diff --git a/pikatasks/settings.py b/pikatasks/settings.py index 46b322f895c3b7d1685d3ad702e75e11817d2b24..6717e8fbd2ece509743cfef8350a7c42dec2217a 100644 --- a/pikatasks/settings.py +++ b/pikatasks/settings.py @@ -23,16 +23,11 @@ CLIENT_EXCHANGE_NAME = "" # empty string -> amq.default exchange WORKER_TASK_PROCESSES = 10 # this many processes will be executing tasks SSL_ENABLED = True -SSL_CONF = { - # # See ssl.wrap_socket() documentation: https://docs.python.org/3.6/library/ssl.html#ssl.wrap_socket - # "keyfile": "/foo/client/key.pem", - # "certfile": "/foo/client/cert.pem", - # "ca_certs": "/foo/ca/cacert.pem", - # NOTE: The following values are not meant to be changed through settings - # because this would be a mess in deployment! - "ssl_version": ssl.PROTOCOL_TLSv1_2, - "cert_reqs": ssl.CERT_REQUIRED, -} +SSL_KEY_FILE = None +SSL_CERT_FILE = None +SSL_CA_CERTS = None +SSL_VERSION = ssl.PROTOCOL_TLSv1_2 +SSL_CERT_REQS = ssl.CERT_REQUIRED # stuff you might want to change sometimes: RPC_TIMEOUT = timedelta(seconds=10) # affects client behaviour and message TTL @@ -51,11 +46,7 @@ try: if k.isupper() and not k.startswith("_"): # looks like a setting try: new_value = getattr(django_settings, "PIKATASKS_" + k) - if isinstance(globals()[k], dict): - assert isinstance(new_value, dict), "{} needs to be a dictionary".format(k) - globals()[k].update(new_value) - else: - globals()[k] = new_value + globals()[k] = new_value except ImproperlyConfigured: pass # django is installed but not used except AttributeError: diff --git a/pikatasks/utils.py b/pikatasks/utils.py index 51d60388d463abc2e79659533f58e8bb5daffd74..6bcdd0d200f6acc7c5620b4e1014a22182444c26 100644 --- a/pikatasks/utils.py +++ b/pikatasks/utils.py @@ -16,12 +16,12 @@ def deserialize(binary): return json.loads(binary.decode("utf-8")) -def get_ssl_options(ssl_settings): +def get_ssl_options(settings): """ Create pika.SSLOptions based on pikatasks settings. """ - context = ssl.SSLContext(ssl_settings.get('ssl_version')) - context.verify_mode = (ssl_settings.get('cert_reqs')) - context.load_verify_locations(ssl_settings.get('ca_certs')) - context.load_cert_chain(ssl_settings.get('certfile'), ssl_settings.get('keyfile')) + context = ssl.SSLContext(settings.SSL_VERSION) + context.verify_mode = settings.SSL_CERT_REQS + context.load_verify_locations(settings.SSL_CA_CERTS) + context.load_cert_chain(settings.SSL_CERT_FILE, settings.SSL_KEY_FILE) return pika.SSLOptions(context) @@ -36,7 +36,7 @@ def get_pika_connection_parameters(): ), # TODO: causes a warning when closing connections blocked_connection_timeout=settings.BLOCKED_CONNECTION_TIMEOUT.total_seconds(), - ssl_options=get_ssl_options(settings.SSL_CONF) if settings.SSL_ENABLED else None, + ssl_options=get_ssl_options(settings) if settings.SSL_ENABLED else None, )