From 400c1194e09e70c0b28e24fbdc27426626f3bd3a Mon Sep 17 00:00:00 2001
From: Gregory Thiemonge <gthiemon@redhat.com>
Date: Thu, 19 Nov 2020 09:25:46 +0100
Subject: [PATCH] Add TLS enabled support for pools

Bump openstacksdk to 0.53.0, it provides the tls_enabled flag for
Octavia pools.

Story 2008368
Task 41277

Change-Id: I41559e3f2d13e5adbb850f28f058b72404e28124
---
 lower-constraints.txt                         |  4 +-
 octavia_dashboard/api/rest/lbaasv2.py         |  2 +
 .../project/lbaasv2/pools/details/detail.html |  2 +-
 .../project/lbaasv2/pools/details/drawer.html |  2 +-
 .../project/lbaasv2/pools/pools.module.js     |  4 ++
 .../project/lbaasv2/workflow/model.service.js |  5 ++
 .../lbaasv2/workflow/model.service.spec.js    | 49 ++++++++++++++++++-
 .../lbaasv2/workflow/pool/pool.help.html      |  7 +++
 .../project/lbaasv2/workflow/pool/pool.html   | 18 +++++++
 ...ed-support-for-pools-449e39f851535839.yaml |  5 ++
 requirements.txt                              |  2 +-
 11 files changed, 94 insertions(+), 6 deletions(-)
 create mode 100644 releasenotes/notes/add-tls_enabled-support-for-pools-449e39f851535839.yaml

diff --git a/lower-constraints.txt b/lower-constraints.txt
index b9bbe2b7..cc4165cd 100644
--- a/lower-constraints.txt
+++ b/lower-constraints.txt
@@ -41,7 +41,7 @@ msgpack-python==0.4.0
 munch==2.1.0
 netaddr==0.7.18
 netifaces==0.10.4
-openstacksdk==0.46.0
+openstacksdk==0.53.0
 os-client-config==1.28.0
 os-service-types==1.7.0
 osc-lib==1.8.0
@@ -86,7 +86,7 @@ python-novaclient==9.1.0
 python-subunit==1.0.0
 python-swiftclient==3.2.0
 pytz==2013.6
-PyYAML==3.12
+PyYAML==3.13
 rcssmin==1.0.6
 repoze.lru==0.7
 requests==2.14.2
diff --git a/octavia_dashboard/api/rest/lbaasv2.py b/octavia_dashboard/api/rest/lbaasv2.py
index d8a6d94b..2b70563c 100644
--- a/octavia_dashboard/api/rest/lbaasv2.py
+++ b/octavia_dashboard/api/rest/lbaasv2.py
@@ -255,6 +255,7 @@ def create_pool(request, **kwargs):
         name=data['pool'].get('name'),
         description=data['pool'].get('description'),
         admin_state_up=data['pool'].get('admin_state_up'),
+        tls_enabled=data['pool'].get('tls_enabled'),
         # Replace empty string by None (uses default tls cipher string)
         tls_ciphers=data['pool'].get('tls_ciphers') or None,
     )
@@ -534,6 +535,7 @@ def update_pool(request, **kwargs):
         name=data['pool'].get('name'),
         description=data['pool'].get('description'),
         admin_state_up=data['pool'].get('admin_state_up'),
+        tls_enabled=data['pool'].get('tls_enabled'),
         # Replace empty string by None (uses default tls cipher string)
         tls_ciphers=data['pool'].get('tls_ciphers') or None,
     )
diff --git a/octavia_dashboard/static/dashboard/project/lbaasv2/pools/details/detail.html b/octavia_dashboard/static/dashboard/project/lbaasv2/pools/details/detail.html
index 13a5be12..9e1d28a0 100644
--- a/octavia_dashboard/static/dashboard/project/lbaasv2/pools/details/detail.html
+++ b/octavia_dashboard/static/dashboard/project/lbaasv2/pools/details/detail.html
@@ -52,7 +52,7 @@
          item="ctrl.pool"
          property-groups="[[
          'id', 'name', 'description', 'project_id', 'created_at', 'updated_at',
-         'session_persistence', 'health_monitor_id', 'tls_ciphers']]">
+         'session_persistence', 'health_monitor_id', 'tls_enabled', 'tls_ciphers']]">
       </hz-resource-property-list>
     </div>
   </uib-tab>
diff --git a/octavia_dashboard/static/dashboard/project/lbaasv2/pools/details/drawer.html b/octavia_dashboard/static/dashboard/project/lbaasv2/pools/details/drawer.html
index fb0dab48..67f9d33c 100644
--- a/octavia_dashboard/static/dashboard/project/lbaasv2/pools/details/drawer.html
+++ b/octavia_dashboard/static/dashboard/project/lbaasv2/pools/details/drawer.html
@@ -5,5 +5,5 @@
     ['name', 'id', 'project_id'],
     ['created_at', 'updated_at', 'description'],
     ['protocol', 'lb_algorithm', 'session_persistence'],
-    ['health_monitor_id']]">
+    ['health_monitor_id', 'tls_enabled']]">
 </hz-resource-property-list>
diff --git a/octavia_dashboard/static/dashboard/project/lbaasv2/pools/pools.module.js b/octavia_dashboard/static/dashboard/project/lbaasv2/pools/pools.module.js
index 544380c3..7322ca00 100644
--- a/octavia_dashboard/static/dashboard/project/lbaasv2/pools/pools.module.js
+++ b/octavia_dashboard/static/dashboard/project/lbaasv2/pools/pools.module.js
@@ -176,6 +176,10 @@
       loadbalancers: gettext('Load Balancers'),
       listeners: gettext('Listeners'),
       members: gettext('Members'),
+      tls_enabled: {
+        label: gettext('TLS Enabled'),
+        filters: ['yesno']
+      },
       tls_ciphers: gettext('TLS Cipher String')
     };
   }
diff --git a/octavia_dashboard/static/dashboard/project/lbaasv2/workflow/model.service.js b/octavia_dashboard/static/dashboard/project/lbaasv2/workflow/model.service.js
index c430803c..be8bd83e 100644
--- a/octavia_dashboard/static/dashboard/project/lbaasv2/workflow/model.service.js
+++ b/octavia_dashboard/static/dashboard/project/lbaasv2/workflow/model.service.js
@@ -203,6 +203,7 @@
             cookie_name: null
           },
           admin_state_up: true,
+          tls_enabled: false,
           tls_ciphers: null
         },
         monitor: {
@@ -539,6 +540,9 @@
         // otherwise has to match it.
         var protocol = finalSpec.listener ? finalSpec.listener.protocol : finalSpec.pool.protocol;
         finalSpec.pool.protocol = protocol === 'TERMINATED_HTTPS' ? 'HTTP' : protocol;
+        if (!finalSpec.pool.tls_enabled) {
+          delete finalSpec.pool.tls_ciphers;
+        }
         if (angular.isObject(finalSpec.pool.session_persistence)) {
           if (!finalSpec.pool.session_persistence.type) {
             finalSpec.pool.session_persistence = null;
@@ -841,6 +845,7 @@
       spec.lb_algorithm = pool.lb_algorithm;
       spec.admin_state_up = pool.admin_state_up;
       spec.session_persistence = pool.session_persistence;
+      spec.tls_enabled = pool.tls_enabled;
       spec.tls_ciphers = pool.tls_ciphers;
     }
 
