diff --git a/letsencrypt/cli.py b/letsencrypt/cli.py index 03367e2cb..45fe271bb 100644 --- a/letsencrypt/cli.py +++ b/letsencrypt/cli.py @@ -332,16 +332,6 @@ def _paths_parser(parser): help=config_help("config_dir")) add("--work-dir", default=flag_default("work_dir"), help=config_help("work_dir")) - add("--backup-dir", default=flag_default("backup_dir"), - help=config_help("backup_dir")) - - add("--key-dir", default=flag_default("key_dir"), - help=config_help("key_dir")) - add("--cert-dir", default=flag_default("certs_dir"), - help=config_help("cert_dir")) - - add("--renewer-config-file", default=flag_default("renewer_config_file"), - help=config_help("renewer_config_file")) return parser diff --git a/letsencrypt/configuration.py b/letsencrypt/configuration.py index 6a808a6a9..00b45040a 100644 --- a/letsencrypt/configuration.py +++ b/letsencrypt/configuration.py @@ -17,10 +17,15 @@ class NamespaceConfig(object): :attr:`~letsencrypt.interfaces.IConfig.work_dir` and relative paths defined in :py:mod:`letsencrypt.constants`: - - ``temp_checkpoint_dir`` - - ``in_progress_dir`` - - ``cert_key_backup`` - - ``rec_token_dir`` + - `accounts_dir` + - `account_keys_dir` + - `cert_dir` + - `cert_key_backup` + - `in_progress_dir` + - `key_dir` + - `rec_token_dir` + - `renewer_config_file` + - `temp_checkpoint_dir` :ivar namespace: Namespace typically produced by :meth:`argparse.ArgumentParser.parse_args`. @@ -35,27 +40,12 @@ class NamespaceConfig(object): def __getattr__(self, name): return getattr(self.namespace, name) - @property - def temp_checkpoint_dir(self): # pylint: disable=missing-docstring - return os.path.join( - self.namespace.work_dir, constants.TEMP_CHECKPOINT_DIR) - - @property - def in_progress_dir(self): # pylint: disable=missing-docstring - return os.path.join(self.namespace.work_dir, constants.IN_PROGRESS_DIR) - @property def server_path(self): """File path based on ``server``.""" parsed = urlparse.urlparse(self.namespace.server) return (parsed.netloc + parsed.path).replace('/', os.path.sep) - @property - def cert_key_backup(self): # pylint: disable=missing-docstring - return os.path.join( - self.namespace.work_dir, constants.CERT_KEY_BACKUP_DIR, - self.server_path) - @property def accounts_dir(self): #pylint: disable=missing-docstring return os.path.join( @@ -63,11 +53,40 @@ class NamespaceConfig(object): @property def account_keys_dir(self): #pylint: disable=missing-docstring - return os.path.join( - self.namespace.config_dir, constants.ACCOUNTS_DIR, - self.server_path, constants.ACCOUNT_KEYS_DIR) + return os.path.join(self.accounts_dir, constants.ACCOUNT_KEYS_DIR) + + @property + def backup_dir(self): # pylint: disable=missing-docstring + return os.path.join(self.namespace.work_dir, constants.BACKUP_DIR) + + @property + def cert_dir(self): # pylint: disable=missing-docstring + return os.path.join(self.namespace.config_dir, constants.CERT_DIR) + + @property + def cert_key_backup(self): # pylint: disable=missing-docstring + return os.path.join(self.namespace.work_dir, + constants.CERT_KEY_BACKUP_DIR, self.server_path) + + @property + def in_progress_dir(self): # pylint: disable=missing-docstring + return os.path.join(self.namespace.work_dir, constants.IN_PROGRESS_DIR) + + @property + def key_dir(self): # pylint: disable=missing-docstring + return os.path.join(self.namespace.config_dir, constants.KEY_DIR) # TODO: This should probably include the server name @property def rec_token_dir(self): # pylint: disable=missing-docstring return os.path.join(self.namespace.work_dir, constants.REC_TOKEN_DIR) + + @property + def renewer_config_file(self): # pylint: disable=missing-docstring + return os.path.join( + self.namespace.config_dir, constants.RENEWER_CONFIG_FILENAME) + + @property + def temp_checkpoint_dir(self): # pylint: disable=missing-docstring + return os.path.join( + self.namespace.work_dir, constants.TEMP_CHECKPOINT_DIR) diff --git a/letsencrypt/constants.py b/letsencrypt/constants.py index 5b7c3af29..6e2355252 100644 --- a/letsencrypt/constants.py +++ b/letsencrypt/constants.py @@ -1,6 +1,5 @@ """Let's Encrypt constants.""" import logging -import os from acme import challenges @@ -8,24 +7,14 @@ from acme import challenges SETUPTOOLS_PLUGINS_ENTRY_POINT = "letsencrypt.plugins" """Setuptools entry point group name for plugins.""" - -_CLI_DEFAULT_CONFIG_DIR = "/etc/letsencrypt" -_CLI_DEFAULT_WORK_DIR = "/var/lib/letsencrypt" -_CLI_DEFAULT_CERT_DIR = os.path.join(_CLI_DEFAULT_CONFIG_DIR, "certs") CLI_DEFAULTS = dict( config_files=["/etc/letsencrypt/cli.ini"], verbose_count=-(logging.WARNING / 10), server="https://www.letsencrypt-demo.org/acme/new-reg", rsa_key_size=2048, rollback_checkpoints=0, - config_dir=_CLI_DEFAULT_CONFIG_DIR, - work_dir=_CLI_DEFAULT_CONFIG_DIR, - backup_dir=os.path.join(_CLI_DEFAULT_WORK_DIR, "backups"), - key_dir=os.path.join(_CLI_DEFAULT_CONFIG_DIR, "keys"), - certs_dir=_CLI_DEFAULT_CERT_DIR, - cert_path=os.path.join(_CLI_DEFAULT_CERT_DIR, "cert-letsencrypt.pem"), - chain_path=os.path.join(_CLI_DEFAULT_CERT_DIR, "chain-letsencrypt.pem"), - renewer_config_file=os.path.join(_CLI_DEFAULT_CONFIG_DIR, "renewer.conf"), + config_dir="/etc/letsencrypt", + work_dir="/var/lib/letsencrypt", test_mode=False, ) """Defaults for CLI flags and `.IConfig` attributes.""" @@ -64,26 +53,40 @@ List of expected options parameters: CONFIG_DIRS_MODE = 0o755 """Directory mode for ``.IConfig.config_dir`` et al.""" -TEMP_CHECKPOINT_DIR = "temp_checkpoint" -"""Temporary checkpoint directory (relative to IConfig.work_dir).""" - -IN_PROGRESS_DIR = "IN_PROGRESS" -"""Directory used before a permanent checkpoint is finalized (relative to -IConfig.work_dir).""" - -CERT_KEY_BACKUP_DIR = "keys-certs" -"""Directory where all certificates and keys are stored (relative to -IConfig.work_dir. Used for easy revocation.""" - ACCOUNTS_DIR = "accounts" """Directory where all accounts are saved.""" ACCOUNT_KEYS_DIR = "keys" -"""Directory where account keys are saved. Relative to ACCOUNTS_DIR.""" +"""Directory where account keys are saved. Relative to `ACCOUNTS_DIR`.""" + +BACKUP_DIR = "backups" +"""Directory (relative to `IConfig.work_dir`) where backups are kept.""" + +CERT_KEY_BACKUP_DIR = "keys-certs" +"""Directory where all certificates and keys are stored (relative to +`IConfig.work_dir`). Used for easy revocation.""" + +CERT_DIR = "certs" +"""Directory (relative to `IConfig.config_dir`) where CSRs are saved.""" + +IN_PROGRESS_DIR = "IN_PROGRESS" +"""Directory used before a permanent checkpoint is finalized (relative to +`IConfig.work_dir`).""" + +KEYS_DIR = "keys" +"""Directory (relative to `IConfig.config_dir`) where keys are saved.""" + +TEMP_CHECKPOINT_DIR = "temp_checkpoint" +"""Temporary checkpoint directory (relative to `IConfig.work_dir`).""" REC_TOKEN_DIR = "recovery_tokens" """Directory where all recovery tokens are saved (relative to -IConfig.work_dir).""" +`IConfig.work_dir`).""" + + +RENEWER_CONFIG_FILENAME = "renewer.conf" +"""Renewer config file name (relative to `IConfig.config_dir`).""" + NETSTAT = "/bin/netstat" """Location of netstat binary for checking whether a listener is already diff --git a/letsencrypt/interfaces.py b/letsencrypt/interfaces.py index 365b9c182..421c10402 100644 --- a/letsencrypt/interfaces.py +++ b/letsencrypt/interfaces.py @@ -156,23 +156,23 @@ class IConfig(zope.interface.Interface): config_dir = zope.interface.Attribute("Configuration directory.") work_dir = zope.interface.Attribute("Working directory.") - backup_dir = zope.interface.Attribute("Configuration backups directory.") - temp_checkpoint_dir = zope.interface.Attribute( - "Temporary checkpoint directory.") - in_progress_dir = zope.interface.Attribute( - "Directory used before a permanent checkpoint is finalized.") - cert_key_backup = zope.interface.Attribute( - "Directory where all certificates and keys are stored. " - "Used for easy revocation.") + accounts_dir = zope.interface.Attribute( "Directory where all account information is stored.") account_keys_dir = zope.interface.Attribute( "Directory