Add the ability to specify the cipher list for a listener
Added an optional argument --tls-ciphers for passing an OpenSSL cipher string into the octavia commandline client Change-Id: Ida05b7a07c5a9adf81c95be1fe44e32b82793303 Story: 2006627 Task: 37176
This commit is contained in:
parent
1222d3510c
commit
d84cd7b577
|
@ -75,7 +75,8 @@ LISTENER_ROWS = (
|
||||||
'client_ca_tls_container_ref',
|
'client_ca_tls_container_ref',
|
||||||
'client_authentication',
|
'client_authentication',
|
||||||
'client_crl_container_ref',
|
'client_crl_container_ref',
|
||||||
'allowed_cidrs')
|
'allowed_cidrs',
|
||||||
|
'tls_ciphers')
|
||||||
|
|
||||||
LISTENER_COLUMNS = (
|
LISTENER_COLUMNS = (
|
||||||
'id',
|
'id',
|
||||||
|
|
|
@ -175,6 +175,12 @@ class CreateListener(command.ShowOne):
|
||||||
action='store_true',
|
action='store_true',
|
||||||
help='Wait for action to complete',
|
help='Wait for action to complete',
|
||||||
)
|
)
|
||||||
|
parser.add_argument(
|
||||||
|
'--tls-ciphers',
|
||||||
|
metavar='<tls_ciphers>',
|
||||||
|
help="Set the TLS ciphers to be used "
|
||||||
|
"by the listener in OpenSSL format."
|
||||||
|
)
|
||||||
|
|
||||||
return parser
|
return parser
|
||||||
|
|
||||||
|
@ -470,6 +476,12 @@ class SetListener(command.Command):
|
||||||
action='store_true',
|
action='store_true',
|
||||||
help='Wait for action to complete',
|
help='Wait for action to complete',
|
||||||
)
|
)
|
||||||
|
parser.add_argument(
|
||||||
|
'--tls-ciphers',
|
||||||
|
metavar='<tls_ciphers>',
|
||||||
|
help="Set the TLS ciphers to be used "
|
||||||
|
"by the listener in OpenSSL format."
|
||||||
|
)
|
||||||
|
|
||||||
return parser
|
return parser
|
||||||
|
|
||||||
|
|
|
@ -225,6 +225,7 @@ def get_listener_attrs(client_manager, parsed_args):
|
||||||
'client_crl_container_ref': ('client_crl_container_ref',
|
'client_crl_container_ref': ('client_crl_container_ref',
|
||||||
_format_str_if_need_treat_unset),
|
_format_str_if_need_treat_unset),
|
||||||
'allowed_cidrs': ('allowed_cidrs', list),
|
'allowed_cidrs': ('allowed_cidrs', list),
|
||||||
|
'tls_ciphers': ('tls_ciphers', str),
|
||||||
}
|
}
|
||||||
|
|
||||||
_attrs = vars(parsed_args)
|
_attrs = vars(parsed_args)
|
||||||
|
|
|
@ -78,6 +78,7 @@ LISTENER_ATTRS = {
|
||||||
'client_authentication': "OPTIONAL",
|
'client_authentication': "OPTIONAL",
|
||||||
'client_crl_container_ref': uuidutils.generate_uuid(dashed=True),
|
'client_crl_container_ref': uuidutils.generate_uuid(dashed=True),
|
||||||
"allowed_cidrs": ['192.0.2.0/24', '198.51.100.0/24'],
|
"allowed_cidrs": ['192.0.2.0/24', '198.51.100.0/24'],
|
||||||
|
'tls_ciphers': "ECDHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES128-GCM-SHA256"
|
||||||
}
|
}
|
||||||
|
|
||||||
LOADBALANCER_ATTRS = {
|
LOADBALANCER_ATTRS = {
|
||||||
|
|
|
@ -190,7 +190,9 @@ class TestListenerCreate(TestListener):
|
||||||
'--client-authentication',
|
'--client-authentication',
|
||||||
self._listener.client_authentication,
|
self._listener.client_authentication,
|
||||||
'--client-crl-container-ref',
