Fixes #4708, adds sdconfig prompt for v2/v3 services #4710
Conversation
kushaldas
force-pushed
the
ask_all_questions
branch
2 times, most recently
from
392b413 to
e68c745
Compare
kushaldas
requested review from
emkll,
heartsucker,
msheiny and
redshiftzero
as code owners
kushaldas
force-pushed
the
ask_all_questions
branch
3 times, most recently
from
c52d918 to
eebe892
Compare
Codecov Report
@@ Coverage Diff @@
## develop #4710 +/- ##
========================================
Coverage 81.61% 81.61%
========================================
Files 49 49
Lines 3416 3416
Branches 391 391
========================================
Hits 2788 2788
Misses 535 535
Partials 93 93Continue to review full report at Codecov.
|
admin/securedrop_admin/__init__.py
Outdated
| lambda x: x.lower() == 'yes', | ||
| lambda config: True], | ||
| ['v3_onion_services', self.check_for_v3_onion, bool, | ||
| u'Do you want to enable new v3 onion services?', |
There was a problem hiding this comment.
Do you want to enable new v3 onion services? -> Do you want to enable v3 onion services (recommended)?
admin/securedrop_admin/__init__.py
Outdated
| @@ -403,6 +422,16 @@ def __init__(self, args): | |||
| SiteConfig.ValidateLocales(self.args.app_path), | |||
| string.split, | |||
| lambda config: True], | |||
| ['v2_onion_services', self.check_for_v2_onion(), bool, | |||
| u'Do you want to enable v2 onion services?', | |||
There was a problem hiding this comment.
Do you want to enable v2 onion services? -> Do you want to enable v2 onion services (recommended only for SecureDrop instances installed before 1.0.0)?
admin/securedrop_admin/__init__.py
Outdated
| # is already disabled. | ||
| if text == 'no' and \ | ||
| not self.caller._config.get("v2_onion_services"): | ||
| raise ValidationError(message="Must be yes as you disabled v2") |
There was a problem hiding this comment.
Must be yes as you disabled v2 -> Since you disabled v2 onion services, you must enable v3 onion services.
|
|
||
| def user_prompt_config(self): | ||
| config = {} | ||
| self._config = {} | ||
| for desc in self.desc: | ||
| (var, default, type, prompt, validator, transform, |
There was a problem hiding this comment.
I know this is not in the diff but the variable names here are uninformative (since not in the diff, not requesting changing, just noting), e.g. var, desc, condition in particular
There was a problem hiding this comment.
That is the old code :) I am trying not to modify anything which does not require for this issue. We can do code cleanup, but, in a future PR.
| SiteConfig.ValidateYesNo(), | ||
| lambda x: x.lower() == 'yes', | ||
| lambda config: True], | ||
| ['v3_onion_services', self.check_for_v3_onion, bool, |
There was a problem hiding this comment.
Hmm do we need the check_for_v3_onion method? It seems like we could remove the method and just have this be True?
There was a problem hiding this comment.
@redshiftzero This dynamic function checks if the user input for v2_onion_services was no, and then v3_onion_services is must to yes. But, if v2_onion_servies was set to yes, and previously the admin set v3_onion_service to no, then it will show no as default value.
|
Have not given a full review here yet, but I see @redshiftzero was kind enough to stop by with a few requests. Please address @redshiftzero's comments when you log in, @kushaldas, and I can follow up with another round when you're satisfied. |
admin/securedrop_admin/__init__.py
Outdated
| @@ -261,6 +278,8 @@ def validate(self, document): | |||
| def __init__(self, args): | |||
| self.args = args | |||
| self.config = {} | |||
| # This is to hold runtime configuration before save | |||
| self._config = {} | |||
There was a problem hiding this comment.
we should rename this before merge to something more expressive
There was a problem hiding this comment.
Reasonable; I was going to suggest _config_in_progress.
There was a problem hiding this comment.
Just pick one and change every where (including tests). I don't want to do it at 1:30AM :)
|
Functionally, works as described. Will push up a small change to make variable names more explicit, as discussed above. |
There was a problem hiding this comment.
Approving for merge. Confirmed the following:
- running sdconfig with no site-specific config (i.e. fresh install) defaults to no-v2, yes-v3
- running sdconfig with existing site-specific config (i.e. existing install) defaults to yes-v2, yes-v2
- running sdconfig and setting "no" to both v2 & v3 raises a blocking error, preventing broken config
Added a single dev-oriented commit, fine to merge after tests pass.
|
Seeing a rather perplexing CI error in the |
Now it asks if the admin wants to enable v2 or v3 services. It will not let you to disable v3 if you already disabled v2.
We now have two more integration tests to verify that we can have "enabled v2 and disabled v3" and both versions enabled at the same time.
conorsch
force-pushed
the
ask_all_questions
branch
from
f46ebda to
968ee87
Compare
There's already a `.config` attribute in the sdconfig flow, so let's rename `._config` -> `._config_in_progress` to make the intended use case explicit to future maintainers. The contents of the _config_in_progress dict are consulted during validation steps as part of `sdconfig`.
conorsch
force-pushed
the
ask_all_questions
branch
from
968ee87 to
36ea430
Compare
conorsch
dismissed
redshiftzero’s stale review
Changes requested by @redshiftzero have been implemented
Now it asks if the admin wants to enable v2 or v3 services.
It will not let you to disable v3 if you already disabled v2.
Status
Work in progress
Description of Changes
Fixes #4708
./securedrop-admin sdconfignow asks for admin input to set to enable v2 and v3 onion services.Testing
A few scenarios.
noforv3_onion_servicesv2, andv3. It will not let do v3 asnoif you already disabledv2install_files/ansible-base/group_vars/all/site-specificfile), by defaultv2_onion_servicesshould ask asnoandv3_onion_servicesshould giveyesas default value.Note: I could not write/upgrade integration tests for this yet.
Checklist
If you made changes to the server application code:
make lint) and tests (make -C securedrop test) pass in the development containerIf you made changes to
securedrop-admin:make -C admin test) pass in the admin development containerIf you made changes to the system configuration:
If you made non-trivial code changes:
If you made changes to documentation:
make docs-lint) passed locally