From 6b55d6219612472e23674bdb4fcbff394022f5fc Mon Sep 17 00:00:00 2001 From: Carlos Goncalves Date: Mon, 4 Mar 2019 18:19:31 +0100 Subject: [PATCH] Sync data models and import new constants from Octavia Recent TLS encryption, L7policy and health monitor work in Octavia added a few new constants. This patch imports those constants and updates the data models. Story: 2005136 Task: 29823 Change-Id: Idcb87a69cdf725aa4c4ced4102d395149d5fa8d0 --- octavia_lib/api/drivers/data_models.py | 30 ++++++++++++++++--- octavia_lib/common/constants.py | 14 ++++++++- .../unit/api/drivers/test_data_models.py | 28 +++++++++++++---- 3 files changed, 61 insertions(+), 11 deletions(-) diff --git a/octavia_lib/api/drivers/data_models.py b/octavia_lib/api/drivers/data_models.py index 8829ce4..ce88b85 100644 --- a/octavia_lib/api/drivers/data_models.py +++ b/octavia_lib/api/drivers/data_models.py @@ -133,7 +133,10 @@ class Listener(BaseDataModel): protocol_port=Unset, sni_container_refs=Unset, sni_container_data=Unset, timeout_client_data=Unset, timeout_member_connect=Unset, timeout_member_data=Unset, - timeout_tcp_inspect=Unset): + timeout_tcp_inspect=Unset, client_ca_tls_container_ref=Unset, + client_ca_tls_container_data=Unset, + client_authentication=Unset, client_crl_container_ref=Unset, + client_crl_container_data=Unset): self.admin_state_up = admin_state_up self.connection_limit = connection_limit @@ -155,6 +158,11 @@ class Listener(BaseDataModel): self.timeout_member_connect = timeout_member_connect self.timeout_member_data = timeout_member_data self.timeout_tcp_inspect = timeout_tcp_inspect + self.client_ca_tls_container_ref = client_ca_tls_container_ref + self.client_ca_tls_container_data = client_ca_tls_container_data + self.client_authentication = client_authentication + self.client_crl_container_ref = client_crl_container_ref + self.client_crl_container_data = client_crl_container_data class Pool(BaseDataModel): @@ -162,7 +170,10 @@ class Pool(BaseDataModel): healthmonitor=Unset, lb_algorithm=Unset, loadbalancer_id=Unset, members=Unset, name=Unset, pool_id=Unset, listener_id=Unset, protocol=Unset, - session_persistence=Unset): + session_persistence=Unset, tls_container_ref=Unset, + tls_container_data=Unset, ca_tls_container_ref=Unset, + ca_tls_container_data=Unset, crl_container_ref=Unset, + crl_container_data=Unset, tls_enabled=Unset): self.admin_state_up = admin_state_up self.description = description @@ -175,6 +186,13 @@ class Pool(BaseDataModel): self.listener_id = listener_id self.protocol = protocol self.session_persistence = session_persistence + self.tls_container_ref = tls_container_ref + self.tls_container_data = tls_container_data + self.ca_tls_container_ref = ca_tls_container_ref + self.ca_tls_container_data = ca_tls_container_data + self.crl_container_ref = crl_container_ref + self.crl_container_data = crl_container_data + self.tls_enabled = tls_enabled class Member(BaseDataModel): @@ -200,7 +218,8 @@ class HealthMonitor(BaseDataModel): def __init__(self, admin_state_up=Unset, delay=Unset, expected_codes=Unset, healthmonitor_id=Unset, http_method=Unset, max_retries=Unset, max_retries_down=Unset, name=Unset, pool_id=Unset, - timeout=Unset, type=Unset, url_path=Unset): + timeout=Unset, type=Unset, url_path=Unset, http_version=Unset, + domain_name=Unset): self.admin_state_up = admin_state_up self.delay = delay @@ -214,13 +233,15 @@ class HealthMonitor(BaseDataModel): self.timeout = timeout self.type = type self.url_path = url_path + self.http_version = http_version + self.domain_name = domain_name class L7Policy(BaseDataModel): def __init__(self, action=Unset, admin_state_up=Unset, description=Unset, l7policy_id=Unset, listener_id=Unset, name=Unset, position=Unset, redirect_pool_id=Unset, redirect_url=Unset, - rules=Unset, redirect_prefix=Unset): + rules=Unset, redirect_prefix=Unset, redirect_http_code=Unset): self.action = action