diff options
30 files changed, 265 insertions, 259 deletions
@@ -2,6 +2,10 @@ Gemfile.lock pkg junk test/provider/hiera +test/provider/files/nodes/ +test/provider/files/ca/ +test/provider/files/ssh/ +test/provider/files/users/ .vagrant Vagrantfile @@ -57,7 +57,7 @@ module LeapCli::Commands def self.manager @manager ||= begin manager = LeapCli::Config::Manager.new - manager.load(LeapCli::Path.provider) + manager.load manager end end diff --git a/lib/leap_cli/commands/pre.rb b/lib/leap_cli/commands/pre.rb index b1df5cd..dce01eb 100644 --- a/lib/leap_cli/commands/pre.rb +++ b/lib/leap_cli/commands/pre.rb @@ -38,7 +38,9 @@ module LeapCli if Path.ok? true else - bail!("Could not find the root directory. Change current working directory or try --root") + bail! do + log :error, "- Could not find the root directory. Change current working directory or try --root" + end end # diff --git a/lib/leap_cli/config/manager.rb b/lib/leap_cli/config/manager.rb index 7406f1c..e90b589 100644 --- a/lib/leap_cli/config/manager.rb +++ b/lib/leap_cli/config/manager.rb @@ -17,21 +17,37 @@ module LeapCli # # load .json configuration files # - def load(provider_dir=Path.provider) - @provider_dir = provider_dir - @services = load_all_json(Path.named_path([:service_config, '*'], provider_dir)) - @tags = load_all_json(Path.named_path([:tag_config, '*'], provider_dir)) - @nodes = load_all_json(Path.named_path([:node_config, '*'], provider_dir)) - @common = load_json(Path.named_path(:common_config, provider_dir)) - @provider = load_json(Path.named_path(:provider_config, provider_dir)) - @secrets = load_json(Path.named_path(:secrets_config, provider_dir)) - - Util::assert!(@provider, "Failed to load provider.json") - Util::assert!(@common, "Failed to load common.json") + def load + @provider_dir = Path.provider + # load base + base_services = load_all_json(Path.named_path([:service_config, '*'], Path.provider_base)) + base_tags = load_all_json(Path.named_path([:tag_config, '*'], Path.provider_base)) + base_common = load_json(Path.named_path(:common_config, Path.provider_base)) + base_provider = load_json(Path.named_path(:provider_config, Path.provider_base)) + + # load provider + provider_path = Path.named_path(:provider_config, @provider_dir) + common_path = Path.named_path(:common_config, @provider_dir) + Util::assert_files_exist!(provider_path, common_path) + @services = load_all_json(Path.named_path([:service_config, '*'], @provider_dir)) + @tags = load_all_json(Path.named_path([:tag_config, '*'], @provider_dir)) + @nodes = load_all_json(Path.named_path([:node_config, '*'], @provider_dir)) + @common = load_json(common_path) + @provider = load_json(provider_path) + @secrets = load_json(Path.named_path(:secrets_config, @provider_dir)) + + # inherit + @services.inherit_from! base_services + @tags.inherit_from! base_tags + @common.inherit_from! base_common + @provider.inherit_from! base_provider @nodes.each do |name, node| @nodes[name] = apply_inheritance(node) end + + # validate + validate_provider(@provider) end # @@ -244,7 +260,9 @@ module LeapCli # PRIVATE_IP_RANGES = /(^127\.0\.0\.1)|(^10\.)|(^172\.1[6-9]\.)|(^172\.2[0-9]\.)|(^172\.3[0-1]\.)|(^192\.168\.)/ def validate_provider(provider) - Util::assert! provider.vagrant.network =~ PRIVATE_IP_RANGES, 'provider.json error: vagrant.network is not a local private network' + Util::assert! provider.vagrant.network =~ PRIVATE_IP_RANGES do + log 0, :error, 'in provider.json: vagrant.network is not a local private network' + end end end diff --git a/lib/leap_cli/config/object.rb b/lib/leap_cli/config/object.rb index bf0452a..ef28179 100644 --- a/lib/leap_cli/config/object.rb +++ b/lib/leap_cli/config/object.rb @@ -114,36 +114,78 @@ module LeapCli # # a deep (recursive) merge with another Config::Object. # - def deep_merge!