From 8766c95c81a048a6dc550232507213c06a2e1c0c Mon Sep 17 00:00:00 2001 From: Diego Chacon Date: Sat, 17 Jun 2023 01:25:06 -0600 Subject: [PATCH 1/4] Fixing Issues with Ballot Variables --- system.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/system.yml b/system.yml index a6dae10d..23fa1ff0 100644 --- a/system.yml +++ b/system.yml @@ -30,7 +30,7 @@ become: true lineinfile: dest: /etc/hosts - line: "{{ config.private_ipaddress }} {{ config.ballot_box.domain }}" + line: line: "{{ config.private_ipaddress }} {{ config['ballot-box'].domain }}" state: present - name: System, Creating nginx group From c0cef697960336f140bc062df082a406bbea6658 Mon Sep 17 00:00:00 2001 From: Diego Chacon Date: Sat, 17 Jun 2023 01:31:27 -0600 Subject: [PATCH 2/4] Fixing Issues with Ballot Variables --- ballot-box/main.yml | 4 +-- ballot-box/postgres.yml | 2 +- ballot-box/templates/.pg_service.conf | 2 +- ballot-box/templates/application.local.conf | 32 +++++++++---------- .../templates/ballot-box-admin-settings.json | 4 +-- ballot-box/templates/nginx.conf | 12 +++---- ballot-box/templates/test.local.conf | 8 ++--- election-verifier/aguiconfig.yml | 2 +- iam/templates/deploy.py | 16 +++++----- misc-tools/templates/eoconf.json | 2 +- oneserver/templates/oneserver.conf | 18 +++++------ sequent-ui/repo.yml | 10 +++--- sequent-ui/templates/SequentConfig.js | 12 +++---- templates/cert.sh | 2 +- 14 files changed, 63 insertions(+), 63 deletions(-) diff --git a/ballot-box/main.yml b/ballot-box/main.yml index 885ba4e8..2a0e9dcc 100644 --- a/ballot-box/main.yml +++ b/ballot-box/main.yml @@ -127,7 +127,7 @@ - name: ballot-box, Key store setup (1) become: true shell: - cmd: openssl pkcs12 -export -in '{{ config.http.internal_tls_cert_path }}' -inkey '{{ config.http.internal_tls_cert_key_path }}' -out certs.p12 -name client -password "pass:{{ config.ballot_box.keystore_pass }}" + cmd: openssl pkcs12 -export -in '{{ config.http.internal_tls_cert_path }}' -inkey '{{ config.http.internal_tls_cert_key_path }}' -out certs.p12 -name client -password "pass:{{ config['ballot-box']keystore_pass }}" chdir: /home/ballotbox/ - name: ballot-box, Key store setup (3) @@ -141,7 +141,7 @@ become: true become_user: ballotbox shell: - cmd: yes | keytool -importkeystore -deststorepass "{{ config.ballot_box.keystore_pass }}" -destkeypass "{{ config.ballot_box.keystore_pass }}" -destkeystore keystore.jks -srckeystore certs.p12 -srcstoretype PKCS12 -srcstorepass "{{ config.ballot_box.keystore_pass }}" -alias client + cmd: yes | keytool -importkeystore -deststorepass "{{ config['ballot-box']keystore_pass }}" -destkeypass "{{ config['ballot-box']keystore_pass }}" -destkeystore keystore.jks -srckeystore certs.p12 -srcstoretype PKCS12 -srcstorepass "{{ config['ballot-box']keystore_pass }}" -alias client chdir: /home/ballotbox/ # Admin tool setup diff --git a/ballot-box/postgres.yml b/ballot-box/postgres.yml index a97b192d..bd961903 100644 --- a/ballot-box/postgres.yml +++ b/ballot-box/postgres.yml @@ -34,7 +34,7 @@ when: config.load_balancing.is_master postgresql_user: user: ballot_box - password: "{{config.ballot_box.db_password}}" + password: "{{config['ballot-box']db_password}}" port: 5432 - name: ballot-box, Create Database diff --git a/ballot-box/templates/.pg_service.conf b/ballot-box/templates/.pg_service.conf index bb06aed3..5d03c16c 100644 --- a/ballot-box/templates/.pg_service.conf +++ b/ballot-box/templates/.pg_service.conf @@ -2,7 +2,7 @@ host=localhost port=5432 user=ballot_box -password={{config.ballot_box.db_password}} +password={{config['ballot-box']db_password}} [iam] host=localhost diff --git a/ballot-box/templates/application.local.conf b/ballot-box/templates/application.local.conf index 946b01ef..587561fb 100644 --- a/ballot-box/templates/application.local.conf +++ b/ballot-box/templates/application.local.conf @@ -3,28 +3,28 @@ application.secret = "{{ config.global_secret_key }}" db.default.url="jdbc:postgresql://{{ config.load_balancing.slave.master_hostname if not config.load_balancing.is_master else 'localhost' }}:5432/ballot_box" db.default.driver="org.postgresql.Driver" db.default.user=ballot_box -db.default.pass="{{config.ballot_box.db_password}}" +db.default.pass="{{config['ballot-box']db_password}}" app.datastore.public="/home/ballotbox/datastore/public" app.datastore.private="/home/ballotbox/datastore/private" applyEvolutions.default=true -app.api.root="http://{{config.ballot_box.domain}}:{{config.ballot_box.port}}" -app.datastore.root="http://{{config.ballot_box.domain}}:{{config.ballot_box.port}}" -app.datastore.ssl_root="https://{{config.ballot_box.domain}}:{{config.ballot_box.ssl_port}}" +app.api.root="http://{{config['ballot-box']domain}}:{{config['ballot-box']port}}" +app.datastore.root="http://{{config['ballot-box']domain}}:{{config['ballot-box']port}}" +app.datastore.ssl_root="https://{{config['ballot-box']domain}}:{{config['ballot-box']ssl_port}}" -app.api.max_revotes={{config.ballot_box.max_revotes}} -app.download_tally_timeout={{config.ballot_box.download_tally_timeout}} -app.download_tally_retries={{config.ballot_box.download_tally_retries}} +app.api.max_revotes={{config['ballot-box']max_revotes}} +app.download_tally_timeout={{config['ballot-box']download_tally_timeout}} +app.download_tally_retries={{config['ballot-box']download_tally_retries}} -{% if config.ballot_box.enforce_state_controls %} +{% if config['ballot-box']enforce_state_controls %} elections.enforceStateControls = true {% else %} elections.enforceStateControls = false {% endif %} app.callbacks = { -{% for callback in config.ballot_box.callbacks %} +{% for callback in config['ballot-box']callbacks %} {% if 'vote' == callback.name %} {% if 'default' == callback.mode %} @@ -47,7 +47,7 @@ app.callbacks = { } -{% if config.ballot_box.always_publish %} +{% if config['ballot-box']always_publish %} app.always_publish=true {% else %} app.always_publish=false @@ -97,7 +97,7 @@ election.limits { # subelections is not checked, and that is why support for virtual elections # is disabled by default and should only be enabled in dedicated # installations. -{% if config.ballot_box.virtualElectionsAllowed %} +{% if config['ballot-box']virtualElectionsAllowed %} election.virtualElectionsAllowed=true {% else %} election.virtualElectionsAllowed=false @@ -117,7 +117,7 @@ app.authorities = { } app.trustee_users = { -{% for trustee in config.ballot_box.trustee_users %} +{% for trustee in config['ballot-box']trustee_users %} {{ trustee.username }} = { authority_id = "{{ trustee.authority_id }}", @@ -129,7 +129,7 @@ app.trustee_users = { app.eopeers.dir=/etc/eopeers/ -elections.auth.secret="{{config.ballot_box.shared_secret}}" +elections.auth.secret="{{config['ballot-box']shared_secret}}" elections.auth.expiry={{config.iam.auth_token_expiration_seconds}} elections.auth.admin_expiry={{config.iam.admin_auth_token_expiration_seconds}} @@ -137,12 +137,12 @@ ws.ssl { loose.disableHostnameVerification=true keyManager = { stores = [ - { type = "JKS", path = "/home/ballotbox/keystore.jks", password = "{{ config.ballot_box.keystore_pass }}" } + { type = "JKS", path = "/home/ballotbox/keystore.jks", password = "{{ config['ballot-box']keystore_pass }}" } ] } trustManager = { stores = [ - { type = "JKS", path = "/home/ballotbox/keystore.jks", password = "{{ config.ballot_box.keystore_pass }}" } + { type = "JKS", path = "/home/ballotbox/keystore.jks", password = "{{ config['ballot-box']keystore_pass }}" } ] } } @@ -165,4 +165,4 @@ share_social { ehcacheplugin=disabled memcached.host="127.0.0.1:11211" logger.memcached=WARN -app.cache.expiration_seconds = {{config.ballot_box.cache_expiration_seconds}} \ No newline at end of file +app.cache.expiration_seconds = {{config['ballot-box']cache_expiration_seconds}} \ No newline at end of file diff --git a/ballot-box/templates/ballot-box-admin-settings.json b/ballot-box/templates/ballot-box-admin-settings.json index f001f8e8..3b944a0f 100644 --- a/ballot-box/templates/ballot-box-admin-settings.json +++ b/ballot-box/templates/ballot-box-admin-settings.json @@ -2,9 +2,9 @@ "datastore": "/home/ballotbox/datastore", "public_ds": "/home/ballotbox/datastore/public", "private_ds": "/home/ballotbox/datastore/private", - "shared_secret": "{{ config.ballot_box.shared_secret }}", + "shared_secret": "{{ config['ballot-box']shared_secret }}", "db_user": "ballot_box", - "db_password": "{{ config.ballot_box.db_password }}", + "db_password": "{{ config['ballot-box']db_password }}", "db_name": "ballot_box", "db_port": 5432, "app_host": "{{ config.load_balancing.slave.master_hostname if not config.load_balancing.is_master else 'localhost' }}", diff --git a/ballot-box/templates/nginx.conf b/ballot-box/templates/nginx.conf index 7328ef59..b085038f 100644 --- a/ballot-box/templates/nginx.conf +++ b/ballot-box/templates/nginx.conf @@ -1,12 +1,12 @@ server { - listen {{config.ballot_box.port}}; - server_name {{config.ballot_box.domain}}; + listen {{config['ballot-box']port}}; + server_name {{config['ballot-box']domain}}; location /public { root /home/ballotbox/datastore; } - # calls to keydone/tallydone should go to port {{config.ballot_box.ssl_port}} + # calls to keydone/tallydone should go to port {{config['ballot-box']ssl_port}} # and include the client certificate location ~* /api/election/(.