aboutsummaryrefslogtreecommitdiff
diff options
context:
space:
mode:
-rw-r--r--.gitignore4
-rwxr-xr-xbin/leap2
-rw-r--r--lib/leap_cli/commands/pre.rb4
-rw-r--r--lib/leap_cli/config/manager.rb42
-rw-r--r--lib/leap_cli/config/object.rb105
-rw-r--r--lib/leap_cli/config/object_list.rb15
-rw-r--r--lib/leap_cli/log.rb1
-rw-r--r--lib/leap_cli/path.rb17
-rw-r--r--lib/leap_cli/util.rb3
-rw-r--r--test/default_test.rb14
-rw-r--r--test/leap_platform/provider_base/common.json25
-rw-r--r--test/leap_platform/provider_base/provider.json27
-rw-r--r--test/leap_platform/provider_base/services/ca.json6
-rw-r--r--test/leap_platform/provider_base/services/couchdb.json22
-rw-r--r--test/leap_platform/provider_base/services/openvpn.json18
-rw-r--r--test/leap_platform/provider_base/services/webapp.json (renamed from test/provider/services/webapp.json)17
-rw-r--r--test/leap_platform/provider_templates/common.json0
-rw-r--r--test/leap_platform/provider_templates/node.json0
-rw-r--r--test/leap_platform/provider_templates/provider.json0
-rw-r--r--test/leap_platform/puppet/BLAH0
-rw-r--r--test/provider/common.json20
-rw-r--r--test/provider/files/ca/ca.crt24
-rw-r--r--test/provider/files/ca/ca.key41
-rw-r--r--test/provider/files/ca/dh.key9
-rw-r--r--test/provider/files/vpn1/vpn1.rewire.co.crt26
-rw-r--r--test/provider/files/vpn1/vpn1.rewire.co.key41
-rw-r--r--test/provider/provider.json17
-rw-r--r--test/provider/secrets.json1
-rw-r--r--test/provider/services/couchdb.json7
-rw-r--r--test/provider/services/openvpn.json16
30 files changed, 265 insertions, 259 deletions
diff --git a/.gitignore b/.gitignore
index 5038bad..c429946 100644
--- a/.gitignore
+++ b/.gitignore
@@ -2,6 +2,10 @@ Gemfile.lock
pkg
junk
test/provider/hiera
+test/provider/files/nodes/
+test/provider/files/ca/
+test/provider/files/ssh/
+test/provider/files/users/
.vagrant
Vagrantfile
diff --git a/bin/leap b/bin/leap
index 9e0037a..5912d55 100755
--- a/bin/leap
+++ b/bin/leap
@@ -57,7 +57,7 @@ module LeapCli::Commands
def self.manager
@manager ||= begin
manager = LeapCli::Config::Manager.new
- manager.load(LeapCli::Path.provider)
+ manager.load
manager
end
end
diff --git a/lib/leap_cli/commands/pre.rb b/lib/leap_cli/commands/pre.rb
index b1df5cd..dce01eb 100644
--- a/lib/leap_cli/commands/pre.rb
+++ b/lib/leap_cli/commands/pre.rb
@@ -38,7 +38,9 @@ module LeapCli
if Path.ok?
true
else
- bail!("Could not find the root directory. Change current working directory or try --root")
+ bail! do
+ log :error, "- Could not find the root directory. Change current working directory or try --root"
+ end
end
#
diff --git a/lib/leap_cli/config/manager.rb b/lib/leap_cli/config/manager.rb
index 7406f1c..e90b589 100644
--- a/lib/leap_cli/config/manager.rb
+++ b/lib/leap_cli/config/manager.rb
@@ -17,21 +17,37 @@ module LeapCli
#
# load .json configuration files
#
- def load(provider_dir=Path.provider)
- @provider_dir = provider_dir
- @services = load_all_json(Path.named_path([:service_config, '*'], provider_dir))
- @tags = load_all_json(Path.named_path([:tag_config, '*'], provider_dir))
- @nodes = load_all_json(Path.named_path([:node_config, '*'], provider_dir))
- @common = load_json(Path.named_path(:common_config, provider_dir))
- @provider = load_json(Path.named_path(:provider_config, provider_dir))
- @secrets = load_json(Path.named_path(:secrets_config, provider_dir))
-
- Util::assert!(@provider, "Failed to load provider.json")
- Util::assert!(@common, "Failed to load common.json")
+ def load
+ @provider_dir = Path.provider
+ # load base
+ base_services = load_all_json(Path.named_path([:service_config, '*'], Path.provider_base))
+ base_tags = load_all_json(Path.named_path([:tag_config, '*'], Path.provider_base))
+ base_common = load_json(Path.named_path(:common_config, Path.provider_base))
+ base_provider = load_json(Path.named_path(:provider_config, Path.provider_base))
+
+ # load provider
+ provider_path = Path.named_path(:provider_config, @provider_dir)
+ common_path = Path.named_path(:common_config, @provider_dir)
+ Util::assert_files_exist!(provider_path, common_path)
+ @services = load_all_json(Path.named_path([:service_config, '*'], @provider_dir))
+ @tags = load_all_json(Path.named_path([:tag_config, '*'], @provider_dir))
+ @nodes = load_all_json(Path.named_path([:node_config, '*'], @provider_dir))
+ @common = load_json(common_path)
+ @provider = load_json(provider_path)
+ @secrets = load_json(Path.named_path(:secrets_config, @provider_dir))
+
+ # inherit
+ @services.inherit_from! base_services
+ @tags.inherit_from! base_tags
+ @common.inherit_from! base_common
+ @provider.inherit_from! base_provider
@nodes.each do |name, node|
@nodes[name] = apply_inheritance(node)
end
+
+ # validate
+ validate_provider(@provider)
end
#
@@ -244,7 +260,9 @@ module LeapCli
#
PRIVATE_IP_RANGES = /(^127\.0\.0\.1)|(^10\.)|(^172\.1[6-9]\.)|(^172\.2[0-9]\.)|(^172\.3[0-1]\.)|(^192\.168\.)/
def validate_provider(provider)
- Util::assert! provider.vagrant.network =~ PRIVATE_IP_RANGES, 'provider.json error: vagrant.network is not a local private network'
+ Util::assert! provider.vagrant.network =~ PRIVATE_IP_RANGES do
+ log 0, :error, 'in provider.json: vagrant.network is not a local private network'
+ end
end
end
diff --git a/lib/leap_cli/config/object.rb b/lib/leap_cli/config/object.rb
index bf0452a..ef28179 100644
--- a/lib/leap_cli/config/object.rb
+++ b/lib/leap_cli/config/object.rb
@@ -114,36 +114,78 @@ module LeapCli
#
# a deep (recursive) merge with another Config::Object.
#
- def deep_merge!(object)
+ # if prefer_self is set to true, the value from self will be picked when there is a conflict
+ # that cannot be merged.
