18 files changed, 129 insertions, 46 deletions

diff --git a/lib/leap_cli/commands/test.rb b/lib/leap_cli/commands/test.rb
index 3f0feb0..79271be 100644
--- a/lib/leap_cli/commands/test.rb
+++ b/lib/leap_cli/commands/test.rb
@@ -28,17 +28,17 @@ module LeapCli; module Commands
     assert_config! 'provider.ca.client_certificates.unlimited_prefix'
     assert_config! 'provider.ca.client_certificates.limited_prefix'
     template = read_file! Path.find_file(:test_client_openvpn_template)
-    ['production', 'testing', 'local', 'development'].each do |env|
+    ['production', 'testing', 'local', 'development', nil].each do |env|
       vpn_nodes = manager.nodes[:environment => env][:services => 'openvpn']['openvpn.allow_limited' => true]
       if vpn_nodes.any?
         generate_test_client_cert(provider.ca.client_certificates.limited_prefix) do |key, cert|
-          write_file! [:test_openvpn_config, env+'_limited'], Util.erb_eval(template, binding)
+          write_file! [:test_openvpn_config, [env, 'limited'].compact.join('_')], Util.erb_eval(template, binding)
         end
       end
       vpn_nodes = manager.nodes[:environment => env][:services => 'openvpn']['openvpn.allow_unlimited' => true]
       if vpn_nodes.any?
         generate_test_client_cert(provider.ca.client_certificates.unlimited_prefix) do |key, cert|
-          write_file! [:test_openvpn_config, env+'_unlimited'], Util.erb_eval(template, binding)
+          write_file! [:test_openvpn_config, [env, 'unlimited'].compact.join('_')], Util.erb_eval(template, binding)
         end
       end
     end
diff --git a/lib/leap_cli/config/macros.rb b/lib/leap_cli/config/macros.rb
index 3c59356..5f90894 100644
--- a/lib/leap_cli/config/macros.rb
+++ b/lib/leap_cli/config/macros.rb
@@ -21,6 +21,9 @@ module LeapCli; module Config
     #
     # returns a list of nodes that match the same environment
     #
+    # if @node.environment is not set, we return other nodes
+    # where environment is not set.
+    #
     def nodes_like_me
       nodes[:environment => @node.environment]
     end
diff --git a/lib/leap_cli/config/object_list.rb b/lib/leap_cli/config/object_list.rb
index 0c7711f..0c0da14 100644
--- a/lib/leap_cli/config/object_list.rb
+++ b/lib/leap_cli/config/object_list.rb
@@ -40,17 +40,15 @@ module LeapCli
             operator = match_value =~ /^!/ ? :not_equal : :equal
             each do |name, config|
               value = config[field]
-              if !value.nil?
-                if value.is_a? Array
-                  if value.include?(match_value)
-                    results[name] = config
-                  end
-                else
-                  if operator == :equal && value == match_value
-                    results[name] = config
-                  elsif operator == :not_equal && value != match_value
-                    results[name] = config
-                  end
+              if value.is_a? Array
+                if value.include?(match_value)
+                  results[name] = config
+                end
+              else
+                if operator == :equal && value == match_value
+                  results[name] = config
+                elsif operator == :not_equal && value != match_value
+                  results[name] = config
                 end
               end
             end
diff --git a/test/leap_platform/provider_base/common.json b/test/leap_platform/provider_base/common.json
index f5093a5..653b9a0 100644
--- a/test/leap_platform/provider_base/common.json
+++ b/test/leap_platform/provider_base/common.json
@@ -1,9 +1,11 @@
 {
-  "ip_address": "REQUIRED",
+  "ip_address": null,
+  "environment": null,
   "services": [],
+  "tags": [],
