You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.

391 lines
9.0 KiB

  1. #!/bin/bash
  2. exname=$(basename $0)
  3. prefix_cmd="
  4. . /etc/shlib
  5. include common
  6. include parse
  7. . ../lib/common
  8. "
  9. ##
  10. ## Mocks
  11. ##
  12. relation-get() {
  13. local key="$1"
  14. echo "$CFG" | shyaml get-value "$key" 2>/dev/null
  15. }
  16. export -f relation-get
  17. export RELATION_DATA_FILE=x
  18. relation-set() {
  19. local key="$1" value="$2"
  20. echo "relation-set $key:" >&2
  21. echo "$value" | prefix " | " >&2
  22. }
  23. export -f relation-set
  24. cfg-get-value() {
  25. local key="$1"
  26. shyaml get-value "$key" 2>/dev/null
  27. }
  28. export -f cfg-get-value
  29. get_service_relations() {
  30. printf "%s\0" "${RELATIONS[@]}"
  31. }
  32. export -f get_service_relations
  33. file_put() {
  34. echo "file_put $1"
  35. cat - | prefix " | "
  36. }
  37. export -f file_put
  38. docker() {
  39. echo "docker" "$@"
  40. echo stdin:
  41. cat - | prefix " | "
  42. }
  43. export -f docker
  44. config-add() {
  45. echo "config-add"
  46. echo "$1" | prefix " | "
  47. }
  48. export -f config-add
  49. mkdir() {
  50. echo "called: $FUNCNAME $@" >&2
  51. }
  52. export -f mkdir
  53. setfacl() {
  54. echo "called: $FUNCNAME $@" >&2
  55. }
  56. export -f setfacl
  57. chgrp() {
  58. echo "called: $FUNCNAME $@" >&2
  59. }
  60. export -f chgrp
  61. chmod() {
  62. echo "called: $FUNCNAME $@" >&2
  63. }
  64. export -f chmod
  65. merge_yaml_str() {
  66. local arg_hash="$(H "$@" | cut -c -16)"
  67. local i
  68. echo "Calling: merge_yaml_str" >&2
  69. ((i=0))
  70. for arg in "$@"; do
  71. echo " arg$((i++)):"
  72. echo "$arg" | prefix " | "
  73. done >&2
  74. echo " H> $arg_hash" >&2
  75. while read-0 h res; do
  76. if [[ "$arg_hash" == "$h" ]]; then
  77. echo "Mock hash matched, returning:" >&2
  78. echo "$res" | prefix " | " >&2
  79. echo "$res"
  80. return 0
  81. fi
  82. done < <(e "$MERGE_YAML_STR" | shyaml key-values-0)
  83. printf "<merge_yaml_str("
  84. printf "'%s', " "$@"
  85. printf ")>"
  86. }
  87. export -f merge_yaml_str
  88. yaml_get_interpret() {
  89. shyaml get-value
  90. }
  91. export -f yaml_get_interpret
  92. yaml_key_val_str() {
  93. printf "%s: %s" "$1" "$2"
  94. }
  95. export -f yaml_key_val_str
  96. cached_cmd_on_base_image() {
  97. echo "called: $FUNCNAME $@" >&2
  98. echo "stdout:" >&2
  99. echo "<GID>" | prefix " | " >&2
  100. echo "<GID>"
  101. }
  102. export -f cached_cmd_on_base_image
  103. export state_tmpdir=$(mktemp -d -t tmp.XXXXXXXXXX)
  104. trap "rm -rf \"$state_tmpdir\"" EXIT
  105. ##
  106. ## apache_vhost_create
  107. ##
  108. try "
  109. export SERVICE_CONFIGSTORE='\$SERVICE_CONFIGSTORE'
  110. apache_vhost_create publish_dir '
