9 files changed, 149 insertions, 0 deletions

diff --git a/provider_base/README b/provider_base/README
new file mode 100644
index 00000000..bb80df50
--- /dev/null
+++ b/provider_base/README
@@ -0,0 +1,9 @@
+This directory holds the base provider files that actual providers inherit from.
+
+For example:
+
+  the file........ myproject/provider/common.json
+  inherits from... myproject/leap_platform/provider_base/common.json
+
+
+  
diff --git a/provider_base/common.json b/provider_base/common.json
new file mode 100644
index 00000000..f3557800
--- /dev/null
+++ b/provider_base/common.json
@@ -0,0 +1,25 @@
+{
+  "ip_address": "REQUIRED",
+  "services": [],
+  "domain": {
+     "full_suffix": "= global.provider.domain",
+     "internal_suffix": "= global.provider.internal_domain",
+     "full": "= node.name + '.' + domain.full_suffix",
+     "internal": "= node.name + '.' + domain.internal_suffix",
+     "name": "= node.name + '.' + (dns.public ? domain.full_suffix : domain.internal_suffix)"
+  },
+  "dns": {
+    "public": "= service_type != 'internal_service'"
+  },
+  "ssh": {
+    "authorized_keys": "= file :authorized_keys",
+    "known_hosts": "= file :known_hosts",
+    "port": 22
+  },
+  "x509": {
+    "use": false,
+    "cert": "= x509.use ? file(:node_x509_cert, :missing => 'x509 certificate for node $node. Run `leap update-cert`') : nil",
+    "key": "= x509.use ? file(:node_x509_key, :missing => 'x509 key for node $node. Run `leap update-cert`') : nil"
+  },
+  "local": "= self.vagrant?"
+}
diff --git a/provider_base/files/service-definitions/provider.json.erb b/provider_base/files/service-definitions/provider.json.erb
new file mode 100644
index 00000000..76245739
--- /dev/null
+++ b/provider_base/files/service-definitions/provider.json.erb
@@ -0,0 +1,20 @@
+<%=
+  hsh = {}
+
+  # grab some fields from provider.json
+  hsh = global.provider.pick(
+    :languages, :description, :name,
+    :enrollment_policy, :default_language, :domain
+  )
+
+  # advertise services that are 'user services'
+  hsh['services'] = global.services[:service_type => :user_service].field(:name)
+
+  hsh['api_version'] = "1"
+  hsh['api_uri'] = "https://" + api_domain
+
+  hsh['ca_cert_uri'] = 'https://' + global.provider.domain + '/ca.crt'
+  hsh['ca_cert_fingerprint'] = ""
+
+  generate_json hsh
+%>
\ No newline at end of file
diff --git a/provider_base/provider.json b/provider_base/provider.json
new file mode 100644
index 00000000..a144d04e
--- /dev/null
+++ b/provider_base/provider.json
@@ -0,0 +1,27 @@
+{
+  "domain": "REQUIRED",
+  "internal_domain": "= domain.sub(/\\..*$/,'.i')",
+  "name": {
+    "en": "REQUIRED"
+  },
+  "description": {
+    "en": "REQUIRED"
+  },
+  "languages": ["en"],
+  "default_language": "en",
+  "enrollment_policy": "open",
+  "ca": {
+    "name": "= global.provider.ca.organization + ' Root CA'",
+    "organization": "= global.provider.name[global.provider.default_language]",
+    "organizational_unit": "= 'https://' + global.common.domain.full_suffix",
+    "bit_size": 4096,
+    "life_span": "10y",
+    "server_certificates": {
+      "bit_size": 3248,
+      "life_span": "1y"
+    }
+  },
+  "vagrant":{
+    "network":"10.5.5.0/24"
+  }
+}
\ No newline at end of file
diff --git a/provider_base/services/ca.json b/provider_base/services/ca.json
new file mode 100644
index 00000000..68f970f7
--- /dev/null
+++ b/provider_base/services/ca.json
@@ -0,0 +1,6 @@
+{
+  "service_type": "internal_service",
+  "x509": {
+    "use": true
+  }
+}
diff --git a/provider_base/services/couchdb.json b/provider_base/services/couchdb.json
new file mode 100644
index 00000000..1c8005c2
--- /dev/null
+++ b/provider_base/services/couchdb.json
@@ -0,0 +1,22 @@
+{
+  "service_type": "internal_service",
+  "x509": {
+    "use": true
+  },
+  "couch": {
+    "users": {
+      "admin": {
+        "username": "admin",
+        "password": "= secret :couch_admin_password"
+      },
+      "webapp": {
+        "username": "webapp",
+        "password": "= secret :couch_webapp_password"
+      },
+      "ca_daemon": {
+        "username": "ca_daemon",
+        "password": "= secret :couch_ca_daemon_password"
+      }
+    }
+  }
+}
diff --git a/provider_base/services/dns.json b/provider_base/services/dns.json
new file mode 100644
index 00000000..677d9b2c
--- /dev/null
+++ b/provider_base/services/dns.json
@@ -0,0 +1,7 @@
+{
+  "hosts": {
+    "public":  "= nodes['dns.public' => true].fields('domain.name', 'dns.aliases', 'ip_address')",
+    "private": "= nodes['dns.public' => false].fields('domain.name', 'dns.aliases', 'ip_address')"
+  },
+  "service_type": "public_service"
+}
\ No newline at end of file
diff --git a/provider_base/services/openvpn.json b/provider_base/services/openvpn.json
new file mode 100644
index 00000000..4b7d25ec
--- /dev/null
+++ b/provider_base/services/openvpn.json
@@ -0,0 +1,14 @@
+{
+  "service_type": "user_service",
+  "x509": {
+    "use": true
+  },
+  "openvpn": {
+    "ports": ["80", "443", "53", "1194"],
+    "filter_dns": false,
+    "nat": true,
+    "ca_crt": "= file :ca_cert",
+    "ca_key": "= file :ca_key",
+    "dh": "= file :dh_params"
+  }
+}
diff --git a/provider_base/services/webapp.json b/provider_base/services/webapp.json
new file mode 100644
index 00000000..6e5c029c
--- /dev/null
+++ b/provider_base/services/webapp.json
@@ -0,0 +1,19 @@
+{
+  "webapp": {
+    "modules": ["user", "billing", "help"],
+    "couchdb_hosts": "= nodes[:services => :couchdb].field('domain.name')",
+    "couchdb_user": "= global.services[:couchdb].couch.users[:webapp]"
+  },
+  "definition_files": {
+    "provider": "= file('service-definitions/provider.json.erb')",
+    "eip_service": "file('service-definitions/eip-service.json.erb')"
+  },
+  "service_type": "public_service",
+  "api_domain": "= 'api.' + domain.full_suffix",
+  "dns": {
+    "aliases": "= [domain.full, api_domain]"
+  },
+  "x509": {
+    "use": true
+  }
+}
\ No newline at end of file