Cleanup VPN stuff
diff --git a/xos/services/vpn/admin.py b/xos/services/vpn/admin.py
index 593bd1a..213dcff 100644
--- a/xos/services/vpn/admin.py
+++ b/xos/services/vpn/admin.py
@@ -175,7 +175,6 @@
VPNService.get_service_objects().all()[0])
def save(self, commit=True):
- result = super(VPNTenantForm, self).save(commit=commit)
self.instance.creator = self.cleaned_data.get("creator")
self.instance.is_persistent = self.cleaned_data.get('is_persistent')
self.instance.vpn_subnet = self.cleaned_data.get("vpn_subnet")
@@ -199,31 +198,7 @@
self.instance.use_ca_from_id = self.cleaned_data.get(
'use_ca_from').id
- result.save() # Need to do this so that we know the ID
-
- self.instance.pki_dir = (
- VPNService.OPENVPN_PREFIX + "server-" + str(result.id))
-
- if (not os.path.isdir(self.instance.pki_dir)):
- VPNService.execute_easyrsa_command(
- self.instance.pki_dir, "init-pki")
- VPNService.execute_easyrsa_command(
- self.instance.pki_dir, "--req-cn=XOS build-ca nopass")
- if (self.instance.use_ca_from_id):
- tenant = VPNTenant.get_tenant_objects().filter(
- pk=self.instance.use_ca_from_id)[0]
- shutil.copy2(tenant.pki_dir + "/ca.crt", self.instance.pki_dir)
- shutil.copy2(tenant.pki_dir + "/private/ca.key",
- self.instance.pki_dir + "/private")
-
- result.ca_crt = self.generate_ca_crt()
-
- return result
-
- def generate_ca_crt(self):
- """str: Generates the ca cert by reading from the ca file"""
- with open(self.instance.pki_dir + "/ca.crt") as crt:
- return crt.readlines()
+ return super(VPNTenantForm, self).save(commit=commit)
class Meta:
model = VPNTenant
@@ -252,52 +227,6 @@
def queryset(self, request):
return VPNTenant.get_tenant_objects_by_user(request.user)
- def certificate_name(self, tenant_privilege):
- return (str(tenant_privilege.user.email) +
- "-" + str(tenant_privilege.tenant.id))
-
- def save_formset(self, request, form, formset, change):
- super(VPNTenantAdmin, self).save_formset(
- request, form, formset, change)
- for obj in formset.deleted_objects:
- # If anything deleated was a TenantPrivilege then revoke the
- # certificate
- if type(obj) is TenantPrivilege:
- certificate = self.certificate_name(obj)
- # If the client has already been reovked don't do it again
- if (os.path.isfile(obj.tenant.pki_dir +
- "/issued/" + certificate + ".crt")):
- VPNService.execute_easyrsa_command(
- obj.tenant.pki_dir, "revoke " + certificate)
- # Revoking a client cert does not delete any of the files
- # to make sure that we can add this user again we need to
- # delete all of the files created by easyrsa
- os.remove(obj.tenant.pki_dir +
- "/issued/" + certificate + ".crt")
- os.remove(obj.tenant.pki_dir +
- "/private/" + certificate + ".key")
- os.remove(obj.tenant.pki_dir +
- "/reqs/" + certificate + ".req")
-
- obj.tenant.save()
- obj.delete()
- # TODO(jermowery): determine if this is necessary.
- # if type(obj) is VPNTenant:
- # if the tenant was deleted revoke all certs assoicated
- # pass
-
- for obj in formset.new_objects:
- # If there were any new TenantPrivlege objects then create certs
- if type(obj) is TenantPrivilege:
- certificate = self.certificate_name(obj)
- # Only add a certificate if ones does not yet exist
- if (not os.path.isfile(obj.tenant.pki_dir +
- "/issued/" + certificate + ".crt")):
- VPNService.execute_easyrsa_command(
- obj.tenant.pki_dir,
- "build-client-full " + certificate + " nopass")
- obj.tenant.save()
- obj.save()
# Associate the admin forms with the models.
admin.site.register(VPNService, VPNServiceAdmin)
diff --git a/xos/services/vpn/models.py b/xos/services/vpn/models.py
index 6922900..a9390ff 100644
--- a/xos/services/vpn/models.py
+++ b/xos/services/vpn/models.py
@@ -239,15 +239,6 @@
def port_number(self, value):
self.set_attribute("port", value)
- @property
- def script_text(self):
- return self.get_attribute(
- "script_text", self.default_attributes['script_text'])
-
- @script_text.setter
- def script_text(self, value):
- self.set_attribute("script_text", value)
-
def create_client_script(self, client_name):
script = ""
# write the configuration portion
diff --git a/xos/synchronizers/vpn/steps/sync_vpntenant.py b/xos/synchronizers/vpn/steps/sync_vpntenant.py
index f1861dc..c3f993f 100644
--- a/xos/synchronizers/vpn/steps/sync_vpntenant.py
+++ b/xos/synchronizers/vpn/steps/sync_vpntenant.py
@@ -39,10 +39,34 @@
"pki_dir": tenant.pki_dir
}
- def run_playbook(self, o, fields):
- # Generate the server files
+ def sync_fields(self, o, fields):
+ o.pki_dir = (VPNService.OPENVPN_PREFIX + "server-" + str(o.id))
+
+ if (not os.path.isdir(o.pki_dir)):
+ VPNService.execute_easyrsa_command(o.pki_dir, "init-pki")
+ VPNService.execute_easyrsa_command(
+ o.pki_dir, "--req-cn=XOS build-ca nopass")
+
+ # Very hacky way to handle VPNs that need to share CAs
+ if (o.use_ca_from_id):
+ tenant = VPNTenant.get_tenant_objects().filter(
+ pk=o.use_ca_from_id)[0]
+ shutil.copy2(tenant.pki_dir + "/ca.crt", o.pki_dir)
+ shutil.copy2(tenant.pki_dir + "/private/ca.key",
+ o.pki_dir + "/private")
+
+ o.ca_crt = self.get_ca_crt(o)
+
+ # If the server has to be built then we need to build it
if (not os.path.isfile(o.pki_dir + "/issued/server.crt")):
VPNService.execute_easyrsa_command(
o.pki_dir, "build-server-full server nopass")
- VPNService.execute_easyrsa_command(o.pki_dir, "gen-crl")
- super(SyncVPNTenant, self).run_playbook(o, fields)
+ # Get the most recent list of revoked clients
+ VPNService.execute_easyrsa_command(o.pki_dir, "gen-crl")
+ # Super runs the playbook
+ super(SyncVPNTenant, self).sync_fields(o, fields)
+
+ def get_ca_crt(self, tenant):
+ """str: Generates the ca cert by reading from the ca file"""
+ with open(tenant.pki_dir + "/ca.crt") as crt:
+ return crt.readlines()