Add 2 new options to Pool for support backend certificates validation
This patch add 2 new options, which are '--ca-tls-container-ref' and '--crl-container-ref' into Pool CLI. '--ca-tls-container-ref' will store the ca certificate used by backend servers. '--crl-container-ref' will store the revocation list file. Change-Id: I8da1c081549433fcc3d99a7675886d5167720125 Story: 2003858 Task: 26679 Depends-On: https://review.openstack.org/#/c/614447/
This commit is contained in:
parent
594a0939a0
commit
be64125af7
|
@ -101,7 +101,9 @@ POOL_ROWS = (
|
|||
'provisioning_status',
|
||||
'session_persistence',
|
||||
'updated_at',
|
||||
'tls_container_ref')
|
||||
'tls_container_ref',
|
||||
'ca_tls_container_ref',
|
||||
'crl_container_ref')
|
||||
|
||||
POOL_COLUMNS = (
|
||||
'id',
|
||||
|
|
|
@ -94,6 +94,20 @@ class CreatePool(command.ShowOne):
|
|||
"containing the certificate and key for ``tls_enabled``"
|
||||
"pools to re-encrpt the traffic to backend member servers."
|
||||
)
|
||||
parser.add_argument(
|
||||
'--ca-tls-container-ref',
|
||||
metavar='<ca_tls_container_ref>',
|
||||
help="The reference to the key manager service secrets container "
|
||||
"containing the CA certificate for ``tls_enabled`` pools "
|
||||
"to check the backend member servers certificates"
|
||||
)
|
||||
parser.add_argument(
|
||||
'--crl-container-ref',
|
||||
metavar='<crl_container_ref>',
|
||||
help="The reference to the key manager service secrets container "
|
||||
"containting the CA revocation list file for ``tls_enabled`` "
|
||||
"pools to validate the backend member servers certificates."
|
||||
)
|
||||
|
||||
return parser
|
||||
|
||||
|
@ -247,6 +261,21 @@ class SetPool(command.Command):
|
|||
"pools to re-encrpt the traffic from TERMINATED_TLS "
|
||||
"listener to backend servers."
|
||||
)
|
||||
parser.add_argument(
|
||||
'--ca-tls-container-ref',
|
||||
metavar='<ca_tls_container_ref>',
|
||||
help="The URI to the key manager service secrets container "
|
||||
"containing the CA certificate for TERMINATED_TLS listeners "
|
||||
"to check the backend servers certificates in ssl traffic."
|
||||
)
|
||||
parser.add_argument(
|
||||
'--crl-container-ref',
|
||||
metavar='<crl_container_ref>',
|
||||
help="The URI to the key manager service secrets container "
|
||||
"containting the CA revocation list file for TERMINATED_TLS "
|
||||
"listeners to valid the backend servers certificates in ssl "
|
||||
"traffic."
|
||||
)
|
||||
|
||||
return parser
|
||||
|
||||
|
|
|
@ -255,6 +255,10 @@ def get_pool_attrs(client_manager, parsed_args):
|
|||
'disable': ('admin_state_up', lambda x: False),
|
||||
'tls_container_ref': ('tls_container_ref',
|
||||
_format_str_if_need_treat_unset),
|
||||
'ca_tls_container_ref': ('ca_tls_container_ref',
|
||||
_format_str_if_need_treat_unset),
|
||||
'crl_container_ref': ('crl_container_ref',
|
||||
_format_str_if_need_treat_unset),
|
||||
}
|
||||
|
||||
_attrs = vars(parsed_args)
|
||||
|
|
|
@ -147,7 +147,9 @@ POOL_ATTRS = {
|
|||
"project_id": uuidutils.generate_uuid(dashed=True),
|
||||
"protocol": "HTTP",
|
||||
"provisioning_status": "ACTIVE",
|
||||
"tls_container_ref": uuidutils.generate_uuid()
|
||||
"tls_container_ref": uuidutils.generate_uuid(),
|
||||
"ca_tls_container_ref": uuidutils.generate_uuid(),
|
||||
"crl_container_ref": uuidutils.generate_uuid()
|
||||
}
|
||||
|
||||
QUOTA_ATTRS = {
|
||||
|
|
|
@ -105,14 +105,18 @@ class TestPoolCreate(TestPool):
|
|||
'--name', self._po.name,
|
||||
'--protocol', 'HTTP',
|
||||
'--lb-algorithm', 'ROUND_ROBIN',
|
||||
'--tls-container-ref', self._po.tls_container_ref]
|
||||
'--tls-container-ref', self._po.tls_container_ref,
|
||||
'--ca-tls-container-ref', self._po.ca_tls_container_ref,
|
||||
'--crl-container-ref', self._po.crl_container_ref]
|
||||
|
||||
verifylist = [
|
||||
('loadbalancer', 'mock_lb_id'),
|
||||
('name', self._po.name),
|
||||
('protocol', 'HTTP'),
|
||||
('lb_algorithm', 'ROUND_ROBIN'),
|
||||
('tls_container_ref', self._po.tls_container_ref)
|
||||
('tls_container_ref', self._po.tls_container_ref),
|
||||
('ca_tls_container_ref', self._po.ca_tls_container_ref),
|
||||
('crl_container_ref', self._po.crl_container_ref)
|
||||
]
|
||||
|
||||
parsed_args = self.check_parser(self.cmd, arglist, verifylist)
|
||||
|
@ -149,16 +153,20 @@ class TestPoolSet(TestPool):
|
|||
self.cmd = pool.SetPool(self.app, None)
|
||||
|
||||
def test_pool_set(self):
|
||||
new_tls_id = 'test-tls-container-id'
|
||||
new_tls_id, new_ca_id, new_crl_id = (
|
||||
'test-tls-container-id', 'test-ca-tls-container-id',
|
||||
'test-crl-container-id')
|
||||
arglist = [self._po.id, '--name', 'new_name', '--tls-container-ref',
|
||||
new_tls_id]
|
||||
new_tls_id, '--ca-tls-container-ref', new_ca_id,
|
||||
'--crl-container-ref', new_crl_id]
|
||||
verifylist = [
|
||||
('pool', self._po.id),
|
||||
('name', 'new_name')
|
||||
]
|
||||
|
||||
parsed_args = self.check_parser(self.cmd, arglist, verifylist)
|
||||
self.cmd.take_action(parsed_args)
|
||||
self.api_mock.pool_set.assert_called_with(
|
||||
self._po.id, json={'pool': {'name': 'new_name',
|
||||
'tls_container_ref': new_tls_id}})
|
||||
'tls_container_ref': new_tls_id,
|
||||
'ca_tls_container_ref': new_ca_id,
|
||||
'crl_container_ref': new_crl_id}})
|
||||
|
|
Loading…
Reference in New Issue