From 1bb994962be5822fdf992adf2ead07a72f6064f4 Mon Sep 17 00:00:00 2001
From: Hongbin Lu <hongbin034@gmail.com>
Date: Sun, 25 Nov 2018 16:21:50 +0000
Subject: [PATCH] Add support for secure websocket connection

Add a few SSL config for operator to turn on secure connection
on zun websocket proxy.

Change-Id: Ica077eda90e0d782c206eea7c446b6af646668f8
Closes-Bug: #1762511
---
 zun/cmd/wsproxy.py          | 3 +++
 zun/conf/websocket_proxy.py | 8 ++++++++
 2 files changed, 11 insertions(+)

diff --git a/zun/cmd/wsproxy.py b/zun/cmd/wsproxy.py
index aa5f94993..798b16e4a 100644
--- a/zun/cmd/wsproxy.py
+++ b/zun/cmd/wsproxy.py
@@ -34,6 +34,9 @@ def main():
     websocketproxy.ZunWebSocketProxy(
         listen_host=host,
         listen_port=port,
+        cert=CONF.websocket_proxy.cert,
+        key=CONF.websocket_proxy.key,
+        ssl_only=CONF.websocket_proxy.ssl_only,
         file_only=True,
         RequestHandlerClass=websocketproxy.ZunProxyRequestHandler
     ).start_server()
diff --git a/zun/conf/websocket_proxy.py b/zun/conf/websocket_proxy.py
index 942c45f5b..872656dbf 100644
--- a/zun/conf/websocket_proxy.py
+++ b/zun/conf/websocket_proxy.py
@@ -78,6 +78,14 @@ Possible values:
 
 * A list where each element is an allowed origin hostnames, else an empty list
 """),
+    cfg.BoolOpt('ssl_only',
+                help="Disallow non-encrypted connections."),
+    cfg.StrOpt('cert',
+               default='',
+               help="Path to SSL certificate file."),
+    cfg.StrOpt('key',
+               default='',
+               help="SSL key file (if separate from cert)."),
 ]
 
 ALL_OPTS = (wsproxy_opts)