From d84cd7b5775c3e242d770bd2df24838a6ad23c3a Mon Sep 17 00:00:00 2001 From: Noah Mickus Date: Mon, 6 Apr 2020 17:19:25 +0000 Subject: [PATCH] Add the ability to specify the cipher list for a listener Added an optional argument --tls-ciphers for passing an OpenSSL cipher string into the octavia commandline client Change-Id: Ida05b7a07c5a9adf81c95be1fe44e32b82793303 Story: 2006627 Task: 37176 --- octaviaclient/osc/v2/constants.py | 3 ++- octaviaclient/osc/v2/listener.py | 12 ++++++++++++ octaviaclient/osc/v2/utils.py | 1 + octaviaclient/tests/unit/osc/v2/constants.py | 1 + octaviaclient/tests/unit/osc/v2/test_listener.py | 16 ++++++++++++---- ...et-listener-cipher-list-fe379d0d0821ed42.yaml | 6 ++++++ 6 files changed, 34 insertions(+), 5 deletions(-) create mode 100644 releasenotes/notes/add-ability-set-listener-cipher-list-fe379d0d0821ed42.yaml diff --git a/octaviaclient/osc/v2/constants.py b/octaviaclient/osc/v2/constants.py index b07551e..86c8e23 100644 --- a/octaviaclient/osc/v2/constants.py +++ b/octaviaclient/osc/v2/constants.py @@ -75,7 +75,8 @@ LISTENER_ROWS = ( 'client_ca_tls_container_ref', 'client_authentication', 'client_crl_container_ref', - 'allowed_cidrs') + 'allowed_cidrs', + 'tls_ciphers') LISTENER_COLUMNS = ( 'id', diff --git a/octaviaclient/osc/v2/listener.py b/octaviaclient/osc/v2/listener.py index e12846d..814ef3d 100644 --- a/octaviaclient/osc/v2/listener.py +++ b/octaviaclient/osc/v2/listener.py @@ -175,6 +175,12 @@ class CreateListener(command.ShowOne): action='store_true', help='Wait for action to complete', ) + parser.add_argument( + '--tls-ciphers', + metavar='', + help="Set the TLS ciphers to be used " + "by the listener in OpenSSL format." + ) return parser @@ -470,6 +476,12 @@ class SetListener(command.Command): action='store_true', help='Wait for action to complete', ) + parser.add_argument( + '--tls-ciphers', + metavar='', + help="Set the TLS ciphers to be used " + "by the listener in OpenSSL format." + ) return parser diff --git a/octaviaclient/osc/v2/utils.py b/octaviaclient/osc/v2/utils.py index 9ff98d5..d405293 100644 --- a/octaviaclient/osc/v2/utils.py +++ b/octaviaclient/osc/v2/utils.py @@ -225,6 +225,7 @@ def get_listener_attrs(client_manager, parsed_args): 'client_crl_container_ref': ('client_crl_container_ref', _format_str_if_need_treat_unset), 'allowed_cidrs': ('allowed_cidrs', list), + 'tls_ciphers': ('tls_ciphers', str), } _attrs = vars(parsed_args) diff --git a/octaviaclient/tests/unit/osc/v2/constants.py b/octaviaclient/tests/unit/osc/v2/constants.py index 7821c5e..671b168 100644 --- a/octaviaclient/tests/unit/osc/v2/constants.py +++ b/octaviaclient/tests/unit/osc/v2/constants.py @@ -78,6 +78,7 @@ LISTENER_ATTRS = { 'client_authentication': "OPTIONAL", 'client_crl_container_ref': uuidutils.generate_uuid(dashed=True), "allowed_cidrs": ['192.0.2.0/24', '198.51.100.0/24'], + 'tls_ciphers': "ECDHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES128-GCM-SHA256" } LOADBALANCER_ATTRS = { diff --git a/octaviaclient/tests/unit/osc/v2/test_listener.py b/octaviaclient/tests/unit/osc/v2/test_listener.py index b9acccd..bd0495b 100644 --- a/octaviaclient/tests/unit/osc/v2/test_listener.py +++ b/octaviaclient/tests/unit/osc/v2/test_listener.py @@ -190,7 +190,9 @@ class TestListenerCreate(TestListener): '--client-authentication', self._listener.client_authentication, '--client-crl-container-ref', - self._listener.client_crl_container_ref] + self._listener.client_crl_container_ref, + '--tls-ciphers', + self._listener.tls_ciphers] verifylist = [ ('loadbalancer', 'mock_lb_id'), ('name', self._listener.name), @@ -203,7 +205,9 @@ class TestListenerCreate(TestListener): self._listener.client_ca_tls_container_ref), ('client_authentication', self._listener.client_authentication), ('client_crl_container_ref', - self._listener.client_crl_container_ref) + self._listener.client_crl_container_ref), + ('tls_ciphers', + self._listener.tls_ciphers) ] parsed_args = self.check_parser(self.cmd, arglist, verifylist) @@ -283,7 +287,9 @@ class TestListenerSet(TestListener): '--allowed-cidr', self._listener.allowed_cidrs[0], '--allowed-cidr', - self._listener.allowed_cidrs[1]] + self._listener.allowed_cidrs[1], + '--tls-ciphers', + self._listener.tls_ciphers] verifylist = [ ('listener', self._listener.id), ('name', 'new_name'), @@ -296,7 +302,8 @@ class TestListenerSet(TestListener): self._listener.client_authentication), ('client_crl_container_ref', self._listener.client_crl_container_ref), - ('allowed_cidrs', self._listener.allowed_cidrs) + ('allowed_cidrs', self._listener.allowed_cidrs), + ('tls_ciphers', self._listener.tls_ciphers) ] parsed_args = self.check_parser(self.cmd, arglist, verifylist) @@ -315,6 +322,7 @@ class TestListenerSet(TestListener): 'client_crl_container_ref': self._listener.client_crl_container_ref, 'allowed_cidrs': self._listener.allowed_cidrs, + 'tls_ciphers': self._listener.tls_ciphers, }}) @mock.patch('osc_lib.utils.wait_for_status') diff --git a/releasenotes/notes/add-ability-set-listener-cipher-list-fe379d0d0821ed42.yaml b/releasenotes/notes/add-ability-set-listener-cipher-list-fe379d0d0821ed42.yaml new file mode 100644 index 0000000..06e69f9 --- /dev/null +++ b/releasenotes/notes/add-ability-set-listener-cipher-list-fe379d0d0821ed42.yaml @@ -0,0 +1,6 @@ +--- +features: + - | + Added an optional Argument ``--tls-ciphers`` + for passing OpenSSL cipher strings when creating + a new listener.