Skip to content
This repository has been archived by the owner on May 6, 2020. It is now read-only.

fix(controller): Persist ssl.enforce header on service creation #1305

Merged
merged 2 commits into from
Jul 5, 2017
Merged

fix(controller): Persist ssl.enforce header on service creation #1305

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
2 commits
Select commit Hold shift + click to select a range
c81dbf9
fix(controller): Persist ssl.enforce header on service creation
mattk42 Jun 6, 2017
4952f69
Merge branch 'master' into persist-https-enforcement
mattk42 Jul 4, 2017
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
1 change: 1 addition & 0 deletions rootfs/api/management/commands/load_db_state_to_k8s.py
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -48,6 +48,7 @@ def save_apps(self):
try:
app.save()
app.config_set.latest().save()
app.tls_set.latest().sync()
except DeisException as error:
print('ERROR: Problem saving to model {} for {}'
'due to {}'.format(str(App.__name__), str(app), str(error)))
Expand Down
31 changes: 25 additions & 6 deletions rootfs/api/models/tls.py
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -18,6 +18,17 @@ class Meta:
def __str__(self):
return "{}-{}".format(self.app.id, str(self.uuid)[:7])

def _load_service_config(self, app, component):
config = super()._load_service_config(app, component)

# See if the ssl.enforce annotation is available
if 'ssl' not in config:
config['ssl'] = {}
if 'enforce' not in config['ssl']:
config['ssl']['enforce'] = 'false'

return config

def _check_previous_tls_settings(self):
try:
previous_tls_settings = self.app.tls_set.latest()
Expand All @@ -40,16 +51,24 @@ def save(self, *args, **kwargs):
# get config for the service
config = self._load_service_config(app, 'router')

# See if the ssl.enforce annotation is available
if 'ssl' not in config:
config['ssl'] = {}
if 'enforce' not in config['ssl']:
config['ssl']['enforce'] = 'false'

# convert from bool to string
config['ssl']['enforce'] = str(https_enforced)

self._save_service_config(app, 'router', config)

# Save to DB
return super(TLS, self).save(*args, **kwargs)

def sync(self):
try:
app = str(self.app)

config = self._load_service_config(app, 'router')
if (
config['ssl']['enforce'] != str(self.https_enforced) and
self.https_enforced is not None
):
config['ssl']['enforce'] = str(self.https_enforced)
self._save_service_config(app, 'router', config)
except TLS.DoesNotExist:
pass