self.admin_state_up = admin_state_up @@ -233,6 +254,7 @@ class L7Policy(BaseDataModel): self.redirect_url = redirect_url self.rules = rules self.redirect_prefix = redirect_prefix + self.redirect_http_code = redirect_http_code class L7Rule(BaseDataModel): diff --git a/octavia_lib/common/constants.py b/octavia_lib/common/constants.py index cdeb6ec..aa8720d 100644 --- a/octavia_lib/common/constants.py +++ b/octavia_lib/common/constants.py @@ -99,9 +99,15 @@ L7RULE_TYPE_PATH = 'PATH' L7RULE_TYPE_FILE_TYPE = 'FILE_TYPE' L7RULE_TYPE_HEADER = 'HEADER' L7RULE_TYPE_COOKIE = 'COOKIE' +L7RULE_TYPE_SSL_CONN_HAS_CERT = 'SSL_CONN_HAS_CERT' +L7RULE_TYPE_SSL_VERIFY_RESULT = 'SSL_VERIFY_RESULT' +L7RULE_TYPE_SSL_DN_FIELD = 'SSL_DN_FIELD' SUPPORTED_L7RULE_TYPES = (L7RULE_TYPE_HOST_NAME, L7RULE_TYPE_PATH, L7RULE_TYPE_FILE_TYPE, L7RULE_TYPE_HEADER, - L7RULE_TYPE_COOKIE) + L7RULE_TYPE_COOKIE, L7RULE_TYPE_SSL_CONN_HAS_CERT, + L7RULE_TYPE_SSL_VERIFY_RESULT, + L7RULE_TYPE_SSL_DN_FIELD) +DISTINGUISHED_NAME_FIELD_REGEX = '^([a-zA-Z][A-Za-z0-9-]*)$' LB_ALGORITHM_ROUND_ROBIN = 'ROUND_ROBIN' LB_ALGORITHM_LEAST_CONNECTIONS = 'LEAST_CONNECTIONS' @@ -157,3 +163,9 @@ SUPPORTED_SP_TYPES = (SESSION_PERSISTENCE_SOURCE_IP, SUPPORTED_HTTP_HEADERS = ['X-Forwarded-For', 'X-Forwarded-Port', 'X-Forwarded-Proto'] + +# List of SSL headers for client certificate +SUPPORTED_SSL_HEADERS = ['X-SSL-Client-Verify', 'X-SSL-Client-Has-Cert', + 'X-SSL-Client-DN', 'X-SSL-Client-CN', + 'X-SSL-Issuer', 'X-SSL-Client-SHA1', + 'X-SSL-Client-Not-Before', 'X-SSL-Client-Not-After'] diff --git a/octavia_lib/tests/unit/api/drivers/test_data_models.py b/octavia_lib/tests/unit/api/drivers/test_data_models.py index f2c353f..b3d1e59 100644 --- a/octavia_lib/tests/unit/api/drivers/test_data_models.py +++ b/octavia_lib/tests/unit/api/drivers/test_data_models.py @@ -66,7 +66,8 @@ class TestProviderDataModels(base.TestCase): redirect_pool_id=self.pool_id, redirect_url='/test', rules=[self.ref_l7rule], - redirect_prefix='http://example.com') + redirect_prefix='http://example.com', + redirect_http_code=301) self.ref_listener = data_models.Listener( admin_state_up=True, @@ -89,7 +90,12 @@ class TestProviderDataModels(base.TestCase): timeout_client_data=3, timeout_member_connect=4, timeout_member_data=5, - timeout_tcp_inspect=6) + timeout_tcp_inspect=6, + client_authentication=None, + client_ca_tls_container_data=None, + client_ca_tls_container_ref=None, + client_crl_container_data=None, + client_crl_container_ref=None) self.ref_lb = data_models.LoadBalancer( admin_state_up=False, @@ -137,7 +143,9 @@ class TestProviderDataModels(base.TestCase): pool_id=self.pool_id, timeout=4, type='HTTP', - url_path='/test') + url_path='/test', + http_version=1.1, + domain_name='testdomainname.com') self.ref_pool = data_models.Pool( admin_state_up=True, @@ -171,7 +179,8 @@ class TestProviderDataModels(base.TestCase): 'redirect_pool_id': self.pool_id, 'redirect_url': '/test', 'rules': [self.ref_l7rule_dict], - 'redirect_prefix': 'http://example.com'} + 'redirect_prefix': 'http://example.com', + 'redirect_http_code': 301} self.ref_lb_dict = {'project_id': self.project_id, 'flavor': {'cake': 'chocolate'}, @@ -206,7 +215,12 @@ class TestProviderDataModels(base.TestCase): 'timeout_client_data': 3, 'timeout_member_connect': 4, 'timeout_member_data': 5, - 'timeout_tcp_inspect': 6} + 'timeout_tcp_inspect': 6, + 'client_authentication': None, + 'client_ca_tls_container_data': None, + 'client_ca_tls_container_ref': None, + 'client_crl_container_data': None, + 'client_crl_container_ref': None, } self.ref_lb_dict_with_listener = { 'admin_state_up': False, @@ -254,7 +268,9 @@ class TestProviderDataModels(base.TestCase): 'pool_id': self.pool_id, 'timeout': 4, 'type': 'HTTP', - 'url_path': '/test'} + 'url_path': '/test', + 'http_version': 1.1, + 'domain_name': 'testdomainname.com'} self.ref_pool_dict = { 'admin_state_up': True,