fix(controller): Persist ssl.enforce header on service creation

mattk42 · mattk42 · commit c81dbf97827a · 2017-06-06T11:48:38.000-06:00
diff --git a/rootfs/api/management/commands/load_db_state_to_k8s.py b/rootfs/api/management/commands/load_db_state_to_k8s.py
@@ -48,6 +48,7 @@ def save_apps(self):
             try:
                 app.save()
                 app.config_set.latest().save()
+                app.tls_set.latest().sync()
             except DeisException as error:
                 print('ERROR: Problem saving to model {} for {}'
                       'due to {}'.format(str(App.__name__), str(app), str(error)))
diff --git a/rootfs/api/models/tls.py b/rootfs/api/models/tls.py
@@ -18,6 +18,17 @@ class Meta:
     def __str__(self):
         return "{}-{}".format(self.app.id, str(self.uuid)[:7])
 
+    def _load_service_config(self, app, component):
+        config = super()._load_service_config(app, component)
+
+        # See if the ssl.enforce annotation is available
+        if 'ssl' not in config:
+            config['ssl'] = {}
+        if 'enforce' not in config['ssl']:
+            config['ssl']['enforce'] = 'false'
+
+        return config
+
     def _check_previous_tls_settings(self):
         try:
             previous_tls_settings = self.app.tls_set.latest()
@@ -40,16 +51,24 @@ def save(self, *args, **kwargs):
         # get config for the service
         config = self._load_service_config(app, 'router')
 
-        # See if the ssl.enforce annotation is available
-        if 'ssl' not in config:
-            config['ssl'] = {}
-        if 'enforce' not in config['ssl']:
-            config['ssl']['enforce'] = 'false'
-
         # convert from bool to string
         config['ssl']['enforce'] = str(https_enforced)
 
         self._save_service_config(app, 'router', config)
 
         # Save to DB
         return super(TLS, self).save(*args, **kwargs)
+
+    def sync(self):
+        try:
+            app = str(self.app)
+
+            config = self._load_service_config(app, 'router')
+            if (
+                config['ssl']['enforce'] != str(self.https_enforced) and
+                self.https_enforced is not None
+            ):
+                config['ssl']['enforce'] = str(self.https_enforced)
+                self._save_service_config(app, 'router', config)
+        except TLS.DoesNotExist:
+            pass
