diff options
| author | Rob Austein <sra@hactrn.net> | 2010-02-17 01:20:18 +0000 |
|---|---|---|
| committer | Rob Austein <sra@hactrn.net> | 2010-02-17 01:20:18 +0000 |
| commit | ffe4a5168896040a174c5f932f050c34470fb4ec (patch) | |
| tree | 85fad4335fe0250a7e310b4a0fc1a0a1c6d5bd11 | |
| parent | 87c8271306adb73f75b066be6f1190e2abc1833c (diff) | |
Add support for OpenSSL-style ${section::option} indirect variable
references.
svn path=/myrpki.rototill/examples/myrpki.conf; revision=2975
| -rw-r--r-- | myrpki.rototill/examples/myrpki.conf | 56 | ||||
| -rw-r--r-- | rpkid/rpki/config.py | 64 |
2 files changed, 75 insertions, 45 deletions
diff --git a/myrpki.rototill/examples/myrpki.conf b/myrpki.rototill/examples/myrpki.conf index 0eded59b..71813949 100644 --- a/myrpki.rototill/examples/myrpki.conf +++ b/myrpki.rototill/examples/myrpki.conf @@ -61,7 +61,7 @@ bpki_directory = bpki.myrpki # # You need to configure this. -pubd_base = https://pubd.example.org:4402/ +pubd_base = https://${pubd::server-host}:${pubd::server-port}/ # Base of service URL for rpkid. myirbe.py uses this to contact your # rpkid so it can configure it. @@ -121,11 +121,11 @@ irdb-url = https://localhost:4403/ # left-right protocol. The following values match where myirbe.py # will have placed things. Don't change these without a reason. -bpki-ta = bpki.myirbe/ca.cer -rpkid-key = bpki.myirbe/rpkid.key -rpkid-cert = bpki.myirbe/rpkid.cer -irdb-cert = bpki.myirbe/irdbd.cer -irbe-cert = bpki.myirbe/irbe.cer +bpki-ta = ${myirbe::bpki_directory}/ca.cer +rpkid-key = ${myirbe::bpki_directory}/rpkid.key +rpkid-cert = ${myirbe::bpki_directory}/rpkid.cer +irdb-cert = ${myirbe::bpki_directory}/irdbd.cer +irbe-cert = ${myirbe::bpki_directory}/irbe.cer ################################################################# @@ -147,10 +147,10 @@ https-url = https://localhost:4403/ # left-right protocol. The following values match where myirbe.py # will have placed things. Don't change these without a reason. -bpki-ta = bpki.myirbe/ca.cer -rpkid-cert = bpki.myirbe/rpkid.cer -irdbd-cert = bpki.myirbe/irdbd.cer -irdbd-key = bpki.myirbe/irdbd.key +bpki-ta = ${myirbe::bpki_directory}/ca.cer +rpkid-cert = ${myirbe::bpki_directory}/rpkid.cer +irdbd-cert = ${myirbe::bpki_directory}/irdbd.cer +irdbd-key = ${myirbe::bpki_directory}/irdbd.key ################################################################# @@ -184,10 +184,10 @@ server-port = 4402 # left-right protocol. The following values match where myirbe.py # will have placed things. Don't change these without a reason. -bpki-ta = bpki.myirbe/ca.cer -pubd-cert = bpki.myirbe/pubd.cer -pubd-key = bpki.myirbe/pubd.key -irbe-cert = bpki.myirbe/irbe.cer +bpki-ta = ${myirbe::bpki_directory}/ca.cer +pubd-cert = ${myirbe::bpki_directory}/pubd.cer +pubd-key = ${myirbe::bpki_directory}/pubd.key +irbe-cert = ${myirbe::bpki_directory}/irbe.cer ################################################################# @@ -199,10 +199,10 @@ rpkid-url = https://rpkid.example.org:4404/left-right/ # BPKI certificates and keys for talking to rpkid -rpkid-bpki-ta = bpki.myirbe/ca.cer -rpkid-irbe-key = bpki.myirbe/irbe.key -rpkid-irbe-cert = bpki.myirbe/irbe.cer -rpkid-cert = bpki.myirbe/rpkid.cer +rpkid-bpki-ta = ${myirbe::bpki_directory}/ca.cer +rpkid-irbe-key = ${myirbe::bpki_directory}/irbe.key +rpkid-irbe-cert = ${myirbe::bpki_directory}/irbe.cer +rpkid-cert = ${myirbe::bpki_directory}/rpkid.cer # HTTPS service URL for pubd @@ -210,10 +210,10 @@ pubd-url = https://localhost:4402/control/ # BPKI certificates and keys for talking to pubd -pubd-bpki-ta = bpki.myirbe/ca.cer -pubd-irbe-key = bpki.myirbe/irbe.key -pubd-irbe-cert = bpki.myirbe/irbe.cer -pubd-cert = bpki.myirbe/pubd.cer +pubd-bpki-ta = ${myirbe::bpki_directory}/ca.cer +pubd-irbe-key = ${myirbe::bpki_directory}/irbe.key +pubd-irbe-cert = ${myirbe::bpki_directory}/irbe.cer +pubd-cert = ${myirbe::bpki_directory}/pubd.cer ################################################################# @@ -230,11 +230,11 @@ pubd-cert = bpki.myirbe/pubd.cer # BPKI certificates and keys for rootd -bpki-ta = bpki.myirbe/ca.cer -rootd-bpki-crl = bpki.myirbe/ca.crl -rootd-bpki-cert = bpki.myirbe/rootd.cer -rootd-bpki-key = bpki.myirbe/rootd.key -child-bpki-cert = bpki.myirbe/child.cer +bpki-ta = ${myirbe::bpki_directory}/ca.cer +rootd-bpki-crl = ${myirbe::bpki_directory}/ca.crl +rootd-bpki-cert = ${myirbe::bpki_directory}/rootd.cer +rootd-bpki-key = ${myirbe::bpki_directory}/rootd.key +child-bpki-cert = ${myirbe::bpki_directory}/child.cer # Server port on which rootd should listen. @@ -255,7 +255,7 @@ rpki-root-cert-uri = rsync://rpki.example.org/Me/root.cer # Private key corresponding to rootd's root RPKI certificate -rpki-root-key = bpki.myirbe/ca.key +rpki-root-key = ${myirbe::bpki_directory}/ca.key # Filename (as opposed to rsync URI) of rootd's root RPKI certificate diff --git a/rpkid/rpki/config.py b/rpkid/rpki/config.py index 302afe8a..b09d1300 100644 --- a/rpkid/rpki/config.py +++ b/rpkid/rpki/config.py @@ -33,7 +33,12 @@ OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. """ -import ConfigParser +import ConfigParser, os + +debug = False + +if debug: + import rpki.log class parser(object): """ @@ -41,7 +46,8 @@ class parser(object): Read config file and set default section while initializing parser object. - Support for OpenSSL-style subscripted options. + Support for OpenSSL-style subscripted options and a limited form of + OpenSSL-style indirect variable references (${section::option}). get-methods with default values and default section name. """ @@ -95,36 +101,60 @@ class parser(object): matches.sort() return [match[1] for match in matches] - def _get_wrapper(self, method, section, option, default): + def get(self, option, default = None, section = None): """ - Wrapper method to add default value and default section support to - ConfigParser methods. + Get an option, perhaps with a default value. """ if section is None: section = self.default_section - #print "[Looking for option %r in section %r of %r]" % (option, section, self.filename) - if default is None or self.cfg.has_option(section, option): - return method(section, option) - else: + if default is not None and not self.cfg.has_option(section, option): return default - - def get(self, option, default = None, section = None): - """ - Get an option, perhaps with a default value. - """ - return self._get_wrapper(self.cfg.get, section, option, default) + val = self.cfg.get(section, option) + while True: + if debug: + rpki.log.debug("++ [%s]%s = %s" % (section, option, val)) + head, sep, tail = val.partition("${") + if not sep and not tail: + return val + name, sep, tail = tail.partition("}") + if not name or not sep: + raise ValueError, "Couldn't parse indirect reference: %s" % val + section, sep, option = name.partition("::") + if not option or not section or not sep: + raise ValueError, "Couldn't parse indirect reference: %s" % val + if section == "ENV": + newval = head + os.getenv(option, "") + tail + else: + newval = head + self.cfg.get(section, option) + tail + if val == newval: + raise ValueError, "Looping indirect reference: %s" % val + val = newval + if debug: + rpki.log.debug("++ => %s" % val) def getboolean(self, option, default = None, section = None): """ Get a boolean option, perhaps with a default value. """ - return self._get_wrapper(self.cfg.getboolean, section, option, default) + v = self.get(option, default, section) + if isinstance(v, str): + v = v.lower() + if v not in self.cfg._boolean_states: + raise ValueError, "Not a boolean: %s" % v + v = self.cfg._boolean_states[v] + return v def getint(self, option, default = None, section = None): """ Get an integer option, perhaps with a default value. """ - return self._get_wrapper(self.cfg.getint, section, option, default) + return int(self.get(option, default, section)) + + def getlong(self, option, default = None, section = None): + """ + Get a long integer option, perhaps with a default value. + """ + return long(self.get(option, default, section)) def set_global_flags(self): """ |