2016-04-13 19:30:57 -04:00
|
|
|
"""Common utilities for certbot_apache."""
|
Distribution specific override functionality based on class inheritance (#5202)
Class inheritance based approach to distro specific overrides.
How it works:
The certbot-apache plugin entrypoint has been changed to entrypoint.ENTRYPOINT which is a variable containing appropriate override class for system, if available.
Override classes register themselves using decorator override.register() which takes a list of distribution fingerprints (ID & LIKE variables in /etc/os-release, or platform.linux_distribution() as a fallback). These end up as keys in dict override.OVERRIDE_CLASSES and values for the keys are references to the class that called the decorator, hence allowing self-registration of override classes when they are imported. The only file importing these override classes is entrypoint.py, so adding new override classes would need only one import in addition to the actual override class file.
Generic changes:
Parser initialization has been moved to separate class method, allowing easy override where needed.
Cleaned up configurator.py a bit, and moved some helper functions to newly created apache_util.py
Split Debian specific code from configurator.py to debian_override.py
Changed define_cmd to apache_cmd because the parameters are for every distribution supporting this behavior, and we're able to use the value to build the additional configuration dump commands.
Moved add_parser_mod() from configurator to parser add_mod()
Added two new configuration dump parsing methods to update_runtime_variables() in parser: update_includes() and update_modules().
Changed init_modules() in parser to accommodate the changes above. (ie. don't throw existing self.modules out).
Moved OS based constants to their respective override classes.
Refactored configurator class discovery in tests to help easier test case creation using distribution based override configurator class.
tests.util.get_apache_configurator() now takes keyword argument os_info which is string of the desired mock OS fingerprint response that's used for picking the right override class.
This PR includes two major generic additions that should vastly improve our parsing accuracy and quality:
Includes are parsed from config dump from httpd binary. This is mandatory for some distributions (Like OpenSUSE) to get visibility over the whole configuration tree because of Include statements passed on in command line, and not via root httpd.conf file.
Modules are parsed from config dump from httpd binary. This lets us jump into correct IfModule directives if for some reason we have missed the module availability (because of one being included on command line or such).
Distribution specific changes
Because of the generic changes, there are two distributions (or distribution families) that do not provide such functionality, so it had to be overridden in their respective override files. These distributions are:
CentOS, because it deliberately limits httpd binary stdout using SELinux as a feature. We are doing opportunistic config dumps here however, in case SELinux enforcing is off.
Gentoo, because it does not provide a way to invoke httpd with command line parsed from its specific configuration file. Gentoo relies heavily on Define statements that are passed over from APACHE2_OPTS variable /etc/conf.d/apache2 file and most of the configuration in root Apache configuration are dependent on these values.
Debian
Moved the Debian specific parts from configurator.py to Debian specific override.
CentOS
Parsing of /etc/sysconfig/httpd file for additional Define statements. This could hold other parameters too, but parsing everything off it would require a full Apache lexer. For CLI parameters, I think Defines are the most common ones. This is done in addition of opportunistic parsing of httpd binary config dump.
Added CentOS default Apache configuration tree for realistic test cases.
Gentoo
Parsing Defines from /etc/conf.d/apache2 variable APACHE2_OPTS, which holds additional Define statements to enable certain functionalities, enabling parts of the configuration in the Apache2 DOM. This is done instead of trying to parse httpd binary configuration dumps.
Added default Apache configuration from Gentoo to testdata, including /etc/conf.d/apache2 file for realistic test cases.
* Distribution specific override functionality based on class inheritance
* Need to patch get_systemd_os_like to as travis has proper os-release
* Added pydoc
* Move parser initialization to a method and fix Python 3 __new__ errors
* Parser changes to parse HTTPD config
* Try to get modules and includes from httpd process for better visibility over the configuration
* Had to disable duplicate-code because of test setup (PyCQA/pylint/issues/214)
* CentOS tests and linter fixes
* Gentoo override, tests and linter fixes
* Mock the process call in all the tests that require it
* Fix CentOS test mock
* Restore reseting modules list functionality for cleanup
* Move OS fingerprinting and constant mocks to parent class
* Fixes requested in review
* New entrypoint structure and started moving OS constants to override classes
* OS constants move continued, test and linter fixes
* Removed dead code
* Apache compatibility test changest to reflect OS constant restructure
* Test fix
* Requested changes
* Moved Debian specific tests to own test file
* Removed decorator based override class registration in favor of entrypoint dict
* Fix for update_includes for some versions of Augeas
* Take fedora fix into account in tests
* Review fixes
2017-12-04 14:49:18 -05:00
|
|
|
import shutil
|
2015-01-24 08:12:45 -05:00
|
|
|
import unittest
|
2014-12-19 18:49:29 -05:00
|
|
|
|
2015-07-19 19:48:27 -04:00
|
|
|
import augeas
|
2017-12-11 14:25:09 -05:00
|
|
|
import josepy as jose
|
2021-07-19 20:09:06 -04:00
|
|
|
|
2020-04-15 14:30:08 -04:00
|
|
|
try:
|
|
|
|
|
import mock
|
2021-07-19 20:09:06 -04:00
|
|
|
except ImportError: # pragma: no cover
|
|
|
|
|
from unittest import mock # type: ignore
|
2015-07-19 19:48:27 -04:00
|
|
|
|
2019-04-12 16:32:52 -04:00
|
|
|
from certbot.compat import os
|
2016-04-13 19:30:57 -04:00
|
|
|
from certbot.plugins import common
|
2016-12-05 18:22:14 -05:00
|
|
|
from certbot.tests import util as test_util
|
2019-11-25 12:44:40 -05:00
|
|
|
from certbot_apache._internal import configurator
|
|
|
|
|
from certbot_apache._internal import entrypoint
|
|
|
|
|
from certbot_apache._internal import obj
|
2015-08-05 18:39:31 -04:00
|
|
|
|
2014-12-19 18:49:29 -05:00
|
|
|
|
2019-11-14 17:26:01 -05:00
|
|
|
class ApacheTest(unittest.TestCase):
|
2015-01-24 08:12:45 -05:00
|
|
|
|
2016-03-20 15:57:52 -04:00
|
|
|
def setUp(self, test_dir="debian_apache_2_4/multiple_vhosts",
|
|
|
|
|
config_root="debian_apache_2_4/multiple_vhosts/apache2",
|
|
|
|
|
vhost_root="debian_apache_2_4/multiple_vhosts/apache2/sites-available"):
|
2015-07-19 19:48:27 -04:00
|
|
|
# pylint: disable=arguments-differ
|
2015-06-02 09:55:16 -04:00
|
|
|
self.temp_dir, self.config_dir, self.work_dir = common.dir_setup(
|
2015-07-19 19:48:27 -04:00
|
|
|
test_dir=test_dir,
|
2019-11-27 12:57:35 -05:00
|
|
|
pkg=__name__)
|
2015-01-24 08:12:45 -05:00
|
|
|
|
2015-07-19 19:48:27 -04:00
|
|
|
self.config_path = os.path.join(self.temp_dir, config_root)
|
2015-12-07 05:03:54 -05:00
|
|
|
self.vhost_path = os.path.join(self.temp_dir, vhost_root)
|
2015-01-24 08:12:45 -05:00
|
|
|
|
2015-08-05 18:39:31 -04:00
|
|
|
self.rsa512jwk = jose.JWKRSA.load(test_util.load_vector(
|
|
|
|
|
"rsa512_key.pem"))
|
2015-01-24 08:12:45 -05:00
|
|
|
|
Distribution specific override functionality based on class inheritance (#5202)
Class inheritance based approach to distro specific overrides.
