Merge pull request #559 from dod-ccpo/disable-crls-in-scripts

Disable crls in scripts

atst/app.py

@@ -48,10 +48,7 @@ def make_app(config):
     app.config.update({"SESSION_REDIS": app.redis})
 
     make_flask_callbacks(app)
-    # TODO: deprecate the REQUIRE_CRLs setting in favor of the
+    make_crl_validator(app)
-    # DISABLE_CRL_CHECK; both have the effect of never loading CRLs
-    if app.config.get("REQUIRE_CRLS"):
-        make_crl_validator(app)
     register_filters(app)
     make_eda_client(app)
     make_csp_provider(app)
@@ -132,14 +129,13 @@ def map_config(config):
         "PERMANENT_SESSION_LIFETIME": config.getint(
             "default", "PERMANENT_SESSION_LIFETIME"
         ),
-        "REQUIRE_CRLS": config.getboolean("default", "REQUIRE_CRLS"),
         "RQ_REDIS_URL": config["default"]["REDIS_URI"],
         "RQ_QUEUES": [config["default"]["RQ_QUEUES"]],
         "DISABLE_CRL_CHECK": config.getboolean("default", "DISABLE_CRL_CHECK"),
     }
 
 
-def make_config():
+def make_config(direct_config=None):
     BASE_CONFIG_FILENAME = os.path.join(os.path.dirname(__file__), "../config/base.ini")
     ENV_CONFIG_FILENAME = os.path.join(
         os.path.dirname(__file__), "../config/", "{}.ini".format(ENV.lower())
@@ -162,6 +158,10 @@ def make_config():
         if env_override:
             config.set("default", confsetting, env_override)
 
+    # override if a dictionary of options has been given
+    if direct_config:
+        config.read_dict({"default": direct_config})
+
     # Assemble DATABASE_URI value
     database_uri = (
         "postgres://"

config/base.ini

@@ -17,7 +17,6 @@ PGPORT = 5432
 PGUSER = postgres
 PORT=8000
 REDIS_URI = redis://localhost:6379
-REQUIRE_CRLS = true
 RQ_QUEUES = atat_%(ENVIRONMENT)s
 SECRET = change_me_into_something_secret
 SECRET_KEY = change_me_into_something_secret

deploy/kubernetes/atst-worker-envvars-configmap.yml

@@ -5,4 +5,4 @@ metadata:
   name: atst-worker-envvars
   namespace: atat
 data:
-  REQUIRE_CRLS: "False"
+  DISABLE_CRL_CHECK: "True"

deploy/kubernetes/test/atst-worker-envvars-configmap.yml

@@ -5,4 +5,4 @@ metadata:
   name: atst-worker-envvars
   namespace: atat-test
 data:
-  REQUIRE_CRLS: "False"
+  DISABLE_CRL_CHECK: "True"

deploy/kubernetes/uat/atst-worker-envvars-configmap.yml

@@ -5,4 +5,4 @@ metadata:
   name: atst-worker-envvars
   namespace: atat-uat
 data:
-  REQUIRE_CRLS: "False"
+  DISABLE_CRL_CHECK: "True"

script/example_fetch_from_eda.py

@@ -9,7 +9,7 @@ from atst.app import make_config, make_app
 from atst.eda_client import EDAClient
 
 
-config = make_config()
+config = make_config({"DISABLE_CRL_CHECK": True})
 
 client = EDAClient(
     base_url=config.get("EDA_HOST"),

script/ingest_pe_numbers.py

@@ -19,7 +19,7 @@ def get_pe_numbers(url):
 
 
 if __name__ == "__main__":
-    config = make_config()
+    config = make_config({"DISABLE_CRL_CHECK": True})
     url = config["PE_NUMBER_CSV_URL"]
     print("Fetching PE numbers from {}".format(url))
     pe_numbers = get_pe_numbers(url)

script/remove_sample_data.py

@@ -153,7 +153,7 @@ def remove_sample_data(all_users=False):
 
 
 if __name__ == "__main__":
-    config = make_config()
+    config = make_config({"DISABLE_CRL_CHECK": True})
     app = make_app(config)
     with app.app_context():
         remove_sample_data()

script/seed_roles.py

@@ -31,7 +31,7 @@ def seed_roles():
 
 
 if __name__ == "__main__":
-    config = make_config()
+    config = make_config({"DISABLE_CRL_CHECK": True})
     app = make_app(config)
     with app.app_context():
         seed_roles()

script/seed_sample.py

@@ -163,7 +163,7 @@ def seed_db():
 
 
 if __name__ == "__main__":
-    config = make_config()
+    config = make_config({"DISABLE_CRL_CHECK": True})
     app = make_app(config)
     with app.app_context():
         seed_db()