   "domain": {
      "full_suffix": "= global.provider.domain",
-     "internal_suffix": "= global.provider.internal_domain",
+     "internal_suffix": "= global.provider.domain_internal",
      "full": "= node.name + '.' + domain.full_suffix",
      "internal": "= node.name + '.' + domain.internal_suffix",
      "name": "= node.name + '.' + (dns.public ? domain.full_suffix : domain.internal_suffix)"
@@ -13,13 +15,16 @@
   },
   "ssh": {
     "authorized_keys": "= file :authorized_keys",
-    "known_hosts": "= file :known_hosts",
+    "known_hosts": "=> known_hosts_file",
     "port": 22
   },
+  "hosts": "=> hosts_file",
   "x509": {
     "use": false,
     "cert": "= x509.use ? file(:node_x509_cert, :missing => 'x509 certificate for node $node. Run `leap cert update`') : nil",
-    "key": "= x509.use ? file(:node_x509_key, :missing => 'x509 key for node $node. Run `leap cert update`') : nil"
+    "key": "= x509.use ? file(:node_x509_key, :missing => 'x509 key for node $node. Run `leap cert update`') : nil",
+    "ca_cert": "= try_file :ca_cert"
   },
-  "local": false
+  "service_type": "internal_service",
+  "name": "common"
 }
diff --git a/test/leap_platform/provider_base/provider.json b/test/leap_platform/provider_base/provider.json
index de5ad44..cf1baac 100644
--- a/test/leap_platform/provider_base/provider.json
+++ b/test/leap_platform/provider_base/provider.json
@@ -1,29 +1,53 @@
 {
   "domain": "REQUIRED",
-  "internal_domain": "= domain.sub(/\\..*$/,'.i')",
+  "domain_internal": "= domain.sub(/\\..*$/,'.i')",
   "name": {
     "en": "REQUIRED"
   },
   "description": {
     "en": "REQUIRED"
   },
+  "contacts": {
+    "default": "REQUIRED"
+  },
   "languages": ["en"],
   "default_language": "en",
   "enrollment_policy": "open",
+  "service": {
+    "levels": [
+      // bandwidth limit is in Bytes, storage limit is in MB.
+      {"id": 1, "name": "free", "bandwidth":"limited", "storage":50},
+      {"id": 2, "name": "basic", "storage":1000, "rate": ["US$10", "€10"]},
+      {"id": 3, "name": "pro", "storage":10000, "rate": ["US$20", "€20"]}
+    ],
+    "default_service_level": 1,
+    "bandwidth_limit": 102400,
+    "allow_free": "= global.provider.service.levels.select {|l| l['rate'].nil?}.any?",
+    "allow_paid": "= global.provider.service.levels.select {|l| !l['rate'].nil?}.any?",
+    "allow_anonymous": "= global.provider.service.levels.select {|l| l['name'] == 'anonymous'}.any?",
+    "allow_registration": "= global.provider.service.levels.select {|l| l['name'] != 'anonymous'}.any?",
+    "allow_limited_bandwidth": "= global.provider.service.levels.select {|l| l['bandwidth'] == 'limited'}.any?",
+    "allow_unlimited_bandwidth": "= global.provider.service.levels.select {|l| l['bandwidth'].nil?}.any?"
+  },
   "ca": {
     "name": "= global.provider.ca.organization + ' Root CA'",
     "organization": "= global.provider.name[global.provider.default_language]",
-    "organizational_unit": "= 'https://' + global.common.domain.full_suffix",
+    "organizational_unit": "= 'https://' + global.provider.domain",
     "bit_size": 4096,
     "digest": "SHA256",
     "life_span": "10y",
     "server_certificates": {
-      "bit_size": 3248,
+      "bit_size": 2024,
       "digest": "SHA256",
       "life_span": "1y"
+    },
+    "client_certificates": {
+      "bit_size": 2024,
+      "digest": "SHA256",
+      "life_span": "2m",
+      "limited_prefix": "LIMITED",
+      "unlimited_prefix": "UNLIMITED"
     }
   },
-  "vagrant":{
-    "network":"10.5.5.0/24"
-  }
+  "hiera_sync_destination": "/etc/leap"
 }
diff --git a/test/leap_platform/provider_base/services/couchdb.json b/test/leap_platform/provider_base/services/couchdb.json