How it works:
The certbot-apache plugin entrypoint has been changed to entrypoint.ENTRYPOINT which is a variable containing appropriate override class for system, if available.
Override classes register themselves using decorator override.register() which takes a list of distribution fingerprints (ID & LIKE variables in /etc/os-release, or platform.linux_distribution() as a fallback). These end up as keys in dict override.OVERRIDE_CLASSES and values for the keys are references to the class that called the decorator, hence allowing self-registration of override classes when they are imported. The only file importing these override classes is entrypoint.py, so adding new override classes would need only one import in addition to the actual override class file.
Generic changes:
Parser initialization has been moved to separate class method, allowing easy override where needed.
Cleaned up configurator.py a bit, and moved some helper functions to newly created apache_util.py
Split Debian specific code from configurator.py to debian_override.py
Changed define_cmd to apache_cmd because the parameters are for every distribution supporting this behavior, and we're able to use the value to build the additional configuration dump commands.
Moved add_parser_mod() from configurator to parser add_mod()
Added two new configuration dump parsing methods to update_runtime_variables() in parser: update_includes() and update_modules().
Changed init_modules() in parser to accommodate the changes above. (ie. don't throw existing self.modules out).
Moved OS based constants to their respective override classes.
Refactored configurator class discovery in tests to help easier test case creation using distribution based override configurator class.
tests.util.get_apache_configurator() now takes keyword argument os_info which is string of the desired mock OS fingerprint response that's used for picking the right override class.
This PR includes two major generic additions that should vastly improve our parsing accuracy and quality:
Includes are parsed from config dump from httpd binary. This is mandatory for some distributions (Like OpenSUSE) to get visibility over the whole configuration tree because of Include statements passed on in command line, and not via root httpd.conf file.
Modules are parsed from config dump from httpd binary. This lets us jump into correct IfModule directives if for some reason we have missed the module availability (because of one being included on command line or such).
Distribution specific changes
Because of the generic changes, there are two distributions (or distribution families) that do not provide such functionality, so it had to be overridden in their respective override files. These distributions are:
CentOS, because it deliberately limits httpd binary stdout using SELinux as a feature. We are doing opportunistic config dumps here however, in case SELinux enforcing is off.
Gentoo, because it does not provide a way to invoke httpd with command line parsed from its specific configuration file. Gentoo relies heavily on Define statements that are passed over from APACHE2_OPTS variable /etc/conf.d/apache2 file and most of the configuration in root Apache configuration are dependent on these values.
Debian
Moved the Debian specific parts from configurator.py to Debian specific override.
CentOS
Parsing of /etc/sysconfig/httpd file for additional Define statements. This could hold other parameters too, but parsing everything off it would require a full Apache lexer. For CLI parameters, I think Defines are the most common ones. This is done in addition of opportunistic parsing of httpd binary config dump.
Added CentOS default Apache configuration tree for realistic test cases.
Gentoo
Parsing Defines from /etc/conf.d/apache2 variable APACHE2_OPTS, which holds additional Define statements to enable certain functionalities, enabling parts of the configuration in the Apache2 DOM. This is done instead of trying to parse httpd binary configuration dumps.
Added default Apache configuration from Gentoo to testdata, including /etc/conf.d/apache2 file for realistic test cases.
