diff options
| author | Feilong Wang <flwang@catalyst.net.nz> | 2020-03-05 20:50:37 +1300 |
|---|---|---|
| committer | Feilong Wang <flwang@catalyst.net.nz> | 2020-03-07 07:33:37 +1300 |
| commit | dd29c9508c7684a0badd6c29e09e0e63e9897e95 (patch) | |
| tree | 977d9721839bc6e4c9b75667e100e19b2f338296 | |
| parent | 920c4877bf8c8ad623eac11cb75a4aee65e1229e (diff) | |
| download | heat-dd29c9508c7684a0badd6c29e09e0e63e9897e95.tar.gz | |
Support allowed_cidrs for Octavia listener
Support ``allowed_cidrs`` property for the resource ``OS::Octavia::Listener``,
the property is allowed to be updated as well. The property 'allowed_cidrs'
was introduced in Octavia since Train release. The default value is empty
list if it is not specified in Heat template.
Task: 38952
Story: 2007378
Change-Id: I9d38716b236b0782f0d09097b7a0f615fe5be041
4 files changed, 27 insertions, 2 deletions
diff --git a/heat/engine/resources/openstack/octavia/listener.py b/heat/engine/resources/openstack/octavia/listener.py index c001caa73..ae3d00bdd 100644 --- a/heat/engine/resources/openstack/octavia/listener.py +++ b/heat/engine/resources/openstack/octavia/listener.py @@ -17,6 +17,7 @@ from heat.engine import attributes from heat.engine import constraints from heat.engine import properties from heat.engine.resources.openstack.octavia import octavia_base +from heat.engine import support from heat.engine import translation @@ -30,11 +31,11 @@ class Listener(octavia_base.OctaviaBase): PROPERTIES = ( PROTOCOL_PORT, PROTOCOL, LOADBALANCER, DEFAULT_POOL, NAME, ADMIN_STATE_UP, DESCRIPTION, DEFAULT_TLS_CONTAINER_REF, - SNI_CONTAINER_REFS, CONNECTION_LIMIT, TENANT_ID + SNI_CONTAINER_REFS, CONNECTION_LIMIT, TENANT_ID, ALLOWED_CIDRS ) = ( 'protocol_port', 'protocol', 'loadbalancer', 'default_pool', 'name', 'admin_state_up', 'description', 'default_tls_container_ref', - 'sni_container_refs', 'connection_limit', 'tenant_id' + 'sni_container_refs', 'connection_limit', 'tenant_id', 'allowed_cidrs' ) SUPPORTED_PROTOCOLS = (TCP, HTTP, HTTPS, TERMINATED_HTTPS, PROXY, UDP) = ( @@ -121,6 +122,20 @@ class Listener(octavia_base.OctaviaBase): properties.Schema.STRING, _('The ID of the tenant who owns the listener.') ), + ALLOWED_CIDRS: properties.Schema( + properties.Schema.LIST, + _('A list of IPv4, IPv6 or mix of both CIDRs. The default is all ' + 'allowed. When a list of CIDRs is provided, the default ' + 'switches to deny all.'), + update_allowed=True, + schema=properties.Schema( + properties.Schema.STRING, + constraints=[ + constraints.CustomConstraint('net_cidr') + ] + ), + support_status=support.SupportStatus(version='14.0.0'), + ) } attributes_schema = { diff --git a/heat/tests/openstack/octavia/inline_templates.py b/heat/tests/openstack/octavia/inline_templates.py index a2b99748f..c6453bd1d 100644 --- a/heat/tests/openstack/octavia/inline_templates.py +++ b/heat/tests/openstack/octavia/inline_templates.py @@ -48,6 +48,9 @@ resources: - ref2 connection_limit: -1 tenant_id: 1234 + allowed_cidrs: + - 10.10.0.0/16 + - 192.168.0.0/16 ''' POOL_TEMPLATE = ''' diff --git a/heat/tests/openstack/octavia/test_listener.py b/heat/tests/openstack/octavia/test_listener.py index e4ddc85c7..a126ec98a 100644 --- a/heat/tests/openstack/octavia/test_listener.py +++ b/heat/tests/openstack/octavia/test_listener.py @@ -75,6 +75,7 @@ class ListenerTest(common.HeatTestCase): 'sni_container_refs': ['ref1', 'ref2'], 'connection_limit': -1, 'tenant_id': '1234', + 'allowed_cidrs': ['10.10.0.0/16', '192.168.0.0/16'] } } diff --git a/releasenotes/notes/support-allowed-cidrs-for-octavia-listener-d563a759d34da8b0.yaml b/releasenotes/notes/support-allowed-cidrs-for-octavia-listener-d563a759d34da8b0.yaml new file mode 100644 index 000000000..f115bb351 --- /dev/null +++ b/releasenotes/notes/support-allowed-cidrs-for-octavia-listener-d563a759d34da8b0.yaml @@ -0,0 +1,6 @@ +--- +features: + - Support ``allowed_cidrs`` property for the resource + ``OS::Octavia::Listener``, the property is allowed to be updated as well. + The property 'allowed_cidrs' was introduced in Octavia since Train release. + The default value is empty list if it is not specified in Heat template. |