Commit b35ba750 authored by MARGERY David's avatar MARGERY David
Browse files

Implement support for tls options (bug #8379)

With this commit, the following tls options are supported and used if
present in the configuration file
- uri_out_cert_chain_file
- uri_out_private_key_file
- uri_out_verify_peer
- uri_out_fail_if_no_peer_cert
- uri_out_cipher_list
- uri_out_ecdh_curve
- uri_out_dhparam
- uri_out_ssl_version

- uri_in_cert_chain_file
- uri_in_private_key_file
- uri_in_verify_peer
- uri_in_fail_if_no_peer_cert
- uri_in_cipher_list
- uri_in_ecdh_curve
- uri_in_dhparam
- uri_in_ssl_version
parent 893aee0c
......@@ -78,12 +78,14 @@ class JobsController < ApplicationController
)+"/internal/oarapi/jobs/#{params[:id]}.json",
:out
)
options=tls_options_for(url, :out)
http = EM::HttpRequest.new(url).delete(
:timeout => 5,
:head => {
'X-Remote-Ident' => @credentials[:cn],
'Accept' => media_type(:json)
}
},
:tls => options
)
continue_if!(http, :is => [200,202,204,404])
......@@ -122,6 +124,7 @@ class JobsController < ApplicationController
url = uri_to(
site_path(params[:site_id])+"/internal/oarapi/jobs.json", :out
)
options=tls_options_for(url, :out)
http = EM::HttpRequest.new(url).post(
:timeout => 20,
:body => job_to_send.to_json,
......@@ -129,7 +132,8 @@ class JobsController < ApplicationController
'X-Remote-Ident' => @credentials[:cn],
'Content-Type' => media_type(:json),
'Accept' => media_type(:json)
}
},
:tls => options
)
continue_if!(http, :is => [201,202])
......
......@@ -26,6 +26,10 @@ module ApplicationHelper
Grid5000::Router.uri_to(request, path, in_or_out, relative_or_absolute)
end
def tls_options_for(url, in_or_out = :in)
Grid5000::Router.tls_options_for(url, in_or_out)
end
def repository
@repository ||= Grid5000::Repository.new(
File.expand_path(
......
......@@ -70,6 +70,17 @@ module Grid5000
Rails.my_config("base_uri_#{in_or_out}".to_sym)
end # def base_uri()
def tls_options_for(url, in_or_out = :in)
tls_options={}
[:cert_chain_file, :private_key_file, :verify_peer, :fail_if_no_peer_cert,
:cipher_list, :ecdh_curve, :dhparam, :ssl_version].each do |tls_param|
config_key=("uri_#{in_or_out.to_s}_"+tls_param.to_s).to_sym
if Rails.my_config(config_key)
tls_options[tls_param]=Rails.my_config(config_key)
end
end
tls_options
end
end
end
end
......@@ -55,5 +55,11 @@ describe Grid5000::Router do
request = double(Rack::MockRequest, :env => {})
Grid5000::Router.uri_to(request, "/sites/rennes/internal/oarapi/jobs/374172.json", :out).should == "http://api-out.local/sid/sites/rennes/internal/oarapi/jobs/374172.json"
end
it "should take into account tls options" do
Api::Application::CONFIG["uri_out_verify_peer"] = true
Api::Application::CONFIG["uri_out_private_key_file"] = "/etc/ssl/certs/private/api.out.local.pem"
expect(tls_options_for("https://api-out.local/", :out)).to include ({private_key_file: "/etc/ssl/certs/private/api.out.local.pem"} )
expect(tls_options_for("https://api-out.local/", :out)).to include ({verify_peer: true} )
end
end
Supports Markdown
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment