summaryrefslogtreecommitdiff
path: root/src/leap
diff options
context:
space:
mode:
authorkali <kali@leap.se>2012-08-29 23:05:38 +0900
committerkali <kali@leap.se>2012-08-29 23:05:38 +0900
commited4ad3a392caf0211e51a48d2d7b6c5a2f7bb17a (patch)
tree55958957a27f3784aef99f122673852becb4c1c2 /src/leap
parent63c0b7aa3ded55426a834d0a5947fff798894c6b (diff)
add eipconfig spec and config object
Diffstat (limited to 'src/leap')
-rw-r--r--src/leap/base/config.py3
-rw-r--r--src/leap/base/providers.py6
-rw-r--r--src/leap/base/tests/test_config.py25
-rw-r--r--src/leap/eip/checks.py5
-rw-r--r--src/leap/eip/config.py47
-rw-r--r--src/leap/eip/constants.py3
-rw-r--r--src/leap/eip/specs.py64
-rw-r--r--src/leap/eip/tests/test_config.py2
8 files changed, 110 insertions, 45 deletions
diff --git a/src/leap/base/config.py b/src/leap/base/config.py
index 1ced471b..465016db 100644
--- a/src/leap/base/config.py
+++ b/src/leap/base/config.py
@@ -141,6 +141,9 @@ class JSONLeapConfig(BaseLeapConfig):
config_file = get_config_file(filename, folder)
return config_file
+ def exists(self):
+ return os.path.isfile(self.filename)
+
#
# utility functions
diff --git a/src/leap/base/providers.py b/src/leap/base/providers.py
index 71ccf139..677dd6ec 100644
--- a/src/leap/base/providers.py
+++ b/src/leap/base/providers.py
@@ -6,16 +6,16 @@ from leap.base import specs
class LeapProviderDefinition(baseconfig.JSONLeapConfig):
spec = specs.leap_provider_spec
- def get_slug(self):
+ def _get_slug(self):
provider_path = baseconfig.get_default_provider_path()
return baseconfig.get_config_file(
'definition.json',
folder=provider_path)
- def set_slug(self, *args, **kwargs):
+ def _set_slug(self, *args, **kwargs):
raise AttributeError("you cannot set slug")
- slug = property(get_slug, set_slug)
+ slug = property(_get_slug, _set_slug)
# TODO (MVS+)
# we will construct slug from providers/%s/definition.json
diff --git a/src/leap/base/tests/test_config.py b/src/leap/base/tests/test_config.py
index 54e4484c..ef897a23 100644
--- a/src/leap/base/tests/test_config.py
+++ b/src/leap/base/tests/test_config.py
@@ -35,7 +35,9 @@ class ProviderTest(BaseLeapTest):
class BareHomeTestCase(ProviderTest):
- __name__ = "provider_config_tests"
+ __name__ = "provider_config_tests_bare_home"
+
+ # XXX review. is it still needed?
def test_should_raise_if_missing_eip_json(self):
with self.assertRaises(exceptions.MissingConfigFileError):
@@ -59,27 +61,6 @@ class ProviderDefinitionTestCase(ProviderTest):
with open(os.path.join(path, 'eip.json'), 'w') as fp:
json.dump(eipconstants.EIP_SAMPLE_JSON, fp)
- # moved to eip.test_checks.test_fetch_definition
- #def test_complete_file(self):
- #with mock.patch.object(requests, "get") as mock_method:
- #mock_method.return_value.status_code = 200
- #mock_method.return_value.json = {
- #XXX get from providers template
- #u'api_uri': u'https://api.testprovider.org/',
- #u'api_version': u'0.1.0',
- #u'ca_cert': u'8aab80ae4326fd30721689db813733783fe0bd7e',
- #u'ca_cert_uri': u'https://testprovider.org/cacert.pem',
- #u'description': {u'en': u'This is a test provider'},
- #u'display_name': {u'en': u'Test Provider'},
- #u'domain': u'testprovider.org',
- #u'enrollment_policy': u'open',
- #u'public_key': u'cb7dbd679f911e85bc2e51bd44afd7308ee19c21',
- #u'serial': 1,
- #u'services': [u'eip'],
- #u'version': u'0.1.0'}
- # XXX why init to localhost?
