From 75b08f7216f58f2ff9fd416c8ee80f1eec0acb02 Mon Sep 17 00:00:00 2001 From: Marc Aymerich Date: Sun, 20 Sep 2015 12:28:22 +0000 Subject: [PATCH] Added ip address validation on saas and websites related settings --- orchestra/contrib/saas/backends/__init__.py | 6 ++-- orchestra/contrib/saas/backends/dokuwikimu.py | 6 ++-- .../contrib/saas/backends/wordpressmu.py | 6 ++-- orchestra/contrib/saas/settings.py | 35 +++++++++---------- orchestra/contrib/websites/settings.py | 5 ++- 5 files changed, 29 insertions(+), 29 deletions(-) diff --git a/orchestra/contrib/saas/backends/__init__.py b/orchestra/contrib/saas/backends/__init__.py index f742a81d..83d99b13 100644 --- a/orchestra/contrib/saas/backends/__init__.py +++ b/orchestra/contrib/saas/backends/__init__.py @@ -6,13 +6,13 @@ from orchestra.contrib.resources import ServiceMonitor from .. import settings -class SaaSWebTraffic(ServiceMonitor): +class ApacheTrafficByHost(ServiceMonitor): """ Parses apache logs, looking for the size of each request on the last word of the log line. Compatible log format: - LogFormat "%h %l %u %t \"%r\" %>s %O \"%{Host}i\"" host + LogFormat "%h %l %u %t \"%r\" %>s %O %{Host}i" host CustomLog /home/pangea/logs/apache/host_blog.pangea.org.log host """ model = 'saas.SaaS' @@ -74,7 +74,6 @@ class SaaSWebTraffic(ServiceMonitor): if host in {ignore_hosts}: continue size, hostname = line[-2:] - hostname = hostname.replace('"', '') try: site = sites[hostname] except KeyError: @@ -85,7 +84,6 @@ class SaaSWebTraffic(ServiceMonitor): year, hour, min, sec = date.split(':') date = year + months[month] + day + hour + min + sec if site[0] < int(date) < end_date: - status, size = response.split() site[2] += int(size) except IOError as e: sys.stderr.write(str(e)+'\\n') diff --git a/orchestra/contrib/saas/backends/dokuwikimu.py b/orchestra/contrib/saas/backends/dokuwikimu.py index aa81c855..8ca85a11 100644 --- a/orchestra/contrib/saas/backends/dokuwikimu.py +++ b/orchestra/contrib/saas/backends/dokuwikimu.py @@ -7,7 +7,7 @@ from django.utils.translation import ugettext_lazy as _ from orchestra.contrib.orchestration import ServiceController from orchestra.utils.python import random_ascii -from . import SaaSWebTraffic +from . import ApacheTrafficByHost from .. import settings @@ -67,8 +67,8 @@ class DokuWikiMuBackend(ServiceController): return context -class DokuWikiMuTraffic(SaaSWebTraffic): - __doc__ = SaaSWebTraffic.__doc__ +class DokuWikiMuTraffic(ApacheTrafficByHost): + __doc__ = ApacheTrafficByHost.