diff --git a/Dockerfile b/Dockerfile index 0d1b8d5..e9e2723 100644 --- a/Dockerfile +++ b/Dockerfile @@ -74,6 +74,9 @@ RUN mkdir /var/run/supervisor && chown -R acait:acait /var/run/supervisor && \ chown -R acait:acait /var/log/nginx && \ chgrp acait /etc/nginx/nginx.conf && chmod g+w /etc/nginx/nginx.conf +# Append the uwca to the ca-bundle +RUN cat /app/certs/ca-uwca.crt >> /etc/ssl/certs/ca-certificates.crt + USER acait ENV PORT 8000 diff --git a/certs/ca-uwca.crt b/certs/ca-uwca.crt new file mode 100644 index 0000000..1b51a6b --- /dev/null +++ b/certs/ca-uwca.crt @@ -0,0 +1,27 @@ + +# UWCA + +-----BEGIN CERTIFICATE----- +MIIEBzCCA3CgAwIBAgIBADANBgkqhkiG9w0BAQQFADCBlDELMAkGA1UEBhMCVVMx +CzAJBgNVBAgTAldBMSEwHwYDVQQKExhVbml2ZXJzaXR5IG9mIFdhc2hpbmd0b24x +FDASBgNVBAsTC1VXIFNlcnZpY2VzMRcwFQYDVQQDEw5VVyBTZXJ2aWNlcyBDQTEm +MCQGCSqGSIb3DQEJARYXaGVscEBjYWMud2FzaGluZ3Rvbi5lZHUwHhcNMDMwMjI1 +MTgyNTA5WhcNMzAwOTAzMTgyNTA5WjCBlDELMAkGA1UEBhMCVVMxCzAJBgNVBAgT +AldBMSEwHwYDVQQKExhVbml2ZXJzaXR5IG9mIFdhc2hpbmd0b24xFDASBgNVBAsT +C1VXIFNlcnZpY2VzMRcwFQYDVQQDEw5VVyBTZXJ2aWNlcyBDQTEmMCQGCSqGSIb3 +DQEJARYXaGVscEBjYWMud2FzaGluZ3Rvbi5lZHUwgZ8wDQYJKoZIhvcNAQEBBQAD +gY0AMIGJAoGBALwCo6h4T44m+7ve+BrnEqflqBISFaZTXyJTjIVQ39ZWhE0B3Laf +bbZYju0imlQLG+MEVAtNDdiYICcBcKsapr2dxOi31Nv0moCkOj7iQueMVU4E1Tgh +YIR2I8hqixFCQIP/CMtSDail/POzFzzdVxI1pv2wRc5cL6zNwV25gbn3AgMBAAGj +ggFlMIIBYTAdBgNVHQ4EFgQUVdfBM8b6k/gnPcsgS/VajliXfXQwgcEGA1UdIwSB +uTCBtoAUVdfBM8b6k/gnPcsgS/VajliXfXShgZqkgZcwgZQxCzAJBgNVBAYTAlVT +MQswCQYDVQQIEwJXQTEhMB8GA1UEChMYVW5pdmVyc2l0eSBvZiBXYXNoaW5ndG9u +MRQwEgYDVQQLEwtVVyBTZXJ2aWNlczEXMBUGA1UEAxMOVVcgU2VydmljZXMgQ0Ex +JjAkBgkqhkiG9w0BCQEWF2hlbHBAY2FjLndhc2hpbmd0b24uZWR1ggEAMAwGA1Ud +EwQFMAMBAf8wKwYDVR0RBCQwIoYgaHR0cDovL2NlcnRzLmNhYy53YXNoaW5ndG9u +LmVkdS8wQQYDVR0fBDowODA2oDSgMoYwaHR0cDovL2NlcnRzLmNhYy53YXNoaW5n +dG9uLmVkdS9VV1NlcnZpY2VzQ0EuY3JsMA0GCSqGSIb3DQEBBAUAA4GBAIn0PNmI +JjT9bM5d++BtQ5UpccUBI9XVh1sCX/NdxPDZ0pPCw7HOOwILumpulT9hGZm9Rd+W +4GnNDAMV40wes8REptvOZObBBrjaaphDe1D/MwnrQythmoNKc33bFg9RotHrIfT4 +EskaIXSx0PywbyfIR1wWxMpr8gbCjAEUHNF/ +-----END CERTIFICATE----- diff --git a/project/base_settings/restclients_settings.py b/project/base_settings/restclients_settings.py index 8a72c41..5a94703 100644 --- a/project/base_settings/restclients_settings.py +++ b/project/base_settings/restclients_settings.py @@ -3,7 +3,7 @@ APPLICATION_CERT_PATH = os.getenv('CERT_PATH', '') APPLICATION_KEY_PATH = os.getenv('KEY_PATH', '') -RESTCLIENTS_CA_BUNDLE = '/app/certs/ca-bundle.crt' +RESTCLIENTS_CA_BUNDLE = os.getenv('CA_BUNDLE', '/etc/ssl/certs/ca-certificates.crt') RESTCLIENTS_DAO_CACHE_CLASS = os.getenv('CACHE_CLASS', '') RESTCLIENTS_DEFAULT_CONNECT_TIMEOUT = 3 RESTCLIENTS_DEFAULT_TIMEOUT = 10 diff --git a/tests/test_settings/test_restclients.py b/tests/test_settings/test_restclients.py index 407923f..5bff493 100644 --- a/tests/test_settings/test_restclients.py +++ b/tests/test_settings/test_restclients.py @@ -6,6 +6,7 @@ def setUp(self): self.mock_env = { 'CERT_PATH': 'test/path/to/cert', 'KEY_PATH': 'test/path/to/key', + 'CA_BUNDLE': 'test/path/to/ca-certs.crt', 'CACHE_CLASS': 'test_cache_class', } @@ -78,7 +79,7 @@ def test_settings_not_overwritten(self): with SettingLoader('project.base_settings.restclients_settings', **mock_env) as restclients_settings: for attr in filter(lambda x: (x.startswith('RESTCLIENTS') or x.startswith('ASTRA')), dir(restclients_settings)): restclients_attr[attr] = getattr(restclients_settings, attr) - + with SettingLoader('project.base_settings', **mock_env) as base_settings: for attr in filter(lambda x: (x.startswith('RESTCLIENTS') or x.startswith('ASTRA')), dir(base_settings)): self.assertEqual(restclients_attr[attr], getattr(base_settings, attr))