Add TLS protocol support for Octavia

Add a property "tls_versions" for storing a list of TLS protocol versions Change-Id: I6c73a178f01e010535237f839d85bedac5222624 Story: 2006627 Task: 37188 Depends-On:I480b7fb9756d98ba9dbcdfd1d4b193ce6868e291
2020-04-30 21:26:29 -05:00 · 2020-04-30 21:26:29 -05:00 · c5748fb1b2
commit c5748fb1b2
parent 7e2a51aeff
5 changed files with 22 additions and 6 deletions
--- a/openstack/load_balancer/v2/listener.py
+++ b/openstack/load_balancer/v2/listener.py
@ -32,8 +32,7 @@ class Listener(resource.Resource, resource.TagMixin):
        'sni_container_refs', 'insert_headers', 'load_balancer_id',
        'timeout_client_data', 'timeout_member_connect',
        'timeout_member_data', 'timeout_tcp_inspect', 'allowed_cidrs',
-        'tls_ciphers',
-        is_admin_state_up='admin_state_up',
+        'tls_ciphers', 'tls_versions', is_admin_state_up='admin_state_up',
        **resource.TagMixin._tag_query_parameters
    )

@ -94,6 +93,8 @@ class Listener(resource.Resource, resource.TagMixin):
    timeout_tcp_inspect = resource.Body('timeout_tcp_inspect', type=int)
    #: Stores a cipher string in OpenSSL format.
    tls_ciphers = resource.Body('tls_ciphers')
+    #: A lsit of TLS protocols to be used by the listener
+    tls_versions = resource.Body('tls_versions', type=list)


 class ListenerStats(resource.Resource):
--- a/openstack/load_balancer/v2/pool.py
+++ b/openstack/load_balancer/v2/pool.py
@ -29,8 +29,7 @@ class Pool(resource.Resource, resource.TagMixin):
        'health_monitor_id', 'lb_algorithm', 'listener_id', 'loadbalancer_id',
        'description', 'name', 'project_id', 'protocol',
        'created_at', 'updated_at', 'provisioning_status', 'operating_status',
-        'tls_ciphers',
-        is_admin_state_up='admin_state_up',
+        'tls_ciphers', 'tls_versions', is_admin_state_up='admin_state_up',
        **resource.TagMixin._tag_query_parameters
    )

@ -69,5 +68,7 @@ class Pool(resource.Resource, resource.TagMixin):
    tls_ciphers = resource.Body('tls_ciphers')
    #: A JSON object specifying the session persistence for the pool.
    session_persistence = resource.Body('session_persistence', type=dict)
+    #: A list of TLS protocol versions to be used in by the pool
+    tls_versions = resource.Body('tls_versions', type=list)
    #: Timestamp when the pool was updated
    updated_at = resource.Body('updated_at')
--- a/openstack/tests/unit/load_balancer/test_listener.py
+++ b/openstack/tests/unit/load_balancer/test_listener.py
@ -41,7 +41,8 @@ EXAMPLE = {
    'timeout_member_connect': 5000,
    'timeout_member_data': 50000,
    'timeout_tcp_inspect': 0,
-    'tls_ciphers': 'ECDHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES128-GCM-SHA256'
+    'tls_ciphers': 'ECDHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES128-GCM-SHA256',
+    'tls_versions': ['TLSv1.1', 'TLSv1.2']
 }

 EXAMPLE_STATS = {
@ -106,6 +107,8 @@ class TestListener(base.TestCase):
                         test_listener.timeout_tcp_inspect)
        self.assertEqual(EXAMPLE['tls_ciphers'],
                         test_listener.tls_ciphers)
+        self.assertEqual(EXAMPLE['tls_versions'],
+                         test_listener.tls_versions)

        self.assertDictEqual(
            {'limit': 'limit',
@ -137,6 +140,7 @@ class TestListener(base.TestCase):
             'timeout_member_data': 'timeout_member_data',
             'timeout_tcp_inspect': 'timeout_tcp_inspect',
             'tls_ciphers': 'tls_ciphers',
+             'tls_versions': 'tls_versions',
             },
            test_listener._query_mapping._mapping)

--- a/openstack/tests/unit/load_balancer/test_pool.py
+++ b/openstack/tests/unit/load_balancer/test_pool.py
@ -35,7 +35,8 @@ EXAMPLE = {
    'health_monitor': 'healthmonitor',
    'health_monitor_id': uuid.uuid4(),
    'members': [{'id': uuid.uuid4()}],
-    'tls_ciphers': 'ECDHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES128-GCM-SHA256'
+    'tls_ciphers': 'ECDHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES128-GCM-SHA256',
+    'tls_versions': ['TLSv1.1', 'TLSv1.2'],
 }


@ -84,6 +85,8 @@ class TestPool(base.TestCase):
        self.assertEqual(EXAMPLE['members'], test_pool.members)
        self.assertEqual(EXAMPLE['tls_ciphers'],
                         test_pool.tls_ciphers)
+        self.assertEqual(EXAMPLE['tls_versions'],
+                         test_pool.tls_versions)

        self.assertDictEqual(
            {'limit': 'limit',
@ -107,5 +110,6 @@ class TestPool(base.TestCase):
             'loadbalancer_id': 'loadbalancer_id',
             'protocol': 'protocol',
             'tls_ciphers': 'tls_ciphers',
+             'tls_versions': 'tls_versions',
             },
            test_pool._query_mapping._mapping)
--- a/releasenotes/notes/add-tls-version-support-for-octavia-7ecb372e6fb58101.yaml
+++ b/releasenotes/notes/add-tls-version-support-for-octavia-7ecb372e6fb58101.yaml
@ -0,0 +1,6 @@
+---
+features:
+  - |
+    Added the ``tls_versions`` properties to listener.py
+    and pool.py for storing a python list of TLS protocol
+    versions to be used by the pools and listeners.