Only configure --config-dir/--work-dir (rest dynamic).

letsencrypt/cli.py

@@ -332,16 +332,6 @@ def _paths_parser(parser):
         help=config_help("config_dir"))
     add("--work-dir", default=flag_default("work_dir"),
         help=config_help("work_dir"))
-    add("--backup-dir", default=flag_default("backup_dir"),
-        help=config_help("backup_dir"))
-
-    add("--key-dir", default=flag_default("key_dir"),
-        help=config_help("key_dir"))
-    add("--cert-dir", default=flag_default("certs_dir"),
-        help=config_help("cert_dir"))
-
-    add("--renewer-config-file", default=flag_default("renewer_config_file"),
-        help=config_help("renewer_config_file"))
 
     return parser
 

letsencrypt/configuration.py

@@ -17,10 +17,15 @@ class NamespaceConfig(object):
     :attr:`~letsencrypt.interfaces.IConfig.work_dir` and relative
     paths defined in :py:mod:`letsencrypt.constants`:
 
-      - ``temp_checkpoint_dir``
-      - ``in_progress_dir``
-      - ``cert_key_backup``
-      - ``rec_token_dir``
+      - `accounts_dir`
+      - `account_keys_dir`
+      - `cert_dir`
+      - `cert_key_backup`
+      - `in_progress_dir`
+      - `key_dir`
+      - `rec_token_dir`
+      - `renewer_config_file`
+      - `temp_checkpoint_dir`
 
     :ivar namespace: Namespace typically produced by
         :meth:`argparse.ArgumentParser.parse_args`.
@@ -35,27 +40,12 @@ class NamespaceConfig(object):
     def __getattr__(self, name):
         return getattr(self.namespace, name)
 
-    @property
-    def temp_checkpoint_dir(self):  # pylint: disable=missing-docstring
-        return os.path.join(
-            self.namespace.work_dir, constants.TEMP_CHECKPOINT_DIR)
-
-    @property
-    def in_progress_dir(self):  # pylint: disable=missing-docstring
-        return os.path.join(self.namespace.work_dir, constants.IN_PROGRESS_DIR)
-
     @property
     def server_path(self):
         """File path based on ``server``."""
         parsed = urlparse.urlparse(self.namespace.server)
         return (parsed.netloc + parsed.path).replace('/', os.path.sep)
 
-    @property
-    def cert_key_backup(self):  # pylint: disable=missing-docstring
-        return os.path.join(
-            self.namespace.work_dir, constants.CERT_KEY_BACKUP_DIR,
-            self.server_path)
-
     @property
     def accounts_dir(self):  #pylint: disable=missing-docstring
         return os.path.join(
@@ -63,11 +53,40 @@ class NamespaceConfig(object):
 
     @property
     def account_keys_dir(self):  #pylint: disable=missing-docstring
-        return os.path.join(
-            self.namespace.config_dir, constants.ACCOUNTS_DIR,
-            self.server_path, constants.ACCOUNT_KEYS_DIR)
+        return os.path.join(self.accounts_dir, constants.ACCOUNT_KEYS_DIR)
+
+    @property
+    def backup_dir(self):  # pylint: disable=missing-docstring
+        return os.path.join(self.namespace.work_dir, constants.BACKUP_DIR)
+
+    @property
+    def cert_dir(self):  # pylint: disable=missing-docstring
+        return os.path.join(self.namespace.config_dir, constants.CERT_DIR)
+
+    @property
+    def cert_key_backup(self):  # pylint: disable=missing-docstring
+        return os.path.join(self.namespace.work_dir,
+                            constants.CERT_KEY_BACKUP_DIR, self.server_path)
+
+    @property
+    def in_progress_dir(self):  # pylint: disable=missing-docstring
+        return os.path.join(self.namespace.work_dir, constants.IN_PROGRESS_DIR)
+
+    @property
+    def key_dir(self):  # pylint: disable=missing-docstring
+        return os.path.join(self.namespace.config_dir, constants.KEY_DIR)
 
     # TODO: This should probably include the server name
     @property
     def rec_token_dir(self):  # pylint: disable=missing-docstring
         return os.path.join(self.namespace.work_dir, constants.REC_TOKEN_DIR)
+
+    @property
+    def renewer_config_file(self):  # pylint: disable=missing-docstring
+        return os.path.join(
+            self.namespace.config_dir, constants.RENEWER_CONFIG_FILENAME)
+
+    @property
+    def temp_checkpoint_dir(self):  # pylint: disable=missing-docstring
+        return os.path.join(
+            self.namespace.work_dir, constants.TEMP_CHECKPOINT_DIR)

letsencrypt/constants.py

@@ -1,6 +1,5 @@
 """Let's Encrypt constants."""
 import logging
-import os
 
 from acme import challenges
 
@@ -8,24 +7,14 @@ from acme import challenges
 SETUPTOOLS_PLUGINS_ENTRY_POINT = "letsencrypt.plugins"
 """Setuptools entry point group name for plugins."""
 
