diff options
| author | Chris St. Pierre <chris.a.st.pierre@gmail.com> | 2013-02-07 08:26:39 -0500 |
|---|---|---|
| committer | Chris St. Pierre <chris.a.st.pierre@gmail.com> | 2013-02-07 08:26:39 -0500 |
| commit | 7db65d41386768a5081c34c16db17e82b96a5b7a (patch) | |
| tree | 07ff91016b461afb44ced8247bafcba2d1f21ae2 | |
| parent | 65caf3f586d7985d88652c73e7b214ba3e40eac2 (diff) | |
| download | bcfg2-7db65d41386768a5081c34c16db17e82b96a5b7a.tar.gz bcfg2-7db65d41386768a5081c34c16db17e82b96a5b7a.tar.bz2 bcfg2-7db65d41386768a5081c34c16db17e82b96a5b7a.zip | |
made XInlcude and Encryption support more consistent
| -rw-r--r-- | doc/server/xml-common.txt | 99 | ||||
| -rw-r--r-- | schemas/authorizedkeys.xsd | 24 | ||||
| -rw-r--r-- | schemas/info.xsd | 22 | ||||
| -rw-r--r-- | schemas/sslca-cert.xsd | 24 | ||||
| -rw-r--r-- | schemas/sslca-key.xsd | 22 | ||||
| -rw-r--r-- | src/lib/Bcfg2/Server/Plugin/helpers.py | 6 | ||||
| -rw-r--r-- | src/lib/Bcfg2/Server/Plugins/FileProbes.py | 11 | ||||
| -rw-r--r-- | src/lib/Bcfg2/Server/Plugins/NagiosGen.py | 24 | ||||
| -rw-r--r-- | src/lib/Bcfg2/Server/Plugins/Packages/PackagesSources.py | 4 | ||||
| -rw-r--r-- | testsuite/Testsrc/Testlib/TestServer/TestPlugin/Testhelpers.py | 4 |
10 files changed, 118 insertions, 122 deletions
diff --git a/doc/server/xml-common.txt b/doc/server/xml-common.txt index 44205ed42..cdecf9210 100644 --- a/doc/server/xml-common.txt +++ b/doc/server/xml-common.txt @@ -140,58 +140,77 @@ pieces. For instance, in the :ref:`server-plugins-grouping-metadata` To enable XInclude on a file, you need only add the XInclude namespace to the top-level tag. -XInclude can only include whole, well-formed XML files. In many -cases, if a file type does not support XInclude it is because the XML -schema lacks support. +XInclude can only include complete, well-formed XML files. In some +cases, it may not be entirely obvious or intuitive how to structure +such an included file to conform to the schema, although in general +the included files should be structure exactly like the parent file. Feature Matrix ============== -+--------------------------------------------------------------+--------------+--------+------------+----------+ -| File | Group/Client | Genshi | Encryption | XInclude | -+==============================================================+==============+========+============+==========+ -| :ref:`Bundles <server-plugins-structures-bundler-index>` | Yes | Yes | Yes | Yes | -+--------------------------------------------------------------+--------------+--------+------------+----------+ -| :ref:`info.xml <server-info>` | Yes [#f1]_ | Yes | No | No | -+--------------------------------------------------------------+--------------+--------+------------+----------+ -| :ref:`authorizedkeys.xml, privkey.xml, and pubkey.xml | Yes | Yes | Yes | No | -| <server-plugins-generators-cfg-sshkeys>` | | | | | -+--------------------------------------------------------------+--------------+--------+------------+----------+ -| :ref:`Decisions <server-plugins-generators-decisions>` | Yes | Yes | Yes | Yes | -+--------------------------------------------------------------+--------------+--------+------------+----------+ -| :ref:`Defaults <server-plugins-structures-defaults>` | Yes | Yes | Yes | Yes | -+--------------------------------------------------------------+--------------+--------+------------+----------+ -| :ref:`FileProbes <server-plugins-probes-fileprobes>` | Yes | Yes | No | Yes | -+--------------------------------------------------------------+--------------+--------+------------+----------+ -| :ref:`GroupPatterns <server-plugins-grouping-grouppatterns>` | No | No | No | Yes | -+--------------------------------------------------------------+--------------+--------+------------+----------+ -| :ref:`Metadata clients.xml | No | No | No | Yes | -| <server-plugins-grouping-metadata-clients-xml>` | | | | | -+--------------------------------------------------------------+--------------+--------+------------+----------+ -| :ref:`Metadata clients.xml | Yes [#f2]_ | No | No | Yes | -| <server-plugins-grouping-metadata-groups-xml>` | | | | | -+--------------------------------------------------------------+--------------+--------+------------+----------+ -| :ref:`NagiosGen <server-plugins-generators-nagiosgen>` | Yes | Yes | No | Yes | -+--------------------------------------------------------------+--------------+--------+------------+----------+ -| :ref:`Pkgmgr <server-plugins-generators-pkgmgr>` | Yes | No | No | No | -+--------------------------------------------------------------+--------------+--------+------------+----------+ -| :ref:`Properties <server-plugins-connectors-properties>` | Yes [#f3]_ | Yes | Yes | Yes | -+--------------------------------------------------------------+--------------+--------+------------+----------+ -| :ref:`Rules <server-plugins-generators-rules>` | Yes | Yes | Yes | Yes | -+--------------------------------------------------------------+--------------+--------+------------+----------+ -| :ref:`SSLCA cert.xml and key.xml | Yes | Yes | Yes | No | -| <server-plugins-generators-sslca>` | | | | | -+--------------------------------------------------------------+--------------+--------+------------+----------+ ++-------------------------------------------------+--------------+--------+------------+------------+ +| File | Group/Client | Genshi | Encryption | XInclude | ++=================================================+==============+========+============+============+ +| :ref:`Bundler | Yes | Yes | Yes | Yes | +| <server-plugins-structures-bundler-index>` | | | | | ++-------------------------------------------------+--------------+--------+------------+------------+ +| :ref:`info.xml <server-info>` | Yes [#f1]_ | Yes | Yes | Yes | ++-------------------------------------------------+--------------+--------+------------+------------+ +| :ref:`privkey.xml and pubkey.xml | Yes | Yes | Yes | Yes [#f2]_ | +| <server-plugins-generators-cfg-sshkeys>` | | | | | ++-------------------------------------------------+--------------+--------+------------+------------+ +| :ref:`authorizedkeys.xml | Yes | Yes | Yes | Yes | +| <server-plugins-generators-cfg-sshkeys>` | | | | | ++-------------------------------------------------+--------------+--------+------------+------------+ +| :ref:`Decisions | Yes | Yes | Yes | Yes | +| <server-plugins-generators-decisions>` | | | | | ++-------------------------------------------------+--------------+--------+------------+------------+ +| :ref:`Defaults | Yes | Yes | Yes | Yes | +| <server-plugins-structures-defaults>` | | | | | ++-------------------------------------------------+--------------+--------+------------+------------+ +| :ref:`FileProbes | Yes | Yes | Yes | Yes | +| <server-plugins-probes-fileprobes>` | | | | | ++-------------------------------------------------+--------------+--------+------------+------------+ +| :ref:`GroupPatterns | No | No | No | Yes | +| <server-plugins-grouping-grouppatterns>` | | | | | ++-------------------------------------------------+--------------+--------+------------+------------+ +| :ref:`Metadata clients.xml | No | No | No | Yes | +| <server-plugins-grouping-metadata-clients-xml>` | | | | | ++-------------------------------------------------+--------------+--------+------------+------------+ +| :ref:`Metadata groups.xml | Yes [#f3]_ | No | No | Yes | +| <server-plugins-grouping-metadata-groups-xml>` | | | | | ++-------------------------------------------------+--------------+--------+------------+------------+ +| :ref:`NagiosGen | Yes | Yes | Yes | Yes | +| <server-plugins-generators-nagiosgen>` | | | | | ++-------------------------------------------------+--------------+--------+------------+------------+ +| :ref:`Packages | Yes | Yes | Yes | Yes | +| <server-plugins-generators-packages>` | | | | | ++-------------------------------------------------+--------------+--------+------------+------------+ +| :ref:`Pkgmgr | Yes | No | No | No | +| <server-plugins-generators-pkgmgr>` | | | | | ++-------------------------------------------------+--------------+--------+------------+------------+ +| :ref:`Properties | Yes [#f4]_ | Yes | Yes | Yes | +| <server-plugins-connectors-properties>` | | | | | ++-------------------------------------------------+--------------+--------+------------+------------+ +| :ref:`Rules <server-plugins-generators-rules>` | Yes | Yes | Yes | Yes | ++-------------------------------------------------+--------------+--------+------------+------------+ +| :ref:`SSLCA cert.xml and key.xml | Yes | Yes | Yes | Yes | +| <server-plugins-generators-sslca>` | | | | | ++-------------------------------------------------+--------------+--------+------------+------------+ .. rubric:: Footnotes .. [#f1] ``info.xml`` also supports conditional Path tags; see :ref:`server-info` for more. -.. [#f2] The semantics of Group tags in ``groups.xml`` is slightly +.. [#f2] XInclude is supported, but the schema has not been modified + to allow including files that are structured exactly like the + parent. You may need to read the schema to understand how to + use XInclude properly. +.. [#f3] The semantics of Group tags in ``groups.xml`` is slightly different; see :ref:`server-plugins-grouping-metadata-groups-xml` for details. -.. [#f3] Group and Client tags in XML Properties are not automatic by +.. [#f4] Group and Client tags in XML Properties are not automatic by default; they can be resolved by use of either the ``Match()`` or ``XMLMatch()`` methods, or by use of the :ref:`server-plugins-connectors-properties-automatch` diff --git a/schemas/authorizedkeys.xsd b/schemas/authorizedkeys.xsd index b0495c242..fd8f2a7a3 100644 --- a/schemas/authorizedkeys.xsd +++ b/schemas/authorizedkeys.xsd @@ -26,6 +26,7 @@ <xsd:element name="Allow" type="AllowType"/> <xsd:element name="Group" type="AuthorizedKeysGroupType"/> <xsd:element name="Client" type="AuthorizedKeysGroupType"/> + <xsd:element name="AuthorizedKeys" type="AuthorizedKeysType"/> </xsd:choice> <xsd:attribute name='name' type='xsd:string'> <xsd:annotation> @@ -97,20 +98,21 @@ <xsd:anyAttribute processContents="lax"/> </xsd:complexType> - <xsd:element name="AuthorizedKeys"> + <xsd:complexType name="AuthorizedKeysType"> <xsd:annotation> <xsd:documentation> Top-level