1
0
mirror of https://github.com/laurivosandi/certidude synced 2024-12-23 00:25:18 +00:00

Add openvpn-status.log support

This commit is contained in:
Lauri Võsandi 2017-01-26 21:59:12 +00:00
parent 1925207a6d
commit 1ec5ad3b7c
4 changed files with 44 additions and 7 deletions

View File

@ -75,7 +75,7 @@ class SessionResource(object):
) if req.context.get("user").is_admin() else None, ) if req.context.get("user").is_admin() else None,
features=dict( features=dict(
tagging=config.TAGGING_BACKEND, tagging=config.TAGGING_BACKEND,
leases=False, #config.LEASES_BACKEND, leases=config.LEASES_BACKEND,
logging=config.LOGGING_BACKEND)) logging=config.LOGGING_BACKEND))
@ -122,7 +122,7 @@ def certidude_app():
from .revoked import RevocationListResource from .revoked import RevocationListResource
from .signed import SignedCertificateListResource, SignedCertificateDetailResource from .signed import SignedCertificateListResource, SignedCertificateDetailResource
from .request import RequestListResource, RequestDetailResource from .request import RequestListResource, RequestDetailResource
from .lease import LeaseResource from .lease import LeaseResource, StatusFileLeaseResource
from .whois import WhoisResource from .whois import WhoisResource
from .tag import TagResource, TagDetailResource from .tag import TagResource, TagDetailResource
from .cfg import ConfigResource, ScriptResource from .cfg import ConfigResource, ScriptResource
@ -140,6 +140,9 @@ def certidude_app():
app.add_route("/api/", SessionResource()) app.add_route("/api/", SessionResource())
# Gateway API calls, should this be moved to separate project? # Gateway API calls, should this be moved to separate project?
if config.LEASES_BACKEND == "openvpn-status":
app.add_route("/api/lease/", StatusFileLeaseResource(config.OPENVPN_STATUS_URI))
elif config.LEASES_BACKEND == "sql":
app.add_route("/api/lease/", LeaseResource()) app.add_route("/api/lease/", LeaseResource())
app.add_route("/api/whois/", WhoisResource()) app.add_route("/api/whois/", WhoisResource())

View File

@ -28,6 +28,27 @@ def parse_dn(data):
return ", ".join(generate()) return ", ".join(generate())
class StatusFileLeaseResource(object):
def __init__(self, uri):
self.uri = uri
@serialize
@login_required
@authorize_admin
def on_get(self, req, resp):
from openvpn_status import parse_status
from urllib import urlopen
fh = urlopen(self.uri)
status = parse_status(fh.read())
for cn, e in status.routing_table.items():
yield {
"acquired": status.client_list[cn].connected_since,
"released": None,
"address": e.virtual_address,
"identity": "CN=%s" % cn, # BUGBUG
}
class LeaseResource(object): class LeaseResource(object):
@serialize @serialize
@login_required @login_required

View File

@ -68,6 +68,8 @@ TAGGING_BACKEND = cp.get("tagging", "backend")
LOGGING_BACKEND = cp.get("logging", "backend") LOGGING_BACKEND = cp.get("logging", "backend")
LEASES_BACKEND = cp.get("leases", "backend") LEASES_BACKEND = cp.get("leases", "backend")
OPENVPN_STATUS_URI = cp.get("leases", "openvpn status uri")
if "whitelist" == AUTHORIZATION_BACKEND: if "whitelist" == AUTHORIZATION_BACKEND:
USERS_WHITELIST = set([j for j in cp.get("authorization", "users whitelist").split(" ") if j]) USERS_WHITELIST = set([j for j in cp.get("authorization", "users whitelist").split(" ") if j])

View File

@ -60,9 +60,20 @@ backend = sql
database = sqlite://{{ directory }}/db.sqlite database = sqlite://{{ directory }}/db.sqlite
[leases] [leases]
backend = sql
schema = strongswan [leases]
database = sqlite://{{ directory }}/db.sqlite backend =
;backend = sql
;schema = strongswan
;database = sqlite://{{ directory }}/db.sqlite
# Following was used on an OpenWrt router
# uci set openvpn.s2c.status=/www/status.log
# uci commit; touch /www/status.log; chmod 755 /www/status.log
;backend = openvpn-status
;openvpn status uri = /var/log/openvpn-status.log
openvpn status uri = http://router.example.com/status.log
[signature] [signature]
certificate lifetime = {{ certificate_lifetime }} certificate lifetime = {{ certificate_lifetime }}