diff --git a/lower-constraints.txt b/lower-constraints.txt index b9bbe2b7..cc4165cd 100644 --- a/lower-constraints.txt +++ b/lower-constraints.txt @@ -41,7 +41,7 @@ msgpack-python==0.4.0 munch==2.1.0 netaddr==0.7.18 netifaces==0.10.4 -openstacksdk==0.46.0 +openstacksdk==0.53.0 os-client-config==1.28.0 os-service-types==1.7.0 osc-lib==1.8.0 @@ -86,7 +86,7 @@ python-novaclient==9.1.0 python-subunit==1.0.0 python-swiftclient==3.2.0 pytz==2013.6 -PyYAML==3.12 +PyYAML==3.13 rcssmin==1.0.6 repoze.lru==0.7 requests==2.14.2 diff --git a/octavia_dashboard/api/rest/lbaasv2.py b/octavia_dashboard/api/rest/lbaasv2.py index d8a6d94b..2b70563c 100644 --- a/octavia_dashboard/api/rest/lbaasv2.py +++ b/octavia_dashboard/api/rest/lbaasv2.py @@ -255,6 +255,7 @@ def create_pool(request, **kwargs): name=data['pool'].get('name'), description=data['pool'].get('description'), admin_state_up=data['pool'].get('admin_state_up'), + tls_enabled=data['pool'].get('tls_enabled'), # Replace empty string by None (uses default tls cipher string) tls_ciphers=data['pool'].get('tls_ciphers') or None, ) @@ -534,6 +535,7 @@ def update_pool(request, **kwargs): name=data['pool'].get('name'), description=data['pool'].get('description'), admin_state_up=data['pool'].get('admin_state_up'), + tls_enabled=data['pool'].get('tls_enabled'), # Replace empty string by None (uses default tls cipher string) tls_ciphers=data['pool'].get('tls_ciphers') or None, ) diff --git a/octavia_dashboard/static/dashboard/project/lbaasv2/pools/details/detail.html b/octavia_dashboard/static/dashboard/project/lbaasv2/pools/details/detail.html index 13a5be12..9e1d28a0 100644 --- a/octavia_dashboard/static/dashboard/project/lbaasv2/pools/details/detail.html +++ b/octavia_dashboard/static/dashboard/project/lbaasv2/pools/details/detail.html @@ -52,7 +52,7 @@ item="ctrl.pool" property-groups="[[ 'id', 'name', 'description', 'project_id', 'created_at', 'updated_at', - 'session_persistence', 'health_monitor_id', 'tls_ciphers']]"> + 'session_persistence', 'health_monitor_id', 'tls_enabled', 'tls_ciphers']]"> diff --git a/octavia_dashboard/static/dashboard/project/lbaasv2/pools/details/drawer.html b/octavia_dashboard/static/dashboard/project/lbaasv2/pools/details/drawer.html index fb0dab48..67f9d33c 100644 --- a/octavia_dashboard/static/dashboard/project/lbaasv2/pools/details/drawer.html +++ b/octavia_dashboard/static/dashboard/project/lbaasv2/pools/details/drawer.html @@ -5,5 +5,5 @@ ['name', 'id', 'project_id'], ['created_at', 'updated_at', 'description'], ['protocol', 'lb_algorithm', 'session_persistence'], - ['health_monitor_id']]"> + ['health_monitor_id', 'tls_enabled']]"> diff --git a/octavia_dashboard/static/dashboard/project/lbaasv2/pools/pools.module.js b/octavia_dashboard/static/dashboard/project/lbaasv2/pools/pools.module.js index 544380c3..7322ca00 100644 --- a/octavia_dashboard/static/dashboard/project/lbaasv2/pools/pools.module.js +++ b/octavia_dashboard/static/dashboard/project/lbaasv2/pools/pools.module.js @@ -176,6 +176,10 @@ loadbalancers: gettext('Load Balancers'), listeners: gettext('Listeners'), members: gettext('Members'), + tls_enabled: { + label: gettext('TLS Enabled'), + filters: ['yesno'] + }, tls_ciphers: gettext('TLS Cipher String') }; } diff --git a/octavia_dashboard/static/dashboard/project/lbaasv2/workflow/model.service.js b/octavia_dashboard/static/dashboard/project/lbaasv2/workflow/model.service.js index c430803c..be8bd83e 100644 --- a/octavia_dashboard/static/dashboard/project/lbaasv2/workflow/model.service.js +++ b/octavia_dashboard/static/dashboard/project/lbaasv2/workflow/model.service.js @@ -203,6 +203,7 @@ cookie_name: null }, admin_state_up: true, + tls_enabled: false, tls_ciphers: null }, monitor: { @@ -539,6 +540,9 @@ // otherwise has to match it. var protocol = finalSpec.listener ? finalSpec.listener.protocol : finalSpec.pool.protocol; finalSpec.pool.protocol = protocol === 'TERMINATED_HTTPS' ? 'HTTP' : protocol; + if (!finalSpec.pool.tls_enabled) { + delete finalSpec.pool.tls_ciphers; + } if (angular.isObject(finalSpec.pool.session_persistence)) { if (!finalSpec.pool.session_persistence.type) { finalSpec.pool.session_persistence = null; @@ -841,6 +845,7 @@ spec.lb_algorithm = pool.lb_algorithm; spec.admin_state_up = pool.admin_state_up; spec.session_persistence = pool.session_persistence; + spec.tls_enabled = pool.tls_enabled; spec.tls_ciphers = pool.tls_ciphers; } diff --git a/octavia_dashboard/static/dashboard/project/lbaasv2/workflow/model.service.spec.js b/octavia_dashboard/static/dashboard/project/lbaasv2/workflow/model.service.spec.js index 9b047c72..e1e2e0e4 100644 --- a/octavia_dashboard/static/dashboard/project/lbaasv2/workflow/model.service.spec.js +++ b/octavia_dashboard/static/dashboard/project/lbaasv2/workflow/model.service.spec.js @@ -1301,7 +1301,7 @@ expect(Object.keys(model.spec.listener).length).toBe(16); expect(Object.keys(model.spec.l7policy).length).toBe(8); expect(Object.keys(model.spec.l7rule).length).toBe(7); - expect(Object.keys(model.spec.pool).length).toBe(8); + expect(Object.keys(model.spec.pool).length).toBe(9); expect(Object.keys(model.spec.monitor).length).toBe(11); expect(model.spec.members).toEqual([]); }); @@ -2378,6 +2378,53 @@ expect(finalSpec.pool.lb_algorithm).toBe('ROUND_ROBIN'); expect(finalSpec.pool.session_persistence.type).toBe('APP_COOKIE'); expect(finalSpec.pool.session_persistence.cookie_name).toBe('cookie_name'); + expect(finalSpec.pool.tls_ciphers).toBeUndefined(); + + expect(finalSpec.members.length).toBe(2); + expect(finalSpec.members[0].id).toBe('1234'); + expect(finalSpec.members[0].address).toBe('1.2.3.4'); + expect(finalSpec.members[0].subnet_id).toBe('subnet-1'); + expect(finalSpec.members[0].protocol_port).toBe(80); + expect(finalSpec.members[0].weight).toBe(1); + expect(finalSpec.members[1].id).toBe('5678'); + expect(finalSpec.members[1].address).toBe('5.6.7.8'); + expect(finalSpec.members[1].subnet_id).toBe('subnet-1'); + expect(finalSpec.members[1].protocol_port).toBe(80); + expect(finalSpec.members[1].weight).toBe(1); + + expect(finalSpec.monitor.type).toBe('HTTP'); + expect(finalSpec.monitor.delay).toBe(1); + expect(finalSpec.monitor.max_retries).toBe(1); + expect(finalSpec.monitor.max_retries_down).toBe(1); + expect(finalSpec.monitor.timeout).toBe(1); + }); + }); + + describe('Model submit function (edit pool tls_enabled)', function() { + + beforeEach(function() { + includeChildResources = true; + listenerResources.pool.tls_enabled = true; + listenerResources.pool.tls_ciphers = "A:B:C"; + model.initialize('pool', 'poolId', 'loadbalancerId'); + scope.$apply(); + }); + + it('should set final spec properties', function() { + + var finalSpec = model.submit(); + + expect(finalSpec.loadbalancer).toBeUndefined(); + expect(finalSpec.listener).toBeUndefined(); + + expect(finalSpec.pool.name).toBe('Pool 1'); + expect(finalSpec.pool.description).toBe('pool description'); + expect(finalSpec.pool.protocol).toBe('HTTP'); + expect(finalSpec.pool.lb_algorithm).toBe('ROUND_ROBIN'); + expect(finalSpec.pool.session_persistence.type).toBe('APP_COOKIE'); + expect(finalSpec.pool.session_persistence.cookie_name).toBe('cookie_name'); + expect(finalSpec.pool.tls_enabled).toBe(true); + expect(finalSpec.pool.tls_ciphers).toBe("A:B:C"); expect(finalSpec.members.length).toBe(2); expect(finalSpec.members[0].id).toBe('1234'); diff --git a/octavia_dashboard/static/dashboard/project/lbaasv2/workflow/pool/pool.help.html b/octavia_dashboard/static/dashboard/project/lbaasv2/workflow/pool/pool.help.html index 3d04a07a..b2c9223b 100644 --- a/octavia_dashboard/static/dashboard/project/lbaasv2/workflow/pool/pool.help.html +++ b/octavia_dashboard/static/dashboard/project/lbaasv2/workflow/pool/pool.help.html @@ -42,6 +42,13 @@