*)/(key|tally)done { deny all; @@ -18,11 +18,11 @@ server { } server { - listen {{config.ballot_box.ssl_port}}; + listen {{config['ballot-box']ssl_port}}; include /etc/nginx/internal_secure.conf; - server_name {{config.ballot_box.domain}}; + server_name {{config['ballot-box']domain}}; - {% if config.ballot_box.private_path_verify_ssl_client_certificate %} + {% if config['ballot-box']private_path_verify_ssl_client_certificate %} ssl_client_certificate {{ config.http.internal_tls_calist_path }}; ssl_verify_client on; {% endif %} diff --git a/ballot-box/templates/test.local.conf b/ballot-box/templates/test.local.conf index 4b2c7c27..d7dd1c94 100644 --- a/ballot-box/templates/test.local.conf +++ b/ballot-box/templates/test.local.conf @@ -1,7 +1,7 @@ db.default.url="jdbc:postgresql://localhost:5432/ballot_box" db.default.driver="org.postgresql.Driver" db.default.user=ballot_box -db.default.pass={{config.ballot_box.db_password}} +db.default.pass={{config['ballot-box']db_password}} app.datastore.public="/tmp/ballot_box/datastore/public" app.datastore.private="/tmp/ballot_box/datastore/private" @@ -12,7 +12,7 @@ app.datastore.ssl_root="https://{{ config.private_ipaddress }}:14453" app.eopeers.dir=/etc/eopeers/ -booth.auth.secret={{config.ballot_box.shared_secret}} +booth.auth.secret={{config['ballot-box']shared_secret}} elections.auth.expiry={{config.iam.auth_token_expiration_seconds}} elections.auth.admin_expiry={{config.iam.admin_auth_token_expiration_seconds}} @@ -20,12 +20,12 @@ ws.ssl { loose.disableHostnameVerification=true keyManager = { stores = [ - { type = "JKS", path = "/home/ballotbox/keystore.jks", password = "{{ config.ballot_box.keystore_pass }}" } + { type = "JKS", path = "/home/ballotbox/keystore.jks", password = "{{ config['ballot-box']keystore_pass }}" } ] } trustManager = { stores = [ - { type = "JKS", path = "/home/ballotbox/keystore.jks", password = "{{ config.ballot_box.keystore_pass }}" } + { type = "JKS", path = "/home/ballotbox/keystore.jks", password = "{{ config['ballot-box']keystore_pass }}" } ] } } diff --git a/election-verifier/aguiconfig.yml b/election-verifier/aguiconfig.yml index 0ba3f025..6c71ea3e 100644 --- a/election-verifier/aguiconfig.yml +++ b/election-verifier/aguiconfig.yml @@ -46,7 +46,7 @@ replace: dest: /home/ui_user/{{ item }}/SequentConfig.js regexp: "link:.*" - replace: 'link: "https://{{config.ballot_box.domain}}/verifier/election-verifier",' + replace: 'link: "https://{{config['ballot-box']domain}}/verifier/election-verifier",' with_items: - admin-console - election-portal diff --git a/iam/templates/deploy.py b/iam/templates/deploy.py index ca8887be..739a52a8 100644 --- a/iam/templates/deploy.py +++ b/iam/templates/deploy.py @@ -93,14 +93,14 @@ def on_celery_setup_logging(**kwargs): } } -SHARED_SECRET = b'{{config.ballot_box.shared_secret}}' +SHARED_SECRET = b'{{config['ballot-box']shared_secret}}' TIMEOUT = {{config.iam.auth_token_expiration_seconds}} ADMIN_TIMEOUT = {{config.iam.admin_auth_token_expiration_seconds}} SECRET_KEY = '{{ config.global_secret_key }}' -HOME_URL = "https://{{ config.ballot_box.domain }}/election/__EVENT_ID__/public/home" +HOME_URL = "https://{{ config['ballot-box']domain }}/election/__EVENT_ID__/public/home" ADMIN_AUTH_ID = 1 @@ -156,13 +156,13 @@ def on_celery_setup_logging(**kwargs): SMS_BASE_TEMPLATE = """{{config.iam.sms.base_template}}""" -SMS_AUTH_CODE_URL = "https://{{ config.ballot_box.domain }}/election/__EVENT_ID__/public/login/__RECEIVER__" +SMS_AUTH_CODE_URL = "https://{{ config['ballot-box']domain }}/election/__EVENT_ID__/public/login/__RECEIVER__" {% endif %} {% if config.iam.email.enabled %} from django.core.mail.utils import DNS_NAME -DNS_NAME._fqdn = "{{ config.ballot_box.domain }}" +DNS_NAME._fqdn = "{{ config['ballot-box']domain }}" DEFAULT_FROM_EMAIL = "{{config.iam.email.default_from_email}}" @@ -174,9 +174,9 @@ def on_celery_setup_logging(**kwargs): EMAIL_BASE_TITLE_TEMPLATE = """{{config.iam.email.base_title_template}}""" -EMAIL_AUTH_CODE_URL = "https://{{ config.ballot_box.domain }}/election/__EVENT_ID__/public/login/__RECEIVER__" +EMAIL_AUTH_CODE_URL = "https://{{ config['ballot-box']domain }}/election/__EVENT_ID__/public/login/__RECEIVER__" -{% if config.ballot_box.enforce_state_controls %} +{% if config['ballot-box']enforce_state_controls %} ENFORCE_STATE_CONTROLS = True {% else %} ENFORCE_STATE_CONTROLS = False @@ -219,9 +219,9 @@ def on_celery_setup_logging(**kwargs): ] -OTL_URL = "https://{{ config.ballot_box.domain }}/election/__EVENT_ID__/public/otl/__SECRET__" +OTL_URL = "https://{{ config['ballot-box']domain }}/election/__EVENT_ID__/public/otl/__SECRET__" -ALT_AUTH_BASE_URL = "https://{{ config.ballot_box.domain }}/election/__EVENT_ID__/public/login-alt/__AUTH_METHOD_ID__" +ALT_AUTH_BASE_URL = "https://{{ config['ballot-box']domain }}/election/__EVENT_ID__/public/login-alt/__AUTH_METHOD_ID__" # This is