feat: ssl support (MAPCO-4158) (#61)

* feat: add ssl support * fix: quotes * fix: removed log
MapColonies · Apr 11, 2024 · 371e693 · 371e693
1 parent 3d388b1
commit 371e693
Show file tree

Hide file tree

Showing 5 changed files with 46 additions and 2 deletions.
diff --git a/config/patch/loader.py b/config/patch/loader.py
@@ -1256,6 +1256,9 @@ def _redis_cache(self, grid_conf, file_ext):
         ttl = self.conf['cache'].get('default_ttl', 3600)
         username = self.conf['cache'].get('username', None)
         password = self.conf['cache'].get('password', None)
+        ssl_certfile = self.conf['cache'].get('ssl_certfile', None)
+        ssl_keyfile = self.conf['cache'].get('ssl_keyfile', None)
+        ssl_ca_certs = self.conf['cache'].get('ssl_ca_certs', None)
 
         prefix = self.conf['cache'].get('prefix')
         if not prefix:
@@ -1269,6 +1272,9 @@ def _redis_cache(self, grid_conf, file_ext):
             password=password,
             prefix=prefix,
             ttl=ttl,
+            ssl_certfile=ssl_certfile,
+            ssl_keyfile=ssl_keyfile,
+            ssl_ca_certs=ssl_ca_certs
         )
 
     def _compact_cache(self, grid_conf, file_ext):

diff --git a/config/patch/redis.py b/config/patch/redis.py
@@ -38,18 +38,41 @@
 
 
 class RedisCache(TileCacheBase):
-    def __init__(self, host, port, prefix, ttl=0, db=0, username=None, password=None):
+    def __init__(
+            self, host, port, prefix, ttl=0, db=0, username=None, password=None,ssl_certfile=None,
+            ssl_keyfile=None, ssl_ca_certs=None):
         if redis is None:
             raise ImportError("Redis backend requires 'redis' package.")
 
+        self.ssl_certfile = ssl_certfile
+        self.ssl_keyfile = ssl_keyfile
+        self.ssl_ca_certs = ssl_ca_certs
+
         self.prefix = prefix
         self.lock_cache_id = 'redis-' + hashlib.md5((host + str(port) + prefix + str(db)).encode('utf-8')).hexdigest()
         self.ttl = ttl
         # Set a operation timeout nonnegative, floating point number expressing *seconds*.
         self.socket_timeout = float(os.environ.get('SOCKET_TIMEOUT_SECONDS', 0.1))
         # Set a connection timeout, nonnegative floating point number expressing *seconds*.
         self.socket_connection_timeout =  float(os.environ.get('SOCKET_CONNECTION_TIMEOUT_SECONDS', 0.1))
-        self.r = redis.StrictRedis(host=host, port=port, db=db, username=username, password=password, socket_timeout=self.socket_timeout, socket_connect_timeout=self.socket_connection_timeout)
+
+        ssl_enabled = get_redis_variable("REDIS_TLS")
+        ssl_certfile = self.ssl_certfile if ssl_enabled else None
+        ssl_keyfile = self.ssl_keyfile if ssl_enabled else None
+        ssl_ca_certs = self.ssl_ca_certs if ssl_enabled and self.ssl_ca_certs else None)
+        self.r = redis.StrictRedis(
+            host=host, 
+            port=port, 
+            db=db, 
+            username=username, 
+            password=password, 
+            socket_timeout=self.socket_timeout, 
+            socket_connect_timeout=self.socket_connection_timeout,
+            ssl_certfile=ssl_certfile,
+            ssl_keyfile=ssl_keyfile,
+            ssl_ca_certs=ssl_ca_certs,
+            ssl=ssl_enabled      
+        )
 
     def _key(self, tile):
         x, y, z = tile.coord
@@ -130,3 +153,10 @@ def remove_tile(self, tile, dimensions=None):
         key = self._key(tile)
         self.r.delete(key)
         return True
+
+def get_redis_variable(name):
+    env_var = os.environ.get(name, "false")
+    if env_var.lower().strip() in ("true"):
+        return True
+    else:   
+        return False
diff --git a/config/patch/spec.py b/config/patch/spec.py
@@ -169,6 +169,10 @@ def validate_options(conf_dict):
         'username': str(),
         'prefix': str(),
         'default_ttl': int(),
+        'ssl_certfile': str(),
+        'ssl_keyfile': str(),
+        'ssl_ca_certs': str(),
+
     },
     'compact': {
         'directory': str(),

diff --git a/helm/templates/mapproxy/mapproxy-container.yaml b/helm/templates/mapproxy/mapproxy-container.yaml
@@ -6,6 +6,8 @@
           image: {{ .cloudProviderDockerRegistryUrl }}{{ .Values.mapproxy.image.repository }}:{{ .Values.mapproxy.image.tag }}
           imagePullPolicy: {{ .Values.imagePullPolicy }} 
           env:
+            - name: REDIS_TLS
+              value: {{ .Values.mapproxy.redis.tls | quote }}
             - name: SOCKET_CONNECTION_TIMEOUT_SECONDS
               value: {{ .Values.mapproxy.socket.connectionTimeoutSeconds | quote }}
             - name: SOCKET_TIMEOUT_SECONDS

diff --git a/helm/values.yaml b/helm/values.yaml
@@ -111,6 +111,8 @@ mapproxy:
   socket:
     connectionTimeoutSeconds: 0.1 # Set a connection timeout, nonnegative floating point number expressing *seconds*.
     timeoutSeconds: 0.1 # Set a operation timeout nonnegative, floating point number expressing *seconds*.
+  redis:
+    tls: true
   wms:
     enabled: false
     replicaCount: 1