index 1c8005c..0c40731 100644
--- a/test/leap_platform/provider_base/services/couchdb.json
+++ b/test/leap_platform/provider_base/services/couchdb.json
@@ -3,7 +3,14 @@
   "x509": {
     "use": true
   },
+  "stunnel": {
+    "couch_server": "= stunnel_server(couch.port)"
+  },
   "couch": {
+    "port": 5984,
+    "bigcouch": {
+      "cookie": "= secret :bigcouch_cookie"
+    },
     "users": {
       "admin": {
         "username": "admin",
diff --git a/test/leap_platform/provider_base/services/webapp.json b/test/leap_platform/provider_base/services/webapp.json
index cf023a9..895aa6e 100644
--- a/test/leap_platform/provider_base/services/webapp.json
+++ b/test/leap_platform/provider_base/services/webapp.json
@@ -1,21 +1,43 @@
 {
-  "service_type": "public_service",
-  "x509": {
-    "use": true,
-    "commercial_cert": "= try_file [:commercial_cert, global.provider.domain]",
-    "commercial_key": "= try_file [:commercial_key, global.provider.domain]"
-  },
-  "api_domain": "= 'api.' + domain.full_suffix",
-  "dns": {
-    "aliases": "= [domain.full, api_domain]"
-  },
   "webapp": {
     "modules": ["user", "billing", "help"],
-    "couchdb_hosts": "= nodes[:services => :couchdb].field('domain.name')",
-    "couchdb_user": "= global.services[:couchdb].couch.users[:webapp]"
+    "couchdb_admin_user": "= global.services[:couchdb].couch.users[:admin]",
+    "couchdb_webapp_user": "= global.services[:couchdb].couch.users[:webapp]",
+    "favicon": "= file_path 'branding/favicon.ico'",
+    "tail_scss": "= file_path 'branding/tail.scss'",
+    "head_scss": "= file_path 'branding/head.scss'",
+    "img_dir": "= file_path 'branding/img'",
+    "client_certificates": "= global.provider.ca.client_certificates",
+    "allow_limited_certs": "= global.provider.service.allow_limited_bandwidth",
+    "allow_unlimited_certs": "= global.provider.service.allow_unlimited_bandwidth",
+    "allow_anonymous_certs": "= global.provider.service.allow_anonymous",
+    "secret_token": "= secret :webapp_secret_token"
+  },
+  "stunnel": {
+    "couch_client": "= stunnel_client(nodes_like_me[:services => :couchdb], global.services[:couchdb].couch.port)"
+  },
+  "haproxy": {
+    "local_ports": "= stunnel.couch_client.field(:accept_port)"
   },
   "definition_files": {
-    "provider": "= file('service-definitions/provider.json.erb')",
-    "eip_service": "file('service-definitions/eip-service.json.erb')"
+    "provider": "= file :provider_json_template",
+    "eip_service": "= file :eip_service_json_template"
+  },
+  "service_type": "public_service",
+  "api": {
+    "domain": "= 'api.' + domain.full_suffix",
+    "port": "4430"
+  },
+  "dns": {
+    "aliases": "= [domain.full, api.domain]"
+  },
+  "x509": {
+    "use": true,
+    "ca_cert": "= file :ca_cert, :missing => 'provider CA. Run `leap cert ca`'",
+    "client_ca_cert": "= file_path :client_ca_cert",
+    "client_ca_key": "= file_path :client_ca_key",
+    "commercial_cert": "= file [:commercial_cert, domain.full_suffix]",
+    "commercial_key": "= file [:commercial_key, domain.full_suffix]",
+    "commercial_ca_cert": "= try_file :commercial_ca_cert"
   }
 }
\ No newline at end of file
diff --git a/test/leap_platform/provider_templates/common.json b/test/leap_platform/provider_templates/common.json
deleted file mode 100644
index e69de29..0000000
--- a/test/leap_platform/provider_templates/common.json
+++ /dev/null
diff --git a/test/leap_platform/provider_templates/node.json b/test/leap_platform/provider_templates/node.json
deleted file mode 100644
index e69de29..0000000
--- a/test/leap_platform/provider_templates/node.json
+++ /dev/null
diff --git a/test/leap_platform/provider_templates/provider.json b/test/leap_platform/provider_templates/provider.json
