Add the SSH security section to UI

This change adds the new section with new checkbox as a separate control instead of the toggleable section because of the description which should be available even if the section is disabled (default). DocImpact Change-Id: I34c9907d781b81253ed6942c67b16f8480de3bb5 Partial-Bug: #1419657 Signed-off-by: Maksim Malchuk <mmalchuk@mirantis.com>
2016-07-12 11:39:08 +03:00 · 2016-07-12 11:39:08 +03:00 · 38ec2bea08
parent e84303dc33
commit 38ec2bea08
2 changed files with 34 additions and 0 deletions
--- a/nailgun/nailgun/fixtures/openstack.yaml
+++ b/nailgun/nailgun/fixtures/openstack.yaml
@ -1352,6 +1352,35 @@
            restrictions:
              - condition: "settings:public_ssl.horizon.value == false and settings:public_ssl.services.value == false"
                action: "hide"
+        ssh:
+          metadata:
+            label: "SSH security"
+            weight: 120
+            group: "security"
+            toggleable: false
+            enabled: true
+          security_enabled:
+            value: false
+            label: "Restrict SSH service on network"
+            description: |
+              NOTE: When enabled, provide at least one working IP address (the Fuel Master node IP is already added).
+              We recommend adding new addresses instead of replacing the provided Fuel Master node IP.
+              When disabled (by default), the admin, management, and storage networks are only allowed to connect to the SSH service.
+            weight: 10
+            type: "checkbox"
+          security_networks:
+            value:
+              - "{settings.MASTER_IP}"
+            label: "Restrict access to"
+            description: "IPv4/CIDR address"
+            weight: 20
+            type: "text_list"
+            regex:
+              source: &ipv4_cidr_regex '^(([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])\.){3}([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])(\/([0-9]|[1-2][0-9]|3[0-2]))*$'
+              error: "Invalid IPv4/CIDR address"
+            restrictions:
+              - condition: "settings:ssh.security_enabled.value == false"
+                action: "hide"
        kernel_params:
          metadata:
            label: "Kernel parameters"
--- a/nailgun/nailgun/statistics/fuel_statistics/installation_info.py
+++ b/nailgun/nailgun/statistics/fuel_statistics/installation_info.py
@ -155,6 +155,11 @@ class InstallationInfo(object):
                      'public_ssl_services', None),
        WhiteListRule(('public_ssl', 'cert_source', 'value'),
                      'public_ssl_cert_source', None),
+
+        WhiteListRule(('ssh', 'security_enabled', 'value'),
+                      'security_enabled', bool),
+        WhiteListRule(('ssh', 'security_networks', 'value'),
+                      'security_networks', None),
    )

    vmware_attributes_white_list = (