- #cf = config.Configuration("http://localhost/")
- #self.assertIn('default', cf.providers)
#
# provider fetch tests block
diff --git a/src/leap/eip/checks.py b/src/leap/eip/checks.py
index 27320b1f..e5b8e971 100644
--- a/src/leap/eip/checks.py
+++ b/src/leap/eip/checks.py
@@ -52,6 +52,8 @@ class EIPConfigChecker(object):
self.config = None
self.fetcher = fetcher
+ #self.eipconfig = eipconfig.EIPConfig()
+
def run_all(self, checker=None, skip_download=False):
"""
runs all checks in a row.
@@ -208,10 +210,13 @@ class EIPConfigChecker(object):
return baseconfig.get_config_file(eipconstants.EIP_CONFIG)
def _is_there_default_eipconfig(self):
+ #XXX
+ #self.eipconfig.exists()
return os.path.isfile(
self._get_default_eipconfig_path())
def _dump_default_eipconfig(self):
+ #XXX self.eipconfig.save()
eipconfig.dump_default_eipconfig(
self._get_default_eipconfig_path())
diff --git a/src/leap/eip/config.py b/src/leap/eip/config.py
index 2694ca61..34f05070 100644
--- a/src/leap/eip/config.py
+++ b/src/leap/eip/config.py
@@ -8,20 +8,17 @@ import socket
from leap.util.fileutil import (which, mkdir_p,
check_and_fix_urw_only)
-# from leap.base import config as baseconfig
-from leap.base.config import (get_default_provider_path,
- get_config_file,
- get_username,
- get_groupname,
- validate_ip)
+from leap.base import config as baseconfig
from leap.baseapp.permcheck import (is_pkexec_in_system,
is_auth_agent_running)
from leap.eip import exceptions as eip_exceptions
from leap.eip import constants as eipconstants
+from leap.eip import specs as eipspecs
logger = logging.getLogger(name=__name__)
logger.setLevel('DEBUG')
+# XXX deprecate per #447
OPENVPN_CONFIG_TEMPLATE = """#Autogenerated by eip-client wizard
remote {VPN_REMOTE_HOST} {VPN_REMOTE_PORT}
@@ -39,6 +36,18 @@ ca {LEAP_EIP_KEYS}
"""
+class EIPConfig(baseconfig.JSONLeapConfig):
+ spec = eipspecs.eipconfig_spec
+
+ def _get_slug(self):
+ return baseconfig.get_config_file('eip.json')
+
+ def _set_slug(self, *args, **kwargs):
+ raise AttributeError("you cannot set slug")
+
+ slug = property(_get_slug, _set_slug)
+
+
def check_or_create_default_vpnconf(config):
"""
checks that a vpn config file
@@ -47,12 +56,12 @@ def check_or_create_default_vpnconf(config):
ATM REQURES A [provider] section in
eip.cfg with _at least_ a remote_ip value
"""
- default_provider_path = get_default_provider_path()
+ default_provider_path = baseconfig.get_default_provider_path()
if not os.path.isdir(default_provider_path):
mkdir_p(default_provider_path)
- conf_file = get_config_file(
+ conf_file = baseconfig.get_config_file(
'openvpn.conf',
folder=default_provider_path)
@@ -74,7 +83,7 @@ def check_or_create_default_vpnconf(config):
# and make a reverse resolv.
remote_ip = config.get('provider',
'remote_ip')
- validate_ip(remote_ip)
+ baseconfig.validate_ip(remote_ip)
except ConfigParser.NoSectionError:
raise eip_exceptions.EIPInitNoProviderError
@@ -91,19 +100,19 @@ def check_or_create_default_vpnconf(config):
default_subpath = os.path.join("providers",
"default")
- default_provider_path = get_config_file(
+ default_provider_path = baseconfig.get_config_file(
'',
folder=default_subpath)
if not os.path.isdir(default_provider_path):
mkdir_p(default_provider_path)
- conf_file = get_config_file(
+ conf_file = baseconfig.get_config_file(
'openvpn.conf',
folder=default_provider_path)
# XXX keys have to be manually placed by now
- keys_file = get_config_file(
+ keys_file = baseconfig.get_config_file(
'openvpn.keys',
folder=default_provider_path)
@@ -133,8 +142,8 @@ def build_ovpn_options(daemon=False):