+ #
+ def deep_merge!(object, prefer_self=false)
object.each do |key,new_value|
old_value = self.fetch key, nil
+
+ # clean up boolean
+ new_value = true if new_value == "true"
+ new_value = false if new_value == "false"
+ old_value = true if old_value == "true"
+ old_value = false if old_value == "false"
+
+ # merge hashes
if old_value.is_a?(Hash) || new_value.is_a?(Hash)
- # merge hashes
value = Config::Object.new(@manager, @node)
old_value.is_a?(Hash) ? value.deep_merge!(old_value) : (value[key] = old_value if old_value.any?)
- new_value.is_a?(Hash) ? value.deep_merge!(new_value) : (value[key] = new_value if new_value.any?)
+ new_value.is_a?(Hash) ? value.deep_merge!(new_value, prefer_self) : (value[key] = new_value if new_value.any?)
+
+ # merge arrays
elsif old_value.is_a?(Array) || new_value.is_a?(Array)
- # merge arrays
value = []
old_value.is_a?(Array) ? value += old_value : value << old_value
new_value.is_a?(Array) ? value += new_value : value << new_value
- value.compact!
+ value = value.compact.uniq
+
+ # merge nil
elsif new_value.nil?
value = old_value
elsif old_value.nil?
value = new_value
+
+ # merge boolean
elsif old_value.is_a?(Boolean) && new_value.is_a?(Boolean)
- value = new_value
+ # FalseClass and TrueClass are different classes, so we must handle them separately
+ if prefer_self
+ value = old_value
+ else
+ value = new_value
+ end
+
+ # catch errors
elsif old_value.class != new_value.class
- raise 'Type mismatch. Cannot merge %s with %s. Key value is %s, name is %s.' % [old_value.class, new_value.class, key, name]
+ raise 'Type mismatch. Cannot merge %s (%s) with %s (%s). Key is "%s", name is "%s".' % [
+ old_value.inspect, old_value.class,
+ new_value.inspect, new_value.class,
+ key, self.class
+ ]
+
+ # merge strings and numbers
else
- value = new_value
+ if prefer_self
+ value = old_value
+ else
+ value = new_value
+ end
end
+
+ # save value
self[key] = value
end
self
end
+ #
+ # like a reverse deep merge
+ # (self takes precedence)
+ #
+ def inherit_from!(object)
+ self.deep_merge!(object, true)
+ end
+
##
## NODE SPECIFIC
## maybe these should be moved to a Node class.
@@ -170,12 +212,18 @@ module LeapCli
global.nodes
end
- class FileMissing < Exception; end
+ class FileMissing < Exception
+ attr_accessor :path, :options
+ def initialize(path, options={})
+ @path = path
+ @options = options
+ end
+ end
#
# inserts the contents of a file
#
- def file(filename)
+ def file(filename, options={})
if filename.is_a? Symbol
filename = [filename, @node.name]
end
@@ -187,12 +235,21 @@ module LeapCli
File.read(filepath)
end
else
- raise FileMissing.new(Path.named_path(filename))
+ raise FileMissing.new(Path.named_path(filename), options)
""
end
end
#
+ # like #file, but allow missing files
+ #
+ def try_file(filename)
+ return file(filename)
+ rescue FileMissing
+ return nil
+ end
+
+ #
# inserts a named secret, generating it if needed.
#
# manager.export_secrets should be called later to capture any newly generated secrets.
@@ -218,18 +275,26 @@ module LeapCli
value = @node.instance_eval($1) #, @node.send(:binding))
self[key] = value
rescue SystemStackError => exc
- log :error, "while evaluating node '#{@node.name}'"
- log "offending string: #{$1}", :indent => 1
- log "STACK OVERFLOW, BAILING OUT. There must be an eval loop of death (variables with circular dependencies)."
+ log 0, :error, "while evaluating node '#{@node.name}'"
+ log 0, "offending string: #{$1}", :indent => 1
+ log 0, "STACK OVERFLOW, BAILING OUT. There must be an eval loop of death (variables with circular dependencies).", :indent => 1
raise SystemExit.new()
rescue FileMissing => exc
- log :error, "while evaluating node '#{@node.name}'"
- log "offending string: #{$1}", :indent => 1
- log "error message: no file '#{exc}'", :indent => 1
+ Util::bail! do
+ if exc.options[:missing]
+ log :missing, exc.options[:missing].gsub('$node', @node.name)
+ else
+ log :error, "while evaluating node '#{@node.name}'"
+ log "offending string: #{$1}", :indent => 1
+ log "error message: no file '#{exc}'", :indent => 1
+ end
+ end
rescue StandardError => exc
- log :error, "while evaluating node '#{@node.name}'"
- log "offending string: #{$1}", :indent => 1
- log "error message: #{exc}", :indent => 1
+ Util::bail! do
+ log :error, "while evaluating node '#{@node.name}'"
+ log "offending string: #{$1}", :indent => 1
+ log "error message: #{exc}", :indent => 1
+ end
end
end
value
diff --git a/lib/leap_cli/config/object_list.rb b/lib/leap_cli/config/object_list.rb
index b0839ca..0fa60f1 100644
--- a/lib/leap_cli/config/object_list.rb
+++ b/lib/leap_cli/config/object_list.rb
@@ -30,7 +30,7 @@ module LeapCli
value = config[field]
if !value.nil?
if value.is_a? Array
- if value.includes?(match_value)
+ if value.include?(match_value)
results[name] = config
end
else
@@ -89,6 +89,19 @@ module LeapCli
result
end
+ #
+ # applies inherit_from! to all objects.
