2014-12-17 00:00:14 -05:00
|
|
|
"""ApacheParser is a member object of the ApacheConfigurator class."""
|
2017-09-25 15:03:09 -04:00
|
|
|
import copy
|
2015-07-14 02:18:33 -04:00
|
|
|
import fnmatch
|
2015-07-01 19:50:48 -04:00
|
|
|
import logging
|
2014-12-17 00:00:14 -05:00
|
|
|
import re
|
2022-01-21 04:15:48 -05:00
|
|
|
from typing import Collection
|
2021-03-09 19:12:32 -05:00
|
|
|
from typing import Dict
|
2022-01-21 04:15:48 -05:00
|
|
|
from typing import Iterable
|
2021-03-09 19:12:32 -05:00
|
|
|
from typing import List
|
2022-01-21 04:15:48 -05:00
|
|
|
from typing import Mapping
|
2021-04-05 18:04:21 -04:00
|
|
|
from typing import Optional
|
2022-01-21 04:15:48 -05:00
|
|
|
from typing import Pattern
|
|
|
|
|
from typing import Set
|
|
|
|
|
from typing import Tuple
|
2022-01-31 03:17:40 -05:00
|
|
|
from typing import TYPE_CHECKING
|
2022-01-21 04:15:48 -05:00
|
|
|
from typing import Union
|
2021-03-09 19:12:32 -05:00
|
|
|
|
2022-01-31 03:17:40 -05:00
|
|
|
from certbot import errors
|
|
|
|
|
from certbot.compat import os
|
2023-02-10 13:51:20 -05:00
|
|
|
from certbot_apache._internal import apache_util
|
|
|
|
|
from certbot_apache._internal import constants
|
2022-01-31 03:17:40 -05:00
|
|
|
|
2022-01-21 04:15:48 -05:00
|
|
|
if TYPE_CHECKING:
|
|
|
|
|
from certbot_apache._internal.configurator import ApacheConfigurator # pragma: no cover
|
|
|
|
|
|
2021-04-05 18:04:21 -04:00
|
|
|
try:
|
|
|
|
|
from augeas import Augeas
|
|
|
|
|
except ImportError: # pragma: no cover
|
2021-10-24 18:43:21 -04:00
|
|
|
Augeas = None
|
2021-04-05 18:04:21 -04:00
|
|
|
|
2015-07-01 19:50:48 -04:00
|
|
|
logger = logging.getLogger(__name__)
|
|
|
|
|
|
|
|
|
|
|
2021-02-25 17:59:00 -05:00
|
|
|
class ApacheParser:
|
2015-02-02 16:11:59 -05:00
|
|
|
"""Class handles the fine details of parsing the Apache Configuration.
|
|
|
|
|
|
2015-07-09 19:15:45 -04:00
|
|
|
.. todo:: Make parsing general... remove sites-available etc...
|
|
|
|
|
|
2015-07-07 16:18:22 -04:00
|
|
|
:ivar str root: Normalized absolute path to the server root
|
2015-02-02 16:11:59 -05:00
|
|
|
directory. Without trailing slash.
|
2015-07-23 04:34:51 -04:00
|
|
|
:ivar set modules: All module names that are currently enabled.
|
|
|
|
|
:ivar dict loc: Location to place directives, root - configuration origin,
|
|
|
|
|
default - user config file, name - NameVirtualHost,
|
2015-02-02 16:11:59 -05:00
|
|
|
|
|
|
|
|
"""
|
2022-01-21 04:15:48 -05:00
|
|
|
arg_var_interpreter: Pattern = re.compile(r"\$\{[^ \}]*}")
|
|
|
|
|
fnmatch_chars: Set[str] = {"*", "?", "\\", "[", "]"}
|
2015-07-19 05:22:10 -04:00
|
|
|
|
2022-08-29 13:05:48 -04:00
|
|
|
# pylint: disable=unused-argument
|
2022-01-21 04:15:48 -05:00
|
|
|
def __init__(self, root: str, configurator: "ApacheConfigurator",
|
|
|
|
|
vhostroot: str, version: Tuple[int, ...] = (2, 4)) -> None:
|
2015-07-23 04:34:51 -04:00
|
|
|
# Note: Order is important here.
|
|
|
|
|
|
2017-09-25 15:03:09 -04:00
|
|
|
# Needed for calling save() with reverter functionality that resides in
|
|
|
|
|
# AugeasConfigurator superclass of ApacheConfigurator. This resolves
|
|
|
|
|
# issues with aug.load() after adding new files / defines to parse tree
|
|
|
|
|
self.configurator = configurator
|
|
|
|
|
|
2019-06-28 11:39:13 -04:00
|
|
|
# Initialize augeas
|
2022-01-21 04:15:48 -05:00
|
|
|
self.aug: Augeas = init_augeas()
|
2019-06-28 11:39:13 -04:00
|
|
|
|
|
|
|
|
if not self.check_aug_version():
|
|
|
|
|
raise errors.NotSupportedError(
|
|
|
|
|
"Apache plugin support requires libaugeas0 and augeas-lenses "
|
|
|
|
|
"version 1.2.0 or higher, please make sure you have you have "
|
|
|
|
|
"those installed.")
|
|
|
|
|
|
2021-04-05 18:04:21 -04:00
|
|
|
self.modules: Dict[str, Optional[str]] = {}
|
2021-03-10 14:51:27 -05:00
|
|
|
self.parser_paths: Dict[str, List[str]] = {}
|
|
|
|
|
self.variables: Dict[str, str] = {}
|
2015-07-01 21:07:53 -04:00
|
|
|
|
2015-07-19 22:49:44 -04:00
|
|
|
# Find configuration root and make sure augeas can parse it.
|
2022-01-21 04:15:48 -05:00
|
|
|
self.root: str = os.path.abspath(root)
|
|
|
|
|
self.loc: Dict[str, str] = {"root": self._find_config_root()}
|
2017-09-25 15:03:09 -04:00
|
|
|
self.parse_file(self.loc["root"])
|
2015-12-06 18:15:29 -05:00
|
|
|
|
2022-08-29 13:05:48 -04:00
|
|
|
# Look up variables from httpd and add to DOM if not already parsed
|
|
|
|
|
self.update_runtime_variables()
|
Distribution specific override functionality based on class inheritance (#5202)
Class inheritance based approach to distro specific overrides.
How it works:
The certbot-apache plugin entrypoint has been changed to entrypoint.ENTRYPOINT which is a variable containing appropriate override class for system, if available.
Override classes register themselves using decorator override.register() which takes a list of distribution fingerprints (ID & LIKE variables in /etc/os-release, or platform.linux_distribution() as a fallback). These end up as keys in dict override.OVERRIDE_CLASSES and values for the keys are references to the class that called the decorator, hence allowing self-registration of override classes when they are imported. The only file importing these override classes is entrypoint.py, so adding new override classes would need only one import in addition to the actual override class file.
Generic changes:
Parser initialization has been moved to separate class method, allowing easy override where needed.
Cleaned up configurator.py a bit, and moved some helper functions to newly created apache_util.py
Split Debian specific code from configurator.py to debian_override.py
Changed define_cmd to apache_cmd because the parameters are for every distribution supporting this behavior, and we're able to use the value to build the additional configuration dump commands.
Moved add_parser_mod() from configurator to parser add_mod()
Added two new configuration dump parsing methods to update_runtime_variables() in parser: update_includes() and update_modules().
Changed init_modules() in parser to accommodate the changes above. (ie. don't throw existing self.modules out).
Moved OS based constants to their respective override classes.
Refactored configurator class discovery in tests to help easier test case creation using distribution based override configurator class.
tests.util.get_apache_configurator() now takes keyword argument os_info which is string of the desired mock OS fingerprint response that's used for picking the right override class.
This PR includes two major generic additions that should vastly improve our parsing accuracy and quality:
Includes are parsed from config dump from httpd binary. This is mandatory for some distributions (Like OpenSUSE) to get visibility over the whole configuration tree because of Include statements passed on in command line, and not via root httpd.conf file.
Modules are parsed from config dump from httpd binary. This lets us jump into correct IfModule directives if for some reason we have missed the module availability (because of one being included on command line or such).
Distribution specific changes
Because of the generic changes, there are two distributions (or distribution families) that do not provide such functionality, so it had to be overridden in their respective override files. These distributions are:
CentOS, because it deliberately limits httpd binary stdout using SELinux as a feature. We are doing opportunistic config dumps here however, in case SELinux enforcing is off.
Gentoo, because it does not provide a way to invoke httpd with command line parsed from its specific configuration file. Gentoo relies heavily on Define statements that are passed over from APACHE2_OPTS variable /etc/conf.d/apache2 file and most of the configuration in root Apache configuration are dependent on these values.
Debian
Moved the Debian specific parts from configurator.py to Debian specific override.
CentOS
Parsing of /etc/sysconfig/httpd file for additional Define statements. This could hold other parameters too, but parsing everything off it would require a full Apache lexer. For CLI parameters, I think Defines are the most common ones. This is done in addition of opportunistic parsing of httpd binary config dump.
Added CentOS default Apache configuration tree for realistic test cases.
Gentoo
Parsing Defines from /etc/conf.d/apache2 variable APACHE2_OPTS, which holds additional Define statements to enable certain functionalities, enabling parts of the configuration in the Apache2 DOM. This is done instead of trying to parse httpd binary configuration dumps.
Added default Apache configuration from Gentoo to testdata, including /etc/conf.d/apache2 file for realistic test cases.
* Distribution specific override functionality based on class inheritance
* Need to patch get_systemd_os_like to as travis has proper os-release
* Added pydoc
* Move parser initialization to a method and fix Python 3 __new__ errors
* Parser changes to parse HTTPD config
* Try to get modules and includes from httpd process for better visibility over the configuration
* Had to disable duplicate-code because of test setup (PyCQA/pylint/issues/214)
* CentOS tests and linter fixes
* Gentoo override, tests and linter fixes
* Mock the process call in all the tests that require it
* Fix CentOS test mock
* Restore reseting modules list functionality for cleanup
* Move OS fingerprinting and constant mocks to parent class
* Fixes requested in review
* New entrypoint structure and started moving OS constants to override classes
* OS constants move continued, test and linter fixes
* Removed dead code
* Apache compatibility test changest to reflect OS constant restructure
* Test fix
* Requested changes
* Moved Debian specific tests to own test file
* Removed decorator based override class registration in favor of entrypoint dict
* Fix for update_includes for some versions of Augeas
* Take fedora fix into account in tests
* Review fixes
2017-12-04 14:49:18 -05:00
|
|
|
|
2014-12-17 00:00:14 -05:00
|
|
|
# This problem has been fixed in Augeas 1.0
|
|
|
|
|
self.standardize_excl()
|
2015-07-01 21:07:53 -04:00
|
|
|
|
Distribution specific override functionality based on class inheritance (#5202)
Class inheritance based approach to distro specific overrides.
How it works:
The certbot-apache plugin entrypoint has been changed to entrypoint.ENTRYPOINT which is a variable containing appropriate override class for system, if available.
Override classes register themselves using decorator override.register() which takes a list of distribution fingerprints (ID & LIKE variables in /etc/os-release, or platform.linux_distribution() as a fallback). These end up as keys in dict override.OVERRIDE_CLASSES and values for the keys are references to the class that called the decorator, hence allowing self-registration of override classes when they are imported. The only file importing these override classes is entrypoint.py, so adding new override classes would need only one import in addition to the actual override class file.
Generic changes:
Parser initialization has been moved to separate class method, allowing easy override where needed.
Cleaned up configurator.py a bit, and moved some helper functions to newly created apache_util.py
Split Debian specific code from configurator.py to debian_override.py
Changed define_cmd to apache_cmd because the parameters are for every distribution supporting this behavior, and we're able to use the value to build the additional configuration dump commands.
Moved add_parser_mod() from configurator to parser add_mod()
Added two new configuration dump parsing methods to update_runtime_variables() in parser: update_includes() and update_modules().
Changed init_modules() in parser to accommodate the changes above. (ie. don't throw existing self.modules out).
Moved OS based constants to their respective override classes.
Refactored configurator class discovery in tests to help easier test case creation using distribution based override configurator class.
tests.util.get_apache_configurator() now takes keyword argument os_info which is string of the desired mock OS fingerprint response that's used for picking the right override class.
This PR includes two major generic additions that should vastly improve our parsing accuracy and quality:
Includes are parsed from config dump from httpd binary. This is mandatory for some distributions (Like OpenSUSE) to get visibility over the whole configuration tree because of Include statements passed on in command line, and not via root httpd.conf file.
Modules are parsed from config dump from httpd binary. This lets us jump into correct IfModule directives if for some reason we have missed the module availability (because of one being included on command line or such).
Distribution specific changes
Because of the generic changes, there are two distributions (or distribution families) that do not provide such functionality, so it had to be overridden in their respective override files. These distributions are:
CentOS, because it deliberately limits httpd binary stdout using SELinux as a feature. We are doing opportunistic config dumps here however, in case SELinux enforcing is off.
Gentoo, because it does not provide a way to invoke httpd with command line parsed from its specific configuration file. Gentoo relies heavily on Define statements that are passed over from APACHE2_OPTS variable /etc/conf.d/apache2 file and most of the configuration in root Apache configuration are dependent on these values.
Debian
Moved the Debian specific parts from configurator.py to Debian specific override.
CentOS
Parsing of /etc/sysconfig/httpd file for additional Define statements. This could hold other parameters too, but parsing everything off it would require a full Apache lexer. For CLI parameters, I think Defines are the most common ones. This is done in addition of opportunistic parsing of httpd binary config dump.
Added CentOS default Apache configuration tree for realistic test cases.
Gentoo
Parsing Defines from /etc/conf.d/apache2 variable APACHE2_OPTS, which holds additional Define statements to enable certain functionalities, enabling parts of the configuration in the Apache2 DOM. This is done instead of trying to parse httpd binary configuration dumps.
Added default Apache configuration from Gentoo to testdata, including /etc/conf.d/apache2 file for realistic test cases.
* Distribution specific override functionality based on class inheritance
* Need to patch get_systemd_os_like to as travis has proper os-release
* Added pydoc
* Move parser initialization to a method and fix Python 3 __new__ errors
* Parser changes to parse HTTPD config
* Try to get modules and includes from httpd process for better visibility over the configuration
* Had to disable duplicate-code because of test setup (PyCQA/pylint/issues/214)
* CentOS tests and linter fixes
* Gentoo override, tests and linter fixes
* Mock the process call in all the tests that require it
* Fix CentOS test mock
* Restore reseting modules list functionality for cleanup
* Move OS fingerprinting and constant mocks to parent class
* Fixes requested in review
* New entrypoint structure and started moving OS constants to override classes
* OS constants move continued, test and linter fixes
* Removed dead code
* Apache compatibility test changest to reflect OS constant restructure
* Test fix
* Requested changes
* Moved Debian specific tests to own test file
* Removed decorator based override class registration in favor of entrypoint dict
* Fix for update_includes for some versions of Augeas
* Take fedora fix into account in tests
* Review fixes
2017-12-04 14:49:18 -05:00
|
|
|
# Parse LoadModule directives from configuration files
|
|
|
|
|
self.parse_modules()
|
2015-07-01 19:50:48 -04:00
|
|
|
|
2015-07-23 04:34:51 -04:00
|
|
|
# Set up rest of locations
|
|
|
|
|
self.loc.update(self._set_locations())
|
2015-07-19 22:49:44 -04:00
|
|
|
|
Distribution specific override functionality based on class inheritance (#5202)
Class inheritance based approach to distro specific overrides.
How it works:
The certbot-apache plugin entrypoint has been changed to entrypoint.ENTRYPOINT which is a variable containing appropriate override class for system, if available.
Override classes register themselves using decorator override.register() which takes a list of distribution fingerprints (ID & LIKE variables in /etc/os-release, or platform.linux_distribution() as a fallback). These end up as keys in dict override.OVERRIDE_CLASSES and values for the keys are references to the class that called the decorator, hence allowing self-registration of override classes when they are imported. The only file importing these override classes is entrypoint.py, so adding new override classes would need only one import in addition to the actual override class file.
Generic changes:
Parser initialization has been moved to separate class method, allowing easy override where needed.
Cleaned up configurator.py a bit, and moved some helper functions to newly created apache_util.py
Split Debian specific code from configurator.py to debian_override.py
Changed define_cmd to apache_cmd because the parameters are for every distribution supporting this behavior, and we're able to use the value to build the additional configuration dump commands.
Moved add_parser_mod() from configurator to parser add_mod()
Added two new configuration dump parsing methods to update_runtime_variables() in parser: update_includes() and update_modules().
Changed init_modules() in parser to accommodate the changes above. (ie. don't throw existing self.modules out).
Moved OS based constants to their respective override classes.
Refactored configurator class discovery in tests to help easier test case creation using distribution based override configurator class.
tests.util.get_apache_configurator() now takes keyword argument os_info which is string of the desired mock OS fingerprint response that's used for picking the right override class.
This PR includes two major generic additions that should vastly improve our parsing accuracy and quality:
Includes are parsed from config dump from httpd binary. This is mandatory for some distributions (Like OpenSUSE) to get visibility over the whole configuration tree because of Include statements passed on in command line, and not via root httpd.conf file.
Modules are parsed from config dump from httpd binary. This lets us jump into correct IfModule directives if for some reason we have missed the module availability (because of one being included on command line or such).
Distribution specific changes
Because of the generic changes, there are two distributions (or distribution families) that do not provide such functionality, so it had to be overridden in their respective override files. These distributions are:
CentOS, because it deliberately limits httpd binary stdout using SELinux as a feature. We are doing opportunistic config dumps here however, in case SELinux enforcing is off.
Gentoo, because it does not provide a way to invoke httpd with command line parsed from its specific configuration file. Gentoo relies heavily on Define statements that are passed over from APACHE2_OPTS variable /etc/conf.d/apache2 file and most of the configuration in root Apache configuration are dependent on these values.