(object) + # if prefer_self is set to true, the value from self will be picked when there is a conflict + # that cannot be merged. + # + def deep_merge!(object, prefer_self=false) object.each do |key,new_value| old_value = self.fetch key, nil + + # clean up boolean + new_value = true if new_value == "true" + new_value = false if new_value == "false" + old_value = true if old_value == "true" + old_value = false if old_value == "false" + + # merge hashes if old_value.is_a?(Hash) || new_value.is_a?(Hash) - # merge hashes value = Config::Object.new(@manager, @node) old_value.is_a?(Hash) ? value.deep_merge!(old_value) : (value[key] = old_value if old_value.any?) - new_value.is_a?(Hash) ? value.deep_merge!(new_value) : (value[key] = new_value if new_value.any?) + new_value.is_a?(Hash) ? value.deep_merge!(new_value, prefer_self) : (value[key] = new_value if new_value.any?) + + # merge arrays elsif old_value.is_a?(Array) || new_value.is_a?(Array) - # merge arrays value = [] old_value.is_a?(Array) ? value += old_value : value << old_value new_value.is_a?(Array) ? value += new_value : value << new_value - value.compact! + value = value.compact.uniq + + # merge nil elsif new_value.nil? value = old_value elsif old_value.nil? value = new_value + + # merge boolean elsif old_value.is_a?(Boolean) && new_value.is_a?(Boolean) - value = new_value + # FalseClass and TrueClass are different classes, so we must handle them separately + if prefer_self + value = old_value + else + value = new_value + end + + # catch errors elsif old_value.class != new_value.class - raise 'Type mismatch. Cannot merge %s with %s. Key value is %s, name is %s.' % [old_value.class, new_value.class, key, name] + raise 'Type mismatch. Cannot merge %s (%s) with %s (%s). Key is "%s", name is "%s".' % [ + old_value.inspect, old_value.class, + new_value.inspect, new_value.class, + key, self.class + ] + + # merge strings and numbers else - value = new_value + if prefer_self + value = old_value + else + value = new_value + end end + + # save value self[key] = value end self end + # + # like a reverse deep merge + # (self takes precedence) + # + def inherit_from!(object) + self.deep_merge!(object, true) + end + ## ## NODE SPECIFIC ## maybe these should be moved to a Node class. @@ -170,12 +212,18 @@ module LeapCli global.nodes end - class FileMissing < Exception; end + class FileMissing < Exception + attr_accessor :path, :options + def initialize(path, options={}) + @path = path + @options = options + end + end # # inserts the contents of a file # - def file(filename) + def file(filename, options={}) if filename.is_a? Symbol filename = [filename, @node.name] end @@ -187,12 +235,21 @@ module LeapCli File.read(filepath) end else - raise FileMissing.new(Path.named_path(filename)) + raise FileMissing.new(Path.named_path(filename), options) "" end end # + # like #file, but allow missing files + # + def try_file(filename) + return file(filename) + rescue FileMissing + return nil + end + + # # inserts a named secret, generating it if needed. # # manager.export_secrets should be called later to capture any newly generated secrets. @@ -218,18 +275,26 @@ module LeapCli value = @node.instance_eval($1) #, @node.send(:binding)) self[key] = value rescue SystemStackError => exc - log :error, "while evaluating node '#{@node.name}'" - log "offending string: #{$1}", :indent => 1 - log "STACK OVERFLOW, BAILING OUT. There must be an eval loop of death (variables with circular dependencies)." + log 0, :error, "while evaluating node '#{@node.name}'" + log 0, "offending string: #{$1}", :indent => 1 + log 0, "STACK OVERFLOW, BAILING OUT. There must be an eval loop of death (variables with circular dependencies).", :indent => 1 raise SystemExit.new() rescue