openstack/python-octaviaclient
Code Issues Proposed changes

Add the ability to specify the cipher list for a pool

Browse Source 
Added an optional argument --tls-ciphers for passing
an OpenSSL cipher string into the octavia commandline
client when creating or updating a pool

Change-Id: Ifd2964b17e8b5704e79a9ef0d8cd3000f637a154
Story: 2006627
Task: 37178
This commit is contained in:
Noah Mickus
2020-04-06 18:30:19 +00:00
parent 4ebe7850d7
commit d05eb2c7f7
6 changed files with 33 additions and 7 deletions
Download Patch File Download Diff File Expand all files Collapse all files

3
octaviaclient/osc/v2/constants.py
View File

@@ -106,7 +106,8 @@ POOL_ROWS = (
'tls_container_ref',
'ca_tls_container_ref',
'crl_container_ref',
'tls_enabled')
'tls_enabled',
'tls_ciphers')
POOL_COLUMNS = (
'id',

12
octaviaclient/osc/v2/pool.py
View File

@@ -130,6 +130,12 @@ class CreatePool(command.ShowOne):
action='store_true',
help='Wait for action to complete',
)
parser.add_argument(
'--tls-ciphers',
metavar='<tls_ciphers>',
help="Set the TLS ciphers to be used by the pool "
"in OpenSSL cipher string format."
)
return parser
@@ -350,6 +356,12 @@ class SetPool(command.Command):
action='store_true',
help='Wait for action to complete',
)
parser.add_argument(
'--tls-ciphers',
metavar='<tls_ciphers>',
help="Set the TLS ciphers to be used by the pool "
"in OpenSSL cipher string format."
)
return parser

1
octaviaclient/osc/v2/utils.py
View File

@@ -271,6 +271,7 @@ def get_pool_attrs(client_manager, parsed_args):
'enable_tls': ('tls_enabled', lambda x: True),
'disable_tls': ('tls_enabled', lambda x: False),
'tls_ciphers': ('tls_ciphers', str),
}
_attrs = vars(parsed_args)

3
octaviaclient/tests/unit/osc/v2/constants.py
View File

@@ -153,7 +153,8 @@ POOL_ATTRS = {
"tls_container_ref": uuidutils.generate_uuid(),
"ca_tls_container_ref": uuidutils.generate_uuid(),
"crl_container_ref": uuidutils.generate_uuid(),
"tls_enabled": True
"tls_enabled": True,
"tls_ciphers": "ECDHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES128-GCM-SHA256"
}
QUOTA_ATTRS = {

15
octaviaclient/tests/unit/osc/v2/test_pool.py
View File

@@ -126,7 +126,8 @@ class TestPoolCreate(TestPool):
'--enable-tls',
'--tls-container-ref', self._po.tls_container_ref,
'--ca-tls-container-ref', self._po.ca_tls_container_ref,
'--crl-container-ref', self._po.crl_container_ref]
'--crl-container-ref', self._po.crl_container_ref,
'--tls-ciphers', self._po.tls_ciphers]
verifylist = [
('loadbalancer', 'mock_lb_id'),
@@ -136,7 +137,8 @@ class TestPoolCreate(TestPool):
('enable_tls', self._po.tls_enabled),
('tls_container_ref', self._po.tls_container_ref),
('ca_tls_container_ref', self._po.ca_tls_container_ref),
('crl_container_ref', self._po.crl_container_ref)
('crl_container_ref', self._po.crl_container_ref),
('tls_ciphers', self._po.tls_ciphers)
]
parsed_args = self.check_parser(self.cmd, arglist, verifylist)
@@ -208,10 +210,12 @@ class TestPoolSet(TestPool):
'test-crl-container-id')
arglist = [self._po.id, '--name', 'new_name', '--tls-container-ref',
new_tls_id, '--ca-tls-container-ref', new_ca_id,
'--crl-container-ref', new_crl_id, '--enable-tls']
'--crl-container-ref', new_crl_id, '--enable-tls',
'--tls-ciphers', self._po.tls_ciphers]
verifylist = [
('pool', self._po.id),
('name', 'new_name')
('name', 'new_name'),
('tls_ciphers', self._po.tls_ciphers)
]
parsed_args = self.check_parser(self.cmd, arglist, verifylist)
self.cmd.take_action(parsed_args)
@@ -220,7 +224,8 @@ class TestPoolSet(TestPool):
'tls_container_ref': new_tls_id,
'ca_tls_container_ref': new_ca_id,
'crl_container_ref': new_crl_id,
'tls_enabled': True}})
'tls_enabled': True,
'tls_ciphers': self._po.tls_ciphers}})
@mock.patch('osc_lib.utils.wait_for_status')
def test_pool_set_wait(self, mock_wait):

6
releasenotes/notes/add-ability-set-pool-cipher-list-70128f983506fbdb.yaml Normal file
View File

@@ -0,0 +1,6 @@
---
features:
- |
Added an optional Argument ``--tls-ciphers``
for passing OpenSSL cipher strings when creating
or updating a pool.