erp5: Call dumps() when rendering user-provided strings

Not perfect yet, as some strings end in configuration files for example and need escape mechanisms aware of individual configuration file syntaxes.

erp5: Call dumps() when rendering user-provided strings
Not perfect yet, as some strings end in configuration files for example and need escape mechanisms aware of individual configuration file syntaxes.
96975aee · Vincent Pelletier · a45c1758 · 96975aee · 96975aee · 96975aee
Commit 96975aee authored Feb 03, 2014 by Vincent Pelletier
8 changed files
--- a/stack/erp5/buildout.cfg
+++ b/stack/erp5/buildout.cfg
@@ -179,7 +179,7 @@ context =
 [template-mariadb]
 < = download-base
 filename = instance-mariadb.cfg.in
-md5sum = 31e49ad3abb6926f21f29c53cda49ebb
+md5sum = 7946369d6df508d854c786ab653e8cd4
 link-binary =
  ${coreutils:location}/bin/basename
  ${coreutils:location}/bin/cat
@@ -200,7 +200,7 @@ md5sum = fe9a9349c4bad2ba999e9d8bac065ebb
 [template-cloudooo]
 < = download-base
 filename = instance-cloudoo.cfg.in
-md5sum = 1cb9160482a6be615c34dbc55b017dce
+md5sum = 5ad1664a39fbab5f8450c7fb36c81945

 [template-zope-conf]
 < = download-base
@@ -225,7 +225,7 @@ md6sum = 4504b8e58cf6eb0f17ef30c29c04432d
 [template-create-erp5-site-real]
 < = download-base
 filename = instance-create-erp5-site-real.cfg.in
-md5sum = 2440e054821628bfbc4837d4ceb16bc2
+md5sum = a88881e00d56286e16fcaf36d94c025e

 [template]
 < = template-jinja2-base
@@ -306,12 +306,12 @@ md5sum = 7735d535aa34dfdc18a776b80bc0ca3d
 [template-zeo]
 < = download-base
 filename = instance-zeo.cfg.in
-md5sum = 32de16140a294a7e456a9665124bdb93
+md5sum = 537454dcd64330ddb0360c05526b7824

 [template-zope]
 < = download-base
 filename = instance-zope.cfg.in
-md5sum = d293450efd0bebc91c0bad5c1c7989bc
+md5sum = 4e90f7eae9e14d47077e3d884fe79474
 link-binary =
  ${aspell:location}/bin/aspell
  ${coreutils:location}/bin/basename
@@ -341,7 +341,7 @@ link-binary =
 [template-balancer]
 < = download-base
 filename = instance-balancer.cfg.in
-md5sum = 2d2bd66f5771e106ce31253e01162ff3
+md5sum = e0b8ba297c4ab92f6ecb61c3384d893e

 [template-haproxy-cfg]
 < = download-base

--- a/stack/erp5/instance-balancer.cfg.in
+++ b/stack/erp5/instance-balancer.cfg.in
@@ -64,7 +64,7 @@ ipv6 = {{ zope_address.split(']:')[0][1:] }}

 [haproxy-cfg-parameter-dict]
 socket-path = ${directory:run}/haproxy.sock
-server-check-path = {{ slapparameter_dict['haproxy-server-check-path'] }}
+server-check-path = {{ dumps(slapparameter_dict['haproxy-server-check-path']) }}
 backend-dict = {{ dumps(haproxy_dict) }}
 ip = {{ ipv4 }}