* Distribution specific override functionality based on class inheritance
* Need to patch get_systemd_os_like to as travis has proper os-release
* Added pydoc
* Move parser initialization to a method and fix Python 3 __new__ errors
* Parser changes to parse HTTPD config
* Try to get modules and includes from httpd process for better visibility over the configuration
* Had to disable duplicate-code because of test setup (PyCQA/pylint/issues/214)
* CentOS tests and linter fixes
* Gentoo override, tests and linter fixes
* Mock the process call in all the tests that require it
* Fix CentOS test mock
* Restore reseting modules list functionality for cleanup
* Move OS fingerprinting and constant mocks to parent class
* Fixes requested in review
* New entrypoint structure and started moving OS constants to override classes
* OS constants move continued, test and linter fixes
* Removed dead code
* Apache compatibility test changest to reflect OS constant restructure
* Test fix
* Requested changes
* Moved Debian specific tests to own test file
* Removed decorator based override class registration in favor of entrypoint dict
* Fix for update_includes for some versions of Augeas
* Take fedora fix into account in tests
* Review fixes
2017-12-04 14:49:18 -05:00
|
|
|
self.config = get_apache_configurator(self.config_path, vhost_root,
|
|
|
|
|
self.config_dir, self.work_dir)
|
|
|
|
|
|
2016-01-14 19:35:20 -05:00
|
|
|
# Make sure all vhosts in sites-enabled are symlinks (Python packaging
|
|
|
|
|
# does not preserve symlinks)
|
|
|
|
|
sites_enabled = os.path.join(self.config_path, "sites-enabled")
|
|
|
|
|
if not os.path.exists(sites_enabled):
|
|
|
|
|
return
|
|
|
|
|
|
|
|
|
|
for vhost_basename in os.listdir(sites_enabled):
|
2017-09-25 15:03:09 -04:00
|
|
|
# Keep the one non-symlink test vhost in place
|
|
|
|
|
if vhost_basename == "non-symlink.conf":
|
|
|
|
|
continue
|
2016-01-14 19:35:20 -05:00
|
|
|
vhost = os.path.join(sites_enabled, vhost_basename)
|
2016-01-14 19:59:29 -05:00
|
|
|
if not os.path.islink(vhost): # pragma: no cover
|
2016-01-14 19:35:20 -05:00
|
|
|
os.remove(vhost)
|
|
|
|
|
target = os.path.join(
|
|
|
|
|
os.path.pardir, "sites-available", vhost_basename)
|
|
|
|
|
os.symlink(target, vhost)
|
|
|
|
|
|
Distribution specific override functionality based on class inheritance (#5202)
Class inheritance based approach to distro specific overrides.
How it works:
The certbot-apache plugin entrypoint has been changed to entrypoint.ENTRYPOINT which is a variable containing appropriate override class for system, if available.
Override classes register themselves using decorator override.register() which takes a list of distribution fingerprints (ID & LIKE variables in /etc/os-release, or platform.linux_distribution() as a fallback). These end up as keys in dict override.OVERRIDE_CLASSES and values for the keys are references to the class that called the decorator, hence allowing self-registration of override classes when they are imported. The only file importing these override classes is entrypoint.py, so adding new override classes would need only one import in addition to the actual override class file.
Generic changes:
Parser initialization has been moved to separate class method, allowing easy override where needed.
Cleaned up configurator.py a bit, and moved some helper functions to newly created apache_util.py
Split Debian specific code from configurator.py to debian_override.py
Changed define_cmd to apache_cmd because the parameters are for every distribution supporting this behavior, and we're able to use the value to build the additional configuration dump commands.
Moved add_parser_mod() from configurator to parser add_mod()
Added two new configuration dump parsing methods to update_runtime_variables() in parser: update_includes() and update_modules().
Changed init_modules() in parser to accommodate the changes above. (ie. don't throw existing self.modules out).
Moved OS based constants to their respective override classes.
Refactored configurator class discovery in tests to help easier test case creation using distribution based override configurator class.
tests.util.get_apache_configurator() now takes keyword argument os_info which is string of the desired mock OS fingerprint response that's used for picking the right override class.
This PR includes two major generic additions that should vastly improve our parsing accuracy and quality:
Includes are parsed from config dump from httpd binary. This is mandatory for some distributions (Like OpenSUSE) to get visibility over the whole configuration tree because of Include statements passed on in command line, and not via root httpd.conf file.
Modules are parsed from config dump from httpd binary. This lets us jump into correct IfModule directives if for some reason we have missed the module availability (because of one being included on command line or such).
Distribution specific changes
Because of the generic changes, there are two distributions (or distribution families) that do not provide such functionality, so it had to be overridden in their respective override files. These distributions are:
CentOS, because it deliberately limits httpd binary stdout using SELinux as a feature. We are doing opportunistic config dumps here however, in case SELinux enforcing is off.
Gentoo, because it does not provide a way to invoke httpd with command line parsed from its specific configuration file. Gentoo relies heavily on Define statements that are passed over from APACHE2_OPTS variable /etc/conf.d/apache2 file and most of the configuration in root Apache configuration are dependent on these values.
Debian
Moved the Debian specific parts from configurator.py to Debian specific override.
CentOS
Parsing of /etc/sysconfig/httpd file for additional Define statements. This could hold other parameters too, but parsing everything off it would require a full Apache lexer. For CLI parameters, I think Defines are the most common ones. This is done in addition of opportunistic parsing of httpd binary config dump.
Added CentOS default Apache configuration tree for realistic test cases.
Gentoo
Parsing Defines from /etc/conf.d/apache2 variable APACHE2_OPTS, which holds additional Define statements to enable certain functionalities, enabling parts of the configuration in the Apache2 DOM. This is done instead of trying to parse httpd binary configuration dumps.
Added default Apache configuration from Gentoo to testdata, including /etc/conf.d/apache2 file for realistic test cases.
* Distribution specific override functionality based on class inheritance
* Need to patch get_systemd_os_like to as travis has proper os-release
* Added pydoc
* Move parser initialization to a method and fix Python 3 __new__ errors
* Parser changes to parse HTTPD config
* Try to get modules and includes from httpd process for better visibility over the configuration
* Had to disable duplicate-code because of test setup (PyCQA/pylint/issues/214)
* CentOS tests and linter fixes
* Gentoo override, tests and linter fixes
* Mock the process call in all the tests that require it
* Fix CentOS test mock
* Restore reseting modules list functionality for cleanup
* Move OS fingerprinting and constant mocks to parent class
* Fixes requested in review
* New entrypoint structure and started moving OS constants to override classes
* OS constants move continued, test and linter fixes
* Removed dead code
* Apache compatibility test changest to reflect OS constant restructure
* Test fix
* Requested changes
* Moved Debian specific tests to own test file
* Removed decorator based override class registration in favor of entrypoint dict
* Fix for update_includes for some versions of Augeas
* Take fedora fix into account in tests
* Review fixes
2017-12-04 14:49:18 -05:00
|
|
|
def tearDown(self):
|
|
|
|
|
shutil.rmtree(self.temp_dir)
|
|
|
|
|
shutil.rmtree(self.config_dir)
|
|
|
|
|
shutil.rmtree(self.work_dir)
|
|
|
|
|
|
2015-01-24 08:12:45 -05:00
|
|
|
|
Distribution specific override functionality based on class inheritance (#5202)
Class inheritance based approach to distro specific overrides.
