You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.

411 lines
9.4 KiB

  1. #!/bin/bash
  2. exname=$(basename $0)
  3. prefix_cmd="
  4. . /etc/shlib
  5. include common
  6. include parse
  7. . ../lib/common
  8. "
  9. ##
  10. ## Mocks
  11. ##
  12. relation-get() {
  13. local key="$1"
  14. echo "$CFG" | shyaml get-value "$key" 2>/dev/null
  15. }
  16. export -f relation-get
  17. export RELATION_DATA_FILE=x
  18. relation-set() {
  19. local key="$1" value="$2"
  20. echo "relation-set $key:" >&2
  21. echo "$value" | prefix " | " >&2
  22. }
  23. export -f relation-set
  24. cfg-get-value() {
  25. local key="$1"
  26. shyaml get-value "$key" 2>/dev/null
  27. }
  28. export -f cfg-get-value
  29. get_service_relations() {
  30. printf "%s\0" "${RELATIONS[@]}"
  31. }
  32. export -f get_service_relations
  33. file_put() {
  34. echo "file_put $1"
  35. cat - | prefix " | "
  36. }
  37. export -f file_put
  38. docker() {
  39. echo "docker" "$@"
  40. echo stdin:
  41. cat - | prefix " | "
  42. }
  43. export -f docker
  44. config-add() {
  45. echo "config-add"
  46. echo "$1" | prefix " | "
  47. }
  48. export -f config-add
  49. init-config-add() {
  50. echo "init-config-add"
  51. echo "$1" | prefix " | "
  52. }
  53. export -f init-config-add
  54. mkdir() {
  55. echo "called: $FUNCNAME $@" >&2
  56. }
  57. export -f mkdir
  58. setfacl() {
  59. echo "called: $FUNCNAME $@" >&2
  60. }
  61. export -f setfacl
  62. chgrp() {
  63. echo "called: $FUNCNAME $@" >&2
  64. }
  65. export -f chgrp
  66. chmod() {
  67. echo "called: $FUNCNAME $@" >&2
  68. }
  69. export -f chmod
  70. merge_yaml_str() {
  71. local arg_hash="$(H "$@" | cut -c -16)"
  72. local i
  73. echo "Calling: merge_yaml_str" >&2
  74. ((i=0))
  75. for arg in "$@"; do
  76. echo " arg$((i++)):"
  77. echo "$arg" | prefix " | "
  78. done >&2
  79. echo " H> $arg_hash" >&2
  80. while read-0 h res; do
  81. if [[ "$arg_hash" == "$h" ]]; then
  82. echo "Mock hash matched, returning:" >&2
  83. echo "$res" | prefix " | " >&2
  84. echo "$res"
  85. return 0
  86. fi
  87. done < <(e "$MERGE_YAML_STR" | shyaml key-values-0)
  88. printf "<merge_yaml_str("
  89. printf "'%s', " "$@"
  90. printf ")>"
  91. }
  92. export -f merge_yaml_str
  93. yaml_get_interpret() {
  94. shyaml get-value
  95. }
  96. export -f yaml_get_interpret
  97. yaml_key_val_str() {
  98. printf "%s: %s" "$1" "$2"
  99. }
  100. export -f yaml_key_val_str
  101. cached_cmd_on_base_image() {
  102. echo "called: $FUNCNAME $@" >&2
  103. echo "stdout:" >&2
  104. echo "<GID>" | prefix " | " >&2
  105. echo "<GID>"
  106. }
  107. export -f cached_cmd_on_base_image
  108. export state_tmpdir=$(mktemp -d -t tmp.XXXXXXXXXX)
  109. trap "rm -rf \"$state_tmpdir\"" EXIT
  110. ##
  111. ## apache_vhost_create
  112. ##
  113. try "
  114. export SERVICE_CONFIGSTORE='\$SERVICE_CONFIGSTORE'