@@ -90,15 +90,15 @@ scheme = https
 key-file = ${directory:apache-conf}/apache.key
 cert-file = ${directory:apache-conf}/apache.crt
 configuration-file = ${directory:apache-conf}/apache.conf
-access-control-string = {{ slapparameter_dict['apache-access-control-string'] }}
+access-control-string = {{ dumps(slapparameter_dict['apache-access-control-string']) }}
 pid-file = ${directory:run}/apache.pid
 lock-file = ${directory:run}/apache.lock
 ssl-session-cache = $${directory:log}/apache-ssl-session-cache
 error-log = ${directory:log}/apache-error.log
 access-log = ${directory:log}/apache-access.log
 apache-binary = {{ parameter_dict['apache'] }}/bin/httpd
-ssl-authentication = {{ slapparameter_dict['apache-ssl-authentication'] }}
-backend-path = {{ slapparameter_dict['apache-backend-path'] }}
+ssl-authentication = {{ dumps(slapparameter_dict['apache-ssl-authentication']) }}
+backend-path = {{ dumps(slapparameter_dict['apache-backend-path']) }}
 # Note: Without certificate-authority main certificate have to be hardcoded
 ssl-authentication-certificate = ${certificate-authority:ca-dir}/cacert.pem
 ssl-authentication-crl = ${certificate-authority:ca-crl}
@@ -123,11 +123,11 @@ ca-certs = ${directory:certs}
 ca-newcerts = ${directory:newcerts}
 ca-crl = ${directory:crl}
 {% set ca = slapparameter_dict['ca'] -%}
-country-code = {{ ca.get('country-code', 'ZZ') }}
-email = {{ ca.get('email', 'nobody@example.com') }}
-state = {{ ca.get('state', 'Dummy State') }}
-city = {{ ca.get('city', 'Dummy City') }}
-company = {{ ca.get('company', 'Dummy Company') }}
+country-code = {{ dumps(ca.get('country-code', 'ZZ')) }}
+email = {{ dumps(ca.get('email', 'nobody@example.com')) }}
+state = {{ dumps(ca.get('state', 'Dummy State')) }}
+city = {{ dumps(ca.get('city', 'Dummy City')) }}
+company = {{ dumps(ca.get('company', 'Dummy Company')) }}

 [ca-apache]
 < = certificate-authority

--- a/stack/erp5/instance-cloudoo.cfg.in
+++ b/stack/erp5/instance-cloudoo.cfg.in
@@ -51,7 +51,7 @@ conf-path = ${directory:etc}/font.conf
 font-system-folder = {{ parameter_dict['fonts'] }}
 font-folder = ${directory:font}
 {# XXX: violates "instanciation happens offline" rule -#}
-url-list = {{ slapparameter_dict.get('font-url-list', []) | join(' ') }}
+url-list = {{ dumps(slapparameter_dict.get('font-url-list', []) | join(' ')) }}
 service-folder = ${directory:service}
 onetimedownload_path = {{ bin_directory }}/onetimedownload


--- a/stack/erp5/instance-create-erp5-site-real.cfg.in
+++ b/stack/erp5/instance-create-erp5-site-real.cfg.in
@@ -16,7 +16,7 @@ mysql-url = {{ publish['mariadb-database-list'][0] }}
 {%     do family_list.append(value.split('://', 1)) -%}
 {%   endif -%}
 {%  endfor -%}
-zope-url = {{ family_list[0][0] + '://' + publish['inituser-login'] + ':' + publish['inituser-password'] + '@' + family_list[0][1] + '/' + publish['site-id'] }}
+zope-url = {{ dumps(family_list[0][0] + '://' + publish['inituser-login'] + ':' + publish['inituser-password'] + '@' + family_list[0][1] + '/' + publish['site-id']) }}