deleted file mode 100644
index e69de29..0000000
--- a/test/leap_platform/provider_templates/provider.json
+++ /dev/null
diff --git a/test/provider/Leapfile b/test/provider/Leapfile
new file mode 100644
index 0000000..5172af9
--- /dev/null
+++ b/test/provider/Leapfile
@@ -0,0 +1 @@
+@platform_directory = '../leap_platform'
\ No newline at end of file
diff --git a/test/provider/nodes/ns1.json b/test/provider/nodes/ns1.json
index afb5ef1..c74bd40 100644
--- a/test/provider/nodes/ns1.json
+++ b/test/provider/nodes/ns1.json
@@ -3,6 +3,5 @@
 //
 {
   "services": "dns",
-  "tags": "production",
   "ip_address": "1.1.1.1"
 }
\ No newline at end of file
diff --git a/test/provider/nodes/ns2.json b/test/provider/nodes/ns2.json
index e1917fb..c051b95 100644
--- a/test/provider/nodes/ns2.json
+++ b/test/provider/nodes/ns2.json
@@ -3,6 +3,5 @@
 //
 {
   "services": "dns",
-  "tags": "production",
   "ip_address": "1.1.1.2"
 }
\ No newline at end of file
diff --git a/test/provider/nodes/pcouch1.json b/test/provider/nodes/pcouch1.json
new file mode 100644
index 0000000..35ea3aa
--- /dev/null
+++ b/test/provider/nodes/pcouch1.json
@@ -0,0 +1,5 @@
+{
+  "tags": "production",
+  "services": "couchdb",
+  "ip_address": "11.0.0.2"
+}
diff --git a/test/provider/nodes/pweb1.json b/test/provider/nodes/pweb1.json
new file mode 100644
index 0000000..7debe74
--- /dev/null
+++ b/test/provider/nodes/pweb1.json
@@ -0,0 +1,5 @@
+{
+  "tags": "production",
+  "services": "webapp",
+  "ip_address": "11.0.0.1"
+}
\ No newline at end of file
diff --git a/test/provider/nodes/vpn1.json b/test/provider/nodes/vpn1.json
index 5115cb2..15dd260 100644
--- a/test/provider/nodes/vpn1.json
+++ b/test/provider/nodes/vpn1.json
@@ -1,7 +1,6 @@
 {
   "services": "openvpn",
   "ip_address": "10.5.5.3",
-  "tags": "production",
   "openvpn": {
     "gateway_address": "3.3.3.3",
     "filter_dns": true
diff --git a/test/provider/tags/production.json b/test/provider/tags/production.json
index b35c065..ea17498 100644
--- a/test/provider/tags/production.json
+++ b/test/provider/tags/production.json
@@ -1,3 +1,3 @@
 {
-  "production": true
+  "environment": "production"
 }
\ No newline at end of file
diff --git a/test/unit/config_object_list_test.rb b/test/unit/config_object_list_test.rb
index 122c6cd..d38f441 100644
--- a/test/unit/config_object_list_test.rb
+++ b/test/unit/config_object_list_test.rb
@@ -10,12 +10,28 @@ class ConfigObjectListTest < MiniTest::Unit::TestCase
 
   def test_complex_node_search
     domain = provider.domain
-    nodes = manager.nodes['dns.public' => true]
-    expected = [{"domain_full"=>"ns1.#{domain}"}, {"domain_full"=>"ns2.#{domain}"}, {"domain_full"=>"vpn1.#{domain}"}, {"domain_full"=>"web1.#{domain}"}]
+    nodes = manager.nodes['x509.use' => true]
+    assert nodes.size != manager.nodes.size, 'should not return all nodes'
+    assert nodes.size > 2, 'should be some nodes'
+    expected = manager.nodes.collect {|name, node|
+      if node.x509.use
+        node.domain.full
+      end
+    }.compact
     assert_equal expected.size, nodes.size
-    assert_equal expected, nodes.fields('domain.full')
+    assert_equal expected.sort, nodes.field('domain.full').sort
   end
 
+  def test_nodes_like_me
+    nodes = manager.nodes[:environment => nil]
+    node = nodes.values.first
+    assert nodes.size > 1, "should be nodes with no environment set"
+    assert_equal node.nodes_like_me.values, nodes.values
 
+    nodes = manager.nodes[:environment => "production"]
+    node = nodes.values.first
+    assert nodes.size > 1, "should be production nodes"
+    assert_equal node.nodes_like_me.values, nodes.values
+  end
 
 end