Separate config for Celery BROKER_URL.

I found out the hard way that, despite the Celery docs saying it will respect settings of "none", "required", etc for the ssl_cert_reqs option on ths broker connection uri, one it's underlying dependencies does not. That dependency, Kombu, requires that the option be set as the string version of one of the constants available on the standard library's ssl module ("CERT_NONE", etc.). This fixes our code to supply slightly variant connection URIs for Celery and for the session library. This change can be reverted when Kombu is updated with the correct behavior.
2020-02-11 06:37:32 -05:00 · 2020-02-11 06:37:32 -05:00 · 788f73b7a9
commit 788f73b7a9
parent a258bce84b
1 changed files with 15 additions and 1 deletions
--- a/atst/app.py
+++ b/atst/app.py
@ -157,7 +157,6 @@ def map_config(config):
        **config["default"],
        "USE_AUDIT_LOG": config["default"].getboolean("USE_AUDIT_LOG"),
        "ENV": config["default"]["ENVIRONMENT"],
-        "BROKER_URL": config["default"]["REDIS_URI"],
        "DEBUG": config["default"].getboolean("DEBUG"),
        "DEBUG_MAILER": config["default"].getboolean("DEBUG_MAILER"),
        "SQLALCHEMY_ECHO": config["default"].getboolean("SQLALCHEMY_ECHO"),
@ -240,12 +239,27 @@ def make_config(direct_config=None):
        (config.get("default", "REDIS_PASSWORD") or ""),
        config.get("default", "REDIS_HOST"),
    )
+    celery_uri = redis_uri
    if redis_use_tls:
        tls_mode = config.get("default", "REDIS_SSLMODE")
        tls_mode_str = tls_mode.lower() if tls_mode else "none"
        redis_uri = f"{redis_uri}/?ssl_cert_reqs={tls_mode_str}"

+        # TODO: Kombu, one of Celery's dependencies, still requires
+        # that ssl_cert_reqs be passed as the string version of an
+        # option on the ssl module. We can clean this up and use
+        # the REDIS_URI for both when this PR to Kombu is released:
+        # https://github.com/celery/kombu/pull/1139
+        kombu_modes = {
+            "none": "CERT_NONE",
+            "required": "CERT_REQUIRED",
+            "optional": "CERT_OPTIONAL",
+        }
+        celery_tls_mode_str = kombu_modes[tls_mode_str]
+        celery_uri = f"{celery_uri}/?ssl_cert_reqs={celery_tls_mode_str}"
+
    config.set("default", "REDIS_URI", redis_uri)
+    config.set("default", "BROKER_URL", celery_uri)

    return map_config(config)