summaryrefslogtreecommitdiff
path: root/provider_base
diff options
context:
space:
mode:
Diffstat (limited to 'provider_base')
-rw-r--r--provider_base/files/service-definitions/eip-service.json.erb40
-rw-r--r--provider_base/files/service-definitions/provider.json.erb2
-rw-r--r--provider_base/provider.json29
-rw-r--r--provider_base/services/openvpn.json12
-rw-r--r--provider_base/services/webapp.json4
-rw-r--r--provider_base/test/openvpn/client.ovpn.erb6
6 files changed, 54 insertions, 39 deletions
diff --git a/provider_base/files/service-definitions/eip-service.json.erb b/provider_base/files/service-definitions/eip-service.json.erb
index 09b65bbb..ca42bef5 100644
--- a/provider_base/files/service-definitions/eip-service.json.erb
+++ b/provider_base/files/service-definitions/eip-service.json.erb
@@ -6,41 +6,39 @@
words
end
- def gateway_definition(node)
+ def add_gateway(node, locations, options={})
+ return nil if options[:ip] == 'REQUIRED'
gateway = {}
gateway["capabilities"] = node.openvpn.pick(:ports, :protocols, :user_ips, :adblock, :filter_dns)
gateway["capabilities"]["transport"] = ["openvpn"]
gateway["host"] = node.domain.full
- gateway["cluster"] = underscore(node.openvpn.location)
+ gateway["ip_address"] = options[:ip]
+ gateway["capabilities"]["limited"] = options[:limited]
+ if node.location
+ location_name = underscore(node.location.name)
+ gateway["location"] = location_name
+ locations[location_name] ||= node.location
+ end
gateway
end
hsh = {}
hsh["serial"] = 1
hsh["version"] = 1
- clusters = {}
+ locations = {}
gateways = []
nodes_like_me[:services => 'openvpn'].each_node do |node|
- if node.openvpn.gateway_address
- gateway = gateway_definition(node)
- gateway["ip_address"] = node.openvpn.gateway_address
- gateway["capabilities"]["free"] = false
- gateways << gateway
- end
- if node.openvpn.free_gateway_address && node.openvpn.free_gateway_address != "REQUIRED"
- gateway = gateway_definition(node)
- gateway["ip_address"] = node.openvpn.free_gateway_address
- gateway["capabilities"]["free"] = true
- gateway["capabilities"]["rate_limit"] = node.openvpn.free_rate_limit
- gateways << gateway
+ if node.openvpn.allow_limited && node.openvpn.allow_unlimited
+ gateways << add_gateway(node, locations, :ip => node.openvpn.gateway_address, :limited => false)
+ gateways << add_gateway(node, locations, :ip => node.openvpn.second_gateway_address, :limited => true)
+ elsif node.openvpn.allow_unlimited
+ gateways << add_gateway(node, locations, :ip => node.openvpn.gateway_address, :limited => false)
+ elsif node.openvpn.allow_limited
+ gateways << add_gateway(node, locations, :ip => node.openvpn.gateway_address, :limited => true)
end
- clusters[gateway["cluster"]] ||= {
- "name" => gateway["cluster"],
- "label" => {"en" => node.openvpn.location}
- }
end
- hsh["gateways"] = gateways
- hsh["clusters"] = clusters.values
+ hsh["gateways"] = gateways.compact
+ hsh["locations"] = locations
hsh["openvpn_configuration"] = {
"tls-cipher" => "DHE-RSA-AES128-SHA",
"auth" => "SHA1",
diff --git a/provider_base/files/service-definitions/provider.json.erb b/provider_base/files/service-definitions/provider.json.erb
index 2ca34548..54919898 100644
--- a/provider_base/files/service-definitions/provider.json.erb
+++ b/provider_base/files/service-definitions/provider.json.erb
@@ -4,7 +4,7 @@
# grab some fields from provider.json
hsh = global.provider.pick(
:languages, :description, :name,
- :enrollment_policy, :default_language, :domain
+ :enrollment_policy, :default_language, :domain, :service
)
# advertise services that are 'user services'
diff --git a/provider_base/provider.json b/provider_base/provider.json
index 14eabdc2..cf1baac6 100644
--- a/provider_base/provider.json
+++ b/provider_base/provider.json
@@ -13,21 +13,31 @@
"languages": ["en"],
"default_language": "en",
"enrollment_policy": "open",
- "service_levels": [
- {"name": "free", "bandwidth":102400, "storage":50},
- {"name": "basic", "bandwidth":null, "storage":1000},
- {"name": "premium", "bandwidth":null, "storage":10000}
- ],
- "service_allow_free": false,
+ "service": {
+ "levels": [
+ // bandwidth limit is in Bytes, storage limit is in MB.
