pk/atst
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Fix a few bugs in CRL handling.

Browse Source 
- Don't write a CRL to the cache if the response code is above 399. (We
  were getting HTML files as CRLs, d'oh).
- Fix a kwarg in the CRL logger (extras -> extra).
- Set Kubernetes clusters to log output as JSON.
This commit is contained in:
dandds 2019-08-06 12:59:02 -04:00
parent bd3662e8ce
commit 0468d5353a
4 changed files with 26 additions and 10 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
atst/domain/authnid/crl/__init__.py
View File

@ -33,7 +33,7 @@ class CRLInterface:
def _log(self, message, level=logging.INFO): def _log(self, message, level=logging.INFO):
if self.logger: if self.logger:
self.logger.log(level, message, extras={"tags": ["authorization", "crl"]}) self.logger.log(level, message, extra={"tags": ["authorization", "crl"]})
def crl_check(self, cert): def crl_check(self, cert):
raise NotImplementedError() raise NotImplementedError()

26
atst/domain/authnid/crl/util.py
View File

@ -4,6 +4,11 @@ import os
import pendulum import pendulum
import requests import requests
class CRLNotFoundError(Exception):
pass
MODIFIED_TIME_BUFFER = 15 * 60 MODIFIED_TIME_BUFFER = 15 * 60
@ -92,6 +97,9 @@ def write_crl(out_dir, target_dir, crl_location):
options["headers"] = {"If-Modified-Since": mod_time} options["headers"] = {"If-Modified-Since": mod_time}
with requests.get(crl_location, **options) as response: with requests.get(crl_location, **options) as response:
if response.status_code > 399:
raise CRLNotFoundError()
if response.status_code == 304: if response.status_code == 304:
return False return False
@ -108,6 +116,15 @@ def remove_bad_crl(out_dir, crl_location):
os.remove(crl) os.remove(crl)
def log_error(logger, crl_location):
if logger:
logger.error(
"Error downloading {}, removing file and continuing anyway".format(
crl_location
)
)
def refresh_crls(out_dir, target_dir, logger): def refresh_crls(out_dir, target_dir, logger):
for crl_location in CRL_LIST: for crl_location in CRL_LIST:
logger.info("updating CRL from {}".format(crl_location)) logger.info("updating CRL from {}".format(crl_location))
@ -117,13 +134,10 @@ def refresh_crls(out_dir, target_dir, logger):
else: else:
logger.info("no updates for CRL from {}".format(crl_location)) logger.info("no updates for CRL from {}".format(crl_location))
except requests.exceptions.ChunkedEncodingError: except requests.exceptions.ChunkedEncodingError:
if logger: log_error(logger, crl_location)
logger.error(
"Error downloading {}, removing file and continuing anyway".format(
crl_location
)
)
remove_bad_crl(out_dir, crl_location) remove_bad_crl(out_dir, crl_location)
except CRLNotFoundError:
log_error(logger, crl_location)
if __name__ == "__main__": if __name__ == "__main__":

1
k8s/aws/atst-envvars-configmap.yml
View File

@ -10,3 +10,4 @@ data:
OVERRIDE_CONFIG_FULLPATH: /opt/atat/atst/atst-overrides.ini OVERRIDE_CONFIG_FULLPATH: /opt/atat/atst/atst-overrides.ini
UWSGI_CONFIG_FULLPATH: /opt/atat/atst/uwsgi.ini UWSGI_CONFIG_FULLPATH: /opt/atat/atst/uwsgi.ini
CRL_STORAGE_PROVIDER: CLOUDFILES CRL_STORAGE_PROVIDER: CLOUDFILES
LOG_JSON: "true"

1
k8s/azure/atst-envvars-configmap.yml
View File

@ -10,3 +10,4 @@ data:
OVERRIDE_CONFIG_FULLPATH: /opt/atat/atst/atst-overrides.ini OVERRIDE_CONFIG_FULLPATH: /opt/atat/atst/atst-overrides.ini
UWSGI_CONFIG_FULLPATH: /opt/atat/atst/uwsgi.ini UWSGI_CONFIG_FULLPATH: /opt/atat/atst/uwsgi.ini
CRL_STORAGE_PROVIDER: CLOUDFILES CRL_STORAGE_PROVIDER: CLOUDFILES
LOG_JSON: "true"