Debian
Moved the Debian specific parts from configurator.py to Debian specific override.
CentOS
Parsing of /etc/sysconfig/httpd file for additional Define statements. This could hold other parameters too, but parsing everything off it would require a full Apache lexer. For CLI parameters, I think Defines are the most common ones. This is done in addition of opportunistic parsing of httpd binary config dump.
Added CentOS default Apache configuration tree for realistic test cases.
Gentoo
Parsing Defines from /etc/conf.d/apache2 variable APACHE2_OPTS, which holds additional Define statements to enable certain functionalities, enabling parts of the configuration in the Apache2 DOM. This is done instead of trying to parse httpd binary configuration dumps.
Added default Apache configuration from Gentoo to testdata, including /etc/conf.d/apache2 file for realistic test cases.
* Distribution specific override functionality based on class inheritance
* Need to patch get_systemd_os_like to as travis has proper os-release
* Added pydoc
* Move parser initialization to a method and fix Python 3 __new__ errors
* Parser changes to parse HTTPD config
* Try to get modules and includes from httpd process for better visibility over the configuration
* Had to disable duplicate-code because of test setup (PyCQA/pylint/issues/214)
* CentOS tests and linter fixes
* Gentoo override, tests and linter fixes
* Mock the process call in all the tests that require it
* Fix CentOS test mock
* Restore reseting modules list functionality for cleanup
* Move OS fingerprinting and constant mocks to parent class
* Fixes requested in review
* New entrypoint structure and started moving OS constants to override classes
* OS constants move continued, test and linter fixes
* Removed dead code
* Apache compatibility test changest to reflect OS constant restructure
* Test fix
* Requested changes
* Moved Debian specific tests to own test file
* Removed decorator based override class registration in favor of entrypoint dict
* Fix for update_includes for some versions of Augeas
* Take fedora fix into account in tests
* Review fixes
2017-12-04 14:49:18 -05:00
|
|
|
# list of the active include paths, before modifications
|
2017-09-25 15:03:09 -04:00
|
|
|
self.existing_paths = copy.deepcopy(self.parser_paths)
|
|
|
|
|
|
|
|
|
|
# Must also attempt to parse additional virtual host root
|
|
|
|
|
if vhostroot:
|
|
|
|
|
self.parse_file(os.path.abspath(vhostroot) + "/" +
|
2021-04-13 14:18:49 -04:00
|
|
|
self.configurator.options.vhost_files)
|
2015-12-06 18:15:29 -05:00
|
|
|
|
2022-01-21 04:15:48 -05:00
|
|
|
def check_parsing_errors(self, lens: str) -> None:
|
2019-06-28 11:39:13 -04:00
|
|
|
"""Verify Augeas can parse all of the lens files.
|
|
|
|
|
|
|
|
|
|
:param str lens: lens to check for errors
|
|
|
|
|
|
|
|
|
|
:raises .errors.PluginError: If there has been an error in parsing with
|
|
|
|
|
the specified lens.
|
|
|
|
|
|
|
|
|
|
"""
|
|
|
|
|
error_files = self.aug.match("/augeas//error")
|
|
|
|
|
|
|
|
|
|
for path in error_files:
|
|
|
|
|
# Check to see if it was an error resulting from the use of
|
|
|
|
|
# the httpd lens
|
|
|
|
|
lens_path = self.aug.get(path + "/lens")
|
|
|
|
|
# As aug.get may return null
|
|
|
|
|
if lens_path and lens in lens_path:
|
|
|
|
|
msg = (
|
|
|
|
|
"There has been an error in parsing the file {0} on line {1}: "
|
|
|
|
|
"{2}".format(
|
|
|
|
|
# Strip off /augeas/files and /error
|
|
|
|
|
path[13:len(path) - 6],
|
|
|
|
|
self.aug.get(path + "/line"),
|
|
|
|
|
self.aug.get(path + "/message")))
|
|
|
|
|
raise errors.PluginError(msg)
|
|
|
|
|
|
2022-01-31 03:17:40 -05:00
|
|
|
def check_aug_version(self) -> Union[bool, List[str]]:
|
2019-06-28 11:39:13 -04:00
|
|
|
""" Checks that we have recent enough version of libaugeas.
|
|
|
|
|
If augeas version is recent enough, it will support case insensitive
|
|
|
|
|
regexp matching"""
|
|
|
|
|
|
|
|
|
|
self.aug.set("/test/path/testing/arg", "aRgUMeNT")
|
|
|
|
|
try:
|
|
|
|
|
matches = self.aug.match(
|
|
|
|
|
"/test//*[self::arg=~regexp('argument', 'i')]")
|
|
|
|
|
except RuntimeError:
|
|
|
|
|
self.aug.remove("/test/path")
|
|
|
|
|
return False
|
|
|
|
|
self.aug.remove("/test/path")
|
|
|
|
|
return matches
|
|
|
|
|
|
2022-01-21 04:15:48 -05:00
|
|
|
def unsaved_files(self) -> Set[str]:
|
2019-06-28 11:39:13 -04:00
|
|
|
"""Lists files that have modified Augeas DOM but the changes have not
|
|
|
|
|
been written to the filesystem yet, used by `self.save()` and
|
|
|
|
|
ApacheConfigurator to check the file state.
|
|
|
|
|
|
|
|
|
|
:raises .errors.PluginError: If there was an error in Augeas, in
|
|
|
|
|
an attempt to save the configuration, or an error creating a
|
|
|
|
|
checkpoint
|
|
|
|
|
|
|
|
|
|
:returns: `set` of unsaved files
|
|
|
|
|
"""
|
|
|
|
|
save_state = self.aug.get("/augeas/save")
|
|
|
|
|
self.aug.set("/augeas/save", "noop")
|
|
|
|
|
# Existing Errors
|
|
|
|
|
ex_errs = self.aug.match("/augeas//error")
|
|
|
|
|
try:
|
|
|
|
|
# This is a noop save
|
|
|
|
|
self.aug.save()
|
|
|
|
|
except (RuntimeError, IOError):
|
|
|
|
|
self._log_save_errors(ex_errs)
|
|
|
|
|
# Erase Save Notes
|
|
|
|
|
self.configurator.save_notes = ""
|
|
|
|
|
raise errors.PluginError(
|
|
|
|
|
"Error saving files, check logs for more info.")
|
|
|
|
|
|
|
|
|
|
# Return the original save method
|
|
|
|
|
self.aug.set("/augeas/save", save_state)
|
|
|
|
|
|
|
|
|
|
# Retrieve list of modified files
|
|
|
|
|
# Note: Noop saves can cause the file to be listed twice, I used a
|
|
|
|
|
# set to remove this possibility. This is a known augeas 0.10 error.
|
|
|
|
|
save_paths = self.aug.match("/augeas/events/saved")
|
|
|
|
|
|
|
|
|
|
save_files = set()
|
|
|
|
|
if save_paths:
|
|
|
|
|
for path in save_paths:
|
|
|
|
|
save_files.add(self.aug.get(path)[6:])
|
|
|
|
|
return save_files
|
|
|
|
|
|
2022-01-21 04:15:48 -05:00
|
|
|
def ensure_augeas_state(self) -> None:
|
2019-06-28 11:39:13 -04:00
|
|
|
"""Makes sure that all Augeas dom changes are written to files to avoid
|
|
|
|
|
loss of configuration directives when doing additional augeas parsing,
|
|
|
|
|
causing a possible augeas.load() resulting dom reset
|
|
|
|
|
"""
|
|
|
|
|
|
|
|
|
|
if self.unsaved_files():
|
|
|
|
|
self.configurator.save_notes += "(autosave)"
|
|
|
|
|
self.configurator.save()
|
|
|
|
|
|
2022-01-21 04:15:48 -05:00
|
|
|
def save(self, save_files: Iterable[str]) -> None:
|
2019-06-28 11:39:13 -04:00
|
|
|
"""Saves all changes to the configuration files.
|
|
|
|
|
|
|
|
|
|
save() is called from ApacheConfigurator to handle the parser specific
|
|
|
|
|
tasks of saving.
|
|
|
|
|
|
|
|
|
|
:param list save_files: list of strings of file paths that we need to save.
|
|
|
|
|
|
|
|
|
|
"""
|
|
|
|
|
self.configurator.save_notes = ""
|
2022-01-24 12:33:11 -05:00
|
|
|
|
|
|
|
|
ex_errs = self.aug.match("/augeas//error")
|
|
|
|
|
try:
|
|
|
|
|
self.aug.save()
|
|
|
|
|
except IOError:
|
|
|
|
|
self._log_save_errors(ex_errs)
|
|
|
|
|
raise
|
2019-06-28 11:39:13 -04:00
|
|
|
|
|
|
|
|
# Force reload if files were modified
|
|
|
|
|
# This is needed to recalculate augeas directive span
|
|
|
|
|
if save_files:
|
|
|
|
|
for sf in save_files:
|
|
|
|
|
self.aug.remove("/files/"+sf)
|
|
|
|
|
self.aug.load()
|
|
|
|
|
|
2022-01-31 03:17:40 -05:00
|
|
|
def _log_save_errors(self, ex_errs: Iterable[str]) -> None:
|
2019-06-28 11:39:13 -04:00
|
|
|
"""Log errors due to bad Augeas save.
|
|
|
|
|
|
|
|
|
|
:param list ex_errs: Existing errors before save
|
|
|
|
|
|
|
|
|
|
"""
|
|
|
|
|
# Check for the root of save problems
|
2022-01-24 12:33:11 -05:00
|
|
|
new_errs = [e for e in self.aug.match("/augeas//error") if e not in ex_errs]
|
|
|
|
|
|
|
|
|
|
for err in new_errs:
|
|
|
|
|
logger.debug(
|
|
|
|
|
"Error %s saving %s: %s", self.aug.get(err), err[13:len(err) - 6],
|
|
|
|
|
self.aug.get(f"{err}/message"))
|
|
|
|
|
logger.error(
|
|
|
|
|
"Unable to save files: %s.%s", ", ".join(err[13:len(err) - 6] for err in new_errs),
|
|
|
|
|
f" Save Notes: {self.configurator.save_notes}" if self.configurator.save_notes else "")
|
2019-06-28 11:39:13 -04:00
|
|
|
|
2022-01-21 04:15:48 -05:00
|
|
|
def add_include(self, main_config: str, inc_path: str) -> None:
|
2017-09-25 15:03:09 -04:00
|
|
|
"""Add Include for a new configuration file if one does not exist
|
|
|
|
|
|
|
|
|
|
:param str main_config: file path to main Apache config file
|
|
|
|
|
:param str inc_path: path of file to include
|
|
|
|
|
|
|
|
|
|
"""
|
2018-05-14 12:33:30 -04:00
|
|
|
if not self.find_dir(case_i("Include"), inc_path):
|
2017-09-25 15:03:09 -04:00
|
|
|
logger.debug("Adding Include %s to %s",
|
|
|
|
|
inc_path, get_aug_path(main_config))
|
|
|
|
|
self.add_dir(
|
|
|
|
|
get_aug_path(main_config),
|
|
|
|
|
"Include", inc_path)
|
|
|
|
|
|
|
|
|
|
# Add new path to parser paths
|
|
|
|
|
new_dir = os.path.dirname(inc_path)
|
|
|
|
|
new_file = os.path.basename(inc_path)
|
2019-03-25 16:22:56 -04:00
|
|
|
self.existing_paths.setdefault(new_dir, []).append(new_file)
|
2017-09-25 15:03:09 -04:00
|
|
|
|
2022-01-21 04:15:48 -05:00
|
|
|
def add_mod(self, mod_name: str) -> None:
|
Distribution specific override functionality based on class inheritance (#5202)
Class inheritance based approach to distro specific overrides.
How it works:
The certbot-apache plugin entrypoint has been changed to entrypoint.ENTRYPOINT which is a variable containing appropriate override class for system, if available.
Override classes register themselves using decorator override.register() which takes a list of distribution fingerprints (ID & LIKE variables in /etc/os-release, or platform.linux_distribution() as a fallback). These end up as keys in dict override.OVERRIDE_CLASSES and values for the keys are references to the class that called the decorator, hence allowing self-registration of override classes when they are imported. The only file importing these override classes is entrypoint.py, so adding new override classes would need only one import in addition to the actual override class file.
Generic changes:
Parser initialization has been moved to separate class method, allowing easy override where needed.
Cleaned up configurator.py a bit, and moved some helper functions to newly created apache_util.py
Split Debian specific code from configurator.py to debian_override.py
Changed define_cmd to apache_cmd because the parameters are for every distribution supporting this behavior, and we're able to use the value to build the additional configuration dump commands.
Moved add_parser_mod() from configurator to parser add_mod()
Added two new configuration dump parsing methods to update_runtime_variables() in parser: update_includes() and update_modules().
Changed init_modules() in parser to accommodate the changes above. (ie. don't throw existing self.modules out).
Moved OS based constants to their respective override classes.
Refactored configurator class discovery in tests to help easier test case creation using distribution based override configurator class.
tests.util.get_apache_configurator() now takes keyword argument os_info which is string of the desired mock OS fingerprint response that's used for picking the right override class.
This PR includes two major generic additions that should vastly improve our parsing accuracy and quality:
Includes are parsed from config dump from httpd binary. This is mandatory for some distributions (Like OpenSUSE) to get visibility over the whole configuration tree because of Include statements passed on in command line, and not via root httpd.conf file.
Modules are parsed from config dump from httpd binary. This lets us jump into correct IfModule directives if for some reason we have missed the module availability (because of one being included on command line or such).
Distribution specific changes
Because of the generic changes, there are two distributions (or distribution families) that do not provide such functionality, so it had to be overridden in their respective override files. These distributions are:
CentOS, because it deliberately limits httpd binary stdout using SELinux as a feature. We are doing opportunistic config dumps here however, in case SELinux enforcing is off.
Gentoo, because it does not provide a way to invoke httpd with command line parsed from its specific configuration file. Gentoo relies heavily on Define statements that are passed over from APACHE2_OPTS variable /etc/conf.d/apache2 file and most of the configuration in root Apache configuration are dependent on these values.
Debian
Moved the Debian specific parts from configurator.py to Debian specific override.
CentOS
Parsing of /etc/sysconfig/httpd file for additional Define statements. This could hold other parameters too, but parsing everything off it would require a full Apache lexer. For CLI parameters, I think Defines are the most common ones. This is done in addition of opportunistic parsing of httpd binary config dump.
Added CentOS default Apache configuration tree for realistic test cases.
Gentoo
Parsing Defines from /etc/conf.d/apache2 variable APACHE2_OPTS, which holds additional Define statements to enable certain functionalities, enabling parts of the configuration in the Apache2 DOM. This is done instead of trying to parse httpd binary configuration dumps.
Added default Apache configuration from Gentoo to testdata, including /etc/conf.d/apache2 file for realistic test cases.
* Distribution specific override functionality based on class inheritance
* Need to patch get_systemd_os_like to as travis has proper os-release
* Added pydoc
* Move parser initialization to a method and fix Python 3 __new__ errors
* Parser changes to parse HTTPD config
* Try to get modules and includes from httpd process for better visibility over the configuration
* Had to disable duplicate-code because of test setup (PyCQA/pylint/issues/214)
* CentOS tests and linter fixes
* Gentoo override, tests and linter fixes
* Mock the process call in all the tests that require it
* Fix CentOS test mock
* Restore reseting modules list functionality for cleanup
* Move OS fingerprinting and constant mocks to parent class
* Fixes requested in review
* New entrypoint structure and started moving OS constants to override classes
* OS constants move continued, test and linter fixes
* Removed dead code
* Apache compatibility test changest to reflect OS constant restructure
* Test fix
* Requested changes
* Moved Debian specific tests to own test file
* Removed decorator based override class registration in favor of entrypoint dict
* Fix for update_includes for some versions of Augeas
* Take fedora fix into account in tests
* Review fixes
2017-12-04 14:49:18 -05:00
|
|
|
"""Shortcut for updating parser modules."""
|
|
|
|
|
if mod_name + "_module" not in self.modules:
|
2020-03-23 19:49:52 -04:00
|
|
|
self.modules[mod_name + "_module"] = None
|
Distribution specific override functionality based on class inheritance (#5202)
Class inheritance based approach to distro specific overrides.
How it works:
The certbot-apache plugin entrypoint has been changed to entrypoint.ENTRYPOINT which is a variable containing appropriate override class for system, if available.
Override classes register themselves using decorator override.register() which takes a list of distribution fingerprints (ID & LIKE variables in /etc/os-release, or platform.linux_distribution() as a fallback). These end up as keys in dict override.OVERRIDE_CLASSES and values for the keys are references to the class that called the decorator, hence allowing self-registration of override classes when they are imported. The only file importing these override classes is entrypoint.py, so adding new override classes would need only one import in addition to the actual override class file.
Generic changes:
Parser initialization has been moved to separate class method, allowing easy override where needed.
Cleaned up configurator.py a bit, and moved some helper functions to newly created apache_util.py
Split Debian specific code from configurator.py to debian_override.py
Changed define_cmd to apache_cmd because the parameters are for every distribution supporting this behavior, and we're able to use the value to build the additional configuration dump commands.
Moved add_parser_mod() from configurator to parser add_mod()
Added two new configuration dump parsing methods to update_runtime_variables() in parser: update_includes() and update_modules().
Changed init_modules() in parser to accommodate the changes above. (ie. don't throw existing self.modules out).
Moved OS based constants to their respective override classes.
Refactored configurator class discovery in tests to help easier test case creation using distribution based override configurator class.
tests.util.get_apache_configurator() now takes keyword argument os_info which is string of the desired mock OS fingerprint response that's used for picking the right override class.
