caddy-frontend: Faletten decision tree

Treat custom configuration as normal condition to reject/accept slave. This will allow further anaylsis.

caddy-frontend: Faletten decision tree
Treat custom configuration as normal condition to reject/accept slave. This will allow further anaylsis.
82cdff12 · Łukasz Nowak · Łukasz Nowak · 47750da0 · 82cdff12 · 82cdff12
Commit 82cdff12 authored Sep 10, 2018 by Łukasz Nowak Committed by Łukasz Nowak Sep 12, 2018
Showing with 36 additions and 33 deletions

software/caddy-frontend/buildout.hash.cfg software/caddy-frontend/buildout.hash.cfg +1 -1

software/caddy-frontend/instance-apache-replicate.cfg.in software/caddy-frontend/instance-apache-replicate.cfg.in +35 -32

No files found.
--- a/software/caddy-frontend/buildout.hash.cfg
+++ b/software/caddy-frontend/buildout.hash.cfg
@@ -26,7 +26,7 @@ md5sum = 750e2b1c922bf14511a3bc8a42468b1b

 [template-apache-replicate]
 filename = instance-apache-replicate.cfg.in
-md5sum = 70d923e4fd5cfdb52bc4cbd04f9e01d2
+md5sum = 30a502d56ce0a168aa3feaedbee73c3f

 [template-slave-list]
 filename = templates/apache-custom-slave-list.cfg.in

--- a/software/caddy-frontend/instance-apache-replicate.cfg.in
+++ b/software/caddy-frontend/instance-apache-replicate.cfg.in
@@ -68,45 +68,48 @@ context =
 {% set authorized_slave_list = [] %}
 {% set rejected_slave_list = [] %}
 {% for slave in slave_instance_list %}
-{# BBB: apache_custom_https AND apache_custom_http #}
-{%   if not ((slave.has_key('caddy_custom_http') or slave.has_key('apache_custom_http') or slave.has_key('caddy_custom_https') or slave.has_key('apache_custom_https')) and not slave.get('slave_reference') in authorized_slave_string) %}
-{%     set slave_dict = {'state': True} %}
-{%     if slave.get('url') %}
-{%       if subprocess_module.call([caddy_backend_url_validator, slave['url']]) == 1 %}
+{%   set slave_dict = {'state': True} %}
+{#   BBB: apache_custom_https AND apache_custom_http #}
+{%   for key in ['caddy_custom_http', 'caddy_custom_https', 'apache_custom_http', 'apache_custom_https'] %}
+{%     if slave.get(key) %}
+{%       if not slave.get('slave_reference') in authorized_slave_string %}
 {%         do slave_dict.__setitem__('state', False) %}
 {%       endif %}
 {%     endif %}
-{%     if slave.get('https-url') %}
-{%       if subprocess_module.call([caddy_backend_url_validator, slave['https-url']]) == 1 %}
-{%         do slave_dict.__setitem__('state', False) %}
-{%       endif %}
-{%     endif %}
-{%     if slave.get('ssl_key') and slave.get('ssl_crt') %}
-{%       set key_popen = popen([openssl, 'rsa', '-noout', '-modulus']) %}
-{%       set crt_popen = popen([openssl, 'x509', '-noout', '-modulus']) %}
-{%       set key_modulus = key_popen.communicate(slave['ssl_key'])[0] | trim %}
-{%       set crt_modulus = crt_popen.communicate(slave['ssl_crt'])[0] | trim %}
-{%       if not key_modulus or key_modulus != crt_modulus  %}
-{%         do slave_dict.__setitem__('state', False) %}
-{%       endif %}
+{%   endfor %}
+{%   if slave.get('url') %}
+{%     if subprocess_module.call([caddy_backend_url_validator, slave['url']]) == 1 %}
+{%       do slave_dict.__setitem__('state', False) %}
 {%     endif %}
-{%     if slave.get('custom_domain') %}
-{%       if not validators.domain(slave['custom_domain']) %}
-{%         do slave_dict.__setitem__('state', False) %}
-{%       endif %}
+{%   endif %}
+{%   if slave.get('https-url') %}
+{%     if subprocess_module.call([caddy_backend_url_validator, slave['https-url']]) == 1 %}
+{%       do slave_dict.__setitem__('state', False) %}
 {%     endif %}
-{%     if slave.get('server-alias') %}
-{%       for slave_alias in slave['server-alias'].split() %}
-{%         if not validators.domain(slave_alias) %}
-{%           do slave_dict.__setitem__('state', False) %}
-{%         endif %}
-{%       endfor %}
+{%   endif %}
+{%   if slave.get('ssl_key') and slave.get('ssl_crt') %}
+{%     set key_popen = popen([openssl, 'rsa', '-noout', '-modulus']) %}
+{%     set crt_popen = popen([openssl, 'x509', '-noout', '-modulus']) %}
+{%     set key_modulus = key_popen.communicate(slave['ssl_key'])[0] | trim %}
+{%     set crt_modulus = crt_popen.communicate(slave['ssl_crt'])[0] | trim %}
+{%     if not key_modulus or key_modulus != crt_modulus  %}
+{%       do slave_dict.__setitem__('state', False) %}
 {%     endif %}
-{%     if slave_dict['state'] %}
-{%       do authorized_slave_list.append(slave) %}
-{%     else %}
-{%       do rejected_slave_list.append(slave.get('slave_reference')) %}
+{%   endif %}
+{%   if slave.get('custom_domain') %}
+{%     if not validators.domain(slave['custom_domain']) %}
+{%       do slave_dict.__setitem__('state', False) %}
 {%     endif %}
+{%   endif %}
+{%   if slave.get('server-alias') %}
+{%     for slave_alias in slave['server-alias'].split() %}
+{%       if not validators.domain(slave_alias) %}
+{%         do slave_dict.__setitem__('state', False) %}
+{%       endif %}
+{%     endfor %}
+{%   endif %}
+{%   if slave_dict['state'] %}
+{%     do authorized_slave_list.append(slave) %}
 {%   else %}
 {%     do rejected_slave_list.append(slave.get('slave_reference')) %}
 {%   endif %}