From ed4ad3a392caf0211e51a48d2d7b6c5a2f7bb17a Mon Sep 17 00:00:00 2001 From: kali Date: Wed, 29 Aug 2012 23:05:38 +0900 Subject: add eipconfig spec and config object --- src/leap/base/config.py | 3 ++ src/leap/base/providers.py | 6 ++-- src/leap/base/tests/test_config.py | 25 ++------------- src/leap/eip/checks.py | 5 +++ src/leap/eip/config.py | 47 +++++++++++++++++----------- src/leap/eip/constants.py | 3 ++ src/leap/eip/specs.py | 64 ++++++++++++++++++++++++++++++++++++++ src/leap/eip/tests/test_config.py | 2 +- 8 files changed, 110 insertions(+), 45 deletions(-) create mode 100644 src/leap/eip/specs.py (limited to 'src/leap') diff --git a/src/leap/base/config.py b/src/leap/base/config.py index 1ced471b..465016db 100644 --- a/src/leap/base/config.py +++ b/src/leap/base/config.py @@ -141,6 +141,9 @@ class JSONLeapConfig(BaseLeapConfig): config_file = get_config_file(filename, folder) return config_file + def exists(self): + return os.path.isfile(self.filename) + # # utility functions diff --git a/src/leap/base/providers.py b/src/leap/base/providers.py index 71ccf139..677dd6ec 100644 --- a/src/leap/base/providers.py +++ b/src/leap/base/providers.py @@ -6,16 +6,16 @@ from leap.base import specs class LeapProviderDefinition(baseconfig.JSONLeapConfig): spec = specs.leap_provider_spec - def get_slug(self): + def _get_slug(self): provider_path = baseconfig.get_default_provider_path() return baseconfig.get_config_file( 'definition.json', folder=provider_path) - def set_slug(self, *args, **kwargs): + def _set_slug(self, *args, **kwargs): raise AttributeError("you cannot set slug") - slug = property(get_slug, set_slug) + slug = property(_get_slug, _set_slug) # TODO (MVS+) # we will construct slug from providers/%s/definition.json diff --git a/src/leap/base/tests/test_config.py b/src/leap/base/tests/test_config.py index 54e4484c..ef897a23 100644 --- a/src/leap/base/tests/test_config.py +++ b/src/leap/base/tests/test_config.py @@ -35,7 +35,9 @@ class ProviderTest(BaseLeapTest): class BareHomeTestCase(ProviderTest): - __name__ = "provider_config_tests" + __name__ = "provider_config_tests_bare_home" + + # XXX review. is it still needed? def test_should_raise_if_missing_eip_json(self): with self.assertRaises(exceptions.MissingConfigFileError): @@ -59,27 +61,6 @@ class ProviderDefinitionTestCase(ProviderTest): with open(os.path.join(path, 'eip.json'), 'w') as fp: json.dump(eipconstants.EIP_SAMPLE_JSON, fp) - # moved to eip.test_checks.test_fetch_definition - #def test_complete_file(self): - #with mock.patch.object(requests, "get") as mock_method: - #mock_method.return_value.status_code = 200 - #mock_method.return_value.json = { - #XXX get from providers template - #u'api_uri': u'https://api.testprovider.org/', - #u'api_version': u'0.1.0', - #u'ca_cert': u'8aab80ae4326fd30721689db813733783fe0bd7e', - #u'ca_cert_uri': u'https://testprovider.org/cacert.pem', - #u'description': {u'en': u'This is a test provider'}, - #u'display_name': {u'en': u'Test Provider'}, - #u'domain': u'testprovider.org', - #u'enrollment_policy': u'open', - #u'public_key': u'cb7dbd679f911e85bc2e51bd44afd7308ee19c21', - #u'serial': 1, - #u'services': [u'eip'], - #u'version': u'0.1.0'} - # XXX why init to localhost? - #cf = config.Configuration("http://localhost/") - #self.assertIn('default', cf.providers) # # provider fetch tests block diff --git a/src/leap/eip/checks.py b/src/leap/eip/checks.py