Merge "Add 2 new options to Pool for support backend certificates validation"
This commit is contained in:
commit
3b092172ca
|
@ -101,7 +101,9 @@ POOL_ROWS = (
|
||||||
'provisioning_status',
|
'provisioning_status',
|
||||||
'session_persistence',
|
'session_persistence',
|
||||||
'updated_at',
|
'updated_at',
|
||||||
'tls_container_ref')
|
'tls_container_ref',
|
||||||
|
'ca_tls_container_ref',
|
||||||
|
'crl_container_ref')
|
||||||
|
|
||||||
POOL_COLUMNS = (
|
POOL_COLUMNS = (
|
||||||
'id',
|
'id',
|
||||||
|
|
|
@ -94,6 +94,20 @@ class CreatePool(command.ShowOne):
|
||||||
"containing the certificate and key for ``tls_enabled``"
|
"containing the certificate and key for ``tls_enabled``"
|
||||||
"pools to re-encrpt the traffic to backend member servers."
|
"pools to re-encrpt the traffic to backend member servers."
|
||||||
)
|
)
|
||||||
|
parser.add_argument(
|
||||||
|
'--ca-tls-container-ref',
|
||||||
|
metavar='<ca_tls_container_ref>',
|
||||||
|
help="The reference to the key manager service secrets container "
|
||||||
|
"containing the CA certificate for ``tls_enabled`` pools "
|
||||||
|
"to check the backend member servers certificates"
|
||||||
|
)
|
||||||
|
parser.add_argument(
|
||||||
|
'--crl-container-ref',
|
||||||
|
metavar='<crl_container_ref>',
|
||||||
|
help="The reference to the key manager service secrets container "
|
||||||
|
"containting the CA revocation list file for ``tls_enabled`` "
|
||||||
|
"pools to validate the backend member servers certificates."
|
||||||
|
)
|
||||||
|
|
||||||
return parser
|
return parser
|
||||||
|
|
||||||
|
@ -247,6 +261,21 @@ class SetPool(command.Command):
|
||||||
"pools to re-encrpt the traffic from TERMINATED_TLS "
|
"pools to re-encrpt the traffic from TERMINATED_TLS "
|
||||||
"listener to backend servers."
|
"listener to backend servers."
|
||||||
)
|
)
|
||||||
|
parser.add_argument(
|
||||||
|
'--ca-tls-container-ref',
|
||||||
|
metavar='<ca_tls_container_ref>',
|
||||||
|
help="The URI to the key manager service secrets container "
|
||||||
|
"containing the CA certificate for TERMINATED_TLS listeners "
|
||||||
|
"to check the backend servers certificates in ssl traffic."
|
||||||
|
)
|
||||||
|
parser.add_argument(
|
||||||
|
'--crl-container-ref',
|
||||||
|
metavar='<crl_container_ref>',
|
||||||
|
help="The URI to the key manager service secrets container "
|
||||||
|
"containting the CA revocation list file for TERMINATED_TLS "
|
||||||
|
"listeners to valid the backend servers certificates in ssl "
|
||||||
|
"traffic."