the command to be executed to launch a self-test TASK_SELF_TEST_COMMAND = [ diff --git a/misc-tools/templates/eoconf.json b/misc-tools/templates/eoconf.json index c0e29880..f6ae8303 100644 --- a/misc-tools/templates/eoconf.json +++ b/misc-tools/templates/eoconf.json @@ -5,7 +5,7 @@ "PRIVATE_IP_ADDRESS": "{{ config.private_ipaddress }}", "HOSTNAME": "{{ config.hostname }}", "PORT": {{ config.election_orchestra.port }}, - "KEYSTORE_PASS": "{{ config.ballot_box.keystore_pass }}", + "KEYSTORE_PASS": "{{ config['ballot-box']keystore_pass }}", "TLS_CERT_PATH": "{{ config.http.internal_tls_cert_path }}", "TLS_CERT_KEY_PATH": "{{ config.http.internal_tls_cert_key_path }}", "TLS_CALIST_PATH": "{{ config.http.internal_tls_calist_path }}" diff --git a/oneserver/templates/oneserver.conf b/oneserver/templates/oneserver.conf index e363a208..0dcb3f22 100644 --- a/oneserver/templates/oneserver.conf +++ b/oneserver/templates/oneserver.conf @@ -16,7 +16,7 @@ {% if not config.load_balancing.enabled or config.load_balancing.use_https %} server { listen 80; - server_name {{ config.ballot_box.domain }}; + server_name {{ config['ballot-box']domain }}; ## redirect http to https ## rewrite ^ https://$server_name$request_uri? permanent; } @@ -30,7 +30,7 @@ server { listen 80; {% endif %} - server_name {{ config.ballot_box.domain }}; + server_name {{ config['ballot-box']domain }}; {% if config.load_balancing.enabled %} set_real_ip_from {{ config.load_balancing.loadbalancers_cidr }}; @@ -45,7 +45,7 @@ server { # cache config proxy_cache_key "$scheme$host$uri$is_args$args"; proxy_cache STATIC; - proxy_cache_valid any {{ config.ballot_box.cache_expiration_seconds }}s; + proxy_cache_valid any {{ config['ballot-box']cache_expiration_seconds }}s; proxy_cache_min_uses 3; proxy_cache_bypass $http_authorization; proxy_cache_use_stale error timeout updating http_500 http_502 http_503 http_504; @@ -244,15 +244,15 @@ server { {% endif %} - proxy_pass http://127.0.0.1:{{ config.ballot_box.port }}/; + proxy_pass http://127.0.0.1:{{ config['ballot-box']port }}/; proxy_set_header Host $host; proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; - {% for allow_ip in config.ballot_box.ips.allow %} + {% for allow_ip in config['ballot-box']ips.allow %} allow {{allow_ip}}; {% endfor %} - {% for deny_ip in config.ballot_box.ips.deny %} + {% for deny_ip in config['ballot-box']ips.deny %} deny {{deny_ip}}; {% endfor %} } @@ -263,7 +263,7 @@ server { limit_req zone=admin_api {{config.hardening.nginx_rate_limit.static_files_config}}; {% endif %} - proxy_pass http://127.0.0.1:{{ config.ballot_box.port }}/; + proxy_pass http://127.0.0.1:{{ config['ballot-box']port }}/; proxy_set_header Host $host; proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; @@ -274,10 +274,10 @@ server { {% endfor %} {% endif %} - {% for allow_ip in config.ballot_box.ips.allow %} + {% for allow_ip in config['ballot-box']ips.allow %} allow {{allow_ip}}; {% endfor %} - {% for deny_ip in config.ballot_box.ips.deny %} + {% for deny_ip in config['ballot-box']ips.deny %} deny {{deny_ip}}; {% endfor %} } diff --git a/sequent-ui/repo.yml b/sequent-ui/repo.yml index eee17c51..b0117cb8 100644 --- a/sequent-ui/repo.yml +++ b/sequent-ui/repo.yml @@ -89,15 +89,15 @@ replace: '{{ item.replace }}' with_items: - regexp: 'baseUrl:.*$' - replace: 'baseUrl: "https://{{config.ballot_box.domain}}/admin-api/elections/api/",' + replace: 'baseUrl: "https://{{config['ballot-box']domain}}/admin-api/elections/api/",' - regexp: 'publicURL:.*$' - replace: 'publicURL: "https://{{config.ballot_box.domain}}/admin-api/elections/public/",' + replace: 'publicURL: "https://{{config['ballot-box']domain}}/admin-api/elections/public/",' - regexp: 'authAPI:.*$' - replace: 'authAPI: "https://{{config.ballot_box.domain}}/admin-api/iam/api/",' + replace: 'authAPI: "https://{{config['ballot-box']domain}}/admin-api/iam/api/",' - regexp: 'dnieUrl:.*$' - replace: 'dnieUrl: "https://{{config.ballot_box.domain}}/admin-api/iam/api/authmethod/dnie/auth/",' + replace: 'dnieUrl: "https://{{config['ballot-box']domain}}/admin-api/iam/api/authmethod/dnie/auth/",' - regexp: 'electionsAPI:.