diff --git a/octavia_dashboard/static/dashboard/project/lbaasv2/workflow/model.service.spec.js b/octavia_dashboard/static/dashboard/project/lbaasv2/workflow/model.service.spec.js
index 9b047c72..e1e2e0e4 100644
--- a/octavia_dashboard/static/dashboard/project/lbaasv2/workflow/model.service.spec.js
+++ b/octavia_dashboard/static/dashboard/project/lbaasv2/workflow/model.service.spec.js
@@ -1301,7 +1301,7 @@
         expect(Object.keys(model.spec.listener).length).toBe(16);
         expect(Object.keys(model.spec.l7policy).length).toBe(8);
         expect(Object.keys(model.spec.l7rule).length).toBe(7);
-        expect(Object.keys(model.spec.pool).length).toBe(8);
+        expect(Object.keys(model.spec.pool).length).toBe(9);
         expect(Object.keys(model.spec.monitor).length).toBe(11);
         expect(model.spec.members).toEqual([]);
       });
@@ -2378,6 +2378,53 @@
         expect(finalSpec.pool.lb_algorithm).toBe('ROUND_ROBIN');
         expect(finalSpec.pool.session_persistence.type).toBe('APP_COOKIE');
         expect(finalSpec.pool.session_persistence.cookie_name).toBe('cookie_name');
+        expect(finalSpec.pool.tls_ciphers).toBeUndefined();
+
+        expect(finalSpec.members.length).toBe(2);
+        expect(finalSpec.members[0].id).toBe('1234');
+        expect(finalSpec.members[0].address).toBe('1.2.3.4');
+        expect(finalSpec.members[0].subnet_id).toBe('subnet-1');
+        expect(finalSpec.members[0].protocol_port).toBe(80);
+        expect(finalSpec.members[0].weight).toBe(1);
+        expect(finalSpec.members[1].id).toBe('5678');
+        expect(finalSpec.members[1].address).toBe('5.6.7.8');
+        expect(finalSpec.members[1].subnet_id).toBe('subnet-1');
+        expect(finalSpec.members[1].protocol_port).toBe(80);
+        expect(finalSpec.members[1].weight).toBe(1);
+
+        expect(finalSpec.monitor.type).toBe('HTTP');
+        expect(finalSpec.monitor.delay).toBe(1);
+        expect(finalSpec.monitor.max_retries).toBe(1);
+        expect(finalSpec.monitor.max_retries_down).toBe(1);
+        expect(finalSpec.monitor.timeout).toBe(1);
+      });
+    });
+
+    describe('Model submit function (edit pool tls_enabled)', function() {
+
+      beforeEach(function() {
+        includeChildResources = true;
+        listenerResources.pool.tls_enabled = true;
+        listenerResources.pool.tls_ciphers = "A:B:C";
+        model.initialize('pool', 'poolId', 'loadbalancerId');
+        scope.$apply();
+      });
+
+      it('should set final spec properties', function() {
+
+        var finalSpec = model.submit();
+
+        expect(finalSpec.loadbalancer).toBeUndefined();
+        expect(finalSpec.listener).toBeUndefined();
+
+        expect(finalSpec.pool.name).toBe('Pool 1');
+        expect(finalSpec.pool.description).toBe('pool description');
+        expect(finalSpec.pool.protocol).toBe('HTTP');
+        expect(finalSpec.pool.lb_algorithm).toBe('ROUND_ROBIN');
+        expect(finalSpec.pool.session_persistence.type).toBe('APP_COOKIE');
+        expect(finalSpec.pool.session_persistence.cookie_name).toBe('cookie_name');
+        expect(finalSpec.pool.tls_enabled).toBe(true);
+        expect(finalSpec.pool.tls_ciphers).toBe("A:B:C");
 
