updated test/provider and added configurable life_span to CA.

diff --git a/lib/leap_cli/commands/ca.rb b/lib/leap_cli/commands/ca.rb
index ff24058f08310d2ddd2daa8c1c607744de02d4bc..94a173c12d5d445cd81d69215138e9d461efd325 100644 (file)
--- a/lib/leap_cli/commands/ca.rb
+++ b/lib/leap_cli/commands/ca.rb
@@ -11,6 +11,7 @@ module LeapCli; module Commands
       assert_files_missing! :ca_cert, :ca_key
       assert_config! 'provider.ca.name'
       assert_config! 'provider.ca.bit_size'
+      assert_config! 'provider.ca.life_span'
 
       provider = manager.provider
       root = CertificateAuthority::Certificate.new
@@ -25,10 +26,8 @@ module LeapCli; module Commands
       end
 
       # set expiration
-      years = 2
-      today = Date.today
-      root.not_before = Time.gm today.year, today.month, today.day
-      root.not_after = root.not_before + years * 60 * 60 * 24 * 365
+      root.not_before = today
+      root.not_after = years_from_today(provider.ca.life_span.to_i)
 
       # generate private key
       root.serial_number.number = 1
@@ -65,10 +64,8 @@ module LeapCli; module Commands
         cert.subject.common_name = node.domain.full
 
         # set expiration
-        years = provider.ca.server_certificates.life_span.to_i
-        today = Date.today
-        cert.not_before = Time.gm today.year, today.month, today.day
-        cert.not_after = cert.not_before + years * 60 * 60 * 24 * 365
+        cert.not_before = today
+        cert.not_after = years_from_today(provider.ca.server_certificates.life_span.to_i)
 
         # generate key
         cert.serial_number.number = cert_serial_number(node.domain.full)
@@ -162,4 +159,14 @@ module LeapCli; module Commands
     Digest::MD5.hexdigest("#{domain_name} -- #{Time.now}").to_i(16)
   end
 
+  def today
+    t = Time.now
+    Time.utc t.year, t.month, t.day
+  end
+
+  def years_from_today(num)
+    t = Time.now
+    Time.utc t.year + num, t.month, t.day
+  end
+
 end; end

diff --git a/test/provider/common.json b/test/provider/common.json
index 9e19836db2c6cae262d82f1576691986ae78b030..7504e86c5ea2322fecb395744ce45802fda1e430 100644 (file)
--- a/test/provider/common.json
+++ b/test/provider/common.json
@@ -3,8 +3,8 @@
 #
 {
   "domain": {
-     "full_suffix": "rewire.co",
-     "internal_suffix": "rewire",
+     "full_suffix": "= global.provider.domain",
+     "internal_suffix": "= global.provider.internal_domain",
      "full": "= node.name + '.' + domain.full_suffix",
      "internal": "= node.name + '.' + domain.internal_suffix",
      "name": "= node.name + '.' + (dns.public ? domain.full_suffix : domain.internal_suffix)"
@@ -16,10 +16,10 @@
     "authorized_keys": "= file :authorized_keys",
     "known_hosts": "= file :known_hosts",
     "port": 22
+  },
+  "x509": {
+    "use": false,
+    "cert": "= x509.use ? file(:node_x509_cert) : nil",
+    "key": "= x509.use ? file(:node_x509_key) : nil"
   }
-  #"x509": {
-  #  "use": false,
-  #  "cert": "= x509.use ? file(:node_x509_cert) : nil",
-  #  "key": "= x509.use ? file(:node_x509_key) : nil"
-  #}
 }

diff --git a/test/provider/provider.json b/test/provider/provider.json
index d4153a6c2c781800df0a07e83b54a973f771cb50..e65eebebf0360bcd7ffee31ea0892ee4395bc78f 100644 (file)
--- a/test/provider/provider.json
+++ b/test/provider/provider.json
@@ -2,8 +2,10 @@
 # General service provider configuration.
 #
 {
+  "domain": "bitmask.net",
+  "internal_domain": "= domain.sub(/\\..*$/,'.i')",
   "name": {
-    "en": "The Rewire Company"
+    "en": "Bitmask"
   },
   "description": {
     "en": "A demonstration service provider using the LEAP platform"
@@ -12,10 +14,11 @@
   "default_language": "en",
   "enrollment_policy": "open",
   "ca": {
-    "name": "Rewire Root CA",
+    "name": "= global.provider.ca.organization + ' Root CA'",
     "organization": "= global.provider.name[global.provider.default_language]",
     "organizational_unit": "= 'https://' + global.common.domain.full_suffix",
     "bit_size": 4096,
+    "life_span": "10y",
     "server_certificates": {
       "bit_size": 3248,
       "life_span": "1y"

diff --git a/test/provider/secrets.json b/test/provider/secrets.json
new file mode 100644 (file)
index 0000000..3654472
--- /dev/null
+++ b/test/provider/secrets.json
@@ -0,0 +1,4 @@
+{
+  "couch_admin_password": "Wf@W&@fQeK@qcItm-9fH~9ve8A4V5Dua",
+  "couch_webapp_password": "rXYr3RfJyqutsLZ6zQZ=&@WPXWnvdMpe"
+}

diff --git a/test/provider/services/couchdb.json b/test/provider/services/couchdb.json
index 9024aa084a7faa4bf0f86d171442b1bbcdbd78ea..1cbc84e02f416c16eab7ef4452a82da428672e92 100644 (file)
--- a/test/provider/services/couchdb.json
+++ b/test/provider/services/couchdb.json
@@ -1,3 +1,7 @@
 {
-  "service_type": "internal_service"
+  "service_type": "internal_service",
+  "users": {
+    "admin": {"username":"admin", "password":"= secret :couch_admin_password"},
+    "webapp": {"username":"webapp", "password":"= secret :couch_webapp_password"}
+  }
 }
\ No newline at end of file

diff --git a/test/provider/services/webapp.json b/test/provider/services/webapp.json
index 0e5b2f9d53d8927e5477ae44ee5d792ae7a018cd..247df498e80992d456764ad3273431a2803743e8 100644 (file)
--- a/test/provider/services/webapp.json
+++ b/test/provider/services/webapp.json
@@ -1,7 +1,8 @@
 {
   "webapp": {
     "modules": ["user", "billing", "help"],
-    "couchdb_hosts": "= nodes[:services => :couchdb].field('domain.name')"
+    "couchdb_hosts": "= nodes[:services => :couchdb].field('domain.name')",
+    "couchdb_users": "= global.services['couchdb'].users['admin']"
   },
   "definition_files": {
     "provider": "= file('service-definitions/provider.json.erb')",