certbot/certbot-apache/certbot_apache/constants.py

"""Apache plugin constants."""
import pkg_resources
from certbot import le_util


CLI_DEFAULTS_DEBIAN = dict(
    server_root="/etc/apache2",
    vhost_root="/etc/apache2/sites-available",
    vhost_files="*",
    version_cmd=['apache2ctl', '-v'],
    define_cmd=['apache2ctl', '-t', '-D', 'DUMP_RUN_CFG'],
    restart_cmd=['apache2ctl', 'graceful'],
    conftest_cmd=['apache2ctl', 'configtest'],
    enmod="a2enmod",
    dismod="a2dismod",
    le_vhost_ext="-le-ssl.conf",
    handle_mods=True,
    handle_sites=True,
    challenge_location="/etc/apache2",
    MOD_SSL_CONF_SRC=pkg_resources.resource_filename(
        "certbot_apache", "options-ssl-apache.conf")
)
CLI_DEFAULTS_CENTOS = dict(
    server_root="/etc/httpd",
    vhost_root="/etc/httpd/conf.d",
    vhost_files="*.conf",
    version_cmd=['apachectl', '-v'],
    define_cmd=['apachectl', '-t', '-D', 'DUMP_RUN_CFG'],
    restart_cmd=['apachectl', 'graceful'],
    conftest_cmd=['apachectl', 'configtest'],
    enmod=None,
    dismod=None,
    le_vhost_ext="-le-ssl.conf",
    handle_mods=False,
    handle_sites=False,
    challenge_location="/etc/httpd/conf.d",
    MOD_SSL_CONF_SRC=pkg_resources.resource_filename(
        "certbot_apache", "centos-options-ssl-apache.conf")
)
CLI_DEFAULTS_GENTOO = dict(
    server_root="/etc/apache2",
    vhost_root="/etc/apache2/vhosts.d",
    vhost_files="*.conf",
    version_cmd=['/usr/sbin/apache2', '-v'],
    define_cmd=['apache2ctl', 'virtualhosts'],
    restart_cmd=['apache2ctl', 'graceful'],
    conftest_cmd=['apache2ctl', 'configtest'],
    enmod=None,
    dismod=None,
    le_vhost_ext="-le-ssl.conf",
    handle_mods=False,
    handle_sites=False,
    challenge_location="/etc/apache2/vhosts.d",
    MOD_SSL_CONF_SRC=pkg_resources.resource_filename(
        "certbot_apache", "options-ssl-apache.conf")
)
CLI_DEFAULTS_DARWIN = dict(
    server_root="/etc/apache2",
    vhost_root="/etc/apache2/other",
    vhost_files="*.conf",
    version_cmd=['/usr/sbin/httpd', '-v'],
    define_cmd=['/usr/sbin/httpd', '-t', '-D', 'DUMP_RUN_CFG'],
    restart_cmd=['apachectl', 'graceful'],
    conftest_cmd=['apachectl', 'configtest'],
    enmod=None,
    dismod=None,
    le_vhost_ext="-le-ssl.conf",
    handle_mods=False,
    handle_sites=False,
    challenge_location="/etc/apache2/other",
    MOD_SSL_CONF_SRC=pkg_resources.resource_filename(
        "certbot_apache", "options-ssl-apache.conf")
)
CLI_DEFAULTS = {
    "debian": CLI_DEFAULTS_DEBIAN,
    "ubuntu": CLI_DEFAULTS_DEBIAN,
    "centos": CLI_DEFAULTS_CENTOS,
    "centos linux": CLI_DEFAULTS_CENTOS,
    "fedora": CLI_DEFAULTS_CENTOS,
    "red hat enterprise linux server": CLI_DEFAULTS_CENTOS,
    "gentoo base system": CLI_DEFAULTS_GENTOO,
    "darwin": CLI_DEFAULTS_DARWIN,
}
"""CLI defaults."""

MOD_SSL_CONF_DEST = "options-ssl-apache.conf"
"""Name of the mod_ssl config file as saved in `IConfig.config_dir`."""

