Add TLS enabled support for pools

Bump openstacksdk to 0.53.0, it provides the tls_enabled flag for
Octavia pools.

Story 2008368
Task 41277

Change-Id: I41559e3f2d13e5adbb850f28f058b72404e28124
This commit is contained in:
Gregory Thiemonge 2020-11-19 09:25:46 +01:00
parent daae6d1fcd
commit 400c1194e0
11 changed files with 94 additions and 6 deletions

View File

@ -41,7 +41,7 @@ msgpack-python==0.4.0
munch==2.1.0 munch==2.1.0
netaddr==0.7.18 netaddr==0.7.18
netifaces==0.10.4 netifaces==0.10.4
openstacksdk==0.46.0 openstacksdk==0.53.0
os-client-config==1.28.0 os-client-config==1.28.0
os-service-types==1.7.0 os-service-types==1.7.0
osc-lib==1.8.0 osc-lib==1.8.0
@ -86,7 +86,7 @@ python-novaclient==9.1.0
python-subunit==1.0.0 python-subunit==1.0.0
python-swiftclient==3.2.0 python-swiftclient==3.2.0
pytz==2013.6 pytz==2013.6
PyYAML==3.12 PyYAML==3.13
rcssmin==1.0.6 rcssmin==1.0.6
repoze.lru==0.7 repoze.lru==0.7
requests==2.14.2 requests==2.14.2

View File

@ -255,6 +255,7 @@ def create_pool(request, **kwargs):
name=data['pool'].get('name'), name=data['pool'].get('name'),
description=data['pool'].get('description'), description=data['pool'].get('description'),
admin_state_up=data['pool'].get('admin_state_up'), admin_state_up=data['pool'].get('admin_state_up'),
tls_enabled=data['pool'].get('tls_enabled'),
# Replace empty string by None (uses default tls cipher string) # Replace empty string by None (uses default tls cipher string)
tls_ciphers=data['pool'].get('tls_ciphers') or None, tls_ciphers=data['pool'].get('tls_ciphers') or None,
) )
@ -534,6 +535,7 @@ def update_pool(request, **kwargs):
name=data['pool'].get('name'), name=data['pool'].get('name'),
description=data['pool'].get('description'), description=data['pool'].get('description'),
admin_state_up=data['pool'].get('admin_state_up'), admin_state_up=data['pool'].get('admin_state_up'),
tls_enabled=data['pool'].get('tls_enabled'),
# Replace empty string by None (uses default tls cipher string) # Replace empty string by None (uses default tls cipher string)
tls_ciphers=data['pool'].get('tls_ciphers') or None, tls_ciphers=data['pool'].get('tls_ciphers') or None,
) )

View File

@ -52,7 +52,7 @@
item="ctrl.pool" item="ctrl.pool"
property-groups="[[ property-groups="[[
'id', 'name', 'description', 'project_id', 'created_at', 'updated_at', 'id', 'name', 'description', 'project_id', 'created_at', 'updated_at',
'session_persistence', 'health_monitor_id', 'tls_ciphers']]"> 'session_persistence', 'health_monitor_id', 'tls_enabled', 'tls_ciphers']]">
</hz-resource-property-list> </hz-resource-property-list>
</div> </div>
</uib-tab> </uib-tab>

View File

@ -5,5 +5,5 @@
['name', 'id', 'project_id'], ['name', 'id', 'project_id'],
['created_at', 'updated_at', 'description'], ['created_at', 'updated_at', 'description'],
['protocol', 'lb_algorithm', 'session_persistence'], ['protocol', 'lb_algorithm', 'session_persistence'],
['health_monitor_id']]"> ['health_monitor_id', 'tls_enabled']]">
</hz-resource-property-list> </hz-resource-property-list>

View File

@ -176,6 +176,10 @@
loadbalancers: gettext('Load Balancers'), loadbalancers: gettext('Load Balancers'),
listeners: gettext('Listeners'), listeners: gettext('Listeners'),
members: gettext('Members'), members: gettext('Members'),
tls_enabled: {
label: gettext('TLS Enabled'),
filters: ['yesno']
},
tls_ciphers: gettext('TLS Cipher String') tls_ciphers: gettext('TLS Cipher String')
}; };
} }