+

+ TLS Enabled: + + Enable TLS for backend re-encryption, communications between the load + balancer and the member servers are encrypted. + +

TLS Cipher String: diff --git a/octavia_dashboard/static/dashboard/project/lbaasv2/workflow/pool/pool.html b/octavia_dashboard/static/dashboard/project/lbaasv2/workflow/pool/pool.html index 4f46eb69..cc855dc1 100644 --- a/octavia_dashboard/static/dashboard/project/lbaasv2/workflow/pool/pool.html +++ b/octavia_dashboard/static/dashboard/project/lbaasv2/workflow/pool/pool.html @@ -86,6 +86,24 @@

+
+
+ +
+
+ +
+
+
+
+ +
+ +
+
diff --git a/releasenotes/notes/add-tls_enabled-support-for-pools-449e39f851535839.yaml b/releasenotes/notes/add-tls_enabled-support-for-pools-449e39f851535839.yaml new file mode 100644 index 00000000..bae319d1 --- /dev/null +++ b/releasenotes/notes/add-tls_enabled-support-for-pools-449e39f851535839.yaml @@ -0,0 +1,5 @@ +--- +features: + - | + Add TLS Enabled switch in the pool control form, allowing to enable/disable + TLS communications between a load balancer and its members. diff --git a/requirements.txt b/requirements.txt index e455f2e1..2843d5ff 100644 --- a/requirements.txt +++ b/requirements.txt @@ -4,7 +4,7 @@ horizon>=17.1.0 # Apache-2.0 Babel!=2.4.0,>=2.3.4 # BSD -openstacksdk>=0.46.0 # Apache-2.0 +openstacksdk>=0.53.0 # Apache-2.0 oslo.log>=3.36.0 # Apache-2.0 pbr!=2.1.0,>=2.0.0 # Apache-2.0 python-barbicanclient>=4.5.2 # Apache-2.0