  111. domain: www.example.com
  112. '"
  113. is errlvl 0
  114. is err part "\
  115. relation-set protocol:
  116. | http"
  117. is out reg '^file_put \$SERVICE_CONFIGSTORE/.*/www.example.com.conf'
  118. try "
  119. export SERVICE_CONFIGSTORE='\$SERVICE_CONFIGSTORE'
  120. CFG='
  121. domain: www.example.com
  122. ssl: true
  123. '
  124. ADDITION='
  125. apache-custom-rules:
  126. - |
  127. ## Auto-redirection from http to https
  128. RewriteEngine On
  129. RewriteCond %{HTTPS} off
  130. RewriteRule ^ https://%{HTTP_HOST}%{REQUEST_URI} [R=302,L,QSA]'
  131. MERGE_YAML_STR=\"
  132. 6b92a84e9d93e4a1: |
  133. \$(echo \"\$CFG\" | prefix ' ')
  134. \$(echo \"\$ADDITION\" | prefix ' ')
  135. \"
  136. apache_vhost_create publish_dir \"\$CFG\"
  137. "
  138. is errlvl 0
  139. is err part "## Auto-redirection from http to https"
  140. is err part "\
  141. relation-set protocol:
  142. | https"
  143. is out reg '^file_put \$SERVICE_CONFIGSTORE/.*/www.example.com.conf'
  144. try "
  145. export SERVICE_CONFIGSTORE='\$SERVICE_CONFIGSTORE'
  146. export CONFIGSTORE='\$CONFIGSTORE'
  147. export BASE_SERVICE_NAME='\$BASE_SERVICE_NAME'
  148. export MASTER_TARGET_SERVICE_NAME='\$MASTER_TARGET_SERVICE_NAME'
  149. CFG='
  150. domain: www.example.com
  151. ssl:
  152. key: |
  153. a
  154. b
  155. cert: c
  156. '
  157. ADDITION='
  158. apache-custom-rules:
  159. - |
  160. ## Auto-redirection from http to https
  161. RewriteEngine On
  162. RewriteCond %{HTTPS} off
  163. RewriteRule ^ https://%{HTTP_HOST}%{REQUEST_URI} [R=302,L,QSA]'
  164. MERGE_YAML_STR=\"
  165. 3b76349cfba9d3f2: |
  166. \$(echo \"\$CFG\" | prefix ' ')
  167. \$(echo \"\$ADDITION\" | prefix ' ')
  168. \"
  169. apache_vhost_create publish_dir \"\$CFG\"
  170. "
  171. is errlvl 0
  172. is err part "## Auto-redirection from http to https"
  173. is err part "\
  174. relation-set protocol:
  175. | https"
  176. is out part 'file_put $CONFIGSTORE/$BASE_SERVICE_NAME/etc/ssl/certs/www.example.com.pem
  177. | c'
  178. is out part 'file_put $CONFIGSTORE/$BASE_SERVICE_NAME/etc/ssl/private/www.example.com.key
  179. | a
  180. | b'
  181. is out reg 'config-add'
  182. is out reg ' - \$CONFIGSTORE/\$BASE_SERVICE_NAME/etc/ssl/certs/www.example.com.pem:/etc/ssl/certs/www.example.com.pem:ro'
  183. is out reg ' - \$CONFIGSTORE/\$BASE_SERVICE_NAME/etc/ssl/private/www.example.com.key:/etc/ssl/private/www.example.com.key:ro'
  184. try "
  185. export DOCKER_BASE_IMAGE=docker/apache
  186. export SERVICE_CONFIGSTORE='\$SERVICE_CONFIGSTORE'
  187. export CONFIGSTORE='\$CONFIGSTORE'
  188. export BASE_SERVICE_NAME='\$BASE_SERVICE_NAME'
  189. export MASTER_TARGET_SERVICE_NAME='\$MASTER_TARGET_SERVICE_NAME'
  190. CFG='
  191. domain: www.example.com
