From fc9df662cfcb55f913301e151258ef22064b18ba Mon Sep 17 00:00:00 2001 From: Noah Mickus Date: Tue, 28 Apr 2020 17:50:21 -0500 Subject: [PATCH] Add the ability to specify TLS protocols for a pool Updated the pool create and set parameters to add a repeatable argumet "--tls-version" for passing TLS Protocols Change-Id: Ia7a5ebbfc32f354ba733cc404539239fd6009e7a Story: 2006733 Task: 37175 Depends-On: I480b7fb9756d98ba9dbcdfd1d4b193ce6868e291 --- octaviaclient/osc/v2/constants.py | 3 ++- octaviaclient/osc/v2/pool.py | 19 +++++++++++++++++++ octaviaclient/osc/v2/utils.py | 1 + octaviaclient/tests/unit/osc/v2/constants.py | 3 ++- octaviaclient/tests/unit/osc/v2/test_pool.py | 18 +++++++++++++----- ...ion-support-to-pools-852f02b034f436f9.yaml | 6 ++++++ 6 files changed, 43 insertions(+), 7 deletions(-) create mode 100644 releasenotes/notes/add-tls-version-support-to-pools-852f02b034f436f9.yaml diff --git a/octaviaclient/osc/v2/constants.py b/octaviaclient/osc/v2/constants.py index a028a12..495fd49 100644 --- a/octaviaclient/osc/v2/constants.py +++ b/octaviaclient/osc/v2/constants.py @@ -109,7 +109,8 @@ POOL_ROWS = ( 'ca_tls_container_ref', 'crl_container_ref', 'tls_enabled', - 'tls_ciphers') + 'tls_ciphers', + 'tls_versions') POOL_COLUMNS = ( 'id', diff --git a/octaviaclient/osc/v2/pool.py b/octaviaclient/osc/v2/pool.py index d5f79c7..1fe15d6 100644 --- a/octaviaclient/osc/v2/pool.py +++ b/octaviaclient/osc/v2/pool.py @@ -136,6 +136,15 @@ class CreatePool(command.ShowOne): help="Set the TLS ciphers to be used by the pool " "in OpenSSL cipher string format." ) + parser.add_argument( + '--tls-version', + dest='tls_versions', + metavar='', + nargs='?', + action='append', + help="Set the TLS protocol version to be used " + "by the pool (can be set multiple times)." + ) return parser @@ -362,6 +371,16 @@ class SetPool(command.Command): help="Set the TLS ciphers to be used by the pool " "in OpenSSL cipher string format." ) + parser.add_argument( + '--tls-version', + dest='tls_versions', + metavar='', + nargs='?', + action='append', + help="Set the TLS protocol version to be used " + "by the pool (can be set multiple times)." + + ) return parser diff --git a/octaviaclient/osc/v2/utils.py b/octaviaclient/osc/v2/utils.py index db6ce93..093950d 100644 --- a/octaviaclient/osc/v2/utils.py +++ b/octaviaclient/osc/v2/utils.py @@ -274,6 +274,7 @@ def get_pool_attrs(client_manager, parsed_args): 'enable_tls': ('tls_enabled', lambda x: True), 'disable_tls': ('tls_enabled', lambda x: False), 'tls_ciphers': ('tls_ciphers', str), + 'tls_versions': ('tls_versions', list), } _attrs = vars(parsed_args) diff --git a/octaviaclient/tests/unit/osc/v2/constants.py b/octaviaclient/tests/unit/osc/v2/constants.py index d2b8e21..2eadef9 100644 --- a/octaviaclient/tests/unit/osc/v2/constants.py +++ b/octaviaclient/tests/unit/osc/v2/constants.py @@ -157,7 +157,8 @@ POOL_ATTRS = { "ca_tls_container_ref": uuidutils.generate_uuid(), "crl_container_ref": uuidutils.generate_uuid(), "tls_enabled": True, - "tls_ciphers": "ECDHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES128-GCM-SHA256" + "tls_ciphers": "ECDHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES128-GCM-SHA256", + "tls_versions": ['TLSv1.1', 'TLSv1.2'] } QUOTA_ATTRS = { diff --git a/octaviaclient/tests/unit/osc/v2/test_pool.py b/octaviaclient/tests/unit/osc/v2/test_pool.py index d9d250d..af3749f 100644 --- a/octaviaclient/tests/unit/osc/v2/test_pool.py +++ b/octaviaclient/tests/unit/osc/v2/test_pool.py @@ -127,7 +127,9 @@ class TestPoolCreate(TestPool): '--tls-container-ref', self._po.tls_container_ref, '--ca-tls-container-ref', self._po.ca_tls_container_ref, '--crl-container-ref', self._po.crl_container_ref, - '--tls-ciphers', self._po.tls_ciphers] + '--tls-ciphers', self._po.tls_ciphers, + '--tls-version', self._po.tls_versions[0], + '--tls-version', self._po.tls_versions[1]] verifylist = [ ('loadbalancer', 'mock_lb_id'), @@ -138,7 +140,8 @@ class TestPoolCreate(TestPool): ('tls_container_ref', self._po.tls_container_ref), ('ca_tls_container_ref', self._po.ca_tls_container_ref), ('crl_container_ref', self._po.crl_container_ref), - ('tls_ciphers', self._po.tls_ciphers) + ('tls_ciphers', self._po.tls_ciphers), + ('tls_versions', self._po.tls_versions) ] parsed_args = self.check_parser(self.cmd, arglist, verifylist) @@ -211,11 +214,14 @@ class TestPoolSet(TestPool): arglist = [self._po.id, '--name', 'new_name', '--tls-container-ref', new_tls_id, '--ca-tls-container-ref', new_ca_id, '--crl-container-ref', new_crl_id, '--enable-tls', - '--tls-ciphers', self._po.tls_ciphers] + '--tls-ciphers', self._po.tls_ciphers, + '--tls-version', self._po.tls_versions[0], + '--tls-version', self._po.tls_versions[1]] verifylist = [ ('pool', self._po.id), ('name', 'new_name'), - ('tls_ciphers', self._po.tls_ciphers) + ('tls_ciphers', self._po.tls_ciphers), + ('tls_versions', self._po.tls_versions) ] parsed_args = self.check_parser(self.cmd, arglist, verifylist) self.cmd.take_action(parsed_args) @@ -225,7 +231,9 @@ class TestPoolSet(TestPool): 'ca_tls_container_ref': new_ca_id, 'crl_container_ref': new_crl_id, 'tls_enabled': True, - 'tls_ciphers': self._po.tls_ciphers}}) + 'tls_ciphers': self._po.tls_ciphers, + 'tls_versions': self._po.tls_versions + }}) @mock.patch('osc_lib.utils.wait_for_status') def test_pool_set_wait(self, mock_wait): diff --git a/releasenotes/notes/add-tls-version-support-to-pools-852f02b034f436f9.yaml b/releasenotes/notes/add-tls-version-support-to-pools-852f02b034f436f9.yaml new file mode 100644 index 0000000..14713f9 --- /dev/null +++ b/releasenotes/notes/add-tls-version-support-to-pools-852f02b034f436f9.yaml @@ -0,0 +1,6 @@ +--- +features: + - | + Added a repeatable optional argument ``--tls-version`` for + setting one or more TLS protocol versions when creating + or updating a pool.