Add openvpn-status.log support

2024-09-28 13:01:43 +00:00 · 2017-01-26 21:59:12 +00:00 · 2017-01-26 21:59:12 +00:00 · 1ec5ad3b7c
commit 1ec5ad3b7c
parent 1925207a6d
4 changed files with 44 additions and 7 deletions
--- a/certidude/api/init.py
+++ b/certidude/api/init.py
@ -75,7 +75,7 @@ class SessionResource(object):
            ) if req.context.get("user").is_admin() else None,
            features=dict(
                tagging=config.TAGGING_BACKEND,
-                leases=False, #config.LEASES_BACKEND,
+                leases=config.LEASES_BACKEND,
                logging=config.LOGGING_BACKEND))
@ -122,7 +122,7 @@ def certidude_app():
    from .revoked import RevocationListResource
    from .signed import SignedCertificateListResource, SignedCertificateDetailResource
    from .request import RequestListResource, RequestDetailResource
-    from .lease import LeaseResource
+    from .lease import LeaseResource, StatusFileLeaseResource
    from .whois import WhoisResource
    from .tag import TagResource, TagDetailResource
    from .cfg import ConfigResource, ScriptResource
@ -140,6 +140,9 @@ def certidude_app():
    app.add_route("/api/", SessionResource())
    # Gateway API calls, should this be moved to separate project?
    if config.LEASES_BACKEND == "openvpn-status":
        app.add_route("/api/lease/", StatusFileLeaseResource(config.OPENVPN_STATUS_URI))
    elif config.LEASES_BACKEND == "sql":
        app.add_route("/api/lease/", LeaseResource())
        app.add_route("/api/whois/", WhoisResource())
--- a/certidude/api/lease.py
+++ b/certidude/api/lease.py
@ -28,6 +28,27 @@ def parse_dn(data):
    return ", ".join(generate())
 class StatusFileLeaseResource(object):
    def __init__(self, uri):
        self.uri = uri
    @serialize
    @login_required
    @authorize_admin
    def on_get(self, req, resp):
        from openvpn_status import parse_status
        from urllib import urlopen
        fh = urlopen(self.uri)
        status = parse_status(fh.read())
        for cn, e in status.routing_table.items():
            yield {
                "acquired": status.client_list[cn].connected_since,
                "released": None,
                "address":  e.virtual_address,
                "identity": "CN=%s" % cn, # BUGBUG
            }
 class LeaseResource(object):
    @serialize
    @login_required
--- a/certidude/config.py
+++ b/certidude/config.py
@ -68,6 +68,8 @@ TAGGING_BACKEND = cp.get("tagging", "backend")
 LOGGING_BACKEND = cp.get("logging", "backend")
 LEASES_BACKEND = cp.get("leases", "backend")
 OPENVPN_STATUS_URI = cp.get("leases", "openvpn status uri")
 if "whitelist" == AUTHORIZATION_BACKEND:
    USERS_WHITELIST = set([j for j in  cp.get("authorization", "users whitelist").split(" ") if j])
--- a/certidude/templates/certidude-server.conf
+++ b/certidude/templates/certidude-server.conf
@ -60,9 +60,20 @@ backend = sql
 database = sqlite://{{ directory }}/db.sqlite
 [leases]
-backend = sql
+
-schema = strongswan
+[leases]
-database = sqlite://{{ directory }}/db.sqlite
+backend =
 ;backend = sql
 ;schema = strongswan
 ;database = sqlite://{{ directory }}/db.sqlite
 # Following was used on an OpenWrt router
 # uci set openvpn.s2c.status=/www/status.log
 # uci commit; touch /www/status.log; chmod 755 /www/status.log
 ;backend = openvpn-status
 ;openvpn status uri = /var/log/openvpn-status.log
 openvpn status uri = http://router.example.com/status.log
 [signature]
 certificate lifetime = {{ certificate_lifetime }}