+ #
+ def inherit_from!(object_list)
+ object_list.each do |name, object|
+ if self[name]
+ self[name].inherit_from!(object)
+ else
+ self[name] = object.dup
+ end
+ end
+ end
+
end
end
end
diff --git a/lib/leap_cli/log.rb b/lib/leap_cli/log.rb
index aa9fd16..1cc1c6a 100644
--- a/lib/leap_cli/log.rb
+++ b/lib/leap_cli/log.rb
@@ -57,6 +57,7 @@ def log(*args)
when :run then Paint['run', :magenta]
when :failed then Paint['FAILED', :red, :bold]
when :ran then Paint['ran', :green, :bold]
+ when :bail then Paint['bailing out', :red, :bold]
else Paint[title.to_s, :cyan, :bold]
end
print "#{prefix} "
diff --git a/lib/leap_cli/path.rb b/lib/leap_cli/path.rb
index ed4e478..a783a91 100644
--- a/lib/leap_cli/path.rb
+++ b/lib/leap_cli/path.rb
@@ -18,6 +18,11 @@ module LeapCli; module Path
:service_config => 'services/#{arg}.json',
:tag_config => 'tags/#{arg}.json',
+ # input data files
+ :commercial_cert => 'files/cert/#{arg}.crt',
+ :commercial_key => 'files/cert/#{arg}.key',
+ :commercial_csr => 'files/cert/#{arg}.csr',
+
# output files
:user_ssh => 'users/#{arg}/#{arg}_ssh.pub',
:user_pgp => 'users/#{arg}/#{arg}_pgp.pub',
@@ -64,8 +69,12 @@ module LeapCli; module Path
@platform ||= File.expand_path("#{root}/leap_platform")
end
- def self.platform_provider
- "#{platform}/provider"
+ def self.provider_base
+ "#{platform}/provider_base"
+ end
+
+ def self.provider_templates
+ "#{platform}/provider_templates"
end
def self.provider
@@ -92,7 +101,7 @@ module LeapCli; module Path
def self.search_path
@search_path ||= begin
search_path = []
- [Path.platform_provider, Path.provider].each do |provider|
+ [Path.provider_base, Path.provider].each do |provider|
files_dir = named_path(:files_dir, provider)
search_path << provider
search_path << named_path(:files_dir, provider)
@@ -110,7 +119,7 @@ module LeapCli; module Path
def self.find_file(filename)
# named path?
if filename.is_a? Array
- path = named_path(filename, platform_provider)
+ path = named_path(filename, Path.provider_base)
return path if File.exists?(path)
path = named_path(filename, provider)
return path if File.exists?(path)
diff --git a/lib/leap_cli/util.rb b/lib/leap_cli/util.rb
index 20036b2..bad1f6c 100644
--- a/lib/leap_cli/util.rb
+++ b/lib/leap_cli/util.rb
@@ -23,11 +23,12 @@ module LeapCli
#
def bail!(message=nil)
if block_given?
+ LeapCli.log_level = 3
yield
elsif message
puts message
end
- puts("Bailing out.")
+ log :bail, ""
raise SystemExit.new
end
diff --git a/test/default_test.rb b/test/default_test.rb
deleted file mode 100644
index c363bbb..0000000
--- a/test/default_test.rb
+++ /dev/null
@@ -1,14 +0,0 @@
-require 'test_helper'
-
-class DefaultTest < Test::Unit::TestCase
-
- def setup
- end
-
- def teardown
- end
-
- def test_the_truth
- assert true
- end
-end
diff --git a/test/leap_platform/provider_base/common.json b/test/leap_platform/provider_base/common.json
new file mode 100644
index 0000000..f355780
--- /dev/null
+++ b/test/leap_platform/provider_base/common.json
@@ -0,0 +1,25 @@
+{
+ "ip_address": "REQUIRED",
+ "services": [],
+ "domain": {
+ "full_suffix": "= global.provider.domain",
+ "internal_suffix": "= global.provider.internal_domain",
+ "full": "= node.name + '.' + domain.full_suffix",
+ "internal": "= node.name + '.' + domain.internal_suffix",
+ "name": "= node.name + '.' + (dns.public ? domain.full_suffix : domain.internal_suffix)"
+ },
+ "dns": {
+ "public": "= service_type != 'internal_service'"
+ },
+ "ssh": {
+ "authorized_keys": "= file :authorized_keys",
+ "known_hosts": "= file :known_hosts",
+ "port": 22
+ },
+ "x509": {
+ "use": false,
+ "cert": "= x509.use ? file(:node_x509_cert, :missing => 'x509 certificate for node $node. Run `leap update-cert`') : nil",
+ "key": "= x509.use ? file(:node_x509_key, :missing => 'x509 key for node $node. Run `leap update-cert`') : nil"
+ },
+ "local": "= self.vagrant?"