How it works:
The certbot-apache plugin entrypoint has been changed to entrypoint.ENTRYPOINT which is a variable containing appropriate override class for system, if available.
Override classes register themselves using decorator override.register() which takes a list of distribution fingerprints (ID & LIKE variables in /etc/os-release, or platform.linux_distribution() as a fallback). These end up as keys in dict override.OVERRIDE_CLASSES and values for the keys are references to the class that called the decorator, hence allowing self-registration of override classes when they are imported. The only file importing these override classes is entrypoint.py, so adding new override classes would need only one import in addition to the actual override class file.
Generic changes:
Parser initialization has been moved to separate class method, allowing easy override where needed.
Cleaned up configurator.py a bit, and moved some helper functions to newly created apache_util.py
Split Debian specific code from configurator.py to debian_override.py
Changed define_cmd to apache_cmd because the parameters are for every distribution supporting this behavior, and we're able to use the value to build the additional configuration dump commands.
Moved add_parser_mod() from configurator to parser add_mod()
Added two new configuration dump parsing methods to update_runtime_variables() in parser: update_includes() and update_modules().
Changed init_modules() in parser to accommodate the changes above. (ie. don't throw existing self.modules out).
Moved OS based constants to their respective override classes.
Refactored configurator class discovery in tests to help easier test case creation using distribution based override configurator class.
tests.util.get_apache_configurator() now takes keyword argument os_info which is string of the desired mock OS fingerprint response that's used for picking the right override class.
This PR includes two major generic additions that should vastly improve our parsing accuracy and quality:
Includes are parsed from config dump from httpd binary. This is mandatory for some distributions (Like OpenSUSE) to get visibility over the whole configuration tree because of Include statements passed on in command line, and not via root httpd.conf file.
Modules are parsed from config dump from httpd binary. This lets us jump into correct IfModule directives if for some reason we have missed the module availability (because of one being included on command line or such).
Distribution specific changes
Because of the generic changes, there are two distributions (or distribution families) that do not provide such functionality, so it had to be overridden in their respective override files. These distributions are:
CentOS, because it deliberately limits httpd binary stdout using SELinux as a feature. We are doing opportunistic config dumps here however, in case SELinux enforcing is off.
Gentoo, because it does not provide a way to invoke httpd with command line parsed from its specific configuration file. Gentoo relies heavily on Define statements that are passed over from APACHE2_OPTS variable /etc/conf.d/apache2 file and most of the configuration in root Apache configuration are dependent on these values.
Debian
Moved the Debian specific parts from configurator.py to Debian specific override.
CentOS
Parsing of /etc/sysconfig/httpd file for additional Define statements. This could hold other parameters too, but parsing everything off it would require a full Apache lexer. For CLI parameters, I think Defines are the most common ones. This is done in addition of opportunistic parsing of httpd binary config dump.
Added CentOS default Apache configuration tree for realistic test cases.
Gentoo
Parsing Defines from /etc/conf.d/apache2 variable APACHE2_OPTS, which holds additional Define statements to enable certain functionalities, enabling parts of the configuration in the Apache2 DOM. This is done instead of trying to parse httpd binary configuration dumps.
Added default Apache configuration from Gentoo to testdata, including /etc/conf.d/apache2 file for realistic test cases.
* Distribution specific override functionality based on class inheritance
* Need to patch get_systemd_os_like to as travis has proper os-release
* Added pydoc
* Move parser initialization to a method and fix Python 3 __new__ errors
* Parser changes to parse HTTPD config
* Try to get modules and includes from httpd process for better visibility over the configuration
* Had to disable duplicate-code because of test setup (PyCQA/pylint/issues/214)
* CentOS tests and linter fixes
* Gentoo override, tests and linter fixes
* Mock the process call in all the tests that require it
* Fix CentOS test mock
* Restore reseting modules list functionality for cleanup
* Move OS fingerprinting and constant mocks to parent class
* Fixes requested in review
* New entrypoint structure and started moving OS constants to override classes
* OS constants move continued, test and linter fixes
* Removed dead code
* Apache compatibility test changest to reflect OS constant restructure
* Test fix
* Requested changes
* Moved Debian specific tests to own test file
* Removed decorator based override class registration in favor of entrypoint dict
* Fix for update_includes for some versions of Augeas
* Take fedora fix into account in tests
* Review fixes
2017-12-04 14:49:18 -05:00
|
|
|
class ParserTest(ApacheTest):
|
2015-07-19 19:48:27 -04:00
|
|
|
|
2016-03-20 15:57:52 -04:00
|
|
|
def setUp(self, test_dir="debian_apache_2_4/multiple_vhosts",
|
|
|
|
|
config_root="debian_apache_2_4/multiple_vhosts/apache2",
|
|
|
|
|
vhost_root="debian_apache_2_4/multiple_vhosts/apache2/sites-available"):
|
2021-04-08 16:04:51 -04:00
|
|
|
super().setUp(test_dir, config_root, vhost_root)
|
2015-07-19 19:48:27 -04:00
|
|
|
|
2019-11-25 12:44:40 -05:00
|
|
|
from certbot_apache._internal.parser import ApacheParser
|
2015-07-19 19:48:27 -04:00
|
|
|
self.aug = augeas.Augeas(
|
|
|
|
|
flags=augeas.Augeas.NONE | augeas.Augeas.NO_MODL_AUTOLOAD)
|
2019-11-25 12:44:40 -05:00
|
|
|
with mock.patch("certbot_apache._internal.parser.ApacheParser."
|
2015-07-19 19:48:27 -04:00
|
|
|
"update_runtime_variables"):
|
|
|
|
|
self.parser = ApacheParser(
|
2022-01-21 04:15:48 -05:00
|
|
|
self.config_path, self.config, self.vhost_path)
|
2015-07-19 19:48:27 -04:00
|
|
|
|
|
|
|
|
|
2019-11-14 17:26:01 -05:00
|
|
|
def get_apache_configurator(
|
2016-01-14 06:25:15 -05:00
|
|
|
config_path, vhost_path,
|
Distribution specific override functionality based on class inheritance (#5202)
Class inheritance based approach to distro specific overrides.
