openvpn -- added support for optional "free" rate-limited service via special client certificates with the FREE prefix in the common name.

author: elijah <elijah@riseup.net> 2013-02-27 23:46:58 -0800
committer: elijah <elijah@riseup.net> 2013-02-27 23:46:58 -0800
commit: ffb88e54c5e4e30fa61ea1009f3eee62f98ab17c (patch)
tree: 0d28846e9de15d7580b3b232aac16e2f4e8cb6e4 /provider_base
parent: 5f8b63892ec9d08471a43ac642ed8f291d27c4f5 (diff)
4 files changed, 44 insertions, 12 deletions
diff --git a/provider_base/files/service-definitions/eip-service.json.erb b/provider_base/files/service-definitions/eip-service.json.erb
index 8dc7211d..09b65bbb 100644
--- a/provider_base/files/service-definitions/eip-service.json.erb
+++ b/provider_base/files/service-definitions/eip-service.json.erb
@@ -6,21 +6,34 @@
     words
   end
 
+  def gateway_definition(node)
+    gateway = {}
+    gateway["capabilities"] = node.openvpn.pick(:ports, :protocols, :user_ips, :adblock, :filter_dns)
+    gateway["capabilities"]["transport"] = ["openvpn"]
+    gateway["host"] = node.domain.full
+    gateway["cluster"] = underscore(node.openvpn.location)
+    gateway
+  end
+
   hsh = {}
   hsh["serial"] = 1
   hsh["version"] = 1
   clusters = {}
   gateways = []
-  global.services['openvpn'].node_list.each_node do |node|
-    next if node.vagrant?
-    gateway = {}
-    gateway["capabilities"] = node.openvpn.pick(
-      :ports, :protocols, :user_ips, :adblock, :filter_dns)
-    gateway["capabilities"]["transport"] = ["openvpn"]
-    gateway["ip_address"] = node.openvpn.gateway_address
-    gateway["host"] = node.domain.full
-    gateway["cluster"] = underscore(node.openvpn.location)
-    gateways << gateway
+  nodes_like_me[:services => 'openvpn'].each_node do |node|
+    if node.openvpn.gateway_address
+      gateway = gateway_definition(node)
+      gateway["ip_address"] = node.openvpn.gateway_address
+      gateway["capabilities"]["free"] = false
+      gateways << gateway
+    end
+    if node.openvpn.free_gateway_address && node.openvpn.free_gateway_address != "REQUIRED"
+      gateway = gateway_definition(node)
+      gateway["ip_address"] = node.openvpn.free_gateway_address
+      gateway["capabilities"]["free"] = true
+      gateway["capabilities"]["rate_limit"] = node.openvpn.free_rate_limit
+      gateways << gateway
+    end
     clusters[gateway["cluster"]] ||= {
       "name" => gateway["cluster"],
       "label" => {"en" => node.openvpn.location}
diff --git a/provider_base/provider.json b/provider_base/provider.json
index 8ce848f3..14eabdc2 100644
--- a/provider_base/provider.json
+++ b/provider_base/provider.json
@@ -13,6 +13,12 @@
   "languages": ["en"],
   "default_language": "en",
   "enrollment_policy": "open",
+  "service_levels": [
+    {"name": "free", "bandwidth":102400, "storage":50},
+    {"name": "basic", "bandwidth":null, "storage":1000},
+    {"name": "premium", "bandwidth":null, "storage":10000}
+  ],
+  "service_allow_free": false,
   "ca": {
     "name": "= global.provider.ca.organization + ' Root CA'",
     "organization": "= global.provider.name[global.provider.default_language]",
@@ -24,6 +30,12 @@
       "bit_size": 3248,
       "digest": "SHA256",
       "life_span": "1y"
+    },
+    "client_certificates": {
+      "bit_size": 2024,
+      "digest": "SHA256",
+      "life_span": "2m",
+      "free_prefix": "FREE"
     }
   },
   "hiera_sync_destination": "/etc/leap"
diff --git a/provider_base/services/openvpn.json b/provider_base/services/openvpn.json
index 7b67ccb3..e78a02ac 100644
--- a/provider_base/services/openvpn.json
+++ b/provider_base/services/openvpn.json
@@ -7,10 +7,15 @@
   },
   "openvpn": {
     "location": "Location Unknown",
+    "gateway_address": "REQUIRED",
+    "free_gateway_address": "= openvpn.allow_free ? 'REQUIRED' : nil",
     "ports": ["80", "443", "53", "1194"],
     "protocols": ["tcp", "udp"],
     "filter_dns": false,
     "adblock": false,
-    "user_ips": false
+    "user_ips": false,
+    "allow_free": "= global.provider.service_allow_free",
+    "free_prefix": "= global.provider.ca.client_certificates.free_prefix",
+    "free_rate_limit": "= openvpn.allow_free ? global.provider.service_levels.detect{|level| level['name'] == 'free'}['bandwidth'] : nil"
   }
 }
diff --git a/provider_base/services/webapp.json b/provider_base/services/webapp.json
index e3055c6f..8ede0ecf 100644
--- a/provider_base/services/webapp.json
+++ b/provider_base/services/webapp.json
@@ -8,7 +8,9 @@
     "favicon": "= file_path 'branding/favicon.ico'",
     "tail_scss": "= file_path 'branding/tail.scss'",
     "head_scss": "= file_path 'branding/head.scss'",
-    "img_dir": "= file_path 'branding/img'"
+    "img_dir": "= file_path 'branding/img'",
+    "client_certificates": "= global.provider.ca.client_certificates",
+    "allow_free": "= global.provider.service_allow_free"
   },
   "definition_files": {
     "provider": "= file :provider_json_template",
author	elijah <elijah@riseup.net>	2013-02-27 23:46:58 -0800
committer	elijah <elijah@riseup.net>	2013-02-27 23:46:58 -0800
commit	ffb88e54c5e4e30fa61ea1009f3eee62f98ab17c (patch)
tree	0d28846e9de15d7580b3b232aac16e2f4e8cb6e4 /provider_base
parent	5f8b63892ec9d08471a43ac642ed8f291d27c4f5 (diff)