 [promise-erp5-site]
 recipe = slapos.cookbook:check_url_available

--- a/stack/erp5/instance-erp5.cfg.in
+++ b/stack/erp5/instance-erp5.cfg.in
@@ -56,7 +56,7 @@ recipe = slapos.cookbook:generate.password
 [deadlock-debugger-password]
 {% set deadlock_debugger_password = slapparameter_dict.get('deadlock-debugger-password') -%}
 {% if deadlock_debugger_password -%}
-passwd = {{ deadlock_debugger_password }}
+passwd = {{ dumps(deadlock_debugger_password) }}
 {% else -%}
 recipe = slapos.cookbook:generate.password
 {% endif -%}
@@ -95,15 +95,15 @@ config-mysql-test-url-list = ${request-mariadb:connection-test-database-list}
 config-memcached-url = ${request-memcached-volatile:connection-url}
 config-cloudooo-url = ${request-cloudooo:connection-url}
 config-kumofs-url = ${request-memcached-persistent:connection-url}
-config-bt5 = {{ slapparameter_dict.get('bt5', 'erp5_full_text_myisam_catalog erp5_configurator_standard erp5_configurator_maxma_demo erp5_configurator_ung erp5_configurator_run_my_doc') }}
-config-bt5-repository-url = {{ slapparameter_dict.get('bt5-repository-url', local_bt5_repository) }}
-config-smtp-url = {{ slapparameter_dict.get('smtp-url', 'smtp://localhost:25/') }}
+config-bt5 = {{ dumps(slapparameter_dict.get('bt5', 'erp5_full_text_myisam_catalog erp5_configurator_standard erp5_configurator_maxma_demo erp5_configurator_ung erp5_configurator_run_my_doc')) }}
+config-bt5-repository-url = {{ dumps(slapparameter_dict.get('bt5-repository-url', local_bt5_repository)) }}
+config-smtp-url = {{ dumps(slapparameter_dict.get('smtp-url', 'smtp://localhost:25/')) }}
 config-zodb-dict = ${request-zodb:connection-zodb-dict}
 config-zodb-storage-type = ${request-zodb:connection-zodb-storage-type}
 config-tidstorage-ip = ${request-zodb:connection-tidstorage-ip}
 config-tidstorage-port = ${request-zodb:connection-tidstorage-port}
-config-timezone = {{ slapparameter_dict.get('timezone', 'UTC') }}
-config-site-id = {{ site_id }}
+config-timezone = {{ dumps(slapparameter_dict.get('timezone', 'UTC')) }}
+config-site-id = {{ dumps(site_id) }}
 config-deadlock-debugger-password = ${deadlock-debugger-password:passwd}
 config-inituser-login = {{ dumps(inituser_login) }}
 config-inituser-password = ${inituser-password:passwd}
@@ -124,7 +124,7 @@ config-timerserver-interval = {{ dumps(zope_parameter_dict.get('timerserver-inte
 config-longrequest-logger-interval = {{ dumps(zope_parameter_dict.get('longrequest-logger-interval', -1)) }}
 config-longrequest-logger-timeout = {{ dumps(zope_parameter_dict.get('longrequest-logger-timeout', 1)) }}
 config-port-base = {{ dumps(zope_parameter_dict.get('port-base', 2200)) }}
-sla-computer_guid = {{ zope_parameter_dict.get('computer-guid', computer_id) }}
+sla-computer_guid = {{ dumps(zope_parameter_dict.get('computer-guid', computer_id)) }}
 {% endfor -%}

 {# We need to concatenate lists that we cannot read as lists, so this gets hairy. -#}
@@ -153,7 +153,7 @@ config-url = ${request-balancer:{{ family_name }}-v6}
 < = request-common
 name = balancer
 software-type = balancer
-sla-computer_guid = {{ slapparameter_dict.get('balancer-computer-guid', computer_id) }}
+sla-computer_guid = {{ dumps(slapparameter_dict.get('balancer-computer-guid', computer_id)) }}
 extra-config =
  tcpv4-port
  haproxy-server-check-path
@@ -174,19 +174,19 @@ config-tcpv4-port = {{ dumps(slapparameter_dict.get('', 2150)) }}
 config-{{ name }} = {{ ' ${' ~ zope_section_id ~ ':connection-zope-address-list}' }}
 {% endfor -%}
 # XXX: should those really be same for all families ?
-config-haproxy-server-check-path = {{ slapparameter_dict.get('haproxy-server-check-path', '/') % {'site-id': site_id} }}
-config-apache-access-control-string = {{ slapparameter_dict.get('apache-access-control-string', 'all') }}
-config-apache-ssl-authentication = {{ slapparameter_dict.get('apache-ssl-authentication', '0') }}
-config-apache-backend-path = {{ slapparameter_dict.get('apache-backend-path', '/') % {'site-id': site_id} }}
+config-haproxy-server-check-path = {{ dumps(slapparameter_dict.get('haproxy-server-check-path', '/') % {'site-id': site_id}) }}
+config-apache-access-control-string = {{ dumps(slapparameter_dict.get('apache-access-control-string', 'all')) }}
+config-apache-ssl-authentication = {{ dumps(slapparameter_dict.get('apache-ssl-authentication', '0')) }}
+config-apache-backend-path = {{ dumps(slapparameter_dict.get('apache-backend-path', '/') % {'site-id': site_id}) }}
 config-ca = {{ dumps(slapparameter_dict.get('ca', {})) }}

 [request-frontend-base]
 {% if has_frontend -%}
 < = request-common
-software-url = {{ frontend_dict['software-url'] }}
-software-type = {{ frontend_dict.get('software-type', 'RootSoftwareInstance') }}
+software-url = {{ dumps(frontend_dict['software-url']) }}
+software-type = {{ dumps(frontend_dict.get('software-type', 'RootSoftwareInstance')) }}
 sla = instance_guid
-sla-instance_guid = {{ frontend_dict['instance-guid'] }}
+sla-instance_guid = {{ dumps(frontend_dict['instance-guid']) }}
 slave = true
 {% set config_dict = {
  'type': 'zope',
@@ -206,7 +206,7 @@ recipe = slapos.cookbook:publish.serialised
 deadlock-debugger-password = ${deadlock-debugger-password:passwd}
 inituser-password = ${inituser-password:passwd}
 {% for name, value in publish_dict.items() -%}
-{{   name }} = {{ value }}
+{{   name }} = {{ dumps(value) }}
 {% endfor -%}

