From ca11482dd7cd4ea8ffa69407ee2fd5b5e1b7981b Mon Sep 17 00:00:00 2001
From: Micah Anderson <micah@leap.se>
Date: Tue, 16 Jul 2013 12:29:54 +0100
Subject: add .gitignore and configure it to ignore .reviewboardrc

Change-Id: Id5e587f47a27c9d714d0d0b352b87e9e8f55d4a8
---
 .gitignore | 1 +
 1 file changed, 1 insertion(+)
 create mode 100644 .gitignore

diff --git a/.gitignore b/.gitignore
new file mode 100644
index 00000000..62603355
--- /dev/null
+++ b/.gitignore
@@ -0,0 +1 @@
+.reviewboardrc
-- 
cgit v1.2.3


From 2a3b4ec1bc522409d4dc8d2e7750344de41acb50 Mon Sep 17 00:00:00 2001
From: elijah <elijah@riseup.net>
Date: Tue, 17 Jun 2014 14:48:50 -0700
Subject: allow webapp.json to configure what engines are enabled

---
 provider_base/services/webapp.json                  | 5 ++++-
 puppet/modules/site_webapp/manifests/init.pp        | 4 ++--
 puppet/modules/site_webapp/templates/config.yml.erb | 6 ++++++
 3 files changed, 12 insertions(+), 3 deletions(-)

diff --git a/provider_base/services/webapp.json b/provider_base/services/webapp.json
index bbb52094..a5b1ed30 100644
--- a/provider_base/services/webapp.json
+++ b/provider_base/services/webapp.json
@@ -26,7 +26,10 @@
     "nagios_test_user": {
       "username": "nagios_test",
       "password": "= secret :nagios_test_password"
-    }
+    },
+    "engines": [
+      "support"
+    ]
   },
   "stunnel": {
     "couch_client": "= stunnel_client(nodes_like_me[:services => :couchdb], global.services[:couchdb].couch.port)"
diff --git a/puppet/modules/site_webapp/manifests/init.pp b/puppet/modules/site_webapp/manifests/init.pp
index d6f1d7ae..08618457 100644
--- a/puppet/modules/site_webapp/manifests/init.pp
+++ b/puppet/modules/site_webapp/manifests/init.pp
@@ -52,8 +52,8 @@ class site_webapp {
 
   exec { 'bundler_update':
     cwd     => '/srv/leap/webapp',
-    command => '/bin/bash -c "/usr/bin/bundle check || /usr/bin/bundle install --path vendor/bundle --without test development"',
-    unless  => '/usr/bin/bundle check',
+    command => '/bin/bash -c "/usr/bin/bundle check --path vendor/bundle || /usr/bin/bundle install --path vendor/bundle --without test development"',
+    unless  => '/usr/bin/bundle check --path vendor/bundle',
     user    => 'leap-webapp',
     timeout => 600,
     require => [
diff --git a/puppet/modules/site_webapp/templates/config.yml.erb b/puppet/modules/site_webapp/templates/config.yml.erb
index 6461c5e8..8faf76f4 100644
--- a/puppet/modules/site_webapp/templates/config.yml.erb
+++ b/puppet/modules/site_webapp/templates/config.yml.erb
@@ -18,3 +18,9 @@ production:
   minimum_client_version: "<%= @webapp['client_version']['min'] %>"
   default_service_level: "<%= @webapp['default_service_level'] %>"
   service_levels: <%= @webapp['service_levels'].to_json %>
+<%- if @webapp['engines'] && @webapp['engines'].any? -%>
+  engines:
+<%-   @webapp['engines'].each do |engine| -%>
+    - <%= engine %>
+<%-   end -%>
+<%- end -%>
\ No newline at end of file
-- 
cgit v1.2.3


From c62c9c2e63cfc82fc57f321609e407cfeabd9cdf Mon Sep 17 00:00:00 2001
From: Micah Anderson <micah@leap.se>
Date: Thu, 19 Jun 2014 14:20:08 -0400
Subject: update known issues to remove service separation issue that was
 solved, and bump the version number to 0.5.2.

