Browse Source

Add support to VIP access control list

Task: 31061
Story: 2003686

Depends-On: https://review.opendev.org/#/c/659626/

Change-Id: Icff5cdfa4b7e6ee4fe02a378f97cbb17ed2cd81d
changes/27/659627/6
Carlos Goncalves 3 years ago
committed by Michael Johnson
parent
commit
fdedbad9a8
6 changed files with 54 additions and 7 deletions
  1. +2
    -1
      octaviaclient/osc/v2/constants.py
  2. +29
    -2
      octaviaclient/osc/v2/listener.py
  3. +5
    -0
      octaviaclient/osc/v2/utils.py
  4. +1
    -0
      octaviaclient/tests/unit/osc/v2/constants.py
  5. +14
    -4
      octaviaclient/tests/unit/osc/v2/test_listener.py
  6. +3
    -0
      releasenotes/notes/add-listener-allowed-cirds-2ef9fa2e1c650166.yaml

+ 2
- 1
octaviaclient/osc/v2/constants.py View File

@ -73,7 +73,8 @@ LISTENER_ROWS = (
'updated_at',
'client_ca_tls_container_ref',
'client_authentication',
'client_crl_container_ref')
'client_crl_container_ref',
'allowed_cidrs')
LISTENER_COLUMNS = (
'id',


+ 29
- 2
octaviaclient/osc/v2/listener.py View File

@ -157,6 +157,16 @@ class CreateListener(command.ShowOne):
"containting the CA revocation list file for TERMINATED_TLS "
"listeners."
)
parser.add_argument(
'--allowed-cidr',
dest='allowed_cidrs',
metavar='<allowed_cidr>',
nargs='?',
action='append',
help="CIDR to allow access to the listener (can be set multiple "
"times)."
)
return parser
def take_action(self, parsed_args):
@ -169,7 +179,8 @@ class CreateListener(command.ShowOne):
formatters = {'loadbalancers': v2_utils.format_list,
'pools': v2_utils.format_list,
'l7policies': v2_utils.format_list,
'insert_headers': v2_utils.format_hash}
'insert_headers': v2_utils.format_hash,
'allowed_cidrs': v2_utils.format_list_flat}
return (rows,
(utils.get_dict_properties(data['listener'],
@ -277,7 +288,8 @@ class ShowListener(command.ShowOne):
formatters = {'loadbalancers': v2_utils.format_list,
'pools': v2_utils.format_list,
'l7policies': v2_utils.format_list,
'insert_headers': v2_utils.format_hash}
'insert_headers': v2_utils.format_hash,
'allowed_cidrs': v2_utils.format_list_flat}
return rows, utils.get_dict_properties(data, rows,
formatters=formatters)
@ -400,6 +412,16 @@ class SetListener(command.Command):
"containting the CA revocation list file for TERMINATED_TLS "
"listeners."
)
parser.add_argument(
'--allowed-cidr',
dest='allowed_cidrs',
metavar='<allowed_cidr>',
nargs='?',
action='append',
help="CIDR to allow access to the listener (can be set multiple "
"times)."
)
return parser
def take_action(self, parsed_args):
@ -498,6 +520,11 @@ class UnsetListener(command.Command):
action='store_true',
help="Clear the client CRL container reference from the listener."
)
parser.add_argument(
'--allowed-cidrs',
action='store_true',
help="Clear all allowed CIDRs from the listener."
)
return parser
def take_action(self, parsed_args):


+ 5
- 0
octaviaclient/osc/v2/utils.py View File

@ -216,6 +216,7 @@ def get_listener_attrs(client_manager, parsed_args):
'client_authentication': ('client_authentication', str),
'client_crl_container_ref': ('client_crl_container_ref',
_format_str_if_need_treat_unset),
'allowed_cidrs': ('allowed_cidrs', list),
}
_attrs = vars(parsed_args)
@ -517,6 +518,10 @@ def format_list(data):
return '\n'.join(i['id'] for i in data)
def format_list_flat(data):
return '\n'.join(i for i in data)
def format_hash(data):
if data:
return '\n'.join('{}={}'.format(k, v) for k, v in data.items())


+ 1
- 0
octaviaclient/tests/unit/osc/v2/constants.py View File

@ -77,6 +77,7 @@ LISTENER_ATTRS = {
'client_ca_tls_container_ref': uuidutils.generate_uuid(dashed=True),
'client_authentication': "OPTIONAL",
'client_crl_container_ref': uuidutils.generate_uuid(dashed=True),
"allowed_cidrs": ['192.0.2.0/24', '198.51.100.0/24'],
}
LOADBALANCER_ATTRS = {


+ 14
- 4
octaviaclient/tests/unit/osc/v2/test_listener.py View File

@ -233,7 +233,11 @@ class TestListenerSet(TestListener):
'--client-authentication',
self._listener.client_authentication,
'--client-crl-container-ref',
self._listener.client_crl_container_ref]
self._listener.client_crl_container_ref,
'--allowed-cidr',
self._listener.allowed_cidrs[0],
'--allowed-cidr',
self._listener.allowed_cidrs[1]]
verifylist = [
('listener', self._listener.id),
('name', 'new_name'),
@ -245,7 +249,8 @@ class TestListenerSet(TestListener):
('client_authentication',
self._listener.client_authentication),
('client_crl_container_ref',
self._listener.client_crl_container_ref)
self._listener.client_crl_container_ref),
('allowed_cidrs', self._listener.allowed_cidrs)
]
parsed_args = self.check_parser(self.cmd, arglist, verifylist)
@ -262,7 +267,8 @@ class TestListenerSet(TestListener):
'client_authentication':
self._listener.client_authentication,
'client_crl_container_ref':
self._listener.client_crl_container_ref
self._listener.client_crl_container_ref,
'allowed_cidrs': self._listener.allowed_cidrs,
}})
@ -295,7 +301,8 @@ class TestListenerUnset(TestListener):
'insert_headers', 'timeout_client_data',
'timeout_member_connect', 'timeout_member_data',
'timeout_tcp_inspect', 'client_ca_tls_container_ref',
'client_authentication', 'client_crl_container_ref')
'client_authentication', 'client_crl_container_ref',
'allowed_cidrs')
def setUp(self):
super(TestListenerUnset, self).setUp()
@ -343,6 +350,9 @@ class TestListenerUnset(TestListener):
def test_listener_unset_client_crl_container_ref(self):
self._test_listener_unset_param('client_crl_container_ref')
def test_listener_unset_allowed_cidrs(self):
self._test_listener_unset_param('allowed_cidrs')
def _test_listener_unset_param(self, param):
self.api_mock.listener_set.reset_mock()
arg_param = param.replace('_', '-') if '_' in param else param


+ 3
- 0
releasenotes/notes/add-listener-allowed-cirds-2ef9fa2e1c650166.yaml View File

@ -0,0 +1,3 @@
---
features:
- Added support to VIP access control list.

Loading…
Cancel
Save