tag for describing a generated SSH key pair. </xsd:documentation> </xsd:annotation> - <xsd:complexType> - <xsd:choice minOccurs="1" maxOccurs="unbounded"> - <xsd:group ref="py:genshiElements"/> - <xsd:element name="Allow" type="AllowType"/> - <xsd:element name="Group" type="AuthorizedKeysGroupType"/> - <xsd:element name="Client" type="AuthorizedKeysGroupType"/> - </xsd:choice> - <xsd:attributeGroup ref="py:genshiAttrs"/> - </xsd:complexType> - </xsd:element> + <xsd:choice minOccurs="1" maxOccurs="unbounded"> + <xsd:group ref="py:genshiElements"/> + <xsd:element name="Allow" type="AllowType"/> + <xsd:element name="Group" type="AuthorizedKeysGroupType"/> + <xsd:element name="Client" type="AuthorizedKeysGroupType"/> + <xsd:element name="AuthorizedKeys" type="AuthorizedKeysType"/> + </xsd:choice> + <xsd:attributeGroup ref="py:genshiAttrs"/> + </xsd:complexType> + + <xsd:element name="AuthorizedKeys" type="AuthorizedKeysType"/> </xsd:schema> diff --git a/schemas/info.xsd b/schemas/info.xsd index 24538ffe3..9b898a168 100644 --- a/schemas/info.xsd +++ b/schemas/info.xsd @@ -92,6 +92,7 @@ </xsd:documentation> </xsd:annotation> <xsd:choice minOccurs='1' maxOccurs='1'> + <xsd:element name='FileInfo' type="FileInfoType"/> <xsd:element name='Info' type='InfoType'/> <xsd:element name='Group' type='InfoGroupType' minOccurs='0' maxOccurs='unbounded'/> @@ -121,19 +122,20 @@ </xsd:attribute> </xsd:complexType> - <xsd:element name='FileInfo'> + <xsd:complexType name="FileInfoType"> <xsd:annotation> <xsd:documentation> Top-level tag for ``info.xml``. </xsd:documentation> </xsd:annotation> - <xsd:complexType> - <xsd:choice minOccurs='0' maxOccurs='unbounded'> - <xsd:element name='Group' type='InfoGroupType'/> - <xsd:element name='Client' type='InfoGroupType'/> - <xsd:element name='Path' type='InfoGroupType'/> - <xsd:element name='Info' type='InfoType'/> - </xsd:choice> - </xsd:complexType> - </xsd:element> + <xsd:choice minOccurs='0' maxOccurs='unbounded'> + <xsd:element name='FileInfo' type="FileInfoType"/> + <xsd:element name='Group' type='InfoGroupType'/> + <xsd:element name='Client' type='InfoGroupType'/> + <xsd:element name='Path' type='InfoGroupType'/> + <xsd:element name='Info' type='InfoType'/> + </xsd:choice> + </xsd:complexType> + + <xsd:element name='FileInfo' type="FileInfoType"/> </xsd:schema> diff --git a/schemas/sslca-cert.xsd b/schemas/sslca-cert.xsd index 99fb2be99..49d821aaf 100644 --- a/schemas/sslca-cert.xsd +++ b/schemas/sslca-cert.xsd @@ -26,6 +26,7 @@ <xsd:element name="Group" type="SSLCACertGroupType"/> <xsd:element name="Client" type="SSLCACertGroupType"/> <xsd:element name="subjectAltName" type="SubjectAltNameType"/> + <xsd:element name="CertInfo" type="CertInfoType"/> </xsd:choice> <xsd:attribute name='name' type='xsd:string'> <xsd:annotation> @@ -156,20 +157,21 @@ <xsd:attributeGroup ref="py:genshiAttrs"/> </xsd:complexType> - <xsd:element name="CertInfo"> + <xsd:complexType name="CertInfoType"> <xsd:annotation> <xsd:documentation> Top-level tag for describing an SSLCA generated certificate. </xsd:documentation> </xsd:annotation> - <xsd:complexType> - <xsd:choice minOccurs="1" maxOccurs="unbounded"> - <xsd:group ref="py:genshiElements"/> - <xsd:element name="Cert" type="CertType"/> - <xsd:element name="Group" type="SSLCACertGroupType"/> - <xsd:element name="Client" type="SSLCACertGroupType"/> - <xsd:element name="subjectAltName" type="SubjectAltNameType"/> - </xsd:choice> - </xsd:complexType> - </xsd:element> + <xsd:choice