From 484b57e43629fc3db68166fb6c1abe624a2e6a03 Mon Sep 17 00:00:00 2001 From: zhanghao Date: Tue, 23 Jun 2020 02:21:33 -0400 Subject: [PATCH] Add aggressive negotiation mode for ikepolicy The phase1 negotiation mode adds support for aggressive mode, which can be selected when creating an ikepolicy. Change-Id: Idd11861ec3d6cca09beea68832999a9f3410281e Partial-Bug: #1701413 --- .../dashboards/project/vpn/forms.py | 5 ++--- .../vpn/templates/vpn/_add_ike_policy_help.html | 2 +- .../dashboards/project/vpn/tests.py | 4 ++-- .../dashboards/project/vpn/workflows.py | 5 ++--- .../test/test_data/vpnaas_data.py | 15 +++++++++++++++ ...ressive-negotiation-mode-ad665f5cfda2e08b.yaml | 5 +++++ 6 files changed, 27 insertions(+), 9 deletions(-) create mode 100644 releasenotes/notes/add-aggressive-negotiation-mode-ad665f5cfda2e08b.yaml diff --git a/neutron_vpnaas_dashboard/dashboards/project/vpn/forms.py b/neutron_vpnaas_dashboard/dashboards/project/vpn/forms.py index 7c70543..8b46379 100644 --- a/neutron_vpnaas_dashboard/dashboards/project/vpn/forms.py +++ b/neutron_vpnaas_dashboard/dashboards/project/vpn/forms.py @@ -128,11 +128,10 @@ class UpdateIKEPolicy(forms.SelfHandlingForm): ('group5', _('group5')), ('group14', _('group14'))], required=False) - # Currently this field has only one choice, so mark it as readonly. phase1_negotiation_mode = forms.ThemableChoiceField( label=_("IKE Phase1 negotiation mode"), - choices=[('main', 'main')], - widget=forms.TextInput(attrs={'readonly': 'readonly'}), + choices=[('main', 'main'), + ('aggressive', 'aggressive')], required=False) failure_url = 'horizon:project:vpn:index' diff --git a/neutron_vpnaas_dashboard/dashboards/project/vpn/templates/vpn/_add_ike_policy_help.html b/neutron_vpnaas_dashboard/dashboards/project/vpn/templates/vpn/_add_ike_policy_help.html index 6ca9317..8b3d900 100644 --- a/neutron_vpnaas_dashboard/dashboards/project/vpn/templates/vpn/_add_ike_policy_help.html +++ b/neutron_vpnaas_dashboard/dashboards/project/vpn/templates/vpn/_add_ike_policy_help.html @@ -14,7 +14,7 @@
{% trans 'Perfect Forward Secrecy' %}
{% trans 'PFS limited to using Diffie-Hellman groups 2, 5 (default) and 14.' %}
{% trans 'IKE Phase 1 negotiation mode' %}
-
{% trans "Limited to 'main' mode only." %}
+
{% trans "Phase 1 negotiation mode limited to using 'main' and 'aggressive'." %}

{% trans "All fields are optional." %}

diff --git a/neutron_vpnaas_dashboard/dashboards/project/vpn/tests.py b/neutron_vpnaas_dashboard/dashboards/project/vpn/tests.py index ba4bf1a..9ba235e 100644 --- a/neutron_vpnaas_dashboard/dashboards/project/vpn/tests.py +++ b/neutron_vpnaas_dashboard/dashboards/project/vpn/tests.py @@ -92,12 +92,12 @@ class VPNTests(test.TestCase): def test_index_vpnservices(self): self.setup_mocks() - res = self.client.get(self.INDEX_URL) + res = self.client.get(self.INDEX_URL + '?tab=vpntabs__vpnservices') self.assertTemplateUsed(res, '%s/vpn/index.html' % self.DASHBOARD) self.assertTemplateUsed(res, 'horizon/common/_detail_table.html') - self.assertEqual(len(res.context['table'].data), + self.assertEqual(len(res.context['vpnservicestable_table'].data), len(self.vpnservices.list())) self.check_mocks() diff --git a/neutron_vpnaas_dashboard/dashboards/project/vpn/workflows.py b/neutron_vpnaas_dashboard/dashboards/project/vpn/workflows.py index 7d45c4d..19a33cb 100644 --- a/neutron_vpnaas_dashboard/dashboards/project/vpn/workflows.py +++ b/neutron_vpnaas_dashboard/dashboards/project/vpn/workflows.py @@ -282,11 +282,10 @@ class AddIKEPolicyAction(workflows.Action): self.fields['pfs'].choices = pfs_choices self.fields['pfs'].initial = "group5" - phase1_neg_mode_choices = [("main", "main")] + phase1_neg_mode_choices = [("main", "main"), + ("aggressive", "aggressive")] self.fields[ 'phase1_negotiation_mode'].choices = phase1_neg_mode_choices - # Currently this field has only one choice, so mark it as readonly. - self.fields['phase1_negotiation_mode'].widget.attrs['readonly'] = True class Meta(object): name = _("Add New IKE Policy") diff --git a/neutron_vpnaas_dashboard/test/test_data/vpnaas_data.py b/neutron_vpnaas_dashboard/test/test_data/vpnaas_data.py index 9307736..f98a84d 100644 --- a/neutron_vpnaas_dashboard/test/test_data/vpnaas_data.py +++ b/neutron_vpnaas_dashboard/test/test_data/vpnaas_data.py @@ -101,6 +101,21 @@ def data(TEST): 'encryption_algorithm': 'aes-256', 'ike_version': 'v1', 'lifetime': {'units': 'seconds', 'value': 3600}, + 'phase1_negotiation_mode': 'aggressive', + 'pfs': 'group5', + 'ipsecsiteconns': []} + TEST.api_ikepolicies.add(ikepolicy_dict) + TEST.ikepolicies.add(vpn.IKEPolicy(ikepolicy_dict)) + + # 3rd IKE policy + ikepolicy_dict = {'id': 'a1f009b7-0ffa-43a7-ba19-dcabb0b4c983', + 'tenant_id': '1', + 'name': 'ikepolicy_3', + 'description': 'ikepolicy description', + 'auth_algorithm': 'sha1', + 'encryption_algorithm': 'aes-256', + 'ike_version': 'v1', + 'lifetime': {'units': 'seconds', 'value': 3600}, 'phase1_negotiation_mode': 'main', 'pfs': 'group5', 'ipsecsiteconns': []} diff --git a/releasenotes/notes/add-aggressive-negotiation-mode-ad665f5cfda2e08b.yaml b/releasenotes/notes/add-aggressive-negotiation-mode-ad665f5cfda2e08b.yaml new file mode 100644 index 0000000..8c5527e --- /dev/null +++ b/releasenotes/notes/add-aggressive-negotiation-mode-ad665f5cfda2e08b.yaml @@ -0,0 +1,5 @@ +--- +features: + - | + The ``phase1 negotiation mode`` supports the ``aggressive`` option for IKE + policy.