Skip to content

Commit 128ccb4

Browse files
Kerwoodjeremystretch
Kerwood
authored and
jeremystretch
committed
feat: added setting redis certificate authority path
1 parent 07df622 commit 128ccb4

File tree

2 files changed

+15
-1
lines changed

2 files changed

+15
-1
lines changed

netbox/netbox/configuration_example.py

Lines changed: 4 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -38,6 +38,8 @@
3838
# Set this to True to skip TLS certificate verification
3939
# This can expose the connection to attacks, be careful
4040
# 'INSECURE_SKIP_TLS_VERIFY': False,
41+
# Set a path to a certificate authority, typically used with a self signed certificate.
42+
# 'CA_CERT_PATH': '/etc/ssl/certs/ca.crt',
4143
},
4244
'caching': {
4345
'HOST': 'localhost',
@@ -52,6 +54,8 @@
5254
# Set this to True to skip TLS certificate verification
5355
# This can expose the connection to attacks, be careful
5456
# 'INSECURE_SKIP_TLS_VERIFY': False,
57+
# Set a path to a certificate authority, typically used with a self signed certificate.
58+
# 'CA_CERT_PATH': '/etc/ssl/certs/ca.crt',
5559
}
5660
}
5761

netbox/netbox/settings.py

Lines changed: 11 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -235,6 +235,7 @@ def _setting(name, default=None):
235235
TASKS_REDIS_DATABASE = TASKS_REDIS.get('DATABASE', 0)
236236
TASKS_REDIS_SSL = TASKS_REDIS.get('SSL', False)
237237
TASKS_REDIS_SKIP_TLS_VERIFY = TASKS_REDIS.get('INSECURE_SKIP_TLS_VERIFY', False)
238+
TASKS_REDIS_CA_CERT_PATH = TASKS_REDIS.get('CA_CERT_PATH', False)
238239

239240
# Caching
240241
if 'caching' not in REDIS:
@@ -251,6 +252,7 @@ def _setting(name, default=None):
251252
CACHING_REDIS_SENTINEL_SERVICE = REDIS['caching'].get('SENTINEL_SERVICE', 'default')
252253
CACHING_REDIS_PROTO = 'rediss' if REDIS['caching'].get('SSL', False) else 'redis'
253254
CACHING_REDIS_SKIP_TLS_VERIFY = REDIS['caching'].get('INSECURE_SKIP_TLS_VERIFY', False)
255+
CACHING_REDIS_CA_CERT_PATH = REDIS['caching'].get('CA_CERT_PATH', False)
254256

255257
CACHES = {
256258
'default': {
@@ -262,6 +264,8 @@ def _setting(name, default=None):
262264
}
263265
}
264266
}
267+
268+
265269
if CACHING_REDIS_SENTINELS:
266270
DJANGO_REDIS_CONNECTION_FACTORY = 'django_redis.pool.SentinelConnectionFactory'
267271
CACHES['default']['LOCATION'] = f'{CACHING_REDIS_PROTO}://{CACHING_REDIS_SENTINEL_SERVICE}/{CACHING_REDIS_DATABASE}'
@@ -270,7 +274,9 @@ def _setting(name, default=None):
270274
if CACHING_REDIS_SKIP_TLS_VERIFY:
271275
CACHES['default']['OPTIONS'].setdefault('CONNECTION_POOL_KWARGS', {})
272276
CACHES['default']['OPTIONS']['CONNECTION_POOL_KWARGS']['ssl_cert_reqs'] = False
273-
277+
if CACHING_REDIS_CA_CERT_PATH:
278+
CACHES['default']['OPTIONS'].setdefault('CONNECTION_POOL_KWARGS', {})
279+
CACHES['default']['OPTIONS']['CONNECTION_POOL_KWARGS']['ssl_ca_certs'] = CACHING_REDIS_CA_CERT_PATH
274280

275281
#
276282
# Sessions
@@ -648,6 +654,10 @@ def _setting(name, default=None):
648654
'DEFAULT_TIMEOUT': RQ_DEFAULT_TIMEOUT,
649655
})
650656

657+
if TASKS_REDIS_CA_CERT_PATH:
658+
RQ_PARAMS.setdefault('REDIS_CLIENT_KWARGS', {})
659+
RQ_PARAMS['REDIS_CLIENT_KWARGS']['ssl_ca_certs'] = TASKS_REDIS_CA_CERT_PATH
660+
651661
RQ_QUEUES = {
652662
RQ_QUEUE_HIGH: RQ_PARAMS,
653663
RQ_QUEUE_DEFAULT: RQ_PARAMS,

0 commit comments

Comments
 (0)