+ {"id": 1, "name": "free", "bandwidth":"limited", "storage":50},
+ {"id": 2, "name": "basic", "storage":1000, "rate": ["US$10", "€10"]},
+ {"id": 3, "name": "pro", "storage":10000, "rate": ["US$20", "€20"]}
+ ],
+ "default_service_level": 1,
+ "bandwidth_limit": 102400,
+ "allow_free": "= global.provider.service.levels.select {|l| l['rate'].nil?}.any?",
+ "allow_paid": "= global.provider.service.levels.select {|l| !l['rate'].nil?}.any?",
+ "allow_anonymous": "= global.provider.service.levels.select {|l| l['name'] == 'anonymous'}.any?",
+ "allow_registration": "= global.provider.service.levels.select {|l| l['name'] != 'anonymous'}.any?",
+ "allow_limited_bandwidth": "= global.provider.service.levels.select {|l| l['bandwidth'] == 'limited'}.any?",
+ "allow_unlimited_bandwidth": "= global.provider.service.levels.select {|l| l['bandwidth'].nil?}.any?"
+ },
"ca": {
"name": "= global.provider.ca.organization + ' Root CA'",
"organization": "= global.provider.name[global.provider.default_language]",
- "organizational_unit": "= 'https://' + global.common.domain.full_suffix",
+ "organizational_unit": "= 'https://' + global.provider.domain",
"bit_size": 4096,
"digest": "SHA256",
"life_span": "10y",
"server_certificates": {
- "bit_size": 3248,
+ "bit_size": 2024,
"digest": "SHA256",
"life_span": "1y"
},
@@ -35,7 +45,8 @@
"bit_size": 2024,
"digest": "SHA256",
"life_span": "2m",
- "free_prefix": "FREE"
+ "limited_prefix": "LIMITED",
+ "unlimited_prefix": "UNLIMITED"
}
},
"hiera_sync_destination": "/etc/leap"
diff --git a/provider_base/services/openvpn.json b/provider_base/services/openvpn.json
index e78a02ac..5d77f946 100644
--- a/provider_base/services/openvpn.json
+++ b/provider_base/services/openvpn.json
@@ -5,17 +5,19 @@
"client_ca_cert": "= file :client_ca_cert, :missing => 'Certificate Authority. Run `leap cert ca`'",
"dh": "= file :dh_params, :missing => 'Diffie-Hellman parameters. Run `leap cert dh`'"
},
+ "location": null,
"openvpn": {
- "location": "Location Unknown",
"gateway_address": "REQUIRED",
- "free_gateway_address": "= openvpn.allow_free ? 'REQUIRED' : nil",
+ "second_gateway_address": "= openvpn.allow_limited && openvpn.allow_unlimited ? 'REQUIRED' : nil",
"ports": ["80", "443", "53", "1194"],
"protocols": ["tcp", "udp"],
"filter_dns": false,
"adblock": false,
"user_ips": false,
- "allow_free": "= global.provider.service_allow_free",
- "free_prefix": "= global.provider.ca.client_certificates.free_prefix",
- "free_rate_limit": "= openvpn.allow_free ? global.provider.service_levels.detect{|level| level['name'] == 'free'}['bandwidth'] : nil"
+ "allow_limited": "= global.provider.service.allow_limited_bandwidth",
+ "allow_unlimited": "= global.provider.service.allow_unlimited_bandwidth",
+ "limited_prefix": "= global.provider.ca.client_certificates.limited_prefix",
+ "unlimited_prefix": "= global.provider.ca.client_certificates.unlimited_prefix",
+ "rate_limit": "= openvpn.allow_limited ? global.provider.service.bandwidth_limit : nil"
}
}
diff --git a/provider_base/services/webapp.json b/provider_base/services/webapp.json
index 5e7260a6..477d5f17 100644
--- a/provider_base/services/webapp.json
+++ b/provider_base/services/webapp.json
@@ -10,7 +10,9 @@
"head_scss": "= file_path 'branding/head.scss'",
"img_dir": "= file_path 'branding/img'",
"client_certificates": "= global.provider.ca.client_certificates",
- "allow_free": "= global.provider.service_allow_free"
+ "allow_limited_certs": "= global.provider.service.allow_limited_bandwidth",
+ "allow_unlimited_certs": "= global.provider.service.allow_unlimited_bandwidth",
+ "allow_anonymous_certs": "= global.provider.service.allow_anonymous"
},
"definition_files": {
"provider": "= file :provider_json_template",
diff --git a/provider_base/test/openvpn/client.ovpn.erb b/provider_base/test/openvpn/client.ovpn.erb
index a0bdd307..af183ef4 100644
--- a/provider_base/test/openvpn/client.ovpn.erb
+++ b/provider_base/test/openvpn/client.ovpn.erb
@@ -18,9 +18,11 @@ tls-cipher DHE-RSA-AES128-SHA
</ca>
<cert>
-<%= read_file! :test_client_cert -%>
+<%# read_file! :test_client_cert -%>
+<%= cert -%>
</cert>
<key>
-<%= read_file! :test_client_key -%>
+<%# read_file! :test_client_key -%>
+<%= key -%>
</key>