Add the ability to specify the cipher list for a pool
Added an optional argument --tls-ciphers for passing an OpenSSL cipher string into the octavia commandline client when creating or updating a pool Change-Id: Ifd2964b17e8b5704e79a9ef0d8cd3000f637a154 Story: 2006627 Task: 37178
This commit is contained in:
parent
4ebe7850d7
commit
d05eb2c7f7
|
@ -106,7 +106,8 @@ POOL_ROWS = (
|
||||||
'tls_container_ref',
|
'tls_container_ref',
|
||||||
'ca_tls_container_ref',
|
'ca_tls_container_ref',
|
||||||
'crl_container_ref',
|
'crl_container_ref',
|
||||||
'tls_enabled')
|
'tls_enabled',
|
||||||
|
'tls_ciphers')
|
||||||
|
|
||||||
POOL_COLUMNS = (
|
POOL_COLUMNS = (
|
||||||
'id',
|
'id',
|
||||||
|
|
|
@ -130,6 +130,12 @@ class CreatePool(command.ShowOne):
|
||||||
action='store_true',
|
action='store_true',
|
||||||
help='Wait for action to complete',
|
help='Wait for action to complete',
|
||||||
)
|
)
|
||||||
|
parser.add_argument(
|
||||||
|
'--tls-ciphers',
|
||||||
|
metavar='<tls_ciphers>',
|
||||||
|
help="Set the TLS ciphers to be used by the pool "
|
||||||
|
"in OpenSSL cipher string format."
|
||||||
|
)
|
||||||
|
|
||||||
return parser
|
return parser
|
||||||
|
|
||||||
|
@ -350,6 +356,12 @@ class SetPool(command.Command):
|
||||||
action='store_true',
|
action='store_true',
|
||||||
help='Wait for action to complete',
|
help='Wait for action to complete',
|
||||||
)
|
)
|
||||||
|
parser.add_argument(
|
||||||
|
'--tls-ciphers',
|
||||||
|
metavar='<tls_ciphers>',
|
||||||
|
help="Set the TLS ciphers to be used by the pool "
|
||||||
|
"in OpenSSL cipher string format."
|
||||||
|
)
|
||||||
|
|
||||||
return parser
|
return parser
|
||||||
|
|
||||||
|
|
|
@ -271,6 +271,7 @@ def get_pool_attrs(client_manager, parsed_args):
|
||||||
|
|
||||||
'enable_tls': ('tls_enabled', lambda x: True),
|
'enable_tls': ('tls_enabled', lambda x: True),
|
||||||
'disable_tls': ('tls_enabled', lambda x: False),
|
'disable_tls': ('tls_enabled', lambda x: False),
|
||||||
|
'tls_ciphers': ('tls_ciphers', str),
|
||||||
}
|
}
|
||||||
|
|
||||||
_attrs = vars(parsed_args)
|
_attrs = vars(parsed_args)
|
||||||
|
|
|
@ -153,7 +153,8 @@ POOL_ATTRS = {
|
||||||
"tls_container_ref": uuidutils.generate_uuid(),
|
"tls_container_ref": uuidutils.generate_uuid(),
|
||||||
"ca_tls_container_ref": uuidutils.generate_uuid(),
|
"ca_tls_container_ref": uuidutils.generate_uuid(),
|
||||||
"crl_container_ref": uuidutils.generate_uuid(),
|
"crl_container_ref": uuidutils.generate_uuid(),
|
||||||
"tls_enabled": True
|
"tls_enabled": True,
|
||||||
|
"tls_ciphers": "ECDHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES128-GCM-SHA256"
|
||||||
}
|
}
|
||||||
|
|
||||||
QUOTA_ATTRS = {
|
QUOTA_ATTRS = {
|
||||||
|
|
|
@ -126,7 +126,8 @@ class TestPoolCreate(TestPool):
|
||||||
'--enable-tls',
|
'--enable-tls',
|
||||||
'--tls-container-ref', self._po.tls_container_ref,
|
'--tls-container-ref', self._po.tls_container_ref,
|
||||||