  192. creds:
  193. toto: xxx
  194. '
  195. apache_vhost_create publish_dir \"\$CFG\"
  196. "
  197. is errlvl 0
  198. is err part "\
  199. relation-set protocol:
  200. | http"
  201. is out reg "htpasswd -bc '/etc/apache2/sites-enabled/www.example.com.passwd' 'toto' 'xxx'"
  202. is out reg 'docker run -i --entrypoint /bin/bash .* docker/apache'
  203. ##
  204. ## apache_publish_dir
  205. ##
  206. try "
  207. export DOCKER_BASE_IMAGE=docker/apache
  208. export SERVICE_CONFIGSTORE='\$SERVICE_CONFIGSTORE'
  209. export CONFIGSTORE='\$CONFIGSTORE'
  210. export BASE_SERVICE_NAME='\$BASE_SERVICE_NAME'
  211. export MASTER_TARGET_SERVICE_NAME='\$MASTER_TARGET_SERVICE_NAME'
  212. apache_publish_dir '
  213. creds:
  214. toto: xxx
  215. '" "missing domain"
  216. is errlvl 1 ## no domain
  217. try "
  218. export DATASTORE='\$DATASTORE'
  219. export DOCKER_BASE_IMAGE=docker/apache
  220. export SERVICE_CONFIGSTORE='\$SERVICE_CONFIGSTORE'
  221. export CONFIGSTORE='\$CONFIGSTORE'
  222. export BASE_SERVICE_NAME='\$BASE_SERVICE_NAME'
  223. export MASTER_TARGET_SERVICE_NAME='\$MASTER_TARGET_SERVICE_NAME'
  224. apache_publish_dir '
  225. domain: www.example.com
  226. creds:
  227. toto: xxx
  228. '
  229. "
  230. is errlvl 0
  231. is err reg 'setfacl -R -m g:<GID>:rx \$DATASTORE/\$BASE_SERVICE_NAME/var/www/www.example.com'
  232. is err reg 'cached_cmd_on_base_image apache id -g www-data'
  233. try "
  234. export DATASTORE='\$DATASTORE'
  235. export DOCKER_BASE_IMAGE=docker/apache
  236. export SERVICE_CONFIGSTORE='\$SERVICE_CONFIGSTORE'
  237. export CONFIGSTORE='\$CONFIGSTORE'
  238. export BASE_SERVICE_NAME='\$BASE_SERVICE_NAME'
  239. export MASTER_TARGET_SERVICE_NAME='\$MASTER_TARGET_SERVICE_NAME'
  240. apache_publish_dir '
  241. domain: www.example.com
  242. creds:
  243. toto: xxx
  244. data-dirs:
  245. - a
  246. - b
  247. - c
  248. '
  249. "
  250. is errlvl 0
  251. is err reg 'setfacl -R -m g:<GID>:rwx \$DATASTORE/\$BASE_SERVICE_NAME/var/www/www.example.com/a \$DATASTORE/\$BASE_SERVICE_NAME/var/www/www.example.com/b \$DATASTORE/\$BASE_SERVICE_NAME/var/www/www.example.com/c'
  252. is err reg 'setfacl -R -d -m g:<GID>:rwx \$DATASTORE/\$BASE_SERVICE_NAME/var/www/www.example.com/a \$DATASTORE/\$BASE_SERVICE_NAME/var/www/www.example.com/b \$DATASTORE/\$BASE_SERVICE_NAME/var/www/www.example.com/c'
  253. try "
  254. export DATASTORE='\$DATASTORE'
  255. export DOCKER_BASE_IMAGE=docker/apache
  256. export SERVICE_CONFIGSTORE='\$SERVICE_CONFIGSTORE'
  257. export CONFIGSTORE='\$CONFIGSTORE'
  258. export BASE_SERVICE_NAME='\$BASE_SERVICE_NAME'
  259. export MASTER_BASE_SERVICE_NAME='\$MASTER_BASE_SERVICE_NAME'
  260. export MASTER_TARGET_SERVICE_NAME='\$MASTER_TARGET_SERVICE_NAME'
  261. apache_publish_dir '