+}
diff --git a/test/leap_platform/provider_base/provider.json b/test/leap_platform/provider_base/provider.json
new file mode 100644
index 0000000..a144d04
--- /dev/null
+++ b/test/leap_platform/provider_base/provider.json
@@ -0,0 +1,27 @@
+{
+ "domain": "REQUIRED",
+ "internal_domain": "= domain.sub(/\\..*$/,'.i')",
+ "name": {
+ "en": "REQUIRED"
+ },
+ "description": {
+ "en": "REQUIRED"
+ },
+ "languages": ["en"],
+ "default_language": "en",
+ "enrollment_policy": "open",
+ "ca": {
+ "name": "= global.provider.ca.organization + ' Root CA'",
+ "organization": "= global.provider.name[global.provider.default_language]",
+ "organizational_unit": "= 'https://' + global.common.domain.full_suffix",
+ "bit_size": 4096,
+ "life_span": "10y",
+ "server_certificates": {
+ "bit_size": 3248,
+ "life_span": "1y"
+ }
+ },
+ "vagrant":{
+ "network":"10.5.5.0/24"
+ }
+} \ No newline at end of file
diff --git a/test/leap_platform/provider_base/services/ca.json b/test/leap_platform/provider_base/services/ca.json
new file mode 100644
index 0000000..68f970f
--- /dev/null
+++ b/test/leap_platform/provider_base/services/ca.json
@@ -0,0 +1,6 @@
+{
+ "service_type": "internal_service",
+ "x509": {
+ "use": true
+ }
+}
diff --git a/test/leap_platform/provider_base/services/couchdb.json b/test/leap_platform/provider_base/services/couchdb.json
new file mode 100644
index 0000000..1c8005c
--- /dev/null
+++ b/test/leap_platform/provider_base/services/couchdb.json
@@ -0,0 +1,22 @@
+{
+ "service_type": "internal_service",
+ "x509": {
+ "use": true
+ },
+ "couch": {
+ "users": {
+ "admin": {
+ "username": "admin",
+ "password": "= secret :couch_admin_password"
+ },
+ "webapp": {
+ "username": "webapp",
+ "password": "= secret :couch_webapp_password"
+ },
+ "ca_daemon": {
+ "username": "ca_daemon",
+ "password": "= secret :couch_ca_daemon_password"
+ }
+ }
+ }
+}
diff --git a/test/leap_platform/provider_base/services/openvpn.json b/test/leap_platform/provider_base/services/openvpn.json
new file mode 100644
index 0000000..0a6b2c4
--- /dev/null
+++ b/test/leap_platform/provider_base/services/openvpn.json
@@ -0,0 +1,18 @@
+#
+# "server_crt": "= file :node_x509_cert",
+# "server_key": "= file :node_x509_key"
+#
+{
+ "service_type": "user_service",
+ "x509": {
+ "use": true
+ },
+ "openvpn": {
+ "ports": ["80", "443", "53", "1194"],
+ "filter_dns": false,
+ "nat": true,
+ "ca_crt": "= file :ca_cert",
+ "ca_key": "= file :ca_key",
+ "dh": "= file :dh_params"
+ }
+}
diff --git a/test/provider/services/webapp.json b/test/leap_platform/provider_base/services/webapp.json
index 247df49..cf023a9 100644
--- a/test/provider/services/webapp.json
+++ b/test/leap_platform/provider_base/services/webapp.json
@@ -1,16 +1,21 @@
{
+ "service_type": "public_service",
+ "x509": {
+ "use": true,
+ "commercial_cert": "= try_file [:commercial_cert, global.provider.domain]",
+ "commercial_key": "= try_file [:commercial_key, global.provider.domain]"
+ },
+ "api_domain": "= 'api.' + domain.full_suffix",
+ "dns": {
+ "aliases": "= [domain.full, api_domain]"
+ },
"webapp": {
"modules": ["user", "billing", "help"],
"couchdb_hosts": "= nodes[:services => :couchdb].field('domain.name')",
- "couchdb_users": "= global.services['couchdb'].users['admin']"
+ "couchdb_user": "= global.services[:couchdb].couch.users[:webapp]"
},
"definition_files": {
"provider": "= file('service-definitions/provider.json.erb')",
"eip_service": "file('service-definitions/eip-service.json.erb')"
- },
- "service_type": "public_service",
- "api_domain": "= 'api.' + domain.full_suffix",
- "dns": {
- "aliases": "= [domain.full, api_domain]"
}
} \ No newline at end of file
diff --git a/test/leap_platform/provider_templates/common.json b/test/leap_platform/provider_templates/common.json
new file mode 100644
index 0000000..e69de29
--- /dev/null
+++ b/test/leap_platform/provider_templates/common.json
diff --git a/test/leap_platform/provider_templates/node.json b/test/leap_platform/provider_templates/node.json
new file mode 100644
index 0000000..e69de29
--- /dev/null
+++ b/test/leap_platform/provider_templates/node.json
diff --git a/test/leap_platform/provider_templates/provider.json b/test/leap_platform/provider_templates/provider.json
new file mode 100644
index 0000000..e69de29
--- /dev/null
+++ b/test/leap_platform/provider_templates/provider.json
diff --git a/test/leap_platform/puppet/BLAH b/test/leap_platform/puppet/BLAH
new file mode 100644
index 0000000..e69de29
--- /dev/null
+++ b/test/leap_platform/puppet/BLAH
diff --git a/test/provider/common.json b/test/provider/common.json
index 85a93cb..1ccd624 100644
--- a/test/provider/common.json
+++ b/test/provider/common.json
@@ -2,25 +2,7 @@
# Options put here are inherited by all nodes.
#
{
- "domain": {
- "full_suffix": "= global.provider.domain",
- "internal_suffix": "= global.provider.internal_domain",
- "full": "= node.name + '.' + domain.full_suffix",
- "internal": "= node.name + '.' + domain.internal_suffix",
- "name": "= node.name + '.' + (dns.public ? domain.full_suffix : domain.internal_suffix)"
- },
- "dns": {
- "public": "= service_type != 'internal_service'"
- },
"ssh": {
- "authorized_keys": "= file :authorized_keys",
- "known_hosts": "= file :known_hosts",
"port": 22
- },
- "x509": {
- "use": false,
- "cert": "= x509.use ? file(:node_x509_cert) : nil",
- "key": "= x509.use ? file(:node_x509_key) : nil"
- },
- "local": "= self.vagrant?"
