mirror of
https://github.com/laurivosandi/certidude
synced 2024-12-23 00:25:18 +00:00
Add openvpn-status.log support
This commit is contained in:
parent
1925207a6d
commit
1ec5ad3b7c
@ -75,7 +75,7 @@ class SessionResource(object):
|
||||
) if req.context.get("user").is_admin() else None,
|
||||
features=dict(
|
||||
tagging=config.TAGGING_BACKEND,
|
||||
leases=False, #config.LEASES_BACKEND,
|
||||
leases=config.LEASES_BACKEND,
|
||||
logging=config.LOGGING_BACKEND))
|
||||
|
||||
|
||||
@ -122,7 +122,7 @@ def certidude_app():
|
||||
from .revoked import RevocationListResource
|
||||
from .signed import SignedCertificateListResource, SignedCertificateDetailResource
|
||||
from .request import RequestListResource, RequestDetailResource
|
||||
from .lease import LeaseResource
|
||||
from .lease import LeaseResource, StatusFileLeaseResource
|
||||
from .whois import WhoisResource
|
||||
from .tag import TagResource, TagDetailResource
|
||||
from .cfg import ConfigResource, ScriptResource
|
||||
@ -140,6 +140,9 @@ def certidude_app():
|
||||
app.add_route("/api/", SessionResource())
|
||||
|
||||
# Gateway API calls, should this be moved to separate project?
|
||||
if config.LEASES_BACKEND == "openvpn-status":
|
||||
app.add_route("/api/lease/", StatusFileLeaseResource(config.OPENVPN_STATUS_URI))
|
||||
elif config.LEASES_BACKEND == "sql":
|
||||
app.add_route("/api/lease/", LeaseResource())
|
||||
app.add_route("/api/whois/", WhoisResource())
|
||||
|
||||
|
@ -28,6 +28,27 @@ def parse_dn(data):
|
||||
return ", ".join(generate())
|
||||
|
||||
|
||||
class StatusFileLeaseResource(object):
|
||||
def __init__(self, uri):
|
||||
self.uri = uri
|
||||
|
||||
@serialize
|
||||
@login_required
|
||||
@authorize_admin
|
||||
def on_get(self, req, resp):
|
||||
from openvpn_status import parse_status
|
||||
from urllib import urlopen
|
||||
fh = urlopen(self.uri)
|
||||
status = parse_status(fh.read())
|
||||
for cn, e in status.routing_table.items():
|
||||
yield {
|
||||
"acquired": status.client_list[cn].connected_since,
|
||||
"released": None,
|
||||
"address": e.virtual_address,
|
||||
"identity": "CN=%s" % cn, # BUGBUG
|
||||
}
|
||||
|
||||
|
||||
class LeaseResource(object):
|
||||
@serialize
|
||||
@login_required
|
||||
|
@ -68,6 +68,8 @@ TAGGING_BACKEND = cp.get("tagging", "backend")
|
||||
LOGGING_BACKEND = cp.get("logging", "backend")
|
||||
LEASES_BACKEND = cp.get("leases", "backend")
|
||||
|
||||
OPENVPN_STATUS_URI = cp.get("leases", "openvpn status uri")
|
||||
|
||||
|
||||
if "whitelist" == AUTHORIZATION_BACKEND:
|
||||
USERS_WHITELIST = set([j for j in cp.get("authorization", "users whitelist").split(" ") if j])
|
||||
|
@ -60,9 +60,20 @@ backend = sql
|
||||
database = sqlite://{{ directory }}/db.sqlite
|
||||
|
||||
[leases]
|
||||
backend = sql
|
||||
schema = strongswan
|
||||
database = sqlite://{{ directory }}/db.sqlite
|
||||
|
||||
[leases]
|
||||
backend =
|
||||
|
||||
;backend = sql
|
||||
;schema = strongswan
|
||||
;database = sqlite://{{ directory }}/db.sqlite
|
||||
|
||||
# Following was used on an OpenWrt router
|
||||
# uci set openvpn.s2c.status=/www/status.log
|
||||
# uci commit; touch /www/status.log; chmod 755 /www/status.log
|
||||
;backend = openvpn-status
|
||||
;openvpn status uri = /var/log/openvpn-status.log
|
||||
openvpn status uri = http://router.example.com/status.log
|
||||
|
||||
[signature]
|
||||
certificate lifetime = {{ certificate_lifetime }}
|
||||
|
Loading…
Reference in New Issue
Block a user