  115. apache_vhost_create publish_dir '
  116. domain: www.example.com
  117. '"
  118. is errlvl 0
  119. is err part "\
  120. relation-set protocol:
  121. | http"
  122. is out reg '^file_put \$SERVICE_CONFIGSTORE/.*/www.example.com.conf'
  123. try "
  124. export SERVICE_CONFIGSTORE='\$SERVICE_CONFIGSTORE'
  125. CFG='
  126. domain: www.example.com
  127. ssl: true
  128. '
  129. ADDITION='
  130. apache-custom-rules:
  131. - |
  132. ## Auto-redirection from http to https
  133. RewriteEngine On
  134. RewriteCond %{HTTPS} off
  135. RewriteRule ^ https://%{HTTP_HOST}%{REQUEST_URI} [R=302,L,QSA]'
  136. MERGE_YAML_STR=\"
  137. 6b92a84e9d93e4a1: |
  138. \$(echo \"\$CFG\" | prefix ' ')
  139. \$(echo \"\$ADDITION\" | prefix ' ')
  140. \"
  141. apache_vhost_create publish_dir \"\$CFG\"
  142. "
  143. is errlvl 0
  144. is err part "## Auto-redirection from http to https"
  145. is err part "\
  146. relation-set protocol:
  147. | https"
  148. is out reg '^file_put \$SERVICE_CONFIGSTORE/.*/www.example.com.conf'
  149. try "
  150. export SERVICE_CONFIGSTORE='\$SERVICE_CONFIGSTORE'
  151. export CONFIGSTORE='\$CONFIGSTORE'
  152. export BASE_SERVICE_NAME='\$BASE_SERVICE_NAME'
  153. export MASTER_TARGET_SERVICE_NAME='\$MASTER_TARGET_SERVICE_NAME'
  154. CFG='
  155. domain: www.example.com
  156. ssl:
  157. key: |
  158. a
  159. b
  160. cert: c
  161. '
  162. ADDITION='
  163. apache-custom-rules:
  164. - |
  165. ## Auto-redirection from http to https
  166. RewriteEngine On
  167. RewriteCond %{HTTPS} off
  168. RewriteRule ^ https://%{HTTP_HOST}%{REQUEST_URI} [R=302,L,QSA]'
  169. MERGE_YAML_STR=\"
  170. 3b76349cfba9d3f2: |
  171. \$(echo \"\$CFG\" | prefix ' ')
  172. \$(echo \"\$ADDITION\" | prefix ' ')
  173. \"
  174. apache_vhost_create publish_dir \"\$CFG\"
  175. "
  176. is errlvl 0
  177. is err part "## Auto-redirection from http to https"
  178. is err part "\
  179. relation-set protocol:
  180. | https"
  181. is out part 'file_put $CONFIGSTORE/$BASE_SERVICE_NAME/etc/ssl/certs/www.example.com.pem
  182. | c'
  183. is out part 'file_put $CONFIGSTORE/$BASE_SERVICE_NAME/etc/ssl/private/www.example.com.key
  184. | a
  185. | b'
  186. is out reg 'init-config-add'
  187. is out reg ' - \$CONFIGSTORE/\$BASE_SERVICE_NAME/etc/ssl/certs/www.example.com.pem:/etc/ssl/certs/www.example.com.pem:ro'
  188. is out reg ' - \$CONFIGSTORE/\$BASE_SERVICE_NAME/etc/ssl/private/www.example.com.key:/etc/ssl/private/www.example.com.key:ro'
  189. try "
  190. export DOCKER_BASE_IMAGE=docker/apache
  191. export SERVICE_CONFIGSTORE='\$SERVICE_CONFIGSTORE'
  192. export CONFIGSTORE='\$CONFIGSTORE'
  193. export BASE_SERVICE_NAME='\$BASE_SERVICE_NAME'
  194. export MASTER_TARGET_SERVICE_NAME='\$MASTER_TARGET_SERVICE_NAME'
  195. CFG='
  196. domain: www.example.com
  197. creds:
  198. toto: xxx
  199. '
  200. apache_vhost_create publish_dir \"\$CFG\"
  201. "
  202. is errlvl 0
