag.add_tag_option_to_parser_for_unset(parser, 'pool')
|
||||||
|
|
||||||
|
|
|
@ -287,6 +287,7 @@ def get_pool_attrs(client_manager, parsed_args):
|
||||||
'disable_tls': ('tls_enabled', lambda x: False),
|
'disable_tls': ('tls_enabled', lambda x: False),
|
||||||
'tls_ciphers': ('tls_ciphers', str),
|
'tls_ciphers': ('tls_ciphers', str),
|
||||||
'tls_versions': ('tls_versions', list),
|
'tls_versions': ('tls_versions', list),
|
||||||
|
'alpn_protocols': ('alpn_protocols', list),
|
||||||
}
|
}
|
||||||
add_tags_attr_map(attr_map)
|
add_tags_attr_map(attr_map)
|
||||||
|
|
||||||
|
|
|
@ -163,6 +163,7 @@ POOL_ATTRS = {
|
||||||
"tls_ciphers": "ECDHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES128-GCM-SHA256",
|
"tls_ciphers": "ECDHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES128-GCM-SHA256",
|
||||||
"tls_versions": ['TLSv1.1', 'TLSv1.2'],
|
"tls_versions": ['TLSv1.1', 'TLSv1.2'],
|
||||||
"tags": ["foo", "bar"],
|
"tags": ["foo", "bar"],
|
||||||
|
"alpn_protocols": ['h2', 'http/1.1']
|
||||||
}
|
}
|
||||||
|
|
||||||
QUOTA_ATTRS = {
|
QUOTA_ATTRS = {
|
||||||
|
|
|
@ -185,7 +185,9 @@ class TestPoolCreate(TestPool):
|
||||||
'--crl-container-ref', self._po.crl_container_ref,
|
'--crl-container-ref', self._po.crl_container_ref,
|
||||||
'--tls-ciphers', self._po.tls_ciphers,
|
'--tls-ciphers', self._po.tls_ciphers,
|
||||||
'--tls-version', self._po.tls_versions[0],
|
'--tls-version', self._po.tls_versions[0],
|
||||||
'--tls-version', self._po.tls_versions[1]]
|
'--tls-version', self._po.tls_versions[1],
|
||||||
|
'--alpn-protocol', self._po.alpn_protocols[0],
|
||||||
|
'--alpn-protocol', self._po.alpn_protocols[1]]
|
||||||
|
|
||||||
verifylist = [
|
verifylist = [
|
||||||
('loadbalancer', 'mock_lb_id'),
|
('loadbalancer', 'mock_lb_id'),
|
||||||
|
@ -197,7 +199,8 @@ class TestPoolCreate(TestPool):
|
||||||
('ca_tls_container_ref', self._po.ca_tls_container_ref),
|
('ca_tls_container_ref', self._po.ca_tls_container_ref),
|
||||||
('crl_container_ref', self._po.crl_container_ref),
|
('crl_container_ref', self._po.crl_container_ref),
|
||||||
('tls_ciphers', self._po.tls_ciphers),
|
('tls_ciphers', self._po.tls_ciphers),
|
||||||
('tls_versions', self._po.tls_versions)
|
('tls_versions', self._po.tls_versions),
|
||||||
|
('alpn_protocols', self._po.alpn_protocols),
|
||||||
]
|
]
|
||||||
|
|
||||||
parsed_args = self.check_parser(self.cmd, arglist, verifylist)
|
parsed_args = self.check_parser(self.cmd, arglist, verifylist)
|
||||||
|
@ -294,12 +297,15 @@ class TestPoolSet(TestPool):
|
||||||
'--crl-container-ref', new_crl_id, '--enable-tls',
|
'--crl-container-ref', new_crl_id, '--enable-tls',
|
||||||
'--tls-ciphers', self._po.tls_ciphers,
|
'--tls-ciphers', self._po.tls_ciphers,
|
||||||
'--tls-version', self._po.tls_versions[0],
|
'--tls-version', self._po.tls_versions[0],
|
||||||
'--tls-version', self._po.tls_versions[1]]
|
'--tls-version', self._po.tls_versions[1],
|
||||||
|
'--alpn-protocol', self._po.alpn_protocols[0],
|
||||||
|
'--alpn-protocol', self._po.alpn_protocols[1]]
|
||||||
verifylist = [
|
verifylist = [
|
||||||
('pool', self._po.id),
|
('pool', self._po.id),
|
||||||
('name', 'new_name'),
|
('name', 'new_name'),
|
||||||
('tls_ciphers', self._po.tls_ciphers),
|
('tls_ciphers', self._po.tls_ciphers),
|
||||||
('tls_versions', self._po.tls_versions)
|
('tls_versions', self._po.tls_versions),
|
||||||
|
('alpn_protocols', self._po.alpn_protocols)
|
||||||
]
|
]
|
||||||
parsed_args = self.check_parser(self.cmd, arglist, verifylist)
|
parsed_args = self.check_parser(self.cmd, arglist, verifylist)
|
||||||
self.cmd.take_action(parsed_args)
|
self.cmd.take_action(parsed_args)
|
||||||
|
@ -310,7 +316,9 @@ class TestPoolSet(TestPool):
|
||||||
'crl_container_ref': new_crl_id,
|
'crl_container_ref': new_crl_id,
|
||||||
'tls_enabled': True,
|
'tls_enabled': True,
|
||||||
'tls_ciphers': self._po.tls_ciphers,
|
'tls_ciphers': self._po.tls_ciphers,
|
||||||
'tls_versions': self._po.tls_versions
|
'tls_versions': self._po.tls_versions,
|
||||||
|
'alpn_protocols':
|
||||||
|
self._po.alpn_protocols,
|
||||||
}})
|
}})
|
||||||
|
|
||||||
@mock.patch('osc_lib.utils.wait_for_status')
|
@mock.patch('osc_lib.utils.wait_for_status')
|
||||||
|
|
|
@ -0,0 +1,7 @@
|
||||||
|
---
|
||||||
|
features:
|
||||||
|
- |
|
||||||
|
Added ALPN support for pools with parameter ``--alpn-protocol`` (can
|
||||||
|
be set multiple times). Users can define a list of application layer
|
||||||
|
protocols to be negotiated over a secure connection. For example, users
|
||||||
|
can limit to HTTP/2 or to HTTP/2 and HTTP/1.1 but exclude HTTP/1.0.
|
Loading…
Reference in New Issue