This PR includes two major generic additions that should vastly improve our parsing accuracy and quality:
Includes are parsed from config dump from httpd binary. This is mandatory for some distributions (Like OpenSUSE) to get visibility over the whole configuration tree because of Include statements passed on in command line, and not via root httpd.conf file.
Modules are parsed from config dump from httpd binary. This lets us jump into correct IfModule directives if for some reason we have missed the module availability (because of one being included on command line or such).
Distribution specific changes
Because of the generic changes, there are two distributions (or distribution families) that do not provide such functionality, so it had to be overridden in their respective override files. These distributions are:
CentOS, because it deliberately limits httpd binary stdout using SELinux as a feature. We are doing opportunistic config dumps here however, in case SELinux enforcing is off.
Gentoo, because it does not provide a way to invoke httpd with command line parsed from its specific configuration file. Gentoo relies heavily on Define statements that are passed over from APACHE2_OPTS variable /etc/conf.d/apache2 file and most of the configuration in root Apache configuration are dependent on these values.
Debian
Moved the Debian specific parts from configurator.py to Debian specific override.
CentOS
Parsing of /etc/sysconfig/httpd file for additional Define statements. This could hold other parameters too, but parsing everything off it would require a full Apache lexer. For CLI parameters, I think Defines are the most common ones. This is done in addition of opportunistic parsing of httpd binary config dump.
Added CentOS default Apache configuration tree for realistic test cases.
Gentoo
Parsing Defines from /etc/conf.d/apache2 variable APACHE2_OPTS, which holds additional Define statements to enable certain functionalities, enabling parts of the configuration in the Apache2 DOM. This is done instead of trying to parse httpd binary configuration dumps.
Added default Apache configuration from Gentoo to testdata, including /etc/conf.d/apache2 file for realistic test cases.
* Distribution specific override functionality based on class inheritance
* Need to patch get_systemd_os_like to as travis has proper os-release
* Added pydoc
* Move parser initialization to a method and fix Python 3 __new__ errors
* Parser changes to parse HTTPD config
* Try to get modules and includes from httpd process for better visibility over the configuration
* Had to disable duplicate-code because of test setup (PyCQA/pylint/issues/214)
* CentOS tests and linter fixes
* Gentoo override, tests and linter fixes
* Mock the process call in all the tests that require it
* Fix CentOS test mock
* Restore reseting modules list functionality for cleanup
* Move OS fingerprinting and constant mocks to parent class
* Fixes requested in review
* New entrypoint structure and started moving OS constants to override classes
* OS constants move continued, test and linter fixes
* Removed dead code
* Apache compatibility test changest to reflect OS constant restructure
* Test fix
* Requested changes
* Moved Debian specific tests to own test file
* Removed decorator based override class registration in favor of entrypoint dict
* Fix for update_includes for some versions of Augeas
* Take fedora fix into account in tests
* Review fixes
2017-12-04 14:49:18 -05:00
|
|
|
if "mod_" + mod_name + ".c" not in self.modules:
|
2020-03-23 19:49:52 -04:00
|
|
|
self.modules["mod_" + mod_name + ".c"] = None
|
Distribution specific override functionality based on class inheritance (#5202)
Class inheritance based approach to distro specific overrides.
How it works:
The certbot-apache plugin entrypoint has been changed to entrypoint.ENTRYPOINT which is a variable containing appropriate override class for system, if available.
Override classes register themselves using decorator override.register() which takes a list of distribution fingerprints (ID & LIKE variables in /etc/os-release, or platform.linux_distribution() as a fallback). These end up as keys in dict override.OVERRIDE_CLASSES and values for the keys are references to the class that called the decorator, hence allowing self-registration of override classes when they are imported. The only file importing these override classes is entrypoint.py, so adding new override classes would need only one import in addition to the actual override class file.
Generic changes:
Parser initialization has been moved to separate class method, allowing easy override where needed.
Cleaned up configurator.py a bit, and moved some helper functions to newly created apache_util.py
Split Debian specific code from configurator.py to debian_override.py
Changed define_cmd to apache_cmd because the parameters are for every distribution supporting this behavior, and we're able to use the value to build the additional configuration dump commands.
Moved add_parser_mod() from configurator to parser add_mod()
Added two new configuration dump parsing methods to update_runtime_variables() in parser: update_includes() and update_modules().
Changed init_modules() in parser to accommodate the changes above. (ie. don't throw existing self.modules out).
Moved OS based constants to their respective override classes.
Refactored configurator class discovery in tests to help easier test case creation using distribution based override configurator class.
tests.util.get_apache_configurator() now takes keyword argument os_info which is string of the desired mock OS fingerprint response that's used for picking the right override class.
This PR includes two major generic additions that should vastly improve our parsing accuracy and quality:
Includes are parsed from config dump from httpd binary. This is mandatory for some distributions (Like OpenSUSE) to get visibility over the whole configuration tree because of Include statements passed on in command line, and not via root httpd.conf file.
Modules are parsed from config dump from httpd binary. This lets us jump into correct IfModule directives if for some reason we have missed the module availability (because of one being included on command line or such).
Distribution specific changes
Because of the generic changes, there are two distributions (or distribution families) that do not provide such functionality, so it had to be overridden in their respective override files. These distributions are:
CentOS, because it deliberately limits httpd binary stdout using SELinux as a feature. We are doing opportunistic config dumps here however, in case SELinux enforcing is off.
Gentoo, because it does not provide a way to invoke httpd with command line parsed from its specific configuration file. Gentoo relies heavily on Define statements that are passed over from APACHE2_OPTS variable /etc/conf.d/apache2 file and most of the configuration in root Apache configuration are dependent on these values.
Debian
Moved the Debian specific parts from configurator.py to Debian specific override.
CentOS
Parsing of /etc/sysconfig/httpd file for additional Define statements. This could hold other parameters too, but parsing everything off it would require a full Apache lexer. For CLI parameters, I think Defines are the most common ones. This is done in addition of opportunistic parsing of httpd binary config dump.
Added CentOS default Apache configuration tree for realistic test cases.
Gentoo
Parsing Defines from /etc/conf.d/apache2 variable APACHE2_OPTS, which holds additional Define statements to enable certain functionalities, enabling parts of the configuration in the Apache2 DOM. This is done instead of trying to parse httpd binary configuration dumps.
Added default Apache configuration from Gentoo to testdata, including /etc/conf.d/apache2 file for realistic test cases.
* Distribution specific override functionality based on class inheritance
* Need to patch get_systemd_os_like to as travis has proper os-release
* Added pydoc
* Move parser initialization to a method and fix Python 3 __new__ errors
* Parser changes to parse HTTPD config
* Try to get modules and includes from httpd process for better visibility over the configuration
* Had to disable duplicate-code because of test setup (PyCQA/pylint/issues/214)
* CentOS tests and linter fixes
* Gentoo override, tests and linter fixes
* Mock the process call in all the tests that require it
* Fix CentOS test mock
* Restore reseting modules list functionality for cleanup
* Move OS fingerprinting and constant mocks to parent class
* Fixes requested in review
* New entrypoint structure and started moving OS constants to override classes
* OS constants move continued, test and linter fixes
* Removed dead code
* Apache compatibility test changest to reflect OS constant restructure
* Test fix
* Requested changes
* Moved Debian specific tests to own test file
* Removed decorator based override class registration in favor of entrypoint dict
* Fix for update_includes for some versions of Augeas
* Take fedora fix into account in tests
* Review fixes
2017-12-04 14:49:18 -05:00
|
|
|
|
2022-01-21 04:15:48 -05:00
|
|
|
def reset_modules(self) -> None:
|
Distribution specific override functionality based on class inheritance (#5202)
Class inheritance based approach to distro specific overrides.
How it works:
The certbot-apache plugin entrypoint has been changed to entrypoint.ENTRYPOINT which is a variable containing appropriate override class for system, if available.
Override classes register themselves using decorator override.register() which takes a list of distribution fingerprints (ID & LIKE variables in /etc/os-release, or platform.linux_distribution() as a fallback). These end up as keys in dict override.OVERRIDE_CLASSES and values for the keys are references to the class that called the decorator, hence allowing self-registration of override classes when they are imported. The only file importing these override classes is entrypoint.py, so adding new override classes would need only one import in addition to the actual override class file.
Generic changes:
Parser initialization has been moved to separate class method, allowing easy override where needed.
Cleaned up configurator.py a bit, and moved some helper functions to newly created apache_util.py
Split Debian specific code from configurator.py to debian_override.py
Changed define_cmd to apache_cmd because the parameters are for every distribution supporting this behavior, and we're able to use the value to build the additional configuration dump commands.
Moved add_parser_mod() from configurator to parser add_mod()
Added two new configuration dump parsing methods to update_runtime_variables() in parser: update_includes() and update_modules().
Changed init_modules() in parser to accommodate the changes above. (ie. don't throw existing self.modules out).
Moved OS based constants to their respective override classes.
Refactored configurator class discovery in tests to help easier test case creation using distribution based override configurator class.
tests.util.get_apache_configurator() now takes keyword argument os_info which is string of the desired mock OS fingerprint response that's used for picking the right override class.
This PR includes two major generic additions that should vastly improve our parsing accuracy and quality:
Includes are parsed from config dump from httpd binary. This is mandatory for some distributions (Like OpenSUSE) to get visibility over the whole configuration tree because of Include statements passed on in command line, and not via root httpd.conf file.
Modules are parsed from config dump from httpd binary. This lets us jump into correct IfModule directives if for some reason we have missed the module availability (because of one being included on command line or such).
Distribution specific changes
Because of the generic changes, there are two distributions (or distribution families) that do not provide such functionality, so it had to be overridden in their respective override files. These distributions are:
CentOS, because it deliberately limits httpd binary stdout using SELinux as a feature. We are doing opportunistic config dumps here however, in case SELinux enforcing is off.
Gentoo, because it does not provide a way to invoke httpd with command line parsed from its specific configuration file. Gentoo relies heavily on Define statements that are passed over from APACHE2_OPTS variable /etc/conf.d/apache2 file and most of the configuration in root Apache configuration are dependent on these values.
Debian
Moved the Debian specific parts from configurator.py to Debian specific override.
CentOS
Parsing of /etc/sysconfig/httpd file for additional Define statements. This could hold other parameters too, but parsing everything off it would require a full Apache lexer. For CLI parameters, I think Defines are the most common ones. This is done in addition of opportunistic parsing of httpd binary config dump.
Added CentOS default Apache configuration tree for realistic test cases.
Gentoo
Parsing Defines from /etc/conf.d/apache2 variable APACHE2_OPTS, which holds additional Define statements to enable certain functionalities, enabling parts of the configuration in the Apache2 DOM. This is done instead of trying to parse httpd binary configuration dumps.
Added default Apache configuration from Gentoo to testdata, including /etc/conf.d/apache2 file for realistic test cases.
* Distribution specific override functionality based on class inheritance
* Need to patch get_systemd_os_like to as travis has proper os-release
* Added pydoc
* Move parser initialization to a method and fix Python 3 __new__ errors
* Parser changes to parse HTTPD config
* Try to get modules and includes from httpd process for better visibility over the configuration
* Had to disable duplicate-code because of test setup (PyCQA/pylint/issues/214)
* CentOS tests and linter fixes
* Gentoo override, tests and linter fixes
* Mock the process call in all the tests that require it
* Fix CentOS test mock
* Restore reseting modules list functionality for cleanup
* Move OS fingerprinting and constant mocks to parent class
* Fixes requested in review
* New entrypoint structure and started moving OS constants to override classes
* OS constants move continued, test and linter fixes
* Removed dead code
* Apache compatibility test changest to reflect OS constant restructure
* Test fix
* Requested changes
* Moved Debian specific tests to own test file
* Removed decorator based override class registration in favor of entrypoint dict
* Fix for update_includes for some versions of Augeas
* Take fedora fix into account in tests
* Review fixes
2017-12-04 14:49:18 -05:00
|
|
|
"""Reset the loaded modules list. This is called from cleanup to clear
|
|
|
|
|
temporarily loaded modules."""
|
2020-03-23 19:49:52 -04:00
|
|
|
self.modules = {}
|
Distribution specific override functionality based on class inheritance (#5202)
Class inheritance based approach to distro specific overrides.
How it works:
The certbot-apache plugin entrypoint has been changed to entrypoint.ENTRYPOINT which is a variable containing appropriate override class for system, if available.
Override classes register themselves using decorator override.register() which takes a list of distribution fingerprints (ID & LIKE variables in /etc/os-release, or platform.linux_distribution() as a fallback). These end up as keys in dict override.OVERRIDE_CLASSES and values for the keys are references to the class that called the decorator, hence allowing self-registration of override classes when they are imported. The only file importing these override classes is entrypoint.py, so adding new override classes would need only one import in addition to the actual override class file.
Generic changes:
Parser initialization has been moved to separate class method, allowing easy override where needed.
Cleaned up configurator.py a bit, and moved some helper functions to newly created apache_util.py
Split Debian specific code from configurator.py to debian_override.py
Changed define_cmd to apache_cmd because the parameters are for every distribution supporting this behavior, and we're able to use the value to build the additional configuration dump commands.
Moved add_parser_mod() from configurator to parser add_mod()
Added two new configuration dump parsing methods to update_runtime_variables() in parser: update_includes() and update_modules().
Changed init_modules() in parser to accommodate the changes above. (ie. don't throw existing self.modules out).
Moved OS based constants to their respective override classes.
Refactored configurator class discovery in tests to help easier test case creation using distribution based override configurator class.
tests.util.get_apache_configurator() now takes keyword argument os_info which is string of the desired mock OS fingerprint response that's used for picking the right override class.
This PR includes two major generic additions that should vastly improve our parsing accuracy and quality:
Includes are parsed from config dump from httpd binary. This is mandatory for some distributions (Like OpenSUSE) to get visibility over the whole configuration tree because of Include statements passed on in command line, and not via root httpd.conf file.
Modules are parsed from config dump from httpd binary. This lets us jump into correct IfModule directives if for some reason we have missed the module availability (because of one being included on command line or such).
Distribution specific changes
Because of the generic changes, there are two distributions (or distribution families) that do not provide such functionality, so it had to be overridden in their respective override files. These distributions are:
CentOS, because it deliberately limits httpd binary stdout using SELinux as a feature. We are doing opportunistic config dumps here however, in case SELinux enforcing is off.
Gentoo, because it does not provide a way to invoke httpd with command line parsed from its specific configuration file. Gentoo relies heavily on Define statements that are passed over from APACHE2_OPTS variable /etc/conf.d/apache2 file and most of the configuration in root Apache configuration are dependent on these values.
Debian
Moved the Debian specific parts from configurator.py to Debian specific override.
CentOS
Parsing of /etc/sysconfig/httpd file for additional Define statements. This could hold other parameters too, but parsing everything off it would require a full Apache lexer. For CLI parameters, I think Defines are the most common ones. This is done in addition of opportunistic parsing of httpd binary config dump.
Added CentOS default Apache configuration tree for realistic test cases.
Gentoo
Parsing Defines from /etc/conf.d/apache2 variable APACHE2_OPTS, which holds additional Define statements to enable certain functionalities, enabling parts of the configuration in the Apache2 DOM. This is done instead of trying to parse httpd binary configuration dumps.
Added default Apache configuration from Gentoo to testdata, including /etc/conf.d/apache2 file for realistic test cases.
* Distribution specific override functionality based on class inheritance
* Need to patch get_systemd_os_like to as travis has proper os-release
* Added pydoc
* Move parser initialization to a method and fix Python 3 __new__ errors
* Parser changes to parse HTTPD config
* Try to get modules and includes from httpd process for better visibility over the configuration
* Had to disable duplicate-code because of test setup (PyCQA/pylint/issues/214)
* CentOS tests and linter fixes
* Gentoo override, tests and linter fixes
* Mock the process call in all the tests that require it
* Fix CentOS test mock
* Restore reseting modules list functionality for cleanup
* Move OS fingerprinting and constant mocks to parent class
* Fixes requested in review
* New entrypoint structure and started moving OS constants to override classes
* OS constants move continued, test and linter fixes
* Removed dead code
* Apache compatibility test changest to reflect OS constant restructure
* Test fix
* Requested changes
* Moved Debian specific tests to own test file
* Removed decorator based override class registration in favor of entrypoint dict
* Fix for update_includes for some versions of Augeas
* Take fedora fix into account in tests
* Review fixes
2017-12-04 14:49:18 -05:00
|
|
|
self.update_modules()
|
|
|
|
|
self.parse_modules()
|
|
|
|
|
|
2022-01-21 04:15:48 -05:00
|
|
|
def parse_modules(self) -> None:
|
2015-07-08 20:17:54 -04:00
|
|
|
"""Iterates on the configuration until no new modules are loaded.
|
|
|
|
|
|
|
|
|
|
..todo:: This should be attempted to be done with a binary to avoid
|
2015-07-09 20:37:32 -04:00
|
|
|
the iteration issue. Else... parse and enable mods at same time.
|
2015-07-08 20:17:54 -04:00
|
|
|
|
|
|
|
|
"""
|
2021-03-10 14:51:27 -05:00
|
|
|
mods: Dict[str, str] = {}
|
2015-07-19 05:22:10 -04:00
|
|
|
matches = self.find_dir("LoadModule")
|
2015-07-01 19:50:48 -04:00
|
|
|
iterator = iter(matches)
|
2015-07-02 18:18:39 -04:00
|
|
|
# Make sure prev_size != cur_size for do: while: iteration
|
|
|
|
|
prev_size = -1
|
2015-07-01 19:50:48 -04:00
|
|
|
|
Distribution specific override functionality based on class inheritance (#5202)
Class inheritance based approach to distro specific overrides.
How it works:
The certbot-apache plugin entrypoint has been changed to entrypoint.ENTRYPOINT which is a variable containing appropriate override class for system, if available.