*$' - replace: 'electionsAPI: "https://{{config.ballot_box.domain}}/admin-api/elections/api/",' + replace: 'electionsAPI: "https://{{config['ballot-box']domain}}/admin-api/elections/api/",' # this is not slow because yarn caches dependencies - name: sequent-ui, removing node_modules directory to start fresh diff --git a/sequent-ui/templates/SequentConfig.js b/sequent-ui/templates/SequentConfig.js index 50d00b56..1d6dd2b7 100644 --- a/sequent-ui/templates/SequentConfig.js +++ b/sequent-ui/templates/SequentConfig.js @@ -28,7 +28,7 @@ var SequentConfigData = { // 'https://foo/api/v3/' and always ends in '/'. base: '', theme: "{{ config.sequent_ui.theme }}", - baseUrl: "https://{{config.ballot_box.domain}}/elections/api/", + baseUrl: "https://{{config['ballot-box']domain}}/elections/api/", freeAuthId: 1, // Configurable Sign Up link @@ -57,10 +57,10 @@ var SequentConfigData = { preventSiteTranslation: {% if config.sequent_ui.prevent_site_translation %}true{% else %}false{% endif %}, // AuthApi base url - authAPI: "https://{{config.ballot_box.domain}}/iam/api/", - dnieUrl: "https://{{config.ballot_box.domain}}/iam/api/authmethod/dnie/auth/", + authAPI: "https://{{config['ballot-box']domain}}/iam/api/", + dnieUrl: "https://{{config['ballot-box']domain}}/iam/api/authmethod/dnie/auth/", // Agora Elections base url - electionsAPI: "https://{{config.ballot_box.domain}}/elections/api/", + electionsAPI: "https://{{config['ballot-box']domain}}/elections/api/", // Agora Admin help url helpUrl: "{{ config.sequent_ui.technology.documentation }}", @@ -94,7 +94,7 @@ var SequentConfigData = { // if true, the calculated results are always automatically published // valid values: true, false - always_publish: {% if config.ballot_box.always_publish %}true{% else %}false{% endif %}, + always_publish: {% if config['ballot-box']always_publish %}true{% else %}false{% endif %}, calculateResultsDefault: {{ config.sequent_ui.calculate_results_default }}, @@ -285,7 +285,7 @@ var SequentConfigData = { {% if config.sequent_ui.custom_public_download_url %} publicURL: "{{ config.sequent_ui.custom_public_download_url }}", {% else %} - publicURL: "https://{{config.ballot_box.domain}}/elections/public/", + publicURL: "https://{{config['ballot-box']domain}}/elections/public/", {% endif %} // if we are in debug mode or not diff --git a/templates/cert.sh b/templates/cert.sh index 129cc3bc..c92dde6b 100644 --- a/templates/cert.sh +++ b/templates/cert.sh @@ -23,7 +23,7 @@ OU="{{ config.cert.OU }}" HOST=$(hostname) CN=$(hostname) EMAIL={{ config.cert.EMAIL }} -DNS1={{ config.ballot_box.domain }} +DNS1={{ config['ballot-box']domain }} CERT_DIR="/srv/certs/selfsigned" CERT_PREFIX="cert" From 24a87d7278d32e098ea5f88c26b946e3a875e308 Mon Sep 17 00:00:00 2001 From: Diego Chacon Date: Sat, 17 Jun 2023 01:40:22 -0600 Subject: [PATCH 3/4] Fixing Issues with Ballot Variables --- ballot-box/main.yml | 4 +-- ballot-box/postgres.yml | 2 +- ballot-box/templates/.pg_service.conf | 2 +- ballot-box/templates/application.local.conf | 32 +++++++++---------- .../templates/ballot-box-admin-settings.json | 4 +-- ballot-box/templates/nginx.conf | 12 +++---- ballot-box/templates/test.local.conf | 8 ++--- election-verifier/aguiconfig.yml | 2 +- iam/templates/deploy.py | 16 +++++----- misc-tools/templates/eoconf.json | 2 +- oneserver/templates/oneserver.conf | 18 +++++------ sequent-ui/repo.yml | 10 +++--- sequent-ui/templates/SequentConfig.js | 12 +++---- templates/cert.sh | 2 +- 14 files changed, 63 insertions(+), 63 deletions(-) diff --git a/ballot-box/main.yml b/ballot-box/main.yml index 2a0e9dcc..cbe8bc5c 100644 --- a/ballot-box/main.yml +++ b/ballot-box/main.yml @@ -127,7 +127,7 @@ - name: ballot-box, Key store setup (1) become: true shell: - cmd: openssl pkcs12 -export -in '{{ config.http.internal_tls_cert_path }}' -inkey '{{ config.http.internal_tls_cert_key_path }}' -out certs.p12 -name client -password "pass:{{ config['ballot-box']keystore_pass }}" + cmd: openssl pkcs12 -export -in '{{ config.http.internal_tls_cert_path }}' -inkey '{{ config.http.internal_tls_cert_key_path }}' -out certs.p12 -name client -password "pass:{{ config['ballot-box'].keystore_pass }}" chdir: /home/ballotbox/ - name: ballot-box, Key store setup (3) @@ -141,7 +141,7 @@ become: true become_user: ballotbox shell: - cmd: yes | keytool -importkeystore -deststorepass "{{ config['ballot-box']keystore_pass }}" -destkeypass "{{ config['ballot-box']keystore_pass }}" -destkeystore keystore.jks -srckeystore certs.p12 -srcstoretype PKCS12 -srcstorepass "{{ config['ballot-box']keystore_pass }}" -alias client + cmd: yes | keytool -importkeystore -deststorepass "{{ config['ballot-box'].keystore_pass }}" -destkeypass "{{ config['ballot-box'].keystore_pass }}" -destkeystore keystore.jks -srckeystore certs.p12 -srcstoretype PKCS12 -srcstorepass "{{ config['ballot-box'].keystore_pass }}" -alias client chdir: /home/ballotbox/ # Admin tool setup diff --git a/ballot-box/postgres.yml b/ballot-box/postgres.yml index bd961903..264bbacc 100644 --- a/ballot-box/postgres.yml +++ b/ballot-box/postgres.yml @@ -34,7 +34,7 @@ when: config.load_balancing.is_master postgresql_user: user: ballot_box - password: "{{config['ballot-box']db_password}}" + password: "{{config['ballot-box'].db_password}}" port: 5432 - name: ballot-box, Create Database