__doc__ verbose_name = _("DokuWiki MU Traffic") default_route_match = "saas.service == 'dokuwiki'" doc_settings = (settings, diff --git a/orchestra/contrib/saas/backends/wordpressmu.py b/orchestra/contrib/saas/backends/wordpressmu.py index 29bc3cef..5d6dc25d 100644 --- a/orchestra/contrib/saas/backends/wordpressmu.py +++ b/orchestra/contrib/saas/backends/wordpressmu.py @@ -5,7 +5,7 @@ from django.utils.translation import ugettext_lazy as _ from orchestra.contrib.orchestration import ServiceController -from . import SaaSWebTraffic +from . import ApacheTrafficByHost from .. import settings @@ -122,8 +122,8 @@ class WordpressMuBackend(ServiceController): self.append(self.delete_blog, saas) -class WordpressMuTraffic(SaaSWebTraffic): - __doc__ = SaaSWebTraffic.__doc__ +class WordpressMuTraffic(ApacheTrafficByHost): + __doc__ = ApacheTrafficByHost.__doc__ verbose_name = _("Wordpress MU Traffic") default_route_match = "saas.service == 'wordpress'" doc_settings = (settings, diff --git a/orchestra/contrib/saas/settings.py b/orchestra/contrib/saas/settings.py index 9bddc89d..8fe794b8 100644 --- a/orchestra/contrib/saas/settings.py +++ b/orchestra/contrib/saas/settings.py @@ -1,6 +1,7 @@ from django.utils.translation import ugettext_lazy as _ from orchestra.contrib.settings import Setting +from orchestra.core.validators import validate_ip_address from orchestra.settings import ORCHESTRA_BASE_DOMAIN from .. import saas @@ -24,49 +25,48 @@ SAAS_ENABLED_SERVICES = Setting('SAAS_ENABLED_SERVICES', SAAS_TRAFFIC_IGNORE_HOSTS = Setting('SAAS_TRAFFIC_IGNORE_HOSTS', - (), + ('127.0.0.1',), help_text=_("IP addresses to ignore during traffic accountability."), + validators=[lambda hosts: (validate_ip_address(host) for host in hosts)] ) +# WordPress + SAAS_WORDPRESS_LOG_PATH = Setting('SAAS_WORDPRESS_LOG_PATH', '', help_text=_('Filesystem path for the webserver access logs.
' 'LogFormat "%h %l %u %t \"%r\" %>s %O \"%{Host}i\"" host'), ) - SAAS_WORDPRESS_ADMIN_PASSWORD = Setting('SAAS_WORDPRESS_ADMIN_PASSWORD', 'secret' ) - SAAS_WORDPRESS_BASE_URL = Setting('SAAS_WORDPRESS_BASE_URL', 'https://blogs.{}/'.format(ORCHESTRA_BASE_DOMAIN), help_text="Uses ORCHESTRA_BASE_DOMAIN by default.", ) - SAAS_WORDPRESS_BASE_DOMAIN = Setting('SAAS_WORDPRESS_BASE_DOMAIN', 'blogs.{}'.format(ORCHESTRA_BASE_DOMAIN), ) +# DokuWiki + SAAS_DOKUWIKI_TEMPLATE_PATH = Setting('SAAS_DOKUWIKI_TEMPLATE_PATH', '/home/httpd/htdocs/wikifarm/template.tar.gz' ) - SAAS_DOKUWIKI_FARM_PATH = Setting('WEBSITES_DOKUWIKI_FARM_PATH', '/home/httpd/htdocs/wikifarm/farm' ) - SAAS_DOKUWIKI_BASE_DOMAIN = Setting('SAAS_DOKUWIKI_BASE_DOMAIN', 'dokuwiki.