View File

@ -203,6 +203,7 @@
cookie_name: null cookie_name: null
}, },
admin_state_up: true, admin_state_up: true,
tls_enabled: false,
tls_ciphers: null tls_ciphers: null
}, },
monitor: { monitor: {
@ -539,6 +540,9 @@
// otherwise has to match it. // otherwise has to match it.
var protocol = finalSpec.listener ? finalSpec.listener.protocol : finalSpec.pool.protocol; var protocol = finalSpec.listener ? finalSpec.listener.protocol : finalSpec.pool.protocol;
finalSpec.pool.protocol = protocol === 'TERMINATED_HTTPS' ? 'HTTP' : protocol; finalSpec.pool.protocol = protocol === 'TERMINATED_HTTPS' ? 'HTTP' : protocol;
if (!finalSpec.pool.tls_enabled) {
delete finalSpec.pool.tls_ciphers;
}
if (angular.isObject(finalSpec.pool.session_persistence)) { if (angular.isObject(finalSpec.pool.session_persistence)) {
if (!finalSpec.pool.session_persistence.type) { if (!finalSpec.pool.session_persistence.type) {
finalSpec.pool.session_persistence = null; finalSpec.pool.session_persistence = null;
@ -841,6 +845,7 @@
spec.lb_algorithm = pool.lb_algorithm; spec.lb_algorithm = pool.lb_algorithm;
spec.admin_state_up = pool.admin_state_up; spec.admin_state_up = pool.admin_state_up;
spec.session_persistence = pool.session_persistence; spec.session_persistence = pool.session_persistence;
spec.tls_enabled = pool.tls_enabled;
spec.tls_ciphers = pool.tls_ciphers; spec.tls_ciphers = pool.tls_ciphers;
} }

View File

@ -1301,7 +1301,7 @@
expect(Object.keys(model.spec.listener).length).toBe(16); expect(Object.keys(model.spec.listener).length).toBe(16);
expect(Object.keys(model.spec.l7policy).length).toBe(8); expect(Object.keys(model.spec.l7policy).length).toBe(8);
expect(Object.keys(model.spec.l7rule).length).toBe(7); expect(Object.keys(model.spec.l7rule).length).toBe(7);
expect(Object.keys(model.spec.pool).length).toBe(8); expect(Object.keys(model.spec.pool).length).toBe(9);
expect(Object.keys(model.spec.monitor).length).toBe(11); expect(Object.keys(model.spec.monitor).length).toBe(11);
expect(model.spec.members).toEqual([]); expect(model.spec.members).toEqual([]);
}); });
@ -2378,6 +2378,53 @@
expect(finalSpec.pool.lb_algorithm).toBe('ROUND_ROBIN'); expect(finalSpec.pool.lb_algorithm).toBe('ROUND_ROBIN');
expect(finalSpec.pool.session_persistence.type).toBe('APP_COOKIE'); expect(finalSpec.pool.session_persistence.type).toBe('APP_COOKIE');
expect(finalSpec.pool.session_persistence.cookie_name).toBe('cookie_name'); expect(finalSpec.pool.session_persistence.cookie_name).toBe('cookie_name');
expect(finalSpec.pool.tls_ciphers).toBeUndefined();
expect(finalSpec.members.length).toBe(2);
expect(finalSpec.members[0].id).toBe('1234');
expect(finalSpec.members[0].address).toBe('1.2.3.4');
expect(finalSpec.members[0].subnet_id).toBe('subnet-1');
expect(finalSpec.members[0].protocol_port).toBe(80);
expect(finalSpec.members[0].weight).toBe(1);
expect(finalSpec.members[1].id).toBe('5678');
expect(finalSpec.members[1].address).toBe('5.6.7.8');
expect(finalSpec.members[1].subnet_id).toBe('subnet-1');
expect(finalSpec.members[1].protocol_port).toBe(80);
expect(finalSpec.members[1].weight).toBe(1);
expect(finalSpec.monitor.type).toBe('HTTP');
expect(finalSpec.monitor.delay).toBe(1);
expect(finalSpec.monitor.max_retries).toBe(1);
expect(finalSpec.monitor.max_retries_down).toBe(1);
expect(finalSpec.monitor.timeout).toBe(1);
});
});
describe('Model submit function (edit pool tls_enabled)', function() {
beforeEach(function() {
includeChildResources = true;
listenerResources.pool.tls_enabled = true;
listenerResources.pool.tls_ciphers = "A:B:C";
model.initialize('pool', 'poolId', 'loadbalancerId');
scope.$apply();
});
it('should set final spec properties', function() {
var finalSpec = model.submit();
expect(finalSpec.loadbalancer).toBeUndefined();
expect(finalSpec.listener).toBeUndefined();
expect(finalSpec.pool.name).toBe('Pool 1');
expect(finalSpec.pool.description).toBe('pool description');
expect(finalSpec.pool.protocol).toBe('HTTP');
expect(finalSpec.pool.lb_algorithm).toBe('ROUND_ROBIN');
expect(finalSpec.pool.session_persistence.type).toBe('APP_COOKIE');
expect(finalSpec.pool.session_persistence.cookie_name).toBe('cookie_name');
expect(finalSpec.pool.tls_enabled).toBe(true);
expect(finalSpec.pool.tls_ciphers).toBe("A:B:C");
expect(finalSpec.members.length).toBe(2); expect(finalSpec.members.length).toBe(2);
expect(finalSpec.members[0].id).toBe('1234'); expect(finalSpec.members[0].id).toBe('1234');

