def parse_data(self, data):
"""
:type data: set[]
"""
for protocol in self.binds.iterkeys():
self.binds[protocol].clear()
allow_crossdomain = False
self.nodes = {}
for node in data:
if not node[u'Service'][u'Port']:
logger.warn(
'[service][%s]: Node %s is ignored due no Service Port' %
(self.id, node[u'Node'][u'Node']))
continue
if node[u'Service'][u'Tags'] is None:
logger.warn(
'[service][%s]: Node %s is ignored due no Service Tags' %
(self.id, node[u'Node'][u'Node']))
continue
self.nodes[node['Node']['Node']] = {
'port':
node[u'Service'][u'Port'],
'address':
node[u'Service'][u'Address'] or node[u'Node'][u'Address'],
'tags':
node[u'Service'][u'Tags'],
}
if u'allow_crossdomain' in node[u'Service'][u'Tags']:
allow_crossdomain = True
for protocol in [u'http', u'http2']:
if protocol in node[u'Service'][u'Tags']:
self.binds[protocol].update(
tag.replace(protocol + ':', '')
for tag in node[u'Service'][u'Tags']
if tag.startswith(protocol + ':'))
for protocol in ['tcp', 'udp']:
self.binds[protocol].update({node[u'Service'][u'Port']})
self.allow_crossdomain = allow_crossdomain
self.flush_nginx_config()
def load_keys_from_consul(self, data=None):
if data:
for item in data:
key = item['Key'].replace('vergilius/certificates/%s/' % self.service.id, '')
if hasattr(self, key):
setattr(self, key, item['Value'])
if not self.validate():
logger.warn('[certificate][%s]: cant validate existing keys' % self.service.id)
return False
else:
logger.debug('[certificate][%s]: using existing keys' % self.service.id)
else:
logger.warn('[certificate][%s]: cant find certificate in consul' % self.service.id)
return False
self.write_certificate_files()
return True
def load_keys_from_consul(self, data=None):
if data:
for item in data:
key = item['Key'].replace('vergilius/certificates/%s/' % self.service.id, '')
if hasattr(self, key):
setattr(self, key, item['Value'])
if not self.validate():
logger.warn('[certificate][%s]: cant validate existing keys' % self.service.id)
self.discard_certificate()
if not self.request_certificate():
return False
else:
logger.debug('[certificate][%s]: using existing keys' % self.service.id)
else:
if not self.request_certificate():
return False
self.write_certificate_files()
return True
def parse_data(self, data):
"""
:type data: set[]
"""
for protocol in self.domains.iterkeys():
self.domains[protocol].clear()
allow_crossdomain = False
self.nodes = {}
for node in data:
if not node[u'Service'][u'Port']:
logger.warn('[service][%s]: Node %s is ignored due no ServicePort' % (self.id, node[u'Node']))
continue
if node[u'Service'][u'Tags'] is None:
logger.warn('[service][%s]: Node %s is ignored due no ServiceTags' % (self.id, node[u'Node']))
continue
self.nodes[node['Node']['Node']] = {
'port': node[u'Service'][u'Port'],
'address': node[u'Service'][u'Address'] or node[u'Node'][u'Address'],
'tags': node[u'Service'][u'Tags'],
}
if u'allow_crossdomain' in node[u'Service'][u'Tags']:
allow_crossdomain = True
for protocol in [u'http', u'http2']:
if protocol in node[u'Service'][u'Tags']:
self.domains[protocol].update(
tag.replace(protocol + ':', '') for tag in node[u'Service'][u'Tags'] if
tag.startswith(protocol + ':')
)
self.allow_crossdomain = allow_crossdomain
self.flush_nginx_config()
def validate(self):
if int(self.expires) < int(time.time()):
logger.warn('[certificate][%s]: validation error: expired' % self.service.id)
return False
if self.key_domains != self.serialize_domains():
logger.warn('[certificate][%s]: validation error: domains mismatch: %s != %s' %
(self.service.id, self.key_domains, self.serialize_domains()))
return False
if not len(self.private_key) or not len(self.public_key):
logger.warn('[certificate][%s]: validation error: empty key' % self.service.id)
return False
return True
