Commit 82cdff12 by Łukasz Nowak Committed by Łukasz Nowak

caddy-frontend: Faletten decision tree

Treat custom configuration as normal condition to reject/accept slave.

This will allow further anaylsis.
1 parent 47750da0
......@@ -26,7 +26,7 @@ md5sum = 750e2b1c922bf14511a3bc8a42468b1b
[template-apache-replicate]
filename = instance-apache-replicate.cfg.in
md5sum = 70d923e4fd5cfdb52bc4cbd04f9e01d2
md5sum = 30a502d56ce0a168aa3feaedbee73c3f
[template-slave-list]
filename = templates/apache-custom-slave-list.cfg.in
......
......@@ -68,45 +68,48 @@ context =
{% set authorized_slave_list = [] %}
{% set rejected_slave_list = [] %}
{% for slave in slave_instance_list %}
{# BBB: apache_custom_https AND apache_custom_http #}
{% if not ((slave.has_key('caddy_custom_http') or slave.has_key('apache_custom_http') or slave.has_key('caddy_custom_https') or slave.has_key('apache_custom_https')) and not slave.get('slave_reference') in authorized_slave_string) %}
{% set slave_dict = {'state': True} %}
{% if slave.get('url') %}
{% if subprocess_module.call([caddy_backend_url_validator, slave['url']]) == 1 %}
{% set slave_dict = {'state': True} %}
{# BBB: apache_custom_https AND apache_custom_http #}
{% for key in ['caddy_custom_http', 'caddy_custom_https', 'apache_custom_http', 'apache_custom_https'] %}
{% if slave.get(key) %}
{% if not slave.get('slave_reference') in authorized_slave_string %}
{% do slave_dict.__setitem__('state', False) %}
{% endif %}
{% endif %}
{% if slave.get('https-url') %}
{% if subprocess_module.call([caddy_backend_url_validator, slave['https-url']]) == 1 %}
{% do slave_dict.__setitem__('state', False) %}
{% endif %}
{% endif %}
{% if slave.get('ssl_key') and slave.get('ssl_crt') %}
{% set key_popen = popen([openssl, 'rsa', '-noout', '-modulus']) %}
{% set crt_popen = popen([openssl, 'x509', '-noout', '-modulus']) %}
{% set key_modulus = key_popen.communicate(slave['ssl_key'])[0] | trim %}
{% set crt_modulus = crt_popen.communicate(slave['ssl_crt'])[0] | trim %}
{% if not key_modulus or key_modulus != crt_modulus %}
{% do slave_dict.__setitem__('state', False) %}
{% endif %}
{% endfor %}
{% if slave.get('url') %}
{% if subprocess_module.call([caddy_backend_url_validator, slave['url']]) == 1 %}
{% do slave_dict.__setitem__('state', False) %}
{% endif %}
{% if slave.get('custom_domain') %}
{% if not validators.domain(slave['custom_domain']) %}
{% do slave_dict.__setitem__('state', False) %}
{% endif %}
{% endif %}
{% if slave.get('https-url') %}
{% if subprocess_module.call([caddy_backend_url_validator, slave['https-url']]) == 1 %}
{% do slave_dict.__setitem__('state', False) %}
{% endif %}
{% if slave.get('server-alias') %}
{% for slave_alias in slave['server-alias'].split() %}
{% if not validators.domain(slave_alias) %}
{% do slave_dict.__setitem__('state', False) %}
{% endif %}
{% endfor %}
{% endif %}
{% if slave.get('ssl_key') and slave.get('ssl_crt') %}
{% set key_popen = popen([openssl, 'rsa', '-noout', '-modulus']) %}
{% set crt_popen = popen([openssl, 'x509', '-noout', '-modulus']) %}
{% set key_modulus = key_popen.communicate(slave['ssl_key'])[0] | trim %}
{% set crt_modulus = crt_popen.communicate(slave['ssl_crt'])[0] | trim %}
{% if not key_modulus or key_modulus != crt_modulus %}
{% do slave_dict.__setitem__('state', False) %}
{% endif %}
{% if slave_dict['state'] %}
{% do authorized_slave_list.append(slave) %}
{% else %}
{% do rejected_slave_list.append(slave.get('slave_reference')) %}
{% endif %}
{% if slave.get('custom_domain') %}
{% if not validators.domain(slave['custom_domain']) %}
{% do slave_dict.__setitem__('state', False) %}
{% endif %}
{% endif %}
{% if slave.get('server-alias') %}
{% for slave_alias in slave['server-alias'].split() %}
{% if not validators.domain(slave_alias) %}
{% do slave_dict.__setitem__('state', False) %}
{% endif %}
{% endfor %}
{% endif %}
{% if slave_dict['state'] %}
{% do authorized_slave_list.append(slave) %}
{% else %}
{% do rejected_slave_list.append(slave.get('slave_reference')) %}
{% endif %}
......
Styling with Markdown is supported
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!