openstack
/
python-octaviaclient
Code Issues Proposed changes

Add the ability to specify the cipher list for a pool 

Added an optional argument --tls-ciphers for passing
an OpenSSL cipher string into the octavia commandline
client when creating or updating a pool

Change-Id: Ifd2964b17e8b5704e79a9ef0d8cd3000f637a154
Story: 2006627
Task: 37178
This commit is contained in:
Noah Mickus 2020-04-06 18:30:19 +00:00
parent 4ebe7850d7
commit d05eb2c7f7
6 changed files with 33 additions and 7 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

3
octaviaclient/osc/v2/constants.py
View File

@ -106,7 +106,8 @@ POOL_ROWS = (
'tls_container_ref', 'tls_container_ref',
'ca_tls_container_ref', 'ca_tls_container_ref',
'crl_container_ref', 'crl_container_ref',
'tls_enabled') 'tls_enabled',
'tls_ciphers')
POOL_COLUMNS = ( POOL_COLUMNS = (
'id', 'id',

12
octaviaclient/osc/v2/pool.py
View File

@ -130,6 +130,12 @@ class CreatePool(command.ShowOne):
action='store_true', action='store_true',
help='Wait for action to complete', help='Wait for action to complete',
) )
parser.add_argument(
'--tls-ciphers',
metavar='<tls_ciphers>',
help="Set the TLS ciphers to be used by the pool "
"in OpenSSL cipher string format."
)
return parser return parser
@ -350,6 +356,12 @@ class SetPool(command.Command):
action='store_true', action='store_true',
help='Wait for action to complete', help='Wait for action to complete',
) )
parser.add_argument(
'--tls-ciphers',
metavar='<tls_ciphers>',
help="Set the TLS ciphers to be used by the pool "
"in OpenSSL cipher string format."
)
return parser return parser

1
octaviaclient/osc/v2/utils.py
View File

@ -271,6 +271,7 @@ def get_pool_attrs(client_manager, parsed_args):
'enable_tls': ('tls_enabled', lambda x: True), 'enable_tls': ('tls_enabled', lambda x: True),
'disable_tls': ('tls_enabled', lambda x: False), 'disable_tls': ('tls_enabled', lambda x: False),
'tls_ciphers': ('tls_ciphers', str),
} }
_attrs = vars(parsed_args) _attrs = vars(parsed_args)

3
octaviaclient/tests/unit/osc/v2/constants.py
View File

@ -153,7 +153,8 @@ POOL_ATTRS = {
"tls_container_ref": uuidutils.generate_uuid(), "tls_container_ref": uuidutils.generate_uuid(),
"ca_tls_container_ref": uuidutils.generate_uuid(), "ca_tls_container_ref": uuidutils.generate_uuid(),
"crl_container_ref": uuidutils.generate_uuid(), "crl_container_ref": uuidutils.generate_uuid(),
"tls_enabled": True "tls_enabled": True,
"tls_ciphers": "ECDHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES128-GCM-SHA256"
} }
QUOTA_ATTRS = { QUOTA_ATTRS = {

15
octaviaclient/tests/unit/osc/v2/test_pool.py
View File

@ -126,7 +126,8 @@ class TestPoolCreate(TestPool):
'--enable-tls', '--enable-tls',
'--tls-container-ref', self._po.tls_container_ref, '--tls-container-ref', self._po.tls_container_ref,
'--ca-tls-container-ref', self._po.ca_tls_container_ref, '--ca-tls-container-ref', self._po.ca_tls_container_ref,
'--crl-container-ref', self._po.crl_container_ref] '--crl-container-ref', self._po.crl_container_ref,
'--tls-ciphers', self._po.tls_ciphers]
verifylist = [ verifylist = [
('loadbalancer', 'mock_lb_id'), ('loadbalancer', 'mock_lb_id'),
@ -136,7 +137,8 @@ class TestPoolCreate(TestPool):
('enable_tls', self._po.tls_enabled), ('enable_tls', self._po.tls_enabled),
('tls_container_ref', self._po.tls_container_ref), ('tls_container_ref', self._po.tls_container_ref),
('ca_tls_container_ref', self._po.ca_tls_container_ref), ('ca_tls_container_ref', self._po.ca_tls_container_ref),
('crl_container_ref', self._po.crl_container_ref) ('crl_container_ref', self._po.crl_container_ref),
('tls_ciphers', self._po.tls_ciphers)
] ]
parsed_args = self.check_parser(self.cmd, arglist, verifylist) parsed_args = self.check_parser(self.cmd, arglist, verifylist)
@ -208,10 +210,12 @@ class TestPoolSet(TestPool):
'test-crl-container-id') 'test-crl-container-id')
arglist = [self._po.id, '--name', 'new_name', '--tls-container-ref', arglist = [self._po.id, '--name', 'new_name', '--tls-container-ref',
new_tls_id, '--ca-tls-container-ref', new_ca_id, new_tls_id, '--ca-tls-container-ref', new_ca_id,
'--crl-container-ref', new_crl_id, '--enable-tls'] '--crl-container-ref', new_crl_id, '--enable-tls',
'--tls-ciphers', self._po.tls_ciphers]
verifylist = [ verifylist = [
('pool', self._po.id), ('pool', self._po.id),
('name', 'new_name') ('name', 'new_name'),
('tls_ciphers', self._po.tls_ciphers)
] ]
parsed_args = self.check_parser(self.cmd, arglist, verifylist) parsed_args = self.check_parser(self.cmd, arglist, verifylist)
self.cmd.take_action(parsed_args) self.cmd.take_action(parsed_args)
@ -220,7 +224,8 @@ class TestPoolSet(TestPool):
'tls_container_ref': new_tls_id, 'tls_container_ref': new_tls_id,
'ca_tls_container_ref': new_ca_id, 'ca_tls_container_ref': new_ca_id,
'crl_container_ref': new_crl_id, 'crl_container_ref': new_crl_id,
'tls_enabled': True}}) 'tls_enabled': True,
'tls_ciphers': self._po.tls_ciphers}})
@mock.patch('osc_lib.utils.wait_for_status') @mock.patch('osc_lib.utils.wait_for_status')
def test_pool_set_wait(self, mock_wait): def test_pool_set_wait(self, mock_wait):

6
releasenotes/notes/add-ability-set-pool-cipher-list-70128f983506fbdb.yaml Normal file
View File

@ -0,0 +1,6 @@
---
features:
- |
Added an optional Argument ``--tls-ciphers``
for passing OpenSSL cipher strings when creating
or updating a pool.