Merge pull request #954 from uw-it-aca/develop

Develop
uw-it-aca · Feb 23, 2024 · 81f7e6b · 81f7e6b
2 parents b29dee7 + d9fe8a5
commit 81f7e6b
Show file tree

Hide file tree

Showing 5 changed files with 18 additions and 51 deletions.
diff --git a/Dockerfile b/Dockerfile
@@ -1,4 +1,4 @@
-ARG DJANGO_CONTAINER_VERSION=1.4.1
+ARG DJANGO_CONTAINER_VERSION=2.0.1
 
 FROM us-docker.pkg.dev/uwit-mci-axdd/containers/django-container:${DJANGO_CONTAINER_VERSION} as app-container
 

diff --git a/docker/prod-values.yml b/docker/prod-values.yml
@@ -365,14 +365,9 @@ daemon:
 
 certs:
   mounted: true
-  certPath: /certs/apps.canvas.uw.edu-uwca.cert
-  keyPath: /certs/apps.canvas.uw.edu-uwca.key
-  secretName: apps.canvas.uw.edu-uwca-certs
-
-mountedSecrets:
-  enabled: true
-  mountPath: /ssl
-  secretName: apps.canvas.uw.edu-openssl-conf
+  certPath: /certs/apps.canvas.uw.edu-ic.cert
+  keyPath: /certs/apps.canvas.uw.edu-ic.key
+  secretName: apps.canvas.uw.edu-ic-certs
 
 environmentVariables:
   - name: ENV
@@ -417,9 +412,6 @@ environmentVariables:
   - name: CLUSTER_CNAME
     value: apps.canvas.uw.edu
 
-  - name: OPENSSL_CONF
-    value: /ssl/openssl.cnf
-
 externalSecrets:
   enabled: true
   secrets:
@@ -497,13 +489,6 @@ externalSecrets:
           property: username
         - name: password
           property: password
-    - name: apps.canvas.uw.edu-uwca-certs
-      externalKey: canvas/prod/uwca-certs
-      data:
-        - name: apps.canvas.uw.edu-uwca.cert
-          property: apps.canvas.uw.edu-uwca.cert
-        - name: apps.canvas.uw.edu-uwca.key
-          property: apps.canvas.uw.edu-uwca.key
     - name: apps.canvas.uw.edu-ic-certs
       externalKey: canvas/prod/ic-certs
       data:
@@ -516,11 +501,6 @@ externalSecrets:
       data:
         - name: uw-idp-cert
           property: cert
-    - name: apps.canvas.uw.edu-openssl-conf
-      externalKey: openssl-conf
-      data:
-        - name: openssl.cnf
-          property: openssl.cnf
 
 environmentVariablesSecrets:
   djangoSecret:

diff --git a/docker/test-values.yml b/docker/test-values.yml
@@ -72,14 +72,9 @@ daemon:
 
 certs:
   mounted: true
-  certPath: /certs/test-apps.canvas.uw.edu-uwca.cert
-  keyPath: /certs/test-apps.canvas.uw.edu-uwca.key
-  secretName: test-apps.canvas.uw.edu-uwca-certs
-
-mountedSecrets:
-  enabled: true
-  mountPath: /ssl
-  secretName: test-apps.canvas.uw.edu-openssl-conf
+  certPath: /certs/test-apps.canvas.uw.edu-ic.cert
+  keyPath: /certs/test-apps.canvas.uw.edu-ic.key
+  secretName: test-apps.canvas.uw.edu-ic-certs
 
 environmentVariables:
   - name: ENV
@@ -124,9 +119,6 @@ environmentVariables:
   - name: CLUSTER_CNAME
     value: test-apps.canvas.uw.edu
 
-  - name: OPENSSL_CONF
-    value: /ssl/openssl.cnf
-
 externalSecrets:
   enabled: true
   secrets:
@@ -204,13 +196,6 @@ externalSecrets:
           property: username
         - name: password
           property: password
-    - name: test-apps.canvas.uw.edu-uwca-certs
-      externalKey: canvas/test/uwca-certs
-      data:
-        - name: test-apps.canvas.uw.edu-uwca.cert
-          property: test-apps.canvas.uw.edu-uwca.cert
-        - name: test-apps.canvas.uw.edu-uwca.key
-          property: test-apps.canvas.uw.edu-uwca.key
     - name: test-apps.canvas.uw.edu-ic-certs
       externalKey: canvas/test/ic-certs
       data:
@@ -223,11 +208,6 @@ externalSecrets:
       data:
         - name: uw-idp-cert
           property: cert
-    - name: test-apps.canvas.uw.edu-openssl-conf
-      externalKey: openssl-conf
-      data:
-        - name: openssl.cnf
-          property: openssl.cnf
 environmentVariablesSecrets:
   djangoSecret:
     name: DJANGO_SECRET

diff --git a/setup.py b/setup.py
@@ -27,11 +27,11 @@
         'python-dateutil',
         'django-pyscss>=2.0',
         'beautifulsoup4',
-        'suds-jurko==0.6',
+        'suds',
         'django-blti~=2.2',
         'django-cors-headers',
-        'aws-message-client~=1.5',
-        'djangorestframework~=3.11',
+        'aws-message-client~=1.6',
+        'djangorestframework~=3.14',
         'django-storages[google]',
         'uw-memcached-clients~=1.0',
         'UW-RestClients-Core~=1.4',

diff --git a/sis_provisioner/dao/astra.py b/sis_provisioner/dao/astra.py
@@ -27,12 +27,19 @@ def __init__(self, *args, **kwargs):
         self.key_file = settings.ASTRA_KEY
         self.cert_file = settings.ASTRA_CERT
 
+    @property
+    def _ssl_context(self):
+        ctx = ssl.SSLContext()
+        ctx.load_cert_chain(certfile=self.cert_file, keyfile=self.key_file)
+        ctx.set_ciphers('HIGH:!DH:!aNULL')
+        return ctx
+
     def connect(self):
         sock = socket.create_connection((self.host, self.port), self.timeout)
         if self._tunnel_host:
             self.sock = sock
             self._tunnel()
-        self.sock = ssl.wrap_socket(sock, self.key_file, self.cert_file)
+        self.sock = self._ssl_context.wrap_socket(sock)
 
 
 class HTTPSClientAuthHandler(HTTPSHandler):