How it works:
The certbot-apache plugin entrypoint has been changed to entrypoint.ENTRYPOINT which is a variable containing appropriate override class for system, if available.
Override classes register themselves using decorator override.register() which takes a list of distribution fingerprints (ID & LIKE variables in /etc/os-release, or platform.linux_distribution() as a fallback). These end up as keys in dict override.OVERRIDE_CLASSES and values for the keys are references to the class that called the decorator, hence allowing self-registration of override classes when they are imported. The only file importing these override classes is entrypoint.py, so adding new override classes would need only one import in addition to the actual override class file.
Generic changes:
Parser initialization has been moved to separate class method, allowing easy override where needed.
Cleaned up configurator.py a bit, and moved some helper functions to newly created apache_util.py
Split Debian specific code from configurator.py to debian_override.py
Changed define_cmd to apache_cmd because the parameters are for every distribution supporting this behavior, and we're able to use the value to build the additional configuration dump commands.
Moved add_parser_mod() from configurator to parser add_mod()
Added two new configuration dump parsing methods to update_runtime_variables() in parser: update_includes() and update_modules().
Changed init_modules() in parser to accommodate the changes above. (ie. don't throw existing self.modules out).
Moved OS based constants to their respective override classes.
Refactored configurator class discovery in tests to help easier test case creation using distribution based override configurator class.
tests.util.get_apache_configurator() now takes keyword argument os_info which is string of the desired mock OS fingerprint response that's used for picking the right override class.
This PR includes two major generic additions that should vastly improve our parsing accuracy and quality:
Includes are parsed from config dump from httpd binary. This is mandatory for some distributions (Like OpenSUSE) to get visibility over the whole configuration tree because of Include statements passed on in command line, and not via root httpd.conf file.
Modules are parsed from config dump from httpd binary. This lets us jump into correct IfModule directives if for some reason we have missed the module availability (because of one being included on command line or such).
Distribution specific changes
Because of the generic changes, there are two distributions (or distribution families) that do not provide such functionality, so it had to be overridden in their respective override files. These distributions are:
CentOS, because it deliberately limits httpd binary stdout using SELinux as a feature. We are doing opportunistic config dumps here however, in case SELinux enforcing is off.
Gentoo, because it does not provide a way to invoke httpd with command line parsed from its specific configuration file. Gentoo relies heavily on Define statements that are passed over from APACHE2_OPTS variable /etc/conf.d/apache2 file and most of the configuration in root Apache configuration are dependent on these values.
Debian
Moved the Debian specific parts from configurator.py to Debian specific override.
CentOS
Parsing of /etc/sysconfig/httpd file for additional Define statements. This could hold other parameters too, but parsing everything off it would require a full Apache lexer. For CLI parameters, I think Defines are the most common ones. This is done in addition of opportunistic parsing of httpd binary config dump.
Added CentOS default Apache configuration tree for realistic test cases.
Gentoo
Parsing Defines from /etc/conf.d/apache2 variable APACHE2_OPTS, which holds additional Define statements to enable certain functionalities, enabling parts of the configuration in the Apache2 DOM. This is done instead of trying to parse httpd binary configuration dumps.
Added default Apache configuration from Gentoo to testdata, including /etc/conf.d/apache2 file for realistic test cases.
* Distribution specific override functionality based on class inheritance
* Need to patch get_systemd_os_like to as travis has proper os-release
* Added pydoc
* Move parser initialization to a method and fix Python 3 __new__ errors
* Parser changes to parse HTTPD config
* Try to get modules and includes from httpd process for better visibility over the configuration
* Had to disable duplicate-code because of test setup (PyCQA/pylint/issues/214)
* CentOS tests and linter fixes
* Gentoo override, tests and linter fixes
* Mock the process call in all the tests that require it
* Fix CentOS test mock
* Restore reseting modules list functionality for cleanup
* Move OS fingerprinting and constant mocks to parent class
* Fixes requested in review
* New entrypoint structure and started moving OS constants to override classes
* OS constants move continued, test and linter fixes
* Removed dead code
* Apache compatibility test changest to reflect OS constant restructure
* Test fix
* Requested changes
* Moved Debian specific tests to own test file
* Removed decorator based override class registration in favor of entrypoint dict
* Fix for update_includes for some versions of Augeas
* Take fedora fix into account in tests
* Review fixes
2017-12-04 14:49:18 -05:00
|
|
|
config_dir, work_dir, version=(2, 4, 7),
|
|
|
|
|
os_info="generic",
|
2020-01-02 18:44:11 -05:00
|
|
|
conf_vhost_path=None,
|
2020-03-23 19:49:52 -04:00
|
|
|
use_parsernode=False,
|
|
|
|
|
openssl_version="1.1.1a"):
|
2015-07-01 19:50:48 -04:00
|
|
|
"""Create an Apache Configurator with the specified options.
|
2014-12-19 18:49:29 -05:00
|
|
|
|
2015-07-01 19:50:48 -04:00
|
|
|
:param conf: Function that returns binary paths. self.conf in Configurator
|
|
|
|
|
|
|
|
|
|
"""
|
2014-12-19 18:49:29 -05:00
|
|
|
backups = os.path.join(work_dir, "backups")
|
2015-09-30 20:16:27 -04:00
|
|
|
mock_le_config = mock.MagicMock(
|
|
|
|
|
apache_server_root=config_path,
|
2018-08-02 11:17:38 -04:00
|
|
|
apache_vhost_root=None,
|
Distribution specific override functionality based on class inheritance (#5202)
Class inheritance based approach to distro specific overrides.
