summaryrefslogtreecommitdiff
path: root/server/src/leap
diff options
context:
space:
mode:
authorVictor Shyba <victor.shyba@gmail.com>2015-10-26 18:50:20 -0300
committerVictor Shyba <victor.shyba@gmail.com>2015-10-28 18:13:40 -0300
commitf8d38125098829fe50199725545365d6d2a889a6 (patch)
tree9edab8dc323606e675a31eb141d1d42ca1e72c99 /server/src/leap
parent55548cf947966bcbb9a496e523a3f802b0f0b55f (diff)
[feat] read security doc from configuration
LEAP Platform needs to granularly allow access on user database for other services, like mx. This is now possible by editing soledad-server.conf file. A new section 'database-security' was added and it is parsed during 'create-user-db' to be set on security design document, present on every per-user database.
Diffstat (limited to 'server/src/leap')
-rw-r--r--server/src/leap/soledad/server/__init__.py34
1 files changed, 25 insertions, 9 deletions
diff --git a/server/src/leap/soledad/server/__init__.py b/server/src/leap/soledad/server/__init__.py
index f64d07bf..4d03c82a 100644
--- a/server/src/leap/soledad/server/__init__.py
+++ b/server/src/leap/soledad/server/__init__.py
@@ -272,6 +272,20 @@ http_app.HTTPInvocationByMethodWithBody = HTTPInvocationByMethodWithBody
# ----------------------------------------------------------------------------
# Auxiliary functions
# ----------------------------------------------------------------------------
+CONFIG_DEFAULTS = {
+ 'soledad-server': {
+ 'couch_url': 'http://localhost:5984',
+ 'create_cmd': None,
+ 'admin_netrc': '/etc/couchdb/couchdb-admin.netrc',
+ },
+ 'database-security': {
+ 'members': ['soledad'],
+ 'members_roles': [],
+ 'admins': [],
+ 'admins_roles': []
+ }
+}
+
def load_configuration(file_path):
"""
@@ -283,17 +297,18 @@ def load_configuration(file_path):
@return: A dictionary with the configuration.
@rtype: dict
"""
- defaults = {
- 'couch_url': 'http://localhost:5984',
- 'create_cmd': None,
- 'admin_netrc': '/etc/couchdb/couchdb-admin.netrc',
- }
+ defaults = dict(CONFIG_DEFAULTS)
config = configparser.ConfigParser()
config.read(file_path)
- if 'soledad-server' in config:
- for key in defaults:
- if key in config['soledad-server']:
- defaults[key] = config['soledad-server'][key]
+ for section in defaults.keys():
+ if section in config:
+ for key in defaults[section]:
+ if key in config[section]:
+ defaults[section][key] = config[section][key]
+ for key, value in defaults['database-security'].iteritems():
+ if type(value) is not unicode: continue
+ defaults['database-security'][key] = \
+ [item.strip() for item in value.split(',')]
# TODO: implement basic parsing/sanitization of options comming from
# config file.
return defaults
@@ -305,6 +320,7 @@ def load_configuration(file_path):
def application(environ, start_response):
conf = load_configuration('/etc/soledad/soledad-server.conf')
+ conf = conf['soledad-server']
state = CouchServerState(conf['couch_url'], create_cmd=conf['create_cmd'])
# WSGI application that may be used by `twistd -web`
application = GzipMiddleware(