Separate config for Celery BROKER_URL.
I found out the hard way that, despite the Celery docs saying it will respect settings of "none", "required", etc for the ssl_cert_reqs option on ths broker connection uri, one it's underlying dependencies does not. That dependency, Kombu, requires that the option be set as the string version of one of the constants available on the standard library's ssl module ("CERT_NONE", etc.). This fixes our code to supply slightly variant connection URIs for Celery and for the session library. This change can be reverted when Kombu is updated with the correct behavior.
This commit is contained in:
parent
a258bce84b
commit
788f73b7a9
16
atst/app.py
16
atst/app.py
@ -157,7 +157,6 @@ def map_config(config):
|
||||
**config["default"],
|
||||
"USE_AUDIT_LOG": config["default"].getboolean("USE_AUDIT_LOG"),
|
||||
"ENV": config["default"]["ENVIRONMENT"],
|
||||
"BROKER_URL": config["default"]["REDIS_URI"],
|
||||
"DEBUG": config["default"].getboolean("DEBUG"),
|
||||
"DEBUG_MAILER": config["default"].getboolean("DEBUG_MAILER"),
|
||||
"SQLALCHEMY_ECHO": config["default"].getboolean("SQLALCHEMY_ECHO"),
|
||||
@ -240,12 +239,27 @@ def make_config(direct_config=None):
|
||||
(config.get("default", "REDIS_PASSWORD") or ""),
|
||||
config.get("default", "REDIS_HOST"),
|
||||
)
|
||||
celery_uri = redis_uri
|
||||
if redis_use_tls:
|
||||
tls_mode = config.get("default", "REDIS_SSLMODE")
|
||||
tls_mode_str = tls_mode.lower() if tls_mode else "none"
|
||||
redis_uri = f"{redis_uri}/?ssl_cert_reqs={tls_mode_str}"
|
||||
|
||||
# TODO: Kombu, one of Celery's dependencies, still requires
|
||||
# that ssl_cert_reqs be passed as the string version of an
|
||||
# option on the ssl module. We can clean this up and use
|
||||
# the REDIS_URI for both when this PR to Kombu is released:
|
||||
# https://github.com/celery/kombu/pull/1139
|
||||
kombu_modes = {
|
||||
"none": "CERT_NONE",
|
||||
"required": "CERT_REQUIRED",
|
||||
"optional": "CERT_OPTIONAL",
|
||||
}
|
||||
celery_tls_mode_str = kombu_modes[tls_mode_str]
|
||||
celery_uri = f"{celery_uri}/?ssl_cert_reqs={celery_tls_mode_str}"
|
||||
|
||||
config.set("default", "REDIS_URI", redis_uri)
|
||||
config.set("default", "BROKER_URL", celery_uri)
|
||||
|
||||
return map_config(config)
|
||||
|
||||
|
Loading…
x
Reference in New Issue
Block a user