         expect(finalSpec.members.length).toBe(2);
         expect(finalSpec.members[0].id).toBe('1234');
diff --git a/octavia_dashboard/static/dashboard/project/lbaasv2/workflow/pool/pool.help.html b/octavia_dashboard/static/dashboard/project/lbaasv2/workflow/pool/pool.help.html
index 3d04a07a..b2c9223b 100644
--- a/octavia_dashboard/static/dashboard/project/lbaasv2/workflow/pool/pool.help.html
+++ b/octavia_dashboard/static/dashboard/project/lbaasv2/workflow/pool/pool.help.html
@@ -42,6 +42,13 @@
     </li>
   </ul>
 </p>
+<p>
+  <strong translate>TLS Enabled:</strong>
+  <translate>
+  Enable TLS for backend re-encryption, communications between the load
+  balancer and the member servers are encrypted.
+  </translate>
+</p>
 <p>
   <strong translate>TLS Cipher String:</strong>
   <translate>
diff --git a/octavia_dashboard/static/dashboard/project/lbaasv2/workflow/pool/pool.html b/octavia_dashboard/static/dashboard/project/lbaasv2/workflow/pool/pool.html
index 4f46eb69..cc855dc1 100644
--- a/octavia_dashboard/static/dashboard/project/lbaasv2/workflow/pool/pool.html
+++ b/octavia_dashboard/static/dashboard/project/lbaasv2/workflow/pool/pool.html
@@ -86,6 +86,24 @@
 
   <div class="row">
 
+    <div class="col-xs-12 col-sm-8 col-md-6">
+      <div class="form-group">
+        <label class="control-label required" translate>TLS Enabled</label>
+        <div class="form-field">
+          <div class="btn-group">
+            <label class="btn btn-default"
+                   ng-repeat="option in model.yesNoOptions"
+                   ng-model="model.spec.pool.tls_enabled"
+                   uib-btn-radio="option.value">{$ ::option.label $}</label>
+          </div>
+        </div>
+      </div>
+    </div>
+
+  </div>
+
+  <div class="row" ng-if="model.spec.pool.tls_enabled">
+
     <div class="col-xs-12 col-sm-8 col-md-6">
       <div class="form-group"
            ng-class="{ 'has-error': poolDetailsForm.tls_ciphers.$invalid && poolDetailsForm.tls_ciphers.$dirty }">
diff --git a/releasenotes/notes/add-tls_enabled-support-for-pools-449e39f851535839.yaml b/releasenotes/notes/add-tls_enabled-support-for-pools-449e39f851535839.yaml
new file mode 100644
index 00000000..bae319d1
--- /dev/null
+++ b/releasenotes/notes/add-tls_enabled-support-for-pools-449e39f851535839.yaml
@@ -0,0 +1,5 @@
+---
+features:
+  - |
+    Add TLS Enabled switch in the pool control form, allowing to enable/disable
+    TLS communications between a load balancer and its members.
diff --git a/requirements.txt b/requirements.txt
index e455f2e1..2843d5ff 100644
--- a/requirements.txt
+++ b/requirements.txt
@@ -4,7 +4,7 @@
 
 horizon>=17.1.0 # Apache-2.0
 Babel!=2.4.0,>=2.3.4 # BSD
-openstacksdk>=0.46.0 # Apache-2.0
+openstacksdk>=0.53.0 # Apache-2.0
 oslo.log>=3.36.0 # Apache-2.0
 pbr!=2.1.0,>=2.0.0 # Apache-2.0
 python-barbicanclient>=4.5.2 # Apache-2.0