AUGEAS_LENS_DIR = pkg_resources.resource_filename(
    "certbot_apache", "augeas_lens")
"""Path to the Augeas lens directory"""

REWRITE_HTTPS_ARGS = [
    "^", "https://%{SERVER_NAME}%{REQUEST_URI}", "[L,QSA,R=permanent]"]
"""Apache version<2.3.9 rewrite rule arguments used for redirections to
https vhost"""

REWRITE_HTTPS_ARGS_WITH_END = [
    "^", "https://%{SERVER_NAME}%{REQUEST_URI}", "[END,QSA,R=permanent]"]
"""Apache version >= 2.3.9 rewrite rule arguments used for redirections to
    https vhost"""

HSTS_ARGS = ["always", "set", "Strict-Transport-Security",
             "\"max-age=31536000\""]
"""Apache header arguments for HSTS"""

UIR_ARGS = ["always", "set", "Content-Security-Policy",
            "upgrade-insecure-requests"]

HEADER_ARGS = {"Strict-Transport-Security": HSTS_ARGS,
               "Upgrade-Insecure-Requests": UIR_ARGS}


def os_constant(key):
    """Get a constant value for operating system
    :param key: name of cli constant
    :return: value of constant for active os
    """
    os_info = le_util.get_os_info()
    try:
        constants = CLI_DEFAULTS[os_info[0].lower()]
    except KeyError:
        constants = CLI_DEFAULTS["debian"]
    return constants[key]
Move apache constants/args/IConfig to its subdirectory 2015-04-22 04:32:34 -04:00			`"""Apache plugin constants."""`
			`import pkg_resources`
s/letsencrypt/certbot letsencrypt-apache 2016-04-13 19:30:57 -04:00			`from certbot import le_util`
Move apache constants/args/IConfig to its subdirectory 2015-04-22 04:32:34 -04:00

