Coverage for nova/conf/console.py: 88%

8 statements  

« prev     ^ index     » next       coverage.py v7.6.12, created at 2025-04-17 15:08 +0000

1# Copyright 2016 OpenStack Foundation 

2# All Rights Reserved. 

3# 

4# Licensed under the Apache License, Version 2.0 (the "License"); you may 

5# not use this file except in compliance with the License. You may obtain 

6# a copy of the License at 

7# 

8# http://www.apache.org/licenses/LICENSE-2.0 

9# 

10# Unless required by applicable law or agreed to in writing, software 

11# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT 

12# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the 

13# License for the specific language governing permissions and limitations 

14# under the License. 

15 

16from oslo_config import cfg 

17 

18console_group = cfg.OptGroup('console', 

19 title='Console Options', 

20 help=""" 

21Options under this group allow to tune the configuration of the console proxy 

22service. 

23 

24Note: in configuration of every compute is a ``console_host`` option, 

25which allows to select the console proxy service to connect to. 

26""") 

27 

28console_opts = [ 

29 cfg.ListOpt('allowed_origins', 

30 default=[], 

31 deprecated_group='DEFAULT', 

32 deprecated_name='console_allowed_origins', 

33 help=""" 

34Adds list of allowed origins to the console websocket proxy to allow 

35connections from other origin hostnames. 

36Websocket proxy matches the host header with the origin header to 

37prevent cross-site requests. This list specifies if any there are 

38values other than host are allowed in the origin header. 

39 

40Possible values: 

41 

42* A list where each element is an allowed origin hostnames, else an empty list 

43"""), 

44 cfg.StrOpt('ssl_ciphers', 

45 help=""" 

46OpenSSL cipher preference string that specifies what ciphers to allow for TLS 

47connections from clients. For example:: 

48 

49 ssl_ciphers = "kEECDH+aECDSA+AES:kEECDH+AES+aRSA:kEDH+aRSA+AES" 

50 

51See the man page for the OpenSSL `ciphers` command for details of the cipher 

52preference string format and allowed values:: 

53 

54 https://docs.openssl.org/master/man1/openssl-ciphers/#cipher-list-format 

55 

56Related options: 

57 

58* [DEFAULT] cert 

59* [DEFAULT] key 

60"""), 

61 cfg.StrOpt('ssl_minimum_version', 

62 default='default', 

63 choices=[ 

64 # These values must align with SSL_OPTIONS in 

65 # websockify/websocketproxy.py 

66 ('default', 'Use the underlying system OpenSSL defaults'), 

67 ('tlsv1_1', 

68 'Require TLS v1.1 or greater for TLS connections'), 

69 ('tlsv1_2', 

70 'Require TLS v1.2 or greater for TLS connections'), 

71 ('tlsv1_3', 

72 'Require TLS v1.3 or greater for TLS connections'), 

73 ], 

74 help=""" 

75Minimum allowed SSL/TLS protocol version. 

76 

77Related options: 

78 

79* [DEFAULT] cert 

80* [DEFAULT] key 

81"""), 

82] 

83 

84 

85def register_opts(conf): 

86 conf.register_group(console_group) 

87 conf.register_opts(console_opts, group=console_group) 

88 

89 

90def list_opts(): 

91 return { 

92 console_group: console_opts, 

93 }