def _build_api_service(self):
"""
Once called, the resource is initialized. Any calls to self._add_resource() should be done before calling this fn.
:return:
"""
wsgi_app = self.anchore_service.get_api_application()
wsgi_site = wsgi.WSGIResource(reactor, reactor.getThreadPool(), application=wsgi_app)
self._add_resource(self.anchore_service.__service_api_version__.encode('utf-8'), wsgi_site)
self.root_resource = web.resource.Resource()
# Add nodes
for name, resource in self.resource_nodes.items():
self.root_resource.putChild(name, resource)
# this will rewrite any calls that do not have an explicit version to the base path before being processed by flask
self._api_version_bytes = self.anchore_service.__service_api_version__.encode('utf-8') # This is optimization
# Handle the auth vs non-auth child resources to not consume a path element
root = rewrite.RewriterResource(self.root_resource, self._default_version_rewrite)
# Build the main site server
site = server.Site(root)
listen = self.anchore_service.configuration['listen']
if str(self.anchore_service.configuration.get('ssl_enable', '')).lower() == 'true':
try:
ssl_data = {
'ssl_cert': _load_ssl_cert(self.anchore_service.configuration['ssl_cert']) if 'ssl_cert' in self.anchore_service.configuration else None,
'ssl_chain': _load_ssl_cert(self.anchore_service.configuration['ssl_chain']) if 'ssl_chain' in self.anchore_service.configuration else None,
'ssl_key': _load_ssl_key(self.anchore_service.configuration['ssl_key']) if 'ssl_key' in self.anchore_service.configuration else None
}
if ssl_data['ssl_chain']:
sfact = ssl.CertificateOptions(privateKey=ssl_data['ssl_key'], certificate=ssl_data['ssl_cert'],
extraCertChain=[ssl_data['ssl_chain']])
else:
sfact = ssl.CertificateOptions(privateKey=ssl_data['ssl_key'], certificate=ssl_data['ssl_cert'])
endpoint = SSL4ServerEndpoint(reactor=reactor, port=int(self.anchore_service.configuration['port']), sslContextFactory=sfact, interface=listen)
except Exception as err:
raise err
else:
endpoint = TCP4ServerEndpoint(reactor=reactor, port=int(self.anchore_service.configuration['port']), interface=listen)
ret_svc = StreamServerEndpointService(endpoint=endpoint, factory=site)
ret_svc.setName(self.anchore_service.name)
return ret_svc
def _build_api_service(self):
"""
Once called, the resource is initialized. Any calls to self._add_resource() should be done before calling this fn.
:return:
"""
thread_count = int(
self.service_config.get('max_request_threads',
localconfig.DEFAULT_SERVICE_THREAD_COUNT))
wsgi_app = self.anchore_service.get_api_application()
wsgi_site = wsgi.WSGIResource(reactor,
reactor.getThreadPool(),
application=wsgi_app)
reactor.getThreadPool().adjustPoolsize(maxthreads=thread_count)
logger.debug('Thread pool size stats. Min={}, Max={}'.format(
reactor.getThreadPool().min,
reactor.getThreadPool().max))
self._add_resource(
self.anchore_service.__service_api_version__.encode('utf-8'),
wsgi_site)
if enable_thread_dumper:
logger.warn(
"Adding thread dump route for debugging since debug flag is set. This is dangerous and should not be done in normal production"
)
self._add_resource(b'threads', ThreadDumperResource())
self.root_resource = web.resource.Resource()
# Add nodes
for name, resource in self.resource_nodes.items():
self.root_resource.putChild(name, resource)
# this will rewrite any calls that do not have an explicit version to the base path before being processed by flask
self._api_version_bytes = self.anchore_service.__service_api_version__.encode(
'utf-8') # This is optimization
# Handle the auth vs non-auth child resources to not consume a path element
root = rewrite.RewriterResource(self.root_resource,
self._default_version_rewrite)
# Build the main site server
site = server.Site(root)
listen = self.anchore_service.configuration['listen']
# Disable the twisted access logging by overriding the log function as it uses a raw 'write' and cannot otherwise be disabled, iff enable_access_logging is set to False in either the service or global config
try:
eal = True
if "enable_access_logging" in self.anchore_service.configuration:
eal = self.anchore_service.configuration.get(
"enable_access_logging", True)
elif "enable_access_logging" in self.configuration:
eal = self.configuration.get("enable_access_logging", True)
if not eal:
def _null_logger(request):
pass
site.log = _null_logger
except:
pass
if str(self.anchore_service.configuration.get('ssl_enable',
'')).lower() == 'true':
try:
ssl_data = {
'ssl_cert':
_load_ssl_cert(
self.anchore_service.configuration['ssl_cert']) if
'ssl_cert' in self.anchore_service.configuration else None,
'ssl_chain':
_load_ssl_cert(
self.anchore_service.configuration['ssl_chain'])
if 'ssl_chain' in self.anchore_service.configuration else
None,
'ssl_key':
_load_ssl_key(
self.anchore_service.configuration['ssl_key']) if
'ssl_key' in self.anchore_service.configuration else None
}
if ssl_data['ssl_chain']:
sfact = ssl.CertificateOptions(
privateKey=ssl_data['ssl_key'],
certificate=ssl_data['ssl_cert'],
extraCertChain=[ssl_data['ssl_chain']])
else:
sfact = ssl.CertificateOptions(
privateKey=ssl_data['ssl_key'],
certificate=ssl_data['ssl_cert'])
endpoint = SSL4ServerEndpoint(
reactor=reactor,
port=int(self.anchore_service.configuration['port']),
sslContextFactory=sfact,
interface=listen)
except Exception as err:
raise err
else:
endpoint = TCP4ServerEndpoint(
reactor=reactor,
port=int(self.anchore_service.configuration['port']),
interface=listen)
ret_svc = StreamServerEndpointService(endpoint=endpoint, factory=site)
ret_svc.setName(self.anchore_service.name)
return ret_svc