Merge remote-tracking branch 'upstream/master'

Author: Cryptophobia

rootfs/api/management/commands/load_db_state_to_k8s.py

@@ -48,6 +48,7 @@ def save_apps(self):
             try:
                 app.save()
                 app.config_set.latest().save()
+                app.tls_set.latest().sync()
             except DeisException as error:
                 print('ERROR: Problem saving to model {} for {}'
                       'due to {}'.format(str(App.__name__), str(app), str(error)))

rootfs/api/models/app.py

@@ -198,7 +198,11 @@ def create(self, *args, **kwargs):  # noqa
             try:
                 self._scheduler.ns.get(namespace)
             except KubeException:
-                self._scheduler.ns.create(namespace)
+                try:
+                    self._scheduler.ns.create(namespace)
+                except KubeException as e:
+                    raise ServiceUnavailable('Could not create the Namespace in Kubernetes') from e
+
             if settings.KUBERNETES_NAMESPACE_DEFAULT_QUOTA_SPEC != '':
                 quota_spec = json.loads(settings.KUBERNETES_NAMESPACE_DEFAULT_QUOTA_SPEC)
                 self.log('creating Quota {} for namespace {}'.format(quota_name, namespace),

rootfs/api/models/tls.py

@@ -18,6 +18,17 @@ class Meta:
     def __str__(self):
         return "{}-{}".format(self.app.id, str(self.uuid)[:7])
 
+    def _load_service_config(self, app, component):
+        config = super()._load_service_config(app, component)
+
+        # See if the ssl.enforce annotation is available
+        if 'ssl' not in config:
+            config['ssl'] = {}
+        if 'enforce' not in config['ssl']:
+            config['ssl']['enforce'] = 'false'
+
+        return config
+
     def _check_previous_tls_settings(self):
         try:
             previous_tls_settings = self.app.tls_set.latest()
@@ -40,16 +51,24 @@ def save(self, *args, **kwargs):
         # get config for the service
         config = self._load_service_config(app, 'router')
 
-        # See if the ssl.enforce annotation is available
-        if 'ssl' not in config:
-            config['ssl'] = {}
-        if 'enforce' not in config['ssl']:
-            config['ssl']['enforce'] = 'false'
-
         # convert from bool to string
         config['ssl']['enforce'] = str(https_enforced)
 
         self._save_service_config(app, 'router', config)
 
         # Save to DB
         return super(TLS, self).save(*args, **kwargs)
+
+    def sync(self):
+        try:
+            app = str(self.app)
+
+            config = self._load_service_config(app, 'router')
+            if (
+                config['ssl']['enforce'] != str(self.https_enforced) and
+                self.https_enforced is not None
+            ):
+                config['ssl']['enforce'] = str(self.https_enforced)
+                self._save_service_config(app, 'router', config)
+        except TLS.DoesNotExist:
+            pass

rootfs/dev_requirements.txt

@@ -1,5 +1,5 @@
 # Run "make test-unit" for the % of code exercised during tests
-coverage==4.3.4
+coverage==4.4.1
 
 # Run "make test-style" to check python syntax and style
 flake8==3.3.0

rootfs/requirements.txt

@@ -1,23 +1,23 @@
 # Deis controller requirements
 backoff==1.4.3
-Django==1.11.2
-django-auth-ldap==1.2.12
+Django==1.11.4
+django-auth-ldap==1.2.14
 django-cors-middleware==1.3.1
-django-guardian==1.4.8
+django-guardian==1.4.9
 djangorestframework==3.6.3
 docker-py==1.10.6
 gunicorn==19.7.1
 idna==2.5
 jmespath==0.9.3
-jsonfield==2.0.1
+jsonfield==2.0.2
 jsonschema==2.6.0
 morph==0.1.2
 ndg-httpsclient==0.4.2
 packaging==16.8
 pyasn1==0.2.3
 psycopg2==2.7.1
-pyldap==2.4.35.1
-pyOpenSSL==17.0.0
+pyldap==2.4.37
+pyOpenSSL==17.2.0
 pytz==2017.2
-requests==2.14.2
+requests==2.18.2
 requests-toolbelt==0.8.0