Add the ability to specify TLS protocols for a pool

Updated the pool create and set parameters to add a repeatable argumet "--tls-version" for passing TLS Protocols Change-Id: Ia7a5ebbfc32f354ba733cc404539239fd6009e7a Story: 2006733 Task: 37175 Depends-On: I480b7fb9756d98ba9dbcdfd1d4b193ce6868e291
2020-04-28 17:50:21 -05:00 · 2020-04-28 17:50:21 -05:00 · fc9df662cf
parent 8635219f5d
commit fc9df662cf
6 changed files with 43 additions and 7 deletions
--- a/octaviaclient/osc/v2/constants.py
+++ b/octaviaclient/osc/v2/constants.py
@ -109,7 +109,8 @@ POOL_ROWS = (
    'ca_tls_container_ref',
    'crl_container_ref',
    'tls_enabled',
-    'tls_ciphers')
+    'tls_ciphers',
+    'tls_versions')

 POOL_COLUMNS = (
    'id',
--- a/octaviaclient/osc/v2/pool.py
+++ b/octaviaclient/osc/v2/pool.py
@ -136,6 +136,15 @@ class CreatePool(command.ShowOne):
            help="Set the TLS ciphers to be used by the pool "
                 "in OpenSSL cipher string format."
        )
+        parser.add_argument(
+            '--tls-version',
+            dest='tls_versions',
+            metavar='<tls_versions>',
+            nargs='?',
+            action='append',
+            help="Set the TLS protocol version to be used "
+                 "by the pool (can be set multiple times)."
+        )

        return parser

@ -362,6 +371,16 @@ class SetPool(command.Command):
            help="Set the TLS ciphers to be used by the pool "
                 "in OpenSSL cipher string format."
        )
+        parser.add_argument(
+            '--tls-version',
+            dest='tls_versions',
+            metavar='<tls_versions>',
+            nargs='?',
+            action='append',
+            help="Set the TLS protocol version to be used "
+                 "by the pool (can be set multiple times)."
+
+        )

        return parser

--- a/octaviaclient/osc/v2/utils.py
+++ b/octaviaclient/osc/v2/utils.py
@ -274,6 +274,7 @@ def get_pool_attrs(client_manager, parsed_args):
        'enable_tls': ('tls_enabled', lambda x: True),
        'disable_tls': ('tls_enabled', lambda x: False),
        'tls_ciphers': ('tls_ciphers', str),
+        'tls_versions': ('tls_versions', list),
    }

    _attrs = vars(parsed_args)
--- a/octaviaclient/tests/unit/osc/v2/constants.py
+++ b/octaviaclient/tests/unit/osc/v2/constants.py
@ -157,7 +157,8 @@ POOL_ATTRS = {
    "ca_tls_container_ref": uuidutils.generate_uuid(),
    "crl_container_ref": uuidutils.generate_uuid(),
    "tls_enabled": True,
-    "tls_ciphers": "ECDHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES128-GCM-SHA256"
+    "tls_ciphers": "ECDHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES128-GCM-SHA256",
+    "tls_versions": ['TLSv1.1', 'TLSv1.2']
 }

 QUOTA_ATTRS = {
--- a/octaviaclient/tests/unit/osc/v2/test_pool.py
+++ b/octaviaclient/tests/unit/osc/v2/test_pool.py
@ -127,7 +127,9 @@ class TestPoolCreate(TestPool):
                   '--tls-container-ref', self._po.tls_container_ref,
                   '--ca-tls-container-ref', self._po.ca_tls_container_ref,
                   '--crl-container-ref', self._po.crl_container_ref,
-                   '--tls-ciphers', self._po.tls_ciphers]
+                   '--tls-ciphers', self._po.tls_ciphers,
+                   '--tls-version', self._po.tls_versions[0],
+                   '--tls-version', self._po.tls_versions[1]]

        verifylist = [
            ('loadbalancer', 'mock_lb_id'),
@ -138,7 +140,8 @@ class TestPoolCreate(TestPool):
            ('tls_container_ref', self._po.tls_container_ref),
            ('ca_tls_container_ref', self._po.ca_tls_container_ref),
            ('crl_container_ref', self._po.crl_container_ref),
-            ('tls_ciphers', self._po.tls_ciphers)
+            ('tls_ciphers', self._po.tls_ciphers),
+            ('tls_versions', self._po.tls_versions)
        ]

        parsed_args = self.check_parser(self.cmd, arglist, verifylist)
@ -211,11 +214,14 @@ class TestPoolSet(TestPool):
        arglist = [self._po.id, '--name', 'new_name', '--tls-container-ref',
                   new_tls_id, '--ca-tls-container-ref', new_ca_id,
                   '--crl-container-ref', new_crl_id, '--enable-tls',
-                   '--tls-ciphers', self._po.tls_ciphers]
+                   '--tls-ciphers', self._po.tls_ciphers,
+                   '--tls-version', self._po.tls_versions[0],
+                   '--tls-version', self._po.tls_versions[1]]
        verifylist = [
            ('pool', self._po.id),
            ('name', 'new_name'),
-            ('tls_ciphers', self._po.tls_ciphers)
+            ('tls_ciphers', self._po.tls_ciphers),
+            ('tls_versions', self._po.tls_versions)
        ]
        parsed_args = self.check_parser(self.cmd, arglist, verifylist)
        self.cmd.take_action(parsed_args)
@ -225,7 +231,9 @@ class TestPoolSet(TestPool):
                                        'ca_tls_container_ref': new_ca_id,
                                        'crl_container_ref': new_crl_id,
                                        'tls_enabled': True,
-                                        'tls_ciphers': self._po.tls_ciphers}})
+                                        'tls_ciphers': self._po.tls_ciphers,
+                                        'tls_versions': self._po.tls_versions
+                                        }})

    @mock.patch('osc_lib.utils.wait_for_status')
    def test_pool_set_wait(self, mock_wait):
--- a/releasenotes/notes/add-tls-version-support-to-pools-852f02b034f436f9.yaml
+++ b/releasenotes/notes/add-tls-version-support-to-pools-852f02b034f436f9.yaml
@ -0,0 +1,6 @@
+---
+features:
+  - |
+    Added a repeatable optional argument ``--tls-version`` for
+    setting one or more  TLS protocol versions when creating
+    or updating a pool.