  262. domain: www.example.com
  263. location: /opt/apps/newlocation
  264. creds:
  265. toto: xxx
  266. data-dirs:
  267. - a
  268. - b
  269. - c
  270. '
  271. "
  272. is errlvl 0
  273. is err reg 'mkdir -p /opt/apps/newlocation'
  274. is err reg 'setfacl -R -m g:<GID>:rx /opt/apps/newlocation'
  275. is out part ' | $MASTER_BASE_SERVICE_NAME:
  276. | volumes:
  277. | - /opt/apps/newlocation:/var/www/www.example.com'
  278. try "
  279. export DATASTORE='\$DATASTORE'
  280. export DOCKER_BASE_IMAGE=docker/apache
  281. export SERVICE_CONFIGSTORE='\$SERVICE_CONFIGSTORE'
  282. export CONFIGSTORE='\$CONFIGSTORE'
  283. export BASE_SERVICE_NAME='\$BASE_SERVICE_NAME'
  284. export MASTER_BASE_SERVICE_NAME='\$MASTER_BASE_SERVICE_NAME'
  285. export MASTER_TARGET_SERVICE_NAME='\$MASTER_TARGET_SERVICE_NAME'
  286. apache_ssh_tunnel '
  287. domain: www.example.com
  288. creds:
  289. toto: xxx
  290. '
  291. " "ssh tunnel without ssl"
  292. is errlvl 1
  293. is err 'Error: ssl must be valued in ssh-tunnel config.
  294. '
  295. is out ''
  296. try "
  297. export DATASTORE='\$DATASTORE'
  298. export DOCKER_BASE_IMAGE=docker/apache
  299. export SERVICE_CONFIGSTORE='\$SERVICE_CONFIGSTORE'
  300. export CONFIGSTORE='\$CONFIGSTORE'
  301. export BASE_SERVICE_NAME='\$BASE_SERVICE_NAME'
  302. export MASTER_BASE_SERVICE_NAME='\$MASTER_BASE_SERVICE_NAME'
  303. export MASTER_TARGET_SERVICE_NAME='\$MASTER_TARGET_SERVICE_NAME'
  304. apache_ssh_tunnel '
  305. ssl: true
  306. creds:
  307. toto: xxx
  308. '
  309. " "ssh tunnel without domain"
  310. is errlvl 1
  311. is err 'Error: domain must be valued in ssh-tunnel config.
  312. '
  313. is out ''
  314. try "
  315. export DATASTORE='\$DATASTORE'
  316. export DOCKER_BASE_IMAGE=docker/apache
  317. export SERVICE_CONFIGSTORE='\$SERVICE_CONFIGSTORE'
  318. export CONFIGSTORE='\$CONFIGSTORE'
  319. export BASE_SERVICE_NAME='\$BASE_SERVICE_NAME'
  320. export MASTER_BASE_SERVICE_NAME='\$MASTER_BASE_SERVICE_NAME'
  321. export MASTER_TARGET_SERVICE_NAME='\$MASTER_TARGET_SERVICE_NAME'
  322. apache_ssh_tunnel '
  323. domain: ssh.example.com
  324. ssl:
  325. key: a
  326. ca-cert: b
  327. creds:
  328. toto: xxx
  329. '
  330. " "ssh tunnel"
  331. is errlvl 0
  332. is err reg 'relation-set domain:
  333. | ssh.example.com'
  334. is out reg 'file_put \$SERVICE_CONFIGSTORE/etc/apache2/sites-enabled/000-ssh.example.com.conf'
  335. is out reg 'file_put \$CONFIGSTORE/\$BASE_SERVICE_NAME/etc/ssl/private/ssh.example.com.key'
  336. is out reg 'file_put \$CONFIGSTORE/\$BASE_SERVICE_NAME/etc/ssl/certs/ssh.example.com-ca.pem'
  337. is out reg 'AuthUserFile /etc/apache2/sites-enabled/ssh.example.com.passwd'
  338. is out reg "htpasswd -bc '/etc/apache2/sites-enabled/000-ssh.example.com.passwd' 'toto' 'xxx'"