Skip to content

Commit

Permalink
Merge pull request #565 from mendix/develop
Browse files Browse the repository at this point in the history 
Release 2022-08-04
  • Loading branch information
@svanderburg
svanderburg authored Aug 4, 2022
2 parents 362b35b + 07bbea0 commit 89bd92e
Show file tree
Hide file tree
Showing 5 changed files with 79 additions and 17 deletions.
14 changes: 9 additions & 5 deletions buildpack/infrastructure/storage.py
View file
Original file line number Diff line number Diff line change
Expand Up @@ -168,12 +168,16 @@ def _runtime_sts_support(version):
):
return True
# Only enable STS support for these versions when CERTIFICATE_AUTHORITIES
# is not set or STS will break.
# is not set and CLIENT_CERTIFICATES is not set or STS will break.
elif (
version >= 9.2
or (version.major == 8 and version >= MXVersion("8.18.7"))
or (version.major == 7 and version >= MXVersion("7.23.22"))
) and not os.getenv("CERTIFICATE_AUTHORITIES", None):
(
version >= 9.2
or (version.major == 8 and version >= MXVersion("8.18.7"))
or (version.major == 7 and version >= MXVersion("7.23.22"))
)
and not os.getenv("CERTIFICATE_AUTHORITIES", None)
and not os.getenv("CLIENT_CERTIFICATES", None)
):
return True
else:
return False
Expand Down
1 change: 1 addition & 0 deletions buildpack/telemetry/dynatrace.py
View file
Original file line number Diff line number Diff line change
Expand Up @@ -32,6 +32,7 @@ def stage(buildpack_dir, build_path, cache_path):
"environment": os.environ.get("DT_TENANT"),
"token": os.environ.get("DT_PAAS_TOKEN"),
},
ignore_cache=True
)
except Exception as e:
logging.warning(
Expand Down
2 changes: 1 addition & 1 deletion buildpack/telemetry/metrics.py
View file
Original file line number Diff line number Diff line change
Expand Up @@ -137,7 +137,7 @@ def get_micrometer_metrics_url():
"""
use_trends_forwarder = strtobool(
os.getenv("USE_TRENDS_FORWARDER", default="false")
os.getenv("USE_TRENDS_FORWARDER", default="true")
)

trends_forwarder_url = os.getenv("TRENDS_FORWARDER_URL", default="")
Expand Down
12 changes: 6 additions & 6 deletions tests/unit/test_db_config_options.py
View file
Original file line number Diff line number Diff line change
Expand Up @@ -188,9 +188,9 @@ def init_root_cert(self):
self.root_key = self._newkey()
ca_subj = x509.Name(
[
NameAttribute(NameOID.COUNTRY_NAME, u"US"),
NameAttribute(NameOID.ORGANIZATION_NAME, u"Authority, Inc"),
NameAttribute(NameOID.COMMON_NAME, u"Authority CA"),
NameAttribute(NameOID.COUNTRY_NAME, "US"),
NameAttribute(NameOID.ORGANIZATION_NAME, "Authority, Inc"),
NameAttribute(NameOID.COMMON_NAME, "Authority CA"),
]
)
self.root_cert = self._sign(
Expand All @@ -201,9 +201,9 @@ def init_postgresql_cert(self) -> Certificate:
self.postgresql_key = self._newkey()
subj = x509.Name(
[
NameAttribute(NameOID.COUNTRY_NAME, u"US"),
NameAttribute(NameOID.ORGANIZATION_NAME, u"Authority, Inc"),
NameAttribute(NameOID.COMMON_NAME, u"SQL Client"),
NameAttribute(NameOID.COUNTRY_NAME, "US"),
NameAttribute(NameOID.ORGANIZATION_NAME, "Authority, Inc"),
NameAttribute(NameOID.COMMON_NAME, "SQL Client"),
]
)
self.postgresql_cert = self._sign(
Expand Down
67 changes: 62 additions & 5 deletions tests/unit/test_s3_blobstore.py
View file
Original file line number Diff line number Diff line change
Expand Up @@ -171,9 +171,9 @@ def test_s3_blobstore_tvm_runtime_with_sts(self):
)