Override classes register themselves using decorator override.register() which takes a list of distribution fingerprints (ID & LIKE variables in /etc/os-release, or platform.linux_distribution() as a fallback). These end up as keys in dict override.OVERRIDE_CLASSES and values for the keys are references to the class that called the decorator, hence allowing self-registration of override classes when they are imported. The only file importing these override classes is entrypoint.py, so adding new override classes would need only one import in addition to the actual override class file.
Generic changes:
Parser initialization has been moved to separate class method, allowing easy override where needed.
Cleaned up configurator.py a bit, and moved some helper functions to newly created apache_util.py
Split Debian specific code from configurator.py to debian_override.py
Changed define_cmd to apache_cmd because the parameters are for every distribution supporting this behavior, and we're able to use the value to build the additional configuration dump commands.
Moved add_parser_mod() from configurator to parser add_mod()
Added two new configuration dump parsing methods to update_runtime_variables() in parser: update_includes() and update_modules().
Changed init_modules() in parser to accommodate the changes above. (ie. don't throw existing self.modules out).
Moved OS based constants to their respective override classes.
Refactored configurator class discovery in tests to help easier test case creation using distribution based override configurator class.
tests.util.get_apache_configurator() now takes keyword argument os_info which is string of the desired mock OS fingerprint response that's used for picking the right override class.
This PR includes two major generic additions that should vastly improve our parsing accuracy and quality:
Includes are parsed from config dump from httpd binary. This is mandatory for some distributions (Like OpenSUSE) to get visibility over the whole configuration tree because of Include statements passed on in command line, and not via root httpd.conf file.
Modules are parsed from config dump from httpd binary. This lets us jump into correct IfModule directives if for some reason we have missed the module availability (because of one being included on command line or such).
Distribution specific changes
Because of the generic changes, there are two distributions (or distribution families) that do not provide such functionality, so it had to be overridden in their respective override files. These distributions are:
CentOS, because it deliberately limits httpd binary stdout using SELinux as a feature. We are doing opportunistic config dumps here however, in case SELinux enforcing is off.
Gentoo, because it does not provide a way to invoke httpd with command line parsed from its specific configuration file. Gentoo relies heavily on Define statements that are passed over from APACHE2_OPTS variable /etc/conf.d/apache2 file and most of the configuration in root Apache configuration are dependent on these values.
Debian
Moved the Debian specific parts from configurator.py to Debian specific override.
CentOS
Parsing of /etc/sysconfig/httpd file for additional Define statements. This could hold other parameters too, but parsing everything off it would require a full Apache lexer. For CLI parameters, I think Defines are the most common ones. This is done in addition of opportunistic parsing of httpd binary config dump.
Added CentOS default Apache configuration tree for realistic test cases.
Gentoo
Parsing Defines from /etc/conf.d/apache2 variable APACHE2_OPTS, which holds additional Define statements to enable certain functionalities, enabling parts of the configuration in the Apache2 DOM. This is done instead of trying to parse httpd binary configuration dumps.
Added default Apache configuration from Gentoo to testdata, including /etc/conf.d/apache2 file for realistic test cases.
* Distribution specific override functionality based on class inheritance
* Need to patch get_systemd_os_like to as travis has proper os-release
* Added pydoc
* Move parser initialization to a method and fix Python 3 __new__ errors
* Parser changes to parse HTTPD config
* Try to get modules and includes from httpd process for better visibility over the configuration
* Had to disable duplicate-code because of test setup (PyCQA/pylint/issues/214)
* CentOS tests and linter fixes
* Gentoo override, tests and linter fixes
* Mock the process call in all the tests that require it
* Fix CentOS test mock
* Restore reseting modules list functionality for cleanup
* Move OS fingerprinting and constant mocks to parent class
* Fixes requested in review
* New entrypoint structure and started moving OS constants to override classes
* OS constants move continued, test and linter fixes
* Removed dead code
* Apache compatibility test changest to reflect OS constant restructure
* Test fix
* Requested changes
* Moved Debian specific tests to own test file
* Removed decorator based override class registration in favor of entrypoint dict
* Fix for update_includes for some versions of Augeas
* Take fedora fix into account in tests
* Review fixes
2017-12-04 14:49:18 -05:00
|
|
|
while len(mods) != prev_size:
|
|
|
|
|
prev_size = len(mods)
|
2015-07-01 19:50:48 -04:00
|
|
|
|
2021-02-09 14:43:15 -05:00
|
|
|
for match_name, match_filename in zip(
|
2015-07-02 18:18:39 -04:00
|
|
|
iterator, iterator):
|
2017-10-02 19:18:37 -04:00
|
|
|
mod_name = self.get_arg(match_name)
|
|
|
|
|
mod_filename = self.get_arg(match_filename)
|
|
|
|
|
if mod_name and mod_filename:
|
2020-03-23 19:49:52 -04:00
|
|
|
mods[mod_name] = mod_filename
|
|
|
|
|
mods[os.path.basename(mod_filename)[:-2] + "c"] = mod_filename
|
2017-10-02 19:18:37 -04:00
|
|
|
else:
|
Lint certbot code on Python 3, and update Pylint to the latest version (#7551)
Part of #7550
This PR makes appropriate corrections to run pylint on Python 3.
Why not keeping the dependencies unchanged and just run pylint on Python 3?
Because the old version of pylint breaks horribly on Python 3 because of unsupported version of astroid.
Why updating pylint + astroid to the latest version ?
Because this version only fixes some internal errors occuring during the lint of Certbot code, and is also ready to run gracefully on Python 3.8.
Why upgrading mypy ?
Because the old version does not support the new version of astroid required to run pylint correctly.
Why not upgrading mypy to its latest version ?
Because this latest version includes a new typshed version, that adds a lot of new type definitions, and brings dozens of new errors on the Certbot codebase. I would like to fix that in a future PR.
That said so, the work has been to find the correct set of new dependency versions, then configure pylint for sane configuration errors in our situation, disable irrelevant lintings errors, then fixing (or ignoring for good reason) the remaining mypy errors.
I also made PyLint and MyPy checks run correctly on Windows.
* Start configuration
* Reconfigure travis
* Suspend a check specific to python 3. Start fixing code.
* Repair call_args
* Fix return + elif lints
* Reconfigure development to run mainly on python3
* Remove incompatible Python 3.4 jobs
* Suspend pylint in some assertions
* Remove pylint in dev
* Take first mypy that supports typed-ast>=1.4.0 to limit the migration path
* Various return + else lint errors
* Find a set of deps that is working with current mypy version
* Update local oldest requirements
* Remove all current pylint errors
* Rebuild letsencrypt-auto
* Update mypy to fix pylint with new astroid version, and fix mypy issues
* Explain type: ignore
* Reconfigure tox, fix none path
* Simplify pinning
* Remove useless directive
* Remove debugging code
* Remove continue
* Update requirements
* Disable unsubscriptable-object check
* Disable one check, enabling two more
* Plug certbot dev version for oldest requirements
* Remove useless disable directives
* Remove useless no-member disable
* Remove no-else-* checks. Use elif in symetric branches.
* Add back assertion
* Add new line
* Remove unused pylint disable
* Remove other pylint disable
2019-12-10 17:12:50 -05:00
|
|
|
logger.debug("Could not read LoadModule directive from Augeas path: %s",
|
|
|
|
|
match_name[6:])
|
Distribution specific override functionality based on class inheritance (#5202)
Class inheritance based approach to distro specific overrides.
How it works:
The certbot-apache plugin entrypoint has been changed to entrypoint.ENTRYPOINT which is a variable containing appropriate override class for system, if available.
Override classes register themselves using decorator override.register() which takes a list of distribution fingerprints (ID & LIKE variables in /etc/os-release, or platform.linux_distribution() as a fallback). These end up as keys in dict override.OVERRIDE_CLASSES and values for the keys are references to the class that called the decorator, hence allowing self-registration of override classes when they are imported. The only file importing these override classes is entrypoint.py, so adding new override classes would need only one import in addition to the actual override class file.
Generic changes:
Parser initialization has been moved to separate class method, allowing easy override where needed.
Cleaned up configurator.py a bit, and moved some helper functions to newly created apache_util.py
Split Debian specific code from configurator.py to debian_override.py
Changed define_cmd to apache_cmd because the parameters are for every distribution supporting this behavior, and we're able to use the value to build the additional configuration dump commands.
Moved add_parser_mod() from configurator to parser add_mod()
Added two new configuration dump parsing methods to update_runtime_variables() in parser: update_includes() and update_modules().
Changed init_modules() in parser to accommodate the changes above. (ie. don't throw existing self.modules out).
Moved OS based constants to their respective override classes.
Refactored configurator class discovery in tests to help easier test case creation using distribution based override configurator class.
tests.util.get_apache_configurator() now takes keyword argument os_info which is string of the desired mock OS fingerprint response that's used for picking the right override class.
This PR includes two major generic additions that should vastly improve our parsing accuracy and quality:
Includes are parsed from config dump from httpd binary. This is mandatory for some distributions (Like OpenSUSE) to get visibility over the whole configuration tree because of Include statements passed on in command line, and not via root httpd.conf file.
Modules are parsed from config dump from httpd binary. This lets us jump into correct IfModule directives if for some reason we have missed the module availability (because of one being included on command line or such).
Distribution specific changes
Because of the generic changes, there are two distributions (or distribution families) that do not provide such functionality, so it had to be overridden in their respective override files. These distributions are:
CentOS, because it deliberately limits httpd binary stdout using SELinux as a feature. We are doing opportunistic config dumps here however, in case SELinux enforcing is off.
Gentoo, because it does not provide a way to invoke httpd with command line parsed from its specific configuration file. Gentoo relies heavily on Define statements that are passed over from APACHE2_OPTS variable /etc/conf.d/apache2 file and most of the configuration in root Apache configuration are dependent on these values.
Debian
Moved the Debian specific parts from configurator.py to Debian specific override.
CentOS
Parsing of /etc/sysconfig/httpd file for additional Define statements. This could hold other parameters too, but parsing everything off it would require a full Apache lexer. For CLI parameters, I think Defines are the most common ones. This is done in addition of opportunistic parsing of httpd binary config dump.
Added CentOS default Apache configuration tree for realistic test cases.
Gentoo
Parsing Defines from /etc/conf.d/apache2 variable APACHE2_OPTS, which holds additional Define statements to enable certain functionalities, enabling parts of the configuration in the Apache2 DOM. This is done instead of trying to parse httpd binary configuration dumps.
Added default Apache configuration from Gentoo to testdata, including /etc/conf.d/apache2 file for realistic test cases.
* Distribution specific override functionality based on class inheritance
* Need to patch get_systemd_os_like to as travis has proper os-release
* Added pydoc
* Move parser initialization to a method and fix Python 3 __new__ errors
* Parser changes to parse HTTPD config
* Try to get modules and includes from httpd process for better visibility over the configuration
* Had to disable duplicate-code because of test setup (PyCQA/pylint/issues/214)
* CentOS tests and linter fixes
* Gentoo override, tests and linter fixes
* Mock the process call in all the tests that require it
* Fix CentOS test mock
* Restore reseting modules list functionality for cleanup
* Move OS fingerprinting and constant mocks to parent class
* Fixes requested in review
* New entrypoint structure and started moving OS constants to override classes
* OS constants move continued, test and linter fixes
* Removed dead code
* Apache compatibility test changest to reflect OS constant restructure
* Test fix
* Requested changes
* Moved Debian specific tests to own test file
* Removed decorator based override class registration in favor of entrypoint dict
* Fix for update_includes for some versions of Augeas
* Take fedora fix into account in tests
* Review fixes
2017-12-04 14:49:18 -05:00
|
|
|
self.modules.update(mods)
|
2015-07-01 19:50:48 -04:00
|
|
|
|
2022-01-21 04:15:48 -05:00
|
|
|
def update_runtime_variables(self) -> None:
|
Distribution specific override functionality based on class inheritance (#5202)
Class inheritance based approach to distro specific overrides.
How it works:
The certbot-apache plugin entrypoint has been changed to entrypoint.ENTRYPOINT which is a variable containing appropriate override class for system, if available.
Override classes register themselves using decorator override.register() which takes a list of distribution fingerprints (ID & LIKE variables in /etc/os-release, or platform.linux_distribution() as a fallback). These end up as keys in dict override.OVERRIDE_CLASSES and values for the keys are references to the class that called the decorator, hence allowing self-registration of override classes when they are imported. The only file importing these override classes is entrypoint.py, so adding new override classes would need only one import in addition to the actual override class file.
Generic changes:
Parser initialization has been moved to separate class method, allowing easy override where needed.
Cleaned up configurator.py a bit, and moved some helper functions to newly created apache_util.py
Split Debian specific code from configurator.py to debian_override.py
Changed define_cmd to apache_cmd because the parameters are for every distribution supporting this behavior, and we're able to use the value to build the additional configuration dump commands.
Moved add_parser_mod() from configurator to parser add_mod()
Added two new configuration dump parsing methods to update_runtime_variables() in parser: update_includes() and update_modules().
Changed init_modules() in parser to accommodate the changes above. (ie. don't throw existing self.modules out).
Moved OS based constants to their respective override classes.
Refactored configurator class discovery in tests to help easier test case creation using distribution based override configurator class.
tests.util.get_apache_configurator() now takes keyword argument os_info which is string of the desired mock OS fingerprint response that's used for picking the right override class.
This PR includes two major generic additions that should vastly improve our parsing accuracy and quality:
Includes are parsed from config dump from httpd binary. This is mandatory for some distributions (Like OpenSUSE) to get visibility over the whole configuration tree because of Include statements passed on in command line, and not via root httpd.conf file.
Modules are parsed from config dump from httpd binary. This lets us jump into correct IfModule directives if for some reason we have missed the module availability (because of one being included on command line or such).
Distribution specific changes
Because of the generic changes, there are two distributions (or distribution families) that do not provide such functionality, so it had to be overridden in their respective override files. These distributions are:
CentOS, because it deliberately limits httpd binary stdout using SELinux as a feature. We are doing opportunistic config dumps here however, in case SELinux enforcing is off.
Gentoo, because it does not provide a way to invoke httpd with command line parsed from its specific configuration file. Gentoo relies heavily on Define statements that are passed over from APACHE2_OPTS variable /etc/conf.d/apache2 file and most of the configuration in root Apache configuration are dependent on these values.
Debian
Moved the Debian specific parts from configurator.py to Debian specific override.
CentOS
Parsing of /etc/sysconfig/httpd file for additional Define statements. This could hold other parameters too, but parsing everything off it would require a full Apache lexer. For CLI parameters, I think Defines are the most common ones. This is done in addition of opportunistic parsing of httpd binary config dump.
Added CentOS default Apache configuration tree for realistic test cases.
Gentoo
Parsing Defines from /etc/conf.d/apache2 variable APACHE2_OPTS, which holds additional Define statements to enable certain functionalities, enabling parts of the configuration in the Apache2 DOM. This is done instead of trying to parse httpd binary configuration dumps.
Added default Apache configuration from Gentoo to testdata, including /etc/conf.d/apache2 file for realistic test cases.
* Distribution specific override functionality based on class inheritance
* Need to patch get_systemd_os_like to as travis has proper os-release
* Added pydoc
* Move parser initialization to a method and fix Python 3 __new__ errors
* Parser changes to parse HTTPD config
* Try to get modules and includes from httpd process for better visibility over the configuration
* Had to disable duplicate-code because of test setup (PyCQA/pylint/issues/214)
* CentOS tests and linter fixes
* Gentoo override, tests and linter fixes
* Mock the process call in all the tests that require it
* Fix CentOS test mock
* Restore reseting modules list functionality for cleanup
* Move OS fingerprinting and constant mocks to parent class
* Fixes requested in review
* New entrypoint structure and started moving OS constants to override classes
* OS constants move continued, test and linter fixes
* Removed dead code
* Apache compatibility test changest to reflect OS constant restructure
* Test fix
* Requested changes
* Moved Debian specific tests to own test file
* Removed decorator based override class registration in favor of entrypoint dict
* Fix for update_includes for some versions of Augeas
* Take fedora fix into account in tests
* Review fixes
2017-12-04 14:49:18 -05:00
|
|
|
"""Update Includes, Defines and Includes from httpd config dump data"""
|
2019-12-02 18:00:53 -05:00
|
|
|
|
Distribution specific override functionality based on class inheritance (#5202)
Class inheritance based approach to distro specific overrides.
How it works:
The certbot-apache plugin entrypoint has been changed to entrypoint.ENTRYPOINT which is a variable containing appropriate override class for system, if available.
Override classes register themselves using decorator override.register() which takes a list of distribution fingerprints (ID & LIKE variables in /etc/os-release, or platform.linux_distribution() as a fallback). These end up as keys in dict override.OVERRIDE_CLASSES and values for the keys are references to the class that called the decorator, hence allowing self-registration of override classes when they are imported. The only file importing these override classes is entrypoint.py, so adding new override classes would need only one import in addition to the actual override class file.
Generic changes:
Parser initialization has been moved to separate class method, allowing easy override where needed.
Cleaned up configurator.py a bit, and moved some helper functions to newly created apache_util.py
Split Debian specific code from configurator.py to debian_override.py
Changed define_cmd to apache_cmd because the parameters are for every distribution supporting this behavior, and we're able to use the value to build the additional configuration dump commands.
Moved add_parser_mod() from configurator to parser add_mod()
Added two new configuration dump parsing methods to update_runtime_variables() in parser: update_includes() and update_modules().
Changed init_modules() in parser to accommodate the changes above. (ie. don't throw existing self.modules out).
Moved OS based constants to their respective override classes.
Refactored configurator class discovery in tests to help easier test case creation using distribution based override configurator class.
tests.util.get_apache_configurator() now takes keyword argument os_info which is string of the desired mock OS fingerprint response that's used for picking the right override class.
