Add 'client_authentication' in Listener on client

Add a new option '--client-authentication' in Listener osc for client certificate support. Change-Id: I53a1a9c4029084588dccc671f563198bc515213c Story: 2002165 Depends-On: https://review.openstack.org/#/c/612268
2018-11-09 16:20:46 +08:00 · 2018-11-09 16:20:46 +08:00 · 3605104c91
parent eae73d3f0a
commit 3605104c91
5 changed files with 35 additions and 7 deletions
--- a/octaviaclient/osc/v2/constants.py
+++ b/octaviaclient/osc/v2/constants.py
@ -71,7 +71,8 @@ LISTENER_ROWS = (
    'timeout_member_data',
    'timeout_tcp_inspect',
    'updated_at',
-    'client_ca_tls_container_ref')
+    'client_ca_tls_container_ref',
+    'client_authentication')

 LISTENER_COLUMNS = (
    'id',
--- a/octaviaclient/osc/v2/listener.py
+++ b/octaviaclient/osc/v2/listener.py
@ -23,6 +23,7 @@ from octaviaclient.osc.v2 import constants as const
 from octaviaclient.osc.v2 import utils as v2_utils

 PROTOCOL_CHOICES = ['TCP', 'HTTP', 'HTTPS', 'TERMINATED_HTTPS', 'UDP']
+CLIENT_AUTH_CHOICES = ['NONE', 'OPTIONAL', 'MANDATORY']


 class CreateListener(command.ShowOne):
@ -141,6 +142,14 @@ class CreateListener(command.ShowOne):
            help="The URI to the key manager service secrets container "
                 "containing the CA certificate for TERMINATED_TLS listeners."
        )
+        parser.add_argument(
+            '--client-authentication',
+            metavar='{' + ','.join(CLIENT_AUTH_CHOICES) + '}',
+            choices=CLIENT_AUTH_CHOICES,
+            type=lambda s: s.upper(),  # case insensitive
+            help="The TLS client authentication verify options for "
+                 "TERMINATED_TLS listeners."
+        )

        return parser

@ -370,7 +379,14 @@ class SetListener(command.Command):
            help="The URI to the key manager service secrets container "
                 "containing the CA certificate for TERMINATED_TLS listeners."
        )
-
+        parser.add_argument(
+            '--client-authentication',
+            metavar='{' + ','.join(CLIENT_AUTH_CHOICES) + '}',
+            choices=CLIENT_AUTH_CHOICES,
+            type=lambda s: s.upper(),  # case insensitive
+            help="The TLS client authentication verify options for "
+                 "TERMINATED_TLS listeners."
+        )
        return parser

    def take_action(self, parsed_args):
--- a/octaviaclient/osc/v2/utils.py
+++ b/octaviaclient/osc/v2/utils.py
@ -213,6 +213,7 @@ def get_listener_attrs(client_manager, parsed_args):
        'timeout_tcp_inspect': ('timeout_tcp_inspect', int),
        'client_ca_tls_container_ref': ('client_ca_tls_container_ref',
                                        _format_str_if_need_treat_unset),
+        'client_authentication': ('client_authentication', str),
    }

    _attrs = vars(parsed_args)
--- a/octaviaclient/tests/unit/osc/v2/constants.py
+++ b/octaviaclient/tests/unit/osc/v2/constants.py
@ -73,6 +73,7 @@ LISTENER_ATTRS = {
    "timeout_member_data": 50000,
    "timeout_tcp_inspect": 0,
    'client_ca_tls_container_ref': uuidutils.generate_uuid(dashed=True),
+    'client_authentication': "OPTIONAL",
 }

 LOADBALANCER_ATTRS = {
--- a/octaviaclient/tests/unit/osc/v2/test_listener.py
+++ b/octaviaclient/tests/unit/osc/v2/test_listener.py
@ -140,7 +140,9 @@ class TestListenerCreate(TestListener):
                   '--default-tls-container-ref',
                   self._listener.default_tls_container_ref,
                   '--client-ca-tls-container-ref',
-                   self._listener.client_ca_tls_container_ref]
+                   self._listener.client_ca_tls_container_ref,
+                   '--client-authentication',
+                   self._listener.client_authentication]
        verifylist = [
            ('loadbalancer', 'mock_lb_id'),
            ('name', self._listener.name),
@ -150,7 +152,8 @@ class TestListenerCreate(TestListener):
            ('default_tls_container_ref',
             self._listener.default_tls_container_ref),
            ('client_ca_tls_container_ref',
-             self._listener.client_ca_tls_container_ref)
+             self._listener.client_ca_tls_container_ref),
+            ('client_authentication', self._listener.client_authentication)
        ]

        parsed_args = self.check_parser(self.cmd, arglist, verifylist)
@ -222,7 +225,9 @@ class TestListenerSet(TestListener):
                   '--default-tls-container-ref',
                   self._listener.default_tls_container_ref,
                   '--client-ca-tls-container-ref',
-                   self._listener.client_ca_tls_container_ref]
+                   self._listener.client_ca_tls_container_ref,
+                   '--client-authentication',
+                   self._listener.client_authentication]
        verifylist = [
            ('listener', self._listener.id),
            ('name', 'new_name'),
@ -230,7 +235,9 @@ class TestListenerSet(TestListener):
            ('default_tls_container_ref',
                self._listener.default_tls_container_ref),
            ('client_ca_tls_container_ref',
-             self._listener.client_ca_tls_container_ref)
+             self._listener.client_ca_tls_container_ref),
+            ('client_authentication',
+             self._listener.client_authentication)
        ]

        parsed_args = self.check_parser(self.cmd, arglist, verifylist)
@ -243,7 +250,9 @@ class TestListenerSet(TestListener):
                    'default_tls_container_ref':
                        self._listener.default_tls_container_ref,
                    'client_ca_tls_container_ref':
-                        self._listener.client_ca_tls_container_ref
+                        self._listener.client_ca_tls_container_ref,
+                    'client_authentication':
+                        self._listener.client_authentication
                }})