index 27320b1f..e5b8e971 100644 --- a/src/leap/eip/checks.py +++ b/src/leap/eip/checks.py @@ -52,6 +52,8 @@ class EIPConfigChecker(object): self.config = None self.fetcher = fetcher + #self.eipconfig = eipconfig.EIPConfig() + def run_all(self, checker=None, skip_download=False): """ runs all checks in a row. @@ -208,10 +210,13 @@ class EIPConfigChecker(object): return baseconfig.get_config_file(eipconstants.EIP_CONFIG) def _is_there_default_eipconfig(self): + #XXX + #self.eipconfig.exists() return os.path.isfile( self._get_default_eipconfig_path()) def _dump_default_eipconfig(self): + #XXX self.eipconfig.save() eipconfig.dump_default_eipconfig( self._get_default_eipconfig_path()) diff --git a/src/leap/eip/config.py b/src/leap/eip/config.py index 2694ca61..34f05070 100644 --- a/src/leap/eip/config.py +++ b/src/leap/eip/config.py @@ -8,20 +8,17 @@ import socket from leap.util.fileutil import (which, mkdir_p, check_and_fix_urw_only) -# from leap.base import config as baseconfig -from leap.base.config import (get_default_provider_path, - get_config_file, - get_username, - get_groupname, - validate_ip) +from leap.base import config as baseconfig from leap.baseapp.permcheck import (is_pkexec_in_system, is_auth_agent_running) from leap.eip import exceptions as eip_exceptions from leap.eip import constants as eipconstants +from leap.eip import specs as eipspecs logger = logging.getLogger(name=__name__) logger.setLevel('DEBUG') +# XXX deprecate per #447 OPENVPN_CONFIG_TEMPLATE = """#Autogenerated by eip-client wizard remote {VPN_REMOTE_HOST} {VPN_REMOTE_PORT} @@ -39,6 +36,18 @@ ca {LEAP_EIP_KEYS} """ +class EIPConfig(baseconfig.JSONLeapConfig): + spec = eipspecs.eipconfig_spec + + def _get_slug(self): + return baseconfig.get_config_file('eip.json') + + def _set_slug(self, *args, **kwargs): + raise AttributeError("you cannot set slug") + + slug = property(_get_slug, _set_slug) + + def check_or_create_default_vpnconf(config): """ checks that a vpn config file @@ -47,12 +56,12 @@ def check_or_create_default_vpnconf(config): ATM REQURES A [provider] section in eip.cfg with _at least_ a remote_ip value """ - default_provider_path = get_default_provider_path() + default_provider_path = baseconfig.get_default_provider_path() if not os.path.isdir(default_provider_path): mkdir_p(default_provider_path) - conf_file = get_config_file( + conf_file = baseconfig.get_config_file( 'openvpn.conf', folder=default_provider_path) @@ -74,7 +83,7 @@ def check_or_create_default_vpnconf(config): # and make a reverse resolv. remote_ip = config.get('provider', 'remote_ip') - validate_ip(remote_ip) + baseconfig.validate_ip(remote_ip) except ConfigParser.NoSectionError: raise eip_exceptions.EIPInitNoProviderError @@ -91,19 +100,19 @@ def check_or_create_default_vpnconf(config): default_subpath = os.path.join("providers", "default") - default_provider_path = get_config_file( + default_provider_path = baseconfig.get_config_file( '', folder=default_subpath) if not os.path.isdir(default_provider_path): mkdir_p(default_provider_path) - conf_file = get_config_file( + conf_file = baseconfig.get_config_file( 'openvpn.conf', folder=default_provider_path) # XXX keys have to be manually placed by now - keys_file = get_config_file( + keys_file = baseconfig.get_config_file( 'openvpn.keys', folder=default_provider_path) @@ -133,8 +142,8 @@ def build_ovpn_options(daemon=False): # get