Rework yamltest config generation mechanism to configure SQL passwords

separately, so everything else can go into the repository.

svn path=/myrpki/myrpki.conf; revision=2633

2 files changed, 139 insertions, 21 deletions

diff --git a/myrpki/myrpki.conf b/myrpki/myrpki.conf
index 4fad1299..0aba3eb1 100644
--- a/myrpki/myrpki.conf
+++ b/myrpki/myrpki.conf
@@ -85,3 +85,84 @@ commonName			= supplied
 emailAddress			= optional
 givenName			= optional
 surname				= optional
+
+[rpkid]
+
+sql-database			= rpki
+sql-username			= rpki
+sql-password    		= fnord
+bpki-ta         		= bpki.rpkid/ca.cer
+rpkid-key       		= bpki.rpkid/rpkid.key
+rpkid-cert      		= bpki.rpkid/rpkid.cer
+irdb-cert       		= bpki.rpkid/irdbd.cer
+irbe-cert       		= bpki.rpkid/irbe_cli.cer
+irdb-url        		= https://localhost:4403/
+server-host     		= localhost
+server-port     		= 4404
+
+[irdbd]
+
+sql-database    		= irdb
+sql-username    		= irdb
+sql-password    		= fnord
+bpki-ta         		= bpki.rpkid/ca.cer
+rpkid-cert      		= bpki.rpkid/rpkid.cer
+irdbd-cert      		= bpki.rpkid/irdbd.cer
+irdbd-key       		= bpki.rpkid/irdbd.key
+https-url			= https://localhost:4403/
+
+[pubd]
+
+startup-message			= This is pubd
+
+sql-database            	= pubd
+sql-username            	= pubd
+sql-password            	= fnord
+bpki-ta                 	= bpki.pubd/ca.cer
+pubd-cert               	= bpki.pubd/pubd.cer
+pubd-key                	= bpki.pubd/pubd.key
+irbe-cert               	= bpki.pubd/irbe_cli.cer
+server-host             	= localhost
+server-port             	= 4402
+publication-base        	= publication/
+
+[rootd]
+
+startup-message			= This is rootd
+
+bpki-ta                 	= bpki.rootd/ca.cer
+rootd-bpki-crl          	= bpki.rootd/ca.crl
+rootd-bpki-cert         	= bpki.rootd/rootd.cer
+rootd-bpki-key          	= bpki.rootd/rootd.key
+child-bpki-cert         	= bpki.rootd/child.cer
+
+server-port             	= 4401
+
+rpki-root-dir           	= publication/localhost:4400/
+rpki-base-uri           	= rsync://localhost:4400/
+rpki-root-cert-uri      	= rsync://localhost:4400/rootd.cer
+
+rpki-root-key           	= bpki.rootd/ca.key
+rpki-root-cert          	= bpki.rootd/rpkiroot.cer
+
+rpki-subject-pkcs10     	= rootd.subject.pkcs10
+rpki-subject-lifetime   	= 30d
+
+rpki-root-crl           	= Bandicoot.crl
+rpki-root-manifest      	= Bandicoot.mnf
+
+rpki-class-name         	= Wombat
+rpki-subject-cert       	= Wombat.cer
+
+[rpki_x509_extensions]
+basicConstraints        	= critical,CA:true
+subjectKeyIdentifier    	= hash
+keyUsage                	= critical,keyCertSign,cRLSign
+subjectInfoAccess       	= 1.3.6.1.5.5.7.48.5;URI:rsync://localhost:4400/,1.3.6.1.5.5.7.48.10;URI:rsync://localhost:4400/Bandicoot.mnf
+sbgp-autonomousSysNum   	= critical,AS:0-4294967295
+sbgp-ipAddrBlock        	= critical,IPv4:0.0.0.0/0,IPv6:0::/0
+certificatePolicies     	= critical, @rpki_certificate_policy
+
+[rpki_certificate_policy]
+
+policyIdentifier = 1.3.6.1.5.5.7.14.2
diff --git a/myrpki/yamltest.py b/myrpki/yamltest.py
index 09612a55..ecc78971 100644
--- a/myrpki/yamltest.py
+++ b/myrpki/yamltest.py
@@ -34,8 +34,8 @@ PERFORMANCE OF THIS SOFTWARE.
 