Change-Id: Ie75018bf11583d14dab148732d58d6d50f88dd42
Note: this didn't make it into the tag
---
 README.md | 7 +------
 1 file changed, 1 insertion(+), 6 deletions(-)

diff --git a/README.md b/README.md
index 297c2720..5477c3ea 100644
--- a/README.md
+++ b/README.md
@@ -33,17 +33,12 @@ Visit https://leap.se/en/docs/get-involved/communication for details on how to c
 Known issues
 ============
 
-The following issues are known to be there in 0.5.1:
+The following issues are known to be there in 0.5.2:
 
 CouchDB Sync
 ------------
 You can't deploy new couchdb nodes after one or more have been deployed. Make *sure* that you configure and deploy all your couchdb nodes when first creating your provider. The problem is that we dont not have a clean way of adding couch nodes after initial creation of the databases, so any nodes added after result in improperly synchronized data. See Bug [#5601](https://leap.se/code/issues/5601) for more information.
 
-Service separation
-------------------
-
-. You can't deploy all services to one single node. You need at least to seperate the mx and the webapp node. The reason is because they both use haproxy to query the couch db, and haproxy still doesn't have a way to split up its config files in a .d directory (see: https://leap.se/code/issues/3839)
-
 User setup and ssh
 ------------------
 
-- 
cgit v1.2.3


From c20aa4f8c35a4cba982de92105da2566ecdfa1ae Mon Sep 17 00:00:00 2001
From: elijah <elijah@riseup.net>
Date: Sun, 22 Jun 2014 13:42:04 -0700
Subject: run_tests: allow for https in assert_get()

---
 bin/run_tests             | 17 ++++++++++++-----
 tests/white-box/webapp.rb |  9 +++++++++
 2 files changed, 21 insertions(+), 5 deletions(-)

diff --git a/bin/run_tests b/bin/run_tests
index 526aa83a..3ba89684 100755
--- a/bin/run_tests
+++ b/bin/run_tests
@@ -127,11 +127,18 @@ class LeapTest < MiniTest::Unit::TestCase
     if params
       uri.query = URI.encode_www_form(params)
     end
-    response = Net::HTTP.get_response(uri)
-    if response.is_a?(Net::HTTPSuccess)
-      yield response.body, response, nil
-    else
-      yield nil, response, nil
+    http = Net::HTTP.new uri.host, uri.port
+    if uri.scheme == 'https'
+      http.verify_mode = OpenSSL::SSL::VERIFY_NONE
+      http.use_ssl = true
+    end
+    http.start do |agent|
+      response = agent.get(uri.request_uri)
+      if response.is_a?(Net::HTTPSuccess)
+        yield response.body, response, nil
+      else
+        yield nil, response, nil
+      end
     end
   rescue => exc
     yield nil, nil, exc
diff --git a/tests/white-box/webapp.rb b/tests/white-box/webapp.rb
index 142ac2de..05b86a41 100644
--- a/tests/white-box/webapp.rb
+++ b/tests/white-box/webapp.rb
@@ -60,4 +60,13 @@ class Webapp < LeapTest
     pass
   end
 
+  #
+  # this is technically a black-box test. so, move this when we have support
+  # for black box tests.
+  #
+  def test_04_Can_access_webapp?
+    assert_get('https://' + $node['webapp']['domain'] + '/')
+    pass
+  end
+
 end
-- 
cgit v1.2.3


From fba004bc8cbee0d9556538342ce78ac1c9d1229b Mon Sep 17 00:00:00 2001
From: elijah <elijah@riseup.net>
Date: Wed, 25 Jun 2014 12:49:39 -0700
Subject: more friendly error message in `leap compile` when commercial
 certificate is missing.

---
 provider_base/common.json           | 6 +++++-
 provider_base/services/monitor.json | 6 ++----
 provider_base/services/mx.json      | 6 ++----
 provider_base/services/webapp.json  | 8 +++-----
 4 files changed, 12 insertions(+), 14 deletions(-)