 [buildout]

--- a/stack/erp5/instance-mariadb.cfg.in
+++ b/stack/erp5/instance-mariadb.cfg.in
@@ -98,7 +98,7 @@ data-directory = ${directory:mariadb-data}
 pid-file = ${directory:run}/mariadb.pid
 error-log = ${directory:log}/mariadb_error.log
 slow-query-log = ${directory:log}/mariadb_slowquery.log
-long-query-time = {{ slapparameter_dict.get('long-query-time', 1) }}
+long-query-time = {{ dumps(slapparameter_dict.get('long-query-time', 1)) }}
 innodb-buffer-pool-size = {{ dumps(slapparameter_dict.get('innodb-buffer-pool-size', 0)) }}
 innodb-log-file-size = {{ dumps(slapparameter_dict.get('innodb-log-file-size', 0)) }}
 innodb-log-buffer-size = {{ dumps(slapparameter_dict.get('innodb-log-buffer-size', 0)) }}
@@ -106,7 +106,7 @@ relaxed-writes = {{ dumps(slapparameter_dict.get('relaxed-writes', False)) }}
 {% if incremental_backup_retention_days > -1 -%}
 binlog-path = ${directory:mariadb-backup-incremental}/binlog
 # XXX: binlog rotation happens along with other log's rotation
-binlog-expire-days = {{ incremental_backup_retention_days }}
+binlog-expire-days = {{ dumps(incremental_backup_retention_days) }}
 {% else %}
 binlog-path =
 {%- endif %}
@@ -150,7 +150,7 @@ mysql-base-directory = {{ parameter_dict['mariadb-location'] }}
 [mariadb-instance]
 # Options
 user = user
-parallel-test-database-amount = {{ slapparameter_dict.get('test-database-amount', 30) }}
+parallel-test-database-amount = {{ dumps(slapparameter_dict.get('test-database-amount', 30)) }}
 database = erp5
 test-user = erp5_test
 test-database = erp5_test

--- a/stack/erp5/instance-zeo.cfg.in
+++ b/stack/erp5/instance-zeo.cfg.in
@@ -129,7 +129,7 @@ known-tid-storage-identifier-dict = {{ dumps(known_tid_storage_identifier_dict)
 configuration-path = ${directory:etc}/tidstorage.py
 ip = {{ tidstorage_ip }}
 port = {{ tidstorage_port }}
-timestamp-file-path = {{ tidstorage_dict.get('tidstorage-timestamp-path', '%(backup)s/repozo_tidstorage_timestamp.log' % {'backup': default_tidstorage_timestamp_path}) }}
+timestamp-file-path = {{ dumps(tidstorage_dict.get('tidstorage-timestamp-path', '%(backup)s/repozo_tidstorage_timestamp.log' % {'backup': default_tidstorage_timestamp_path})) }}
 logfile-name = ${directory:log}/tidstorage.log
 pidfile-name = ${directory:run}/tidstorage.pid
 status-file = ${directory:tidstorage}/tidstorage.tid
@@ -166,7 +166,7 @@ path = ${directory:promises}/tidstorage
 recipe = slapos.cookbook:cron.d
 cron-entries = ${cron:cron-entries}
 name = tidstorage
-time = {{ tidstorage_dict.get('periodicity', 'daily') }}
+time = {{ dumps(tidstorage_dict.get('periodicity', 'daily')) }}
 command = ${tidstorage:repozo-wrapper}

 [{{ section("logrotate-tidstorage") }}]