+ }
}
diff --git a/test/provider/files/ca/ca.crt b/test/provider/files/ca/ca.crt
deleted file mode 100644
index ed12e15..0000000
--- a/test/provider/files/ca/ca.crt
+++ /dev/null
@@ -1,24 +0,0 @@
------BEGIN CERTIFICATE-----
-MIIECzCCAl2gAwIBAgIEUFDp9TANBgkqhkiG9w0BAQsFADAPMQ0wCwYDVQQDEwRU
-RVNUMB4XDTEyMDkxMjIwMDA1M1oXDTEzMDkxMjIwMDA1M1owDzENMAsGA1UEAxME
-VEVTVDCCAbgwDQYJKoZIhvcNAQEBBQADggGlADCCAaACggGXANsoS1m9wj9iv+UV
-BXfeq14SR94gSot96eJu7PZVRrcGlGe/PRfbmfxF3j/gXM9B8sIkyM2L46OMtOKw
-1iOTKtYYdMhtnUSd3FRshWGtYeuy+OCe9umU0jfZDBZ2pXlUmSqCNqfD0OPkksYL
-GDjQUKjaEd1oURwpCG8uEU+3tjBNCMuEwhcMEoUYmI8t4vss2hdFb+LKefVMPTzz
-oiNM/o8Z/ANzWCC0qSW5FsB4wGhUS5HKLDOr4tACgdxaJSWtAqFFAnyMeG9g8aqe
-PTM+URlqVnzzGckrJwBbd4y0zEpv/R7SAiSAP725cnB1GKptwdrcNIIHnQjOdAOl
-uNg6JlRXrv6fV1gApka4INfJAf1yMf+fA0WdZ22UJQ9Up7tdzi8lL+3HsEpEx4Pz
-NyzuqzEw9LJ6SUmMcE/VP00t4RjTOVoncwcLjvURY8jt2DQ9E36JEPwUoyALq/De
-bGBjeK2KGzBZcOu1HZAwWLLWR2++WKuCEXbRbahwSIlbMfmAe8xGx4bbHol0D1A+
-wmu0uxjAze6FvUkCAwEAAaNDMEEwDwYDVR0TAQH/BAUwAwEB/zAPBgNVHQ8BAf8E
-BQMDBwQAMB0GA1UdDgQWBBT/PX8XZ0Y2jDkppz6PHs23IgzQEDANBgkqhkiG9w0B
-AQsFAAOCAZcAMfi+HLbcFaB0/Mv8/GkIdjpThUBVEeFrIiDy9GmGWUDOXgP1Skld
-5H4eY5inE5lFfB69yacHIGS4OiZIBuBKfKNl5d6XO+ztJEJpG3yrbF4MtGV/aHEp
-OlbJCncnk3fspBk6tFGrv4Inak4gza6SQPfBEZj29ciwfwrqrtuWZ7km+og0Clcd
-pIB0g+DK0K//NtaDZDK0havQw2AFJKyXlNfI8XZ2jsNmQYR1wtiMci+UfGQr7bjn
-Kw9yyVCf0ohXvnSK4ortz/bDQbcMWkK0m/VCCEK8PSldk+XFzPWFWn5ndKCczcvd
-1BQc392n12ZstEuzm6+d9A0D3kCxralJUXUC+4kThq4Rtjey/gBjyZQnZ+5tIxMF
-5ZFAStEglNxqm6HB17q7owJqTvIg9Cf9GATsvoFFQDJrBXewRX7cWVeSr0zNSQB4
-ydIlSUOkyE3AyfLN+lx8NVS/I7gp4fWDuHrh27NKKDtMxalxPL5pTGO7l4uTybLY
-4aVzQYGvzA5HVS++VAtcTQ6TP9p4HURL2cllEU9u9A==
------END CERTIFICATE-----
diff --git a/test/provider/files/ca/ca.key b/test/provider/files/ca/ca.key
deleted file mode 100644
index 9721c35..0000000
--- a/test/provider/files/ca/ca.key
+++ /dev/null
@@ -1,41 +0,0 @@
------BEGIN RSA PRIVATE KEY-----
-MIIHRwIBAAKCAZcA2yhLWb3CP2K/5RUFd96rXhJH3iBKi33p4m7s9lVGtwaUZ789
-F9uZ/EXeP+Bcz0HywiTIzYvjo4y04rDWI5Mq1hh0yG2dRJ3cVGyFYa1h67L44J72
-6ZTSN9kMFnaleVSZKoI2p8PQ4+SSxgsYONBQqNoR3WhRHCkIby4RT7e2ME0Iy4TC
-FwwShRiYjy3i+yzaF0Vv4sp59Uw9PPOiI0z+jxn8A3NYILSpJbkWwHjAaFRLkcos
-M6vi0AKB3FolJa0CoUUCfIx4b2Dxqp49Mz5RGWpWfPMZySsnAFt3jLTMSm/9HtIC
-JIA/vblycHUYqm3B2tw0ggedCM50A6W42DomVFeu/p9XWACmRrgg18kB/XIx/58D
-RZ1nbZQlD1Snu13OLyUv7cewSkTHg/M3LO6rMTD0snpJSYxwT9U/TS3hGNM5Widz
-BwuO9RFjyO3YND0TfokQ/BSjIAur8N5sYGN4rYobMFlw67UdkDBYstZHb75Yq4IR
-dtFtqHBIiVsx+YB7zEbHhtseiXQPUD7Ca7S7GMDN7oW9SQIDAQABAoIBljYtMttf
-boqO1dNCrBRi5kgeCsgdgXAUU2IXe9q1YALUzJENFIQ2VE2p0/REeYz+x4043K77
-Wu3OVdUIVBd9RQSiDRSTDGKvB42TOjHYU7GZj66vfWhm0sTdkgBnmiZxRF/eyrYU
-USpVEfeFPJqm3JmxNuNd61cjyaL6Z2smhhJQqNDu47Ag2t8uImCavlbLUqqYDr2o
-whdinmzX6YgCe5dSnBsaQ3nqTzo1FCvGbgIcfIXwzZaEclBrnkCjxDUZHOJTFfdG
-HmuiMnuzp1JOz1UTOpus8eKIK/J1Zh3C7yYSp+h9ZcHbaqoiLTueyvLpT5dbUzgw
-gQQTnNKaWjXF/10/T0n7lybqlUQaGvJrmRPbiIGdO8NLEbeaLGJAbaml3EYPJxeN
-YlV8wOVcA48xxpRCR8qX/DClbclJMIhwQ9AMdfvTlPMcLbPXZx+Ly2/ZuL2GhNlU
-ur5Ac6yQ2KFIRz9Cm2T2ZUSbwcFgHEjl4fR62vIOSGHWZZndExSCyW+3LyHSbZkO