diff --git a/provider_base/common.json b/provider_base/common.json
index a4d9c5f2..565633c0 100644
--- a/provider_base/common.json
+++ b/provider_base/common.json
@@ -25,9 +25,13 @@
   "hosts": "=> hosts_file",
   "x509": {
     "use": true,
+    "use_commercial": false,
     "cert": "= x509.use ? file(:node_x509_cert, :missing => 'x509 certificate for node $node. Run `leap cert update`') : nil",
     "key": "= x509.use ? file(:node_x509_key, :missing => 'x509 key for node $node. Run `leap cert update`') : nil",
-    "ca_cert": "= try_file :ca_cert"
+    "ca_cert": "= try_file :ca_cert",
+    "commercial_cert": "= x509.use_commercial ? file([:commercial_cert, webapp.domain], :missing => 'commercial x509 certificate for node $node. Add file $file, or run `leap cert csr` to generate a temporary self-signed cert and CSR you can use to purchase a real cert.') : nil",
+    "commercial_key": "= x509.use_commercial ? file([:commercial_key, webapp.domain], :missing => 'commercial x509 certificate for node $node. Add file $file, or run `leap cert csr` to generate a temporary self-signed cert and CSR you can use to purchase a real cert.') : nil",
+    "commercial_ca_cert": "= x509.use_commercial ? try_file(:commercial_ca_cert) : nil"
   },
   "service_type": "internal_service",
   "development": {
diff --git a/provider_base/services/monitor.json b/provider_base/services/monitor.json
index 03f6c6d1..c24724bf 100644
--- a/provider_base/services/monitor.json
+++ b/provider_base/services/monitor.json
@@ -12,11 +12,9 @@
   },
   "x509": {
     "use": true,
+    "use_commercial": true,
     "ca_cert": "= file :ca_cert, :missing => 'provider CA. Run `leap cert ca`'",
     "client_ca_cert": "= file :client_ca_cert, :missing => 'Certificate Authority. Run `leap cert ca`'",
-    "client_ca_key": "= file :client_ca_key, :missing => 'Certificate Authority. Run `leap cert ca`'",
-    "commercial_cert": "= file [:commercial_cert, domain.full_suffix]",
-    "commercial_key": "= file [:commercial_key, domain.full_suffix]",
-    "commercial_ca_cert": "= try_file :commercial_ca_cert"
+    "client_ca_key": "= file :client_ca_key, :missing => 'Certificate Authority. Run `leap cert ca`'"
   }
 }
diff --git a/provider_base/services/mx.json b/provider_base/services/mx.json
index 731dee9a..30a19d9a 100644
--- a/provider_base/services/mx.json
+++ b/provider_base/services/mx.json
@@ -13,12 +13,10 @@
   "mynetworks": "= nodes['environment' => '!local'].map{|name, n| [n.ip_address, (global.facts[name]||{})['ec2_public_ipv4']]}.flatten.compact.uniq",
   "x509": {
     "use": true,
+    "use_commercial": true,
     "ca_cert": "= file :ca_cert, :missing => 'provider CA. Run `leap cert ca`'",
     "client_ca_cert": "= file :client_ca_cert, :missing => 'Certificate Authority. Run `leap cert ca`'",
-    "client_ca_key": "= file :client_ca_key, :missing => 'Certificate Authority. Run `leap cert ca`'",
-    "commercial_cert": "= file [:commercial_cert, domain.full_suffix]",
-    "commercial_key": "= file [:commercial_key, domain.full_suffix]",
-    "commercial_ca_cert": "= try_file :commercial_ca_cert"
+    "client_ca_key": "= file :client_ca_key, :missing => 'Certificate Authority. Run `leap cert ca`'"
   },
   "service_type": "user_service"
 }
diff --git a/provider_base/services/webapp.json b/provider_base/services/webapp.json
index a5b1ed30..d268a020 100644
--- a/provider_base/services/webapp.json
+++ b/provider_base/services/webapp.json
@@ -62,11 +62,9 @@
   },
   "x509": {
     "use": true,
+    "use_commercial": true,
     "ca_cert": "= file :ca_cert, :missing => 'provider CA. Run `leap cert ca`'",
-    "client_ca_cert": "= file :client_ca_cert, :missing => 'Certificate Authority. Run `leap cert ca`'",
-    "client_ca_key": "= file :client_ca_key, :missing => 'Certificate Authority. Run `leap cert ca`'",
-    "commercial_cert": "= file [:commercial_cert, webapp.domain]",
-    "commercial_key": "= file [:commercial_key, webapp.domain]",
-    "commercial_ca_cert": "= try_file :commercial_ca_cert"
+    "client_ca_cert": "= file :client_ca_cert, :missing => 'Certificate Authority. Run `leap cert ca`.'",
+    "client_ca_key": "= file :client_ca_key, :missing => 'Certificate Authority. Run `leap cert ca`.'"
   }
 }
-- 
cgit v1.2.3