How it works:
The certbot-apache plugin entrypoint has been changed to entrypoint.ENTRYPOINT which is a variable containing appropriate override class for system, if available.
Override classes register themselves using decorator override.register() which takes a list of distribution fingerprints (ID & LIKE variables in /etc/os-release, or platform.linux_distribution() as a fallback). These end up as keys in dict override.OVERRIDE_CLASSES and values for the keys are references to the class that called the decorator, hence allowing self-registration of override classes when they are imported. The only file importing these override classes is entrypoint.py, so adding new override classes would need only one import in addition to the actual override class file.
Generic changes:
Parser initialization has been moved to separate class method, allowing easy override where needed.
Cleaned up configurator.py a bit, and moved some helper functions to newly created apache_util.py
Split Debian specific code from configurator.py to debian_override.py
Changed define_cmd to apache_cmd because the parameters are for every distribution supporting this behavior, and we're able to use the value to build the additional configuration dump commands.
Moved add_parser_mod() from configurator to parser add_mod()
Added two new configuration dump parsing methods to update_runtime_variables() in parser: update_includes() and update_modules().
Changed init_modules() in parser to accommodate the changes above. (ie. don't throw existing self.modules out).
Moved OS based constants to their respective override classes.
Refactored configurator class discovery in tests to help easier test case creation using distribution based override configurator class.
tests.util.get_apache_configurator() now takes keyword argument os_info which is string of the desired mock OS fingerprint response that's used for picking the right override class.
This PR includes two major generic additions that should vastly improve our parsing accuracy and quality:
Includes are parsed from config dump from httpd binary. This is mandatory for some distributions (Like OpenSUSE) to get visibility over the whole configuration tree because of Include statements passed on in command line, and not via root httpd.conf file.
Modules are parsed from config dump from httpd binary. This lets us jump into correct IfModule directives if for some reason we have missed the module availability (because of one being included on command line or such).
Distribution specific changes
Because of the generic changes, there are two distributions (or distribution families) that do not provide such functionality, so it had to be overridden in their respective override files. These distributions are:
CentOS, because it deliberately limits httpd binary stdout using SELinux as a feature. We are doing opportunistic config dumps here however, in case SELinux enforcing is off.
Gentoo, because it does not provide a way to invoke httpd with command line parsed from its specific configuration file. Gentoo relies heavily on Define statements that are passed over from APACHE2_OPTS variable /etc/conf.d/apache2 file and most of the configuration in root Apache configuration are dependent on these values.
Debian
Moved the Debian specific parts from configurator.py to Debian specific override.
CentOS
Parsing of /etc/sysconfig/httpd file for additional Define statements. This could hold other parameters too, but parsing everything off it would require a full Apache lexer. For CLI parameters, I think Defines are the most common ones. This is done in addition of opportunistic parsing of httpd binary config dump.
Added CentOS default Apache configuration tree for realistic test cases.
Gentoo
Parsing Defines from /etc/conf.d/apache2 variable APACHE2_OPTS, which holds additional Define statements to enable certain functionalities, enabling parts of the configuration in the Apache2 DOM. This is done instead of trying to parse httpd binary configuration dumps.
Added default Apache configuration from Gentoo to testdata, including /etc/conf.d/apache2 file for realistic test cases.
* Distribution specific override functionality based on class inheritance
* Need to patch get_systemd_os_like to as travis has proper os-release
* Added pydoc
* Move parser initialization to a method and fix Python 3 __new__ errors
* Parser changes to parse HTTPD config
* Try to get modules and includes from httpd process for better visibility over the configuration
* Had to disable duplicate-code because of test setup (PyCQA/pylint/issues/214)
* CentOS tests and linter fixes
* Gentoo override, tests and linter fixes
* Mock the process call in all the tests that require it
* Fix CentOS test mock
* Restore reseting modules list functionality for cleanup
* Move OS fingerprinting and constant mocks to parent class
* Fixes requested in review
* New entrypoint structure and started moving OS constants to override classes
* OS constants move continued, test and linter fixes
* Removed dead code
* Apache compatibility test changest to reflect OS constant restructure
* Test fix
* Requested changes
* Moved Debian specific tests to own test file
* Removed decorator based override class registration in favor of entrypoint dict
* Fix for update_includes for some versions of Augeas
* Take fedora fix into account in tests
* Review fixes
2017-12-04 14:49:18 -05:00
|
|
|
apache_le_vhost_ext="-le-ssl.conf",
|
2015-12-07 05:03:54 -05:00
|
|
|
apache_challenge_location=config_path,
|
2018-08-02 11:17:38 -04:00
|
|
|
apache_enmod=None,
|
2015-09-30 20:16:27 -04:00
|
|
|
backup_dir=backups,
|
|
|
|
|
config_dir=config_dir,
|
2018-01-11 12:27:30 -05:00
|
|
|
http01_port=80,
|
2015-09-30 20:16:27 -04:00
|
|
|
temp_checkpoint_dir=os.path.join(work_dir, "temp_checkpoints"),
|
|
|
|
|
in_progress_dir=os.path.join(backups, "IN_PROGRESS"),
|
|
|
|
|
work_dir=work_dir)
|
2014-12-19 18:49:29 -05:00
|
|
|
|
2019-11-25 12:44:40 -05:00
|
|
|
with mock.patch("certbot_apache._internal.configurator.util.run_script"):
|
|
|
|
|
with mock.patch("certbot_apache._internal.configurator.util."
|
2018-08-02 11:17:38 -04:00
|
|
|
"exe_exists") as mock_exe_exists:
|
|
|
|
|
mock_exe_exists.return_value = True
|
2019-11-25 12:44:40 -05:00
|
|
|
with mock.patch("certbot_apache._internal.parser.ApacheParser."