diff --git a/ballot-box/templates/.pg_service.conf b/ballot-box/templates/.pg_service.conf index 5d03c16c..e27c2c0c 100644 --- a/ballot-box/templates/.pg_service.conf +++ b/ballot-box/templates/.pg_service.conf @@ -2,7 +2,7 @@ host=localhost port=5432 user=ballot_box -password={{config['ballot-box']db_password}} +password={{config['ballot-box'].db_password}} [iam] host=localhost diff --git a/ballot-box/templates/application.local.conf b/ballot-box/templates/application.local.conf index 587561fb..a061b502 100644 --- a/ballot-box/templates/application.local.conf +++ b/ballot-box/templates/application.local.conf @@ -3,28 +3,28 @@ application.secret = "{{ config.global_secret_key }}" db.default.url="jdbc:postgresql://{{ config.load_balancing.slave.master_hostname if not config.load_balancing.is_master else 'localhost' }}:5432/ballot_box" db.default.driver="org.postgresql.Driver" db.default.user=ballot_box -db.default.pass="{{config['ballot-box']db_password}}" +db.default.pass="{{config['ballot-box'].db_password}}" app.datastore.public="/home/ballotbox/datastore/public" app.datastore.private="/home/ballotbox/datastore/private" applyEvolutions.default=true -app.api.root="http://{{config['ballot-box']domain}}:{{config['ballot-box']port}}" -app.datastore.root="http://{{config['ballot-box']domain}}:{{config['ballot-box']port}}" -app.datastore.ssl_root="https://{{config['ballot-box']domain}}:{{config['ballot-box']ssl_port}}" +app.api.root="http://{{config['ballot-box'].domain}}:{{config['ballot-box'].port}}" +app.datastore.root="http://{{config['ballot-box'].domain}}:{{config['ballot-box'].port}}" +app.datastore.ssl_root="https://{{config['ballot-box'].domain}}:{{config['ballot-box'].ssl_port}}" -app.api.max_revotes={{config['ballot-box']max_revotes}} -app.download_tally_timeout={{config['ballot-box']download_tally_timeout}} -app.download_tally_retries={{config['ballot-box']download_tally_retries}} +app.api.max_revotes={{config['ballot-box'].max_revotes}} +app.download_tally_timeout={{config['ballot-box'].download_tally_timeout}} +app.download_tally_retries={{config['ballot-box'].download_tally_retries}} -{% if config['ballot-box']enforce_state_controls %} +{% if config['ballot-box'].enforce_state_controls %} elections.enforceStateControls = true {% else %} elections.enforceStateControls = false {% endif %} app.callbacks = { -{% for callback in config['ballot-box']callbacks %} +{% for callback in config['ballot-box'].callbacks %} {% if 'vote' == callback.name %} {% if 'default' == callback.mode %} @@ -47,7 +47,7 @@ app.callbacks = { } -{% if config['ballot-box']always_publish %} +{% if config['ballot-box'].always_publish %} app.always_publish=true {% else %} app.always_publish=false @@ -97,7 +97,7 @@ election.limits { # subelections is not checked, and that is why support for virtual elections # is disabled by default and should only be enabled in dedicated # installations. -{% if config['ballot-box']virtualElectionsAllowed %} +{% if config['ballot-box'].virtualElectionsAllowed %} election.virtualElectionsAllowed=true {% else %} election.virtualElectionsAllowed=false @@ -117,7 +117,7 @@ app.authorities = { } app.trustee_users = { -{% for trustee in config['ballot-box']trustee_users %} +{% for trustee in config['ballot-box'].trustee_users %} {{ trustee.username }} = { authority_id = "{{ trustee.authority_id }}", @@ -129,7 +129,7 @@ app.trustee_users = { app.eopeers.dir=/etc/eopeers/ -elections.auth.secret="{{config['ballot-box']shared_secret}}" +elections.auth.secret="{{config['ballot-box'].shared_secret}}" elections.auth.expiry={{config.iam.auth_token_expiration_seconds}} elections.auth.admin_expiry={{config.iam.admin_auth_token_expiration_seconds}} @@ -137,12 +137,12 @@ ws.ssl { loose.disableHostnameVerification=true keyManager = { stores = [ - { type = "JKS", path = "/home/ballotbox/keystore.jks", password = "{{ config['ballot-box']keystore_pass }}" } + { type = "JKS", path = "/home/ballotbox/keystore.jks", password = "{{ config['ballot-box'].keystore_pass }}" } ] } trustManager = { stores = [ - { type = "JKS", path = "/home/ballotbox/keystore.jks", password = "{{ config['ballot-box']keystore_pass }}" } + { type = "JKS", path = "/home/ballotbox/keystore.jks", password = "{{ config['ballot-box'].keystore_pass }}" } ] } } @@ -165,4 +165,4 @@ share_social { ehcacheplugin=disabled memcached.host="127.0.0.1:11211" logger.memcached=WARN -app.cache.expiration_seconds = {{config['ballot-box']cache_expiration_seconds}} \ No newline at end of file +app.cache.expiration_seconds = {{config['ballot-box'].cache_expiration_seconds}} \ No newline at end of file diff --git a/ballot-box/templates/ballot-box-admin-settings.json b/ballot-box/templates/ballot-box-admin-settings.json