-ExbceyEIB0qsDXqLvtV7bbUCgcwA5e7XclbOkjA4nnIsz1pnfQMdraVK76vD4ex8
-uA31cGBE2O83miGnDNDg1bdbSgLTD1bqjAGxvEPL6g4G3p/K4QkiPsMsJcfEJieI
-U97Tv+SL2LcoK96gOaPuum2lBVNVs5wN6DICVL+JNjZEgzOQGVRllUh37MmYEuEk
-sxAujzu89piBUIlfIKQPszDTeak4D9aFeKPl27mVezQHkpJHhxGKdm+DfyLZNko3
-f2Na5vqMKEwznHAhGAoawAN9aQY2pRoUEdjHzyTWkKcCgcwA9AC40ogaOy0Fm+o7
-H4b1+fNFGHdzLOhsgRf/SXeoNRry6hN5fkH4jBYos//jb257hRSoFsmPQ7k/ZXmb
-CAAu+5FthZAhGRwgnxKQ0Va4nv5uvdK+GNO2YwHlUaeb0WOfujhSNEb0aUsqO1/8
-yITIFRX8nGWEtttW76l+npV/aGgrWd0BxMVcNpmB4ORIJCs7BNKKKjQOG4nDHmP2
-EOhLjU3kqqUbDOfoSs9UHOFRaW78lBscYU+z3FcR7yvSn1AIpYxbNhA3jCDrkI8C
-gcseYElSL6mmonw4YnkNA7J8T3cSQ638r8J3DFkFr8JnEDDIQAImeJ+rD8VENq72
-vhzIAAGIcYjbiFFeIHBD5PRWenBtvjcM3rFJIRvfiKaMyVK4VKoX8ZdVRhT5yBZu
-961wxwMHU+P+8jbcVJsEgkFdN0scR7CgNZnDlL7WcSLVhVzXbxpWW2+XzlTMpXyq
-q/JeFUcYwv5Q4tmepycA9BZC/8w9DUpf92iexXtDdwrBTQRLJpYC6sVUebFDALMG
-tu1tLl7MZMkw0nsOLQKBzADgsOGBja+KGrV1lEaJi8BrQWe5VhYLnqR8ZFrDjpqo
-/H4Aq5pPd/SnG6izyMnpTTYVoKYBBe8VkDse+NKYlYKuSocuXUD9XHd1xKTzAQbV
-8rqLtsszFZJ4rcA8ZzoHodPuqfqZBVYAuCTVtFiVViDhufN7GckSkf0GiXB+HHDM
-9lAlWm1Mg+mcpdOCAvWjyON6V16/6lurZDr3e1mWzDL2lmoh8hRs2AmDClUMmzha
-/Mc+o5CI09pu5wcu1Y4JAqxTtmIv8NMWCSKjZQKBzACtm7UzsHrKC3REfb5YM4oS
-zI5SRWCj+umQrAX5XCjc7O4J0MECSW9pda3x+nei1Ay9EOpdBz+pggJ+ipDVa4qf
-qfZ/NiAknBiB+4UiSNnUcWtK792AbAfD2if98e40rU5zlbkUxnphytyDwueqcKPY
-HGoBRSng3IZyIZR/VCzOwWCpUyLw492D3cVZe1AgeRNhcATiHgIGMUT2zc21Jmh2
-XJn5wohQvUzvnpyll5xlZf6c2EtqMJ9kEwV1Xbwu16aXpXf11Y9iY38EXA==
------END RSA PRIVATE KEY-----
diff --git a/test/provider/files/ca/dh.key b/test/provider/files/ca/dh.key
deleted file mode 100644
index 190e39e..0000000
--- a/test/provider/files/ca/dh.key
+++ /dev/null
@@ -1,9 +0,0 @@
------BEGIN DH PARAMETERS-----
-MIIBOAKCATEAuk7D6dsadjJpiW97APv/cjqYBEMCfGIaQMCfaB42VBw3Bk0yfgpA
-ItvhY6gJHK+LIXlQLuOgfCFu7N4Ny0wP9lMi4Q2de2t9uyabzYRFnK+42WA5LKag
-57xErne+RgIgmGpwKkRAa8BGmghy+wKg2/Tmsw+EMOHqQL5TtnDbcNuNKDHyahST
-sw0Chew1esitR+KgY6MJJFdyV3/sGQaGa1Y2vw2rn9a+6HWGZLmzcUcYNwMCIqTL
-h9gFk2JvnDs1cO+dsN/XDV8BjsEtnarXB6OOVgQzclfcGuqM2/9mVfeEQiowYqMk
-ot9gDeUZVwDqmqh2+sG9q83BEp+AsnQIIerju8URmgIXYTJw7i6IX2vXKqUm96za
-IBeGmS71ZSsmgABITDbYenqnvw2A938bEwIBBQ==
------END DH PARAMETERS-----
diff --git a/test/provider/files/vpn1/vpn1.rewire.co.crt b/test/provider/files/vpn1/vpn1.rewire.co.crt
deleted file mode 100644
index d2c9734..0000000
--- a/test/provider/files/vpn1/vpn1.rewire.co.crt
+++ /dev/null
@@ -1,26 +0,0 @@
------BEGIN CERTIFICATE-----
-MIIEWjCCAqygAwIBAgIEUFDqXzANBgkqhkiG9w0BAQsFADAPMQ0wCwYDVQQDEwRU
-RVNUMB4XDTEyMDkxMjIwMDIzOVoXDTEzMDkxMjIwMDIzOVowKzEPMA0GA1UEChMG
-eHgub3JnMRgwFgYDVQQDEw9ob3N0bmFtZS54eC5vcmcwggG4MA0GCSqGSIb3DQEB
-AQUAA4IBpQAwggGgAoIBlwCvGqkXry509EWGAqbFUB5nqvsvA3kSIh0prgzaPYCg
-MMst58ZB89eTgiuM+U3jSF7LZr+CuE1DAb4m2U2f8D8IfViwK1yCa5AohG+LCmwe
-4w4bgXtxwEBDac4u23JZ4AKE/EcKMeBbXe2d3o1S3P3XdN1ZVP0DVw04+H8cdh+0
-ggvhAA+9W/NvAQCAffL8sospj9nbl2OhRnrlFAzMWECyEyySPK5TEchU0hnFBRys
-DuYso5klLC6QXfSOkCSCOg9WQgjoyYBndTYxS3GwBnwyM+5V4TNtdc+P4vkkj+ZB
-D9R9oMpamUuuRQvk5/hJa7i8AaBy7ZmOO9QtL3866ONa6cLUN/QfBUkgM5iS6oQt
