Browse Source

Add the ability to specify the cipher list for a listener

Added an optional argument --tls-ciphers for passing
an OpenSSL cipher string into the octavia commandline
client

Change-Id: Ida05b7a07c5a9adf81c95be1fe44e32b82793303
Story: 2006627
Task: 37176
changes/11/717811/7
Noah Mickus 1 year ago
parent
commit
d84cd7b577
6 changed files with 34 additions and 5 deletions
  1. +2
    -1
      octaviaclient/osc/v2/constants.py
  2. +12
    -0
      octaviaclient/osc/v2/listener.py
  3. +1
    -0
      octaviaclient/osc/v2/utils.py
  4. +1
    -0
      octaviaclient/tests/unit/osc/v2/constants.py
  5. +12
    -4
      octaviaclient/tests/unit/osc/v2/test_listener.py
  6. +6
    -0
      releasenotes/notes/add-ability-set-listener-cipher-list-fe379d0d0821ed42.yaml

+ 2
- 1
octaviaclient/osc/v2/constants.py View File

@ -75,7 +75,8 @@ LISTENER_ROWS = (
'client_ca_tls_container_ref',
'client_authentication',
'client_crl_container_ref',
'allowed_cidrs')
'allowed_cidrs',
'tls_ciphers')
LISTENER_COLUMNS = (
'id',


+ 12
- 0
octaviaclient/osc/v2/listener.py View File

@ -175,6 +175,12 @@ class CreateListener(command.ShowOne):
action='store_true',
help='Wait for action to complete',
)
parser.add_argument(
'--tls-ciphers',
metavar='<tls_ciphers>',
help="Set the TLS ciphers to be used "
"by the listener in OpenSSL format."
)
return parser
@ -470,6 +476,12 @@ class SetListener(command.Command):
action='store_true',
help='Wait for action to complete',
)
parser.add_argument(
'--tls-ciphers',
metavar='<tls_ciphers>',
help="Set the TLS ciphers to be used "
"by the listener in OpenSSL format."
)
return parser


+ 1
- 0
octaviaclient/osc/v2/utils.py View File

@ -225,6 +225,7 @@ def get_listener_attrs(client_manager, parsed_args):
'client_crl_container_ref': ('client_crl_container_ref',
_format_str_if_need_treat_unset),
'allowed_cidrs': ('allowed_cidrs', list),
'tls_ciphers': ('tls_ciphers', str),
}
_attrs = vars(parsed_args)


+ 1
- 0
octaviaclient/tests/unit/osc/v2/constants.py View File

@ -78,6 +78,7 @@ LISTENER_ATTRS = {
'client_authentication': "OPTIONAL",
'client_crl_container_ref': uuidutils.generate_uuid(dashed=True),
"allowed_cidrs": ['192.0.2.0/24', '198.51.100.0/24'],
'tls_ciphers': "ECDHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES128-GCM-SHA256"
}
LOADBALANCER_ATTRS = {


+ 12
- 4
octaviaclient/tests/unit/osc/v2/test_listener.py View File

@ -190,7 +190,9 @@ class TestListenerCreate(TestListener):
'--client-authentication',
self._listener.client_authentication,
'--client-crl-container-ref',
self._listener.client_crl_container_ref]
self._listener.client_crl_container_ref,
'--tls-ciphers',
self._listener.tls_ciphers]
verifylist = [
('loadbalancer', 'mock_lb_id'),
('name', self._listener.name),
@ -203,7 +205,9 @@ class TestListenerCreate(TestListener):
self._listener.client_ca_tls_container_ref),
('client_authentication', self._listener.client_authentication),
('client_crl_container_ref',
self._listener.client_crl_container_ref)
self._listener.client_crl_container_ref),
('tls_ciphers',
self._listener.tls_ciphers)
]
parsed_args = self.check_parser(self.cmd, arglist, verifylist)
@ -283,7 +287,9 @@ class TestListenerSet(TestListener):
'--allowed-cidr',
self._listener.allowed_cidrs[0],
'--allowed-cidr',
self._listener.allowed_cidrs[1]]
self._listener.allowed_cidrs[1],
'--tls-ciphers',
self._listener.tls_ciphers]
verifylist = [
('listener', self._listener.id),
('name', 'new_name'),
@ -296,7 +302,8 @@ class TestListenerSet(TestListener):
self._listener.client_authentication),
('client_crl_container_ref',
self._listener.client_crl_container_ref),
('allowed_cidrs', self._listener.allowed_cidrs)
('allowed_cidrs', self._listener.allowed_cidrs),
('tls_ciphers', self._listener.tls_ciphers)
]
parsed_args = self.check_parser(self.cmd, arglist, verifylist)
@ -315,6 +322,7 @@ class TestListenerSet(TestListener):
'client_crl_container_ref':
self._listener.client_crl_container_ref,
'allowed_cidrs': self._listener.allowed_cidrs,
'tls_ciphers': self._listener.tls_ciphers,
}})
@mock.patch('osc_lib.utils.wait_for_status')


+ 6
- 0
releasenotes/notes/add-ability-set-listener-cipher-list-fe379d0d0821ed42.yaml View File

@ -0,0 +1,6 @@
---
features:
- |
Added an optional Argument ``--tls-ciphers``
for passing OpenSSL cipher strings when creating
a new listener.

Loading…
Cancel
Save