Add the ability to specify TLS protocols for a pool
Updated the pool create and set parameters to add a repeatable argumet "--tls-version" for passing TLS Protocols Change-Id: Ia7a5ebbfc32f354ba733cc404539239fd6009e7a Story: 2006733 Task: 37175 Depends-On: I480b7fb9756d98ba9dbcdfd1d4b193ce6868e291
This commit is contained in:
parent
8635219f5d
commit
fc9df662cf
|
@ -109,7 +109,8 @@ POOL_ROWS = (
|
|||
'ca_tls_container_ref',
|
||||
'crl_container_ref',
|
||||
'tls_enabled',
|
||||
'tls_ciphers')
|
||||
'tls_ciphers',
|
||||
'tls_versions')
|
||||
|
||||
POOL_COLUMNS = (
|
||||
'id',
|
||||
|
|
|
@ -136,6 +136,15 @@ class CreatePool(command.ShowOne):
|
|||
help="Set the TLS ciphers to be used by the pool "
|
||||
"in OpenSSL cipher string format."
|
||||
)
|
||||
parser.add_argument(
|
||||
'--tls-version',
|
||||
dest='tls_versions',
|
||||
metavar='<tls_versions>',
|
||||
nargs='?',
|
||||
action='append',
|
||||
help="Set the TLS protocol version to be used "
|
||||
"by the pool (can be set multiple times)."
|
||||
)
|
||||
|
||||
return parser
|
||||
|
||||
|
@ -362,6 +371,16 @@ class SetPool(command.Command):
|
|||
help="Set the TLS ciphers to be used by the pool "
|
||||
"in OpenSSL cipher string format."
|
||||
)
|
||||
parser.add_argument(
|
||||
'--tls-version',
|
||||
dest='tls_versions',
|
||||
metavar='<tls_versions>',
|
||||
nargs='?',
|
||||
action='append',
|
||||
help="Set the TLS protocol version to be used "
|
||||
"by the pool (can be set multiple times)."
|
||||
|
||||
)
|
||||
|
||||
return parser
|
||||
|
||||
|
|
|
@ -274,6 +274,7 @@ def get_pool_attrs(client_manager, parsed_args):
|
|||
'enable_tls': ('tls_enabled', lambda x: True),
|
||||
'disable_tls': ('tls_enabled', lambda x: False),
|
||||
'tls_ciphers': ('tls_ciphers', str),
|
||||
'tls_versions': ('tls_versions', list),
|
||||
}
|
||||
|
||||
_attrs = vars(parsed_args)
|
||||
|
|
|
@ -157,7 +157,8 @@ POOL_ATTRS = {
|
|||
"ca_tls_container_ref": uuidutils.generate_uuid(),
|
||||
"crl_container_ref": uuidutils.generate_uuid(),
|
||||
"tls_enabled": True,
|
||||
"tls_ciphers": "ECDHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES128-GCM-SHA256"
|
||||
"tls_ciphers": "ECDHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES128-GCM-SHA256",
|
||||
"tls_versions": ['TLSv1.1', 'TLSv1.2']
|
||||
}
|
||||
|
||||
QUOTA_ATTRS = {
|
||||
|
|
|
@ -127,7 +127,9 @@ class TestPoolCreate(TestPool):
|
|||
'--tls-container-ref', self._po.tls_container_ref,
|
||||
'--ca-tls-container-ref', self._po.ca_tls_container_ref,
|
||||
'--crl-container-ref', self._po.crl_container_ref,
|
||||
'--tls-ciphers', self._po.tls_ciphers]
|
||||
'--tls-ciphers', self._po.tls_ciphers,
|
||||
'--tls-version', self._po.tls_versions[0],
|
||||
'--tls-version', self._po.tls_versions[1]]
|
||||
|
||||
verifylist = [
|
||||
('loadbalancer', 'mock_lb_id'),
|
||||
|
@ -138,7 +140,8 @@ class TestPoolCreate(TestPool):
|
|||
('tls_container_ref', self._po.tls_container_ref),
|
||||
('ca_tls_container_ref', self._po.ca_tls_container_ref),
|
||||
('crl_container_ref', self._po.crl_container_ref),
|
||||
('tls_ciphers', self._po.tls_ciphers)
|
||||
('tls_ciphers', self._po.tls_ciphers),
|
||||
('tls_versions', self._po.tls_versions)
|
||||
]
|
||||
|
||||
parsed_args = self.check_parser(self.cmd, arglist, verifylist)
|
||||
|
@ -211,11 +214,14 @@ class TestPoolSet(TestPool):
|
|||
arglist = [self._po.id, '--name', 'new_name', '--tls-container-ref',
|
||||
new_tls_id, '--ca-tls-container-ref', new_ca_id,
|
||||
'--crl-container-ref', new_crl_id, '--enable-tls',
|
||||
'--tls-ciphers', self._po.tls_ciphers]
|
||||
'--tls-ciphers', self._po.tls_ciphers,
|
||||
'--tls-version', self._po.tls_versions[0],
|
||||
'--tls-version', self._po.tls_versions[1]]
|
||||
verifylist = [
|
||||
('pool', self._po.id),
|
||||
('name', 'new_name'),
|
||||
('tls_ciphers', self._po.tls_ciphers)
|
||||
('tls_ciphers', self._po.tls_ciphers),
|
||||
('tls_versions', self._po.tls_versions)
|
||||
]
|
||||
parsed_args = self.check_parser(self.cmd, arglist, verifylist)
|
||||
self.cmd.take_action(parsed_args)
|
||||
|
@ -225,7 +231,9 @@ class TestPoolSet(TestPool):
|
|||
'ca_tls_container_ref': new_ca_id,
|
||||
'crl_container_ref': new_crl_id,
|
||||
'tls_enabled': True,
|
||||
'tls_ciphers': self._po.tls_ciphers}})
|
||||
'tls_ciphers': self._po.tls_ciphers,
|
||||
'tls_versions': self._po.tls_versions
|
||||
}})
|
||||
|
||||
@mock.patch('osc_lib.utils.wait_for_status')
|
||||
def test_pool_set_wait(self, mock_wait):
|
||||
|
|
|
@ -0,0 +1,6 @@
|
|||
---
|
||||
features:
|
||||
- |
|
||||
Added a repeatable optional argument ``--tls-version`` for
|
||||
setting one or more TLS protocol versions when creating
|
||||
or updating a pool.
|
Loading…
Reference in New Issue