|
2018-08-02 11:17:38 -04:00
|
|
|
"update_runtime_variables"):
|
2020-01-06 10:19:33 -05:00
|
|
|
with mock.patch("certbot_apache._internal.apache_util.parse_from_subprocess") as mock_sp:
|
2019-12-02 18:00:53 -05:00
|
|
|
mock_sp.return_value = []
|
|
|
|
|
try:
|
|
|
|
|
config_class = entrypoint.OVERRIDE_CLASSES[os_info]
|
|
|
|
|
except KeyError:
|
|
|
|
|
config_class = configurator.ApacheConfigurator
|
|
|
|
|
config = config_class(config=mock_le_config, name="apache",
|
2020-03-23 19:49:52 -04:00
|
|
|
version=version, use_parsernode=use_parsernode,
|
|
|
|
|
openssl_version=openssl_version)
|
2019-12-02 18:00:53 -05:00
|
|
|
if not conf_vhost_path:
|
2021-04-13 14:18:49 -04:00
|
|
|
config_class.OS_DEFAULTS.vhost_root = vhost_path
|
2019-12-02 18:00:53 -05:00
|
|
|
else:
|
|
|
|
|
# Custom virtualhost path was requested
|
|
|
|
|
config.config.apache_vhost_root = conf_vhost_path
|
2021-04-13 14:18:49 -04:00
|
|
|
config.config.apache_ctl = config_class.OS_DEFAULTS.ctl
|
2019-12-02 18:00:53 -05:00
|
|
|
config.prepare()
|
2014-12-19 18:49:29 -05:00
|
|
|
return config
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
def get_vh_truth(temp_dir, config_name):
|
|
|
|
|
"""Return the ground truth for the specified directory."""
|
2016-03-20 15:57:52 -04:00
|
|
|
if config_name == "debian_apache_2_4/multiple_vhosts":
|
2014-12-19 18:49:29 -05:00
|
|
|
prefix = os.path.join(
|
2017-09-25 15:03:09 -04:00
|
|
|
temp_dir, config_name, "apache2/sites-enabled")
|
|
|
|
|
|
2014-12-19 18:49:29 -05:00
|
|
|
aug_pre = "/files" + prefix
|
|
|
|
|
vh_truth = [
|
|
|
|
|
obj.VirtualHost(
|
|
|
|
|
os.path.join(prefix, "encryption-example.conf"),
|
2017-09-27 18:51:28 -04:00
|
|
|
os.path.join(aug_pre, "encryption-example.conf/Virtualhost"),
|
2020-04-13 13:41:39 -04:00
|
|
|
{obj.Addr.fromstring("*:80")},
|
2015-07-21 20:16:46 -04:00
|
|
|
False, True, "encryption-example.demo"),
|
2014-12-19 18:49:29 -05:00
|
|
|
obj.VirtualHost(
|
|
|
|
|
os.path.join(prefix, "default-ssl.conf"),
|
2017-09-25 15:03:09 -04:00
|
|
|
os.path.join(aug_pre,
|
|
|
|
|
"default-ssl.conf/IfModule/VirtualHost"),
|
2020-04-13 13:41:39 -04:00
|
|
|
{obj.Addr.fromstring("_default_:443")}, True, True),
|
2014-12-19 18:49:29 -05:00
|
|
|
obj.VirtualHost(
|
|
|
|
|
os.path.join(prefix, "000-default.conf"),
|
|
|
|
|
os.path.join(aug_pre, "000-default.conf/VirtualHost"),
|
2020-04-13 13:41:39 -04:00
|
|
|
{obj.Addr.fromstring("*:80"),
|
|
|
|
|
obj.Addr.fromstring("[::]:80")},
|
2016-03-20 12:08:53 -04:00
|
|
|
False, True, "ip-172-30-0-17"),
|
2014-12-19 18:49:29 -05:00
|
|
|
obj.VirtualHost(
|
2016-04-13 19:30:57 -04:00
|
|
|
os.path.join(prefix, "certbot.conf"),
|
|
|
|
|
os.path.join(aug_pre, "certbot.conf/VirtualHost"),
|
2020-04-13 13:41:39 -04:00
|
|
|
{obj.Addr.fromstring("*:80")}, False, True,
|
2018-01-16 21:16:33 -05:00
|
|
|
"certbot.demo", aliases=["www.certbot.demo"]),
|
2015-11-06 03:56:50 -05:00
|
|
|
obj.VirtualHost(
|
|
|
|
|
os.path.join(prefix, "mod_macro-example.conf"),
|
|
|
|
|
os.path.join(aug_pre,
|
|
|
|
|
"mod_macro-example.conf/Macro/VirtualHost"),
|
2020-04-13 13:41:39 -04:00
|
|
|
{obj.Addr.fromstring("*:80")}, False, True,
|
2016-01-14 06:25:15 -05:00
|
|
|
modmacro=True),
|
2015-11-24 00:19:42 -05:00
|
|
|
obj.VirtualHost(
|
|
|
|
|
os.path.join(prefix, "default-ssl-port-only.conf"),
|
2016-01-14 06:25:15 -05:00
|
|
|
os.path.join(aug_pre, ("default-ssl-port-only.conf/"
|
|
|
|
|
"IfModule/VirtualHost")),
|
2020-04-13 13:41:39 -04:00
|
|
|
{obj.Addr.fromstring("_default_:443")}, True, True),
|
2016-02-23 20:31:41 -05:00
|
|
|
obj.VirtualHost(
|
|
|
|
|
os.path.join(prefix, "wildcard.conf"),
|
|
|
|
|
os.path.join(aug_pre, "wildcard.conf/VirtualHost"),
|
2020-04-13 13:41:39 -04:00
