From c81dbf97827adf7fd54c9d8a9f055b92211f295e Mon Sep 17 00:00:00 2001
From: Matt Knox <matt.knox@sphero.com>
Date: Tue, 6 Jun 2017 11:32:34 -0600
Subject: [PATCH] fix(controller): Persist ssl.enforce header on service
 creation

---
 .../commands/load_db_state_to_k8s.py          |  1 +
 rootfs/api/models/tls.py                      | 31 +++++++++++++++----
 2 files changed, 26 insertions(+), 6 deletions(-)

diff --git a/rootfs/api/management/commands/load_db_state_to_k8s.py b/rootfs/api/management/commands/load_db_state_to_k8s.py
index a4ed0ee9b..a671b35df 100644
--- a/rootfs/api/management/commands/load_db_state_to_k8s.py
+++ b/rootfs/api/management/commands/load_db_state_to_k8s.py
@@ -48,6 +48,7 @@ def save_apps(self):
             try:
                 app.save()
                 app.config_set.latest().save()
+                app.tls_set.latest().sync()
             except DeisException as error:
                 print('ERROR: Problem saving to model {} for {}'
                       'due to {}'.format(str(App.__name__), str(app), str(error)))
diff --git a/rootfs/api/models/tls.py b/rootfs/api/models/tls.py
index 227fd110b..0cb463125 100644
--- a/rootfs/api/models/tls.py
+++ b/rootfs/api/models/tls.py
@@ -18,6 +18,17 @@ class Meta:
     def __str__(self):
         return "{}-{}".format(self.app.id, str(self.uuid)[:7])
 
+    def _load_service_config(self, app, component):
+        config = super()._load_service_config(app, component)
+
+        # See if the ssl.enforce annotation is available
+        if 'ssl' not in config:
+            config['ssl'] = {}
+        if 'enforce' not in config['ssl']:
+            config['ssl']['enforce'] = 'false'
+
+        return config
+
     def _check_previous_tls_settings(self):
         try:
             previous_tls_settings = self.app.tls_set.latest()
@@ -40,12 +51,6 @@ def save(self, *args, **kwargs):
         # get config for the service
         config = self._load_service_config(app, 'router')
 
-        # See if the ssl.enforce annotation is available
-        if 'ssl' not in config:
-            config['ssl'] = {}
-        if 'enforce' not in config['ssl']:
-            config['ssl']['enforce'] = 'false'
-
         # convert from bool to string
         config['ssl']['enforce'] = str(https_enforced)
 
@@ -53,3 +58,17 @@ def save(self, *args, **kwargs):
 
         # Save to DB
         return super(TLS, self).save(*args, **kwargs)
+
+    def sync(self):
+        try:
+            app = str(self.app)
+
+            config = self._load_service_config(app, 'router')
+            if (
+                config['ssl']['enforce'] != str(self.https_enforced) and
+                self.https_enforced is not None
+            ):
+                config['ssl']['enforce'] = str(self.https_enforced)
+                self._save_service_config(app, 'router', config)
+        except TLS.DoesNotExist:
+            pass