diff --git a/octaviaclient/osc/v2/constants.py b/octaviaclient/osc/v2/constants.py index 1ad8696..f019587 100644 --- a/octaviaclient/osc/v2/constants.py +++ b/octaviaclient/osc/v2/constants.py @@ -73,7 +73,8 @@ LISTENER_ROWS = ( 'updated_at', 'client_ca_tls_container_ref', 'client_authentication', - 'client_crl_container_ref') + 'client_crl_container_ref', + 'allowed_cidrs') LISTENER_COLUMNS = ( 'id', diff --git a/octaviaclient/osc/v2/listener.py b/octaviaclient/osc/v2/listener.py index b6f04d0..6eb2f03 100644 --- a/octaviaclient/osc/v2/listener.py +++ b/octaviaclient/osc/v2/listener.py @@ -157,6 +157,16 @@ class CreateListener(command.ShowOne): "containting the CA revocation list file for TERMINATED_TLS " "listeners." ) + parser.add_argument( + '--allowed-cidr', + dest='allowed_cidrs', + metavar='', + nargs='?', + action='append', + help="CIDR to allow access to the listener (can be set multiple " + "times)." + ) + return parser def take_action(self, parsed_args): @@ -169,7 +179,8 @@ class CreateListener(command.ShowOne): formatters = {'loadbalancers': v2_utils.format_list, 'pools': v2_utils.format_list, 'l7policies': v2_utils.format_list, - 'insert_headers': v2_utils.format_hash} + 'insert_headers': v2_utils.format_hash, + 'allowed_cidrs': v2_utils.format_list_flat} return (rows, (utils.get_dict_properties(data['listener'], @@ -277,7 +288,8 @@ class ShowListener(command.ShowOne): formatters = {'loadbalancers': v2_utils.format_list, 'pools': v2_utils.format_list, 'l7policies': v2_utils.format_list, - 'insert_headers': v2_utils.format_hash} + 'insert_headers': v2_utils.format_hash, + 'allowed_cidrs': v2_utils.format_list_flat} return rows, utils.get_dict_properties(data, rows, formatters=formatters) @@ -400,6 +412,16 @@ class SetListener(command.Command): "containting the CA revocation list file for TERMINATED_TLS " "listeners." ) + parser.add_argument( + '--allowed-cidr', + dest='allowed_cidrs', + metavar='', + nargs='?', + action='append', + help="CIDR to allow access to the listener (can be set multiple " + "times)." + ) + return parser def take_action(self, parsed_args): @@ -498,6 +520,11 @@ class UnsetListener(command.Command): action='store_true', help="Clear the client CRL container reference from the listener." ) + parser.add_argument( + '--allowed-cidrs', + action='store_true', + help="Clear all allowed CIDRs from the listener." + ) return parser def take_action(self, parsed_args): diff --git a/octaviaclient/osc/v2/utils.py b/octaviaclient/osc/v2/utils.py index 095a3d3..86bd68b 100644 --- a/octaviaclient/osc/v2/utils.py +++ b/octaviaclient/osc/v2/utils.py @@ -216,6 +216,7 @@ def get_listener_attrs(client_manager, parsed_args): 'client_authentication': ('client_authentication', str), 'client_crl_container_ref': ('client_crl_container_ref', _format_str_if_need_treat_unset), + 'allowed_cidrs': ('allowed_cidrs', list), } _attrs = vars(parsed_args) @@ -517,6 +518,10 @@ def format_list(data): return '\n'.join(i['id'] for i in data) +def format_list_flat(data): + return '\n'.join(i for i in data) + + def format_hash(data): if data: return '\n'.join('{}={}'.format(k, v) for k, v in data.items()) diff --git a/octaviaclient/tests/unit/osc/v2/constants.py b/octaviaclient/tests/unit/osc/v2/constants.py index e43d848..dfb9718 100644 --- a/octaviaclient/tests/unit/osc/v2/constants.py +++ b/octaviaclient/tests/unit/osc/v2/constants.py @@ -77,6 +77,7 @@ LISTENER_ATTRS = { 'client_ca_tls_container_ref': uuidutils.generate_uuid(dashed=True), 'client_authentication': "OPTIONAL", 'client_crl_container_ref': uuidutils.generate_uuid(dashed=True), + "allowed_cidrs": ['192.0.2.0/24', '198.51.100.0/24'], } LOADBALANCER_ATTRS = { diff --git a/octaviaclient/tests/unit/osc/v2/test_listener.py b/octaviaclient/tests/unit/osc/v2/test_listener.py index 49f56fb..0098785 100644 --- a/octaviaclient/tests/unit/osc/v2/test_listener.py +++ b/octaviaclient/tests/unit/osc/v2/test_listener.py @@ -233,7 +233,11 @@ class TestListenerSet(TestListener): '--client-authentication', self._listener.client_authentication, '--client-crl-container-ref', - self._listener.client_crl_container_ref] + self._listener.client_crl_container_ref, + '--allowed-cidr', + self._listener.allowed_cidrs[0], + '--allowed-cidr', + self._listener.allowed_cidrs[1]] verifylist = [ ('listener', self._listener.id), ('name', 'new_name'), @@ -245,7 +249,8 @@ class TestListenerSet(TestListener): ('client_authentication', self._listener.client_authentication), ('client_crl_container_ref', - self._listener.client_crl_container_ref) + self._listener.client_crl_container_ref), + ('allowed_cidrs', self._listener.allowed_cidrs) ] parsed_args = self.check_parser(self.cmd, arglist, verifylist) @@ -262,7 +267,8 @@ class TestListenerSet(TestListener): 'client_authentication': self._listener.client_authentication, 'client_crl_container_ref': - self._listener.client_crl_container_ref + self._listener.client_crl_container_ref, + 'allowed_cidrs': self._listener.allowed_cidrs, }}) @@ -295,7 +301,8 @@ class TestListenerUnset(TestListener): 'insert_headers', 'timeout_client_data', 'timeout_member_connect', 'timeout_member_data', 'timeout_tcp_inspect', 'client_ca_tls_container_ref', - 'client_authentication', 'client_crl_container_ref') + 'client_authentication', 'client_crl_container_ref', + 'allowed_cidrs') def setUp(self): super(TestListenerUnset, self).setUp() @@ -343,6 +350,9 @@ class TestListenerUnset(TestListener): def test_listener_unset_client_crl_container_ref(self): self._test_listener_unset_param('client_crl_container_ref') + def test_listener_unset_allowed_cidrs(self): + self._test_listener_unset_param('allowed_cidrs') + def _test_listener_unset_param(self, param): self.api_mock.listener_set.reset_mock() arg_param = param.replace('_', '-') if '_' in param else param diff --git a/releasenotes/notes/add-listener-allowed-cirds-2ef9fa2e1c650166.yaml b/releasenotes/notes/add-listener-allowed-cirds-2ef9fa2e1c650166.yaml new file mode 100644 index 0000000..335f667 --- /dev/null +++ b/releasenotes/notes/add-listener-allowed-cirds-2ef9fa2e1c650166.yaml @@ -0,0 +1,3 @@ +--- +features: + - Added support to VIP access control list.