From 96634bb77059ca074a4713e0d143c99266b4d55f Mon Sep 17 00:00:00 2001 From: elijah Date: Tue, 6 Nov 2012 23:46:57 -0800 Subject: updated test/provider and added configurable life_span to CA. --- lib/leap_cli/commands/ca.rb | 23 +++++++++++++++-------- test/provider/common.json | 14 +++++++------- test/provider/provider.json | 7 +++++-- test/provider/secrets.json | 4 ++++ test/provider/services/couchdb.json | 6 +++++- test/provider/services/webapp.json | 3 ++- 6 files changed, 38 insertions(+), 19 deletions(-) create mode 100644 test/provider/secrets.json diff --git a/lib/leap_cli/commands/ca.rb b/lib/leap_cli/commands/ca.rb index ff24058..94a173c 100644 --- a/lib/leap_cli/commands/ca.rb +++ b/lib/leap_cli/commands/ca.rb @@ -11,6 +11,7 @@ module LeapCli; module Commands assert_files_missing! :ca_cert, :ca_key assert_config! 'provider.ca.name' assert_config! 'provider.ca.bit_size' + assert_config! 'provider.ca.life_span' provider = manager.provider root = CertificateAuthority::Certificate.new @@ -25,10 +26,8 @@ module LeapCli; module Commands end # set expiration - years = 2 - today = Date.today - root.not_before = Time.gm today.year, today.month, today.day - root.not_after = root.not_before + years * 60 * 60 * 24 * 365 + root.not_before = today + root.not_after = years_from_today(provider.ca.life_span.to_i) # generate private key root.serial_number.number = 1 @@ -65,10 +64,8 @@ module LeapCli; module Commands cert.subject.common_name = node.domain.full # set expiration - years = provider.ca.server_certificates.life_span.to_i - today = Date.today - cert.not_before = Time.gm today.year, today.month, today.day - cert.not_after = cert.not_before + years * 60 * 60 * 24 * 365 + cert.not_before = today + cert.not_after = years_from_today(provider.ca.server_certificates.life_span.to_i) # generate key cert.serial_number.number = cert_serial_number(node.domain.full) @@ -162,4 +159,14 @@ module LeapCli; module Commands Digest::MD5.hexdigest("#{domain_name} -- #{Time.now}").to_i(16) end + def today + t = Time.now + Time.utc t.year, t.month, t.day + end + + def years_from_today(num) + t = Time.now + Time.utc t.year + num, t.month, t.day + end + end; end diff --git a/test/provider/common.json b/test/provider/common.json index 9e19836..7504e86 100644 --- a/test/provider/common.json +++ b/test/provider/common.json @@ -3,8 +3,8 @@ # { "domain": { - "full_suffix": "rewire.co", - "internal_suffix": "rewire", + "full_suffix": "= global.provider.domain", + "internal_suffix": "= global.provider.internal_domain", "full": "= node.name + '.' + domain.full_suffix", "internal": "= node.name + '.' + domain.internal_suffix", "name": "= node.name + '.' + (dns.public ? domain.full_suffix : domain.internal_suffix)" @@ -16,10 +16,10 @@ "authorized_keys": "= file :authorized_keys", "known_hosts": "= file :known_hosts", "port": 22 + }, + "x509": { + "use": false, + "cert": "= x509.use ? file(:node_x509_cert) : nil", + "key": "= x509.use ? file(:node_x509_key) : nil" } - #"x509": { - # "use": false, - # "cert": "= x509.use ? file(:node_x509_cert) : nil", - # "key": "= x509.use ? file(:node_x509_key) : nil" - #} } diff --git a/test/provider/provider.json b/test/provider/provider.json index d4153a6..e65eebe 100644 --- a/test/provider/provider.json +++ b/test/provider/provider.json @@ -2,8 +2,10 @@ # General service provider configuration. # { + "domain": "bitmask.net", + "internal_domain": "= domain.sub(/\\..*$/,'.i')", "name": { - "en": "The Rewire Company" + "en": "Bitmask" }, "description": { "en": "A demonstration service provider using the LEAP platform" @@ -12,10 +14,11 @@ "default_language": "en", "enrollment_policy": "open", "ca": { - "name": "Rewire Root CA", + "name": "= global.provider.ca.organization + ' Root CA'", "organization": "= global.provider.name[global.provider.default_language]", "organizational_unit": "= 'https://' + global.common.domain.full_suffix", "bit_size": 4096, + "life_span": "10y", "server_certificates": { "bit_size": 3248, "life_span": "1y" diff --git a/test/provider/secrets.json b/test/provider/secrets.json new file mode 100644 index 0000000..3654472 --- /dev/null +++ b/test/provider/secrets.json @@ -0,0 +1,4 @@ +{ + "couch_admin_password": "Wf@W&@fQeK@qcItm-9fH~9ve8A4V5Dua", + "couch_webapp_password": "rXYr3RfJyqutsLZ6zQZ=&@WPXWnvdMpe" +} diff --git a/test/provider/services/couchdb.json b/test/provider/services/couchdb.json index 9024aa0..1cbc84e 100644 --- a/test/provider/services/couchdb.json +++ b/test/provider/services/couchdb.json @@ -1,3 +1,7 @@ { - "service_type": "internal_service" + "service_type": "internal_service", + "users": { + "admin": {"username":"admin", "password":"= secret :couch_admin_password"}, + "webapp": {"username":"webapp", "password":"= secret :couch_webapp_password"} + } } \ No newline at end of file diff --git a/test/provider/services/webapp.json b/test/provider/services/webapp.json index 0e5b2f9..247df49 100644 --- a/test/provider/services/webapp.json +++ b/test/provider/services/webapp.json @@ -1,7 +1,8 @@ { "webapp": { "modules": ["user", "billing", "help"], - "couchdb_hosts": "= nodes[:services => :couchdb].field('domain.name')" + "couchdb_hosts": "= nodes[:services => :couchdb].field('domain.name')", + "couchdb_users": "= global.services['couchdb'].users['admin']" }, "definition_files": { "provider": "= file('service-definitions/provider.json.erb')", -- cgit v1.2.3