user/group name # also from config. - user = get_username() - group = get_groupname() + user = baseconfig.get_username() + group = baseconfig.get_groupname() opts = [] @@ -171,10 +180,10 @@ def build_ovpn_options(daemon=False): opts.append('--config') - default_provider_path = get_default_provider_path() + default_provider_path = baseconfig.get_default_provider_path() # XXX get rid of config_file at all - ovpncnf = get_config_file( + ovpncnf = baseconfig.get_config_file( 'openvpn.conf', folder=default_provider_path) opts.append(ovpncnf) @@ -296,7 +305,7 @@ def get_config(config_file=None): config = ConfigParser.ConfigParser(defaults) if not config_file: - fpath = get_config_file('eip.cfg') + fpath = baseconfig.get_config_file('eip.cfg') if not os.path.isfile(fpath): dpath, cfile = os.path.split(fpath) if not os.path.isdir(dpath): @@ -343,9 +352,9 @@ def check_vpn_keys(config): if config.has_option(*keyopt): keyfile = config.get(*keyopt) else: - keyfile = get_config_file( + keyfile = baseconfig.get_config_file( 'openvpn.keys', - folder=get_default_provider_path()) + folder=baseconfig.get_default_provider_path()) logger.debug('keyfile = %s', keyfile) # if no keys, raise error. diff --git a/src/leap/eip/constants.py b/src/leap/eip/constants.py index 6161d744..31974926 100644 --- a/src/leap/eip/constants.py +++ b/src/leap/eip/constants.py @@ -1,5 +1,8 @@ EIP_CONFIG = "eip.json" +# XXX deprecate. EIPConfig used instead +# can move for testing purposes. + EIP_SAMPLE_JSON = { "provider": "testprovider.example.org", "transport": "openvpn", diff --git a/src/leap/eip/specs.py b/src/leap/eip/specs.py new file mode 100644 index 00000000..572177dd --- /dev/null +++ b/src/leap/eip/specs.py @@ -0,0 +1,64 @@ +import os + +from leap.base import config as baseconfig + + +provider_ca_path = os.path.join( + baseconfig.get_default_provider_path(), + 'keys', 'ca', + 'testprovider-ca-cert.pem' +) + +client_cert_path = os.path.join( + baseconfig.get_default_provider_path(), + 'keys', 'client', + 'openvpn.pem' +) + +eipconfig_spec = { + 'provider': { + 'type': unicode, + 'default': u"testprovider.example.org", + 'required': True, + }, + 'transport': { + 'type': unicode, + 'default': u"openvpn", + }, + 'openvpn_protocol': { + 'type': unicode, + 'default': u"tcp" + }, + 'openvpn_port': { + 'type': int, + 'default': 80 + }, + 'oepnvpn_ca_certificate': { + 'type': unicode, # path + 'default': provider_ca_path + }, + 'openvpn_client_certificate': { + 'type': unicode, # path + 'default': client_cert_path + }, + 'connect_on_login': { + 'type': bool, + 'default': True + }, + 'block_cleartext_tr affic': { + 'type': bool, + 'default': True + }, + 'primary_gateway': { + 'type': unicode, + 'default': u"usa_west", + 'required': True + }, + 'secondary_gateway': { + 'type': unicode, + 'default': u"france" + }, + 'management_password': { + 'type': unicode + } +} diff --git a/src/leap/eip/tests/test_config.py b/src/leap/eip/tests/test_config.py index fac4729d..16219648 100644 --- a/src/leap/eip/tests/test_config.py +++ b/src/leap/eip/tests/test_config.py @@ -82,7 +82,7 @@ class EIPConfigTest(BaseLeapTest): self.assertEqual(args, self.get_expected_openvpn_args()) # XXX TODO: - # - should use touch_exec to plant an "executabe" in the path + # - should use touch_exec to plant an "executable" in the path # - should check that "which" for openvpn returns what's expected. -- cgit v1.2.3