def parse_data(self, data): """ :type data: set[] """ for protocol in self.binds.iterkeys(): self.binds[protocol].clear() allow_crossdomain = False self.nodes = {} for node in data: if not node[u'Service'][u'Port']: logger.warn( '[service][%s]: Node %s is ignored due no Service Port' % (self.id, node[u'Node'][u'Node'])) continue if node[u'Service'][u'Tags'] is None: logger.warn( '[service][%s]: Node %s is ignored due no Service Tags' % (self.id, node[u'Node'][u'Node'])) continue self.nodes[node['Node']['Node']] = { 'port': node[u'Service'][u'Port'], 'address': node[u'Service'][u'Address'] or node[u'Node'][u'Address'], 'tags': node[u'Service'][u'Tags'], } if u'allow_crossdomain' in node[u'Service'][u'Tags']: allow_crossdomain = True for protocol in [u'http', u'http2']: if protocol in node[u'Service'][u'Tags']: self.binds[protocol].update( tag.replace(protocol + ':', '') for tag in node[u'Service'][u'Tags'] if tag.startswith(protocol + ':')) for protocol in ['tcp', 'udp']: self.binds[protocol].update({node[u'Service'][u'Port']}) self.allow_crossdomain = allow_crossdomain self.flush_nginx_config()
def load_keys_from_consul(self, data=None): if data: for item in data: key = item['Key'].replace('vergilius/certificates/%s/' % self.service.id, '') if hasattr(self, key): setattr(self, key, item['Value']) if not self.validate(): logger.warn('[certificate][%s]: cant validate existing keys' % self.service.id) return False else: logger.debug('[certificate][%s]: using existing keys' % self.service.id) else: logger.warn('[certificate][%s]: cant find certificate in consul' % self.service.id) return False self.write_certificate_files() return True
def load_keys_from_consul(self, data=None): if data: for item in data: key = item['Key'].replace('vergilius/certificates/%s/' % self.service.id, '') if hasattr(self, key): setattr(self, key, item['Value']) if not self.validate(): logger.warn('[certificate][%s]: cant validate existing keys' % self.service.id) self.discard_certificate() if not self.request_certificate(): return False else: logger.debug('[certificate][%s]: using existing keys' % self.service.id) else: if not self.request_certificate(): return False self.write_certificate_files() return True
def parse_data(self, data): """ :type data: set[] """ for protocol in self.domains.iterkeys(): self.domains[protocol].clear() allow_crossdomain = False self.nodes = {} for node in data: if not node[u'Service'][u'Port']: logger.warn('[service][%s]: Node %s is ignored due no ServicePort' % (self.id, node[u'Node'])) continue if node[u'Service'][u'Tags'] is None: logger.warn('[service][%s]: Node %s is ignored due no ServiceTags' % (self.id, node[u'Node'])) continue self.nodes[node['Node']['Node']] = { 'port': node[u'Service'][u'Port'], 'address': node[u'Service'][u'Address'] or node[u'Node'][u'Address'], 'tags': node[u'Service'][u'Tags'], } if u'allow_crossdomain' in node[u'Service'][u'Tags']: allow_crossdomain = True for protocol in [u'http', u'http2']: if protocol in node[u'Service'][u'Tags']: self.domains[protocol].update( tag.replace(protocol + ':', '') for tag in node[u'Service'][u'Tags'] if tag.startswith(protocol + ':') ) self.allow_crossdomain = allow_crossdomain self.flush_nginx_config()
def validate(self): if int(self.expires) < int(time.time()): logger.warn('[certificate][%s]: validation error: expired' % self.service.id) return False if self.key_domains != self.serialize_domains(): logger.warn('[certificate][%s]: validation error: domains mismatch: %s != %s' % (self.service.id, self.key_domains, self.serialize_domains())) return False if not len(self.private_key) or not len(self.public_key): logger.warn('[certificate][%s]: validation error: empty key' % self.service.id) return False return True