stack/erp5: new option to enable XML-RPC for zope

Zope no longer serve XML-RPC in ERP5, unless it is explicitly enabled using this.

stack/erp5: new option to enable XML-RPC for zope
Zope no longer serve XML-RPC in ERP5, unless it is explicitly enabled using this.
abe8f7b4 · Jérome Perrin · 10e90dee · abe8f7b4 · abe8f7b4 · abe8f7b4
Commit abe8f7b4 authored May 10, 2024 by Jérome Perrin
7 changed files
--- a/software/erp5/instance-erp5-input-schema.json
+++ b/software/erp5/instance-erp5-input-schema.json
@@ -131,6 +131,11 @@
              "default": false,
              "type": "boolean"
            },
+            "xml-rpc": {
+              "description": "Serve XML-RPC queries",
+              "default": false,
+              "type": "boolean"
+            },
            "activity-timeout": {
              "description": "Override global activity timeout",
              "type": [

--- a/software/erp5/test/test/test_erp5.py
+++ b/software/erp5/test/test/test_erp5.py
@@ -190,6 +190,19 @@ class TestDefaultParameters(ERP5InstanceTestCase, TestPublishedURLIsReachableMix
      installed['request-frontend-default']['connection-secure_access'],
      self.getRootPartitionConnectionParameterDict()['url-frontend-default'])

+  def test_xml_rpc_disabled(self):
+    param_dict = self.getRootPartitionConnectionParameterDict()
+    # don't verify certificate
+    ssl_context = ssl.create_default_context()
+    ssl_context.check_hostname = False
+    ssl_context.verify_mode = ssl.CERT_NONE
+    with xmlrpc.client.ServerProxy(
+        param_dict['family-default-v6'],
+        context=ssl_context,
+      ) as cli:
+      with self.assertRaises(xmlrpc.client.ProtocolError):
+        cli.getId()
+

 class TestExternalCaucase(ERP5InstanceTestCase, TestPublishedURLIsReachableMixin):
  """Test providing the URL of an external caucase in parameters.
@@ -654,8 +667,22 @@ class TestWatchActivities(ERP5InstanceTestCase):


 class ZopeSkinsMixin:
-  """Mixins with utility methods to test zope behaviors.
+  """Mixins with utility methods to test zope behaviors, needs XML-RPC enabled
+  for family `default`
  """
+  @classmethod
+  def getInstanceParameterDict(cls):
+    return {
+        '_':
+        json.dumps({
+            "family-override": {
+                "default": {
+                    "xml-rpc": True,
+                }
+            }
+        })
+    }
+
  @classmethod
  def _setUpClass(cls):
    super()._setUpClass()
@@ -753,6 +780,11 @@ class ZopeTestMixin(ZopeSkinsMixin, CrontabMixin):
                    "port-base":  2210,
                },
            },
+            "family-override": {
+                "default": {
+                    "xml-rpc": True
+                }
+            }
        }),
    }

@@ -1138,11 +1170,15 @@ class TestZopePublisherTimeout(ZopeSkinsMixin, ERP5InstanceTestCase):
        json.dumps({
            # a default timeout of 3
            "publisher-timeout": 3,
-            # and a family without timeout
            "family-override": {
                "no-timeout": {
+                    # and a family without timeout
                    "publisher-timeout": None,
                },
+                # enable XML-RPC for ZopeSkinsMixin
+                "default": {
+                    "xml-rpc": True,
+                }
            },
            "zope-partition-dict": {
                # a family to process activities, so that our test
@@ -1207,6 +1243,12 @@ class TestCloudooo(ZopeSkinsMixin, ERP5InstanceTestCase):
              'https://cloudooo2.example.com/',
            ],
            'cloudooo-retry-count': 123,
+            # enable XML-RPC for ZopeSkinsMixin
+            "family-override": {
+                "default": {
+                    "xml-rpc": True,
+                }
+            }
        })
    }