index 3b944a0f..910100d7 100644 --- a/ballot-box/templates/ballot-box-admin-settings.json +++ b/ballot-box/templates/ballot-box-admin-settings.json @@ -2,9 +2,9 @@ "datastore": "/home/ballotbox/datastore", "public_ds": "/home/ballotbox/datastore/public", "private_ds": "/home/ballotbox/datastore/private", - "shared_secret": "{{ config['ballot-box']shared_secret }}", + "shared_secret": "{{ config['ballot-box'].shared_secret }}", "db_user": "ballot_box", - "db_password": "{{ config['ballot-box']db_password }}", + "db_password": "{{ config['ballot-box'].db_password }}", "db_name": "ballot_box", "db_port": 5432, "app_host": "{{ config.load_balancing.slave.master_hostname if not config.load_balancing.is_master else 'localhost' }}", diff --git a/ballot-box/templates/nginx.conf b/ballot-box/templates/nginx.conf index b085038f..33a69901 100644 --- a/ballot-box/templates/nginx.conf +++ b/ballot-box/templates/nginx.conf @@ -1,12 +1,12 @@ server { - listen {{config['ballot-box']port}}; - server_name {{config['ballot-box']domain}}; + listen {{config['ballot-box'].port}}; + server_name {{config['ballot-box'].domain}}; location /public { root /home/ballotbox/datastore; } - # calls to keydone/tallydone should go to port {{config['ballot-box']ssl_port}} + # calls to keydone/tallydone should go to port {{config['ballot-box'].ssl_port}} # and include the client certificate location ~* /api/election/(.*)/(key|tally)done { deny all; @@ -18,11 +18,11 @@ server { } server { - listen {{config['ballot-box']ssl_port}}; + listen {{config['ballot-box'].ssl_port}}; include /etc/nginx/internal_secure.conf; - server_name {{config['ballot-box']domain}}; + server_name {{config['ballot-box'].domain}}; - {% if config['ballot-box']private_path_verify_ssl_client_certificate %} + {% if config['ballot-box'].private_path_verify_ssl_client_certificate %} ssl_client_certificate {{ config.http.internal_tls_calist_path }}; ssl_verify_client on; {% endif %} diff --git a/ballot-box/templates/test.local.conf b/ballot-box/templates/test.local.conf index d7dd1c94..06931a81 100644 --- a/ballot-box/templates/test.local.conf +++ b/ballot-box/templates/test.local.conf @@ -1,7 +1,7 @@ db.default.url="jdbc:postgresql://localhost:5432/ballot_box" db.default.driver="org.postgresql.Driver" db.default.user=ballot_box -db.default.pass={{config['ballot-box']db_password}} +db.default.pass={{config['ballot-box'].db_password}} app.datastore.public="/tmp/ballot_box/datastore/public" app.datastore.private="/tmp/ballot_box/datastore/private" @@ -12,7 +12,7 @@ app.datastore.ssl_root="https://{{ config.private_ipaddress }}:14453" app.eopeers.dir=/etc/eopeers/ -booth.auth.secret={{config['ballot-box']shared_secret}} +booth.auth.secret={{config['ballot-box'].shared_secret}} elections.auth.expiry={{config.iam.auth_token_expiration_seconds}} elections.auth.admin_expiry={{config.iam.admin_auth_token_expiration_seconds}} @@ -20,12 +20,12 @@ ws.ssl { loose.disableHostnameVerification=true keyManager = { stores = [ - { type = "JKS", path = "/home/ballotbox/keystore.jks", password = "{{ config['ballot-box']keystore_pass }}" } + { type = "JKS", path = "/home/ballotbox/keystore.jks", password = "{{ config['ballot-box'].keystore_pass }}" } ] } trustManager = { stores = [ - { type = "JKS", path = "/home/ballotbox/keystore.jks", password = "{{ config['ballot-box']keystore_pass }}" } + { type = "JKS", path = "/home/ballotbox/keystore.jks", password = "{{ config['ballot-box'].keystore_pass }}" } ] } } diff --git a/election-verifier/aguiconfig.yml b/election-verifier/aguiconfig.yml index 6c71ea3e..9927703b 100644 --- a/election-verifier/aguiconfig.yml +++ b/election-verifier/aguiconfig.yml @@ -46,7 +46,7 @@ replace: dest: /home/ui_user/{{ item }}/SequentConfig.js regexp: "link:.*" - replace: 'link: "https://{{config['ballot-box']domain}}/verifier/election-verifier",' + replace: 'link: "https://{{config['ballot-box'].domain}}/verifier/election-verifier",' with_items: - admin-console - election-portal diff --git a/iam/templates/deploy.py b/iam/templates/deploy.py index 739a52a8..e1054e26 100644 --- a/iam/templates/deploy.py +++ b/iam/templates/deploy.py @@ -93,14 +93,14 @@ def on_celery_setup_logging(**kwargs): } } -SHARED_SECRET = b'{{config['ballot-box']shared_secret}}' +SHARED_SECRET = b'{{config['ballot-box'].shared_secret}}' TIMEOUT = {{config.iam.auth_token_expiration_seconds}} ADMIN_TIMEOUT = {{config.iam.admin_auth_token_expiration_seconds}} SECRET_KEY = '{{ config.global_secret_key }}' -HOME_URL = "https://{{ config['ballot-box']domain }}/election/__EVENT_ID__/public/home" +HOME_URL = "https://{{ config['ballot-box'].domain }}/election/__EVENT_ID__/public/home" ADMIN_AUTH_ID = 1 @@ -156,13 +156,13 @@ def