"""
STS support is broken when CERTIFICATE_AUTHORITIES is set for Mendix
versions 7.23.22-, 8.18.7-8.18.10 and 9.2-9.5). Fallback to IAM
credentials.
STS support is broken when CERTIFICATE_AUTHORITIES and/or
CLIENT_CERTIFICATES is set for Mendix versions 7.23.22-, 8.18.7-8.18.10
and 9.2-9.5). Fallback to IAM credentials.
"""

@mock.patch(
Expand Down Expand Up @@ -207,9 +207,30 @@ def test_s3_blobstore_tvm_runtime_with_sts_and_cas_broken(self):
== "fake-s3-endpoint-from-tvm-vcap/fake-bucket-from-tvm-vcap"
)

def test_s3_blobstore_tvm_runtime_with_sts_and_ccs_broken(self):
vcap = json.loads(S3_TVM_STORAGE_VCAP_EXAMPLE)
os.environ["CLIENT_CERTIFICATES"] = "fake-client-certificate"
config = storage._get_s3_specific_config(vcap)
assert (
config["com.mendix.core.StorageService"] == "com.mendix.storage.s3"
)
assert config["com.mendix.storage.s3.AccessKeyId"] == "fake-access-key"
assert (
config["com.mendix.storage.s3.SecretAccessKey"]
== "fake-secret-access-key"
)
assert (
config["com.mendix.storage.s3.BucketName"]
== "fake-key-prefix-from-tvm-vcap"
)
assert (
config["com.mendix.storage.s3.EndPoint"]
== "fake-s3-endpoint-from-tvm-vcap/fake-bucket-from-tvm-vcap"
)

"""
Configure STS for Mendix versions 8.18.11+ and 9.6+ when
CERTIFICATE_AUTHORITIES is configured
Configure STS for Mendix versions 7.23.30+, 8.18.11+, and 9.6+
when CERTIFICATE_AUTHORITIES and/or CLIENT_CERTIFICATES is configured
"""

@mock.patch(
Expand Down Expand Up @@ -257,3 +278,39 @@ def test_s3_blobstore_tvm_runtime_with_sts_and_cas_fixed(self):
config["com.mendix.storage.s3.EndPoint"]
== "fake-s3-endpoint-from-tvm-vcap/fake-bucket-from-tvm-vcap"
)

def test_s3_blobstore_tvm_runtime_with_sts_and_ccs_fixed(self):
vcap = json.loads(S3_TVM_STORAGE_VCAP_EXAMPLE)
os.environ["CLIENT_CERTIFICATES"] = "fake-client-certificate"
config = storage._get_s3_specific_config(vcap)
assert (
config["com.mendix.core.StorageService"] == "com.mendix.storage.s3"
)
assert (
config["com.mendix.storage.s3.tokenService.Url"]
== "https://tvm-endpoint.mendix.com/v1/gettoken"
)
assert (
config["com.mendix.storage.s3.tokenService.Username"]
== "fake-username-from-tvm-vcap"
)
assert (
config["com.mendix.storage.s3.tokenService.Password"]
== "fake-password-from-tvm-vcap"
)
assert (
config["com.mendix.storage.s3.tokenService.RefreshPercentage"]
== 80
)
assert (
config["com.mendix.storage.s3.tokenService.RetryIntervalInSeconds"]
== 10
)
assert (
config["com.mendix.storage.s3.BucketName"]
== "fake-key-prefix-from-tvm-vcap"
)
assert (
config["com.mendix.storage.s3.EndPoint"]
== "fake-s3-endpoint-from-tvm-vcap/fake-bucket-from-tvm-vcap"
)

0 comments on commit 89bd92e

Please sign in to comment.