Browse Source

Add the ability to specify TLS protocols for a listener

Updated the listener create and set parameters to add
an argumet "--tls-version" for passing TLS protocol versions

Change-Id: Icb3171a7722e3b3028a108345506e907132bb856
Story: 2006733
Task: 37174
Depends-On: Ic33d9b9a256490ae1b048cdfd2475d6340509fdb
changes/26/722426/2
Noah Mickus 1 year ago
parent
commit
8635219f5d
6 changed files with 46 additions and 6 deletions
  1. +2
    -1
      octaviaclient/osc/v2/constants.py
  2. +18
    -0
      octaviaclient/osc/v2/listener.py
  3. +1
    -0
      octaviaclient/osc/v2/utils.py
  4. +2
    -1
      octaviaclient/tests/unit/osc/v2/constants.py
  5. +17
    -4
      octaviaclient/tests/unit/osc/v2/test_listener.py
  6. +6
    -0
      releasenotes/notes/add-tls-version-support-for-listeners-4a6a661af5f9de9a.yaml

+ 2
- 1
octaviaclient/osc/v2/constants.py View File

@ -76,7 +76,8 @@ LISTENER_ROWS = (
'client_authentication',
'client_crl_container_ref',
'allowed_cidrs',
'tls_ciphers')
'tls_ciphers',
'tls_versions')
LISTENER_COLUMNS = (
'id',


+ 18
- 0
octaviaclient/osc/v2/listener.py View File

@ -181,6 +181,15 @@ class CreateListener(command.ShowOne):
help="Set the TLS ciphers to be used "
"by the listener in OpenSSL format."
)
parser.add_argument(
'--tls-version',
dest='tls_versions',
metavar='<tls_versions>',
nargs='?',
action='append',
help="Set the TLS protocol version to be used "
"by the listener (can be set multiple times)."
)
return parser
@ -482,6 +491,15 @@ class SetListener(command.Command):
help="Set the TLS ciphers to be used "
"by the listener in OpenSSL format."
)
parser.add_argument(
'--tls-version',
dest='tls_versions',
metavar='<tls_versions>',
nargs='?',
action='append',
help="Set the TLS protocol version to be used "
"by the listener (can be set multiple times)."
)
return parser


+ 1
- 0
octaviaclient/osc/v2/utils.py View File

@ -226,6 +226,7 @@ def get_listener_attrs(client_manager, parsed_args):
_format_str_if_need_treat_unset),
'allowed_cidrs': ('allowed_cidrs', list),
'tls_ciphers': ('tls_ciphers', str),
'tls_versions': ('tls_versions', list),
}
_attrs = vars(parsed_args)


+ 2
- 1
octaviaclient/tests/unit/osc/v2/constants.py View File

@ -79,7 +79,8 @@ LISTENER_ATTRS = {
'client_authentication': "OPTIONAL",
'client_crl_container_ref': uuidutils.generate_uuid(dashed=True),
"allowed_cidrs": ['192.0.2.0/24', '198.51.100.0/24'],
'tls_ciphers': "ECDHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES128-GCM-SHA256"
'tls_ciphers': "ECDHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES128-GCM-SHA256",
'tls_versions': ['TLSv1.1', 'TLSv1.2']
}
LOADBALANCER_ATTRS = {


+ 17
- 4
octaviaclient/tests/unit/osc/v2/test_listener.py View File

@ -192,7 +192,12 @@ class TestListenerCreate(TestListener):
'--client-crl-container-ref',
self._listener.client_crl_container_ref,
'--tls-ciphers',
self._listener.tls_ciphers]
self._listener.tls_ciphers,
'--tls-version',
self._listener.tls_versions[0],
'--tls-version',
self._listener.tls_versions[1]]
verifylist = [
('loadbalancer', 'mock_lb_id'),
('name', self._listener.name),
@ -207,7 +212,9 @@ class TestListenerCreate(TestListener):
('client_crl_container_ref',
self._listener.client_crl_container_ref),
('tls_ciphers',
self._listener.tls_ciphers)
self._listener.tls_ciphers),
('tls_versions',
self._listener.tls_versions)
]
parsed_args = self.check_parser(self.cmd, arglist, verifylist)
@ -289,7 +296,11 @@ class TestListenerSet(TestListener):
'--allowed-cidr',
self._listener.allowed_cidrs[1],
'--tls-ciphers',
self._listener.tls_ciphers]
self._listener.tls_ciphers,
'--tls-version',
self._listener.tls_versions[0],
'--tls-version',
self._listener.tls_versions[1]]
verifylist = [
('listener', self._listener.id),
('name', 'new_name'),
@ -303,7 +314,8 @@ class TestListenerSet(TestListener):
('client_crl_container_ref',
self._listener.client_crl_container_ref),
('allowed_cidrs', self._listener.allowed_cidrs),
('tls_ciphers', self._listener.tls_ciphers)
('tls_ciphers', self._listener.tls_ciphers),
('tls_versions', self._listener.tls_versions)
]
parsed_args = self.check_parser(self.cmd, arglist, verifylist)
@ -323,6 +335,7 @@ class TestListenerSet(TestListener):
self._listener.client_crl_container_ref,
'allowed_cidrs': self._listener.allowed_cidrs,
'tls_ciphers': self._listener.tls_ciphers,
'tls_versions': self._listener.tls_versions,
}})
@mock.patch('osc_lib.utils.wait_for_status')


+ 6
- 0
releasenotes/notes/add-tls-version-support-for-listeners-4a6a661af5f9de9a.yaml View File

@ -0,0 +1,6 @@
---
features:
- |
Added a repeatable optional argument ``--tls-version`` for
setting one or more TLS protocol versions when createing
or updating a listener.

Loading…
Cancel
Save