DCAEGEN2-1919 add HTTPS and change log rotation

Change-Id: I7859dde9460620e18edca887f5dfc611639b268c
Issue-ID: DCAEGEN2-1919
Signed-off-by: Schmalzried, Terry (ts862m) <ts862m@att.com>

1 files changed, 27 insertions, 10 deletions

diff --git a/policyhandler/web_server.py b/policyhandler/web_server.py
index dfd1b51..9c2656e 100644
--- a/policyhandler/web_server.py
+++ b/policyhandler/web_server.py
@@ -19,6 +19,8 @@
 
 import json
 from datetime import datetime
+import os
+import time
 
 import cherrypy
 
@@ -44,16 +46,18 @@ class PolicyWeb(object):
 
         protocol = "http"
         tls_info = ""
-        # if Config.tls_server_cert_file and Config.tls_private_key_file:
-        #     cherrypy.server.ssl_module = 'builtin'
-        #     cherrypy.server.ssl_certificate = Config.tls_server_cert_file
-        #     cherrypy.server.ssl_private_key = Config.tls_private_key_file
-        #     if Config.tls_server_ca_chain_file:
-        #         cherrypy.server.ssl_certificate_chain = Config.tls_server_ca_chain_file
-        #     protocol = "https"
-        #     tls_info = "cert: {} {} {}".format(Config.tls_server_cert_file,
-        #                                        Config.tls_private_key_file,
-        #                                        Config.tls_server_ca_chain_file)
+        if Config.tls_server_cert_file and Config.tls_private_key_file:
+            tm_cert = os.path.getmtime(Config.tls_server_cert_file)
+            tm_key  = os.path.getmtime(Config.tls_private_key_file)
+            cherrypy.server.ssl_module = 'builtin'
+            cherrypy.server.ssl_certificate = Config.tls_server_cert_file
+            cherrypy.server.ssl_private_key = Config.tls_private_key_file
+            if Config.tls_server_ca_chain_file:
+                cherrypy.server.ssl_certificate_chain = Config.tls_server_ca_chain_file
+            protocol = "https"
+            tls_info = "cert: {} {} {}".format(Config.tls_server_cert_file,
+                                               Config.tls_private_key_file,
+                                               Config.tls_server_ca_chain_file)
 
         cherrypy.tree.mount(_PolicyWeb(), '/')
 
@@ -63,6 +67,19 @@ class PolicyWeb(object):
             json.dumps(cherrypy.config))
         cherrypy.engine.start()
 
+        # If HTTPS server certificate changes, exit to let kubernetes restart us
+        if Config.tls_server_cert_file and Config.tls_private_key_file:
+            while True:
+                time.sleep(600)
+                c_tm_cert = os.path.getmtime(Config.tls_server_cert_file)
+                c_tm_key  = os.path.getmtime(Config.tls_private_key_file)
+                if c_tm_cert > tm_cert or c_tm_key > tm_key:
+                    PolicyWeb.logger.info("cert or key file updated")
+                    cherrypy.engine.stop()
+                    cherrypy.engine.exit()
+                    break
+
+
 class _PolicyWeb(object):
     """REST API of policy-handler"""