From f8d38125098829fe50199725545365d6d2a889a6 Mon Sep 17 00:00:00 2001 From: Victor Shyba Date: Mon, 26 Oct 2015 18:50:20 -0300 Subject: [feat] read security doc from configuration LEAP Platform needs to granularly allow access on user database for other services, like mx. This is now possible by editing soledad-server.conf file. A new section 'database-security' was added and it is parsed during 'create-user-db' to be set on security design document, present on every per-user database. --- server/pkg/create-user-db | 7 +++++-- 1 file changed, 5 insertions(+), 2 deletions(-) (limited to 'server/pkg') diff --git a/server/pkg/create-user-db b/server/pkg/create-user-db index 7eafc945..28d1cbd0 100755 --- a/server/pkg/create-user-db +++ b/server/pkg/create-user-db @@ -31,7 +31,8 @@ This is meant to be used by Soledad Server. parser = argparse.ArgumentParser(description=description) parser.add_argument('dbname', metavar='user-d34db33f', type=str, help='database name on the format user-{uuid4}') -NETRC_PATH = load_configuration('/etc/soledad/soledad-server.conf')['admin_netrc'] +CONF = load_configuration('/etc/soledad/soledad-server.conf') +NETRC_PATH = CONF['soledad-server']['admin_netrc'] def url_for_db(dbname): @@ -54,7 +55,9 @@ if __name__ == '__main__': print ("Invalid name! %s" % args.dbname) sys.exit(1) url = url_for_db(args.dbname) + db_security = CONF['database-security'] db = CouchDatabase.open_database(url=url, create=True, - replica_uid=None, ensure_ddocs=True) + replica_uid=None, ensure_ddocs=True, + database_security=db_security) print ('success! Created %s, replica_uid: %s' % (db._dbname, db.replica_uid)) -- cgit v1.2.3 From bc8e8bea61b01e0b93593e24a816574f5a19ac61 Mon Sep 17 00:00:00 2001 From: Victor Shyba Date: Tue, 27 Oct 2015 13:30:07 -0300 Subject: [feat] adds --migrate-all to create-user-db script This parameter applies the ensure_database to all existing databases, making all of them use the latest design documents. This can be used to migrate security documents, update handlers or any other kind of design document. --- server/pkg/create-user-db | 35 +++++++++++++++++++++++++++++------ 1 file changed, 29 insertions(+), 6 deletions(-) (limited to 'server/pkg') diff --git a/server/pkg/create-user-db b/server/pkg/create-user-db index 28d1cbd0..ae5d15dc 100755 --- a/server/pkg/create-user-db +++ b/server/pkg/create-user-db @@ -21,6 +21,7 @@ import netrc import argparse from leap.soledad.common.couch import CouchDatabase from leap.soledad.common.couch import is_db_name_valid +from leap.soledad.common.couch import list_users_dbs from leap.soledad.server import load_configuration @@ -30,7 +31,10 @@ This is meant to be used by Soledad Server. """ parser = argparse.ArgumentParser(description=description) parser.add_argument('dbname', metavar='user-d34db33f', type=str, + default='', nargs='?', help='database name on the format user-{uuid4}') +parser.add_argument('--migrate-all', action='store_true', + help="recreate all design docs for all existing account") CONF = load_configuration('/etc/soledad/soledad-server.conf') NETRC_PATH = CONF['soledad-server']['admin_netrc'] @@ -49,15 +53,34 @@ def url_for_db(dbname): return url -if __name__ == '__main__': - args = parser.parse_args() - if not is_db_name_valid(args.dbname): - print ("Invalid name! %s" % args.dbname) +def ensure_database(dbname): + """ + This method will ensure that a database named `dbname` will exist + or created if it doesn't. Calling it twice will ensure that design + documents are present and updated. + The database name has to match this criteria to be considered valid: + user-[a-f0-9]+ + + :param dbname: name of the user database + :type dbname: str + """ + if not is_db_name_valid(dbname): + print ("Invalid name! %s" % dbname) sys.exit(1) - url = url_for_db(args.dbname) + url = url_for_db(dbname) db_security = CONF['database-security'] db = CouchDatabase.open_database(url=url, create=True, replica_uid=None, ensure_ddocs=True, database_security=db_security) - print ('success! Created %s, replica_uid: %s' % + print ('success! Ensured that database %s exists, with replica_uid: %s' % (db._dbname, db.replica_uid)) + + +if __name__ == '__main__': + args = parser.parse_args() + if args.migrate_all: + couch_url = url_for_db('') + for dbname in list_users_dbs(couch_url): + ensure_database(dbname) + else: + ensure_database(args.dbname) -- cgit v1.2.3 From 36f476c53f6f3532652d7428e306dcef1c37f879 Mon Sep 17 00:00:00 2001 From: Ruben Pollan Date: Fri, 30 Oct 2015 16:26:07 +0100 Subject: [feat] bump twisted dependency to 12.3.0 Needed after the SSL monkeypatch removal at 3b869fb7f --- server/pkg/requirements.pip | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'server/pkg') diff --git a/server/pkg/requirements.pip b/server/pkg/requirements.pip index 58834d0e..f9cce08e 100644 --- a/server/pkg/requirements.pip +++ b/server/pkg/requirements.pip @@ -2,7 +2,7 @@ configparser u1db routes PyOpenSSL -twisted +twisted>=12.3.0 #pinned for wheezy compatibility Beaker==1.6.3 #wheezy couchdb==0.8 #wheezy -- cgit v1.2.3 From b0557f9c1d5e6f153f926ba3cb5876453ef23a10 Mon Sep 17 00:00:00 2001 From: Victor Shyba Date: Thu, 1 Oct 2015 15:07:25 -0300 Subject: [refactor] separate SoledadBackend from CouchDatabase CouchDatabase was renamed to SoledadBackend and a new class CouchDatabase was created to hold all couchdb code. This should make SoledadBackend less tied to database implementation. A few more separations are needed to split into modules. --- server/pkg/create-user-db | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) (limited to 'server/pkg') diff --git a/server/pkg/create-user-db b/server/pkg/create-user-db index ae5d15dc..a8ba3833 100755 --- a/server/pkg/create-user-db +++ b/server/pkg/create-user-db @@ -19,7 +19,7 @@ import os import sys import netrc import argparse -from leap.soledad.common.couch import CouchDatabase +from leap.soledad.common.couch import SoledadBackend from leap.soledad.common.couch import is_db_name_valid from leap.soledad.common.couch import list_users_dbs from leap.soledad.server import load_configuration @@ -69,7 +69,7 @@ def ensure_database(dbname): sys.exit(1) url = url_for_db(dbname) db_security = CONF['database-security'] - db = CouchDatabase.open_database(url=url, create=True, + db = SoledadBackend.open_database(url=url, create=True, replica_uid=None, ensure_ddocs=True, database_security=db_security) print ('success! Ensured that database %s exists, with replica_uid: %s' % -- cgit v1.2.3 From f0b96af943dcb6c8cde4f6d4280186d78c78096c Mon Sep 17 00:00:00 2001 From: Victor Shyba Date: Tue, 13 Oct 2015 21:34:40 -0300 Subject: [refactor] split out backend from couch database First step of splitting classes across files on common. backend.py holds SoledadBackend (generic backend logic) couch/ is now a directory with old code inside __init__.py and CouchServerState on state.py Also removed mock IndexedSoledadBackend, since Soledad does not support indexing due to encryption on server side. Also fixed DesignDocUnknownError to show up what is the message of the original exception. It was being lost. --- server/pkg/create-user-db | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) (limited to 'server/pkg') diff --git a/server/pkg/create-user-db b/server/pkg/create-user-db index a8ba3833..54856643 100755 --- a/server/pkg/create-user-db +++ b/server/pkg/create-user-db @@ -19,8 +19,8 @@ import os import sys import netrc import argparse -from leap.soledad.common.couch import SoledadBackend -from leap.soledad.common.couch import is_db_name_valid +from leap.soledad.common.couch import CouchDatabase +from leap.soledad.common.couch.state import is_db_name_valid from leap.soledad.common.couch import list_users_dbs from leap.soledad.server import load_configuration @@ -69,7 +69,7 @@ def ensure_database(dbname): sys.exit(1) url = url_for_db(dbname) db_security = CONF['database-security'] - db = SoledadBackend.open_database(url=url, create=True, + db = CouchDatabase.open_database(url=url, create=True, replica_uid=None, ensure_ddocs=True, database_security=db_security) print ('success! Ensured that database %s exists, with replica_uid: %s' % -- cgit v1.2.3