diff options
Diffstat (limited to 'provider_base')
-rw-r--r-- | provider_base/files/service-definitions/eip-service.json.erb | 40 | ||||
-rw-r--r-- | provider_base/files/service-definitions/provider.json.erb | 2 | ||||
-rw-r--r-- | provider_base/provider.json | 29 | ||||
-rw-r--r-- | provider_base/services/openvpn.json | 12 | ||||
-rw-r--r-- | provider_base/services/webapp.json | 4 | ||||
-rw-r--r-- | provider_base/test/openvpn/client.ovpn.erb | 6 |
6 files changed, 54 insertions, 39 deletions
diff --git a/provider_base/files/service-definitions/eip-service.json.erb b/provider_base/files/service-definitions/eip-service.json.erb index 09b65bbb..ca42bef5 100644 --- a/provider_base/files/service-definitions/eip-service.json.erb +++ b/provider_base/files/service-definitions/eip-service.json.erb @@ -6,41 +6,39 @@ words end - def gateway_definition(node) + def add_gateway(node, locations, options={}) + return nil if options[:ip] == 'REQUIRED' gateway = {} gateway["capabilities"] = node.openvpn.pick(:ports, :protocols, :user_ips, :adblock, :filter_dns) gateway["capabilities"]["transport"] = ["openvpn"] gateway["host"] = node.domain.full - gateway["cluster"] = underscore(node.openvpn.location) + gateway["ip_address"] = options[:ip] + gateway["capabilities"]["limited"] = options[:limited] + if node.location + location_name = underscore(node.location.name) + gateway["location"] = location_name + locations[location_name] ||= node.location + end gateway end hsh = {} hsh["serial"] = 1 hsh["version"] = 1 - clusters = {} + locations = {} gateways = [] nodes_like_me[:services => 'openvpn'].each_node do |node| - if node.openvpn.gateway_address - gateway = gateway_definition(node) - gateway["ip_address"] = node.openvpn.gateway_address - gateway["capabilities"]["free"] = false - gateways << gateway - end - if node.openvpn.free_gateway_address && node.openvpn.free_gateway_address != "REQUIRED" - gateway = gateway_definition(node) - gateway["ip_address"] = node.openvpn.free_gateway_address - gateway["capabilities"]["free"] = true - gateway["capabilities"]["rate_limit"] = node.openvpn.free_rate_limit - gateways << gateway + if node.openvpn.allow_limited && node.openvpn.allow_unlimited + gateways << add_gateway(node, locations, :ip => node.openvpn.gateway_address, :limited => false) + gateways << add_gateway(node, locations, :ip => node.openvpn.second_gateway_address, :limited => true) + elsif node.openvpn.allow_unlimited + gateways << add_gateway(node, locations, :ip => node.openvpn.gateway_address, :limited => false) + elsif node.openvpn.allow_limited + gateways << add_gateway(node, locations, :ip => node.openvpn.gateway_address, :limited => true) end - clusters[gateway["cluster"]] ||= { - "name" => gateway["cluster"], - "label" => {"en" => node.openvpn.location} - } end - hsh["gateways"] = gateways - hsh["clusters"] = clusters.values + hsh["gateways"] = gateways.compact + hsh["locations"] = locations hsh["openvpn_configuration"] = { "tls-cipher" => "DHE-RSA-AES128-SHA", "auth" => "SHA1", diff --git a/provider_base/files/service-definitions/provider.json.erb b/provider_base/files/service-definitions/provider.json.erb index 2ca34548..54919898 100644 --- a/provider_base/files/service-definitions/provider.json.erb +++ b/provider_base/files/service-definitions/provider.json.erb @@ -4,7 +4,7 @@ # grab some fields from provider.json hsh = global.provider.pick( :languages, :description, :name, - :enrollment_policy, :default_language, :domain + :enrollment_policy, :default_language, :domain, :service ) # advertise services that are 'user services' diff --git a/provider_base/provider.json b/provider_base/provider.json index 14eabdc2..cf1baac6 100644 --- a/provider_base/provider.json +++ b/provider_base/provider.json @@ -13,21 +13,31 @@ "languages": ["en"], "default_language": "en", "enrollment_policy": "open", - "service_levels": [ - {"name": "free", "bandwidth":102400, "storage":50}, - {"name": "basic", "bandwidth":null, "storage":1000}, - {"name": "premium", "bandwidth":null, "storage":10000} - ], - "service_allow_free": false, + "service": { + "levels": [ + // bandwidth limit is in Bytes, storage limit is in MB. + {"id": 1, "name": "free", "bandwidth":"limited", "storage":50}, + {"id": 2, "name": "basic", "storage":1000, "rate": ["US$10", "€10"]}, + {"id": 3, "name": "pro", "storage":10000, "rate": ["US$20", "€20"]} + ], + "default_service_level": 1, + "bandwidth_limit": 102400, + "allow_free": "= global.provider.service.levels.select {|l| l['rate'].nil?