--- a/software/slapos-master/buildout.hash.cfg
+++ b/software/slapos-master/buildout.hash.cfg
@@ -14,7 +14,7 @@
 # not need these here).
 [template-erp5]
 filename = instance-erp5.cfg.in
-md5sum = 38eab3283d175230231c998fa4a3416e
+md5sum = d0009cd600d341935679a7fb193f34d1

 [template-balancer]
 filename = instance-balancer.cfg.in

--- a/software/slapos-master/instance-erp5.cfg.in
+++ b/software/slapos-master/instance-erp5.cfg.in
@@ -306,6 +306,7 @@ config-port-base = {{ dumps(zope_parameter_dict.get('port-base', 2200)) }}
 config-with-max-rlimit-nofile = {{ dumps(slapparameter_dict.get('with-max-rlimit-nofile', false)) }}
 {# BBB: zope_parameter_dict used to contain 'webdav', so fallback to it -#}
 config-webdav = {{ dumps(current_zope_family_override_dict.get('webdav', zope_parameter_dict.get('webdav', False))) }}
+config-xml-rpc = {{ dumps(current_zope_family_override_dict.get('xml-rpc', False)) }}
 config-publisher-timeout = {{ dumps(current_zope_family_override_dict.get('publisher-timeout', global_publisher_timeout)) }}
 config-activity-timeout = {{ dumps(current_zope_family_override_dict.get('activity-timeout', global_activity_timeout)) }}
 {%   if test_runner_enabled -%}

--- a/stack/erp5/buildout.hash.cfg
+++ b/stack/erp5/buildout.hash.cfg
@@ -74,7 +74,7 @@ md5sum = ca0cb83950dd9079cc289891cce08e76

 [template-erp5]
 filename = instance-erp5.cfg.in
-md5sum = 6f57c834eb3f774d265c3fd6661429d8
+md5sum = edce1c63c13f0d8ec477711ea646444f

 [template-zeo]
 filename = instance-zeo.cfg.in
@@ -86,7 +86,7 @@ md5sum = 0ac4b74436f554cd677f19275d18d880

 [template-zope]
 filename = instance-zope.cfg.in
-md5sum = 8725a6b42de735b64b51d9bac598f94b
+md5sum = 34da5e6d80b2992689825bb00bcd911d

 [template-balancer]
 filename = instance-balancer.cfg.in

--- a/stack/erp5/instance-erp5.cfg.in
+++ b/stack/erp5/instance-erp5.cfg.in
@@ -302,6 +302,7 @@ config-port-base = {{ dumps(zope_parameter_dict.get('port-base', 2200)) }}
 config-with-max-rlimit-nofile = {{ dumps(with_max_rlimit_nofile_enable) }}
 {# BBB: zope_parameter_dict used to contain 'webdav', so fallback to it -#}
 config-webdav = {{ dumps(current_zope_family_override_dict.get('webdav', zope_parameter_dict.get('webdav', False))) }}
+config-xml-rpc = {{ dumps(current_zope_family_override_dict.get('xml-rpc', False)) }}
 config-publisher-timeout = {{ dumps(current_zope_family_override_dict.get('publisher-timeout', global_publisher_timeout)) }}
 config-activity-timeout = {{ dumps(current_zope_family_override_dict.get('activity-timeout', global_activity_timeout)) }}
 {%   if test_runner_enabled -%}

--- a/stack/erp5/instance-zope.cfg.in
+++ b/stack/erp5/instance-zope.cfg.in
@@ -349,6 +349,7 @@ wrapped-command-line =
    --access-log-file={{ '${' ~ conf_parameter_name ~ ':z2-log}' }}
    {% if longrequest_logger_interval > 0 %} --long-request-log-file={{ '${' ~ conf_parameter_name ~ ':longrequest-logger-file}' }} {% endif %}
    {% if webdav %}-w{% endif %}
+    {% if slapparameter_dict['xml-rpc'] %}--enable-xml-rpc{% endif %}
    {% if with_max_rlimit_nofile %}--with-max-rlimit-nofile{% endif %}
    {{ ipv4 }}:${:port}
    {% if timerserver_interval %}--timerserver-interval={{ timerserver_interval }}{% endif %}