Add domains_add bulk operation

2024-09-03 20:06:10 +02:00 · 2024-05-10 18:10:52 +02:00 · 2024-05-10 18:10:52 +02:00 · 7a52066f56
commit 7a52066f56
parent 74dced9b00
3 changed files with 67 additions and 14 deletions
--- a/src/certificate.py
+++ b/src/certificate.py
@ -122,7 +122,7 @@ def certificate_install(domain_list, force=False, no_checks=False, self_signed=F
        _certificate_install_letsencrypt(domain_list, force, no_checks)


-def _certificate_install_selfsigned(domain_list, force=False):
+def _certificate_install_selfsigned(domain_list, force=False, do_regen_conf=True):
    failed_cert_install = []
    for domain in domain_list:
        operation_logger = OperationLogger(
@ -201,7 +201,7 @@ def _certificate_install_selfsigned(domain_list, force=False):
        _set_permissions(conf_file, "root", "root", 0o600)

        # Actually enable the certificate we created
-        _enable_certificate(domain, new_cert_folder)
+        _enable_certificate(domain, new_cert_folder, do_regen_conf=do_regen_conf)

        # Check new status indicate a recently created self-signed certificate
        status = _get_status(domain)
@ -627,7 +627,7 @@ def _prepare_certificate_signing_request(domain, key_file, output_folder):
    with open(csr_file, "wb") as f:
        f.write(crypto.dump_certificate_request(crypto.FILETYPE_PEM, csr))

-def _cert_exists(domain): bool
+def _cert_exists(domain) -> bool:
    cert_file = os.path.join(CERT_FOLDER, domain, "crt.pem")
    return os.path.isfile(cert_file)

@ -726,7 +726,7 @@ def _set_permissions(path, user, group, permissions):
    chmod(path, permissions)


-def _enable_certificate(domain, new_cert_folder):
+def _enable_certificate(domain, new_cert_folder, do_regen_conf=True):
    logger.debug("Enabling the certificate for domain %s ...", domain)

    live_link = os.path.join(CERT_FOLDER, domain)
@ -744,6 +744,10 @@ def _enable_certificate(domain, new_cert_folder):

    os.symlink(new_cert_folder, live_link)

+    # We are in a higher operation such as domains_add for bulk manipulation
+    # that will take care of service / hooks later
+    if not do_regen_conf: return
+
    logger.debug("Restarting services...")

    for service in ("dovecot", "metronome"):
--- a/src/domain.py
+++ b/src/domain.py
@ -240,10 +240,58 @@ def _get_parent_domain_of(domain, return_self=False, topest=False):

    return domain if return_self else None

+def domains_regen(domains: List[str]):
+    for domain in domains:
+        _force_clear_hashes([f"/etc/nginx/conf.d/{domain}.conf"])
+
+    from yunohost.app import app_ssowatconf
+    from yunohost.service import _run_service_command
+    logger.debug("Restarting services...")
+    for service in ("dovecot", "metronome"):
+        # Ugly trick to not restart metronome if it's not installed or no domain configured for XMPP
+        if service == "metronome" and (
+            os.system("dpkg --list | grep -q 'ii *metronome'") != 0
+            or not glob("/etc/metronome/conf.d/*.cfg.lua")
+        ):
+            continue
+        _run_service_command("restart", service)
+
+    if os.path.isfile("/etc/yunohost/installed"):
+        # regen nginx conf to be sure it integrates OCSP Stapling
+        # (We don't do this yet if postinstall is not finished yet)
+        # We also regenconf for postfix to propagate the SNI hash map thingy
+        regen_conf(
+            names=[
+                "nginx",
+                "metronome",
+                "dnsmasq",
+                "postfix",
+                "rspamd",
+                "mdns",
+                "dovecot",
+            ]
+        )
+        app_ssowatconf()
+        _run_service_command("reload", "nginx")
+
+# Used in tests to create many domains at once.
+# The permissions/configuration are synchronized at the end of the entire operation.
+@is_unit_operation()
+def domains_add(operation_logger, domains: List[str]):
+    for domain in domains:
+        domain_add(domain, do_regen_conf=False)
+
+    domains_regen(domains)
+
+    from yunohost.hook import hook_callback
+    for domain in domains:
+        hook_callback("post_cert_update", args=[domain])
+        hook_callback("post_domain_add", args=[domain])
+        logger.success(m18n.n("domain_created"))

@is_unit_operation(exclude=["dyndns_recovery_password"])
 def domain_add(
-    operation_logger, domain, dyndns_recovery_password=None, ignore_dyndns=False
+    operation_logger, domain, dyndns_recovery_password=None, ignore_dyndns=False, do_regen_conf=True
 ):
    """
    Create a custom domain
@ -258,7 +306,7 @@ def domain_add(
    from yunohost.app import app_ssowatconf
    from yunohost.utils.ldap import _get_ldap_interface
    from yunohost.utils.password import assert_password_is_strong_enough
-    from yunohost.certificate import _certificate_install_selfsigned
+    from yunohost.certificate import _certificate_install_selfsigned, _cert_exists
    from yunohost.utils.dns import is_yunohost_dyndns_domain

    if dyndns_recovery_password:
@ -306,7 +354,8 @@ def domain_add(
            domain=domain, recovery_password=dyndns_recovery_password
        )

-    _certificate_install_selfsigned([domain], True)
+    if not _cert_exists(domain):
+        _certificate_install_selfsigned([domain], True, do_regen_conf=False)

    try:
        attr_dict = {
@ -323,7 +372,8 @@ def domain_add(
            domain_list_cache = []

        # Don't regen these conf if we're still in postinstall
-        if os.path.exists("/etc/yunohost/installed"):
+        # or if we're in a higher operation that will take care of it, such as domains_add
+        if os.path.exists("/etc/yunohost/installed") and do_regen_conf:
            # Sometime we have weird issues with the regenconf where some files
            # appears as manually modified even though they weren't touched ...
            # There are a few ideas why this happens (like backup/restore nginx
@ -356,9 +406,9 @@ def domain_add(
            pass
        raise e

-    hook_callback("post_domain_add", args=[domain])
-
-    logger.success(m18n.n("domain_created"))
+    if do_regen_conf:
+        hook_callback("post_domain_add", args=[domain])
+        logger.success(m18n.n("domain_created"))


@is_unit_operation(exclude=["dyndns_recovery_password"])
--- a/src/tests/test_sso_and_portalapi.py
+++ b/src/tests/test_sso_and_portalapi.py
@ -6,7 +6,7 @@ import os

 from .conftest import message, raiseYunohostError, get_test_apps_dir

-from yunohost.domain import _get_maindomain, domain_add, domain_remove, domain_list
+from yunohost.domain import _get_maindomain, domain_add, domain_remove, domain_list, domains_add
 from yunohost.user import user_create, user_list, user_delete, User, users_add
 from yunohost.authenticators.ldap_ynhuser import Authenticator, SESSION_FOLDER, short_hash
 from yunohost.app import app_install, app_remove, app_setting, app_ssowatconf, app_change_url
@ -52,8 +52,7 @@ def setup_module(module):

    domainlist = domain_list()["domains"]
    domains = [ domain for domain in [ subdomain, secondarydomain ] if domain not in domainlist ]
-    for domain in domains:
-        domain_add(domain)
+    domains_add(domains)

    app_install(
        os.path.join(get_test_apps_dir(), "hellopy_ynh"),