|
|
@@ -10,7 +10,6 @@ from __future__ import absolute_import
|
|
|
|
|
|
from kombu.serialization import registry
|
|
|
|
|
|
-from celery import current_app
|
|
|
from celery.exceptions import ImproperlyConfigured
|
|
|
|
|
|
from .serialization import register_auth
|
|
|
@@ -39,33 +38,15 @@ def disable_untrusted_serializers(whitelist=None):
|
|
|
|
|
|
|
|
|
def setup_security(allowed_serializers=None, key=None, cert=None, store=None,
|
|
|
- digest='sha1', serializer='json'):
|
|
|
- """Setup the message-signing serializer.
|
|
|
-
|
|
|
- Disables untrusted serializers and if configured to use the ``auth``
|
|
|
- serializer will register the auth serializer with the provided settings
|
|
|
- into the Kombu serializer registry.
|
|
|
-
|
|
|
- :keyword allowed_serializers: List of serializer names, or content_types
|
|
|
- that should be exempt from being disabled.
|
|
|
- :keyword key: Name of private key file to use.
|
|
|
- Defaults to the :setting:`CELERY_SECURITY_KEY` setting.
|
|
|
- :keyword cert: Name of certificate file to use.
|
|
|
- Defaults to the :setting:`CELERY_SECURITY_CERTIFICATE` setting.
|
|
|
- :keyword store: Directory containing certificates.
|
|
|
- Defaults to the :setting:`CELERY_SECURITY_CERT_STORE` setting.
|
|
|
- :keyword digest: Digest algorithm used when signing messages.
|
|
|
- Default is ``sha1``.
|
|
|
- :keyword serializer: Serializer used to encode messages after
|
|
|
- they have been signed. See :setting:`CELERY_TASK_SERIALIZER` for
|
|
|
- the serializers supported.
|
|
|
- Default is ``json``.
|
|
|
-
|
|
|
- """
|
|
|
+ digest='sha1', serializer='json', app=None):
|
|
|
+ """See :meth:`@Celery.setup_security`."""
|
|
|
+ if app is None:
|
|
|
+ from celery import current_app
|
|
|
+ app = current_app._get_current_object()
|
|
|
|
|
|
disable_untrusted_serializers(allowed_serializers)
|
|
|
|
|
|
- conf = current_app.conf
|
|
|
+ conf = app.conf
|
|
|
if conf.CELERY_TASK_SERIALIZER != 'auth':
|
|
|
return
|
|
|
|
Ask Solem