This PR includes two major generic additions that should vastly improve our parsing accuracy and quality:
Includes are parsed from config dump from httpd binary. This is mandatory for some distributions (Like OpenSUSE) to get visibility over the whole configuration tree because of Include statements passed on in command line, and not via root httpd.conf file.
Modules are parsed from config dump from httpd binary. This lets us jump into correct IfModule directives if for some reason we have missed the module availability (because of one being included on command line or such).
Distribution specific changes
Because of the generic changes, there are two distributions (or distribution families) that do not provide such functionality, so it had to be overridden in their respective override files. These distributions are:
CentOS, because it deliberately limits httpd binary stdout using SELinux as a feature. We are doing opportunistic config dumps here however, in case SELinux enforcing is off.
Gentoo, because it does not provide a way to invoke httpd with command line parsed from its specific configuration file. Gentoo relies heavily on Define statements that are passed over from APACHE2_OPTS variable /etc/conf.d/apache2 file and most of the configuration in root Apache configuration are dependent on these values.
Debian
Moved the Debian specific parts from configurator.py to Debian specific override.
CentOS
Parsing of /etc/sysconfig/httpd file for additional Define statements. This could hold other parameters too, but parsing everything off it would require a full Apache lexer. For CLI parameters, I think Defines are the most common ones. This is done in addition of opportunistic parsing of httpd binary config dump.
Added CentOS default Apache configuration tree for realistic test cases.
Gentoo
Parsing Defines from /etc/conf.d/apache2 variable APACHE2_OPTS, which holds additional Define statements to enable certain functionalities, enabling parts of the configuration in the Apache2 DOM. This is done instead of trying to parse httpd binary configuration dumps.
Added default Apache configuration from Gentoo to testdata, including /etc/conf.d/apache2 file for realistic test cases.
* Distribution specific override functionality based on class inheritance
* Need to patch get_systemd_os_like to as travis has proper os-release
* Added pydoc
* Move parser initialization to a method and fix Python 3 __new__ errors
* Parser changes to parse HTTPD config
* Try to get modules and includes from httpd process for better visibility over the configuration
* Had to disable duplicate-code because of test setup (PyCQA/pylint/issues/214)
* CentOS tests and linter fixes
* Gentoo override, tests and linter fixes
* Mock the process call in all the tests that require it
* Fix CentOS test mock
* Restore reseting modules list functionality for cleanup
* Move OS fingerprinting and constant mocks to parent class
* Fixes requested in review
* New entrypoint structure and started moving OS constants to override classes
* OS constants move continued, test and linter fixes
* Removed dead code
* Apache compatibility test changest to reflect OS constant restructure
* Test fix
* Requested changes
* Moved Debian specific tests to own test file
* Removed decorator based override class registration in favor of entrypoint dict
* Fix for update_includes for some versions of Augeas
* Take fedora fix into account in tests
* Review fixes
2017-12-04 14:49:18 -05:00
|
|
|
self.update_defines()
|
|
|
|
|
self.update_includes()
|
|
|
|
|
self.update_modules()
|
2015-07-08 20:17:54 -04:00
|
|
|
|
2022-01-21 04:15:48 -05:00
|
|
|
def update_defines(self) -> None:
|
2019-12-02 18:00:53 -05:00
|
|
|
"""Updates the dictionary of known variables in the configuration"""
|
2022-10-26 18:07:02 -04:00
|
|
|
self.variables = apache_util.parse_defines(self.configurator.options.get_defines_cmd)
|
2015-07-08 20:17:54 -04:00
|
|
|
|
2022-01-21 04:15:48 -05:00
|
|
|
def update_includes(self) -> None:
|
Distribution specific override functionality based on class inheritance (#5202)
Class inheritance based approach to distro specific overrides.
How it works:
The certbot-apache plugin entrypoint has been changed to entrypoint.ENTRYPOINT which is a variable containing appropriate override class for system, if available.
Override classes register themselves using decorator override.register() which takes a list of distribution fingerprints (ID & LIKE variables in /etc/os-release, or platform.linux_distribution() as a fallback). These end up as keys in dict override.OVERRIDE_CLASSES and values for the keys are references to the class that called the decorator, hence allowing self-registration of override classes when they are imported. The only file importing these override classes is entrypoint.py, so adding new override classes would need only one import in addition to the actual override class file.
Generic changes:
Parser initialization has been moved to separate class method, allowing easy override where needed.
Cleaned up configurator.py a bit, and moved some helper functions to newly created apache_util.py
Split Debian specific code from configurator.py to debian_override.py
Changed define_cmd to apache_cmd because the parameters are for every distribution supporting this behavior, and we're able to use the value to build the additional configuration dump commands.
Moved add_parser_mod() from configurator to parser add_mod()
Added two new configuration dump parsing methods to update_runtime_variables() in parser: update_includes() and update_modules().
Changed init_modules() in parser to accommodate the changes above. (ie. don't throw existing self.modules out).
Moved OS based constants to their respective override classes.
Refactored configurator class discovery in tests to help easier test case creation using distribution based override configurator class.
tests.util.get_apache_configurator() now takes keyword argument os_info which is string of the desired mock OS fingerprint response that's used for picking the right override class.
This PR includes two major generic additions that should vastly improve our parsing accuracy and quality:
Includes are parsed from config dump from httpd binary. This is mandatory for some distributions (Like OpenSUSE) to get visibility over the whole configuration tree because of Include statements passed on in command line, and not via root httpd.conf file.
Modules are parsed from config dump from httpd binary. This lets us jump into correct IfModule directives if for some reason we have missed the module availability (because of one being included on command line or such).
Distribution specific changes
Because of the generic changes, there are two distributions (or distribution families) that do not provide such functionality, so it had to be overridden in their respective override files. These distributions are:
CentOS, because it deliberately limits httpd binary stdout using SELinux as a feature. We are doing opportunistic config dumps here however, in case SELinux enforcing is off.
Gentoo, because it does not provide a way to invoke httpd with command line parsed from its specific configuration file. Gentoo relies heavily on Define statements that are passed over from APACHE2_OPTS variable /etc/conf.d/apache2 file and most of the configuration in root Apache configuration are dependent on these values.
Debian
Moved the Debian specific parts from configurator.py to Debian specific override.
CentOS
Parsing of /etc/sysconfig/httpd file for additional Define statements. This could hold other parameters too, but parsing everything off it would require a full Apache lexer. For CLI parameters, I think Defines are the most common ones. This is done in addition of opportunistic parsing of httpd binary config dump.
Added CentOS default Apache configuration tree for realistic test cases.
Gentoo
Parsing Defines from /etc/conf.d/apache2 variable APACHE2_OPTS, which holds additional Define statements to enable certain functionalities, enabling parts of the configuration in the Apache2 DOM. This is done instead of trying to parse httpd binary configuration dumps.
Added default Apache configuration from Gentoo to testdata, including /etc/conf.d/apache2 file for realistic test cases.
* Distribution specific override functionality based on class inheritance
* Need to patch get_systemd_os_like to as travis has proper os-release
* Added pydoc
* Move parser initialization to a method and fix Python 3 __new__ errors
* Parser changes to parse HTTPD config
* Try to get modules and includes from httpd process for better visibility over the configuration
* Had to disable duplicate-code because of test setup (PyCQA/pylint/issues/214)
* CentOS tests and linter fixes
* Gentoo override, tests and linter fixes
* Mock the process call in all the tests that require it
* Fix CentOS test mock
* Restore reseting modules list functionality for cleanup
* Move OS fingerprinting and constant mocks to parent class
* Fixes requested in review
* New entrypoint structure and started moving OS constants to override classes
* OS constants move continued, test and linter fixes
* Removed dead code
* Apache compatibility test changest to reflect OS constant restructure
* Test fix
* Requested changes
* Moved Debian specific tests to own test file
* Removed decorator based override class registration in favor of entrypoint dict
* Fix for update_includes for some versions of Augeas
* Take fedora fix into account in tests
* Review fixes
2017-12-04 14:49:18 -05:00
|
|
|
"""Get includes from httpd process, and add them to DOM if needed"""
|
|
|
|
|
|
|
|
|
|
# Find_dir iterates over configuration for Include and IncludeOptional
|
|
|
|
|
# directives to make sure we see the full include tree present in the
|
|
|
|
|
# configuration files
|
|
|
|
|
_ = self.find_dir("Include")
|
|
|
|
|
|
2022-10-26 18:07:02 -04:00
|
|
|
matches = apache_util.parse_includes(self.configurator.options.get_includes_cmd)
|
Distribution specific override functionality based on class inheritance (#5202)
Class inheritance based approach to distro specific overrides.
How it works:
The certbot-apache plugin entrypoint has been changed to entrypoint.ENTRYPOINT which is a variable containing appropriate override class for system, if available.
Override classes register themselves using decorator override.register() which takes a list of distribution fingerprints (ID & LIKE variables in /etc/os-release, or platform.linux_distribution() as a fallback). These end up as keys in dict override.OVERRIDE_CLASSES and values for the keys are references to the class that called the decorator, hence allowing self-registration of override classes when they are imported. The only file importing these override classes is entrypoint.py, so adding new override classes would need only one import in addition to the actual override class file.
Generic changes:
Parser initialization has been moved to separate class method, allowing easy override where needed.
Cleaned up configurator.py a bit, and moved some helper functions to newly created apache_util.py
Split Debian specific code from configurator.py to debian_override.py
Changed define_cmd to apache_cmd because the parameters are for every distribution supporting this behavior, and we're able to use the value to build the additional configuration dump commands.
Moved add_parser_mod() from configurator to parser add_mod()
Added two new configuration dump parsing methods to update_runtime_variables() in parser: update_includes() and update_modules().
Changed init_modules() in parser to accommodate the changes above. (ie. don't throw existing self.modules out).
Moved OS based constants to their respective override classes.
Refactored configurator class discovery in tests to help easier test case creation using distribution based override configurator class.
tests.util.get_apache_configurator() now takes keyword argument os_info which is string of the desired mock OS fingerprint response that's used for picking the right override class.
This PR includes two major generic additions that should vastly improve our parsing accuracy and quality:
Includes are parsed from config dump from httpd binary. This is mandatory for some distributions (Like OpenSUSE) to get visibility over the whole configuration tree because of Include statements passed on in command line, and not via root httpd.conf file.
Modules are parsed from config dump from httpd binary. This lets us jump into correct IfModule directives if for some reason we have missed the module availability (because of one being included on command line or such).
Distribution specific changes
Because of the generic changes, there are two distributions (or distribution families) that do not provide such functionality, so it had to be overridden in their respective override files. These distributions are:
CentOS, because it deliberately limits httpd binary stdout using SELinux as a feature. We are doing opportunistic config dumps here however, in case SELinux enforcing is off.
Gentoo, because it does not provide a way to invoke httpd with command line parsed from its specific configuration file. Gentoo relies heavily on Define statements that are passed over from APACHE2_OPTS variable /etc/conf.d/apache2 file and most of the configuration in root Apache configuration are dependent on these values.
Debian
Moved the Debian specific parts from configurator.py to Debian specific override.
CentOS
Parsing of /etc/sysconfig/httpd file for additional Define statements. This could hold other parameters too, but parsing everything off it would require a full Apache lexer. For CLI parameters, I think Defines are the most common ones. This is done in addition of opportunistic parsing of httpd binary config dump.
Added CentOS default Apache configuration tree for realistic test cases.
Gentoo
Parsing Defines from /etc/conf.d/apache2 variable APACHE2_OPTS, which holds additional Define statements to enable certain functionalities, enabling parts of the configuration in the Apache2 DOM. This is done instead of trying to parse httpd binary configuration dumps.
Added default Apache configuration from Gentoo to testdata, including /etc/conf.d/apache2 file for realistic test cases.
* Distribution specific override functionality based on class inheritance
* Need to patch get_systemd_os_like to as travis has proper os-release
* Added pydoc
* Move parser initialization to a method and fix Python 3 __new__ errors
* Parser changes to parse HTTPD config
* Try to get modules and includes from httpd process for better visibility over the configuration
* Had to disable duplicate-code because of test setup (PyCQA/pylint/issues/214)
* CentOS tests and linter fixes
* Gentoo override, tests and linter fixes
* Mock the process call in all the tests that require it
* Fix CentOS test mock
* Restore reseting modules list functionality for cleanup
* Move OS fingerprinting and constant mocks to parent class
* Fixes requested in review
* New entrypoint structure and started moving OS constants to override classes
* OS constants move continued, test and linter fixes
* Removed dead code
* Apache compatibility test changest to reflect OS constant restructure
* Test fix
* Requested changes
* Moved Debian specific tests to own test file
* Removed decorator based override class registration in favor of entrypoint dict
* Fix for update_includes for some versions of Augeas
* Take fedora fix into account in tests
* Review fixes
2017-12-04 14:49:18 -05:00
|
|
|
if matches:
|
|
|
|
|
for i in matches:
|
|
|
|
|
if not self.parsed_in_current(i):
|
|
|
|
|
self.parse_file(i)
|
|
|
|
|
|
2022-01-21 04:15:48 -05:00
|
|
|
def update_modules(self) -> None:
|
Distribution specific override functionality based on class inheritance (#5202)
Class inheritance based approach to distro specific overrides.
How it works:
The certbot-apache plugin entrypoint has been changed to entrypoint.ENTRYPOINT which is a variable containing appropriate override class for system, if available.
Override classes register themselves using decorator override.register() which takes a list of distribution fingerprints (ID & LIKE variables in /etc/os-release, or platform.linux_distribution() as a fallback). These end up as keys in dict override.OVERRIDE_CLASSES and values for the keys are references to the class that called the decorator, hence allowing self-registration of override classes when they are imported. The only file importing these override classes is entrypoint.py, so adding new override classes would need only one import in addition to the actual override class file.
Generic changes:
Parser initialization has been moved to separate class method, allowing easy override where needed.
Cleaned up configurator.py a bit, and moved some helper functions to newly created apache_util.py
Split Debian specific code from configurator.py to debian_override.py
Changed define_cmd to apache_cmd because the parameters are for every distribution supporting this behavior, and we're able to use the value to build the additional configuration dump commands.
Moved add_parser_mod() from configurator to parser add_mod()
Added two new configuration dump parsing methods to update_runtime_variables() in parser: update_includes() and update_modules().
Changed init_modules() in parser to accommodate the changes above. (ie. don't throw existing self.modules out).
Moved OS based constants to their respective override classes.
Refactored configurator class discovery in tests to help easier test case creation using distribution based override configurator class.
tests.util.get_apache_configurator() now takes keyword argument os_info which is string of the desired mock OS fingerprint response that's used for picking the right override class.
This PR includes two major generic additions that should vastly improve our parsing accuracy and quality:
Includes are parsed from config dump from httpd binary. This is mandatory for some distributions (Like OpenSUSE) to get visibility over the whole configuration tree because of Include statements passed on in command line, and not via root httpd.conf file.
Modules are parsed from config dump from httpd binary. This lets us jump into correct IfModule directives if for some reason we have missed the module availability (because of one being included on command line or such).
Distribution specific changes
Because of the generic changes, there are two distributions (or distribution families) that do not provide such functionality, so it had to be overridden in their respective override files. These distributions are:
CentOS, because it deliberately limits httpd binary stdout using SELinux as a feature. We are doing opportunistic config dumps here however, in case SELinux enforcing is off.
Gentoo, because it does not provide a way to invoke httpd with command line parsed from its specific configuration file. Gentoo relies heavily on Define statements that are passed over from APACHE2_OPTS variable /etc/conf.d/apache2 file and most of the configuration in root Apache configuration are dependent on these values.
Debian
Moved the Debian specific parts from configurator.py to Debian specific override.
CentOS
Parsing of /etc/sysconfig/httpd file for additional Define statements. This could hold other parameters too, but parsing everything off it would require a full Apache lexer. For CLI parameters, I think Defines are the most common ones. This is done in addition of opportunistic parsing of httpd binary config dump.
Added CentOS default Apache configuration tree for realistic test cases.
Gentoo
Parsing Defines from /etc/conf.d/apache2 variable APACHE2_OPTS, which holds additional Define statements to enable certain functionalities, enabling parts of the configuration in the Apache2 DOM. This is done instead of trying to parse httpd binary configuration dumps.
Added default Apache configuration from Gentoo to testdata, including /etc/conf.d/apache2 file for realistic test cases.
* Distribution specific override functionality based on class inheritance
* Need to patch get_systemd_os_like to as travis has proper os-release
* Added pydoc
* Move parser initialization to a method and fix Python 3 __new__ errors
* Parser changes to parse HTTPD config
* Try to get modules and includes from httpd process for better visibility over the configuration
* Had to disable duplicate-code because of test setup (PyCQA/pylint/issues/214)
* CentOS tests and linter fixes
* Gentoo override, tests and linter fixes
* Mock the process call in all the tests that require it
* Fix CentOS test mock
* Restore reseting modules list functionality for cleanup
* Move OS fingerprinting and constant mocks to parent class
* Fixes requested in review
* New entrypoint structure and started moving OS constants to override classes
* OS constants move continued, test and linter fixes
* Removed dead code
* Apache compatibility test changest to reflect OS constant restructure
* Test fix
* Requested changes
* Moved Debian specific tests to own test file
* Removed decorator based override class registration in favor of entrypoint dict
* Fix for update_includes for some versions of Augeas
* Take fedora fix into account in tests
* Review fixes
2017-12-04 14:49:18 -05:00
|
|
|
"""Get loaded modules from httpd process, and add them to DOM"""
|
|
|
|
|
|
2022-10-26 18:07:02 -04:00
|
|
|
matches = apache_util.parse_modules(self.configurator.options.get_modules_cmd)
|
Distribution specific override functionality based on class inheritance (#5202)
Class inheritance based approach to distro specific overrides.
