Revert "caddy-frontend: Protect against wrong custom config"

This reverts commit 7993ff81.

Custom configuration checks are hard to be trusted, as they can impact too
many aspects of running frontend.

Frontend administrator knows the risks of custom configuration, and shall take
proper care.

/reviewed-on !543

software/caddy-frontend/README.caddy_frontend.rst

@@ -220,14 +220,10 @@ caddy_custom_https
 ~~~~~~~~~~~~~~~~~~
 Raw Caddy configuration in python template format (i.e. write "%%" for one "%") for the slave listening to the https port. Its content will be templatified in order to access functionalities such as cache access, ssl certificates... The list is available above.
 
-*Note*: The system will reject slaves which does not pass validation of caddy configuration, despite them being in ``-frontend-authorized-slave-string``, as otherwise this will lead to the whole frontend to fail.
-
 caddy_custom_http
 ~~~~~~~~~~~~~~~~~
 Raw Caddy configuration in python template format (i.e. write "%%" for one "%") for the slave listening to the http port. Its content will be templatified in order to access functionalities such as cache access, ssl certificates... The list is available above
 
-*Note*: The system will reject slaves which does not pass validation of caddy configuration, despite them being in ``-frontend-authorized-slave-string``, as otherwise this will lead to the whole frontend to fail.
-
 url
 ~~~
 Necessary to activate cache. ``url`` of backend to use.
@@ -345,7 +341,7 @@ Request slave frontend instance so that https://[1:2:3:4:5:6:7:8]:1234 will be::
         "caddy_custom_https":'
   https://www.example.com:%(https_port)s, https://example.com:%(https_port)s {
     bind %(local_ipv4)s
-    tls %%(certificate)s %%(certificate)s
+    tls %(certificate)s %(certificate)s
 
     log / %(access_log)s {combined}
     errors %(error_log)s

software/caddy-frontend/buildout.hash.cfg

@@ -14,7 +14,7 @@
 # not need these here).
 [template]
 filename = instance.cfg.in
-md5sum = 111ff0794c90657b658e3d50525e7fed
+md5sum = fd2ff61d9270109115ced8f56fb0be17
 
 [template-common]
 filename = instance-common.cfg.in
@@ -26,7 +26,7 @@ md5sum = 1d39842e07e6a8674f3157ffc3f7a042
 
 [template-apache-replicate]
 filename = instance-apache-replicate.cfg.in
-md5sum = 0f5af15a0cc024ff181c15e946d92808
+md5sum = 37edefdb9963daa67b01e5d55d97c17d
 
 [template-slave-list]
 filename = templates/apache-custom-slave-list.cfg.in
@@ -48,10 +48,6 @@ md5sum = 7ba0f98ce1692cbd34d98c79488bf240
 filename = templates/caddy-backend-url-validator.in
 md5sum = 0979a03476e86bf038516c9565dadc17
 
-[caddy-custom-http-validator]
-filename = templates/caddy-custom-http-validator.in
-md5sum = a264208e960cdcd25ef27ed8cf730240
-
 [template-not-found-html]
 filename = templates/notfound.html
 md5sum = f20d6c3d2d94fb685f8d26dfca1e822b

software/caddy-frontend/common.cfg

@@ -152,7 +152,6 @@ context =
   key template_kedifa template-kedifa:target
   key template_replicate_publish_slave_information template-replicate-publish-slave-information:target
   key caddy_backend_url_validator caddy-backend-url-validator:output
-  key caddy_custom_http_validator caddy-custom-http-validator:output
 
   section template_frontend_parameter_dict template-frontend-parameter-section
   key caucase_jinja2_library caucase-jinja2-library:target
@@ -169,13 +168,6 @@ filename = caddy-backend-url-validator.in
 output = ${buildout:directory}/caddy-backend-url-validator
 mode = 0750
 
-[caddy-custom-http-validator]
-recipe = slapos.recipe.template
-url = ${:_profile_base_location_}/templates/${:filename}
-filename = caddy-custom-http-validator.in
-output = ${buildout:directory}/caddy-custom-http-validator
-mode = 0750
-
 [template-caddy-replicate]
