Support SSL for the API
This commit is contained in:
parent
804f72d905
commit
8aedd78879
|
@ -53,14 +53,21 @@ try:
|
||||||
'coordinators': o_config['pvc']['coordinators'],
|
'coordinators': o_config['pvc']['coordinators'],
|
||||||
'listen_address': o_config['pvc']['api']['listen_address'],
|
'listen_address': o_config['pvc']['api']['listen_address'],
|
||||||
'listen_port': int(o_config['pvc']['api']['listen_port']),
|
'listen_port': int(o_config['pvc']['api']['listen_port']),
|
||||||
'authentication_key': o_config['pvc']['api']['authentication']['key']
|
'authentication_key': o_config['pvc']['api']['authentication']['key'],
|
||||||
|
'secret_key': o_config['pvc']['api']['secret_key'],
|
||||||
|
'ssl_enabled': o_config['pvc']['api']['ssl']['enabled'],
|
||||||
|
'ssl_key_file': o_config['pvc']['api']['ssl']['key_file'],
|
||||||
|
'ssl_cert_file': o_config['pvc']['api']['ssl']['cert_file']
|
||||||
}
|
}
|
||||||
|
|
||||||
# Set the config object in the pvcapi namespace
|
# Set the config object in the pvcapi namespace
|
||||||
pvcapi.config = config
|
pvcapi.config = config
|
||||||
except Exception as e:
|
except Exception as e:
|
||||||
print('ERROR: {}.'.format(e))
|
print('ERROR: {}.'.format(e))
|
||||||
exit(1)
|
exit(1)
|
||||||
|
|
||||||
|
api.config["SECRET_KEY"] = config['secret_key']
|
||||||
|
|
||||||
def authenticator(function):
|
def authenticator(function):
|
||||||
def authenticate(*args, **kwargs):
|
def authenticate(*args, **kwargs):
|
||||||
request_values = flask.request.values
|
request_values = flask.request.values
|
||||||
|
@ -914,6 +921,11 @@ def api_ceph_volume_snapshot_remove(pool, volume, snapshot):
|
||||||
#
|
#
|
||||||
# Entrypoint
|
# Entrypoint
|
||||||
#
|
#
|
||||||
http_server = gevent.pywsgi.WSGIServer((config['listen_address'], config['listen_port']), api)
|
if config['api_ssl_enabled']:
|
||||||
|
# Run the WSGI server with SSL
|
||||||
|
http_server = gevent.pywsgi.WSGIServer((config['listen_address'], config['listen_port']), api,
|
||||||
|
keyfile=config['ssl_key_file'], certfile=config['ssl_cert_file'])
|
||||||
|
else:
|
||||||
|
# Run the ?WSGI server without SSL
|
||||||
|
http_server = gevent.pywsgi.WSGIServer((config['listen_address'], config['listen_port']), api)
|
||||||
http_server.serve_forever()
|
http_server.serve_forever()
|
||||||
|
|
||||||
|
|
|
@ -24,3 +24,13 @@ pvc:
|
||||||
# key: A secure key to authorize against the API; must be sent in the body
|
# key: A secure key to authorize against the API; must be sent in the body
|
||||||
# arguments or in the URI of each request; leave blank for no authentication
|
# arguments or in the URI of each request; leave blank for no authentication
|
||||||
key: ""
|
key: ""
|
||||||
|
# secret_key: Random, per-cluster secret key for the Flask API cookies; generate with uuidgen or pwgen
|
||||||
|
secret_key: ""
|
||||||
|
# ssl: SSL configuration
|
||||||
|
ssl:
|
||||||
|
# Enabled or disable SSL operation
|
||||||
|
enabled: False
|
||||||
|
# cert_file: SSL certificate file
|
||||||
|
cert_file: ""
|
||||||
|
# key_file: SSL certificate key file
|
||||||
|
key_file: ""
|
||||||
|
|
Loading…
Reference in New Issue