  203. is err part "\
  204. relation-set protocol:
  205. | http"
  206. is out reg "htpasswd -bc '/etc/apache2/sites-enabled/www.example.com.passwd' 'toto' 'xxx'"
  207. is out reg 'docker run -i --entrypoint /bin/bash .* docker/apache'
  208. try "
  209. export SERVICE_CONFIGSTORE='\$SERVICE_CONFIGSTORE'
  210. apache_vhost_create publish_dir '' ',http,' '000-default'"
  211. is errlvl 0
  212. is err part "\
  213. relation-set protocol:
  214. | http"
  215. is out reg '^file_put \$SERVICE_CONFIGSTORE/.*/000-default.conf'
  216. ##
  217. ## apache_publish_dir
  218. ##
  219. try "
  220. export DOCKER_BASE_IMAGE=docker/apache
  221. export SERVICE_CONFIGSTORE='\$SERVICE_CONFIGSTORE'
  222. export CONFIGSTORE='\$CONFIGSTORE'
  223. export BASE_SERVICE_NAME='\$BASE_SERVICE_NAME'
  224. export MASTER_TARGET_SERVICE_NAME='\$MASTER_TARGET_SERVICE_NAME'
  225. apache_publish_dir '
  226. creds:
  227. toto: xxx
  228. '" "missing domain"
  229. is errlvl 1 ## no domain
  230. try "
  231. export DATASTORE='\$DATASTORE'
  232. export DOCKER_BASE_IMAGE=docker/apache
  233. export SERVICE_CONFIGSTORE='\$SERVICE_CONFIGSTORE'
  234. export CONFIGSTORE='\$CONFIGSTORE'
  235. export BASE_SERVICE_NAME='\$BASE_SERVICE_NAME'
  236. export MASTER_TARGET_SERVICE_NAME='\$MASTER_TARGET_SERVICE_NAME'
  237. apache_publish_dir '
  238. domain: www.example.com
  239. creds:
  240. toto: xxx
  241. '
  242. "
  243. is errlvl 0
  244. is err reg 'setfacl -R -m g:<GID>:rx \$DATASTORE/\$BASE_SERVICE_NAME/var/www/www.example.com'
  245. is err reg 'cached_cmd_on_base_image apache id -g www-data'
  246. try "
  247. export DATASTORE='\$DATASTORE'
  248. export DOCKER_BASE_IMAGE=docker/apache
  249. export SERVICE_CONFIGSTORE='\$SERVICE_CONFIGSTORE'
  250. export CONFIGSTORE='\$CONFIGSTORE'
  251. export BASE_SERVICE_NAME='\$BASE_SERVICE_NAME'
  252. export MASTER_TARGET_SERVICE_NAME='\$MASTER_TARGET_SERVICE_NAME'
  253. apache_publish_dir '
  254. domain: www.example.com
  255. creds:
  256. toto: xxx
  257. data-dirs:
  258. - a
  259. - b
  260. - c
  261. '
  262. "
  263. is errlvl 0
  264. is err reg 'setfacl -R -m g:<GID>:rwx \$DATASTORE/\$BASE_SERVICE_NAME/var/www/www.example.com/a \$DATASTORE/\$BASE_SERVICE_NAME/var/www/www.example.com/b \$DATASTORE/\$BASE_SERVICE_NAME/var/www/www.example.com/c'
  265. is err reg 'setfacl -R -d -m g:<GID>:rwx \$DATASTORE/\$BASE_SERVICE_NAME/var/www/www.example.com/a \$DATASTORE/\$BASE_SERVICE_NAME/var/www/www.example.com/b \$DATASTORE/\$BASE_SERVICE_NAME/var/www/www.example.com/c'
  266. try "
  267. export DATASTORE='\$DATASTORE'
  268. export DOCKER_BASE_IMAGE=docker/apache
  269. export SERVICE_CONFIGSTORE='\$SERVICE_CONFIGSTORE'
  270. export CONFIGSTORE='\$CONFIGSTORE'
  271. export SERVICE_NAME='\$SERVICE_NAME'
  272. export BASE_SERVICE_NAME='\$BASE_SERVICE_NAME'
  273. export MASTER_BASE_SERVICE_NAME='\$MASTER_BASE_SERVICE_NAME'