where all account keys are stored.") + backup_dir = zope.interface.Attribute("Configuration backups directory.") + cert_dir = zope.interface.Attribute("Certificates and CSRs storage.") + cert_key_backup = zope.interface.Attribute( + "Directory where all certificates and keys are stored. " + "Used for easy revocation.") + in_progress_dir = zope.interface.Attribute( + "Directory used before a permanent checkpoint is finalized.") + key_dir = zope.interface.Attribute("Keys storage.") rec_token_dir = zope.interface.Attribute( "Directory where all recovery tokens are saved.") - - key_dir = zope.interface.Attribute("Keys storage.") - cert_dir = zope.interface.Attribute("Certificates and CSRs storage.") + temp_checkpoint_dir = zope.interface.Attribute( + "Temporary checkpoint directory.") renewer_config_file = zope.interface.Attribute( "Location of renewal configuration file.") diff --git a/letsencrypt/tests/configuration_test.py b/letsencrypt/tests/configuration_test.py index d25368feb..345e3abbc 100644 --- a/letsencrypt/tests/configuration_test.py +++ b/letsencrypt/tests/configuration_test.py @@ -30,23 +30,31 @@ class NamespaceConfigTest(unittest.TestCase): @mock.patch('letsencrypt.configuration.constants') def test_dynamic_dirs(self, constants): - constants.TEMP_CHECKPOINT_DIR = 't' - constants.IN_PROGRESS_DIR = '../p' - constants.CERT_KEY_BACKUP_DIR = 'c/' - constants.REC_TOKEN_DIR = '/r' constants.ACCOUNTS_DIR = 'acc' constants.ACCOUNT_KEYS_DIR = 'keys' + constants.BACKUP_DIR = 'backups' + constants.CERT_DIR = 'certs' + constants.CERT_KEY_BACKUP_DIR = 'c/' + constants.IN_PROGRESS_DIR = '../p' + constants.KEY_DIR = 'keys' + constants.REC_TOKEN_DIR = '/r' + constants.RENEWER_CONFIG_FILENAME = 'r.conf' + constants.TEMP_CHECKPOINT_DIR = 't' - self.assertEqual(self.config.temp_checkpoint_dir, '/tmp/foo/t') - self.assertEqual(self.config.in_progress_dir, '/tmp/foo/../p') - self.assertEqual( - self.config.cert_key_backup, '/tmp/foo/c/acme-server.org:443/new') - self.assertEqual(self.config.rec_token_dir, '/r') self.assertEqual( self.config.accounts_dir, '/tmp/config/acc/acme-server.org:443/new') self.assertEqual( self.config.account_keys_dir, '/tmp/config/acc/acme-server.org:443/new/keys') + self.assertEqual(self.config.backup_dir, '/tmp/foo/backups') + self.assertEqual(self.config.cert_dir, '/tmp/config/certs') + self.assertEqual( + self.config.cert_key_backup, '/tmp/foo/c/acme-server.org:443/new') + self.assertEqual(self.config.in_progress_dir, '/tmp/foo/../p') + self.assertEqual(self.config.key_dir, '/tmp/config/keys') + self.assertEqual(self.config.rec_token_dir, '/r') + self.assertEqual(self.config.renewer_config_file, '/tmp/config/r.conf') + self.assertEqual(self.config.temp_checkpoint_dir, '/tmp/foo/t') if __name__ == '__main__': diff --git a/letsencrypt_apache/tests/util.py b/letsencrypt_apache/tests/util.py index e637b0890..a5e700682 100644 --- a/letsencrypt_apache/tests/util.py +++ b/letsencrypt_apache/tests/util.py @@ -76,10 +76,7 @@ def get_apache_configurator( apache_server_root=config_path, apache_mod_ssl_conf=ssl_options, apache_le_vhost_ext=constants.CLI_DEFAULTS["le_vhost_ext"], - backup_dir=backups, config_dir=config_dir, - temp_checkpoint_dir=os.path.join(work_dir, "temp_checkpoints"), - in_progress_dir=os.path.join(backups, "IN_PROGRESS"), work_dir=work_dir), name="apache", version=version) diff --git a/letsencrypt_nginx/tests/util.py b/letsencrypt_nginx/tests/util.py index 45d1fa184..fd1418aa3 100644 --- a/letsencrypt_nginx/tests/util.py +++ b/letsencrypt_nginx/tests/util.py @@ -46,9 +46,7 @@ def get_nginx_configurator( config = configurator.NginxConfigurator( config=mock.MagicMock( nginx_server_root=config_path, nginx_mod_ssl_conf=ssl_options, - backup_dir=backups, config_dir=config_dir, work_dir=work_dir, - temp_checkpoint_dir=os.path.join(work_dir, "temp_checkpoints"), - in_progress_dir=os.path.join(backups, "IN_PROGRESS")), + config_dir=config_dir, work_dir=work_dir), name="nginx", version=version) config.prepare()