Add the ability to specify the cipher list for a pool
Added an optional argument --tls-ciphers for passing an OpenSSL cipher string into the octavia commandline client when creating or updating a pool Change-Id: Ifd2964b17e8b5704e79a9ef0d8cd3000f637a154 Story: 2006627 Task: 37178
This commit is contained in:
parent
4ebe7850d7
commit
d05eb2c7f7
|
@ -106,7 +106,8 @@ POOL_ROWS = (
|
|||
'tls_container_ref',
|
||||
'ca_tls_container_ref',
|
||||
'crl_container_ref',
|
||||
'tls_enabled')
|
||||
'tls_enabled',
|
||||
'tls_ciphers')
|
||||
|
||||
POOL_COLUMNS = (
|
||||
'id',
|
||||
|
|
|
@ -130,6 +130,12 @@ class CreatePool(command.ShowOne):
|
|||
action='store_true',
|
||||
help='Wait for action to complete',
|
||||
)
|
||||
parser.add_argument(
|
||||
'--tls-ciphers',
|
||||
metavar='<tls_ciphers>',
|
||||
help="Set the TLS ciphers to be used by the pool "
|
||||
"in OpenSSL cipher string format."
|
||||
)
|
||||
|
||||
return parser
|
||||
|
||||
|
@ -350,6 +356,12 @@ class SetPool(command.Command):
|
|||
action='store_true',
|
||||
help='Wait for action to complete',
|
||||
)
|
||||
parser.add_argument(
|
||||
'--tls-ciphers',
|
||||
metavar='<tls_ciphers>',
|
||||
help="Set the TLS ciphers to be used by the pool "
|
||||
"in OpenSSL cipher string format."
|
||||
)
|
||||
|
||||
return parser
|
||||
|
||||
|
|
|
@ -271,6 +271,7 @@ def get_pool_attrs(client_manager, parsed_args):
|
|||
|
||||
'enable_tls': ('tls_enabled', lambda x: True),
|
||||
'disable_tls': ('tls_enabled', lambda x: False),
|
||||
'tls_ciphers': ('tls_ciphers', str),
|
||||
}
|
||||
|
||||
_attrs = vars(parsed_args)
|
||||
|
|
|
@ -153,7 +153,8 @@ POOL_ATTRS = {
|
|||
"tls_container_ref": uuidutils.generate_uuid(),
|
||||
"ca_tls_container_ref": uuidutils.generate_uuid(),
|
||||
"crl_container_ref": uuidutils.generate_uuid(),
|
||||
"tls_enabled": True
|
||||
"tls_enabled": True,
|
||||
"tls_ciphers": "ECDHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES128-GCM-SHA256"
|
||||
}
|
||||
|
||||
QUOTA_ATTRS = {
|
||||
|
|
|
@ -126,7 +126,8 @@ class TestPoolCreate(TestPool):
|
|||
'--enable-tls',
|
||||
'--tls-container-ref', self._po.tls_container_ref,
|
||||
'--ca-tls-container-ref', self._po.ca_tls_container_ref,
|
||||
'--crl-container-ref', self._po.crl_container_ref]
|
||||
'--crl-container-ref', self._po.crl_container_ref,
|
||||
'--tls-ciphers', self._po.tls_ciphers]
|
||||
|
||||
verifylist = [
|
||||
('loadbalancer', 'mock_lb_id'),
|
||||
|
@ -136,7 +137,8 @@ class TestPoolCreate(TestPool):
|
|||
('enable_tls', self._po.tls_enabled),
|
||||
('tls_container_ref', self._po.tls_container_ref),
|
||||
('ca_tls_container_ref', self._po.ca_tls_container_ref),
|
||||
('crl_container_ref', self._po.crl_container_ref)
|
||||
('crl_container_ref', self._po.crl_container_ref),
|
||||
('tls_ciphers', self._po.tls_ciphers)
|
||||
]
|
||||
|
||||
parsed_args = self.check_parser(self.cmd, arglist, verifylist)
|
||||
|
@ -208,10 +210,12 @@ class TestPoolSet(TestPool):
|
|||
'test-crl-container-id')
|
||||
arglist = [self._po.id, '--name', 'new_name', '--tls-container-ref',
|
||||
new_tls_id, '--ca-tls-container-ref', new_ca_id,
|
||||
'--crl-container-ref', new_crl_id, '--enable-tls']
|
||||
'--crl-container-ref', new_crl_id, '--enable-tls',
|
||||
'--tls-ciphers', self._po.tls_ciphers]
|
||||
verifylist = [
|
||||
('pool', self._po.id),
|
||||
('name', 'new_name')
|
||||
('name', 'new_name'),
|
||||
('tls_ciphers', self._po.tls_ciphers)
|
||||
]
|
||||
parsed_args = self.check_parser(self.cmd, arglist, verifylist)
|
||||
self.cmd.take_action(parsed_args)
|
||||
|
@ -220,7 +224,8 @@ class TestPoolSet(TestPool):
|
|||
'tls_container_ref': new_tls_id,
|
||||
'ca_tls_container_ref': new_ca_id,
|
||||
'crl_container_ref': new_crl_id,
|
||||
'tls_enabled': True}})
|
||||
'tls_enabled': True,
|
||||
'tls_ciphers': self._po.tls_ciphers}})
|
||||
|
||||
@mock.patch('osc_lib.utils.wait_for_status')
|
||||
def test_pool_set_wait(self, mock_wait):
|
||||
|
|
|
@ -0,0 +1,6 @@
|
|||
---
|
||||
features:
|
||||
- |
|
||||
Added an optional Argument ``--tls-ciphers``
|
||||
for passing OpenSSL cipher strings when creating
|
||||
or updating a pool.
|
Loading…
Reference in New Issue