How it works:
The certbot-apache plugin entrypoint has been changed to entrypoint.ENTRYPOINT which is a variable containing appropriate override class for system, if available.
Override classes register themselves using decorator override.register() which takes a list of distribution fingerprints (ID & LIKE variables in /etc/os-release, or platform.linux_distribution() as a fallback). These end up as keys in dict override.OVERRIDE_CLASSES and values for the keys are references to the class that called the decorator, hence allowing self-registration of override classes when they are imported. The only file importing these override classes is entrypoint.py, so adding new override classes would need only one import in addition to the actual override class file.
Generic changes:
Parser initialization has been moved to separate class method, allowing easy override where needed.
Cleaned up configurator.py a bit, and moved some helper functions to newly created apache_util.py
Split Debian specific code from configurator.py to debian_override.py
Changed define_cmd to apache_cmd because the parameters are for every distribution supporting this behavior, and we're able to use the value to build the additional configuration dump commands.
Moved add_parser_mod() from configurator to parser add_mod()
Added two new configuration dump parsing methods to update_runtime_variables() in parser: update_includes() and update_modules().
Changed init_modules() in parser to accommodate the changes above. (ie. don't throw existing self.modules out).
Moved OS based constants to their respective override classes.
Refactored configurator class discovery in tests to help easier test case creation using distribution based override configurator class.
tests.util.get_apache_configurator() now takes keyword argument os_info which is string of the desired mock OS fingerprint response that's used for picking the right override class.
This PR includes two major generic additions that should vastly improve our parsing accuracy and quality:
Includes are parsed from config dump from httpd binary. This is mandatory for some distributions (Like OpenSUSE) to get visibility over the whole configuration tree because of Include statements passed on in command line, and not via root httpd.conf file.
Modules are parsed from config dump from httpd binary. This lets us jump into correct IfModule directives if for some reason we have missed the module availability (because of one being included on command line or such).
Distribution specific changes
Because of the generic changes, there are two distributions (or distribution families) that do not provide such functionality, so it had to be overridden in their respective override files. These distributions are:
CentOS, because it deliberately limits httpd binary stdout using SELinux as a feature. We are doing opportunistic config dumps here however, in case SELinux enforcing is off.
Gentoo, because it does not provide a way to invoke httpd with command line parsed from its specific configuration file. Gentoo relies heavily on Define statements that are passed over from APACHE2_OPTS variable /etc/conf.d/apache2 file and most of the configuration in root Apache configuration are dependent on these values.
Debian
Moved the Debian specific parts from configurator.py to Debian specific override.
CentOS
Parsing of /etc/sysconfig/httpd file for additional Define statements. This could hold other parameters too, but parsing everything off it would require a full Apache lexer. For CLI parameters, I think Defines are the most common ones. This is done in addition of opportunistic parsing of httpd binary config dump.
Added CentOS default Apache configuration tree for realistic test cases.
Gentoo
Parsing Defines from /etc/conf.d/apache2 variable APACHE2_OPTS, which holds additional Define statements to enable certain functionalities, enabling parts of the configuration in the Apache2 DOM. This is done instead of trying to parse httpd binary configuration dumps.
Added default Apache configuration from Gentoo to testdata, including /etc/conf.d/apache2 file for realistic test cases.
* Distribution specific override functionality based on class inheritance
* Need to patch get_systemd_os_like to as travis has proper os-release
* Added pydoc
* Move parser initialization to a method and fix Python 3 __new__ errors
* Parser changes to parse HTTPD config
* Try to get modules and includes from httpd process for better visibility over the configuration
* Had to disable duplicate-code because of test setup (PyCQA/pylint/issues/214)
* CentOS tests and linter fixes
* Gentoo override, tests and linter fixes
* Mock the process call in all the tests that require it
* Fix CentOS test mock
* Restore reseting modules list functionality for cleanup
* Move OS fingerprinting and constant mocks to parent class
* Fixes requested in review
* New entrypoint structure and started moving OS constants to override classes
* OS constants move continued, test and linter fixes
* Removed dead code
* Apache compatibility test changest to reflect OS constant restructure
* Test fix
* Requested changes
* Moved Debian specific tests to own test file
* Removed decorator based override class registration in favor of entrypoint dict
* Fix for update_includes for some versions of Augeas
* Take fedora fix into account in tests
* Review fixes
2017-12-04 14:49:18 -05:00
|
|
|
for mod in matches:
|
|
|
|
|
self.add_mod(mod.strip())
|
|
|
|
|
|
2022-01-21 04:15:48 -05:00
|
|
|
def filter_args_num(self, matches: str, args: int) -> List[str]:
|
2015-07-08 20:17:54 -04:00
|
|
|
"""Filter out directives with specific number of arguments.
|
|
|
|
|
|
|
|
|
|
This function makes the assumption that all related arguments are given
|
|
|
|
|
in order. Thus /files/apache/directive[5]/arg[2] must come immediately
|
|
|
|
|
after /files/apache/directive[5]/arg[1]. Runs in 1 linear pass.
|
|
|
|
|
|
2022-01-21 04:15:48 -05:00
|
|
|
:param str matches: Matches of all directives with arg nodes
|
2015-07-08 20:17:54 -04:00
|
|
|
:param int args: Number of args you would like to filter
|
|
|
|
|
|
|
|
|
|
:returns: List of directives that contain # of arguments.
|
|
|
|
|
(arg is stripped off)
|
|
|
|
|
|
|
|
|
|
"""
|
2022-01-21 04:15:48 -05:00
|
|
|
filtered: List[str] = []
|
2015-07-08 20:17:54 -04:00
|
|
|
if args == 1:
|
2018-05-14 12:33:30 -04:00
|
|
|
for i, match in enumerate(matches):
|
|
|
|
|
if match.endswith("/arg"):
|
2015-07-08 20:17:54 -04:00
|
|
|
filtered.append(matches[i][:-4])
|
|
|
|
|
else:
|
2018-05-14 12:33:30 -04:00
|
|
|
for i, match in enumerate(matches):
|
|
|
|
|
if match.endswith("/arg[%d]" % args):
|
2015-07-08 20:17:54 -04:00
|
|
|
# Make sure we don't cause an IndexError (end of list)
|
|
|
|
|
# Check to make sure arg + 1 doesn't exist
|
|
|
|
|
if (i == (len(matches) - 1) or
|
2016-01-14 06:25:15 -05:00
|
|
|
not matches[i + 1].endswith("/arg[%d]" %
|
|
|
|
|
(args + 1))):
|
2015-07-08 20:17:54 -04:00
|
|
|
filtered.append(matches[i][:-len("/arg[%d]" % args)])
|
|
|
|
|
|
|
|
|
|
return filtered
|
2015-07-07 16:18:22 -04:00
|
|
|
|
2022-01-21 04:15:48 -05:00
|
|
|
def add_dir_to_ifmodssl(self, aug_conf_path: str, directive: str, args: List[str]) -> None:
|
2014-12-17 00:00:14 -05:00
|
|
|
"""Adds directive and value to IfMod ssl block.
|
|
|
|
|
|
|
|
|
|
Adds given directive and value along configuration path within
|
|
|
|
|
an IfMod mod_ssl.c block. If the IfMod block does not exist in
|
|
|
|
|
the file, it is created.
|
|
|
|
|
|
|
|
|
|
:param str aug_conf_path: Desired Augeas config path to add directive
|
2015-07-17 17:09:46 -04:00
|
|
|
:param str directive: Directive you would like to add, e.g. Listen
|
2022-01-31 03:17:40 -05:00
|
|
|
:param args: Values of the directive; list of str (eg. ["443"])
|
2015-07-17 17:09:46 -04:00
|
|
|
:type args: list
|
2014-12-17 00:00:14 -05:00
|
|
|
|
|
|
|
|
"""
|
|
|
|
|
# TODO: Add error checking code... does the path given even exist?
|
|
|
|
|
# Does it throw exceptions?
|
2019-04-02 12:26:58 -04:00
|
|
|
if_mod_path = self.get_ifmod(aug_conf_path, "mod_ssl.c")
|
2014-12-17 00:00:14 -05:00
|
|
|
# IfModule can have only one valid argument, so append after
|
|
|
|
|
self.aug.insert(if_mod_path + "arg", "directive", False)
|
|
|
|
|
nvh_path = if_mod_path + "directive[1]"
|
|
|
|
|
self.aug.set(nvh_path, directive)
|
2015-07-17 17:09:46 -04:00
|
|
|
if len(args) == 1:
|
|
|
|
|
self.aug.set(nvh_path + "/arg", args[0])
|
|
|
|
|
else:
|
|
|
|
|
for i, arg in enumerate(args):
|
2015-09-06 05:20:41 -04:00
|
|
|
self.aug.set("%s/arg[%d]" % (nvh_path, i + 1), arg)
|
2014-12-17 00:00:14 -05:00
|
|
|
|
2022-08-29 13:05:48 -04:00
|
|
|
def get_ifmod(self, aug_conf_path: str, mod: str) -> str:
|
2014-12-17 00:00:14 -05:00
|
|
|
"""Returns the path to <IfMod mod> and creates one if it doesn't exist.
|
|
|
|
|
|
|
|
|
|
:param str aug_conf_path: Augeas configuration path
|
|
|
|
|
:param str mod: module ie. mod_ssl.c
|
2019-04-02 12:26:58 -04:00
|
|
|
:param bool beginning: If the IfModule should be created to the beginning
|
|
|
|
|
of augeas path DOM tree.
|
|
|
|
|
|
|
|
|
|
:returns: Augeas path of the requested IfModule directive that pre-existed
|
|
|
|
|
or was created during the process. The path may be dynamic,
|
|
|
|
|
i.e. .../IfModule[last()]
|
|
|
|
|
:rtype: str
|
2014-12-17 00:00:14 -05:00
|
|
|
|
|
|
|
|
"""
|
|
|
|
|
if_mods = self.aug.match(("%s/IfModule/*[self::arg='%s']" %
|
|
|
|
|
(aug_conf_path, mod)))
|
2018-05-14 12:33:30 -04:00
|
|
|
if not if_mods:
|
2022-08-29 13:05:48 -04:00
|
|
|
return self.create_ifmod(aug_conf_path, mod)
|
2019-04-02 12:26:58 -04:00
|
|
|
|
2014-12-17 00:00:14 -05:00
|
|
|
# Strip off "arg" at end of first ifmod path
|
2019-04-02 12:26:58 -04:00
|
|
|
return if_mods[0].rpartition("arg")[0]
|
|
|
|
|
|
2022-08-29 13:05:48 -04:00
|
|
|
def create_ifmod(self, aug_conf_path: str, mod: str) -> str:
|
2019-04-02 12:26:58 -04:00
|
|
|
"""Creates a new <IfMod mod> and returns its path.
|
|
|
|
|
|
|
|
|
|
:param str aug_conf_path: Augeas configuration path
|
|
|
|
|
:param str mod: module ie. mod_ssl.c
|
|
|
|
|
|
|
|
|
|
:returns: Augeas path of the newly created IfModule directive.
|
|
|
|
|
The path may be dynamic, i.e. .../IfModule[last()]
|
|
|
|
|
:rtype: str
|
|
|
|
|
|
|
|
|
|
"""
|
2022-08-29 13:05:48 -04:00
|
|
|
c_path = "{}/IfModule[last() + 1]".format(aug_conf_path)
|
|
|
|
|
c_path_arg = "{}/IfModule[last()]/arg".format(aug_conf_path)
|
|
|
|
|
self.aug.set(c_path, "")
|
|
|
|
|
retpath = "{}/IfModule[last()]/".format(aug_conf_path)
|
2019-04-02 12:26:58 -04:00
|
|
|
self.aug.set(c_path_arg, mod)
|
|
|
|
|
return retpath
|
2014-12-17 00:00:14 -05:00
|
|
|
|
2022-01-21 04:15:48 -05:00
|
|
|
def add_dir(
|
2022-01-31 03:17:40 -05:00
|
|
|
self, aug_conf_path: Optional[str], directive: Optional[str], args: Union[List[str], str]
|
2022-01-21 04:15:48 -05:00
|
|
|
) -> None:
|
2014-12-17 00:00:14 -05:00
|
|
|
"""Appends directive to the end fo the file given by aug_conf_path.
|
|
|
|
|
|
|
|
|
|
.. note:: Not added to AugeasConfigurator because it may depend
|
|
|
|
|
on the lens
|
|
|
|
|
|
|
|
|
|
:param str aug_conf_path: Augeas configuration path to add directive
|
|
|
|
|
:param str directive: Directive to add
|
2015-07-17 17:09:46 -04:00
|
|
|
:param args: Value of the directive. ie. Listen 443, 443 is arg
|
|
|
|
|
:type args: list or str
|
2014-12-17 00:00:14 -05:00
|
|
|
|
|
|
|
|
"""
|
2022-01-31 03:17:40 -05:00
|
|
|
aug_conf_path = aug_conf_path if aug_conf_path else ""
|
2014-12-17 00:00:14 -05:00
|
|
|
self.aug.set(aug_conf_path + "/directive[last() + 1]", directive)
|
2015-07-17 17:09:46 -04:00
|
|
|
if isinstance(args, list):
|
|
|
|
|
for i, value in enumerate(args, 1):
|
2015-02-02 15:32:42 -05:00
|
|
|
self.aug.set(
|
2015-02-02 16:47:15 -05:00
|
|
|
"%s/directive[last()]/arg[%d]" % (aug_conf_path, i), value)
|
2014-12-17 00:00:14 -05:00
|
|
|
else:
|
2015-07-17 17:09:46 -04:00
|
|
|
self.aug.set(aug_conf_path + "/directive[last()]/arg", args)
|
2014-12-17 00:00:14 -05:00
|
|
|
|
2022-01-31 03:17:40 -05:00
|
|
|
def add_dir_beginning(self, aug_conf_path: Optional[str], dirname: str,
|
2022-01-21 04:15:48 -05:00
|
|
|
args: Union[List[str], str]) -> None:
|
2018-01-16 13:33:25 -05:00
|
|
|
"""Adds the directive to the beginning of defined aug_conf_path.
|
|
|
|
|
|
|
|
|
|
:param str aug_conf_path: Augeas configuration path to add directive
|
|
|
|
|
:param str dirname: Directive to add
|
|
|
|
|
:param args: Value of the directive. ie. Listen 443, 443 is arg
|
|
|
|
|
:type args: list or str
|
|
|
|
|
"""
|
2022-01-31 03:17:40 -05:00
|
|
|
aug_conf_path = aug_conf_path if aug_conf_path else ""
|
2018-01-16 13:33:25 -05:00
|
|
|
first_dir = aug_conf_path + "/directive[1]"
|
2021-07-15 14:12:14 -04:00
|
|
|
if self.aug.get(first_dir):
|
|
|
|
|
self.aug.insert(first_dir, "directive", True)
|
|
|
|
|
else:
|
|
|
|
|
self.aug.set(first_dir, "directive")
|
|
|
|
|
|
2018-01-16 13:33:25 -05:00
|
|
|
self.aug.set(first_dir, dirname)
|
|
|
|
|
if isinstance(args, list):
|
|
|
|
|
for i, value in enumerate(args, 1):
|
|
|
|
|
self.aug.set(first_dir + "/arg[%d]" % (i), value)
|
|
|
|
|
else:
|
|
|
|
|
self.aug.set(first_dir + "/arg", args)
|
|
|
|
|
|
2022-01-21 04:15:48 -05:00
|
|
|
def add_comment(self, aug_conf_path: str, comment: str) -> None:
|
2018-06-21 10:27:19 -04:00
|
|
|
"""Adds the comment to the augeas path
|
|
|
|
|
|
|
|
|
|
:param str aug_conf_path: Augeas configuration path to add directive
|
|
|
|
|
:param str comment: Comment content
|
|
|
|
|
|
|
|
|
|
"""
|
|
|
|
|
self.aug.set(aug_conf_path + "/#comment[last() + 1]", comment)
|
|
|
|
|
|
2022-01-21 04:15:48 -05:00
|
|
|
def find_comments(self, arg: str, start: Optional[str] = None) -> List[str]:
|
2018-06-21 10:27:19 -04:00
|
|
|
"""Finds a comment with specified content from the provided DOM path
|
|
|
|
|
|
|
|
|
|
:param str arg: Comment content to search
|
|
|
|
|
:param str start: Beginning Augeas path to begin looking
|
|
|
|
|
|
|
|
|
|
:returns: List of augeas paths containing the comment content
|
|
|
|
|
:rtype: list
|
|
|
|
|
|
|
|
|
|
"""
|
|
|
|
|
if not start:
|
|
|
|
|
start = get_aug_path(self.root)
|
|
|
|
|
|
|
|
|
|
comments = self.aug.match("%s//*[label() = '#comment']" % start)
|
|
|
|
|
|
|
|
|
|
results = []
|
|
|
|
|
for comment in comments:
|
|
|
|
|
c_content = self.aug.get(comment)
|
|
|
|
|
if c_content and arg in c_content:
|
|
|
|
|
results.append(comment)
|
|
|
|
|
return results
|
|
|
|
|
|
2022-01-21 04:15:48 -05:00
|
|
|
def find_dir(self, directive: str, arg: Optional[str] = None,
|
|
|
|
|
start: Optional[str] = None, exclude: bool = True) -> List[str]:
|
2014-12-17 00:00:14 -05:00
|
|
|
"""Finds directive in the configuration.