Per-OS constants 2015-12-03 07:14:02 -05:00			`CLI_DEFAULTS_DEBIAN = dict(`
Use CLI_DEFAULTS in plugins 2015-05-08 17:32:13 -04:00			`server_root="/etc/apache2",`
New constant for VirtualHost - configuration directory and changing the configurator to use it 2015-12-06 15:40:51 -05:00			`vhost_root="/etc/apache2/sites-available",`
Abstract config file matching to os based constants 2015-12-28 05:56:44 -05:00			`vhost_files="*",`
Changed define and version commands from string to list to avoid unneeded parsing later on 2015-12-25 03:18:24 -05:00			`version_cmd=['apache2ctl', '-v'],`
			`define_cmd=['apache2ctl', '-t', '-D', 'DUMP_RUN_CFG'],`
Abstract the remaining commands to configurable ones 2015-12-28 06:47:14 -05:00			`restart_cmd=['apache2ctl', 'graceful'],`
			`conftest_cmd=['apache2ctl', 'configtest'],`
Use CLI_DEFAULTS in plugins 2015-05-08 17:32:13 -04:00			`enmod="a2enmod",`
Use a2enmod and update reverter 2015-07-30 02:40:07 -04:00			`dismod="a2dismod",`
--le-vhost-ext -> --apache-le-vhost-ext 2015-05-22 03:28:21 -04:00			`le_vhost_ext="-le-ssl.conf",`
Configurable directory path for challenge configuration file 2015-12-07 04:07:31 -05:00			`handle_mods=True,`
Constant value per OS basis if installer should handle enabling / disabling sites 2015-12-07 05:42:40 -05:00			`handle_sites=True,`
make different options ssl conf for centos 2016-01-26 13:17:34 -05:00			`challenge_location="/etc/apache2",`
fix mapping issue 2016-01-26 13:39:54 -05:00			`MOD_SSL_CONF_SRC=pkg_resources.resource_filename(`
s/letsencrypt/certbot letsencrypt-apache 2016-04-13 19:30:57 -04:00			`"certbot_apache", "options-ssl-apache.conf")`
Use CLI_DEFAULTS in plugins 2015-05-08 17:32:13 -04:00			`)`
Per-OS constants 2015-12-03 07:14:02 -05:00			`CLI_DEFAULTS_CENTOS = dict(`
			`server_root="/etc/httpd",`
New constant for VirtualHost - configuration directory and changing the configurator to use it 2015-12-06 15:40:51 -05:00			`vhost_root="/etc/httpd/conf.d",`
Abstract config file matching to os based constants 2015-12-28 05:56:44 -05:00			`vhost_files="*.conf",`
Changed define and version commands from string to list to avoid unneeded parsing later on 2015-12-25 03:18:24 -05:00			`version_cmd=['apachectl', '-v'],`
			`define_cmd=['apachectl', '-t', '-D', 'DUMP_RUN_CFG'],`
Abstract the remaining commands to configurable ones 2015-12-28 06:47:14 -05:00			`restart_cmd=['apachectl', 'graceful'],`
			`conftest_cmd=['apachectl', 'configtest'],`
Per-OS constants 2015-12-03 07:14:02 -05:00			`enmod=None,`
			`dismod=None,`
			`le_vhost_ext="-le-ssl.conf",`
Configurable directory path for challenge configuration file 2015-12-07 04:07:31 -05:00			`handle_mods=False,`
Constant value per OS basis if installer should handle enabling / disabling sites 2015-12-07 05:42:40 -05:00			`handle_sites=False,`
make different options ssl conf for centos 2016-01-26 13:17:34 -05:00			`challenge_location="/etc/httpd/conf.d",`
fix mapping issue 2016-01-26 13:39:54 -05:00			`MOD_SSL_CONF_SRC=pkg_resources.resource_filename(`
s/letsencrypt/certbot letsencrypt-apache 2016-04-13 19:30:57 -04:00			`"certbot_apache", "centos-options-ssl-apache.conf")`
Per-OS constants 2015-12-03 07:14:02 -05:00			`)`
Gentoo constants, still missing gentoo fingerprint though 2015-12-14 02:27:16 -05:00			`CLI_DEFAULTS_GENTOO = dict(`
			`server_root="/etc/apache2",`
			`vhost_root="/etc/apache2/vhosts.d",`
Abstract config file matching to os based constants 2015-12-28 05:56:44 -05:00			`vhost_files="*.conf",`
Changed define and version commands from string to list to avoid unneeded parsing later on 2015-12-25 03:18:24 -05:00			`version_cmd=['/usr/sbin/apache2', '-v'],`
Fixed Gentoo define command 2016-03-23 12:12:07 -04:00			`define_cmd=['apache2ctl', 'virtualhosts'],`
Abstract the remaining commands to configurable ones 2015-12-28 06:47:14 -05:00			`restart_cmd=['apache2ctl', 'graceful'],`
			`conftest_cmd=['apache2ctl', 'configtest'],`
Gentoo constants, still missing gentoo fingerprint though 2015-12-14 02:27:16 -05:00			`enmod=None,`
			`dismod=None,`
			`le_vhost_ext="-le-ssl.conf",`
			`handle_mods=False,`
			`handle_sites=False,`
make different options ssl conf for centos 2016-01-26 13:17:34 -05:00			`challenge_location="/etc/apache2/vhosts.d",`
fix mapping issue 2016-01-26 13:39:54 -05:00			`MOD_SSL_CONF_SRC=pkg_resources.resource_filename(`
s/letsencrypt/certbot letsencrypt-apache 2016-04-13 19:30:57 -04:00			`"certbot_apache", "options-ssl-apache.conf")`
Gentoo constants, still missing gentoo fingerprint though 2015-12-14 02:27:16 -05:00			`)`
Support system-default Apache on OS X. Tested on Yosemite (10.10). 2016-02-11 17:09:50 -05:00			`CLI_DEFAULTS_DARWIN = dict(`
			`server_root="/etc/apache2",`
			`vhost_root="/etc/apache2/other",`
			`vhost_files="*.conf",`
			`version_cmd=['/usr/sbin/httpd', '-v'],`
			`define_cmd=['/usr/sbin/httpd', '-t', '-D', 'DUMP_RUN_CFG'],`
			`restart_cmd=['apachectl', 'graceful'],`
			`conftest_cmd=['apachectl', 'configtest'],`
			`enmod=None,`
			`dismod=None,`
			`le_vhost_ext="-le-ssl.conf",`
			`handle_mods=False,`
			`handle_sites=False,`
			`challenge_location="/etc/apache2/other",`
			`MOD_SSL_CONF_SRC=pkg_resources.resource_filename(`
s/letsencrypt/certbot letsencrypt-apache 2016-04-13 19:30:57 -04:00			`"certbot_apache", "options-ssl-apache.conf")`
Support system-default Apache on OS X. Tested on Yosemite (10.10). 2016-02-11 17:09:50 -05:00			`)`
Per-OS constants 2015-12-03 07:14:02 -05:00			`CLI_DEFAULTS = {`
			`"debian": CLI_DEFAULTS_DEBIAN,`
			`"ubuntu": CLI_DEFAULTS_DEBIAN,`
Added correct os_info string for CentOS 2015-12-05 12:10:40 -05:00			`"centos": CLI_DEFAULTS_CENTOS,`
Added fedora layout 2015-12-07 07:22:56 -05:00			`"centos linux": CLI_DEFAULTS_CENTOS,`
Add RedHat Enterprise defaults to constants 2015-12-10 11:17:12 -05:00			`"fedora": CLI_DEFAULTS_CENTOS,`
Add gentoo fingerprint 2015-12-21 15:52:32 -05:00			`"red hat enterprise linux server": CLI_DEFAULTS_CENTOS,`
Support system-default Apache on OS X. Tested on Yosemite (10.10). 2016-02-11 17:09:50 -05:00			`"gentoo base system": CLI_DEFAULTS_GENTOO,`
			`"darwin": CLI_DEFAULTS_DARWIN,`
Per-OS constants 2015-12-03 07:14:02 -05:00			`}`
Use CLI_DEFAULTS in plugins 2015-05-08 17:32:13 -04:00			`"""CLI defaults."""`
Move apache constants/args/IConfig to its subdirectory 2015-04-22 04:32:34 -04:00
Don't allow user supplied mod_ssl conf destination (fixes #451). 2015-06-01 20:14:10 -04:00			`MOD_SSL_CONF_DEST = "options-ssl-apache.conf"`
			"""Name of the mod_ssl config file as saved in `IConfig.config_dir`."""
Move apache constants/args/IConfig to its subdirectory 2015-04-22 04:32:34 -04:00
constants.AUGEAS_LENS_DIR 2015-11-04 15:12:39 -05:00			`AUGEAS_LENS_DIR = pkg_resources.resource_filename(`
s/letsencrypt/certbot letsencrypt-apache 2016-04-13 19:30:57 -04:00			`"certbot_apache", "augeas_lens")`
constants.AUGEAS_LENS_DIR 2015-11-04 15:12:39 -05:00			`"""Path to the Augeas lens directory"""`
load augeas httpd lens from inside of lets encrypt 2015-11-02 19:22:58 -05:00
Move apache constants/args/IConfig to its subdirectory 2015-04-22 04:32:34 -04:00			`REWRITE_HTTPS_ARGS = [`
Convert to servername/serveralias 2015-07-21 20:16:46 -04:00			`"^", "https://%{SERVER_NAME}%{REQUEST_URI}", "[L,QSA,R=permanent]"]`
Pep8 love 2016-01-14 06:25:15 -05:00			`"""Apache version<2.3.9 rewrite rule arguments used for redirections to`
			`https vhost"""`
Add HSTS header enhancement to Apache 2015-11-06 17:31:30 -05:00
alter redirect_verification to raise only when an exact Letsencrypt redirction rewrite rule is encountered 2015-12-01 19:05:15 -05:00			`REWRITE_HTTPS_ARGS_WITH_END = [`
add check for apache 2.3.9, warn of possible conflicting rewrite rules 2015-12-01 20:37:07 -05:00			`"^", "https://%{SERVER_NAME}%{REQUEST_URI}", "[END,QSA,R=permanent]"]`
delete unneeded tests 2015-12-01 19:16:13 -05:00			`"""Apache version >= 2.3.9 rewrite rule arguments used for redirections to`
alter redirect_verification to raise only when an exact Letsencrypt redirction rewrite rule is encountered 2015-12-01 19:05:15 -05:00			`https vhost"""`
Generalized http-header enhancement 2015-11-07 23:37:57 -05:00
			`HSTS_ARGS = ["always", "set", "Strict-Transport-Security",`
Pep8 love 2016-01-14 06:25:15 -05:00			`"\"max-age=31536000\""]`
Add HSTS header enhancement to Apache 2015-11-06 17:31:30 -05:00			`"""Apache header arguments for HSTS"""`

