4 files changed, 83 insertions, 7 deletions

diff --git a/lib/leap_cli/commands/compile.rb b/lib/leap_cli/commands/compile.rb
index f5895b8b..8f6c7769 100644
--- a/lib/leap_cli/commands/compile.rb
+++ b/lib/leap_cli/commands/compile.rb
@@ -256,7 +256,7 @@ remove this directory if you don't use it.
     ## ZONE FILE
     ##
 
-    def relative_hostname(fqdn)
+    def relative_hostname(fqdn, provider)
       @domain_regexp ||= /\.?#{Regexp.escape(provider.domain)}$/
       fqdn.sub(@domain_regexp, '')
     end
@@ -265,10 +265,11 @@ remove this directory if you don't use it.
     # serial is any number less than 2^32 (4294967296)
     #
     def compile_zone_file
+      provider = manager.env('default').provider
       hosts_seen = {}
       f = $stdout
       f.puts ZONE_HEADER % {:domain => provider.domain, :ns => provider.domain, :contact => provider.contacts.default.first.sub('@','.')}
-      max_width = manager.nodes.values.inject(0) {|max, node| [max, relative_hostname(node.domain.full).length].max }
+      max_width = manager.nodes.values.inject(0) {|max, node| [max, relative_hostname(node.domain.full, provider).length].max }
       put_line = lambda do |host, line|
         host = '@' if host == ''
         f.puts("%-#{max_width}s %s" % [host, line])
@@ -297,18 +298,18 @@ remove this directory if you don't use it.
         f.puts ENV_HEADER % (env.nil? ? 'default' : env)
         nodes.each_node do |node|
           if node.dns.public
-            hostname = relative_hostname(node.domain.full)
-            put_line.call relative_hostname(node.domain.full), "IN A      #{node.ip_address}"
+            hostname = relative_hostname(node.domain.full, provider)
+            put_line.call relative_hostname(node.domain.full, provider), "IN A      #{node.ip_address}"
           end
           if node.dns['aliases']
             node.dns.aliases.each do |host_alias|
               if host_alias != node.domain.full && host_alias != provider.domain
-                put_line.call relative_hostname(host_alias), "IN A      #{node.ip_address}"
+                put_line.call relative_hostname(host_alias, provider), "IN A      #{node.ip_address}"
               end
             end
           end
           if node.services.include? 'mx'
-            put_line.call relative_hostname(node.domain.full_suffix), "IN MX 10  #{relative_hostname(node.domain.full)}"
+            put_line.call relative_hostname(node.domain.full_suffix, provider), "IN MX 10  #{relative_hostname(node.domain.full, provider)}"
           end
         end
       end
diff --git a/lib/leap_cli/commands/ssh.rb b/lib/leap_cli/commands/ssh.rb
index 1a81902c..3887618e 100644
--- a/lib/leap_cli/commands/ssh.rb
+++ b/lib/leap_cli/commands/ssh.rb
@@ -27,6 +27,11 @@ module LeapCli; module Commands
     c.flag 'port', :arg_name => 'SSH_PORT', :desc => 'Override default SSH port used when trying to connect to the server. Same as `--ssh "-p SSH_PORT"`.'
     c.action do |global_options,options,args|
       local_port, node, remote_port = parse_tunnel_arg(args.first)
+      unless node.ssh.config.AllowTcpForwarding == "yes"
+        log :warning, "It looks like TCP forwarding is not enabled. "+
+          "The tunnel command requires that the node property ssh.config.AllowTcpForwarding "+
+          "be set to 'yes'. Add this property to #{node.name}.json, deploy, and then try tunnel again."
+      end
       options[:ssh] = [options[:ssh], "-N -L 127.0.0.1:#{local_port}:0.0.0.0:#{remote_port}"].join(' ')
       log("Forward port localhost:#{local_port} to #{node.name}:#{remote_port}")
       if is_port_available?(local_port)
diff --git a/lib/leap_cli/commands/vagrant.rb b/lib/leap_cli/commands/vagrant.rb
index 1561a658..9e81b2f8 100644
--- a/lib/leap_cli/commands/vagrant.rb
+++ b/lib/leap_cli/commands/vagrant.rb
@@ -79,7 +79,7 @@ module LeapCli; module Commands
   # we need to make sure that it owned by us and not world readable.
   #
   def vagrant_ssh_key_file
-    file_path = Path.vagrant_ssh_key_file
+    file_path = Path.vagrant_ssh_pub_key_file
     Util.assert_files_exist! file_path
     uid = File.new(file_path).stat.uid
     if uid == 0 || uid == Process.euid
diff --git a/lib/leap_cli/macros/provider.rb b/lib/leap_cli/macros/provider.rb
index 84c4e1b8..4e74da01 100644
--- a/lib/leap_cli/macros/provider.rb
+++ b/lib/leap_cli/macros/provider.rb
@@ -16,5 +16,75 @@ module LeapCli
       }
     end
 
+    #
+    # The webapp will not work unless the service level configuration is precisely defined.
+    # Here, we take what the sysadmin has specified in provider.json and clean it up to
+    # ensure it is OK.
+    #
+    # It would be better to add support for JSON schema.
+    #
+    def service_levels()
+      levels = {}
+      provider.service.levels.each do |name, level|
+        if name =~ /^[0-9]+$/
+          name = name.to_i
+        end
+        levels[name] = level_cleanup(name, level.clone)
+      end
+      levels
+    end
+
+    private
+
+    def print_warning(name, msg)
+      if self.environment
+        provider_str = "provider.json or %s" % ['provider', self.environment, 'json'].join('.')
+      else
+        provider_str = "provider.json"
+      end
+      LeapCli::log :warning, "In #{provider_str}, you have an incorrect definition for service level '#{name}':" do
+        LeapCli::log msg
+      end
+    end
+
+    def level_cleanup(name, level)
+      unless level['name']
+        print_warning(name, 'required field "name" is missing')
+      end
+      unless level['description']
+        print_warning(name, 'required field "description" is missing')
+      end
+      unless level['bandwidth'].nil? || level['bandwidth'] == 'limited'
+        print_warning(name, 'field "bandwidth" must be nil or "limited"')
+      end
+      unless level['rate'].nil? || level['rate'].is_a?(Hash)
+        print_warning(name, 'field "rate" must be nil or a hash (e.g. {"USD":10, "EUR":10})')
+      end
+      possible_services = enabled_services
+      if level['services']
+        level['services'].each do |service|
+          unless possible_services.include? service
+            print_warning(name, "the service '#{service}' does not exist or there are no nodes that provide this service.")
+            LeapCli::Util::bail!
+          end
+        end
+      else
+        level['services'] = possible_services
+      end
+      level['services'] = remap_services(level['services'])
+      level
+    end
+
+    #
+    # the service names that the webapp uses and that leap_platform uses are different. ugh.
+    #
+    SERVICE_MAP = {
+      "mx" => "email",
+      "openvpn" => "eip"
+    }
+    def remap_services(services)
+      services.map {|srv| SERVICE_MAP[srv]}
+    end
+
   end
 end