2015-06-25 21:57:10 -04:00
|
|
|
"""Contains UI methods for Apache operations."""
|
2015-06-26 17:47:03 -04:00
|
|
|
import logging
|
2022-01-21 04:15:48 -05:00
|
|
|
from typing import Iterable
|
|
|
|
|
from typing import List
|
|
|
|
|
from typing import Optional
|
|
|
|
|
from typing import Tuple
|
2015-06-26 17:47:03 -04:00
|
|
|
|
2016-04-13 19:30:57 -04:00
|
|
|
from certbot import errors
|
2019-04-12 16:32:52 -04:00
|
|
|
from certbot.compat import os
|
2021-07-19 20:09:06 -04:00
|
|
|
from certbot.display import util as display_util
|
2022-01-21 04:15:48 -05:00
|
|
|
from certbot_apache._internal import obj
|
2015-06-25 20:02:09 -04:00
|
|
|
|
2015-06-26 17:47:03 -04:00
|
|
|
logger = logging.getLogger(__name__)
|
|
|
|
|
|
|
|
|
|
|
2022-01-21 04:15:48 -05:00
|
|
|
def select_vhost_multiple(vhosts: Optional[List[obj.VirtualHost]]) -> List[obj.VirtualHost]:
|
2018-02-28 14:31:47 -05:00
|
|
|
"""Select multiple Vhosts to install the certificate for
|
|
|
|
|
|
|
|
|
|
:param vhosts: Available Apache VirtualHosts
|
2022-01-21 04:15:48 -05:00
|
|
|
:type vhosts: :class:`list` of type `~obj.VirtualHost`
|
2018-02-28 14:31:47 -05:00
|
|
|
|
|
|
|
|
:returns: List of VirtualHosts
|
|
|
|
|
:rtype: :class:`list`of type `~obj.Vhost`
|
|
|
|
|
"""
|
|
|
|
|
if not vhosts:
|
2020-04-13 13:41:39 -04:00
|
|
|
return []
|
2018-02-28 14:31:47 -05:00
|
|
|
tags_list = [vhost.display_repr()+"\n" for vhost in vhosts]
|
|
|
|
|
# Remove the extra newline from the last entry
|
2018-05-14 12:33:30 -04:00
|
|
|
if tags_list:
|
2018-02-28 14:31:47 -05:00
|
|
|
tags_list[-1] = tags_list[-1][:-1]
|
2021-07-19 20:09:06 -04:00
|
|
|
code, names = display_util.checklist(
|
2018-02-28 14:31:47 -05:00
|
|
|
"Which VirtualHosts would you like to install the wildcard certificate for?",
|
|
|
|
|
tags=tags_list, force_interactive=True)
|
|
|
|
|
if code == display_util.OK:
|
|
|
|
|
return_vhosts = _reversemap_vhosts(names, vhosts)
|
|
|
|
|
return return_vhosts
|
|
|
|
|
return []
|
|
|
|
|
|
2021-07-19 20:09:06 -04:00
|
|
|
|
2022-01-21 04:15:48 -05:00
|
|
|
def _reversemap_vhosts(names: Iterable[str], vhosts: List[obj.VirtualHost]):
|
2018-02-28 14:31:47 -05:00
|
|
|
"""Helper function for select_vhost_multiple for mapping string
|
|
|
|
|
representations back to actual vhost objects"""
|
2020-04-13 13:41:39 -04:00
|
|
|
return_vhosts = []
|
2018-02-28 14:31:47 -05:00
|
|
|
|
|
|
|
|
for selection in names:
|
|
|
|
|
for vhost in vhosts:
|
|
|
|
|
if vhost.display_repr().strip() == selection.strip():
|
|
|
|
|
return_vhosts.append(vhost)
|
|
|
|
|
return return_vhosts
|
|
|
|
|
|
2021-07-19 20:09:06 -04:00
|
|
|
|
2022-01-21 04:15:48 -05:00
|
|
|
def select_vhost(domain: str, vhosts: List[obj.VirtualHost]) -> Optional[obj.VirtualHost]:
|
2015-06-25 20:02:09 -04:00
|
|
|
"""Select an appropriate Apache Vhost.
