summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorelijah <elijah@riseup.net>2016-10-07 15:41:21 -0700
committervarac <varacanero@zeromail.org>2016-10-20 20:16:30 +0200
commit15f8dd13c6d26fa1ad0d06d3ea03e8df260224db (patch)
treea393af3f7815642b722629cc9bff98d6aecd7de0
parent312689623bee05b631ad3df34f20f1ad067ab4b3 (diff)
[bug] properly set 'enrollment_policy' in provider.json
-rw-r--r--lib/leap_cli/config/manager.rb100
-rw-r--r--provider_base/provider.rb5
-rw-r--r--provider_base/services/webapp.json1
3 files changed, 74 insertions, 32 deletions
diff --git a/lib/leap_cli/config/manager.rb b/lib/leap_cli/config/manager.rb
index bdd5b255..d69a5808 100644
--- a/lib/leap_cli/config/manager.rb
+++ b/lib/leap_cli/config/manager.rb
@@ -89,27 +89,26 @@ module LeapCli
else
parent = nil
end
- @environments[args[:name]] = Environment.new(
+ env = Environment.new(
self,
args.delete(:name),
args.delete(:dir),
parent,
args
)
+ @environments[env.name] = env
end
#
# load .json configuration files
#
def load(options = {})
- @provider_dir = Path.provider
-
# load base
add_environment(name: '_base_', dir: Path.provider_base)
# load provider
- Util::assert_files_exist!(Path.named_path(:provider_config, @provider_dir))
- add_environment(name: 'default', dir: @provider_dir,
+ Util::assert_files_exist!(Path.named_path(:provider_config, Path.provider))
+ add_environment(name: 'default', dir: Path.provider,
inherit: '_base_', no_dots: true)
# create a special '_all_' environment, used for tracking
@@ -120,7 +119,7 @@ module LeapCli
environment_names.each do |ename|
if ename
LeapCli.log 3, :loading, '%s environment...' % ename
- add_environment(name: ename, dir: @provider_dir,
+ add_environment(name: ename, dir: Path.provider,
inherit: 'default', scope: ename)
end
end
@@ -134,20 +133,8 @@ module LeapCli
# do some node-list post-processing
cleanup_node_lists(options)
- # apply control files
- env.nodes.each do |name, node|
- control_files(node).each do |file|
- begin
- node.eval_file file
- rescue ConfigError => exc
- if options[:continue_on_error]
- exc.log
- else
- raise exc
- end
- end
- end
- end
+ # apply service.rb, common.rb, and provider.rb control files
+ apply_control_files
end
#
@@ -164,13 +151,13 @@ module LeapCli
unless node_list
node_list = env.nodes
- existing_hiera = Dir.glob(Path.named_path([:hiera, '*'], @provider_dir))
- existing_files = Dir.glob(Path.named_path([:node_files_dir, '*'], @provider_dir))
+ existing_hiera = Dir.glob(Path.named_path([:hiera, '*'], Path.provider))
+ existing_files = Dir.glob(Path.named_path([:node_files_dir, '*'], Path.provider))
end
node_list.each_node do |node|
- filepath = Path.named_path([:node_files_dir, node.name], @provider_dir)
- hierapath = Path.named_path([:hiera, node.name], @provider_dir)
+ filepath = Path.named_path([:node_files_dir, node.name], Path.provider)
+ hierapath = Path.named_path([:hiera, node.name], Path.provider)
Util::write_file!(hierapath, node.dump_yaml)
updated_files << filepath
updated_hiera << hierapath
@@ -179,8 +166,8 @@ module LeapCli
if @disabled_nodes
# make disabled nodes appear as if they are still active
@disabled_nodes.each_node do |node|
- updated_files << Path.named_path([:node_files_dir, node.name], @provider_dir)
- updated_hiera << Path.named_path([:hiera, node.name], @provider_dir)
+ updated_files << Path.named_path([:node_files_dir, node.name], Path.provider)
+ updated_hiera << Path.named_path([:hiera, node.name], Path.provider)
end
end
@@ -199,7 +186,7 @@ module LeapCli
def export_secrets(clean_unused_secrets = false)
if env.secrets.any?
- Util.write_file!([:secrets_config, @provider_dir], env.secrets.dump_json(clean_unused_secrets) + "\n")
+ Util.write_file!([:secrets_config, Path.provider], env.secrets.dump_json(clean_unused_secrets) + "\n")
end
end
@@ -405,18 +392,48 @@ module LeapCli
end
#
- # Returns a list of 'control' files for this node. A control file is like
- # a service or a tag JSON file, but it contains raw ruby code that gets
- # evaluated in the context of the node.
+ # Applies 'control' files for node .json files and provider.json.
+ #
+ # A control file is like a service or a tag JSON file, but it contains
+ # raw ruby code that gets evaluated in the context of the node.
#
# Yes, this entirely breaks our functional programming model for JSON
# generation.
#
# Control files are evaluated last, after everything else has run.
#
- def control_files(node)
+ def apply_control_files
+ @environments.values.each do |e|
+ provider_control_files(e.name).each do |provider_rb|
+ begin
+ e.provider.eval_file provider_rb
+ rescue ConfigError => exc
+ if options[:continue_on_error]
+ exc.log
+ else
+ raise exc
+ end
+ end
+ end
+ end
+ env.nodes.each do |name, node|
+ node_control_files(node).each do |file|
+ begin
+ node.eval_file file
+ rescue ConfigError => exc
+ if options[:continue_on_error]
+ exc.log
+ else
+ raise exc
+ end
+ end
+ end
+ end
+ end
+
+ def node_control_files(node)
files = []
- [Path.provider_base, @provider_dir].each do |provider_dir|
+ [Path.provider_base, Path.provider].each do |provider_dir|
# add common.rb
common = File.join(provider_dir, 'common.rb')
files << common if File.exist?(common)
@@ -434,6 +451,25 @@ module LeapCli
return files
end
+ def provider_control_files(env)
+ # skip envs that start with underscore
+ if env =~ /^_/
+ return []
+ end
+ files = []
+ environments = [nil]
+ environments << env unless env == 'default'
+ environments.each do |environment|
+ [Path.provider_base, Path.provider].each do |provider_dir|
+ provider_rb = File.join(
+ provider_dir, ['provider', environment, 'rb'].compact.join('.')
+ )
+ files << provider_rb if File.exist?(provider_rb)
+ end
+ end
+ return files
+ end
+
end
end
end
diff --git a/provider_base/provider.rb b/provider_base/provider.rb
new file mode 100644
index 00000000..40a93574
--- /dev/null
+++ b/provider_base/provider.rb
@@ -0,0 +1,5 @@
+unless ['open', 'invite', 'closed'].include?(self.enrollment_policy)
+ LeapCli.log :error, "in provider config" do
+ LeapCli.log "The value of enrollment_policy must be one of 'open', 'invite', or 'closed'."
+ end
+end \ No newline at end of file
diff --git a/provider_base/services/webapp.json b/provider_base/services/webapp.json
index b1d2ca59..feca9524 100644
--- a/provider_base/services/webapp.json
+++ b/provider_base/services/webapp.json
@@ -19,6 +19,7 @@
"allow_unlimited_certs": "= provider.service.allow_unlimited_bandwidth",
"allow_anonymous_certs": "= provider.service.allow_anonymous",
"allow_registration": "= provider.service.allow_registration",
+ "invite_required": "= provider.enrollment_policy == 'invite'",
"default_service_level": "= provider.service.default_service_level",
"service_levels": "= service_levels()",
"secret_token": "= secret :webapp_secret_token",