|
|
|
{obj.Addr.fromstring("*:80")}, False, True,
|
2016-05-19 19:04:18 -04:00
|
|
|
"ip-172-30-0-17", aliases=["*.blue.purple.com"]),
|
|
|
|
|
obj.VirtualHost(
|
|
|
|
|
os.path.join(prefix, "ocsp-ssl.conf"),
|
|
|
|
|
os.path.join(aug_pre, "ocsp-ssl.conf/IfModule/VirtualHost"),
|
2020-04-13 13:41:39 -04:00
|
|
|
{obj.Addr.fromstring("10.2.3.4:443")}, True, True,
|
2017-09-25 15:03:09 -04:00
|
|
|
"ocspvhost.com"),
|
|
|
|
|
obj.VirtualHost(
|
|
|
|
|
os.path.join(prefix, "non-symlink.conf"),
|
|
|
|
|
os.path.join(aug_pre, "non-symlink.conf/VirtualHost"),
|
2020-04-13 13:41:39 -04:00
|
|
|
{obj.Addr.fromstring("*:80")}, False, True,
|
2017-09-25 15:03:09 -04:00
|
|
|
"nonsym.link"),
|
|
|
|
|
obj.VirtualHost(
|
|
|
|
|
os.path.join(prefix, "default-ssl-port-only.conf"),
|
|
|
|
|
os.path.join(aug_pre,
|
|
|
|
|
"default-ssl-port-only.conf/VirtualHost"),
|
2020-04-13 13:41:39 -04:00
|
|
|
{obj.Addr.fromstring("*:80")}, True, True, ""),
|
2017-09-25 15:03:09 -04:00
|
|
|
obj.VirtualHost(
|
|
|
|
|
os.path.join(temp_dir, config_name,
|
|
|
|
|
"apache2/apache2.conf"),
|
|
|
|
|
"/files" + os.path.join(temp_dir, config_name,
|
|
|
|
|
"apache2/apache2.conf/VirtualHost"),
|
2020-04-13 13:41:39 -04:00
|
|
|
{obj.Addr.fromstring("*:80")}, False, True,
|
2019-02-06 13:02:35 -05:00
|
|
|
"vhost.in.rootconf"),
|
|
|
|
|
obj.VirtualHost(
|
|
|
|
|
os.path.join(prefix, "duplicatehttp.conf"),
|
|
|
|
|
os.path.join(aug_pre, "duplicatehttp.conf/VirtualHost"),
|
2020-04-13 13:41:39 -04:00
|
|
|
{obj.Addr.fromstring("10.2.3.4:80")}, False, True,
|
2019-02-06 13:02:35 -05:00
|
|
|
"duplicate.example.com"),
|
|
|
|
|
obj.VirtualHost(
|
|
|
|
|
os.path.join(prefix, "duplicatehttps.conf"),
|
|
|
|
|
os.path.join(aug_pre, "duplicatehttps.conf/IfModule/VirtualHost"),
|
2020-04-13 13:41:39 -04:00
|
|
|
{obj.Addr.fromstring("10.2.3.4:443")}, True, True,
|
2019-02-06 13:02:35 -05:00
|
|
|
"duplicate.example.com")]
|
2014-12-19 18:49:29 -05:00
|
|
|
return vh_truth
|
2016-07-26 18:57:11 -04:00
|
|
|
if config_name == "debian_apache_2_4/multi_vhosts":
|
|
|
|
|
prefix = os.path.join(
|
|
|
|
|
temp_dir, config_name, "apache2/sites-available")
|
|
|
|
|
aug_pre = "/files" + prefix
|
|
|
|
|
vh_truth = [
|
|
|
|
|
obj.VirtualHost(
|
|
|
|
|
os.path.join(prefix, "default.conf"),
|
|
|
|
|
os.path.join(aug_pre, "default.conf/VirtualHost[1]"),
|
2020-04-13 13:41:39 -04:00
|
|
|
{obj.Addr.fromstring("*:80")},
|
2016-07-26 18:57:11 -04:00
|
|
|
False, True, "ip-172-30-0-17"),
|
|
|
|
|
obj.VirtualHost(
|
|
|
|
|
os.path.join(prefix, "default.conf"),
|
|
|
|
|
os.path.join(aug_pre, "default.conf/VirtualHost[2]"),
|
2020-04-13 13:41:39 -04:00
|
|
|
{obj.Addr.fromstring("*:80")},
|
2016-09-28 14:34:27 -04:00
|
|
|
False, True, "banana.vomit.com"),
|
|
|
|
|
obj.VirtualHost(
|
|
|
|
|
os.path.join(prefix, "multi-vhost.conf"),
|
|
|
|
|
os.path.join(aug_pre, "multi-vhost.conf/VirtualHost[1]"),
|
2020-04-13 13:41:39 -04:00
|
|
|
{obj.Addr.fromstring("*:80")},
|
2016-09-28 14:34:27 -04:00
|
|
|
False, True, "1.multi.vhost.tld"),
|
|
|
|
|
obj.VirtualHost(
|
|
|
|
|
os.path.join(prefix, "multi-vhost.conf"),
|
|
|
|
|
os.path.join(aug_pre, "multi-vhost.conf/IfModule/VirtualHost"),
|
2020-04-13 13:41:39 -04:00
|
|
|
{obj.Addr.fromstring("*:80")},
|
2016-09-28 14:34:27 -04:00
|
|
|
False, True, "2.multi.vhost.tld"),
|
|
|
|
|
obj.VirtualHost(
|
|
|
|
|
os.path.join(prefix, "multi-vhost.conf"),
|
|
|
|
|
os.path.join(aug_pre, "multi-vhost.conf/VirtualHost[2]"),
|
2020-04-13 13:41:39 -04:00
|
|
|
{obj.Addr.fromstring("*:80")},
|
2016-09-28 14:34:27 -04:00
|
|
|
False, True, "3.multi.vhost.tld")]
|
2016-07-26 18:57:11 -04:00
|
|
|
return vh_truth
|
2015-07-23 04:34:51 -04:00
|
|
|
return None # pragma: no cover
|