|
|
|
|
|
|
2022-01-21 04:15:48 -05:00
|
|
|
:param domain: Domain to select
|
2018-02-28 14:31:47 -05:00
|
|
|
:param vhosts: Available Apache VirtualHosts
|
2015-06-25 20:02:09 -04:00
|
|
|
:type vhosts: :class:`list` of type `~obj.Vhost`
|
|
|
|
|
|
2015-06-26 17:47:03 -04:00
|
|
|
:returns: VirtualHost or `None`
|
|
|
|
|
:rtype: `~obj.Vhost` or `None`
|
2015-06-25 20:02:09 -04:00
|
|
|
|
|
|
|
|
"""
|
|
|
|
|
if not vhosts:
|
|
|
|
|
return None
|
2018-02-28 14:31:47 -05:00
|
|
|
code, tag = _vhost_menu(domain, vhosts)
|
|
|
|
|
if code == display_util.OK:
|
|
|
|
|
return vhosts[tag]
|
2018-05-14 12:33:30 -04:00
|
|
|
return None
|
2015-06-25 20:02:09 -04:00
|
|
|
|
2021-07-19 20:09:06 -04:00
|
|
|
|
2022-01-21 04:15:48 -05:00
|
|
|
def _vhost_menu(domain: str, vhosts: List[obj.VirtualHost]) -> Tuple[str, int]:
|
2015-06-25 20:02:09 -04:00
|
|
|
"""Select an appropriate Apache Vhost.
|
|
|
|
|
|
|
|
|
|
:param vhosts: Available Apache Virtual Hosts
|
|
|
|
|
:type vhosts: :class:`list` of type `~obj.Vhost`
|
|
|
|
|
|
|
|
|
|
:returns: Display tuple - ('code', tag')
|
|
|
|
|
:rtype: `tuple`
|
|
|
|
|
|
|
|
|
|
"""
|
2015-06-26 17:47:03 -04:00
|
|
|
# Free characters in the line of display text (9 is for ' | ' formatting)
|
|
|
|
|
free_chars = display_util.WIDTH - len("HTTPS") - len("Enabled") - 9
|
|
|
|
|
|
|
|
|
|
if free_chars < 2:
|
|
|
|
|
logger.debug("Display size is too small for "
|
2019-11-25 12:44:40 -05:00
|
|
|
"certbot_apache._internal.display_ops._vhost_menu()")
|
2015-06-26 17:47:03 -04:00
|
|
|
# This runs the edge off the screen, but it doesn't cause an "error"
|
|
|
|
|
filename_size = 1
|
|
|
|
|
disp_name_size = 1
|
|
|
|
|
else:
|
|
|
|
|
# Filename is a bit more important and probably longer with 000-*
|
|
|
|
|
filename_size = int(free_chars * .6)
|
|
|
|
|
disp_name_size = free_chars - filename_size
|
|
|
|
|
|
2015-06-25 20:02:09 -04:00
|
|
|
choices = []
|
|
|
|
|
for vhost in vhosts:
|
2015-07-22 05:05:01 -04:00
|
|
|
if len(vhost.get_names()) == 1:
|
|
|
|
|
disp_name = next(iter(vhost.get_names()))
|
2018-05-14 12:33:30 -04:00
|
|
|
elif not vhost.get_names():
|
2015-06-25 20:02:09 -04:00
|
|
|
disp_name = ""
|
|
|
|
|
else:
|
|
|
|
|
disp_name = "Multiple Names"
|
|
|
|
|
|
|
|
|
|
choices.append(
|
2015-06-26 17:47:03 -04:00
|
|
|
"{fn:{fn_size}s} | {name:{name_size}s} | {https:5s} | "
|
|
|
|
|
"{active:7s}".format(
|
|
|
|
|
fn=os.path.basename(vhost.filep)[:filename_size],
|
|
|
|
|
name=disp_name[:disp_name_size],
|
|
|
|
|
https="HTTPS" if vhost.ssl else "",
|
|
|
|
|
active="Enabled" if vhost.enabled else "",
|
|
|
|
|
fn_size=filename_size,
|
2021-12-02 10:45:16 -05:00
|
|
|
name_size=disp_name_size),
|
2015-06-25 20:02:09 -04:00
|
|
|
)
|
|
|
|
|
|
2015-12-29 17:21:05 -05:00
|
|
|
try:
|
2021-07-19 20:09:06 -04:00
|
|
|
code, tag = display_util.menu(
|
2022-01-01 18:27:47 -05:00
|
|
|
f"We were unable to find a vhost with a ServerName "
|
|
|
|
|
f"or Address of {domain}.{os.linesep}Which virtual host would you "
|
|
|
|
|
f"like to choose?",
|
2017-06-15 20:14:38 -04:00
|
|
|
choices, force_interactive=True)
|
2016-06-25 13:51:14 -04:00
|
|
|
except errors.MissingCommandlineFlag:
|
2017-06-09 15:48:59 -04:00
|
|
|
msg = (
|
2022-01-01 18:27:47 -05:00
|
|
|
f"Encountered vhost ambiguity when trying to find a vhost for "
|
|
|
|
|
f"{domain} but was unable to ask for user "
|
|
|
|
|
f"guidance in non-interactive mode. Certbot may need "
|
|
|
|
|
f"vhosts to be explicitly labelled with ServerName or "
|
|
|
|
|
f"ServerAlias directives.")
|
Command-line UX overhaul (#8852)
Streamline and reorganize Certbot's CLI output.