 """
 
-import subprocess, csv, re, os, getopt, sys, ConfigParser, base64, yaml, signal, errno, time
-import rpki.resource_set, rpki.sundial, myrpki
+import subprocess, csv, re, os, getopt, sys, base64, yaml, signal, errno, time
+import rpki.resource_set, rpki.sundial, rpki.config, myrpki
 
 section_regexp = re.compile("\s*\[\s*(.+?)\s*\]\s*$")
 variable_regexp = re.compile("\s*([-a-zA-Z0-9_]+)\s*=\s*(.+?)\s*$")
@@ -273,27 +273,40 @@ class allocation(object):
       r["rpkid",  "irdb-url"]      = "https://localhost:%d/" % self.irdbd_port
       r["rpkid",  "server-port"]   = "%d" % self.rpkid_port
       r["rpkid",  "sql-database"]  = "rpki%d" % self.engine
+      r["rootd",  "rpki-root-dir"] = "publication/localhost:%d/" % self.rsync_port
+      r["rootd",  "rpki-base-uri"] = "rsync://localhost:%d/" % self.rsync_port
+      r["rootd",  "rpki-root-cert-uri"] = "rsync://localhost:%d/rootd.cer" % self.rsync_port
+      r["rpki_x509_extensions",  "subjectInfoAccess"]  = (
+        "1.3.6.1.5.5.7.48.5;URI:rsync://localhost:%d/,1.3.6.1.5.5.7.48.10;URI:rsync://localhost:%d/Bandicoot.mnf" %
+        (self.rsync_port, self.rsync_port))
 
     if self.is_root():
-      r["rootd",  "rpki-root-dir"] = "publication/localhost:%d/" % self.rsync_port
-      r["rootd",  "server-port"]   = "%d" % self.rootd_port
+      r["rootd", "server-port"] = "%d" % self.rootd_port
+
+    if rpkid_password:
+      r["rpkid", "sql-password"] = rpkid_password
+
+    if irdbd_password:
+      r["irdbd", "sql-password"] = irdbd_password
+
+    if pubd_password:
+      r["pubd", "sql-password"]  = pubd_password
 
     f = self.outfile(fn)
     f.write("# Automatically generated, do not edit\n")
 
-    for conf in ("myrpki.conf", "rpkid.conf", "irdbd.conf", "pubd.conf", "rootd.conf"):
-      section = None
-      for line in open(conf):
-        m = section_regexp.match(line)
-        if m:
-          section = m.group(1)
-        if section is None or (self.is_hosted() and section in ("myirbe", "rpkid", "irdbd", "pubd", "rootd")):
-          continue
-        m = variable_regexp.match(line) if m is None else None
-        variable = m.group(1) if m else None
-        if (section, variable) in r:
-          line = variable + " = " +  r[section, variable] + "\n"
-        f.write(line)
+    section = None
+    for line in open("myrpki.conf"):
+      m = section_regexp.match(line)
+      if m:
+        section = m.group(1)
+      if section is None or (self.is_hosted() and section in ("myirbe", "rpkid", "irdbd", "pubd", "rootd")):
+        continue
+      m = variable_regexp.match(line) if m is None else None
+      variable = m.group(1) if m else None
+      if (section, variable) in r:
+        line = variable + " = " +  r[section, variable] + "\n"
+      f.write(line)
 
     f.close()
 
@@ -327,6 +340,34 @@ class allocation(object):
   def run_rootd(self):
     return self.run_python_daemon(prog_rootd)
 
+os.environ["TZ"] = "UTC"
+time.tzset()
+
+cfg_file = "yamltest.conf"
+
+opts, argv = getopt.getopt(sys.argv[1:], "c:h?", ["config=", "help"])
+for o, a in opts:
+  if o in ("-h", "--help", "-?"):
+    print __doc__
+    sys.exit(0)
+  if o in ("-c", "--config"):
+    cfg_file = a
+
+if len(argv) > 1:
+  raise RuntimeError, "Unexpected arguments %r" % argv
+
+yaml_file = argv[0] if argv else "../rpkid/testbed.1.yaml"
+
+try:
+  cfg = rpki.config.parser(cfg_file, "yamltest")
+  rpkid_password = cfg.get("rpkid-password")
+  irdbd_password = cfg.get("irdbd-password")
+  pubd_password  = cfg.get("pubd-password")
+except:
+  rpkid_password = None
+  irdbd_password = None
+  pubd_password  = None
+
 # Start clean
 
 for root, dirs, files in os.walk(test_dir, topdown = False):
@@ -335,10 +376,6 @@ for root, dirs, files in os.walk(test_dir, topdown = False):
   for dir in dirs:
     os.rmdir(os.path.join(root, dir))
 
-# Select input file
-
-yaml_file = sys.argv[1] if len(sys.argv) > 1 else "../rpkid/testbed.1.yaml"
-
 # Read first YAML doc in file and process as compact description of
 # test layout and resource allocations.  Ignore subsequent YAML docs,
 # they're for testbed.py, not this script.