-X/qKxZFFYZPZUGBJqavuT+n4FB8XlIwcnqunK7rLD9OZwumYuZlHDtdAsgQ9Fd2z
-06e7sDp28jcrk6gmpOapLqNPtPHVOGNA6mCZza4LonDMOSQKTfb6ZEXty+a8f2ig
-zErhHvmyCvREytDc9pIf2bL+Sz4ULTq62GDKf1Y3tRi2uHFjhKLTAgMBAAGjdjB0
-MAwGA1UdEwEB/wQCMAAwEwYDVR0lBAwwCgYIKwYBBQUHAwEwDwYDVR0PAQH/BAUD
-AwegADAdBgNVHQ4EFgQUmQ5YZjESlkYq2FBaYqGp2HAnSfAwHwYDVR0jBBgwFoAU
-/z1/F2dGNow5Kac+jx7NtyIM0BAwDQYJKoZIhvcNAQELBQADggGXAHiaPMSeIzac
-rRZQ/dJA7VDgvuFcY67zj9531zsDVi848kBkpSZ+9UyZOdhy5b9Din/IAVvd/XUP
-+VWwVsvKPbrWK79T/w8wj5nQR0uYfLdpMu7ZGjPhNes+/DnMX8Are2eb012g1km/
-HhOUxNg8/YpOJI4ZRnZls7j+u5kmHhc47sOQH9sY1FkHcWJ+K/lVhTk8Fmcm1vbN
-p7rjO4BItPVDxle0XF6bItwF1ahsK9MTzJIEO9ulHQnKYdhT9BcJbcwA3vhcn8nN
-uPN/RbDcWZTjONy58LVr7GxDQ267nZs5/wj4Cv3vDVq83kQJ7lCsYGTvxOejHWeQ
-QjcXREdBih9CPO3f86TOI8GRipIGvDcEll4DzgGRi+uTSWG69uC9yud/7+rnLd9Z
-WlobzAzRwljnR3aNACq0adYv1Wl05Fi2ab+QqL/C5ySrF5jL4OFUMpBu7nDPjty0
-KjQSmI9t6By6ORx14XT6piSlvSFn5phdMexXx1AYZEtdPSQduh2OquIPjN/qSdHO
-J+ZXOqDL1Jv+a89ghE8=
------END CERTIFICATE-----
diff --git a/test/provider/files/vpn1/vpn1.rewire.co.key b/test/provider/files/vpn1/vpn1.rewire.co.key
deleted file mode 100644
index 3fdf38a..0000000
--- a/test/provider/files/vpn1/vpn1.rewire.co.key
+++ /dev/null
@@ -1,41 +0,0 @@
------BEGIN RSA PRIVATE KEY-----
-MIIHRwIBAAKCAZcArxqpF68udPRFhgKmxVAeZ6r7LwN5EiIdKa4M2j2AoDDLLefG
-QfPXk4IrjPlN40hey2a/grhNQwG+JtlNn/A/CH1YsCtcgmuQKIRviwpsHuMOG4F7
-ccBAQ2nOLttyWeAChPxHCjHgW13tnd6NUtz913TdWVT9A1cNOPh/HHYftIIL4QAP
-vVvzbwEAgH3y/LKLKY/Z25djoUZ65RQMzFhAshMskjyuUxHIVNIZxQUcrA7mLKOZ
-JSwukF30jpAkgjoPVkII6MmAZ3U2MUtxsAZ8MjPuVeEzbXXPj+L5JI/mQQ/UfaDK
-WplLrkUL5Of4SWu4vAGgcu2ZjjvULS9/OujjWunC1Df0HwVJIDOYkuqELV/6isWR
-RWGT2VBgSamr7k/p+BQfF5SMHJ6rpyu6yw/TmcLpmLmZRw7XQLIEPRXds9Onu7A6
-dvI3K5OoJqTmqS6jT7Tx1ThjQOpgmc2uC6JwzDkkCk32+mRF7cvmvH9ooMxK4R75
-sgr0RMrQ3PaSH9my/ks+FC06uthgyn9WN7UYtrhxY4Si0wIDAQABAoIBlgvJw7Bw
-frQo7bVD4G5QInvgKuDTXwc1fLkdmofmtA4UutjwTYyLGew4Sy5GalPuv1L6K9Jl
-De6A44hCANPPnK65oYraoHO3QhE4OTonDXhW2NBJO0JBKxJewR6ub1hVmFXTlgS9
-rtj3zdNe9Cyr6/rhRzWIXzAmYCGBuSz1VtUUHDCdjHG3CwBiFOKRmBYi/vNhV81M
-t8xXrlZVrzbiihhy6gE+TI4TGGV9b3awDWoX5q8CpIC4JLpbWOdwFMUfm4C3GVpy
-lk5gubE/wnXiQyzqEzyHzC3OrNyh/JTbz2XBi+Agc45gRFL6t3EstNJY14lWwAy5
-pwLUFQnwVJQ0ljtA+qMo5nwGBaHgj1TutshLLcrP+cikule5DYm23VHU/u4epYPM
-hEB6KrYr7h3/IhXJ5rp5kmsJKGlg1vyPkwcskL5fMiN1BnPV5cwmrg574SsoDydr
-u40DJiijABVJG2aTnlOMGKyrnkbbOTq3adxjIWPPTK5r95pOWp3TpZWQzGa8Waum
-Q3S9LpmGCiVnuXTyGqRXAeECgcwAzPJWd5P/lCrVgmCd+cc+ldbG2SLQ/v3vDqe3
-R0UPnkIkmOOKw9cgC9qy8XgZb2hcRKDwifZBCVKTVi3NAdtF9WF5DLmwBP2NGdWk
-vNz9NF5Zd0GYa78Dec6Ej6nOJauDi5ymiJQxexx+N3I/ZjJMOpnIePz1yQbiB9dF
-YM6lifd8WoeahOvp1m92qlF637JL7hmXjagB0H+27bLgDD7dtUcigYMvPOuO5S0s
-Ec1PRg0lNhym9sJ0xm7uby88i83RyQKbCFEHyuQFZS8CgcwA2rk8X6WPF6NTmYP5
-VXnMAW1T1CoHCWQOW3KaYCHHgdWVTVl7MKXZ1zxz/8pKySX+QJrUsobSn7xjxGqT
-ZTcbhaFtEsfS4meEyn2Ef+yT2kslF59aYQfFAQ2HR5bhg2kNXFPwIpV3o5zwmJH9
-5H32XHjpneHT5QjTvQezsHtQbl61w8QqEmB5Cy5ZzcfSp+iZnR1gBquVgRSLpphE
-sUzmTAlm2W8FZNLw1cDyB+8hNDrp/t9RQfJzzcCi4TAgZWy+DKjO7nj6tl7oe50C
-gctgtVXh9T9b3l6DuC2zaLZ6pC+O1KQEPzUoGDIe+lKlXhbA4lZflUq07U0VLpPq
