Browse Source

Add the ability to specify TLS protocols for a pool

Updated the pool create and set parameters to add
a repeatable  argumet "--tls-version" for passing TLS
Protocols

Change-Id: Ia7a5ebbfc32f354ba733cc404539239fd6009e7a
Story: 2006733
Task: 37175
Depends-On: I480b7fb9756d98ba9dbcdfd1d4b193ce6868e291
changes/94/724194/9
Noah Mickus 1 year ago
committed by Michael Johnson
parent
commit
fc9df662cf
6 changed files with 43 additions and 7 deletions
  1. +2
    -1
      octaviaclient/osc/v2/constants.py
  2. +19
    -0
      octaviaclient/osc/v2/pool.py
  3. +1
    -0
      octaviaclient/osc/v2/utils.py
  4. +2
    -1
      octaviaclient/tests/unit/osc/v2/constants.py
  5. +13
    -5
      octaviaclient/tests/unit/osc/v2/test_pool.py
  6. +6
    -0
      releasenotes/notes/add-tls-version-support-to-pools-852f02b034f436f9.yaml

+ 2
- 1
octaviaclient/osc/v2/constants.py View File

@ -109,7 +109,8 @@ POOL_ROWS = (
'ca_tls_container_ref',
'crl_container_ref',
'tls_enabled',
'tls_ciphers')
'tls_ciphers',
'tls_versions')
POOL_COLUMNS = (
'id',


+ 19
- 0
octaviaclient/osc/v2/pool.py View File

@ -136,6 +136,15 @@ class CreatePool(command.ShowOne):
help="Set the TLS ciphers to be used by the pool "
"in OpenSSL cipher string format."
)
parser.add_argument(
'--tls-version',
dest='tls_versions',
metavar='<tls_versions>',
nargs='?',
action='append',
help="Set the TLS protocol version to be used "
"by the pool (can be set multiple times)."
)
return parser
@ -362,6 +371,16 @@ class SetPool(command.Command):
help="Set the TLS ciphers to be used by the pool "
"in OpenSSL cipher string format."
)
parser.add_argument(
'--tls-version',
dest='tls_versions',
metavar='<tls_versions>',
nargs='?',
action='append',
help="Set the TLS protocol version to be used "
"by the pool (can be set multiple times)."
)
return parser


+ 1
- 0
octaviaclient/osc/v2/utils.py View File

@ -274,6 +274,7 @@ def get_pool_attrs(client_manager, parsed_args):
'enable_tls': ('tls_enabled', lambda x: True),
'disable_tls': ('tls_enabled', lambda x: False),
'tls_ciphers': ('tls_ciphers', str),
'tls_versions': ('tls_versions', list),
}
_attrs = vars(parsed_args)


+ 2
- 1
octaviaclient/tests/unit/osc/v2/constants.py View File

@ -157,7 +157,8 @@ POOL_ATTRS = {
"ca_tls_container_ref": uuidutils.generate_uuid(),
"crl_container_ref": uuidutils.generate_uuid(),
"tls_enabled": True,
"tls_ciphers": "ECDHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES128-GCM-SHA256"
"tls_ciphers": "ECDHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES128-GCM-SHA256",
"tls_versions": ['TLSv1.1', 'TLSv1.2']
}
QUOTA_ATTRS = {


+ 13
- 5
octaviaclient/tests/unit/osc/v2/test_pool.py View File

@ -127,7 +127,9 @@ class TestPoolCreate(TestPool):
'--tls-container-ref', self._po.tls_container_ref,
'--ca-tls-container-ref', self._po.ca_tls_container_ref,
'--crl-container-ref', self._po.crl_container_ref,
'--tls-ciphers', self._po.tls_ciphers]
'--tls-ciphers', self._po.tls_ciphers,
'--tls-version', self._po.tls_versions[0],
'--tls-version', self._po.tls_versions[1]]
verifylist = [
('loadbalancer', 'mock_lb_id'),
@ -138,7 +140,8 @@ class TestPoolCreate(TestPool):
('tls_container_ref', self._po.tls_container_ref),
('ca_tls_container_ref', self._po.ca_tls_container_ref),
('crl_container_ref', self._po.crl_container_ref),
('tls_ciphers', self._po.tls_ciphers)
('tls_ciphers', self._po.tls_ciphers),
('tls_versions', self._po.tls_versions)
]
parsed_args = self.check_parser(self.cmd, arglist, verifylist)
@ -211,11 +214,14 @@ class TestPoolSet(TestPool):
arglist = [self._po.id, '--name', 'new_name', '--tls-container-ref',
new_tls_id, '--ca-tls-container-ref', new_ca_id,
'--crl-container-ref', new_crl_id, '--enable-tls',
'--tls-ciphers', self._po.tls_ciphers]
'--tls-ciphers', self._po.tls_ciphers,
'--tls-version', self._po.tls_versions[0],
'--tls-version', self._po.tls_versions[1]]
verifylist = [
('pool', self._po.id),
('name', 'new_name'),
('tls_ciphers', self._po.tls_ciphers)
('tls_ciphers', self._po.tls_ciphers),
('tls_versions', self._po.tls_versions)
]
parsed_args = self.check_parser(self.cmd, arglist, verifylist)
self.cmd.take_action(parsed_args)
@ -225,7 +231,9 @@ class TestPoolSet(TestPool):
'ca_tls_container_ref': new_ca_id,
'crl_container_ref': new_crl_id,
'tls_enabled': True,
'tls_ciphers': self._po.tls_ciphers}})
'tls_ciphers': self._po.tls_ciphers,
'tls_versions': self._po.tls_versions
}})
@mock.patch('osc_lib.utils.wait_for_status')
def test_pool_set_wait(self, mock_wait):


+ 6
- 0
releasenotes/notes/add-tls-version-support-to-pools-852f02b034f436f9.yaml View File

@ -0,0 +1,6 @@
---
features:
- |
Added a repeatable optional argument ``--tls-version`` for
setting one or more TLS protocol versions when creating
or updating a pool.

Loading…
Cancel
Save