Skip to content

erp5
erp5
Commit 5080a7d3 authored by Łukasz Nowak's avatar Łukasz Nowak
Browse files
Options

Allow to configure location ACLs.

parent f2dd3054
Hide whitespace changes
Inline Side-by-side
Showing with 23 additions and 7 deletions
slapos/recipe/erp5/src/slapos/recipe/erp5/__init__.py
View file @ 5080a7d3
...@@ -696,12 +696,18 @@ class Recipe(BaseSlapRecipe): ...@@ -696,12 +696,18 @@ class Recipe(BaseSlapRecipe):
apache_conf['pid_file'] + ' SIGUSR1') apache_conf['pid_file'] + ' SIGUSR1')
return apache_conf return apache_conf
def _writeApacheConfiguration(self, prefix, apache_conf, backend): def _writeApacheConfiguration(self, prefix, apache_conf, backend,
location_access_mapping=None):
if location_access_mapping is None:
location_access_mapping = {}
rewrite_rule_template = \ rewrite_rule_template = \
"RewriteRule (.*) http://%(backend)s$1 [L,P]" "RewriteRule (.*) http://%(backend)s$1 [L,P]"
path_template = pkg_resources.resource_string(__name__, path_template = pkg_resources.resource_string(__name__,
'template/apache.zope.conf.path.in') 'template/apache.zope.conf.path.in')
path = path_template % dict(path='/') if location_access_mapping is None:
path = path_template % dict(path='/')
else:
path = ''
d = dict( d = dict(
path=path, path=path,
backend=backend, backend=backend,
...@@ -714,12 +720,17 @@ class Recipe(BaseSlapRecipe): ...@@ -714,12 +720,17 @@ class Recipe(BaseSlapRecipe):
path_enable=path, path_enable=path,
rewrite_rule=rewrite_rule rewrite_rule=rewrite_rule
)) ))
return self.createConfigurationFile(prefix + '.conf', apache_conf_string = pkg_resources.resource_string(__name__,
pkg_resources.resource_string(__name__, 'template/apache.zope.conf.in') % apache_conf
'template/apache.zope.conf.in') % apache_conf) location_template = pkg_resources.resource_string(__name__,
'template/apache.location-snippet.conf.in')
for location, allow_string in location_access_mapping.iteritems():
apache_conf_string += '\n' + location_template % dict(location=location,
allow_string=allow_string) + '\n'
return self.createConfigurationFile(prefix + '.conf', apache_conf_string)
def installLoginApache(self, ip, port, backend, key, certificate, def installLoginApache(self, ip, port, backend, key, certificate,
suffix=''): suffix='', location_access_mapping=None):
ssl_template = """SSLEngine on ssl_template = """SSLEngine on
SSLCertificateFile %(login_certificate)s SSLCertificateFile %(login_certificate)s
SSLCertificateKeyFile %(login_key)s SSLCertificateKeyFile %(login_key)s
...@@ -732,7 +743,7 @@ SSLRandomSeed connect builtin ...@@ -732,7 +743,7 @@ SSLRandomSeed connect builtin
apache_conf['ssl_snippet'] = ssl_template % dict( apache_conf['ssl_snippet'] = ssl_template % dict(
login_certificate=certificate, login_key=key) login_certificate=certificate, login_key=key)
apache_config_file = self._writeApacheConfiguration('login_apache'+suffix, apache_config_file = self._writeApacheConfiguration('login_apache'+suffix,
apache_conf, backend) apache_conf, backend, location_access_mapping)
self.path_list.append(apache_config_file) self.path_list.append(apache_config_file)
self.path_list.extend(zc.buildout.easy_install.scripts([( self.path_list.extend(zc.buildout.easy_install.scripts([(
'login_apache'+suffix, 'login_apache'+suffix,
......
slapos/recipe/erp5/src/slapos/recipe/erp5/template/apache.location-snippet.conf.in 0 → 100644
View file @ 5080a7d3
<Location %(location)s>
Order Deny,Allow
Deny from all
Allow from %(allow_string)s
</Location>
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment
GitLab Nexedi Edition | About GitLab | About Nexedi | 沪ICP备2021021310号-2 | 沪ICP备2021021310号-7