openstack
/
python-octaviaclient
Code Issues Proposed changes

Add the ability to specify TLS protocols for a listener 

Updated the listener create and set parameters to add
an argumet "--tls-version" for passing TLS protocol versions

Change-Id: Icb3171a7722e3b3028a108345506e907132bb856
Story: 2006733
Task: 37174
Depends-On: Ic33d9b9a256490ae1b048cdfd2475d6340509fdb
This commit is contained in:
Noah Mickus 2020-04-23 13:39:02 -05:00
parent ec5b1f5b6e
commit 8635219f5d
6 changed files with 46 additions and 6 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

3
octaviaclient/osc/v2/constants.py
View File

@ -76,7 +76,8 @@ LISTENER_ROWS = (
'client_authentication', 'client_authentication',
'client_crl_container_ref', 'client_crl_container_ref',
'allowed_cidrs', 'allowed_cidrs',
'tls_ciphers') 'tls_ciphers',
'tls_versions')
LISTENER_COLUMNS = ( LISTENER_COLUMNS = (
'id', 'id',

18
octaviaclient/osc/v2/listener.py
View File

@ -181,6 +181,15 @@ class CreateListener(command.ShowOne):
help="Set the TLS ciphers to be used " help="Set the TLS ciphers to be used "
"by the listener in OpenSSL format." "by the listener in OpenSSL format."
) )
parser.add_argument(
'--tls-version',
dest='tls_versions',
metavar='<tls_versions>',
nargs='?',
action='append',
help="Set the TLS protocol version to be used "
"by the listener (can be set multiple times)."
)
return parser return parser
@ -482,6 +491,15 @@ class SetListener(command.Command):
help="Set the TLS ciphers to be used " help="Set the TLS ciphers to be used "
"by the listener in OpenSSL format." "by the listener in OpenSSL format."
) )
parser.add_argument(
'--tls-version',
dest='tls_versions',
metavar='<tls_versions>',
nargs='?',
action='append',
help="Set the TLS protocol version to be used "
"by the listener (can be set multiple times)."
)
return parser return parser

1
octaviaclient/osc/v2/utils.py
View File

@ -226,6 +226,7 @@ def get_listener_attrs(client_manager, parsed_args):
_format_str_if_need_treat_unset), _format_str_if_need_treat_unset),
'allowed_cidrs': ('allowed_cidrs', list), 'allowed_cidrs': ('allowed_cidrs', list),
'tls_ciphers': ('tls_ciphers', str), 'tls_ciphers': ('tls_ciphers', str),
'tls_versions': ('tls_versions', list),
} }
_attrs = vars(parsed_args) _attrs = vars(parsed_args)

3
octaviaclient/tests/unit/osc/v2/constants.py
View File

@ -79,7 +79,8 @@ LISTENER_ATTRS = {
'client_authentication': "OPTIONAL", 'client_authentication': "OPTIONAL",
'client_crl_container_ref': uuidutils.generate_uuid(dashed=True), 'client_crl_container_ref': uuidutils.generate_uuid(dashed=True),
"allowed_cidrs": ['192.0.2.0/24', '198.51.100.0/24'], "allowed_cidrs": ['192.0.2.0/24', '198.51.100.0/24'],
'tls_ciphers': "ECDHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES128-GCM-SHA256" 'tls_ciphers': "ECDHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES128-GCM-SHA256",
'tls_versions': ['TLSv1.1', 'TLSv1.2']
} }
LOADBALANCER_ATTRS = { LOADBALANCER_ATTRS = {

21
octaviaclient/tests/unit/osc/v2/test_listener.py
View File

@ -192,7 +192,12 @@ class TestListenerCreate(TestListener):
'--client-crl-container-ref', '--client-crl-container-ref',
self._listener.client_crl_container_ref, self._listener.client_crl_container_ref,
'--tls-ciphers', '--tls-ciphers',
self._listener.tls_ciphers] self._listener.tls_ciphers,
'--tls-version',
self._listener.tls_versions[0],
'--tls-version',
self._listener.tls_versions[1]]
verifylist = [ verifylist = [
('loadbalancer', 'mock_lb_id'), ('loadbalancer', 'mock_lb_id'),
('name', self._listener.name), ('name', self._listener.name),
@ -207,7 +212,9 @@ class TestListenerCreate(TestListener):
('client_crl_container_ref', ('client_crl_container_ref',
self._listener.client_crl_container_ref), self._listener.client_crl_container_ref),
('tls_ciphers', ('tls_ciphers',
self._listener.tls_ciphers) self._listener.tls_ciphers),
('tls_versions',
self._listener.tls_versions)
] ]
parsed_args = self.check_parser(self.cmd, arglist, verifylist) parsed_args = self.check_parser(self.cmd, arglist, verifylist)
@ -289,7 +296,11 @@ class TestListenerSet(TestListener):
'--allowed-cidr', '--allowed-cidr',
self._listener.allowed_cidrs[1], self._listener.allowed_cidrs[1],
'--tls-ciphers', '--tls-ciphers',
self._listener.tls_ciphers] self._listener.tls_ciphers,
'--tls-version',
self._listener.tls_versions[0],
'--tls-version',
self._listener.tls_versions[1]]
verifylist = [ verifylist = [
('listener', self._listener.id), ('listener', self._listener.id),
('name', 'new_name'), ('name', 'new_name'),
@ -303,7 +314,8 @@ class TestListenerSet(TestListener):
('client_crl_container_ref', ('client_crl_container_ref',
self._listener.client_crl_container_ref), self._listener.client_crl_container_ref),
('allowed_cidrs', self._listener.allowed_cidrs), ('allowed_cidrs', self._listener.allowed_cidrs),
('tls_ciphers', self._listener.tls_ciphers) ('tls_ciphers', self._listener.tls_ciphers),
('tls_versions', self._listener.tls_versions)
] ]
parsed_args = self.check_parser(self.cmd, arglist, verifylist) parsed_args = self.check_parser(self.cmd, arglist, verifylist)
@ -323,6 +335,7 @@ class TestListenerSet(TestListener):
self._listener.client_crl_container_ref, self._listener.client_crl_container_ref,
'allowed_cidrs': self._listener.allowed_cidrs, 'allowed_cidrs': self._listener.allowed_cidrs,
'tls_ciphers': self._listener.tls_ciphers, 'tls_ciphers': self._listener.tls_ciphers,
'tls_versions': self._listener.tls_versions,
}}) }})
@mock.patch('osc_lib.utils.wait_for_status') @mock.patch('osc_lib.utils.wait_for_status')

6
releasenotes/notes/add-tls-version-support-for-listeners-4a6a661af5f9de9a.yaml Normal file
View File

@ -0,0 +1,6 @@
---
features:
- |
Added a repeatable optional argument ``--tls-version`` for
setting one or more TLS protocol versions when createing
or updating a listener.