Skip to content
This repository has been archived by the owner on Feb 12, 2023. It is now read-only.

Adds support for Let's Encrypt x Certbot #52

Merged
merged 8 commits into from Sep 26, 2022
Merged

Adds support for Let's Encrypt x Certbot #52

merged 8 commits into from Sep 26, 2022

Conversation

AntociAlin
Copy link
Member

@AntociAlin AntociAlin commented Aug 19, 2022
edited

Metadata

Proposed Changes

  • Implements the new Let's Encrypt x Certbot module for the new MutableSecurity structure.

New Functioning

Let's Encrypt x Certbot will be able to generate a certificate for a single domain. It supports only Nginx for the moment.

@AntociAlin AntociAlin changed the title Implements new Let's Encrypt x Certbot Implements the new Let's Encrypt x Certbot Aug 19, 2022
@AntociAlin AntociAlin changed the title Implements the new Let's Encrypt x Certbot Adds support for Let's Encrypt x Certbot Aug 19, 2022
iosifache
iosifache suggested changes Aug 19, 2022
View reviewed changes
Copy link
Member

@iosifache iosifache left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I checked the functionality and it is mostly correct. In addition to the comments in code, please consider the following:

  1. The domain change functionality does not work. If you have the domain dev.mutablesecurity.io initially set and then change to staging.mutablesecurity.io, the certificate remains the same. It should change as well, with the new domain.
  2. Replace all the /var/log/nginx/https_{UserDomain.get()}_access.log occurrences with LogLocation.get(). This indirection decrease the code size and helps further changes (with the additional level of indirection).
  3. If you have pyinfra operations, use them. I saw a lot of server.shell(command="rm" despite the fact that you could use file.file(present=False.
  4. Group the objects by types. See the file structure in the documentation.
  5. Check the phrases (descriptions for objects and pyinfra operations) to be valid.
  6. Lint the code.
  7. Remove the code.py.old file.

mutablesecurity/solutions/implementations/lets_encrypt/code.py Show resolved Hide resolved
mutablesecurity/solutions/implementations/lets_encrypt/code.py Show resolved Hide resolved
mutablesecurity/solutions/implementations/lets_encrypt/code.py Outdated Show resolved Hide resolved
mutablesecurity/solutions/implementations/lets_encrypt/code.py Outdated Show resolved Hide resolved
mutablesecurity/solutions/implementations/lets_encrypt/code.py Show resolved Hide resolved
mutablesecurity/solutions/implementations/lets_encrypt/code.py Outdated Show resolved Hide resolved
mutablesecurity/solutions/implementations/lets_encrypt/code.py Outdated Show resolved Hide resolved
@AntociAlin
Copy link
Member Author

AntociAlin commented Aug 19, 2022
edited

For the first comment, and that is: The domain change functionality does not work. If you have the domain dev.mutablesecurity.io initially set and then change to staging.mutablesecurity.io, the certificate remains the same. It should change as well, with the new domain.
Should the change happen exactly at the time the new information has been made into the configuration file? And if yes, what happens to the old certificate? Should it be revoked? Or should we just auto-generate a another one right as the new information is given, without needing to use the INSTALL operation?

@iosifache
Copy link
Member

@AntociAlin, as this version of the module supports only one domain, let's just revoke the old one and generate a new certificate.

@AntociAlin
Copy link
Member Author

AntociAlin commented Aug 22, 2022
edited

I have added the latest commit, where I've fixed almost every issued presented by you. There is one more issue left, and that is the generation and revocation of certificates when the user changes the domain or the email. The issue occurs only at the SET_INFORMATION parameter. Furthermore, INSTALL and UNINSTALL use the same functions and classes as SET_INFORMATION, but they work as expected, no issues at all. Please do look into it George-Andrei Iosif.

@AntociAlin
Copy link
Member Author

I've fixed all the issues presented above. Please do look into this PR one more time and if everything is in order, then it should be ready to merge with main.

AntociAlin and others added 7 commits September 26, 2022 14:55
@AntociAlin @iosifache
Implements new Let's Encrypt x Certbot
7afcf2d 
This commit implements the refactored version of Let's Encrypt x
Certbot for the new MutableSecurity structure.

