Fix all the things!

util/secscan/api.py

@@ -134,12 +134,24 @@ class SecurityConfigValidator(object):
     return self._keys
 
   def valid(self):
-    if (not features.SECURITY_SCANNER
-        or not self._security_config
-        or not 'ENDPOINT' in self._security_config
-        or not 'ENGINE_VERSION_TARGET' in self._security_config
-        or not 'DISTRIBUTED_STORAGE_PREFERENCE' in self._security_config
-        or (self._certificate is False and self._keys is None)):
+    if not features.SECURITY_SCANNER:
+      return False
+
+    if not self._security_config:
+      logger.debug('Missing SECURITY_SCANNER block in configuration')
+      return False
+
+    if not 'ENDPOINT' in self._security_config:
+      logger.debug('Missing ENDPOINT field in SECURITY_SCANNER configuration')
+      return False
+
+    endpoint = self._security_config['ENDPOINT'] or ''
+    if not endpoint.startswith('http://') and not endpoint.startswith('https://'):
+      logger.debug('ENDPOINT field in SECURITY_SCANNER configuration must start with http or https')
+      return False
+
+    if endpoint.startswith('https://') and (self._certificate is False or self._keys is None):
+      logger.debug('Certificate and key pair required for talking to security worker over HTTPS')
       return False
 
     return True
@@ -150,6 +162,7 @@ class SecurityScannerAPI(object):
   def __init__(self, app, config_provider):
     self.app = app
     self.config_provider = config_provider
+    self._security_config = None
 
     config_validator = SecurityConfigValidator(app, config_provider)
     if not config_validator.valid():
@@ -192,6 +205,9 @@ class SecurityScannerAPI(object):
         from the API server.
     """
     security_config = self._security_config
+    if security_config is None:
+      raise Exception('Cannot call unconfigured security system')
+
     api_url = urljoin(security_config['ENDPOINT'], '/' + security_config['API_VERSION']) + '/'
     url = urljoin(api_url, relative_url % args)