{}'.format(ORCHESTRA_BASE_DOMAIN), ) - SAAS_DOKUWIKI_TEMPLATE_PATH = Setting('SAAS_DOKUWIKI_TEMPLATE_PATH', '/var/www/wikifarm/template.tar.gz', ) @@ -75,45 +75,43 @@ SAAS_DOKUWIKI_FARM_PATH = Setting('SAAS_DOKUWIKI_FARM_PATH', '/var/www/wikifarm/farm' ) - SAAS_DOKUWIKI_USER = Setting('SAAS_DOKUWIKI_USER', 'orchestra' ) - SAAS_DOKUWIKI_GROUP = Setting('SAAS_DOKUWIKI_GROUP', 'orchestra' ) - SAAS_DOKUWIKI_LOG_PATH = Setting('SAAS_DOKUWIKI_LOG_PATH', '', ) +# Drupal + SAAS_DRUPAL_SITES_PATH = Setting('WEBSITES_DRUPAL_SITES_PATH', '/home/httpd/htdocs/drupal-mu/sites/%(site_name)s', ) +# PhpList + SAAS_PHPLIST_DB_USER = Setting('SAAS_PHPLIST_DB_USER', 'phplist_mu', help_text=_("Needed for password changing support."), ) - SAAS_PHPLIST_DB_PASS = Setting('SAAS_PHPLIST_DB_PASS', 'secret', help_text=_("Needed for password changing support."), ) - SAAS_PHPLIST_DB_NAME = Setting('SAAS_PHPLIST_DB_NAME', 'phplist_mu_%(site_name)s', help_text=_("Needed for password changing support."), ) - SAAS_PHPLIST_DB_HOST = Setting('SAAS_PHPLIST_DB_HOST', 'loclahost', help_text=_("Needed for password changing support."), @@ -125,7 +123,6 @@ SAAS_PHPLIST_BASE_DOMAIN = Setting('SAAS_PHPLIST_BASE_DOMAIN', help_text="Uses ORCHESTRA_BASE_DOMAIN by default.", ) - SAAS_PHPLIST_VERIFY_SSL = Setting('SAAS_PHPLIST_VERIFY_SSL', True, help_text=_("Verify SSL certificate on the HTTP requests performed by the backend."), @@ -155,38 +152,40 @@ SAAS_PHPLIST_MAIL_LOG_PATH = Setting('SAAS_PHPLIST_MAIL_LOG_PATH', ) +# SeaFile + SAAS_SEAFILE_DOMAIN = Setting('SAAS_SEAFILE_DOMAIN', 'seafile.{}'.format(ORCHESTRA_BASE_DOMAIN), help_text="Uses ORCHESTRA_BASE_DOMAIN by default.", ) - SAAS_SEAFILE_DEFAULT_QUOTA = Setting('SAAS_SEAFILE_DEFAULT_QUOTA', 50 ) +# BSCW + SAAS_BSCW_DOMAIN = Setting('SAAS_BSCW_DOMAIN', 'bscw.{}'.format(ORCHESTRA_BASE_DOMAIN), help_text="Uses ORCHESTRA_BASE_DOMAIN by default.", ) - SAAS_BSCW_DEFAULT_QUOTA = Setting('SAAS_BSCW_DEFAULT_QUOTA', 50, ) - SAAS_BSCW_BSADMIN_PATH = Setting('SAAS_BSCW_BSADMIN_PATH', '/home/httpd/bscw/bin/bsadmin', ) +# GitLab + SAAS_GITLAB_ROOT_PASSWORD = Setting('SAAS_GITLAB_ROOT_PASSWORD', 'secret', ) - SAAS_GITLAB_DOMAIN = Setting('SAAS_GITLAB_DOMAIN', 'gitlab.{}'.format(ORCHESTRA_BASE_DOMAIN), help_text="Uses ORCHESTRA_BASE_DOMAIN by default.", diff --git a/orchestra/contrib/websites/settings.py b/orchestra/contrib/websites/settings.py index 71b4be97..91927e0c 100644 --- a/orchestra/contrib/websites/settings.py +++ b/orchestra/contrib/websites/settings.py @@ -1,6 +1,7 @@ from django.utils.translation import ugettext_lazy as _ from orchestra.contrib.settings import Setting +from orchestra.core.validators import validate_ip_address from .. import websites @@ -89,7 +90,9 @@ WEBSITES_WEBSITE_WWW_ERROR_LOG_PATH = Setting('WEBSITES_WEBSITE_WWW_ERROR_LOG_PA WEBSITES_TRAFFIC_IGNORE_HOSTS = Setting('WEBSITES_TRAFFIC_IGNORE_HOSTS', - ('127.0.0.1',) + ('127.0.0.1',), + help_text=_("IP addresses to ignore during traffic accountability."), + validators=[lambda hosts: (validate_ip_address(host) for host in hosts)], )