Resolves: #51

Signed-off-by: AntociAlin <antoci.alin97@gmail.com>
@AntociAlin @iosifache
Improves and fixes Let's Encrypt x Cerbot
2853a7c 
This commit fixes the issues flagged by George-Andrei Iosif
<georgeiosif@live.com>. There is one more issue left. The issue
represents the generation and revocation of certificates when the
user changes the domain or the email.

Resolves: #51

Signed-off-by: AntociAlin <antoci.alin97@gmail.com>
@AntociAlin @iosifache
Fixes the SET_INFORMATION issues
f226599 
This commit fixes all the SET_INFORMATION issues that have been
presented in the past few weeks. There have been a few changes to
the code also to be able to run everything smoothly.

Resolves: #51

Signed-off-by: AntociAlin <antoci.alin97@gmail.com>
@AntociAlin @iosifache
Refactoring of the Let's Encrypt code
5581eb8 
This commit modifies the flow of the code. The main two functions:
GENERATE and REVOKE have been broken apart and integrated into
_install and _uninstall.

Resolves: #51

Signed-off-by: AntociAlin <antoci.alin97@gmail.com>
@AntociAlin @iosifache
Changes shell functions to pyinfra equivalent
efdc217 
This commit changes some of the shell functions to typical pyinfra
functions to handle all requests better.

Resolves: #51

Signed-off-by: AntociAlin <antoci.alin97@gmail.com>
@AntociAlin @iosifache
Adds the apt.py file into the common directory
c631d54 
This commit adds the apt.py file into the common.operations
directory. This file contains the apt operation autoremove.
This way every module from this point onward will be able to use
the most common apt functions in a more fluid way.

Resolves: #51

Signed-off-by: AntociAlin <antoci.alin97@gmail.com>
@iosifache
Automatically generates a new spec sheet for each solution (#40)
9ae451a 
* Creates a documentation generation module

Moves functionality from the script generating README.md into a new
module, autodoc, that will help generating Markdown spec sheets too.

Resolves: #39

Signed-off-by: George-Andrei Iosif <georgeiosif@live.com>

* Implements the auto-generation of documentation

Implements the code for generating automatically the documentation
for solutions integration. The output will be further be taken by a
GitHub action and placed into the future web-based documentation.

As some code from the CLI module was required in the autodoc one, the
functionality was moved into a visual_proxy module to allow the code
sharing.

Resolves: #39

Signed-off-by: George-Andrei Iosif <georgeiosif@live.com>

* Generates a solution index

Generates a JSON solution index, from the details already extracted
to generate the spec sheets, to be push into website's repository.

In addition, it changes the unit testing workflow to run only when
changes occurs in tested folders (with Python 3 code inside).

Resolves: #39

Signed-off-by: George-Andrei Iosif <georgeiosif@live.com>

* Adds new workflows and outputs

Adds the workflows for generating the spec sheets and triggering a
workflow from website's repository.

Resolves: #39

Signed-off-by: George-Andrei Iosif <georgeiosif@live.com>

* Renames the word "status"

Only replaces occurances of "status" with "maturity".

Resolves: #39

Signed-off-by: George-Andrei Iosif <georgeiosif@live.com>
@iosifache
Solves linter warnings and typos
a99e5c9 
Solves some warnings generated by linters and adds some punctuation.

Resolves: #51

Signed-off-by: George-Andrei Iosif <georgeiosif@live.com>
@iosifache iosifache self-requested a review September 26, 2022 12:24
@iosifache iosifache assigned AntociAlin and unassigned iosifache Sep 26, 2022
iosifache
iosifache approved these changes Sep 26, 2022
View reviewed changes
Copy link
Member

@iosifache iosifache left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

All good, we're merging this!

@AntociAlin AntociAlin merged commit e67e27c into main Sep 26, 2022
AntociAlin added a commit that referenced this pull request Sep 26, 2022
@AntociAlin
Revert "Adds support for Let's Encrypt x Certbot (#52)"
1821220 
This reverts commit e67e27c.
@iosifache iosifache deleted the issue-51 branch September 26, 2022 12:34
@iosifache iosifache added the improvement Improvement label Sep 26, 2022
@iosifache iosifache linked an issue Sep 26, 2022 that may be closed by this pull request
Let's Encrypt x Cerbot Refactoring #51
Closed
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Reviewers

@iosifache iosifache iosifache approved these changes

Assignees

@AntociAlin AntociAlin

Labels
improvement Improvement
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

Let's Encrypt x Cerbot Refactoring
2 participants
@AntociAlin @iosifache