Home Explore Help
Sign In
yangck
/
celery
1
0
Fork 0
Files Issues 0 Pull Requests 0 Wiki
Browse Source

Removes SECURITY_SERIALIZER, _DIGEST settings

Ask Solem 13 years ago
parent
912c05eabd
commit
348a611477
3 changed files with 8 additions and 21 deletions
Split View Show Diff Stats
  1. 0 2
      celery/app/defaults.py
  2. 7 18
      celery/security/__init__.py
  3. 1 1
      celery/security/serialization.py

+ 0 - 2
celery/app/defaults.py
View File 

@@ -144,8 +144,6 @@ NAMESPACES = {
 
         "SECURITY_KEY": Option(None, type="string"),
 
         "SECURITY_CERTIFICATE": Option(None, type="string"),
 
         "SECURITY_CERT_STORE": Option(None, type="string"),
 
-        "SECURITY_DIGEST": Option("sha1", type="string"),
 
-        "SECURITY_SERIALIZER": Option("pickle", type="string"),
 
     },
 
     "CELERYD": {
 
         "AUTOSCALER": Option("celery.worker.autoscale.Autoscaler"),

+ 7 - 18
celery/security/__init__.py
View File 

@@ -1,8 +1,6 @@
 
 from __future__ import absolute_import
 
 from __future__ import with_statement
 
 
-import warnings
 
-
 
 from kombu.serialization import registry, SerializerNotInstalled
 
 
 from .. import current_app
 
@@ -16,10 +14,6 @@ Please install by:
 
 
     $ pip install pyOpenSSL
 
 """
 
-AUTH_DISABLED = """\
 
-setup_security called, but not configured to use auth serializer.
 
-Please set CELERY_TASK_SERIALIZER="auth" to enable security.\
 
-"""
 
 
 SETTING_MISSING = """\
 
 Sorry, but you have to configure the
 
@@ -32,24 +26,22 @@ Please see the configuration reference for more information.
 
 """
 
 
 
-class IncompleteConfiguration(UserWarning):
 
-    pass
 
-
 
-
 
-def _disable_insecure_serializers(whitelist=[]):
 
-    for name in set(registry._decoders.keys()) - set(whitelist):
 
+def _disable_insecure_serializers(whitelist=None):
 
+    for name in set(registry._decoders.keys()) - set(whitelist or []):
 
         try:
 
             registry.disable(name)
 
         except SerializerNotInstalled:
 
             pass
 
 
 
-def setup_security(allowed_serializers=[], key=None, cert=None, store=None,
 
-        digest=None, serializer=None):
 
+def setup_security(allowed_serializers=None, key=None, cert=None, store=None,
 
+        digest="sha1", serializer="json"):
 
     """setup secure serialization"""
 
+    _disable_insecure_serializers(allowed_serializers)
 
+
 
     conf = current_app.conf
 
     if conf.CELERY_TASK_SERIALIZER != "auth":
 
-        return warn(IncompleteConfiguration(AUTH_DISABLED))
 
+        return
 
 
     try:
 
         from OpenSSL import crypto  # noqa
 
@@ -59,13 +51,10 @@ def setup_security(allowed_serializers=[], key=None, cert=None, store=None,
 
     key = key or conf.CELERY_SECURITY_KEY
 
     cert = cert or conf.CELERY_SECURITY_CERTIFICATE
 
     store = store or conf.CELERY_SECURITY_CERT_STORE
 
-    digest = digest or conf.CELERY_SECURITY_DIGEST
 
-    serializer = serializer or conf.CELERY_SECURITY_SERIALIZER
 
 
     if any(not v for v in (key, cert, store)):
 
         raise ImproperlyConfigured(SETTING_MISSING)
 
 
-    _disable_insecure_serializers(allowed_serializers)
 
     with open(key) as kf:
 
         with open(cert) as cf:
 
             register_auth(kf.read(), cf.read(), store)

+ 1 - 1
celery/security/serialization.py
View File 

@@ -74,7 +74,7 @@ class SecureSerializer(object):
 
 
 
 def register_auth(key=None, cert=None, store=None, digest="sha1",
 
-        serializer="pickle"):
 
+        serializer="json"):
 
     """register security serializer"""
 
     s = SecureSerializer(key and PrivateKey(key),
 
                          cert and Certificate(cert),