FileMissing => exc - log :error, "while evaluating node '#{@node.name}'" - log "offending string: #{$1}", :indent => 1 - log "error message: no file '#{exc}'", :indent => 1 + Util::bail! do + if exc.options[:missing] + log :missing, exc.options[:missing].gsub('$node', @node.name) + else + log :error, "while evaluating node '#{@node.name}'" + log "offending string: #{$1}", :indent => 1 + log "error message: no file '#{exc}'", :indent => 1 + end + end rescue StandardError => exc - log :error, "while evaluating node '#{@node.name}'" - log "offending string: #{$1}", :indent => 1 - log "error message: #{exc}", :indent => 1 + Util::bail! do + log :error, "while evaluating node '#{@node.name}'" + log "offending string: #{$1}", :indent => 1 + log "error message: #{exc}", :indent => 1 + end end end value diff --git a/lib/leap_cli/config/object_list.rb b/lib/leap_cli/config/object_list.rb index b0839ca..0fa60f1 100644 --- a/lib/leap_cli/config/object_list.rb +++ b/lib/leap_cli/config/object_list.rb @@ -30,7 +30,7 @@ module LeapCli value = config[field] if !value.nil? if value.is_a? Array - if value.includes?(match_value) + if value.include?(match_value) results[name] = config end else @@ -89,6 +89,19 @@ module LeapCli result end + # + # applies inherit_from! to all objects. + # + def inherit_from!(object_list) + object_list.each do |name, object| + if self[name] + self[name].inherit_from!(object) + else + self[name] = object.dup + end + end + end + end end end diff --git a/lib/leap_cli/log.rb b/lib/leap_cli/log.rb index aa9fd16..1cc1c6a 100644 --- a/lib/leap_cli/log.rb +++ b/lib/leap_cli/log.rb @@ -57,6 +57,7 @@ def log(*args) when :run then Paint['run', :magenta] when :failed then Paint['FAILED', :red, :bold] when :ran then Paint['ran', :green, :bold] + when :bail then Paint['bailing out', :red, :bold] else Paint[title.to_s, :cyan, :bold] end print "#{prefix} " diff --git a/lib/leap_cli/path.rb b/lib/leap_cli/path.rb index ed4e478..a783a91 100644 --- a/lib/leap_cli/path.rb +++ b/lib/leap_cli/path.rb @@ -18,6 +18,11 @@ module LeapCli; module Path :service_config => 'services/#{arg}.json', :tag_config => 'tags/#{arg}.json', + # input data files + :commercial_cert => 'files/cert/#{arg}.crt', + :commercial_key => 'files/cert/#{arg}.key', + :commercial_csr => 'files/cert/#{arg}.csr', + # output files :user_ssh => 'users/#{arg}/#{arg}_ssh.pub', :user_pgp => 'users/#{arg}/#{arg}_pgp.pub', @@ -64,8 +69,12 @@ module LeapCli; module Path @platform ||= File.expand_path("#{root}/leap_platform") end - def self.platform_provider - "#{platform}/provider" + def self.provider_base + "#{platform}/provider_base" + end + + def self.provider_templates + "#{platform}/provider_templates" end def self.provider @@ -92,7 +101,7 @@ module LeapCli; module Path def self.search_path @search_path ||= begin search_path = [] - [Path.platform_provider, Path.provider].each do |provider| + [Path.provider_base, Path.provider].each do |provider| files_dir = named_path(:files_dir, provider) search_path << provider search_path << named_path(:files_dir, provider) @@ -110,7 +119,7 @@ module LeapCli; module Path def self.find_file(filename) # named path? if filename.is_a? Array - path = named_path(filename, platform_provider) + path = named_path(filename, Path.provider_base) return path if File.exists?(path) path = named_path(filename, provider) return path if File.exists?(path) diff --git a/lib/leap_cli/util.rb b/lib/leap_cli/util.rb index 20036b2..bad1f6c 100644 --- a/lib/leap_cli/util.rb +++ b/lib/leap_cli/util.rb @@ -23,11 +23,12 @@ module LeapCli # def bail!