minOccurs="1" maxOccurs="unbounded"> + <xsd:group ref="py:genshiElements"/> + <xsd:element name="Cert" type="CertType"/> + <xsd:element name="Group" type="SSLCACertGroupType"/> + <xsd:element name="Client" type="SSLCACertGroupType"/> + <xsd:element name="subjectAltName" type="SubjectAltNameType"/> + <xsd:element name="CertInfo" type="CertInfoType"/> + </xsd:choice> + </xsd:complexType> + + <xsd:element name="CertInfo" type="CertInfoType"/> </xsd:schema> diff --git a/schemas/sslca-key.xsd b/schemas/sslca-key.xsd index 021da275c..2b6a02b98 100644 --- a/schemas/sslca-key.xsd +++ b/schemas/sslca-key.xsd @@ -25,6 +25,7 @@ <xsd:element name="Key" type="KeyType"/> <xsd:element name="Group" type="SSLCAKeyGroupType"/> <xsd:element name="Client" type="SSLCAKeyGroupType"/> + <xsd:element name="KeyInfo" type="KeyInfoType"/> </xsd:choice> <xsd:attribute name='name' type='xsd:string'> <xsd:annotation> @@ -77,19 +78,20 @@ <xsd:attributeGroup ref="py:genshiAttrs"/> </xsd:complexType> - <xsd:element name="KeyInfo"> + <xsd:complexType name="KeyInfoType"> <xsd:annotation> <xsd:documentation> Top-level tag for describing an SSLCA generated key. </xsd:documentation> </xsd:annotation> - <xsd:complexType> - <xsd:choice minOccurs="1" maxOccurs="unbounded"> - <xsd:group ref="py:genshiElements"/> - <xsd:element name="Key" type="KeyType"/> - <xsd:element name="Group" type="SSLCAKeyGroupType"/> - <xsd:element name="Client" type="SSLCAKeyGroupType"/> - </xsd:choice> - </xsd:complexType> - </xsd:element> + <xsd:choice minOccurs="1" maxOccurs="unbounded"> + <xsd:group ref="py:genshiElements"/> + <xsd:element name="Key" type="KeyType"/> + <xsd:element name="Group" type="SSLCAKeyGroupType"/> + <xsd:element name="Client" type="SSLCAKeyGroupType"/> + <xsd:element name="KeyInfo" type="KeyInfoType"/> + </xsd:choice> + </xsd:complexType> + + <xsd:element name="KeyInfo" type="KeyInfoType"/> </xsd:schema> diff --git a/src/lib/Bcfg2/Server/Plugin/helpers.py b/src/lib/Bcfg2/Server/Plugin/helpers.py index 2daf4e0df..9bdfe347f 100644 --- a/src/lib/Bcfg2/Server/Plugin/helpers.py +++ b/src/lib/Bcfg2/Server/Plugin/helpers.py @@ -517,9 +517,6 @@ class StructFile(XMLFileBacked, Debuggable): #: the file being cached __identifier__ = None - #: Whether or not encryption support is enabled in this file - encryption = True - #: Callbacks used to determine if children of items with the given #: tags should be included in the return value of #: :func:`Bcfg2.Server.Plugin.helpers.StructFile.Match` and @@ -564,7 +561,7 @@ class StructFile(XMLFileBacked, Debuggable): self.logger.error('Genshi parse error in %s: %s' % (self.name, err)) - if self.encryption and HAS_CRYPTO: + if HAS_CRYPTO: strict = self.xdata.get( "decrypt", self.setup.cfp.get(Bcfg2.Server.Encryption.CFG_SECTION, @@ -879,7 +876,6 @@ class XMLSrc(XMLFileBacked): class InfoXML(StructFile): """ InfoXML files contain Group, Client, and Path tags to set the metadata (permissions, owner, etc.) of files. """ - encryption = False _include_tests = StructFile._include_tests _include_tests['Path'] = lambda el, md, entry, *args: \ diff --git a/src/lib/Bcfg2/Server/Plugins/FileProbes.py b/src/lib/Bcfg2/Server/Plugins/FileProbes.py index 461b718e2..33914bd45 100644 --- a/src/lib/Bcfg2/Server/Plugins/FileProbes.py +++ b/src/lib/Bcfg2/Server/Plugins/FileProbes.py @@ -52,11 +52,6 @@ print(Bcfg2.Client.XML.tostring(data, xml_declaration=False).decode('UTF-8')) """ -class FileProbesConfig(Bcfg2.Server.Plugin.StructFile): - """ Config file for FileProbes """ - encryption = False - - class FileProbes(Bcfg2.Server.Plugin.Plugin, Bcfg2.Server.Plugin.Probing): """ This module allows you to probe a client for a file, which is then @@ -69,8 +64,10 @@ class FileProbes(Bcfg2.Server.Plugin.Plugin, def __init__(self, core, datastore): Bcfg2.Server.Plugin.Plugin.