Generalized http-header enhancement 2015-11-07 23:37:57 -05:00			`UIR_ARGS = ["always", "set", "Content-Security-Policy",`
Pep8 love 2016-01-14 06:25:15 -05:00			`"upgrade-insecure-requests"]`
Generalized http-header enhancement 2015-11-07 23:37:57 -05:00
Add tests and comments 2015-11-08 10:21:36 -05:00			`HEADER_ARGS = {"Strict-Transport-Security": HSTS_ARGS,`
Pep8 love 2016-01-14 06:25:15 -05:00			`"Upgrade-Insecure-Requests": UIR_ARGS}`
Generalized http-header enhancement 2015-11-07 23:37:57 -05:00
PEP8 & linter love 2015-12-07 06:37:58 -05:00
Per-OS constants 2015-12-03 07:14:02 -05:00			`def os_constant(key):`
Cleanup & pydoc 2015-12-07 05:01:35 -05:00			`"""Get a constant value for operating system`
			`:param key: name of cli constant`
			`:return: value of constant for active os`
			`"""`
Per-OS constants 2015-12-03 07:14:02 -05:00			`os_info = le_util.get_os_info()`
			`try:`
			`constants = CLI_DEFAULTS[os_info[0].lower()]`
			`except KeyError:`
			`constants = CLI_DEFAULTS["debian"]`
			`return constants[key]`