|
'--client-crl-container-ref',
|
||||||
self._listener.client_crl_container_ref]
|
self._listener.client_crl_container_ref,
|
||||||
|
'--tls-ciphers',
|
||||||
|
self._listener.tls_ciphers]
|
||||||
verifylist = [
|
verifylist = [
|
||||||
('loadbalancer', 'mock_lb_id'),
|
('loadbalancer', 'mock_lb_id'),
|
||||||
('name', self._listener.name),
|
('name', self._listener.name),
|
||||||
|
@ -203,7 +205,9 @@ class TestListenerCreate(TestListener):
|
||||||
self._listener.client_ca_tls_container_ref),
|
self._listener.client_ca_tls_container_ref),
|
||||||
('client_authentication', self._listener.client_authentication),
|
('client_authentication', self._listener.client_authentication),
|
||||||
('client_crl_container_ref',
|
('client_crl_container_ref',
|
||||||
self._listener.client_crl_container_ref)
|
self._listener.client_crl_container_ref),
|
||||||
|
('tls_ciphers',
|
||||||
|
self._listener.tls_ciphers)
|
||||||
]
|
]
|
||||||
|
|
||||||
parsed_args = self.check_parser(self.cmd, arglist, verifylist)
|
parsed_args = self.check_parser(self.cmd, arglist, verifylist)
|
||||||
|
@ -283,7 +287,9 @@ class TestListenerSet(TestListener):
|
||||||
'--allowed-cidr',
|
'--allowed-cidr',
|
||||||
self._listener.allowed_cidrs[0],
|
self._listener.allowed_cidrs[0],
|
||||||
'--allowed-cidr',
|
'--allowed-cidr',
|
||||||
self._listener.allowed_cidrs[1]]
|
self._listener.allowed_cidrs[1],
|
||||||
|
'--tls-ciphers',
|
||||||
|
self._listener.tls_ciphers]
|
||||||
verifylist = [
|
verifylist = [
|
||||||
('listener', self._listener.id),
|
('listener', self._listener.id),
|
||||||
('name', 'new_name'),
|
('name', 'new_name'),
|
||||||
|
@ -296,7 +302,8 @@ class TestListenerSet(TestListener):
|
||||||
self._listener.client_authentication),
|
self._listener.client_authentication),
|
||||||
('client_crl_container_ref',
|
('client_crl_container_ref',
|
||||||
self._listener.client_crl_container_ref),
|
self._listener.client_crl_container_ref),
|
||||||
('allowed_cidrs', self._listener.allowed_cidrs)
|
('allowed_cidrs', self._listener.allowed_cidrs),
|
||||||
|
('tls_ciphers', self._listener.tls_ciphers)
|
||||||
]
|
]
|
||||||
|
|
||||||
parsed_args = self.check_parser(self.cmd, arglist, verifylist)
|
parsed_args = self.check_parser(self.cmd, arglist, verifylist)
|
||||||
|
@ -315,6 +322,7 @@ class TestListenerSet(TestListener):
|
||||||
'client_crl_container_ref':
|
'client_crl_container_ref':
|
||||||
self._listener.client_crl_container_ref,
|
self._listener.client_crl_container_ref,
|
||||||
'allowed_cidrs': self._listener.allowed_cidrs,
|
'allowed_cidrs': self._listener.allowed_cidrs,
|
||||||
|
'tls_ciphers': self._listener.tls_ciphers,
|
||||||
}})
|
}})
|
||||||
|
|
||||||
@mock.patch('osc_lib.utils.wait_for_status')
|
@mock.patch('osc_lib.utils.wait_for_status')
|
||||||
|
|
|
@ -0,0 +1,6 @@
|
||||||
|
---
|
||||||
|
features:
|
||||||
|
- |
|
||||||
|
Added an optional Argument ``--tls-ciphers``
|
||||||
|
for passing OpenSSL cipher strings when creating
|
||||||
|
a new listener.
|
Loading…
Reference in New Issue