-
-_CLI_DEFAULT_CONFIG_DIR = "/etc/letsencrypt"
-_CLI_DEFAULT_WORK_DIR = "/var/lib/letsencrypt"
-_CLI_DEFAULT_CERT_DIR = os.path.join(_CLI_DEFAULT_CONFIG_DIR, "certs")
 CLI_DEFAULTS = dict(
     config_files=["/etc/letsencrypt/cli.ini"],
     verbose_count=-(logging.WARNING / 10),
     server="https://www.letsencrypt-demo.org/acme/new-reg",
     rsa_key_size=2048,
     rollback_checkpoints=0,
-    config_dir=_CLI_DEFAULT_CONFIG_DIR,
-    work_dir=_CLI_DEFAULT_CONFIG_DIR,
-    backup_dir=os.path.join(_CLI_DEFAULT_WORK_DIR, "backups"),
-    key_dir=os.path.join(_CLI_DEFAULT_CONFIG_DIR, "keys"),
-    certs_dir=_CLI_DEFAULT_CERT_DIR,
-    cert_path=os.path.join(_CLI_DEFAULT_CERT_DIR, "cert-letsencrypt.pem"),
-    chain_path=os.path.join(_CLI_DEFAULT_CERT_DIR, "chain-letsencrypt.pem"),
-    renewer_config_file=os.path.join(_CLI_DEFAULT_CONFIG_DIR, "renewer.conf"),
+    config_dir="/etc/letsencrypt",
+    work_dir="/var/lib/letsencrypt",
     test_mode=False,
 )
 """Defaults for CLI flags and `.IConfig` attributes."""
@@ -64,26 +53,40 @@ List of expected options parameters:
 CONFIG_DIRS_MODE = 0o755
 """Directory mode for ``.IConfig.config_dir`` et al."""
 
-TEMP_CHECKPOINT_DIR = "temp_checkpoint"
-"""Temporary checkpoint directory (relative to IConfig.work_dir)."""
-
-IN_PROGRESS_DIR = "IN_PROGRESS"
-"""Directory used before a permanent checkpoint is finalized (relative to
-IConfig.work_dir)."""
-
-CERT_KEY_BACKUP_DIR = "keys-certs"
-"""Directory where all certificates and keys are stored (relative to
-IConfig.work_dir. Used for easy revocation."""
-
 ACCOUNTS_DIR = "accounts"
 """Directory where all accounts are saved."""
 
 ACCOUNT_KEYS_DIR = "keys"
-"""Directory where account keys are saved. Relative to ACCOUNTS_DIR."""
+"""Directory where account keys are saved. Relative to `ACCOUNTS_DIR`."""
+
+BACKUP_DIR = "backups"
+"""Directory (relative to `IConfig.work_dir`) where backups are kept."""
+
+CERT_KEY_BACKUP_DIR = "keys-certs"
+"""Directory where all certificates and keys are stored (relative to
+`IConfig.work_dir`). Used for easy revocation."""
+
+CERT_DIR = "certs"
+"""Directory (relative to `IConfig.config_dir`) where CSRs are saved."""
+
+IN_PROGRESS_DIR = "IN_PROGRESS"
+"""Directory used before a permanent checkpoint is finalized (relative to
+`IConfig.work_dir`)."""
+
+KEYS_DIR = "keys"
+"""Directory (relative to `IConfig.config_dir`) where keys are saved."""
+
+TEMP_CHECKPOINT_DIR = "temp_checkpoint"
+"""Temporary checkpoint directory (relative to `IConfig.work_dir`)."""
 
 REC_TOKEN_DIR = "recovery_tokens"
 """Directory where all recovery tokens are saved (relative to
-IConfig.work_dir)."""
+`IConfig.work_dir`)."""
+
+
+RENEWER_CONFIG_FILENAME = "renewer.conf"
+"""Renewer config file name (relative to `IConfig.config_dir`)."""
+
 
 NETSTAT = "/bin/netstat"
 """Location of netstat binary for checking whether a listener is already

letsencrypt/interfaces.py

@@ -156,23 +156,23 @@ class IConfig(zope.interface.Interface):
 