# get user/group name
# also from config.
- user = get_username()
- group = get_groupname()
+ user = baseconfig.get_username()
+ group = baseconfig.get_groupname()
opts = []
@@ -171,10 +180,10 @@ def build_ovpn_options(daemon=False):
opts.append('--config')
- default_provider_path = get_default_provider_path()
+ default_provider_path = baseconfig.get_default_provider_path()
# XXX get rid of config_file at all
- ovpncnf = get_config_file(
+ ovpncnf = baseconfig.get_config_file(
'openvpn.conf',
folder=default_provider_path)
opts.append(ovpncnf)
@@ -296,7 +305,7 @@ def get_config(config_file=None):
config = ConfigParser.ConfigParser(defaults)
if not config_file:
- fpath = get_config_file('eip.cfg')
+ fpath = baseconfig.get_config_file('eip.cfg')
if not os.path.isfile(fpath):
dpath, cfile = os.path.split(fpath)
if not os.path.isdir(dpath):
@@ -343,9 +352,9 @@ def check_vpn_keys(config):
if config.has_option(*keyopt):
keyfile = config.get(*keyopt)
else:
- keyfile = get_config_file(
+ keyfile = baseconfig.get_config_file(
'openvpn.keys',
- folder=get_default_provider_path())
+ folder=baseconfig.get_default_provider_path())
logger.debug('keyfile = %s', keyfile)
# if no keys, raise error.
diff --git a/src/leap/eip/constants.py b/src/leap/eip/constants.py
index 6161d744..31974926 100644
--- a/src/leap/eip/constants.py
+++ b/src/leap/eip/constants.py
@@ -1,5 +1,8 @@
EIP_CONFIG = "eip.json"
+# XXX deprecate. EIPConfig used instead
+# can move for testing purposes.
+
EIP_SAMPLE_JSON = {
"provider": "testprovider.example.org",
"transport": "openvpn",
diff --git a/src/leap/eip/specs.py b/src/leap/eip/specs.py
new file mode 100644
index 00000000..572177dd
--- /dev/null
+++ b/src/leap/eip/specs.py
@@ -0,0 +1,64 @@
+import os
+
+from leap.base import config as baseconfig
+
+
+provider_ca_path = os.path.join(
+ baseconfig.get_default_provider_path(),
+ 'keys', 'ca',
+ 'testprovider-ca-cert.pem'
+)
+
+client_cert_path = os.path.join(
+ baseconfig.get_default_provider_path(),
+ 'keys', 'client',
+ 'openvpn.pem'
+)
+
+eipconfig_spec = {
+ 'provider': {
+ 'type': unicode,
+ 'default': u"testprovider.example.org",
+ 'required': True,
+ },
+ 'transport': {
+ 'type': unicode,
+ 'default': u"openvpn",
+ },
+ 'openvpn_protocol': {
+ 'type': unicode,
+ 'default': u"tcp"
+ },
+ 'openvpn_port': {
+ 'type': int,
+ 'default': 80
+ },
+ 'oepnvpn_ca_certificate': {
+ 'type': unicode, # path
+ 'default': provider_ca_path
+ },
+ 'openvpn_client_certificate': {
+ 'type': unicode, # path
+ 'default': client_cert_path
+ },
+ 'connect_on_login': {
+ 'type': bool,
+ 'default': True
+ },
+ 'block_cleartext_tr affic': {
+ 'type': bool,
+ 'default': True
+ },
+ 'primary_gateway': {
+ 'type': unicode,
+ 'default': u"usa_west",
+ 'required': True
+ },
+ 'secondary_gateway': {
+ 'type': unicode,
+ 'default': u"france"
+ },
+ 'management_password': {
+ 'type': unicode
+ }
+}
diff --git a/src/leap/eip/tests/test_config.py b/src/leap/eip/tests/test_config.py
index fac4729d..16219648 100644
--- a/src/leap/eip/tests/test_config.py
+++ b/src/leap/eip/tests/test_config.py
@@ -82,7 +82,7 @@ class EIPConfigTest(BaseLeapTest):
self.assertEqual(args, self.get_expected_openvpn_args())
# XXX TODO:
- # - should use touch_exec to plant an "executabe" in the path
+ # - should use touch_exec to plant an "executable" in the path
# - should check that "which" for openvpn returns what's expected.