__init__(self, core, datastore) Bcfg2.Server.Plugin.Probing.__init__(self) - self.config = FileProbesConfig(os.path.join(self.data, 'config.xml'), - should_monitor=True) + self.config = \ + Bcfg2.Server.Plugin.StructFile(os.path.join(self.data, + 'config.xml'), + should_monitor=True) self.entries = dict() self.probes = dict() diff --git a/src/lib/Bcfg2/Server/Plugins/NagiosGen.py b/src/lib/Bcfg2/Server/Plugins/NagiosGen.py index c377ca4ef..d5ea0cb24 100644 --- a/src/lib/Bcfg2/Server/Plugins/NagiosGen.py +++ b/src/lib/Bcfg2/Server/Plugins/NagiosGen.py @@ -5,27 +5,8 @@ import re import sys import glob import socket -import logging -import Bcfg2.Server import Bcfg2.Server.Plugin -LOGGER = logging.getLogger(__name__) - - -class NagiosGenConfig(Bcfg2.Server.Plugin.StructFile): - """ NagiosGen config file handler """ - encryption = False - - def __init__(self, filename): - # create config.xml if missing - if not os.path.exists(filename): - LOGGER.warning("NagiosGen: %s missing. " - "Creating empty one for you." % filename) - open(filename, "w").write("<NagiosGen/>") - - Bcfg2.Server.Plugin.StructFile.__init__(self, filename, - should_monitor=True) - class NagiosGen(Bcfg2.Server.Plugin.Plugin, Bcfg2.Server.Plugin.Generator): @@ -37,7 +18,10 @@ class NagiosGen(Bcfg2.Server.Plugin.Plugin, def __init__(self, core, datastore): Bcfg2.Server.Plugin.Plugin.__init__(self, core, datastore) Bcfg2.Server.Plugin.Generator.__init__(self) - self.config = NagiosGenConfig(os.path.join(self.data, 'config.xml')) + self.config = \ + Bcfg2.Server.Plugin.StructFile(os.path.join(self.data, + 'config.xml'), + should_monitor=True) self.Entries = {'Path': {'/etc/nagiosgen.status': self.createhostconfig, '/etc/nagios/nagiosgen.cfg': self.createserverconfig}} diff --git a/src/lib/Bcfg2/Server/Plugins/Packages/PackagesSources.py b/src/lib/Bcfg2/Server/Plugins/Packages/PackagesSources.py index 782e077bb..e9744c777 100644 --- a/src/lib/Bcfg2/Server/Plugins/Packages/PackagesSources.py +++ b/src/lib/Bcfg2/Server/Plugins/Packages/PackagesSources.py @@ -17,10 +17,6 @@ class PackagesSources(Bcfg2.Server.Plugin.StructFile, :class:`Bcfg2.Server.Plugins.Packages.Source.Source` object for each ``Source`` tag. """ - __identifier__ = None - - encryption = False - def __init__(self, filename, cachepath, packages): """ :param filename: The full path to ``sources.xml`` diff --git a/testsuite/Testsrc/Testlib/TestServer/TestPlugin/Testhelpers.py b/testsuite/Testsrc/Testlib/TestServer/TestPlugin/Testhelpers.py index 93bf69d04..ba837f0c9 100644 --- a/testsuite/Testsrc/Testlib/TestServer/TestPlugin/Testhelpers.py +++ b/testsuite/Testsrc/Testlib/TestServer/TestPlugin/Testhelpers.py @@ -685,10 +685,6 @@ class TestStructFile(TestXMLFileBacked): @skipUnless(HAS_CRYPTO, "No crypto libraries found, skipping") def test_Index_crypto(self): - if not self.test_obj.encryption: - return skip("Encryption disabled on %s objects, skipping" % - self.test_obj.__name__) - sf = self.get_obj() sf.setup = Mock() sf.setup.cfp.get.return_value = "strict" |