     config_dir = zope.interface.Attribute("Configuration directory.")
     work_dir = zope.interface.Attribute("Working directory.")
-    backup_dir = zope.interface.Attribute("Configuration backups directory.")
-    temp_checkpoint_dir = zope.interface.Attribute(
-        "Temporary checkpoint directory.")
-    in_progress_dir = zope.interface.Attribute(
-        "Directory used before a permanent checkpoint is finalized.")
-    cert_key_backup = zope.interface.Attribute(
-        "Directory where all certificates and keys are stored. "
-        "Used for easy revocation.")
+
     accounts_dir = zope.interface.Attribute(
         "Directory where all account information is stored.")
     account_keys_dir = zope.interface.Attribute(
         "Directory where all account keys are stored.")
+    backup_dir = zope.interface.Attribute("Configuration backups directory.")
+    cert_dir = zope.interface.Attribute("Certificates and CSRs storage.")
+    cert_key_backup = zope.interface.Attribute(
+        "Directory where all certificates and keys are stored. "
+        "Used for easy revocation.")
+    in_progress_dir = zope.interface.Attribute(
+        "Directory used before a permanent checkpoint is finalized.")
+    key_dir = zope.interface.Attribute("Keys storage.")
     rec_token_dir = zope.interface.Attribute(
         "Directory where all recovery tokens are saved.")
-
-    key_dir = zope.interface.Attribute("Keys storage.")
-    cert_dir = zope.interface.Attribute("Certificates and CSRs storage.")
+    temp_checkpoint_dir = zope.interface.Attribute(
+        "Temporary checkpoint directory.")
 
     renewer_config_file = zope.interface.Attribute(
         "Location of renewal configuration file.")

letsencrypt/tests/configuration_test.py

@@ -30,23 +30,31 @@ class NamespaceConfigTest(unittest.TestCase):
 
     @mock.patch('letsencrypt.configuration.constants')
     def test_dynamic_dirs(self, constants):
-        constants.TEMP_CHECKPOINT_DIR = 't'
-        constants.IN_PROGRESS_DIR = '../p'
-        constants.CERT_KEY_BACKUP_DIR = 'c/'
-        constants.REC_TOKEN_DIR = '/r'
         constants.ACCOUNTS_DIR = 'acc'
         constants.ACCOUNT_KEYS_DIR = 'keys'
+        constants.BACKUP_DIR = 'backups'
+        constants.CERT_DIR = 'certs'
+        constants.CERT_KEY_BACKUP_DIR = 'c/'
+        constants.IN_PROGRESS_DIR = '../p'
+        constants.KEY_DIR = 'keys'
+        constants.REC_TOKEN_DIR = '/r'
+        constants.RENEWER_CONFIG_FILENAME = 'r.conf'
+        constants.TEMP_CHECKPOINT_DIR = 't'
 
-        self.assertEqual(self.config.temp_checkpoint_dir, '/tmp/foo/t')
-        self.assertEqual(self.config.in_progress_dir, '/tmp/foo/../p')
-        self.assertEqual(
-            self.config.cert_key_backup, '/tmp/foo/c/acme-server.org:443/new')
-        self.assertEqual(self.config.rec_token_dir, '/r')
         self.assertEqual(
             self.config.accounts_dir, '/tmp/config/acc/acme-server.org:443/new')
         self.assertEqual(
             self.config.account_keys_dir,
             '/tmp/config/acc/acme-server.org:443/new/keys')
+        self.assertEqual(self.config.backup_dir, '/tmp/foo/backups')
+        self.assertEqual(self.config.cert_dir, '/tmp/config/certs')
+        self.assertEqual(
+            self.config.cert_key_backup, '/tmp/foo/c/acme-server.org:443/new')
+        self.assertEqual(self.config.in_progress_dir, '/tmp/foo/../p')
+        self.assertEqual(self.config.key_dir, '/tmp/config/keys')
+        self.assertEqual(self.config.rec_token_dir, '/r')
+        self.assertEqual(self.config.renewer_config_file, '/tmp/config/r.conf')
+        self.assertEqual(self.config.temp_checkpoint_dir, '/tmp/foo/t')
 
 
 if __name__ == '__main__':

letsencrypt_apache/tests/util.py

@@ -76,10 +76,7 @@ def get_apache_configurator(
                 apache_server_root=config_path,
                 apache_mod_ssl_conf=ssl_options,
                 apache_le_vhost_ext=constants.CLI_DEFAULTS["le_vhost_ext"],
-                backup_dir=backups,
                 config_dir=config_dir,
-                temp_checkpoint_dir=os.path.join(work_dir, "temp_checkpoints"),
-                in_progress_dir=os.path.join(backups, "IN_PROGRESS"),
                 work_dir=work_dir),
             name="apache",
             version=version)

letsencrypt_nginx/tests/util.py

@@ -46,9 +46,7 @@ def get_nginx_configurator(
     config = configurator.NginxConfigurator(
         config=mock.MagicMock(
             nginx_server_root=config_path, nginx_mod_ssl_conf=ssl_options,
-            backup_dir=backups, config_dir=config_dir, work_dir=work_dir,
-            temp_checkpoint_dir=os.path.join(work_dir, "temp_checkpoints"),
-            in_progress_dir=os.path.join(backups, "IN_PROGRESS")),
+            config_dir=config_dir, work_dir=work_dir),
         name="nginx",
         version=version)
     config.prepare()