|
|
|
|
|
|
|
|
|
|
Recursively searches through config files to find directives
|
|
|
|
|
Directives should be in the form of a case insensitive regex currently
|
|
|
|
|
|
|
|
|
|
.. todo:: arg should probably be a list
|
2015-09-22 12:06:53 -04:00
|
|
|
.. todo:: arg search currently only supports direct matching. It does
|
|
|
|
|
not handle the case of variables or quoted arguments. This should
|
|
|
|
|
be adapted to use a generic search for the directive and then do a
|
|
|
|
|
case-insensitive self.get_arg filter
|
2014-12-17 00:00:14 -05:00
|
|
|
|
|
|
|
|
Note: Augeas is inherently case sensitive while Apache is case
|
|
|
|
|
insensitive. Augeas 1.0 allows case insensitive regexes like
|
2015-02-11 12:45:13 -05:00
|
|
|
regexp(/Listen/, "i"), however the version currently supported
|
2014-12-17 00:00:14 -05:00
|
|
|
by Ubuntu 0.10 does not. Thus I have included my own case insensitive
|
|
|
|
|
transformation by calling case_i() on everything to maintain
|
|
|
|
|
compatibility.
|
|
|
|
|
|
|
|
|
|
:param str directive: Directive to look for
|
2014-12-24 10:45:57 -05:00
|
|
|
:param arg: Specific value directive must have, None if all should
|
2014-12-17 00:00:14 -05:00
|
|
|
be considered
|
|
|
|
|
:type arg: str or None
|
|
|
|
|
|
|
|
|
|
:param str start: Beginning Augeas path to begin looking
|
2015-07-19 05:22:10 -04:00
|
|
|
:param bool exclude: Whether or not to exclude directives based on
|
|
|
|
|
variables and enabled modules
|
2014-12-17 00:00:14 -05:00
|
|
|
|
2022-01-21 04:15:48 -05:00
|
|
|
:rtype list
|
|
|
|
|
|
2014-12-17 00:00:14 -05:00
|
|
|
"""
|
|
|
|
|
# Cannot place member variable in the definition of the function so...
|
|
|
|
|
if not start:
|
|
|
|
|
start = get_aug_path(self.loc["root"])
|
|
|
|
|
|
|
|
|
|
# No regexp code
|
|
|
|
|
# if arg is None:
|
|
|
|
|
# matches = self.aug.match(start +
|
2015-02-11 12:45:13 -05:00
|
|
|
# "//*[self::directive='" + directive + "']/arg")
|
2014-12-17 00:00:14 -05:00
|
|
|
# else:
|
|
|
|
|
# matches = self.aug.match(start +
|
2015-02-11 12:45:13 -05:00
|
|
|
# "//*[self::directive='" + directive +
|
|
|
|
|
# "']/* [self::arg='" + arg + "']")
|
2014-12-17 00:00:14 -05:00
|
|
|
|
|
|
|
|
# includes = self.aug.match(start +
|
|
|
|
|
# "//* [self::directive='Include']/* [label()='arg']")
|
|
|
|
|
|
2015-07-19 05:22:10 -04:00
|
|
|
regex = "(%s)|(%s)|(%s)" % (case_i(directive),
|
2015-07-09 19:15:45 -04:00
|
|
|
case_i("Include"),
|
2015-07-01 19:50:48 -04:00
|
|
|
case_i("IncludeOptional"))
|
2015-07-09 19:15:45 -04:00
|
|
|
matches = self.aug.match(
|
|
|
|
|
"%s//*[self::directive=~regexp('%s')]" % (start, regex))
|
2014-12-17 00:00:14 -05:00
|
|
|
|
2015-07-19 05:22:10 -04:00
|
|
|
if exclude:
|
2019-10-21 15:52:00 -04:00
|
|
|
matches = self.exclude_dirs(matches)
|
2015-07-01 21:07:53 -04:00
|
|
|
|
2015-07-09 19:15:45 -04:00
|
|
|
if arg is None:
|
|
|
|
|
arg_suffix = "/arg"
|
|
|
|
|
else:
|
2015-07-19 05:22:10 -04:00
|
|
|
arg_suffix = "/*[self::arg=~regexp('%s')]" % case_i(arg)
|
2014-12-17 00:00:14 -05:00
|
|
|
|
2021-03-10 14:51:27 -05:00
|
|
|
ordered_matches: List[str] = []
|
2014-12-17 00:00:14 -05:00
|
|
|
|
2015-07-14 02:18:33 -04:00
|
|
|
# TODO: Wildcards should be included in alphabetical order
|
|
|
|
|
# https://httpd.apache.org/docs/2.4/mod/core.html#include
|
2015-07-09 19:15:45 -04:00
|
|
|
for match in matches:
|
2015-07-19 05:22:10 -04:00
|
|
|
dir_ = self.aug.get(match).lower()
|
Lint certbot code on Python 3, and update Pylint to the latest version (#7551)
Part of #7550
This PR makes appropriate corrections to run pylint on Python 3.
Why not keeping the dependencies unchanged and just run pylint on Python 3?
Because the old version of pylint breaks horribly on Python 3 because of unsupported version of astroid.
Why updating pylint + astroid to the latest version ?
Because this version only fixes some internal errors occuring during the lint of Certbot code, and is also ready to run gracefully on Python 3.8.
Why upgrading mypy ?
Because the old version does not support the new version of astroid required to run pylint correctly.
Why not upgrading mypy to its latest version ?
Because this latest version includes a new typshed version, that adds a lot of new type definitions, and brings dozens of new errors on the Certbot codebase. I would like to fix that in a future PR.
That said so, the work has been to find the correct set of new dependency versions, then configure pylint for sane configuration errors in our situation, disable irrelevant lintings errors, then fixing (or ignoring for good reason) the remaining mypy errors.
I also made PyLint and MyPy checks run correctly on Windows.
* Start configuration
* Reconfigure travis
* Suspend a check specific to python 3. Start fixing code.
* Repair call_args
* Fix return + elif lints
* Reconfigure development to run mainly on python3
* Remove incompatible Python 3.4 jobs
* Suspend pylint in some assertions
* Remove pylint in dev
* Take first mypy that supports typed-ast>=1.4.0 to limit the migration path
* Various return + else lint errors
* Find a set of deps that is working with current mypy version
* Update local oldest requirements
* Remove all current pylint errors
* Rebuild letsencrypt-auto
* Update mypy to fix pylint with new astroid version, and fix mypy issues
* Explain type: ignore
* Reconfigure tox, fix none path
* Simplify pinning
* Remove useless directive
* Remove debugging code
* Remove continue
* Update requirements
* Disable unsubscriptable-object check
* Disable one check, enabling two more
* Plug certbot dev version for oldest requirements
* Remove useless disable directives
* Remove useless no-member disable
* Remove no-else-* checks. Use elif in symetric branches.
* Add back assertion
* Add new line
* Remove unused pylint disable
* Remove other pylint disable
2019-12-10 17:12:50 -05:00
|
|
|
if dir_ in ("include", "includeoptional"):
|
2015-07-09 19:15:45 -04:00
|
|
|
ordered_matches.extend(self.find_dir(
|
2015-07-22 05:05:01 -04:00
|
|
|
directive, arg,
|
|
|
|
|
self._get_include_path(self.get_arg(match + "/arg")),
|
|
|
|
|
exclude))
|
2015-07-19 05:22:10 -04:00
|
|
|
# This additionally allows Include
|
|
|
|
|
if dir_ == directive.lower():
|
2015-07-09 19:15:45 -04:00
|
|
|
ordered_matches.extend(self.aug.match(match + arg_suffix))
|
|
|
|
|
|
|
|
|
|
return ordered_matches
|
2014-12-17 00:00:14 -05:00
|
|
|
|
2022-01-31 03:17:40 -05:00
|
|
|
def get_arg(self, match: str) -> Optional[str]:
|
2015-07-13 17:16:51 -04:00
|
|
|
"""Uses augeas.get to get argument value and interprets result.
|
|
|
|
|
|
|
|
|
|
This also converts all variables and parameters appropriately.
|
|
|
|
|
|
|
|
|
|
"""
|
|
|
|
|
value = self.aug.get(match)
|
2015-09-22 11:56:26 -04:00
|
|
|
|
2016-01-14 06:25:15 -05:00
|
|
|
# No need to strip quotes for variables, as apache2ctl already does
|
|
|
|
|
# this, but we do need to strip quotes for all normal arguments.
|
2015-09-22 11:56:26 -04:00
|
|
|
|
|
|
|
|
# Note: normal argument may be a quoted variable
|
|
|
|
|
# e.g. strip now, not later
|
2017-10-02 19:18:37 -04:00
|
|
|
if not value:
|
|
|
|
|
return None
|
2022-01-21 04:15:48 -05:00
|
|
|
|
Lint certbot code on Python 3, and update Pylint to the latest version (#7551)
Part of #7550
This PR makes appropriate corrections to run pylint on Python 3.
Why not keeping the dependencies unchanged and just run pylint on Python 3?
Because the old version of pylint breaks horribly on Python 3 because of unsupported version of astroid.
Why updating pylint + astroid to the latest version ?
Because this version only fixes some internal errors occuring during the lint of Certbot code, and is also ready to run gracefully on Python 3.8.
Why upgrading mypy ?
Because the old version does not support the new version of astroid required to run pylint correctly.
Why not upgrading mypy to its latest version ?
Because this latest version includes a new typshed version, that adds a lot of new type definitions, and brings dozens of new errors on the Certbot codebase. I would like to fix that in a future PR.
That said so, the work has been to find the correct set of new dependency versions, then configure pylint for sane configuration errors in our situation, disable irrelevant lintings errors, then fixing (or ignoring for good reason) the remaining mypy errors.
I also made PyLint and MyPy checks run correctly on Windows.
* Start configuration
* Reconfigure travis
* Suspend a check specific to python 3. Start fixing code.
* Repair call_args
* Fix return + elif lints
* Reconfigure development to run mainly on python3
* Remove incompatible Python 3.4 jobs
* Suspend pylint in some assertions
* Remove pylint in dev
* Take first mypy that supports typed-ast>=1.4.0 to limit the migration path
* Various return + else lint errors
* Find a set of deps that is working with current mypy version
* Update local oldest requirements
* Remove all current pylint errors
* Rebuild letsencrypt-auto
* Update mypy to fix pylint with new astroid version, and fix mypy issues
* Explain type: ignore
* Reconfigure tox, fix none path
* Simplify pinning
* Remove useless directive
* Remove debugging code
* Remove continue
* Update requirements
* Disable unsubscriptable-object check
* Disable one check, enabling two more
* Plug certbot dev version for oldest requirements
* Remove useless disable directives
* Remove useless no-member disable
* Remove no-else-* checks. Use elif in symetric branches.
* Add back assertion
* Add new line
* Remove unused pylint disable
* Remove other pylint disable
2019-12-10 17:12:50 -05:00
|
|
|
value = value.strip("'\"")
|
2015-09-22 11:56:26 -04:00
|
|
|
|
2015-07-19 05:22:10 -04:00
|
|
|
variables = ApacheParser.arg_var_interpreter.findall(value)
|
2015-07-13 17:16:51 -04:00
|
|
|
|
|
|
|
|
for var in variables:
|
|
|
|
|
# Strip off ${ and }
|
2015-07-19 05:22:10 -04:00
|
|
|
try:
|
|
|
|
|
value = value.replace(var, self.variables[var[2:-1]])
|
|
|
|
|
except KeyError:
|
|
|
|
|
raise errors.PluginError("Error Parsing variable: %s" % var)
|
2015-07-13 17:16:51 -04:00
|
|
|
|
|
|
|
|
return value
|
|
|
|
|
|
2022-01-21 04:15:48 -05:00
|
|
|
def get_root_augpath(self) -> str:
|
2019-11-06 13:33:24 -05:00
|
|
|
"""
|
|
|
|
|
Returns the Augeas path of root configuration.
|
|
|
|
|
"""
|
|
|
|
|
return get_aug_path(self.loc["root"])
|
|
|
|
|
|
2022-01-21 04:15:48 -05:00
|
|
|
def exclude_dirs(self, matches: Iterable[str]) -> List[str]:
|
2015-07-01 21:07:53 -04:00
|
|
|
"""Exclude directives that are not loaded into the configuration."""
|
2020-03-23 19:49:52 -04:00
|
|
|
filters = [("ifmodule", self.modules.keys()), ("ifdefine", self.variables)]
|
2015-07-01 21:07:53 -04:00
|
|
|
|
|
|
|
|
valid_matches = []
|
|
|
|
|
|
|
|
|
|
for match in matches:
|
2015-07-19 05:22:10 -04:00
|
|
|
for filter_ in filters:
|
|
|
|
|
if not self._pass_filter(match, filter_):
|
2015-07-01 21:07:53 -04:00
|
|
|
break
|
|
|
|
|
else:
|
|
|
|
|
valid_matches.append(match)
|
|
|
|
|
return valid_matches
|
|
|
|
|
|
2022-01-21 04:15:48 -05:00
|
|
|
def _pass_filter(self, match: str, filter_: Tuple[str, Collection[str]]) -> bool:
|
2015-07-01 21:07:53 -04:00
|
|
|
"""Determine if directive passes a filter.
|
|
|
|
|
|
|
|
|
|
:param str match: Augeas path
|
|
|
|
|
:param list filter: list of tuples of form
|
|
|
|
|
[("lowercase if directive", set of relevant parameters)]
|
|
|
|
|
|
|
|
|
|
"""
|
|
|
|
|
match_l = match.lower()
|
2015-07-19 05:22:10 -04:00
|
|
|
last_match_idx = match_l.find(filter_[0])
|
2015-07-01 21:07:53 -04:00
|
|
|
|
|
|
|
|
while last_match_idx != -1:
|
|
|
|
|
# Check args
|
|
|
|
|
end_of_if = match_l.find("/", last_match_idx)
|
2015-07-19 19:48:27 -04:00
|
|
|
# This should be aug.get (vars are not used e.g. parser.aug_get)
|
2015-07-01 21:07:53 -04:00
|
|
|
expression = self.aug.get(match[:end_of_if] + "/arg")
|
|
|
|
|
|
2015-07-19 19:48:27 -04:00
|
|
|
if expression.startswith("!"):
|
|
|
|
|
# Strip off "!"
|
|
|
|
|
if expression[1:] in filter_[1]:
|
|
|
|
|
return False
|
|
|
|
|
else:
|
|
|
|
|
if expression not in filter_[1]:
|
|
|
|
|
return False
|
2015-07-01 21:07:53 -04:00
|
|
|
|
2015-07-19 05:22:10 -04:00
|
|
|
last_match_idx = match_l.find(filter_[0], end_of_if)
|
2015-07-01 21:07:53 -04:00
|
|
|
|
|
|
|
|
return True
|
|
|
|
|
|
2022-01-21 04:15:48 -05:00
|
|
|
def standard_path_from_server_root(self, arg: str) -> str:
|
2020-03-23 19:49:52 -04:00
|
|
|
"""Ensure paths are consistent and absolute
|
|
|
|
|
|
|
|
|
|
:param str arg: Argument of directive
|
|
|
|
|
|
|
|
|
|
:returns: Standardized argument path
|
|
|
|
|
:rtype: str
|
|
|
|
|
"""
|
|
|
|
|
# Remove beginning and ending quotes
|
|
|
|
|
arg = arg.strip("'\"")
|
|
|
|
|
|
|
|
|
|
# Standardize the include argument based on server root
|
|
|
|
|
if not arg.startswith("/"):
|
|
|
|
|
# Normpath will condense ../
|
|
|
|
|
arg = os.path.normpath(os.path.join(self.root, arg))
|
|
|
|
|
else:
|
|
|
|
|
arg = os.path.normpath(arg)
|
|
|
|
|
return arg
|
|
|
|
|
|
2022-01-21 04:15:48 -05:00
|
|
|
def _get_include_path(self, arg: Optional[str]) -> Optional[str]:
|
2014-12-17 00:00:14 -05:00
|
|
|
"""Converts an Apache Include directive into Augeas path.
|
|
|
|
|
|
|
|
|
|
Converts an Apache Include directive argument into an Augeas
|
|
|
|
|
searchable path
|
|
|
|
|
|
|
|
|
|
.. todo:: convert to use os.path.join()
|
|
|
|
|
|
|
|
|
|
:param str arg: Argument of Include directive
|
|
|
|
|
|
|
|
|
|
:returns: Augeas path string
|
|
|
|
|
:rtype: str
|
|
|
|
|
|
|
|
|
|
"""
|
|
|
|
|
# Check to make sure only expected characters are used <- maybe remove
|
|
|
|
|
# validChars = re.compile("[a-zA-Z0-9.*?_-/]*")
|
|
|
|
|
# matchObj = validChars.match(arg)
|
|
|
|
|
# if matchObj.group() != arg:
|
2015-06-11 09:45:41 -04:00
|
|
|
# logger.error("Error: Invalid regexp characters in %s", arg)
|
2014-12-17 00:00:14 -05:00
|
|
|
# return []
|
2022-01-21 04:15:48 -05:00
|
|
|
if arg is None:
|
|
|
|
|
return None # pragma: no cover
|
2020-03-23 19:49:52 -04:00
|
|
|
arg = self.standard_path_from_server_root(arg)
|
2014-12-17 00:00:14 -05:00
|
|
|
|
|
|
|
|
# Attempts to add a transform to the file if one does not already exist
|
2015-07-24 20:05:25 -04:00
|
|
|
if os.path.isdir(arg):
|
2017-09-25 15:03:09 -04:00
|
|
|
self.parse_file(os.path.join(arg, "*"))
|
2015-07-24 20:05:25 -04:00
|
|
|
else:
|
2017-09-25 15:03:09 -04:00
|
|
|
self.parse_file(arg)
|
2014-12-17 00:00:14 -05:00
|
|
|
|
|
|
|
|
# Argument represents an fnmatch regular expression, convert it
|
|
|
|
|
# Split up the path and convert each into an Augeas accepted regex
|
|
|
|
|
# then reassemble
|
2015-07-14 02:18:33 -04:00
|
|
|
split_arg = arg.split("/")
|
|
|
|
|
for idx, split in enumerate(split_arg):
|
2015-07-19 05:22:10 -04:00
|
|
|
if any(char in ApacheParser.fnmatch_chars for char in split):
|
2020-01-17 12:55:51 -05:00
|
|
|
# Turn it into an augeas regex
|
2015-07-14 02:18:33 -04:00
|
|
|
# TODO: Can this instead be an augeas glob instead of regex
|
|
|
|
|
split_arg[idx] = ("* [label()=~regexp('%s')]" %
|
|
|
|
|
self.fnmatch_to_re(split))
|
|
|
|
|
# Reassemble the argument
|
2015-07-24 20:05:25 -04:00
|
|
|
# Note: This also normalizes the argument /serverroot/ -> /serverroot
|
2015-07-14 02:18:33 -04:00
|
|
|
arg = "/".join(split_arg)
|
2014-12-17 00:00:14 -05:00
|
|
|
|
|
|
|
|
return get_aug_path(arg)
|
|
|
|
|
|
2022-01-21 04:15:48 -05:00
|
|
|
def fnmatch_to_re(self, clean_fn_match: str) -> str:
|
2014-12-17 00:00:14 -05:00
|
|
|
"""Method converts Apache's basic fnmatch to regular expression.