(message=nil) if block_given? + LeapCli.log_level = 3 yield elsif message puts message end - puts("Bailing out.") + log :bail, "" raise SystemExit.new end diff --git a/test/default_test.rb b/test/default_test.rb deleted file mode 100644 index c363bbb..0000000 --- a/test/default_test.rb +++ /dev/null @@ -1,14 +0,0 @@ -require 'test_helper' - -class DefaultTest < Test::Unit::TestCase - - def setup - end - - def teardown - end - - def test_the_truth - assert true - end -end diff --git a/test/leap_platform/provider_base/common.json b/test/leap_platform/provider_base/common.json new file mode 100644 index 0000000..f355780 --- /dev/null +++ b/test/leap_platform/provider_base/common.json @@ -0,0 +1,25 @@ +{ + "ip_address": "REQUIRED", + "services": [], + "domain": { + "full_suffix": "= global.provider.domain", + "internal_suffix": "= global.provider.internal_domain", + "full": "= node.name + '.' + domain.full_suffix", + "internal": "= node.name + '.' + domain.internal_suffix", + "name": "= node.name + '.' + (dns.public ? domain.full_suffix : domain.internal_suffix)" + }, + "dns": { + "public": "= service_type != 'internal_service'" + }, + "ssh": { + "authorized_keys": "= file :authorized_keys", + "known_hosts": "= file :known_hosts", + "port": 22 + }, + "x509": { + "use": false, + "cert": "= x509.use ? file(:node_x509_cert, :missing => 'x509 certificate for node $node. Run `leap update-cert`') : nil", + "key": "= x509.use ? file(:node_x509_key, :missing => 'x509 key for node $node. Run `leap update-cert`') : nil" + }, + "local": "= self.vagrant?" +} diff --git a/test/leap_platform/provider_base/provider.json b/test/leap_platform/provider_base/provider.json new file mode 100644 index 0000000..a144d04 --- /dev/null +++ b/test/leap_platform/provider_base/provider.json @@ -0,0 +1,27 @@ +{ + "domain": "REQUIRED", + "internal_domain": "= domain.sub(/\\..*$/,'.i')", + "name": { + "en": "REQUIRED" + }, + "description": { + "en": "REQUIRED" + }, + "languages": ["en"], + "default_language": "en", + "enrollment_policy": "open", + "ca": { + "name": "= global.provider.ca.organization + ' Root CA'", + "organization": "= global.provider.name[global.provider.default_language]", + "organizational_unit": "= 'https://' + global.common.domain.full_suffix", + "bit_size": 4096, + "life_span": "10y", + "server_certificates": { + "bit_size": 3248, + "life_span": "1y" + } + }, + "vagrant":{ + "network":"10.5.5.0/24" + } +}
\ No newline at end of file diff --git a/test/leap_platform/provider_base/services/ca.json b/test/leap_platform/provider_base/services/ca.json new file mode 100644 index 0000000..68f970f --- /dev/null +++ b/test/leap_platform/provider_base/services/ca.json @@ -0,0 +1,6 @@ +{ + "service_type": "internal_service", + "x509": { + "use": true + } +} diff --git a/test/leap_platform/provider_base/services/couchdb.json b/test/leap_platform/provider_base/services/couchdb.json new file mode 100644 index 0000000..1c8005c --- /dev/null +++ b/test/leap_platform/provider_base/services/couchdb.json @@ -0,0 +1,22 @@ +{ + "service_type": "internal_service", + "x509": { + "use": true + }, + "couch": { + "users": { + "admin": { + "username": "admin", + "password": "= secret :couch_admin_password" + }, + "webapp": { + "username": "webapp", + "password": "= secret :couch_webapp_password" + }, + "ca_daemon": { + "username": "ca_daemon", + "password": "= secret :couch_ca_daemon_password" + } + } + } +} diff --git a/test/leap_platform/provider_base/services/openvpn.json b/test/leap_platform/provider_base/services/openvpn.json new file mode 100644 index 0000000..0a6b2c4 --- /dev/null +++ b/test/leap_platform/provider_base/services/openvpn.json @@ -0,0 +1,18 @@ +# +# "server_crt": "= file :node_x509_cert", +# "server_key": "= file :node_x509_key" +# +{ + "service_type": "user_service", + "x509": { + "use": true + }, + "openvpn": { + "ports": ["80", "443", "53", "1194"], + "filter_dns": false, + "nat": true, + "ca_crt": "= file :ca_cert", + "ca_key": "= file :ca_key", + "dh": "= file :dh_params" + } +} diff --git a/test/provider/services/webapp.json b/test/leap_platform/provider_base/services/webapp.json index 247df49..cf023a9 100644 --- a/test/provider/services/webapp.json +++ b/test/leap_platform/provider_base/services/webapp.json @@ -1,16 +1,21 @@ { + "service_type": "public_service", + "x509": { + "use": true, + "commercial_cert": "= try_file [:commercial_cert, global.provider.domain]", + "commercial_key": "= try_file [:commercial_key, global.provider.domain]" + }, + "api_domain": "= 'api.' + domain.full_suffix", + "dns": { + "aliases": "= [domain.full, api_domain]" + }, "webapp": { "modules": ["user", "billing", "help"], "couchdb_hosts": "= nodes[:services => :couchdb].field('domain.name')", - "couchdb_users": "= global.services['couchdb'].users['admin']" + "couchdb_user": "= global.services[:couchdb].couch.users[:webapp]" }, "definition_files": { "provider": "= file('service-definitions/provider.json.erb')", "eip_service": "file('service-definitions/eip-service.json.erb')" - }, - "service_type": "public_service", - "api_domain": "= 'api.' + domain.full_suffix", - "dns": { - "aliases": "= [domain.full, api_domain]" } }
\ No newline at end of file diff --git a/test/leap_platform/provider_templates/common.json b/test/leap_platform/provider_templates/common.json new file mode 100644 index 0000000..e69de29 --- /dev/null +++ b/test/leap_platform/provider_templates/common.json diff --git a/test/leap_platform/provider_templates/node.json b/test/leap_platform/provider_templates/node.json new file mode 100644 index 0000000..e69de29 --- /dev/null +++ b/test/leap_platform/provider_templates/node.json diff --git a/test/leap_platform/provider_templates/provider.json b/test/leap_platform/provider_templates/provider.json new file mode 100644 index 0000000..e69de29 --- /dev/null +++ b/test/leap_platform/provider_templates/provider.json diff --git a/test/leap_platform/puppet/BLAH b/test/leap_platform/puppet/BLAH new file mode 100644 index 0000000..e69de29 --- /dev/null +++ b/test/leap_platform/puppet/BLAH diff --git a/test/provider/common.json b/test/provider/common.json index 85a93cb..1ccd624 100644 --- a/test/provider/common.json +++ b/test/provider/common.json @@ -2,25 +2,7 @@ # Options put here are inherited by all nodes. # { - "domain": { - "full_suffix": "= global.provider.domain", - "internal_suffix": "= global.provider.internal_domain", - "full": "= node.name + '.' + domain.full_suffix", - "internal": "= node.name + '.' + domain.internal_suffix", - "name": "= node.name + '.' + (dns.public ? domain.full_suffix : domain.internal_suffix)" - }, - "dns": { - "public": "= service_type != 'internal_service'" - }, "ssh": { - "authorized_keys": "= file :authorized_keys", - "known_hosts": "= file :known_hosts", "port": 22 - }, - "x509": { - "use": false, - "cert": "= x509.use ? file(:node_x509_cert) : nil", - "key": "= x509.use ? file(:node_x509_key) : nil" - }, - "local": "= self.vagrant?" + } } diff --git a/test/provider/files/ca/ca.crt b/test/provider/files/ca/ca.crt deleted file mode 100644 index ed12e15..0000000 --- a/test/provider/files/ca/ca.crt +++ /dev/null @@ -1,24 +0,0 @@ ------BEGIN CERTIFICATE----- -MIIECzCCAl2gAwIBAgIEUFDp9TANBgkqhkiG9w0BAQsFADAPMQ0wCwYDVQQDEwRU -RVNUMB4XDTEyMDkxMjIwMDA1M1oXDTEzMDkxMjIwMDA1M1owDzENMAsGA1UEAxME -VEVTVDCCAbgwDQYJKoZIhvcNAQEBBQADggGlADCCAaACggGXANsoS1m9wj9iv+UV -BXfeq14SR94gSot96eJu7PZVRrcGlGe/PRfbmfxF3j/gXM9B8sIkyM2L46OMtOKw -1iOTKtYYdMhtnUSd3FRshWGtYeuy+OCe9umU0jfZDBZ2pXlUmSqCNqfD0OPkksYL -GDjQUKjaEd1oURwpCG8uEU+3tjBNCMuEwhcMEoUYmI8t4vss2hdFb+LKefVMPTzz -oiNM/o8Z/ANzWCC0qSW5FsB4wGhUS5HKLDOr4tACgdxaJSWtAqFFAnyMeG9g8aqe -PTM+URlqVnzzGckrJwBbd4y0zEpv/R7SAiSAP725cnB1GKptwdrcNIIHnQjOdAOl -uNg6JlRXrv6fV1gApka4INfJAf1yMf+fA0WdZ22UJQ9Up7tdzi8lL+3HsEpEx4Pz -NyzuqzEw9LJ6SUmMcE/VP00t4RjTOVoncwcLjvURY8jt2DQ9E36JEPwUoyALq/De -bGBjeK2KGzBZcOu1HZAwWLLWR2++WKuCEXbRbahwSIlbMfmAe8xGx4bbHol0D1A+ -wmu0uxjAze6FvUkCAwEAAaNDMEEwDwYDVR0TAQH/BAUwAwEB/zAPBgNVHQ8BAf8E -BQMDBwQAMB0GA1UdDgQWBBT/PX8XZ0Y2jDkppz6PHs23IgzQEDANBgkqhkiG9w0B -AQsFAAOCAZcAMfi+HLbcFaB0/Mv8/GkIdjpThUBVEeFrIiDy9GmGWUDOXgP1Skld -5H4eY5inE5lFfB69yacHIGS4OiZIBuBKfKNl5d6XO+ztJEJpG3yrbF4MtGV/aHEp -OlbJCncnk3fspBk6tFGrv4Inak4gza6SQPfBEZj29ciwfwrqrtuWZ7km+og0Clcd -pIB0g+DK0K//NtaDZDK0havQw2AFJKyXlNfI8XZ2jsNmQYR1wtiMci+UfGQr7bjn -Kw9yyVCf0ohXvnSK4ortz/bDQbcMWkK0m/VCCEK8PSldk+XFzPWFWn5ndKCczcvd -1BQc392n12ZstEuzm6+d9A0D3kCxralJUXUC+4kThq4Rtjey/gBjyZQnZ+5tIxMF -5ZFAStEglNxqm6HB17q7owJqTvIg9Cf9GATsvoFFQDJrBXewRX7cWVeSr0zNSQB4 -ydIlSUOkyE3AyfLN+lx8NVS/I7gp4fWDuHrh27NKKDtMxalxPL5pTGO7l4uTybLY -4aVzQYGvzA5HVS++VAtcTQ6TP9p4HURL2cllEU9u9A== ------END CERTIFICATE----- diff --git a/test/provider/files/ca/ca.key b/test/provider/files/ca/ca.key deleted file mode 100644 index 9721c35..0000000 --- a/test/provider/files/ca/ca.key +++ /dev/null @@ -1,41 +0,0 @@ ------BEGIN RSA PRIVATE KEY----- -MIIHRwIBAAKCAZcA2yhLWb3CP2K/5RUFd96rXhJH3iBKi33p4m7s9lVGtwaUZ789 -F9uZ/EXeP+Bcz0HywiTIzYvjo4y04rDWI5Mq1hh0yG2dRJ3cVGyFYa1h67L44J72 -6ZTSN9kMFnaleVSZKoI2p8PQ4+SSxgsYONBQqNoR3WhRHCkIby4RT7e2ME0Iy4TC -FwwShRiYjy3i+yzaF0Vv4sp59Uw9PPOiI0z+jxn8A3NYILSpJbkWwHjAaFRLkcos -M6vi0AKB3FolJa0CoUUCfIx4b2Dxqp49Mz5RGWpWfPMZySsnAFt3jLTMSm/9HtIC -JIA/vblycHUYqm3B2tw0ggedCM50A6W42DomVFeu/p9XWACmRrgg18kB/XIx/58D -RZ1nbZQlD1Snu13OLyUv7cewSkTHg/M3LO6rMTD0snpJSYxwT9U/TS3hGNM5Widz -BwuO9RFjyO3YND0TfokQ/BSjIAur8N5sYGN4rYobMFlw67UdkDBYstZHb75Yq4IR -dtFtqHBIiVsx+YB7zEbHhtseiXQPUD7Ca7S7GMDN7oW9SQIDAQABAoIBljYtMttf -boqO1dNCrBRi5kgeCsgdgXAUU2IXe9q1YALUzJENFIQ2VE2p0/REeYz+x4043K77 -Wu3OVdUIVBd9RQSiDRSTDGKvB42TOjHYU7GZj66vfWhm0sTdkgBnmiZxRF/eyrYU -USpVEfeFPJqm3JmxNuNd61cjyaL6Z2smhhJQqNDu47Ag2t8uImCavlbLUqqYDr2o -whdinmzX6YgCe5dSnBsaQ3nqTzo1FCvGbgIcfIXwzZaEclBrnkCjxDUZHOJTFfdG -HmuiMnuzp1JOz1UTOpus8eKIK/J1Zh3C7yYSp+h9ZcHbaqoiLTueyvLpT5dbUzgw -gQQTnNKaWjXF/10/T0n7lybqlUQaGvJrmRPbiIGdO8NLEbeaLGJAbaml3EYPJxeN -YlV8wOVcA48xxpRCR8qX/DClbclJMIhwQ9AMdfvTlPMcLbPXZx+Ly2/ZuL2GhNlU -ur5Ac6yQ2KFIRz9Cm2T2ZUSbwcFgHEjl4fR62vIOSGHWZZndExSCyW+3LyHSbZkO -ExbceyEIB0qsDXqLvtV7bbUCgcwA5e7XclbOkjA4nnIsz1pnfQMdraVK76vD4ex8 -uA31cGBE2O83miGnDNDg1bdbSgLTD1bqjAGxvEPL6g4G3p/K4QkiPsMsJcfEJieI -U97Tv+SL2LcoK96gOaPuum2lBVNVs5wN6DICVL+JNjZEgzOQGVRllUh37MmYEuEk -sxAujzu89piBUIlfIKQPszDTeak4D9aFeKPl27mVezQHkpJHhxGKdm+DfyLZNko3 -f2Na5vqMKEwznHAhGAoawAN9aQY2pRoUEdjHzyTWkKcCgcwA9AC40ogaOy0Fm+o7 -H4b1+fNFGHdzLOhsgRf/SXeoNRry6hN5fkH4jBYos//jb257hRSoFsmPQ7k/ZXmb -CAAu+5FthZAhGRwgnxKQ0Va4nv5uvdK+GNO2YwHlUaeb0WOfujhSNEb0aUsqO1/8 -yITIFRX8nGWEtttW76l+npV/aGgrWd0BxMVcNpmB4ORIJCs7BNKKKjQOG4nDHmP2 -EOhLjU3kqqUbDOfoSs9UHOFRaW78lBscYU+z3FcR7yvSn1AIpYxbNhA3jCDrkI8C -gcseYElSL6mmonw4YnkNA7J8T3cSQ638r8J3DFkFr8JnEDDIQAImeJ+rD8VENq72 -vhzIAAGIcYjbiFFeIHBD5PRWenBtvjcM3rFJIRvfiKaMyVK4VKoX8ZdVRhT5yBZu -961wxwMHU+P+8jbcVJsEgkFdN0scR7CgNZnDlL7WcSLVhVzXbxpWW2+XzlTMpXyq -q/JeFUcYwv5Q4tmepycA9BZC/8w9DUpf92iexXtDdwrBTQRLJpYC6sVUebFDALMG -tu1tLl7MZMkw0nsOLQKBzADgsOGBja+KGrV1lEaJi8BrQWe5VhYLnqR8ZFrDjpqo -/H4Aq5pPd/SnG6izyMnpTTYVoKYBBe8VkDse+NKYlYKuSocuXUD9XHd1xKTzAQbV -8rqLtsszFZJ4rcA8ZzoHodPuqfqZBVYAuCTVtFiVViDhufN7GckSkf0GiXB+HHDM -9lAlWm1Mg+mcpdOCAvWjyON6V16/6lurZDr3e1mWzDL2lmoh8hRs2AmDClUMmzha -/Mc+o5CI09pu5wcu1Y4JAqxTtmIv8NMWCSKjZQKBzACtm7UzsHrKC3REfb5YM4oS -zI5SRWCj+umQrAX5XCjc7O4J0MECSW9pda3x+nei1Ay9EOpdBz+pggJ+ipDVa4qf -qfZ/NiAknBiB+4UiSNnUcWtK792AbAfD2if98e40rU5zlbkUxnphytyDwueqcKPY -HGoBRSng3IZyIZR/VCzOwWCpUyLw492D3cVZe1AgeRNhcATiHgIGMUT2zc21Jmh2 -XJn5wohQvUzvnpyll5xlZf6c2EtqMJ9kEwV1Xbwu16aXpXf11Y9iY38EXA== ------END RSA PRIVATE KEY----- diff --git a/test/provider/files/ca/dh.key