caddy-frontend: Publish kedifa-caucase-url

It is needed by users to check certificate of KeDiFa while uploading
certificates.

software/caddy-frontend/buildout.hash.cfg

@@ -38,7 +38,7 @@ md5sum = 54ae95597a126ae552c3a913ddf29e5e
 
 [template-replicate-publish-slave-information]
 filename = templates/replicate-publish-slave-information.cfg.in
-md5sum = 38e9994be01ea1b8a379f8ff7aa05438
+md5sum = eb9ca67763d60843483d95dab2c301b1
 
 [template-caddy-frontend-configuration]
 filename = templates/Caddyfile.in
@@ -110,4 +110,4 @@ md5sum = 38792c2dceae38ab411592ec36fff6a8
 
 [template-kedifa]
 filename = instance-kedifa.cfg.in
-md5sum = cc6f32656e76f4b79b5e47567b930f74
+md5sum = 2eecc01a16f6ae156c3a7889eef42c34

software/caddy-frontend/instance-kedifa.cfg.in

@@ -222,6 +222,7 @@ hash-files = ${buildout:directory}/software_release/buildout.cfg
 {%-   do slave_dict.__setitem__('key-generate-auth-url', 'https://[${kedifa-config:ip}]:${kedifa-config:port}/${%s-auth-random:passwd}/generateauth' % (slave_reference,)) -%}
 {%-   do slave_dict.__setitem__('key-upload-url', 'https://[${kedifa-config:ip}]:${kedifa-config:port}/${%s-auth-random:passwd}?auth=' % (slave_reference,)) -%}
 {%-   do slave_dict.__setitem__('key-download-url', 'https://[${kedifa-config:ip}]:${kedifa-config:port}/${%s-auth-random:passwd}' % (slave_reference,)) -%}
+{%-   do slave_dict.__setitem__('kedifa-caucase-url', caucase_url ) -%}
 {%-   do slave_kedifa_information.__setitem__(slave_reference, slave_dict) %}
 [{{ slave_reference }}-auth-random-generate]
 recipe = plone.recipe.command

software/caddy-frontend/instance-slave-output-schema.json

@@ -45,6 +45,10 @@
     "warning-list": {
       "description": "List of warning found during the request.",
       "type": "array"
+    },
+    "kedifa-caucase-url": {
+      "description": "URL to caucase used by KeDiFa",
+      "type": "string"
     }
   },
   "type": "object"

software/caddy-frontend/templates/replicate-publish-slave-information.cfg.in

@@ -48,6 +48,7 @@
 {%     endif %}
 {%     do slave_information_dict[slave_reference].__setitem__('key-generate-auth-url', kedifa_dict['key-generate-auth-url']) %}
 {%     do slave_information_dict[slave_reference].__setitem__('key-upload-url', kedifa_dict['key-upload-url']) %}
+{%     do slave_information_dict[slave_reference].__setitem__('kedifa-caucase-url', kedifa_dict['kedifa-caucase-url']) %}
 {%   endif %}
 {% endfor %}
 

software/caddy-frontend/test/test.py

@@ -469,6 +469,12 @@ class HttpFrontendTestCase(SlapOSInstanceTestCase):
       base + r'\?auth=$'
     )
 
+    kedifa_caucase_url = parameter_dict.pop('kedifa-caucase-url')
+    self.assertEqual(
+      kedifa_caucase_url,
+      'http://[%s]:%s' % (SLAPOS_TEST_IPV6, CAUCASE_PORT),
+    )
+
     return generate_auth_url, upload_url
 
   def assertKeyWithPop(self, key, d):
@@ -546,8 +552,6 @@ class TestMasterRequest(HttpFrontendTestCase, TestDataMixin):
       {
         'monitor-base-url': None,
         'domain': 'None',
-        'kedifa-caucase-url': 'http://[%s]:%s' % (
-           SLAPOS_TEST_IPV6, CAUCASE_PORT),
         'accepted-slave-amount': '0',
         'rejected-slave-amount': '0',
         'slave-amount': '0',
@@ -580,8 +584,6 @@ class TestMasterRequestDomain(HttpFrontendTestCase, TestDataMixin):
       {
         'monitor-base-url': None,
         'domain': 'example.com',
-        'kedifa-caucase-url': 'http://[%s]:%s' % (
-           SLAPOS_TEST_IPV6, CAUCASE_PORT),
         'accepted-slave-amount': '0',
         'rejected-slave-amount': '0',
         'slave-amount': '0',
@@ -1229,8 +1231,6 @@ http://apachecustomhttpsaccepted.example.com:%%(http_port)s {
       'accepted-slave-amount': '48',
       'rejected-slave-amount': '4',
       'slave-amount': '52',
-      'kedifa-caucase-url': 'http://[%s]:%s' % (
-        SLAPOS_TEST_IPV6, CAUCASE_PORT),
       'rejected-slave-dict': {
         "_apache_custom_http_s-rejected": ["slave not authorized"],
         "_caddy_custom_http_s": ["slave not authorized"],
@@ -3714,8 +3714,6 @@ class TestMalformedBackenUrlSlave(SlaveHttpFrontendTestCase,
       'domain': 'example.com',
       'accepted-slave-amount': '1',
       'rejected-slave-amount': '2',
-      'kedifa-caucase-url': 'http://[%s]:%s' % (
-         SLAPOS_TEST_IPV6, CAUCASE_PORT),
       'slave-amount': '3',
       'rejected-slave-dict': {
         '_https-url': ['slave https-url "https://[fd46::c2ae]:!py!u\'123123\'"'
@@ -3983,8 +3981,6 @@ class TestSlaveBadParameters(SlaveHttpFrontendTestCase, TestDataMixin):
     expected_parameter_dict = {
       'monitor-base-url': None,
       'domain': 'example.com',
-      'kedifa-caucase-url': 'http://[%s]:%s' % (
-         SLAPOS_TEST_IPV6, CAUCASE_PORT),
       'accepted-slave-amount': '8',
       'rejected-slave-amount': '2',
       'slave-amount': '10',
@@ -4350,8 +4346,6 @@ class TestDuplicateSiteKeyProtection(SlaveHttpFrontendTestCase, TestDataMixin):
     expected_parameter_dict = {
       'monitor-base-url': None,
       'domain': 'example.com',
-      'kedifa-caucase-url': 'http://[%s]:%s' % (
-         SLAPOS_TEST_IPV6, CAUCASE_PORT),
       'accepted-slave-amount': '1',
       'rejected-slave-amount': '3',
       'slave-amount': '4',
@@ -4794,8 +4788,6 @@ class TestSlaveSlapOSMasterCertificateCompatibility(
         u"_ssl_key-ssl_crt-unsafe":
         [u"slave ssl_key and ssl_crt does not match"]
       },
-      'kedifa-caucase-url': 'http://[%s]:%s' % (
-         SLAPOS_TEST_IPV6, CAUCASE_PORT),
       'warning-list': [
         u'apache-certificate is obsolete, please use master-key-upload-url',
         u'apache-key is obsolete, please use master-key-upload-url',
@@ -5479,8 +5471,6 @@ class TestSlaveSlapOSMasterCertificateCompatibilityUpdate(
       'rejected-slave-amount': '0',
       'rejected-slave-dict': {},
       'slave-amount': '1',
-      'kedifa-caucase-url': 'http://[%s]:%s' % (
-         SLAPOS_TEST_IPV6, CAUCASE_PORT),
       'warning-list': [
         u'apache-certificate is obsolete, please use master-key-upload-url',
         u'apache-key is obsolete, please use master-key-upload-url',