}.any?", + "allow_paid": "= global.provider.service.levels.select {|l| !l['rate'].nil?}.any?", + "allow_anonymous": "= global.provider.service.levels.select {|l| l['name'] == 'anonymous'}.any?", + "allow_registration": "= global.provider.service.levels.select {|l| l['name'] != 'anonymous'}.any?", + "allow_limited_bandwidth": "= global.provider.service.levels.select {|l| l['bandwidth'] == 'limited'}.any?", + "allow_unlimited_bandwidth": "= global.provider.service.levels.select {|l| l['bandwidth'].nil?}.any?" + }, "ca": { "name": "= global.provider.ca.organization + ' Root CA'", "organization": "= global.provider.name[global.provider.default_language]", - "organizational_unit": "= 'https://' + global.common.domain.full_suffix", + "organizational_unit": "= 'https://' + global.provider.domain", "bit_size": 4096, "digest": "SHA256", "life_span": "10y", "server_certificates": { - "bit_size": 3248, + "bit_size": 2024, "digest": "SHA256", "life_span": "1y" }, @@ -35,7 +45,8 @@ "bit_size": 2024, "digest": "SHA256", "life_span": "2m", - "free_prefix": "FREE" + "limited_prefix": "LIMITED", + "unlimited_prefix": "UNLIMITED" } }, "hiera_sync_destination": "/etc/leap" diff --git a/provider_base/services/openvpn.json b/provider_base/services/openvpn.json index e78a02ac..5d77f946 100644 --- a/provider_base/services/openvpn.json +++ b/provider_base/services/openvpn.json @@ -5,17 +5,19 @@ "client_ca_cert": "= file :client_ca_cert, :missing => 'Certificate Authority. Run `leap cert ca`'", "dh": "= file :dh_params, :missing => 'Diffie-Hellman parameters. Run `leap cert dh`'" }, + "location": null, "openvpn": { - "location": "Location Unknown", "gateway_address": "REQUIRED", - "free_gateway_address": "= openvpn.allow_free ? 'REQUIRED' : nil", + "second_gateway_address": "= openvpn.allow_limited && openvpn.allow_unlimited ? 'REQUIRED' : nil", "ports": ["80", "443", "53", "1194"], "protocols": ["tcp", "udp"], "filter_dns": false, "adblock": false, "user_ips": false, - "allow_free": "= global.provider.service_allow_free", - "free_prefix": "= global.provider.ca.client_certificates.free_prefix", - "free_rate_limit": "= openvpn.allow_free ? global.provider.service_levels.detect{|level| level['name'] == 'free'}['bandwidth'] : nil" + "allow_limited": "= global.provider.service.allow_limited_bandwidth", + "allow_unlimited": "= global.provider.service.allow_unlimited_bandwidth", + "limited_prefix": "= global.provider.ca.client_certificates.limited_prefix", + "unlimited_prefix": "= global.provider.ca.client_certificates.unlimited_prefix", + "rate_limit": "= openvpn.allow_limited ? global.provider.service.bandwidth_limit : nil" } } diff --git a/provider_base/services/webapp.json b/provider_base/services/webapp.json index 5e7260a6..477d5f17 100644 --- a/provider_base/services/webapp.json +++ b/provider_base/services/webapp.json @@ -10,7 +10,9 @@ "head_scss": "= file_path 'branding/head.scss'", "img_dir": "= file_path 'branding/img'", "client_certificates": "= global.provider.ca.client_certificates", - "allow_free": "= global.provider.service_allow_free" + "allow_limited_certs": "= global.provider.service.allow_limited_bandwidth", + "allow_unlimited_certs": "= global.provider.service.allow_unlimited_bandwidth", + "allow_anonymous_certs": "= global.provider.service.allow_anonymous" }, "definition_files": { "provider": "= file :provider_json_template", diff --git a/provider_base/test/openvpn/client.ovpn.erb b/provider_base/test/openvpn/client.ovpn.erb index a0bdd307..af183ef4 100644 --- a/provider_base/test/openvpn/client.ovpn.erb +++ b/provider_base/test/openvpn/client.ovpn.erb @@ -18,9 +18,11 @@ tls-cipher DHE-RSA-AES128-SHA </ca> <cert> -<%= read_file! :test_client_cert -%> +<%# read_file! :test_client_cert -%> +<%= cert -%> </cert> <key> -<%= read_file! :test_client_key -%> +<%# read_file! :test_client_key -%> +<%= key -%> </key> |