b/test/provider/files/ca/dh.key deleted file mode 100644 index 190e39e..0000000 --- a/test/provider/files/ca/dh.key +++ /dev/null @@ -1,9 +0,0 @@ ------BEGIN DH PARAMETERS----- -MIIBOAKCATEAuk7D6dsadjJpiW97APv/cjqYBEMCfGIaQMCfaB42VBw3Bk0yfgpA -ItvhY6gJHK+LIXlQLuOgfCFu7N4Ny0wP9lMi4Q2de2t9uyabzYRFnK+42WA5LKag -57xErne+RgIgmGpwKkRAa8BGmghy+wKg2/Tmsw+EMOHqQL5TtnDbcNuNKDHyahST -sw0Chew1esitR+KgY6MJJFdyV3/sGQaGa1Y2vw2rn9a+6HWGZLmzcUcYNwMCIqTL -h9gFk2JvnDs1cO+dsN/XDV8BjsEtnarXB6OOVgQzclfcGuqM2/9mVfeEQiowYqMk -ot9gDeUZVwDqmqh2+sG9q83BEp+AsnQIIerju8URmgIXYTJw7i6IX2vXKqUm96za -IBeGmS71ZSsmgABITDbYenqnvw2A938bEwIBBQ== ------END DH PARAMETERS----- diff --git a/test/provider/files/vpn1/vpn1.rewire.co.crt b/test/provider/files/vpn1/vpn1.rewire.co.crt deleted file mode 100644 index d2c9734..0000000 --- a/test/provider/files/vpn1/vpn1.rewire.co.crt +++ /dev/null @@ -1,26 +0,0 @@ ------BEGIN CERTIFICATE----- -MIIEWjCCAqygAwIBAgIEUFDqXzANBgkqhkiG9w0BAQsFADAPMQ0wCwYDVQQDEwRU -RVNUMB4XDTEyMDkxMjIwMDIzOVoXDTEzMDkxMjIwMDIzOVowKzEPMA0GA1UEChMG -eHgub3JnMRgwFgYDVQQDEw9ob3N0bmFtZS54eC5vcmcwggG4MA0GCSqGSIb3DQEB -AQUAA4IBpQAwggGgAoIBlwCvGqkXry509EWGAqbFUB5nqvsvA3kSIh0prgzaPYCg -MMst58ZB89eTgiuM+U3jSF7LZr+CuE1DAb4m2U2f8D8IfViwK1yCa5AohG+LCmwe -4w4bgXtxwEBDac4u23JZ4AKE/EcKMeBbXe2d3o1S3P3XdN1ZVP0DVw04+H8cdh+0 -ggvhAA+9W/NvAQCAffL8sospj9nbl2OhRnrlFAzMWECyEyySPK5TEchU0hnFBRys -DuYso5klLC6QXfSOkCSCOg9WQgjoyYBndTYxS3GwBnwyM+5V4TNtdc+P4vkkj+ZB -D9R9oMpamUuuRQvk5/hJa7i8AaBy7ZmOO9QtL3866ONa6cLUN/QfBUkgM5iS6oQt -X/qKxZFFYZPZUGBJqavuT+n4FB8XlIwcnqunK7rLD9OZwumYuZlHDtdAsgQ9Fd2z -06e7sDp28jcrk6gmpOapLqNPtPHVOGNA6mCZza4LonDMOSQKTfb6ZEXty+a8f2ig -zErhHvmyCvREytDc9pIf2bL+Sz4ULTq62GDKf1Y3tRi2uHFjhKLTAgMBAAGjdjB0 -MAwGA1UdEwEB/wQCMAAwEwYDVR0lBAwwCgYIKwYBBQUHAwEwDwYDVR0PAQH/BAUD -AwegADAdBgNVHQ4EFgQUmQ5YZjESlkYq2FBaYqGp2HAnSfAwHwYDVR0jBBgwFoAU -/z1/F2dGNow5Kac+jx7NtyIM0BAwDQYJKoZIhvcNAQELBQADggGXAHiaPMSeIzac -rRZQ/dJA7VDgvuFcY67zj9531zsDVi848kBkpSZ+9UyZOdhy5b9Din/IAVvd/XUP -+VWwVsvKPbrWK79T/w8wj5nQR0uYfLdpMu7ZGjPhNes+/DnMX8Are2eb012g1km/ -HhOUxNg8/YpOJI4ZRnZls7j+u5kmHhc47sOQH9sY1FkHcWJ+K/lVhTk8Fmcm1vbN -p7rjO4BItPVDxle0XF6bItwF1ahsK9MTzJIEO9ulHQnKYdhT9BcJbcwA3vhcn8nN -uPN/RbDcWZTjONy58LVr7GxDQ267nZs5/wj4Cv3vDVq83kQJ7lCsYGTvxOejHWeQ -QjcXREdBih9CPO3f86TOI8GRipIGvDcEll4DzgGRi+uTSWG69uC9yud/7+rnLd9Z -WlobzAzRwljnR3aNACq0adYv1Wl05Fi2ab+QqL/C5ySrF5jL4OFUMpBu7nDPjty0 -KjQSmI9t6By6ORx14XT6piSlvSFn5phdMexXx1AYZEtdPSQduh2OquIPjN/qSdHO -J+ZXOqDL1Jv+a89ghE8= ------END CERTIFICATE----- diff --git a/test/provider/files/vpn1/vpn1.rewire.co.key b/test/provider/files/vpn1/vpn1.rewire.co.key deleted file mode 100644 index 3fdf38a..0000000 --- a/test/provider/files/vpn1/vpn1.rewire.co.key +++ /dev/null @@ -1,41 +0,0 @@ ------BEGIN RSA PRIVATE KEY----- -MIIHRwIBAAKCAZcArxqpF68udPRFhgKmxVAeZ6r7LwN5EiIdKa4M2j2AoDDLLefG -QfPXk4IrjPlN40hey2a/grhNQwG+JtlNn/A/CH1YsCtcgmuQKIRviwpsHuMOG4F7 -ccBAQ2nOLttyWeAChPxHCjHgW13tnd6NUtz913TdWVT9A1cNOPh/HHYftIIL4QAP -vVvzbwEAgH3y/LKLKY/Z25djoUZ65RQMzFhAshMskjyuUxHIVNIZxQUcrA7mLKOZ -JSwukF30jpAkgjoPVkII6MmAZ3U2MUtxsAZ8MjPuVeEzbXXPj+L5JI/mQQ/UfaDK -WplLrkUL5Of4SWu4vAGgcu2ZjjvULS9/OujjWunC1Df0HwVJIDOYkuqELV/6isWR -RWGT2VBgSamr7k/p+BQfF5SMHJ6rpyu6yw/TmcLpmLmZRw7XQLIEPRXds9Onu7A6 -dvI3K5OoJqTmqS6jT7Tx1ThjQOpgmc2uC6JwzDkkCk32+mRF7cvmvH9ooMxK4R75 -sgr0RMrQ3PaSH9my/ks+FC06uthgyn9WN7UYtrhxY4Si0wIDAQABAoIBlgvJw7Bw -frQo7bVD4G5QInvgKuDTXwc1fLkdmofmtA4UutjwTYyLGew4Sy5GalPuv1L6K9Jl -De6A44hCANPPnK65oYraoHO3QhE4OTonDXhW2NBJO0JBKxJewR6ub1hVmFXTlgS9 -rtj3zdNe9Cyr6/rhRzWIXzAmYCGBuSz1VtUUHDCdjHG3CwBiFOKRmBYi/vNhV81M -t8xXrlZVrzbiihhy6gE+TI4TGGV9b3awDWoX5q8CpIC4JLpbWOdwFMUfm4C3GVpy -lk5gubE/wnXiQyzqEzyHzC3OrNyh/JTbz2XBi+Agc45gRFL6t3EstNJY14lWwAy5 -pwLUFQnwVJQ0ljtA+qMo5nwGBaHgj1TutshLLcrP+cikule5DYm23VHU/u4epYPM -hEB6KrYr7h3/IhXJ5rp5kmsJKGlg1vyPkwcskL5fMiN1BnPV5cwmrg574SsoDydr -u40DJiijABVJG2aTnlOMGKyrnkbbOTq3adxjIWPPTK5r95pOWp3TpZWQzGa8Waum -Q3S9LpmGCiVnuXTyGqRXAeECgcwAzPJWd5P/lCrVgmCd+cc+ldbG2SLQ/v3vDqe3 -R0UPnkIkmOOKw9cgC9qy8XgZb2hcRKDwifZBCVKTVi3NAdtF9WF5DLmwBP2NGdWk -vNz9NF5Zd0GYa78Dec6Ej6nOJauDi5ymiJQxexx+N3I/ZjJMOpnIePz1yQbiB9dF -YM6lifd8WoeahOvp1m92qlF637JL7hmXjagB0H+27bLgDD7dtUcigYMvPOuO5S0s -Ec1PRg0lNhym9sJ0xm7uby88i83RyQKbCFEHyuQFZS8CgcwA2rk8X6WPF6NTmYP5 -VXnMAW1T1CoHCWQOW3KaYCHHgdWVTVl7MKXZ1zxz/8pKySX+QJrUsobSn7xjxGqT -ZTcbhaFtEsfS4meEyn2Ef+yT2kslF59aYQfFAQ2HR5bhg2kNXFPwIpV3o5zwmJH9 -5H32XHjpneHT5QjTvQezsHtQbl61w8QqEmB5Cy5ZzcfSp+iZnR1gBquVgRSLpphE -sUzmTAlm2W8FZNLw1cDyB+8hNDrp/t9RQfJzzcCi4TAgZWy+DKjO7nj6tl7oe50C -gctgtVXh9T9b3l6DuC2zaLZ6pC+O1KQEPzUoGDIe+lKlXhbA4lZflUq07U0VLpPq -AzfO1pbKsx37VTDbMJ+Vaa/4WzdwrsqFgFOtxieHS0xcAs16vcQ7y5XLS4038Wuq -UOWw4ome1zcGHerdJRcPlVptKJX1qYAdjRbplkZRqRFqKhNO8MAUSvI70rsPIYW2 -uv6jawYdvRKmHS3nukmI3b1mxhtdO9b1iz4RnKA4AkaPCrLtdtW+iQHrhPsUEhki -60s76/PWF85yieiV1wKBzACauN5UarFGb2r79bezF22QtN3P/8rqgbUGS5OY3Uxc -M9Jh3SKfzzLCZylHkLpGgHHTEbPUdjsYdBO/JgUOXGVDqmWWG3S6Y7Az7YaFV71f -djjO9RLiALUDgaZopfrxEqc44MfGLyVqv+ISi3Om5tQXphDcdpuGMTBXT9N0zEah -TK4XxfRc+5Gkry0nvGrwDEJeOiFrloUzwmzndF9jbJqcvynaNgcCw5VKICsWIbrD -T8mnWiIJHJF+wv51fa3tEXd/TQrU9w+jYo/ioQKBzACluagmFiDwMcJFowdUYyya -WJtxEQHej5PfyHRijBZ/qzhvPxyF2Ae2D5L9RS+uHsJA0ZVJDQgzkvrSZ8IcS/Q4 -q+zX3/AzgDL6IQGQIsETaAmFCco4RMLFaDMyDx/OJR29df+ibqYvfSoUkcmK8OyF -PWS0AobzJnqIaDpRCCvD/sL9PCkrUm33HoDBfxuvEsqZypNVmq+/3myWc9gIMOmZ -fpWS+744tFnNO9RdmZ8OZel4+iv8CGZvQxk14S+lpaSCpX+Zmfyy5PfPRg== ------END RSA PRIVATE KEY----- diff --git a/test/provider/provider.json b/test/provider/provider.json index 6e7618f..3db2441 100644 --- a/test/provider/provider.json +++ b/test/provider/provider.json @@ -3,7 +3,6 @@ # { "domain": "bitmask.net", - "internal_domain": "= domain.sub(/\\..*$/,'.i')", "name": { "en": "Bitmask" }, @@ -12,19 +11,5 @@ }, "languages": ["en"], "default_language": "en", - "enrollment_policy": "open", - "ca": { - "name": "= global.provider.ca.organization + ' Root CA'", - "organization": "= global.provider.name[global.provider.default_language]", - "organizational_unit": "= 'https://' + global.common.domain.full_suffix", - "bit_size": 4096, - "life_span": "10y", - "server_certificates": { - "bit_size": 3248, - "life_span": "1y" - } - }, - "vagrant":{ - "network":"10.5.5.0/24" - } + "enrollment_policy": "open" }
\ No newline at end of file diff --git a/test/provider/secrets.json b/test/provider/secrets.json index 3654472..fd7bd65 100644 --- a/test/provider/secrets.json +++ b/test/provider/secrets.json @@ -1,4 +1,5 @@ { "couch_admin_password": "Wf@W&@fQeK@qcItm-9fH~9ve8A4V5Dua", + "couch_ca_daemon_password": "jc7BQumjI7fs~naLrS_&%@bWImGz75+I", "couch_webapp_password": "rXYr3RfJyqutsLZ6zQZ=&@WPXWnvdMpe" } diff --git a/test/provider/services/couchdb.json b/test/provider/services/couchdb.json deleted file mode 100644 index 1cbc84e..0000000 --- a/test/provider/services/couchdb.json +++ /dev/null @@ -1,7 +0,0 @@ -{ - "service_type": "internal_service", - "users": { - "admin": {"username":"admin", "password":"= secret :couch_admin_password"}, - "webapp": {"username":"webapp", "password":"= secret :couch_webapp_password"} - } -}
\ No newline at end of file diff --git a/test/provider/services/openvpn.json b/test/provider/services/openvpn.json deleted file mode 100644 index 958320f..0000000 --- a/test/provider/services/openvpn.json +++ /dev/null @@ -1,16 +0,0 @@ -{ - "openvpn": { - "ports": ["80", "443", "53", "1194"], - "filter_dns": false, - "nat": true, - "ca_crt": "= file 'ca/ca.crt'", - "ca_key": "= file 'ca/ca.key'", - "dh": "= file 'ca/dh.pem'", - "server_crt": "= file :node_x509_cert", - "server_key": "= file :node_x509_key" - }, - "service_type": "user_service" - #"x509": { - # "use": true - #} -} |