View File

@ -42,6 +42,13 @@
</li> </li>
</ul> </ul>
</p> </p>
<p>
<strong translate>TLS Enabled:</strong>
<translate>
Enable TLS for backend re-encryption, communications between the load
balancer and the member servers are encrypted.
</translate>
</p>
<p> <p>
<strong translate>TLS Cipher String:</strong> <strong translate>TLS Cipher String:</strong>
<translate> <translate>

View File

@ -86,6 +86,24 @@
<div class="row"> <div class="row">
<div class="col-xs-12 col-sm-8 col-md-6">
<div class="form-group">
<label class="control-label required" translate>TLS Enabled</label>
<div class="form-field">
<div class="btn-group">
<label class="btn btn-default"
ng-repeat="option in model.yesNoOptions"
ng-model="model.spec.pool.tls_enabled"
uib-btn-radio="option.value">{$ ::option.label $}</label>
</div>
</div>
</div>
</div>
</div>
<div class="row" ng-if="model.spec.pool.tls_enabled">
<div class="col-xs-12 col-sm-8 col-md-6"> <div class="col-xs-12 col-sm-8 col-md-6">
<div class="form-group" <div class="form-group"
ng-class="{ 'has-error': poolDetailsForm.tls_ciphers.$invalid && poolDetailsForm.tls_ciphers.$dirty }"> ng-class="{ 'has-error': poolDetailsForm.tls_ciphers.$invalid && poolDetailsForm.tls_ciphers.$dirty }">

View File

@ -0,0 +1,5 @@
---
features:
- |
Add TLS Enabled switch in the pool control form, allowing to enable/disable
TLS communications between a load balancer and its members.

View File

@ -4,7 +4,7 @@
horizon>=17.1.0 # Apache-2.0 horizon>=17.1.0 # Apache-2.0
Babel!=2.4.0,>=2.3.4 # BSD Babel!=2.4.0,>=2.3.4 # BSD
openstacksdk>=0.46.0 # Apache-2.0 openstacksdk>=0.53.0 # Apache-2.0
oslo.log>=3.36.0 # Apache-2.0 oslo.log>=3.36.0 # Apache-2.0
pbr!=2.1.0,>=2.0.0 # Apache-2.0 pbr!=2.1.0,>=2.0.0 # Apache-2.0
python-barbicanclient>=4.5.2 # Apache-2.0 python-barbicanclient>=4.5.2 # Apache-2.0