This changes the apache plugin behaviour to only parse enabled configuration files and respecting the --apache-vhost-root CLI parameter for new SSL vhost creation. If --apache-vhost-root isn't defined, or doesn't exist, the SSL vhost will be created to originating non-SSL vhost directory.
This PR also implements actual check for vhost enabled state, and makes sure parser.parse_file() does not discard changes in Augeas DOM, by doing an autosave.
Also handles enabling the new SSL vhost, if it's on a path that's not parsed by Apache.
Fixes: #1328Fixes: #3545Fixes: #3791Fixes: #4523Fixes: #4837Fixes: #4905
* First changes
* Handle rest of the errors
* Test fixes
* Final fixes
* Make parse_files accessible and fix linter problems
* Activate vhost at later time
* Cleanup
* Add a new test case, and fix old
* Enable site later in deploy_cert
* Make apache-conf-test default dummy configuration enabled
* Remove is_sites_available as obsolete
* Cleanup
* Brought back conditional vhost_path parsing
* Parenthesis
* Fix merge leftovers
* Fix to work with the recent changes to new file creation
* Added fix and tests for non-symlink vhost in sites-enabled
* Made vhostroot parameter for ApacheParser optional, and removed extra_path
* Respect vhost-root, and add Include statements to root configuration if needed
* Fixed site enabling order to prevent apache restart error while enabling mod_ssl
* Don't exclude Ubuntu / Debian vhost-root cli argument
* Changed the SSL vhost directory selection priority
* Requested fixes for paths and vhost discovery
* Make sure the Augeas DOM is written to disk before loading new files
* Actual checking for if the file is parsed within existing Apache configuration
* Fix the order of dummy SSL directives addition and enabling modules
* Restructured site_enabled checks
* Enabling vhost correctly for non-debian systems
* Rename plugins.common.install_ssl_options_conf to plugins.common.install_version_controlled_file
* Install ssl_dhparams file
* Add installation test
* Add ssl_dhparam option when making a server block ssl
* add install_ssl_dhparams to Installer common plugin class
* Remove redundant code and tests
* update MANIFEST.in
* Addressing #4071 Wrote an ImmutableReturnMixin to prevent developers overriding return_value in certain Mock objects
* Language
* Loosening the assumption that underlying _mock objects need to be Immutable-like simplifies implementation
* Addressing #4071
* Ensure side_effects and return_values are pushed down to the underlying _mock in FreezableMocks. And IDisplay mocks are no longer frozen in _create_get_utility_mock()
* Edit a handful of tests to not override the mock_get_utility return_value
* Brief explainer of FreezableMock.__setattr__
* Incorporating PR feedback and some compatibility
* FreezableMock __getattr__ needs a shortcut in case of return_value or side_effect
* Changing return_value only forbidden if set before freezing
* Remove unnecessary else block
* Expanded doc strings
* Bring a couple new tests in line with patch_get_utility() norms
* Case sensitivity fixes
* Clean up merge leftovers
* Get correct vhost paths when appending to already existing multivhost -le-ssl.conf
* Test, lint and reverter fixes
* Make py26 happy
* Removed skeletons
* Changed new vhost matching
* Added span flag for augeas init
* Extract VirtualHost using aug_span
* Removed dead code
* Fix tests to mitigate not being able to reload Augeas span values after write
* Small fixes and test coverage
* Implementing changes requested in review
* Don't filter vhosts on path if you've done so already
* add get_internal_aug_path
* Use relative augeas paths to determine if a file contains multiple virtual hosts
* get through parsing
* not slice
* add mult vhost per file
* idx line backwards
* blocks be wrong
* always close ifmod
* let's not mess up indexes
* don't double add multi
* fix some lint, only dedupe multi
* tests
* fix lint
* in progress bit flip
* try to pick the right vhost
* take Dominic's suggestion
* don't redo search
* add ancestor
* we now support multiple vhosts
* yay
* add docstrings
Fixes#3996.
I'm pretty confident this PR solves the problem. I've audited all calls to IDisplay methods and the assertions done in certbot.display.util are now done in all our unit tests.
With that said, it wouldn't hurt to have someone else double check I didn't miss anything. The easiest way to do this is to grep for IDisplay in our code and ensure all calls to IDisplay methods are valid. This means every method call other than notification (because a notification call is always OK) either provides a value for default or force_interactive. This is defined in interfaces.py.
I've also been considering removing the assertion that's been causing us trouble here from our release. The only argument I have for not doing so is it may hinder 3rd party plugin development. When they use IDisplay, they have the same problem as we do with prompting users without a TTY. Not keeping this assertion in makes it more likely they won't notice the issue and Certbot will crash on an unsuspecting user.
With that said, none of our known 3rd party plugins use IDisplay at all.
* Provide force_interactive in _get_certname
* Use force_interactive when asking for webroot
* Factor IDisplay assertion into it's own function
* Add util.patch_get_utility()
* Allow custom path to patch_get_utiity
* Change GetEmailTest to use patch_get_utility
* Use new_callable to create new objects
* Modify tests to use patch_get_utility
* Improve FreezableMock documentation
* Add user facing error to TTY magic
* Comment out assert_valid_call
* Add test_input_assertion_fail2()
* correctly match * and ? in ServerAlias directives
* update Apache wildcard test
* Consolidate wildcard matching and remove bad test
* Test Apache vhost selection with wildcards
* Added few more tests to proof vhost selection
* Parallalelise nosetests from tox
* Parallelise even more things, break even more things
* Now unbreak all the tests that aren't ready for ||ism
* Try to pass tests!
- Remove non-working hack in reporter_test
- also be selective about ||ism in the cover environment
* Try again
* certbot-apache tests also work, given enough time
* Nginx may need more time in Travis's cloud
* Unbreak reporter_test under ||ism
* More timeout
* Working again?
* This goes way faster
* Another big win
* Split a couple more large test suites
* A last improvement
* More ||ism!
* ||ise lint too
* Allow nosetests to figure out how many cores to use
* simplify merge
* Mark the new CLI tests as ||izable
* Simplify reporter_test changes
* Rationalise ||ism flags
* Re-up coverage
* Clean up reporter tests
* Stop modifying testdata during tests
* remove unused os