|
|
|
|
|
|
2015-07-14 02:18:33 -04:00
|
|
|
Assumption - Configs are assumed to be well-formed and only writable by
|
|
|
|
|
privileged users.
|
|
|
|
|
|
|
|
|
|
https://apr.apache.org/docs/apr/2.0/apr__fnmatch_8h_source.html
|
|
|
|
|
|
2016-01-14 06:25:15 -05:00
|
|
|
:param str clean_fn_match: Apache style filename match, like globs
|
2014-12-17 00:00:14 -05:00
|
|
|
|
|
|
|
|
:returns: regex suitable for augeas
|
|
|
|
|
:rtype: str
|
|
|
|
|
|
|
|
|
|
"""
|
2018-05-14 12:33:30 -04:00
|
|
|
# Since Python 3.6, it returns a different pattern like (?s:.*\.load)\Z
|
|
|
|
|
return fnmatch.translate(clean_fn_match)[4:-3] # pragma: no cover
|
2014-12-17 00:00:14 -05:00
|
|
|
|
2022-01-21 04:15:48 -05:00
|
|
|
def parse_file(self, filepath: str) -> None:
|
2014-12-17 00:00:14 -05:00
|
|
|
"""Parse file with Augeas
|
|
|
|
|
|
|
|
|
|
Checks to see if file_path is parsed by Augeas
|
2015-01-20 16:51:52 -05:00
|
|
|
If filepath isn't parsed, the file is added and Augeas is reloaded
|
2014-12-17 00:00:14 -05:00
|
|
|
|
2015-01-21 00:59:10 -05:00
|
|
|
:param str filepath: Apache config file path
|
2014-12-17 00:00:14 -05:00
|
|
|
|
|
|
|
|
"""
|
2016-01-05 04:25:21 -05:00
|
|
|
use_new, remove_old = self._check_path_actions(filepath)
|
2017-09-25 15:03:09 -04:00
|
|
|
# Ensure that we have the latest Augeas DOM state on disk before
|
|
|
|
|
# calling aug.load() which reloads the state from disk
|
2019-06-28 11:39:13 -04:00
|
|
|
self.ensure_augeas_state()
|
2014-12-17 00:00:14 -05:00
|
|
|
# Test if augeas included file for Httpd.lens
|
|
|
|
|
# Note: This works for augeas globs, ie. *.conf
|
2016-01-05 04:25:21 -05:00
|
|
|
if use_new:
|
|
|
|
|
inc_test = self.aug.match(
|
2016-02-19 20:58:37 -05:00
|
|
|
"/augeas/load/Httpd['%s' =~ glob(incl)]" % filepath)
|
2016-01-05 04:25:21 -05:00
|
|
|
if not inc_test:
|
|
|
|
|
# Load up files
|
|
|
|
|
# This doesn't seem to work on TravisCI
|
|
|
|
|
# self.aug.add_transform("Httpd.lns", [filepath])
|
|
|
|
|
if remove_old:
|
|
|
|
|
self._remove_httpd_transform(filepath)
|
|
|
|
|
self._add_httpd_transform(filepath)
|
|
|
|
|
self.aug.load()
|
|
|
|
|
|
2022-01-21 04:15:48 -05:00
|
|
|
def parsed_in_current(self, filep: Optional[str]) -> bool:
|
2017-09-25 15:03:09 -04:00
|
|
|
"""Checks if the file path is parsed by current Augeas parser config
|
|
|
|
|
ie. returns True if the file is found on a path that's found in live
|
|
|
|
|
Augeas configuration.
|
|
|
|
|
|
|
|
|
|
:param str filep: Path to match
|
|
|
|
|
|
|
|
|
|
:returns: True if file is parsed in existing configuration tree
|
|
|
|
|
:rtype: bool
|
|
|
|
|
"""
|
2022-01-21 04:15:48 -05:00
|
|
|
if not filep:
|
|
|
|
|
return False # pragma: no cover
|
2017-09-25 15:03:09 -04:00
|
|
|
return self._parsed_by_parser_paths(filep, self.parser_paths)
|
|
|
|
|
|
2022-01-21 04:15:48 -05:00
|
|
|
def parsed_in_original(self, filep: Optional[str]) -> bool:
|
2017-09-25 15:03:09 -04:00
|
|
|
"""Checks if the file path is parsed by existing Apache config.
|
|
|
|
|
ie. returns True if the file is found on a path that matches Include or
|
|
|
|
|
IncludeOptional statement in the Apache configuration.
|
|
|
|
|
|
|
|
|
|
:param str filep: Path to match
|
|
|
|
|
|
|
|
|
|
:returns: True if file is parsed in existing configuration tree
|
|
|
|
|
:rtype: bool
|
|
|
|
|
"""
|
2022-01-21 04:15:48 -05:00
|
|
|
if not filep:
|
|
|
|
|
return False # pragma: no cover
|
2017-09-25 15:03:09 -04:00
|
|
|
return self._parsed_by_parser_paths(filep, self.existing_paths)
|
|
|
|
|
|
2022-01-21 04:15:48 -05:00
|
|
|
def _parsed_by_parser_paths(self, filep: str, paths: Mapping[str, List[str]]) -> bool:
|
2017-09-25 15:03:09 -04:00
|
|
|
"""Helper function that searches through provided paths and returns
|
|
|
|
|
True if file path is found in the set"""
|
2020-09-19 05:35:49 -04:00
|
|
|
for directory in paths:
|
2017-09-25 15:03:09 -04:00
|
|
|
for filename in paths[directory]:
|
|
|
|
|
if fnmatch.fnmatch(filep, os.path.join(directory, filename)):
|
|
|
|
|
return True
|
|
|
|
|
return False
|
|
|
|
|
|
2022-01-21 04:15:48 -05:00
|
|
|
def _check_path_actions(self, filepath: str) -> Tuple[bool, bool]:
|
2016-01-05 04:25:21 -05:00
|
|
|
"""Determine actions to take with a new augeas path
|
|
|
|
|
|
|
|
|
|
This helper function will return a tuple that defines
|
|
|
|
|
if we should try to append the new filepath to augeas
|
|
|
|
|
parser paths, and / or remove the old one with more
|
|
|
|
|
narrow matching.
|
|
|
|
|
|
|
|
|
|
:param str filepath: filepath to check the actions for
|
|
|
|
|
|
|
|
|
|
"""
|
|
|
|
|
|
|
|
|
|
try:
|
|
|
|
|
new_file_match = os.path.basename(filepath)
|
2016-01-05 07:36:42 -05:00
|
|
|
existing_matches = self.parser_paths[os.path.dirname(filepath)]
|
|
|
|
|
if "*" in existing_matches:
|
2016-01-05 06:16:49 -05:00
|
|
|
use_new = False
|
|
|
|
|
else:
|
2016-01-05 04:25:21 -05:00
|
|
|
use_new = True
|
2018-05-14 12:33:30 -04:00
|
|
|
remove_old = new_file_match == "*"
|
2016-01-05 04:25:21 -05:00
|
|
|
except KeyError:
|
|
|
|
|
use_new = True
|
2016-01-05 06:16:49 -05:00
|
|
|
remove_old = False
|
2016-01-05 04:25:21 -05:00
|
|
|
return use_new, remove_old
|
|
|
|
|
|
2022-01-21 04:15:48 -05:00
|
|
|
def _remove_httpd_transform(self, filepath: str) -> None:
|
2016-01-05 04:25:21 -05:00
|
|
|
"""Remove path from Augeas transform
|
|
|
|
|
|
|
|
|
|
:param str filepath: filepath to remove
|
|
|
|
|
"""
|
|
|
|
|
|
2016-01-05 07:36:42 -05:00
|
|
|
remove_basenames = self.parser_paths[os.path.dirname(filepath)]
|
2016-01-05 04:25:21 -05:00
|
|
|
remove_dirname = os.path.dirname(filepath)
|
2016-01-05 07:36:42 -05:00
|
|
|
for name in remove_basenames:
|
|
|
|
|
remove_path = remove_dirname + "/" + name
|
|
|
|
|
remove_inc = self.aug.match(
|
|
|
|
|
"/augeas/load/Httpd/incl [. ='%s']" % remove_path)
|
|
|
|
|
self.aug.remove(remove_inc[0])
|
2016-01-05 04:25:21 -05:00
|
|
|
self.parser_paths.pop(remove_dirname)
|
2014-12-17 00:00:14 -05:00
|
|
|
|
2022-01-21 04:15:48 -05:00
|
|
|
def _add_httpd_transform(self, incl: str) -> None:
|
2015-01-21 00:13:56 -05:00
|
|
|
"""Add a transform to Augeas.
|
|
|
|
|
|
|
|
|
|
This function will correctly add a transform to augeas
|
|
|
|
|
The existing augeas.add_transform in python doesn't seem to work for
|
|
|
|
|
Travis CI as it loads in libaugeas.so.0.10.0
|
|
|
|
|
|
|
|
|
|
:param str incl: filepath to include for transform
|
|
|
|
|
|
|
|
|
|
"""
|
2022-01-21 04:15:48 -05:00
|
|
|
last_include: str = self.aug.match("/augeas/load/Httpd/incl [last()]")
|
2015-01-21 00:13:56 -05:00
|
|
|
if last_include:
|
|
|
|
|
# Insert a new node immediately after the last incl
|
|
|
|
|
self.aug.insert(last_include[0], "incl", False)
|
|
|
|
|
self.aug.set("/augeas/load/Httpd/incl[last()]", incl)
|
|
|
|
|
# On first use... must load lens and add file to incl
|
|
|
|
|
else:
|
|
|
|
|
# Augeas uses base 1 indexing... insert at beginning...
|
|
|
|
|
self.aug.set("/augeas/load/Httpd/lens", "Httpd.lns")
|
|
|
|
|
self.aug.set("/augeas/load/Httpd/incl", incl)
|
2016-01-05 04:25:21 -05:00
|
|
|
# Add included path to paths dictionary
|
2016-01-05 07:36:42 -05:00
|
|
|
try:
|
|
|
|
|
self.parser_paths[os.path.dirname(incl)].append(
|
|
|
|
|
os.path.basename(incl))
|
|
|
|
|
except KeyError:
|
|
|
|
|
self.parser_paths[os.path.dirname(incl)] = [
|
|
|
|
|
os.path.basename(incl)]
|
2015-01-21 00:13:56 -05:00
|
|
|
|
2022-01-21 04:15:48 -05:00
|
|
|
def standardize_excl(self) -> None:
|
2014-12-17 00:00:14 -05:00
|
|
|
"""Standardize the excl arguments for the Httpd lens in Augeas.
|
|
|
|
|
|
|
|
|
|
Note: Hack!
|
|
|
|
|
Standardize the excl arguments for the Httpd lens in Augeas
|
|
|
|
|
Servers sometimes give incorrect defaults
|
|
|
|
|
Note: This problem should be fixed in Augeas 1.0. Unfortunately,
|
|
|
|
|
Augeas 0.10 appears to be the most popular version currently.
|
|
|
|
|
|
|
|
|
|
"""
|
|
|
|
|
# attempt to protect against augeas error in 0.10.0 - ubuntu
|
|
|
|
|
# *.augsave -> /*.augsave upon augeas.load()
|
|
|
|
|
# Try to avoid bad httpd files
|
|
|
|
|
# There has to be a better way... but after a day and a half of testing
|
|
|
|
|
# I had no luck
|
|
|
|
|
# This is a hack... work around... submit to augeas if still not fixed
|
|
|
|
|
|
|
|
|
|
excl = ["*.augnew", "*.augsave", "*.dpkg-dist", "*.dpkg-bak",
|
|
|
|
|
"*.dpkg-new", "*.dpkg-old", "*.rpmsave", "*.rpmnew",
|
|
|
|
|
"*~",
|
2015-02-02 16:11:59 -05:00
|
|
|
self.root + "/*.augsave",
|
|
|
|
|
self.root + "/*~",
|
|
|
|
|
self.root + "/*/*augsave",
|
|
|
|
|
self.root + "/*/*~",
|
|
|
|
|
self.root + "/*/*/*.augsave",
|
|
|
|
|
self.root + "/*/*/*~"]
|
2014-12-17 00:00:14 -05:00
|
|
|
|
2015-02-02 15:32:42 -05:00
|
|
|
for i, excluded in enumerate(excl, 1):
|
|
|
|
|
self.aug.set("/augeas/load/Httpd/excl[%d]" % i, excluded)
|
2014-12-17 00:00:14 -05:00
|
|
|
|
|
|
|
|
self.aug.load()
|
2015-01-20 17:03:05 -05:00
|
|
|
|
2022-01-21 04:15:48 -05:00
|
|
|
def _set_locations(self) -> Dict[str, str]:
|
2014-12-17 00:00:14 -05:00
|
|
|
"""Set default location for directives.
|
|
|
|
|
|
|
|
|
|
Locations are given as file_paths
|
|
|
|
|
.. todo:: Make sure that files are included
|
|
|
|
|
|
|
|
|
|
"""
|
2022-01-21 04:15:48 -05:00
|
|
|
default: str = self.loc["root"]
|
2014-12-17 00:00:14 -05:00
|
|
|
|
2022-01-21 04:15:48 -05:00
|
|
|
temp: str = os.path.join(self.root, "ports.conf")
|
2014-12-17 00:00:14 -05:00
|
|
|
if os.path.isfile(temp):
|
|
|
|
|
listen = temp
|
|
|
|
|
name = temp
|
|
|
|
|
else:
|
|
|
|
|
listen = default
|
|
|
|
|
name = default
|
|
|
|
|
|
2015-07-19 22:49:44 -04:00
|
|
|
return {"default": default, "listen": listen, "name": name}
|
2014-12-17 00:00:14 -05:00
|
|
|
|
2022-01-21 04:15:48 -05:00
|
|
|
def _find_config_root(self) -> str:
|
2014-12-17 00:00:14 -05:00
|
|
|
"""Find the Apache Configuration Root file."""
|
2015-12-06 15:46:28 -05:00
|
|
|
location = ["apache2.conf", "httpd.conf", "conf/httpd.conf"]
|
2014-12-17 00:00:14 -05:00
|
|
|
for name in location:
|
|
|
|
|
if os.path.isfile(os.path.join(self.root, name)):
|
|
|
|
|
return os.path.join(self.root, name)
|
2015-06-12 10:45:28 -04:00
|
|
|
raise errors.NoInstallationError("Could not find configuration root")
|
2014-12-17 00:00:14 -05:00
|
|
|
|
|
|
|
|
|
2022-01-21 04:15:48 -05:00
|
|
|
def case_i(string: str) -> str:
|
2014-12-17 00:00:14 -05:00
|
|
|
"""Returns case insensitive regex.
|
|
|
|
|
|
|
|
|
|
Returns a sloppy, but necessary version of a case insensitive regex.
|
|
|
|
|
Any string should be able to be submitted and the string is
|
|
|
|
|
escaped and then made case insensitive.
|
|
|
|
|
May be replaced by a more proper /i once augeas 1.0 is widely
|
|
|
|
|
supported.
|
|
|
|
|
|
|
|
|
|
:param str string: string to make case i regex
|
|
|
|
|
|
|
|
|
|
"""
|
2020-04-13 13:41:39 -04:00
|
|
|
return "".join("[" + c.upper() + c.lower() + "]"
|
|
|
|
|
if c.isalpha() else c for c in re.escape(string))
|
2014-12-17 00:00:14 -05:00
|
|
|
|
|
|
|
|
|
2022-01-21 04:15:48 -05:00
|
|
|
def get_aug_path(file_path: str) -> str:
|
2014-12-17 00:00:14 -05:00
|
|
|
"""Return augeas path for full filepath.
|
|
|
|
|
|
|
|
|
|
:param str file_path: Full filepath
|
|
|
|
|
|
|
|
|
|
"""
|
|
|
|
|
return "/files%s" % file_path
|
2021-04-05 18:04:21 -04:00
|
|
|
|
|
|
|
|
|
|
|
|
|
def init_augeas() -> Augeas:
|
|
|
|
|
""" Initialize the actual Augeas instance """
|
|
|
|
|
|
|
|
|
|
if not Augeas: # pragma: no cover
|
|
|
|
|
raise errors.NoInstallationError("Problem in Augeas installation")
|
|
|
|
|
|
|
|
|
|
return Augeas(
|
|
|
|
|
# specify a directory to load our preferred lens from
|
|
|
|
|
loadpath=constants.AUGEAS_LENS_DIR,
|
|
|
|
|
# Do not save backup (we do it ourselves), do not load
|
|
|
|
|
# anything by default
|
|
|
|
|
flags=(Augeas.NONE |
|
|
|
|
|
Augeas.NO_MODL_AUTOLOAD |
|
|
|
|
|
Augeas.ENABLE_SPAN))
|