 recipe = slapos.recipe.build:download
 url = ${:_profile_base_location_}/instance-apache-replicate.cfg.in

software/caddy-frontend/instance-apache-replicate.cfg.in

@@ -114,8 +114,6 @@ context =
 {%         if not unauthorized_message in slave_error_list %}
 {%           do slave_error_list.append(unauthorized_message) %}
 {%         endif %}
-{%       elif subprocess_module.call([caddy_custom_http_validator, '' ~ slave[key]]) == 1 %}
-{%         do slave_error_list.append('slave %s configuration invalid' % (key,)) %}
 {%       endif %}
 {%     endif %}
 {%   endfor %} {# for key in ['caddy_custom_http', 'caddy_custom_https', 'apache_custom_http', 'apache_custom_https'] #}

software/caddy-frontend/instance.cfg.in

@@ -59,7 +59,6 @@ extra-context =
     import validators validators
     key cluster_identification instance-parameter:root-instance-title
     raw caddy_backend_url_validator {{ caddy_backend_url_validator }}
-    raw caddy_custom_http_validator {{ caddy_custom_http_validator }}
     raw template_publish_slave_information {{ template_replicate_publish_slave_information }}
 # Must match the key id in [switch-softwaretype] which uses this section.
     raw software_type RootSoftwareInstance-default-custom-personal-replicate

software/caddy-frontend/templates/caddy-custom-http-validator.in

-#!${dash:location}/bin/dash
-config="$1"
-
-echo -e $config | ${caddy:output} -conf stdin -validate > /dev/null 2>&1

software/caddy-frontend/test/test.py

@@ -3739,7 +3739,6 @@ class TestSlaveBadParameters(SlaveHttpFrontendTestCase, TestDataMixin):
       'domain': 'example.com',
       'nginx-domain': 'nginx.example.com',
       'public-ipv4': SLAPOS_TEST_IPV4,
-      '-frontend-authorized-slave-string': '_caddy_custom_http_s-reject',
       'port': HTTPS_PORT,
       'plain_http_port': HTTP_PORT,
       'nginx_port': NGINX_HTTPS_PORT,
@@ -3754,16 +3753,6 @@ class TestSlaveBadParameters(SlaveHttpFrontendTestCase, TestDataMixin):
   @classmethod
   def getSlaveParameterDictDict(cls):
     return {
-      'caddy_custom_http_s-reject': {
-        'caddy_custom_https': """DestroyCaddyHttps
-For sure
-This shall not be valid
-https://www.google.com {}""",
-        'caddy_custom_http': """DestroyCaddyHttp
-For sure
-This shall not be valid
-https://www.google.com {}""",
-      },
       're6st-optimal-test-nocomma': {
         're6st-optimal-test': 'nocomma',
       },
@@ -3818,9 +3807,6 @@ https://www.google.com {}""",
       'rejected-slave-amount': '3',
       'slave-amount': '11',
       'rejected-slave-dict': {
-        '_caddy_custom_http_s-reject': [
-          'slave caddy_custom_http configuration invalid',
-          'slave caddy_custom_https configuration invalid'],
         '_custom_domain-unsafe': [
           "custom_domain '${section:option} afterspace\\nafternewline' invalid"
         ],
@@ -4140,18 +4126,6 @@ https://www.google.com {}""",
       }
     )
 
-  def test_caddy_custom_http_s_reject(self):
-    parameter_dict = self.parseSlaveParameterDict('caddy_custom_http_s-reject')
-    self.assertEqual(
-      {
-        'request-error-list': [
-          "slave caddy_custom_http configuration invalid",
-          "slave caddy_custom_https configuration invalid"
-        ]
-      },
-      parameter_dict
-    )
-
 
 class TestDuplicateSiteKeyProtection(SlaveHttpFrontendTestCase, TestDataMixin):
   @classmethod
@@ -4160,7 +4134,6 @@ class TestDuplicateSiteKeyProtection(SlaveHttpFrontendTestCase, TestDataMixin):
       'domain': 'example.com',
       'nginx-domain': 'nginx.example.com',
       'public-ipv4': SLAPOS_TEST_IPV4,
-      '-frontend-authorized-slave-string': '_caddy_custom_http_s-reject',
       'port': HTTPS_PORT,
       'plain_http_port': HTTP_PORT,
       'nginx_port': NGINX_HTTPS_PORT,