This change is a substantial command-line UX overhaul,
based on previous user research. The main goal was to streamline
and clarify output. To see more verbose output, use the -v or -vv flags.
---
* nginx,apache: CLI logging changes
- Add "Successfully deployed ..." message using display_util
- Remove IReporter usage and replace with display_util
- Standardize "... could not find a VirtualHost ..." error
This changes also bumps the version of certbot required by certbot-nginx
and certbot-apache to take use of the new display_util function.
* fix certbot_compatibility_test
since the http plugins now require IDisplay, we need to inject it
* fix dependency version on certbot
* use better asserts
* try fix oldest deps
because certbot 1.10.0 depends on acme>=1.8.0, we need to use
acme==1.8.0 in the -oldest tests
* cli: redesign output of new certificate reporting
Changes the output of run, certonly and certonly --csr. No longer uses
IReporter.
* cli: redesign output of failed authz reporting
* fix problem sorting to be stable between py2 & 3
* add some catch-all error text
* cli: dont use IReporter for EFF donation prompt
* add per-authenticator hints
* pass achalls to auth_hint, write some tests
* exclude static auth hints from coverage
* dont call auth_hint unless derived from .Plugin
* dns fallback hint: dont assume --dns-blah works
--dns-blah won't work for third-party plugins, they need to be specified
using --authenticator dns-blah.
* add code comments about the auth_hint interface
* renew: don't restart the installer for dry-runs
Prevents Certbot from superfluously invoking the installer restart
during dry-run renewals. (This does not affect authenticator restarts).
Additionally removes some CLI output that was reporting the fullchain
path of the renewed certificate.
* update CHANGELOG.md
* cli: redesign output when cert installation failed
- Display a message when certificate installation begins.
- Don't use IReporter, just log errors immediately if restart/rollback
fails.
- Prompt the user with a command to retry the installation process once
they have fixed any underlying problems.
* vary by preconfigured_renewal
and move expiry date to be above the renewal advice
* update code comment
Co-authored-by: ohemorange <ebportnoy@gmail.com>
* update code comment
Co-authored-by: ohemorange <ebportnoy@gmail.com>
* fix lint
* derve cert name from cert_path, if possible
* fix type annotation
* text change in nginx hint
Co-authored-by: ohemorange <ebportnoy@gmail.com>
* print message when restarting server after renewal
* log: print "advice" when exiting with an error
When running in non-quiet mode.
* try fix -oldest lock_test.py
* fix docstring
* s/Restarting/Reloading/ when notifying the user
* fix test name
Co-authored-by: ohemorange <ebportnoy@gmail.com>
* type annotations
* s/using the {} plugin/installer: {}/
* copy: avoid "plugin" where possible
* link to user guide#automated-renewals
when not running with --preconfigured-renewal
* cli: reduce default logging verbosity
* fix lock_test: -vv is needed to see logger.debug
* Change comment in log.py to match the change to default verbosity
* Audit and adjust logging levels in apache module
* Audit and adjust logging levels in nginx module
* Audit, adjust logging levels, and improve logging calls in certbot module
* Fix tests to mock correct methods and classes
* typo in non-preconfigured-renewal message
Co-authored-by: ohemorange <ebportnoy@gmail.com>
* fix test
* revert acme version bump
* catch up to python3 changes
* Revert "revert acme version bump"
This reverts commit fa83d6a51cf8d0e7e17da53c6b751ad12945d0cf.
* Change ocsp check error to warning since it's non-fatal
* Update storage_test in parallel with last change
* get rid of leading newline on "Deploying [...]"
* shrink renewal and installation success messages
* print logfile rather than logdir in exit handler
* Decrease logging level to info for idempotent operation where enhancement is already set
* Display cert not yet due for renewal message when renewing and no other action will be taken, and change cert to certificate
* also write to logger so it goes in the log file
* Don't double write to log file; fix main test
* cli: remove trailing newline on new cert reporting
* ignore type error
* revert accidental changes to dependencies
* Pass tests in any timezone by using utcfromtimestamp
* Add changelog entry
* fix nits
* Improve wording of try again message
* minor wording change to changelog
* hooks: send hook stdout to CLI stdout
includes both --manual and --{pre,post,renew} hooks
* update docstrings and remove TODO
* add a pending deprecation on execute_command
* add test coverage for both
* update deprecation text
Co-authored-by: ohemorange <ebportnoy@gmail.com>
Co-authored-by: Alex Zorin <alex@zorin.id.au>
Co-authored-by: alexzorin <alex@zor.io>
2021-05-24 20:47:39 -04:00
|
|
|
logger.error(msg)
|
2016-01-30 22:53:50 -05:00
|
|
|
raise errors.MissingCommandlineFlag(msg)
|
2015-06-25 20:02:09 -04:00
|
|
|
|
|
|
|
|
return code, tag
|