  274. export MASTER_TARGET_SERVICE_NAME='\$MASTER_TARGET_SERVICE_NAME'
  275. apache_publish_dir '
  276. domain: www.example.com
  277. location: /opt/apps/newlocation
  278. creds:
  279. toto: xxx
  280. data-dirs:
  281. - a
  282. - b
  283. - c
  284. '
  285. "
  286. is errlvl 0
  287. is err reg 'mkdir -p /opt/apps/newlocation'
  288. is err reg 'setfacl -R -m g:<GID>:rx /opt/apps/newlocation'
  289. is out part '
  290. init-config-add
  291. |
  292. | $SERVICE_NAME:
  293. | volumes:
  294. | - /opt/apps/newlocation:/var/www/www.example.com' RTRIM
  295. try "
  296. export DATASTORE='\$DATASTORE'
  297. export DOCKER_BASE_IMAGE=docker/apache
  298. export SERVICE_CONFIGSTORE='\$SERVICE_CONFIGSTORE'
  299. export CONFIGSTORE='\$CONFIGSTORE'
  300. export BASE_SERVICE_NAME='\$BASE_SERVICE_NAME'
  301. export MASTER_BASE_SERVICE_NAME='\$MASTER_BASE_SERVICE_NAME'
  302. export MASTER_TARGET_SERVICE_NAME='\$MASTER_TARGET_SERVICE_NAME'
  303. apache_ssh_tunnel '
  304. domain: www.example.com
  305. creds:
  306. toto: xxx
  307. '
  308. " "ssh tunnel without ssl"
  309. is errlvl 1
  310. is err 'Error: ssl must be valued in ssh-tunnel config.
  311. '
  312. is out ''
  313. try "
  314. export DATASTORE='\$DATASTORE'
  315. export DOCKER_BASE_IMAGE=docker/apache
  316. export SERVICE_CONFIGSTORE='\$SERVICE_CONFIGSTORE'
  317. export CONFIGSTORE='\$CONFIGSTORE'
  318. export BASE_SERVICE_NAME='\$BASE_SERVICE_NAME'
  319. export MASTER_BASE_SERVICE_NAME='\$MASTER_BASE_SERVICE_NAME'
  320. export MASTER_TARGET_SERVICE_NAME='\$MASTER_TARGET_SERVICE_NAME'
  321. apache_ssh_tunnel '
  322. ssl: true
  323. creds:
  324. toto: xxx
  325. '
  326. " "ssh tunnel without domain"
  327. is errlvl 1
  328. is err 'Error: domain must be valued in ssh-tunnel config.
  329. '
  330. is out ''
  331. try "
  332. export DATASTORE='\$DATASTORE'
  333. export DOCKER_BASE_IMAGE=docker/apache
  334. export SERVICE_CONFIGSTORE='\$SERVICE_CONFIGSTORE'
  335. export CONFIGSTORE='\$CONFIGSTORE'
  336. export BASE_SERVICE_NAME='\$BASE_SERVICE_NAME'
  337. export MASTER_BASE_SERVICE_NAME='\$MASTER_BASE_SERVICE_NAME'
  338. export MASTER_TARGET_SERVICE_NAME='\$MASTER_TARGET_SERVICE_NAME'
  339. apache_ssh_tunnel '
  340. domain: ssh.example.com
  341. ssl:
  342. key: a
  343. ca-cert: b
  344. creds:
  345. toto: xxx
  346. '
  347. " "ssh tunnel"
  348. is errlvl 0
  349. is err reg 'relation-set domain:
  350. | ssh.example.com'
  351. is out reg 'file_put \$SERVICE_CONFIGSTORE/etc/apache2/sites-enabled/000-ssh.example.com.conf'
  352. is out reg 'file_put \$CONFIGSTORE/\$BASE_SERVICE_NAME/etc/ssl/private/ssh.example.com.key'
  353. is out reg 'file_put \$CONFIGSTORE/\$BASE_SERVICE_NAME/etc/ssl/certs/ssh.example.com-ca.pem'
  354. is out reg 'AuthUserFile /etc/apache2/sites-enabled/ssh.example.com.passwd'
  355. is out reg "htpasswd -bc '/etc/apache2/sites-enabled/000-ssh.example.com.passwd' 'toto' 'xxx'"