From 04fc6d82a561a5eab3138c0b0546f4bed0e27e7e Mon Sep 17 00:00:00 2001
From: Joseph Schorr <joseph.schorr@coreos.com>
Date: Tue, 25 Nov 2014 16:36:21 -0500
Subject: [PATCH] Add support for SSL if the certificate is found in the config
 directory

---
 buildman/builder.py | 13 ++++++++++++-
 buildman/server.py  | 10 +++++-----
 2 files changed, 17 insertions(+), 6 deletions(-)

diff --git a/buildman/builder.py b/buildman/builder.py
index efd7b10cc..4411b54ff 100644
--- a/buildman/builder.py
+++ b/buildman/builder.py
@@ -1,10 +1,13 @@
 import logging
+import os
 
 from app import app, userfiles as user_files, build_logs, dockerfile_build_queue
 
 from buildman.manager.enterprise import EnterpriseManager
 from buildman.server import BuilderServer
 
+from trollius import SSLContext
+
 LOGGER = logging.getLogger(__name__)
 
 BUILD_MANAGERS = {
@@ -16,13 +19,21 @@ def run_build_manager():
   if build_manager_config is None:
     return
 
+  LOGGER.debug('Asking to start build manager with lifecycle "%s"', build_manager_config[0])
   manager_klass = BUILD_MANAGERS.get(build_manager_config[0])
   if manager_klass is None:
     return
 
+  LOGGER.debug('Starting build manager with lifecycle "%s"', build_manager_config[0])
+  ssl_context = None
+  if os.path.exists('conf/stack/ssl.cert'):
+    LOGGER.debug('Loading SSL cert and key')
+    ssl_context = SSLContext()
+    ssl_context.load_cert_chain('conf/stack/ssl.cert', 'conf/stack/ssl.key')
+
   server = BuilderServer(app.config['SERVER_HOSTNAME'], dockerfile_build_queue, build_logs,
                          user_files, manager_klass)
-  server.run('0.0.0.0')
+  server.run('0.0.0.0', ssl=ssl_context)
 
 if __name__ == '__main__':
   logging.basicConfig(level=logging.DEBUG)
diff --git a/buildman/server.py b/buildman/server.py
index f83d71a81..876d77786 100644
--- a/buildman/server.py
+++ b/buildman/server.py
@@ -67,13 +67,13 @@ class BuilderServer(object):
 
     self._controller_app = controller_app
 
-  def run(self, host):
+  def run(self, host, ssl=None):
     LOGGER.debug('Initializing the lifecycle manager')
     self._lifecycle_manager.initialize()
 
     LOGGER.debug('Initializing all members of the event loop')
     loop = trollius.get_event_loop()
-    trollius.Task(self._initialize(loop, host))
+    trollius.Task(self._initialize(loop, host, ssl))
 
     LOGGER.debug('Starting server on port 8080, with controller on port 8181')
     try:
@@ -161,7 +161,7 @@ class BuilderServer(object):
 
 
   @trollius.coroutine
-  def _initialize(self, loop, host):
+  def _initialize(self, loop, host, ssl=None):
     self._loop = loop
 
     # Create the WAMP server.
@@ -169,8 +169,8 @@ class BuilderServer(object):
     transport_factory.setProtocolOptions(failByDrop=True)
 
     # Initialize the controller server and the WAMP server
-    create_wsgi_server(self._controller_app, loop=loop, host=host, port=CONTROLLER_PORT)
-    yield From(loop.create_server(transport_factory, host, WEBSOCKET_PORT))
+    create_wsgi_server(self._controller_app, loop=loop, host=host, port=CONTROLLER_PORT, ssl=ssl)
+    yield From(loop.create_server(transport_factory, host, WEBSOCKET_PORT, ssl=ssl))
 
     # Initialize the work queue checker.
     yield From(self._work_checker())