--- a/stack/erp5/instance-zope.cfg.in
+++ b/stack/erp5/instance-zope.cfg.in
@@ -20,9 +20,9 @@ partition. No more (undefined result), no less (IndexError).
 recipe = slapos.cookbook:erp5.test
 certificate-authority-path = ${test-certificate-authority:ca-dir}
 mysql-url-list = {{ dumps(slapparameter_dict['mysql-test-url-list']) }}
-kumofs-url = {{ slapparameter_dict['kumofs-url'] }}
-memcached-url = {{ slapparameter_dict['memcached-url'] }}
-cloudooo-url = {{ slapparameter_dict['cloudooo-url'] }}
+kumofs-url = {{ dumps(slapparameter_dict['kumofs-url']) }}
+memcached-url = {{ dumps(slapparameter_dict['memcached-url']) }}
+cloudooo-url = {{ dumps(slapparameter_dict['cloudooo-url']) }}
 test-instance-path = ${directory:unit-test-path}
 prepend-path = ${buildout:bin-directory}
 run-unit-test = ${buildout:bin-directory}/runUnitTest
@@ -131,8 +131,8 @@ ipv6 = {{ storage_server.split(']:')[0][1:] }}
 < = zeo-tunnel-base
 base-name = tidstorage-tunnel
 ipv4-port = {{ next_port }}
-ipv6 = {{ slapparameter_dict.get('tidstorage-ip') }}
-ipv6-port = {{ slapparameter_dict.get('tidstorage-port') }}
+ipv6 = {{ dumps(slapparameter_dict.get('tidstorage-ip')) }}
+ipv6-port = {{ dumps(slapparameter_dict.get('tidstorage-port')) }}
 {%     do slapparameter_dict.__setitem__('tidstorage-ip', ipv4) -%}
 {%     do slapparameter_dict.__setitem__('tidstorage-port', next_port) -%}
 {%     set next_port = next_port + 1 -%}
@@ -155,8 +155,8 @@ ipv6 = {{ ipv6 }}

 {% if slapparameter_dict.get('tidstorage-ip') -%}
 [tidstorage]
-ipv4 = {{ slapparameter_dict['tidstorage-ip'] }}
-ipv4-port = {{ slapparameter_dict['tidstorage-port'] }}
+ipv4 = {{ dumps(slapparameter_dict['tidstorage-ip']) }}
+ipv4-port = {{ dumps(slapparameter_dict['tidstorage-port']) }}
 {% else -%}
 [tidstorage]
 ipv4 =
@@ -165,10 +165,10 @@ ipv4-port =

 [zope-base]
 recipe = slapos.cookbook:generic.zope.zeo.client
-user = {{ slapparameter_dict['inituser-login'] }}
-password = {{ slapparameter_dict['inituser-password'] }}
+user = {{ dumps(slapparameter_dict['inituser-login']) }}
+password = {{ dumps(slapparameter_dict['inituser-password']) }}
 ip = {{ ipv4 }}
-timezone = {{ slapparameter_dict['timezone'] }}
+timezone = {{ dumps(slapparameter_dict['timezone']) }}
 tidstorage-ip = ${tidstorage:ipv4}
 tidstorage-port = ${tidstorage:ipv4-port}
 instance-etc = ${directory:instance-etc}
@@ -198,7 +198,7 @@ context =
  key instance directory:instance
  key instance_products directory:instance-products
  raw deadlock_path /manage_debug_threads
-  raw deadlock_debugger_password {{ slapparameter_dict['deadlock-debugger-password'] }}
+  raw deadlock_debugger_password {{ dumps(slapparameter_dict['deadlock-debugger-password']) }}
  key tidstorage_ip tidstorage:ipv4
  key tidstorage_port tidstorage:ipv4-port
  key promise_path erp5-promise:promise-path
@@ -294,12 +294,12 @@ zope-address-list = {{ dumps(publish_list) }}
 [erp5-promise]
 recipe = slapos.cookbook:erp5.promise
 promise-path = ${directory:etc}/erp5promise.cfg
-kumofs-url = {{ slapparameter_dict['kumofs-url'] }}
-memcached-url = {{ slapparameter_dict['memcached-url'] }}
-cloudooo-url = {{ slapparameter_dict['cloudooo-url'] }}
-smtp-url = {{ slapparameter_dict['smtp-url'] }}
-bt5 = {{ slapparameter_dict['bt5'] }}
-bt5-repository-url = {{ slapparameter_dict['bt5-repository-url'] }}
+kumofs-url = {{ dumps(slapparameter_dict['kumofs-url']) }}
+memcached-url = {{ dumps(slapparameter_dict['memcached-url']) }}
+cloudooo-url = {{ dumps(slapparameter_dict['cloudooo-url']) }}
+smtp-url = {{ dumps(slapparameter_dict['smtp-url']) }}
+bt5 = {{ dumps(slapparameter_dict['bt5']) }}
+bt5-repository-url = {{ dumps(slapparameter_dict['bt5-repository-url']) }}

 [buildout]
 eggs-directory = {{ eggs_directory }}