-AzfO1pbKsx37VTDbMJ+Vaa/4WzdwrsqFgFOtxieHS0xcAs16vcQ7y5XLS4038Wuq
-UOWw4ome1zcGHerdJRcPlVptKJX1qYAdjRbplkZRqRFqKhNO8MAUSvI70rsPIYW2
-uv6jawYdvRKmHS3nukmI3b1mxhtdO9b1iz4RnKA4AkaPCrLtdtW+iQHrhPsUEhki
-60s76/PWF85yieiV1wKBzACauN5UarFGb2r79bezF22QtN3P/8rqgbUGS5OY3Uxc
-M9Jh3SKfzzLCZylHkLpGgHHTEbPUdjsYdBO/JgUOXGVDqmWWG3S6Y7Az7YaFV71f
-djjO9RLiALUDgaZopfrxEqc44MfGLyVqv+ISi3Om5tQXphDcdpuGMTBXT9N0zEah
-TK4XxfRc+5Gkry0nvGrwDEJeOiFrloUzwmzndF9jbJqcvynaNgcCw5VKICsWIbrD
-T8mnWiIJHJF+wv51fa3tEXd/TQrU9w+jYo/ioQKBzACluagmFiDwMcJFowdUYyya
-WJtxEQHej5PfyHRijBZ/qzhvPxyF2Ae2D5L9RS+uHsJA0ZVJDQgzkvrSZ8IcS/Q4
-q+zX3/AzgDL6IQGQIsETaAmFCco4RMLFaDMyDx/OJR29df+ibqYvfSoUkcmK8OyF
-PWS0AobzJnqIaDpRCCvD/sL9PCkrUm33HoDBfxuvEsqZypNVmq+/3myWc9gIMOmZ
-fpWS+744tFnNO9RdmZ8OZel4+iv8CGZvQxk14S+lpaSCpX+Zmfyy5PfPRg==
------END RSA PRIVATE KEY-----
diff --git a/test/provider/provider.json b/test/provider/provider.json
index 6e7618f..3db2441 100644
--- a/test/provider/provider.json
+++ b/test/provider/provider.json
@@ -3,7 +3,6 @@
#
{
"domain": "bitmask.net",
- "internal_domain": "= domain.sub(/\\..*$/,'.i')",
"name": {
"en": "Bitmask"
},
@@ -12,19 +11,5 @@
},
"languages": ["en"],
"default_language": "en",
- "enrollment_policy": "open",
- "ca": {
- "name": "= global.provider.ca.organization + ' Root CA'",
- "organization": "= global.provider.name[global.provider.default_language]",
- "organizational_unit": "= 'https://' + global.common.domain.full_suffix",
- "bit_size": 4096,
- "life_span": "10y",
- "server_certificates": {
- "bit_size": 3248,
- "life_span": "1y"
- }
- },
- "vagrant":{
- "network":"10.5.5.0/24"
- }
+ "enrollment_policy": "open"
} \ No newline at end of file
diff --git a/test/provider/secrets.json b/test/provider/secrets.json
index 3654472..fd7bd65 100644
--- a/test/provider/secrets.json
+++ b/test/provider/secrets.json
@@ -1,4 +1,5 @@
{
"couch_admin_password": "Wf@W&@fQeK@qcItm-9fH~9ve8A4V5Dua",
+ "couch_ca_daemon_password": "jc7BQumjI7fs~naLrS_&%@bWImGz75+I",
"couch_webapp_password": "rXYr3RfJyqutsLZ6zQZ=&@WPXWnvdMpe"
}
diff --git a/test/provider/services/couchdb.json b/test/provider/services/couchdb.json
deleted file mode 100644
index 1cbc84e..0000000
--- a/test/provider/services/couchdb.json
+++ /dev/null
@@ -1,7 +0,0 @@
-{
- "service_type": "internal_service",
- "users": {
- "admin": {"username":"admin", "password":"= secret :couch_admin_password"},
- "webapp": {"username":"webapp", "password":"= secret :couch_webapp_password"}
- }
-} \ No newline at end of file
diff --git a/test/provider/services/openvpn.json b/test/provider/services/openvpn.json
deleted file mode 100644
index 958320f..0000000
--- a/test/provider/services/openvpn.json
+++ /dev/null
@@ -1,16 +0,0 @@
-{
- "openvpn": {
- "ports": ["80", "443", "53", "1194"],
- "filter_dns": false,
- "nat": true,
- "ca_crt": "= file 'ca/ca.crt'",
- "ca_key": "= file 'ca/ca.key'",
- "dh": "= file 'ca/dh.pem'",
- "server_crt": "= file :node_x509_cert",
- "server_key": "= file :node_x509_key"
- },
- "service_type": "user_service"
- #"x509": {
- # "use": true
- #}
-}