summaryrefslogtreecommitdiff
path: root/provider_base/services
diff options
context:
space:
mode:
authorelijah <elijah@riseup.net>2016-04-08 10:41:54 -0700
committerelijah <elijah@riseup.net>2016-04-08 10:41:54 -0700
commit82b15a8a071ba099cf52bb00c66caebdbd265273 (patch)
tree3f27b0673839be7d10ed5b401216ab79e43ce751 /provider_base/services
parent44666c42ce836fb611dfd9c1b549e955c470814c (diff)
parenteac3056c237d523f4786593922fe8f88eb65dff7 (diff)
Merge branch 'feature/mxtest' into develop
Diffstat (limited to 'provider_base/services')
-rw-r--r--provider_base/services/_api_tester.json13
-rw-r--r--provider_base/services/monitor.rb3
-rw-r--r--provider_base/services/mx.json2
-rw-r--r--provider_base/services/mx.rb1
-rw-r--r--provider_base/services/soledad.rb22
-rw-r--r--provider_base/services/webapp.json10
6 files changed, 47 insertions, 4 deletions
diff --git a/provider_base/services/_api_tester.json b/provider_base/services/_api_tester.json
new file mode 100644
index 00000000..790aa7d8
--- /dev/null
+++ b/provider_base/services/_api_tester.json
@@ -0,0 +1,13 @@
+//
+// This partial should be added to any service that runs tests that rely on
+// accessing the bonafide webapp API.
+//
+{
+ "testing": {
+ "monitor_auth_token": "= secret :api_monitor_auth_token",
+ "api_uri": "= global.services[:webapp].api.uri",
+ // api_hosts is not used directly, but calling hostnames() will ensure
+ // that the hostnames are added to /etc/hosts
+ "api_hosts": "= hostnames(nodes_like_me[:services => 'webapp'])"
+ }
+} \ No newline at end of file
diff --git a/provider_base/services/monitor.rb b/provider_base/services/monitor.rb
new file mode 100644
index 00000000..01590d5c
--- /dev/null
+++ b/provider_base/services/monitor.rb
@@ -0,0 +1,3 @@
+unless self.services.include? "webapp"
+ LeapCli.log :error, "service `monitor` requires service `webapp` on the same node (node #{self.name})."
+end
diff --git a/provider_base/services/mx.json b/provider_base/services/mx.json
index 676e075b..c7e99d85 100644
--- a/provider_base/services/mx.json
+++ b/provider_base/services/mx.json
@@ -30,7 +30,7 @@
"password": "= secret :couch_leap_mx_password",
"salt": "= hex_secret :couch_leap_mx_password_salt, 128"
},
- "mynetworks": "= nodes['environment' => '!local'].map{|name, n| [n.ip_address, (global.facts[name]||{})['ec2_public_ipv4']]}.flatten.compact.uniq",
+ "mynetworks": "= host_ips(nodes)",
"rbls": ["zen.spamhaus.org"],
"clamav": {
"whitelisted_addresses": []
diff --git a/provider_base/services/mx.rb b/provider_base/services/mx.rb
new file mode 100644
index 00000000..741ff313
--- /dev/null
+++ b/provider_base/services/mx.rb
@@ -0,0 +1 @@
+apply_partial('services/_api_tester.json')
diff --git a/provider_base/services/soledad.rb b/provider_base/services/soledad.rb
index b55e90b6..4391dead 100644
--- a/provider_base/services/soledad.rb
+++ b/provider_base/services/soledad.rb
@@ -1,3 +1,23 @@
unless self.services.include? "couchdb"
LeapCli.log :error, "service `soledad` requires service `couchdb` on the same node (node #{self.name})."
-end \ No newline at end of file
+end
+
+#
+# currently, mx tests keep the same test user around,
+# by rely on the soledad test to destroy the email
+# test user's mail storage (so that it does not just
+# keep accumulating test emails).
+#
+# We do it this way because:
+#
+# (1) couchdb bloats if you create and destroy test users,
+# so we keep the test user around.
+#
+# (2) the mx test has access to the bonafide api, but the
+# bonafide api (webapp) does not have access to destroy
+# user storage dbs.
+#
+# If any of these conditions change, then this partial
+# will no longer be required.
+#
+apply_partial('services/_api_tester.json') \ No newline at end of file
diff --git a/provider_base/services/webapp.json b/provider_base/services/webapp.json
index 9e3d751b..b1d2ca59 100644
--- a/provider_base/services/webapp.json
+++ b/provider_base/services/webapp.json
@@ -33,7 +33,11 @@
"support"
],
"locales": "= provider.languages",
- "default_locale": "= provider.default_language"
+ "default_locale": "= provider.default_language",
+ "api_tokens": {
+ "monitor": "= secret :api_monitor_auth_token",
+ "allowed_ips": "= host_ips(nodes_like_me)"
+ }
},
"stunnel": {
"clients": {
@@ -55,8 +59,10 @@
"service_type": "public_service",
"api": {
"domain": "= 'api.' + webapp.domain",
+ "version": 1,
"port": 4430,
- "ca_cert_uri": "= 'https://' + webapp.domain + '/ca.crt'"
+ "ca_cert_uri": "= 'https://' + webapp.domain + '/ca.crt'",
+ "uri": "= %(https://#{api.domain}:#{api.port}/#{api.version})"
},
"nickserver": {
"domain": "= 'nicknym.' + domain.full_suffix",