From 5157219107c4d940922dfc80cc4b04119ec0d5cf Mon Sep 17 00:00:00 2001
From: Akihiro Motoki <amotoki@gmail.com>
Date: Mon, 17 Dec 2018 04:25:03 +0900
Subject: [PATCH] Support alrogithms other than sha1

neutron-vpnaas now supports sha1, sha256, sha384, sha512
for IKE policy auth_algorithm and IPsec policy auth_algorithm.

Change-Id: I7d8f3116500230113f66de71a781d13f3ca7b2d9
Closes-Bug: #1803386
---
 .../dashboards/project/vpn/forms.py                | 13 ++++++++-----
 .../vpn/templates/vpn/_add_ike_policy_help.html    |  3 ++-
 .../vpn/templates/vpn/_add_ipsec_policy_help.html  |  4 ++--
 .../dashboards/project/vpn/workflows.py            | 14 ++++++++++++--
 .../notes/auth-algorithm-fbfe0831ab8dc346.yaml     |  6 ++++++
 5 files changed, 30 insertions(+), 10 deletions(-)
 create mode 100644 releasenotes/notes/auth-algorithm-fbfe0831ab8dc346.yaml

diff --git a/neutron_vpnaas_dashboard/dashboards/project/vpn/forms.py b/neutron_vpnaas_dashboard/dashboards/project/vpn/forms.py
index b737807..7c70543 100644
--- a/neutron_vpnaas_dashboard/dashboards/project/vpn/forms.py
+++ b/neutron_vpnaas_dashboard/dashboards/project/vpn/forms.py
@@ -92,11 +92,12 @@ class UpdateIKEPolicy(forms.SelfHandlingForm):
     name = forms.CharField(max_length=80, label=_("Name"), required=False)
     description = forms.CharField(
         required=False, max_length=80, label=_("Description"))
-    # Currently this field has only one choice, so mark it as readonly.
     auth_algorithm = forms.ThemableChoiceField(
         label=_("Authorization algorithm"),
-        choices=[('sha1', _('sha1'))],
-        widget=forms.TextInput(attrs={'readonly': 'readonly'}),
+        choices=[('sha1', _('sha1')),
+                 ('sha256', _('sha256')),
+                 ('sha384', _('sha384')),
+                 ('sha512', _('sha512'))],
         required=False)
     encryption_algorithm = forms.ThemableChoiceField(
         label=_("Encryption algorithm"),
@@ -171,8 +172,10 @@ class UpdateIPsecPolicy(forms.SelfHandlingForm):
     # Currently this field has only one choice, so mark it as readonly.
     auth_algorithm = forms.ThemableChoiceField(
         label=_("Authorization algorithm"),
-        choices=[('sha1', _('sha1'))],
-        widget=forms.TextInput(attrs={'readonly': 'readonly'}),
+        choices=[('sha1', _('sha1')),
+                 ('sha256', _('sha256')),
+                 ('sha384', _('sha384')),
+                 ('sha512', _('sha512'))],
         required=False)
     encapsulation_mode = forms.ThemableChoiceField(
         label=_("Encapsulation mode"),
diff --git a/neutron_vpnaas_dashboard/dashboards/project/vpn/templates/vpn/_add_ike_policy_help.html b/neutron_vpnaas_dashboard/dashboards/project/vpn/templates/vpn/_add_ike_policy_help.html
index 9530618..d375243 100644
--- a/neutron_vpnaas_dashboard/dashboards/project/vpn/templates/vpn/_add_ike_policy_help.html
+++ b/neutron_vpnaas_dashboard/dashboards/project/vpn/templates/vpn/_add_ike_policy_help.html
@@ -5,8 +5,9 @@
 <dl class="dl-readable">
   <dt>{% trans 'Authorization algorithm' %}</dt>
   <dd>{% trans 'Auth algorithm limited to SHA1 only.' %}</dd>
+  <dd>{% trans 'Valid algorithms are sha1, sha256, sha384 and sha512.' %}</dd>
   <dt>{% trans 'Encryption algorithm' %}</dt>
-  <dd>{% trans 'The type of algorithm (3des, aes-128, aes-192, aes-256) used in the IKE policy.' %}</dd>
+  <dd>{% trans 'Valid algorithms are 3des, aes-128, aes-192 and aes-256.' %}</dd>
   <dt>{% trans 'IKE version' %}</dt>
   <dd>{% trans 'The type of version (v1/v2) that needs to be filtered.' %}</dd>
   <dt>{% trans 'Lifetime' %}</dt>
diff --git a/neutron_vpnaas_dashboard/dashboards/project/vpn/templates/vpn/_add_ipsec_policy_help.html b/neutron_vpnaas_dashboard/dashboards/project/vpn/templates/vpn/_add_ipsec_policy_help.html
index 9b9fa5b..7883846 100644
--- a/neutron_vpnaas_dashboard/dashboards/project/vpn/templates/vpn/_add_ipsec_policy_help.html
+++ b/neutron_vpnaas_dashboard/dashboards/project/vpn/templates/vpn/_add_ipsec_policy_help.html
@@ -4,11 +4,11 @@
 <p>{% trans 'An IPsec policy is an association of the following attributes' %}</p>
 <dl class="dl-readable">
   <dt>{% trans 'Authorization algorithm' %}</dt>
-  <dd>{% trans 'Auth algorithm limited to SHA1 only.' %}</dd>
+  <dd>{% trans 'Valid algorithms are sha1, sha256, sha384 and sha512.' %}</dd>
   <dt>{% trans 'Encapsulation mode' %}</dt>
   <dd>{% trans 'The type of IPsec tunnel (tunnel/transport) to be used.' %}</dd>
   <dt>{% trans 'Encryption algorithm' %}</dt>
-  <dd>{% trans 'The type of algorithm (3des, aes-128, aes-192, aes-256) used in the IPsec policy.' %}</dd>
+  <dd>{% trans 'Valid algorithms are 3des, aes-128, aes-192 and aes-256.' %}</dd>
   <dt>{% trans 'Lifetime' %}</dt>
   <dd>{% trans "Life time consists of units and value. Units in 'seconds' and the default value is 3600." %}</dd>
   <dt>{% trans 'Perfect Forward Secrecy' %}</dt>
diff --git a/neutron_vpnaas_dashboard/dashboards/project/vpn/workflows.py b/neutron_vpnaas_dashboard/dashboards/project/vpn/workflows.py
index 36cf298..f93108d 100644
--- a/neutron_vpnaas_dashboard/dashboards/project/vpn/workflows.py
+++ b/neutron_vpnaas_dashboard/dashboards/project/vpn/workflows.py
@@ -249,7 +249,12 @@ class AddIKEPolicyAction(workflows.Action):
     def __init__(self, request, *args, **kwargs):
         super(AddIKEPolicyAction, self).__init__(request, *args, **kwargs)
 
