diff options
| author |   Schmalzried, Terry (ts862m) <ts862m@att.com> | 2019-11-13 16:47:45 -0500 |
|---|---|---|
| committer | Schmalzried, Terry (ts862m) <ts862m@att.com> | 2019-11-14 15:40:57 -0500 |
| commit | 05f475fb6ec2c4a1acd2698d29a4c12b116a1d36 (patch) | |
| tree | 0d834d29a6d78fe678904be5655d76fe9913b2b8 /policyhandler | |
| parent | 8dc742e747e0f418665ab9422f5c6c2cda94869b (diff) | |
DCAEGEN2-1919 add HTTPS and change log rotation
Change-Id: I7859dde9460620e18edca887f5dfc611639b268c
Issue-ID: DCAEGEN2-1919
Signed-off-by: Schmalzried, Terry (ts862m) <ts862m@att.com>
Diffstat (limited to 'policyhandler')
| -rw-r--r-- | policyhandler/service_activator.py | 4 | ||||
| -rw-r--r-- | policyhandler/web_server.py | 37 |
2 files changed, 31 insertions, 10 deletions
diff --git a/policyhandler/service_activator.py b/policyhandler/service_activator.py index 9c8a1b2..c1e5b8c 100644 --- a/policyhandler/service_activator.py +++ b/policyhandler/service_activator.py @@ -35,6 +35,7 @@ from urllib.parse import urljoin import requests from .config import Config, Settings +from .discovery import DiscoveryClient from .onap.audit import (REQUEST_X_ECOMP_REQUESTID, Audit, AuditHttpCode, Metrics) from .policy_consts import TARGET_ENTITY @@ -93,6 +94,9 @@ class ServiceActivator(object): ServiceActivator._target_entity = config_sa.get( TARGET_ENTITY, ServiceActivator.DEFAULT_TARGET_ENTITY) ServiceActivator._url = config_sa.get("url", "") + if not ServiceActivator._url: + ServiceActivator._url = DiscoveryClient.get_service_url(audit, + ServiceActivator._target_entity) if ServiceActivator._url: ServiceActivator._url_register = urljoin(ServiceActivator._url, config_sa.get("path_register", "")) diff --git a/policyhandler/web_server.py b/policyhandler/web_server.py index dfd1b51..9c2656e 100644 --- a/policyhandler/web_server.py +++ b/policyhandler/web_server.py @@ -19,6 +19,8 @@ import json from datetime import datetime +import os +import time import cherrypy @@ -44,16 +46,18 @@ class PolicyWeb(object): protocol = "http" tls_info = "" - # if Config.tls_server_cert_file and Config.tls_private_key_file: - # cherrypy.server.ssl_module = 'builtin' - # cherrypy.server.ssl_certificate = Config.tls_server_cert_file - # cherrypy.server.ssl_private_key = Config.tls_private_key_file - # if Config.tls_server_ca_chain_file: - # cherrypy.server.ssl_certificate_chain = Config.tls_server_ca_chain_file - # protocol = "https" - # tls_info = "cert: {} {} {}".format(Config.tls_server_cert_file, - # Config.tls_private_key_file, - # Config.tls_server_ca_chain_file) + if Config.tls_server_cert_file and Config.tls_private_key_file: + tm_cert = os.path.getmtime(Config.tls_server_cert_file) + tm_key = os.path.getmtime(Config.tls_private_key_file) + cherrypy.server.ssl_module = 'builtin' + cherrypy.server.ssl_certificate = Config.tls_server_cert_file + cherrypy.server.ssl_private_key = Config.tls_private_key_file + if Config.tls_server_ca_chain_file: + cherrypy.server.ssl_certificate_chain = Config.tls_server_ca_chain_file + protocol = "https" + tls_info = "cert: {} {} {}".format(Config.tls_server_cert_file, + Config.tls_private_key_file, + Config.tls_server_ca_chain_file) cherrypy.tree.mount(_PolicyWeb(), '/') @@ -63,6 +67,19 @@ class PolicyWeb(object): json.dumps(cherrypy.config)) cherrypy.engine.start() + # If HTTPS server certificate changes, exit to let kubernetes restart us + if Config.tls_server_cert_file and Config.tls_private_key_file: + while True: + time.sleep(600) + c_tm_cert = os.path.getmtime(Config.tls_server_cert_file) + c_tm_key = os.path.getmtime(Config.tls_private_key_file) + if c_tm_cert > tm_cert or c_tm_key > tm_key: + PolicyWeb.logger.info("cert or key file updated") + cherrypy.engine.stop() + cherrypy.engine.exit() + break + + class _PolicyWeb(object): """REST API of policy-handler""" |