'--ca-tls-container-ref', self._po.ca_tls_container_ref,
|
'--ca-tls-container-ref', self._po.ca_tls_container_ref,
|
||||||
'--crl-container-ref', self._po.crl_container_ref]
|
'--crl-container-ref', self._po.crl_container_ref,
|
||||||
|
'--tls-ciphers', self._po.tls_ciphers]
|
||||||
|
|
||||||
verifylist = [
|
verifylist = [
|
||||||
('loadbalancer', 'mock_lb_id'),
|
('loadbalancer', 'mock_lb_id'),
|
||||||
|
@ -136,7 +137,8 @@ class TestPoolCreate(TestPool):
|
||||||
('enable_tls', self._po.tls_enabled),
|
('enable_tls', self._po.tls_enabled),
|
||||||
('tls_container_ref', self._po.tls_container_ref),
|
('tls_container_ref', self._po.tls_container_ref),
|
||||||
('ca_tls_container_ref', self._po.ca_tls_container_ref),
|
('ca_tls_container_ref', self._po.ca_tls_container_ref),
|
||||||
('crl_container_ref', self._po.crl_container_ref)
|
('crl_container_ref', self._po.crl_container_ref),
|
||||||
|
('tls_ciphers', self._po.tls_ciphers)
|
||||||
]
|
]
|
||||||
|
|
||||||
parsed_args = self.check_parser(self.cmd, arglist, verifylist)
|
parsed_args = self.check_parser(self.cmd, arglist, verifylist)
|
||||||
|
@ -208,10 +210,12 @@ class TestPoolSet(TestPool):
|
||||||
'test-crl-container-id')
|
'test-crl-container-id')
|
||||||
arglist = [self._po.id, '--name', 'new_name', '--tls-container-ref',
|
arglist = [self._po.id, '--name', 'new_name', '--tls-container-ref',
|
||||||
new_tls_id, '--ca-tls-container-ref', new_ca_id,
|
new_tls_id, '--ca-tls-container-ref', new_ca_id,
|
||||||
'--crl-container-ref', new_crl_id, '--enable-tls']
|
'--crl-container-ref', new_crl_id, '--enable-tls',
|
||||||
|
'--tls-ciphers', self._po.tls_ciphers]
|
||||||
verifylist = [
|
verifylist = [
|
||||||
('pool', self._po.id),
|
('pool', self._po.id),
|
||||||
('name', 'new_name')
|
('name', 'new_name'),
|
||||||
|
('tls_ciphers', self._po.tls_ciphers)
|
||||||
]
|
]
|
||||||
parsed_args = self.check_parser(self.cmd, arglist, verifylist)
|
parsed_args = self.check_parser(self.cmd, arglist, verifylist)
|
||||||
self.cmd.take_action(parsed_args)
|
self.cmd.take_action(parsed_args)
|
||||||
|
@ -220,7 +224,8 @@ class TestPoolSet(TestPool):
|
||||||
'tls_container_ref': new_tls_id,
|
'tls_container_ref': new_tls_id,
|
||||||
'ca_tls_container_ref': new_ca_id,
|
'ca_tls_container_ref': new_ca_id,
|
||||||
'crl_container_ref': new_crl_id,
|
'crl_container_ref': new_crl_id,
|
||||||
'tls_enabled': True}})
|
'tls_enabled': True,
|
||||||
|
'tls_ciphers': self._po.tls_ciphers}})
|
||||||
|
|
||||||
@mock.patch('osc_lib.utils.wait_for_status')
|
@mock.patch('osc_lib.utils.wait_for_status')
|
||||||
def test_pool_set_wait(self, mock_wait):
|
def test_pool_set_wait(self, mock_wait):
|
||||||
|
|
|
@ -0,0 +1,6 @@
|
||||||
|
---
|
||||||
|
features:
|
||||||
|
- |
|
||||||
|
Added an optional Argument ``--tls-ciphers``
|
||||||
|
for passing OpenSSL cipher strings when creating
|
||||||
|
or updating a pool.
|
Loading…
Reference in New Issue