summaryrefslogtreecommitdiff
path: root/tools/compileconfig.py
diff options
context:
space:
mode:
authorMagnus Ahltorp <map@kth.se>2017-01-20 00:32:45 +0100
committerMagnus Ahltorp <map@kth.se>2017-01-20 00:32:45 +0100
commitd94247cb9f7746f75b176cbed0a32e9e902e7e7d (patch)
tree2aefb213f8c66c4bf464f58c62b81994f751dcab /tools/compileconfig.py
parent1fecbcbcc5b7ae8453e68f3df6f25a140aa6df72 (diff)
API keys are now provided in the config file.
Also added CA cert verification for internal TLS connections.
Diffstat (limited to 'tools/compileconfig.py')
-rwxr-xr-xtools/compileconfig.py14
1 files changed, 13 insertions, 1 deletions
diff --git a/tools/compileconfig.py b/tools/compileconfig.py
index 1fa352e..bbc2277 100755
--- a/tools/compileconfig.py
+++ b/tools/compileconfig.py
@@ -7,10 +7,14 @@ import argparse
import sys
import yaml
import re
+import base64
class Symbol(str):
pass
+class Binary(str):
+ pass
+
clean_string = re.compile(r'^[-.:_/A-Za-z0-9 ]*$')
clean_symbol = re.compile(r'^[_A-Za-z0-9]*$')
@@ -34,6 +38,8 @@ def gen_erlang(term, level=1):
separator = ",\n" + indent
if isinstance(term, Symbol):
return quote_erlang_symbol(term)
+ elif isinstance(term, Binary):
+ return "<<" + ",".join([str(ord(c)) for c in term]) + ">>"
elif isinstance(term, basestring):
return quote_erlang_string(term)
elif isinstance(term, int):
@@ -194,9 +200,13 @@ def parse_ratelimit((type, description)):
print >>sys.stderr, "%s: Only one ratelimit expression supported right now" % (type,)
return (Symbol(type), descriptions)
+def api_keys(config):
+ return [(node["nodename"], Binary(base64.b64decode(node["publickey"]))) for node in config["apikeys"]]
+
def gen_config(nodename, config, localconfig):
print "generating config for", nodename
paths = localconfig["paths"]
+ apikeys = api_keys(config)
bind_addresses = {
"frontend": localconfig.get("frontendaddresses", {}).get(nodename),
"storage": localconfig.get("storageaddresses", {}).get(nodename),
@@ -231,6 +241,7 @@ def gen_config(nodename, config, localconfig):
(Symbol("https_certfile"), paths["https_certfile"]),
(Symbol("https_keyfile"), paths["https_keyfile"]),
(Symbol("https_cacertfile"), paths["https_cacertfile"]),
+ (Symbol("https_cacert_fingerprint"), Binary(base64.b16decode(config["cafingerprint"]))),
]
catlfishconfig.append((Symbol("mmd"), config["mmd"]))
@@ -333,7 +344,7 @@ def gen_config(nodename, config, localconfig):
print >>sys.stderr, "Neither logprivatekey nor hsm configured for signing node", nodename
sys.exit(1)
plopconfig += [
- (Symbol("log_public_key"), paths["logpublickey"]),
+ (Symbol("log_public_key"), Binary(base64.b64decode(config["logpublickey"]))),
(Symbol("own_key"), (nodename, "%s/%s-private.pem" % (paths["privatekeys"], nodename))),
]
if "frontendnodes" in nodetype:
@@ -341,6 +352,7 @@ def gen_config(nodename, config, localconfig):
plopconfig += [
(Symbol("allowed_clients"), list(allowed_clients)),
(Symbol("allowed_servers"), list(allowed_servers)),
+ (Symbol("apikeys"), apikeys),
]
erlangconfig = [