-        auth_algorithm_choices = [("sha1", "sha1")]
+        auth_algorithm_choices = [
+            ("sha1", "sha1"),
+            ('sha256', _('sha256')),
+            ('sha384', _('sha384')),
+            ('sha512', _('sha512')),
+        ]
         self.fields['auth_algorithm'].choices = auth_algorithm_choices
         # Currently this field has only one choice, so mark it as readonly.
         self.fields['auth_algorithm'].widget.attrs['readonly'] = True
@@ -352,7 +357,12 @@ class AddIPsecPolicyAction(workflows.Action):
     def __init__(self, request, *args, **kwargs):
         super(AddIPsecPolicyAction, self).__init__(request, *args, **kwargs)
 
-        auth_algorithm_choices = [("sha1", "sha1")]
+        auth_algorithm_choices = [
+            ("sha1", "sha1"),
+            ('sha256', _('sha256')),
+            ('sha384', _('sha384')),
+            ('sha512', _('sha512')),
+        ]
         self.fields['auth_algorithm'].choices = auth_algorithm_choices
         # Currently this field has only one choice, so mark it as readonly.
         self.fields['auth_algorithm'].widget.attrs['readonly'] = True
diff --git a/releasenotes/notes/auth-algorithm-fbfe0831ab8dc346.yaml b/releasenotes/notes/auth-algorithm-fbfe0831ab8dc346.yaml
new file mode 100644
index 0000000..d709b3f
--- /dev/null
+++ b/releasenotes/notes/auth-algorithm-fbfe0831ab8dc346.yaml
@@ -0,0 +1,6 @@
+---
+features:
+  - |
+    neutron-vpnaas-dashboard now supports all auth algorithms.
+    neutron-vpnaas supports sha1, sha256, sha384, sha512
+    for IKE policy auth_algorithm and IPsec policy auth_algorithm.