|
||||||
|
)
|
||||||
|
|
||||||
return parser
|
return parser
|
||||||
|
|
||||||
|
|
|
@ -255,6 +255,10 @@ def get_pool_attrs(client_manager, parsed_args):
|
||||||
'disable': ('admin_state_up', lambda x: False),
|
'disable': ('admin_state_up', lambda x: False),
|
||||||
'tls_container_ref': ('tls_container_ref',
|
'tls_container_ref': ('tls_container_ref',
|
||||||
_format_str_if_need_treat_unset),
|
_format_str_if_need_treat_unset),
|
||||||
|
'ca_tls_container_ref': ('ca_tls_container_ref',
|
||||||
|
_format_str_if_need_treat_unset),
|
||||||
|
'crl_container_ref': ('crl_container_ref',
|
||||||
|
_format_str_if_need_treat_unset),
|
||||||
}
|
}
|
||||||
|
|
||||||
_attrs = vars(parsed_args)
|
_attrs = vars(parsed_args)
|
||||||
|
|
|
@ -147,7 +147,9 @@ POOL_ATTRS = {
|
||||||
"project_id": uuidutils.generate_uuid(dashed=True),
|
"project_id": uuidutils.generate_uuid(dashed=True),
|
||||||
"protocol": "HTTP",
|
"protocol": "HTTP",
|
||||||
"provisioning_status": "ACTIVE",
|
"provisioning_status": "ACTIVE",
|
||||||
"tls_container_ref": uuidutils.generate_uuid()
|
"tls_container_ref": uuidutils.generate_uuid(),
|
||||||
|
"ca_tls_container_ref": uuidutils.generate_uuid(),
|
||||||
|
"crl_container_ref": uuidutils.generate_uuid()
|
||||||
}
|
}
|
||||||
|
|
||||||
QUOTA_ATTRS = {
|
QUOTA_ATTRS = {
|
||||||
|
|
|
@ -105,14 +105,18 @@ class TestPoolCreate(TestPool):
|
||||||
'--name', self._po.name,
|
'--name', self._po.name,
|
||||||
'--protocol', 'HTTP',
|
'--protocol', 'HTTP',
|
||||||
'--lb-algorithm', 'ROUND_ROBIN',
|
'--lb-algorithm', 'ROUND_ROBIN',
|
||||||
'--tls-container-ref', self._po.tls_container_ref]
|
'--tls-container-ref', self._po.tls_container_ref,
|
||||||
|
'--ca-tls-container-ref', self._po.ca_tls_container_ref,
|
||||||
|
'--crl-container-ref', self._po.crl_container_ref]
|
||||||
|
|
||||||
verifylist = [
|
verifylist = [
|
||||||
('loadbalancer', 'mock_lb_id'),
|
('loadbalancer', 'mock_lb_id'),
|
||||||
('name', self._po.name),
|
('name', self._po.name),
|
||||||
('protocol', 'HTTP'),
|
('protocol', 'HTTP'),
|
||||||
('lb_algorithm', 'ROUND_ROBIN'),
|
('lb_algorithm', 'ROUND_ROBIN'),
|
||||||
('tls_container_ref', self._po.tls_container_ref)
|
('tls_container_ref', self._po.tls_container_ref),
|
||||||
|
('ca_tls_container_ref', self._po.ca_tls_container_ref),
|
||||||
|
('crl_container_ref', self._po.crl_container_ref)
|
||||||
]
|
]
|
||||||
|
|
||||||
parsed_args = self.check_parser(self.cmd, arglist, verifylist)
|
parsed_args = self.check_parser(self.cmd, arglist, verifylist)
|
||||||
|
@ -149,16 +153,20 @@ class TestPoolSet(TestPool):
|
||||||
self.cmd = pool.SetPool(self.app, None)
|
self.cmd = pool.SetPool(self.app, None)
|
||||||
|
|
||||||
def test_pool_set(self):
|
def test_pool_set(self):
|
||||||
new_tls_id = 'test-tls-container-id'
|
new_tls_id, new_ca_id, new_crl_id = (
|
||||||
|
'test-tls-container-id', 'test-ca-tls-container-id',
|
||||||
|
'test-crl-container-id')
|
||||||
arglist = [self._po.id, '--name', 'new_name', '--tls-container-ref',
|
arglist = [self._po.id, '--name', 'new_name', '--tls-container-ref',
|
||||||
new_tls_id]
|
new_tls_id, '--ca-tls-container-ref', new_ca_id,
|
||||||
|
'--crl-container-ref', new_crl_id]
|
||||||
verifylist = [
|
verifylist = [
|
||||||
('pool', self._po.id),
|
('pool', self._po.id),
|
||||||
('name', 'new_name')
|
('name', 'new_name')
|
||||||
]
|
]
|
||||||
|
|
||||||
parsed_args = self.check_parser(self.cmd, arglist, verifylist)
|
parsed_args = self.check_parser(self.cmd, arglist, verifylist)
|
||||||
self.cmd.take_action(parsed_args)
|
self.cmd.take_action(parsed_args)
|
||||||
self.api_mock.pool_set.assert_called_with(
|
self.api_mock.pool_set.assert_called_with(
|
||||||
self._po.id, json={'pool': {'name': 'new_name',
|
self._po.id, json={'pool': {'name': 'new_name',
|
||||||
'tls_container_ref': new_tls_id}})
|
'tls_container_ref': new_tls_id,
|
||||||
|
'ca_tls_container_ref': new_ca_id,
|
||||||
|
'crl_container_ref': new_crl_id}})
|
||||||
|
|
Loading…
Reference in New Issue