summaryrefslogtreecommitdiffstats
path: root/policyhandler/config.py
diff options
context:
space:
mode:
Diffstat (limited to 'policyhandler/config.py')
-rw-r--r--policyhandler/config.py59
1 files changed, 33 insertions, 26 deletions
diff --git a/policyhandler/config.py b/policyhandler/config.py
index d94ed79..5184f7f 100644
--- a/policyhandler/config.py
+++ b/policyhandler/config.py
@@ -148,24 +148,43 @@ class Config(object):
TLS_CA_MODE = "tls_ca_mode"
TLS_WSS_CA_MODE = "tls_wss_ca_mode"
TLS_CA_MODE_DO_NOT_VERIFY = "do_not_verify"
+ TIMEOUT_IN_SECS = "timeout_in_secs"
+ CONSUL_TIMEOUT_IN_SECS = "consul_timeout_in_secs"
+ WS_PING_INTERVAL_IN_SECS = "ws_ping_interval_in_secs"
+ DEFAULT_TIMEOUT_IN_SECS = 60
system_name = SERVICE_NAME_POLICY_HANDLER
wservice_port = 25577
consul_url = "http://consul:8500"
+ consul_timeout_in_secs = DEFAULT_TIMEOUT_IN_SECS
tls_cacert_file = None
tls_server_cert_file = None
tls_private_key_file = None
+ tls_server_ca_chain_file = None
_local_config = Settings()
discovered_config = Settings()
@staticmethod
+ def _get_tls_file_path(tls_config, cert_directory, tls_name):
+ """calc file path and verify its existance"""
+ file_name = tls_config.get(tls_name)
+ if not file_name:
+ return None
+ tls_file_path = os.path.join(cert_directory, file_name)
+ if not os.path.isfile(tls_file_path) or not os.access(tls_file_path, os.R_OK):
+ Config._logger.error("invalid %s: %s", tls_name, tls_file_path)
+ return None
+ return tls_file_path
+
+ @staticmethod
def _set_tls_config(tls_config):
"""verify and set tls certs in config"""
try:
Config.tls_cacert_file = None
Config.tls_server_cert_file = None
Config.tls_private_key_file = None
+ Config.tls_server_ca_chain_file = None
if not (tls_config and isinstance(tls_config, dict)):
Config._logger.info("no tls in config: %s", json.dumps(tls_config))
@@ -174,43 +193,28 @@ class Config(object):
cert_directory = tls_config.get("cert_directory")
if not (cert_directory and isinstance(cert_directory, str)):
- Config._logger.info("unexpected tls.cert_directory: %r", cert_directory)
+ Config._logger.warning("unexpected tls.cert_directory: %r", cert_directory)
return
cert_directory = os.path.join(
os.path.dirname(os.path.dirname(os.path.realpath(__file__))), cert_directory)
if not (cert_directory and os.path.isdir(cert_directory)):
- Config._logger.info("ignoring invalid cert_directory: %s", cert_directory)
+ Config._logger.warning("ignoring invalid cert_directory: %s", cert_directory)
return
- cacert = tls_config.get("cacert")
- if cacert:
- tls_cacert_file = os.path.join(cert_directory, cacert)
- if not os.path.isfile(tls_cacert_file):
- Config._logger.error("invalid tls_cacert_file: %s", tls_cacert_file)
- else:
- Config.tls_cacert_file = tls_cacert_file
-
- server_cert = tls_config.get("server_cert")
- if server_cert:
- tls_server_cert_file = os.path.join(cert_directory, server_cert)
- if not os.path.isfile(tls_server_cert_file):
- Config._logger.error("invalid tls_server_cert_file: %s", tls_server_cert_file)
- else:
- Config.tls_server_cert_file = tls_server_cert_file
-
- private_key = tls_config.get("private_key")
- if private_key:
- tls_private_key_file = os.path.join(cert_directory, private_key)
- if not os.path.isfile(tls_private_key_file):
- Config._logger.error("invalid tls_private_key_file: %s", tls_private_key_file)
- else:
- Config.tls_private_key_file = tls_private_key_file
+ Config.tls_cacert_file = Config._get_tls_file_path(tls_config, cert_directory, "cacert")
+ Config.tls_server_cert_file = Config._get_tls_file_path(tls_config, cert_directory,
+ "server_cert")
+ Config.tls_private_key_file = Config._get_tls_file_path(tls_config, cert_directory,
+ "private_key")
+ Config.tls_server_ca_chain_file = Config._get_tls_file_path(tls_config, cert_directory,
+ "server_ca_chain")
finally:
Config._logger.info("tls_cacert_file = %s", Config.tls_cacert_file)
Config._logger.info("tls_server_cert_file = %s", Config.tls_server_cert_file)
Config._logger.info("tls_private_key_file = %s", Config.tls_private_key_file)
+ Config._logger.info("tls_server_ca_chain_file = %s", Config.tls_server_ca_chain_file)
@staticmethod
def init_config(file_path=None):
@@ -239,6 +243,9 @@ class Config(object):
Config.wservice_port = loaded_config.get(Config.FIELD_WSERVICE_PORT, Config.wservice_port)
Config.consul_url = os.environ.get(
"CONSUL_URL", loaded_config.get(Config.FIELD_CONSUL_URL, Config.consul_url)).rstrip("/")
+ Config.consul_timeout_in_secs = loaded_config.get(Config.CONSUL_TIMEOUT_IN_SECS)
+ if not Config.consul_timeout_in_secs or Config.consul_timeout_in_secs < 1:
+ Config.consul_timeout_in_secs = Config.DEFAULT_TIMEOUT_IN_SECS
local_config = loaded_config.get(Config.SERVICE_NAME_POLICY_HANDLER, {})
Config.system_name = local_config.get(Config.FIELD_SYSTEM, Config.system_name)
@@ -250,7 +257,7 @@ class Config(object):
@staticmethod
def discover(audit):
- """bring and merge the config settings from the discovery service"""
+ """bring the config settings from the discovery service"""
discovery_key = Config.system_name
from .discovery import DiscoveryClient
new_config = DiscoveryClient.get_value(audit, discovery_key)