on_celery_setup_logging(**kwargs): SMS_BASE_TEMPLATE = """{{config.iam.sms.base_template}}""" -SMS_AUTH_CODE_URL = "https://{{ config['ballot-box']domain }}/election/__EVENT_ID__/public/login/__RECEIVER__" +SMS_AUTH_CODE_URL = "https://{{ config['ballot-box'].domain }}/election/__EVENT_ID__/public/login/__RECEIVER__" {% endif %} {% if config.iam.email.enabled %} from django.core.mail.utils import DNS_NAME -DNS_NAME._fqdn = "{{ config['ballot-box']domain }}" +DNS_NAME._fqdn = "{{ config['ballot-box'].domain }}" DEFAULT_FROM_EMAIL = "{{config.iam.email.default_from_email}}" @@ -174,9 +174,9 @@ def on_celery_setup_logging(**kwargs): EMAIL_BASE_TITLE_TEMPLATE = """{{config.iam.email.base_title_template}}""" -EMAIL_AUTH_CODE_URL = "https://{{ config['ballot-box']domain }}/election/__EVENT_ID__/public/login/__RECEIVER__" +EMAIL_AUTH_CODE_URL = "https://{{ config['ballot-box'].domain }}/election/__EVENT_ID__/public/login/__RECEIVER__" -{% if config['ballot-box']enforce_state_controls %} +{% if config['ballot-box'].enforce_state_controls %} ENFORCE_STATE_CONTROLS = True {% else %} ENFORCE_STATE_CONTROLS = False @@ -219,9 +219,9 @@ def on_celery_setup_logging(**kwargs): ] -OTL_URL = "https://{{ config['ballot-box']domain }}/election/__EVENT_ID__/public/otl/__SECRET__" +OTL_URL = "https://{{ config['ballot-box'].domain }}/election/__EVENT_ID__/public/otl/__SECRET__" -ALT_AUTH_BASE_URL = "https://{{ config['ballot-box']domain }}/election/__EVENT_ID__/public/login-alt/__AUTH_METHOD_ID__" +ALT_AUTH_BASE_URL = "https://{{ config['ballot-box'].domain }}/election/__EVENT_ID__/public/login-alt/__AUTH_METHOD_ID__" # This is the command to be executed to launch a self-test TASK_SELF_TEST_COMMAND = [ diff --git a/misc-tools/templates/eoconf.json b/misc-tools/templates/eoconf.json index f6ae8303..6d0d9444 100644 --- a/misc-tools/templates/eoconf.json +++ b/misc-tools/templates/eoconf.json @@ -5,7 +5,7 @@ "PRIVATE_IP_ADDRESS": "{{ config.private_ipaddress }}", "HOSTNAME": "{{ config.hostname }}", "PORT": {{ config.election_orchestra.port }}, - "KEYSTORE_PASS": "{{ config['ballot-box']keystore_pass }}", + "KEYSTORE_PASS": "{{ config['ballot-box'].keystore_pass }}", "TLS_CERT_PATH": "{{ config.http.internal_tls_cert_path }}", "TLS_CERT_KEY_PATH": "{{ config.http.internal_tls_cert_key_path }}", "TLS_CALIST_PATH": "{{ config.http.internal_tls_calist_path }}" diff --git a/oneserver/templates/oneserver.conf b/oneserver/templates/oneserver.conf index 0dcb3f22..b47119fb 100644 --- a/oneserver/templates/oneserver.conf +++ b/oneserver/templates/oneserver.conf @@ -16,7 +16,7 @@ {% if not config.load_balancing.enabled or config.load_balancing.use_https %} server { listen 80; - server_name {{ config['ballot-box']domain }}; + server_name {{ config['ballot-box'].domain }}; ## redirect http to https ## rewrite ^ https://$server_name$request_uri? permanent; } @@ -30,7 +30,7 @@ server { listen 80; {% endif %} - server_name {{ config['ballot-box']domain }}; + server_name {{ config['ballot-box'].domain }}; {% if config.load_balancing.enabled %} set_real_ip_from {{ config.load_balancing.loadbalancers_cidr }}; @@ -45,7 +45,7 @@ server { # cache config proxy_cache_key "$scheme$host$uri$is_args$args"; proxy_cache STATIC; - proxy_cache_valid any {{ config['ballot-box']cache_expiration_seconds }}s; + proxy_cache_valid any {{ config['ballot-box'].cache_expiration_seconds }}s; proxy_cache_min_uses 3; proxy_cache_bypass $http_authorization; proxy_cache_use_stale error timeout updating http_500 http_502 http_503 http_504; @@ -244,15 +244,15 @@ server { {% endif %} - proxy_pass http://127.0.0.1:{{ config['ballot-box']port }}/; + proxy_pass http://127.0.0.1:{{ config['ballot-box'].port }}/; proxy_set_header Host $host; proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; - {% for allow_ip in config['ballot-box']ips.allow %} + {% for allow_ip in config['ballot-box'].ips.allow %} allow {{allow_ip}}; {% endfor %} - {% for deny_ip in config['ballot-box']ips.deny %} + {% for deny_ip in config['ballot-box'].ips.deny %} deny {{deny_ip}}; {% endfor %} } @@ -263,7 +263,7 @@ server { limit_req zone=admin_api {{config.hardening.nginx_rate_limit.static_files_config}}; {% endif %} - proxy_pass http://127.0.0.1:{{ config['ballot-box']port }}/; + proxy_pass http://127.0.0.1:{{ config['ballot-box'].port }}/; proxy_set_header Host $host; proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; @@ -274,10 +274,10 @@ server { {% endfor %} {% endif %} - {% for allow_ip in config['ballot-box']ips.allow %} + {% for allow_ip in config['ballot-box'].ips.allow %} allow {{allow_ip}}; {% endfor %} - {% for deny_ip in config['ballot-box']ips.deny %} + {% for deny_ip in config['ballot-box'].ips.deny %} deny {{deny_ip}}; {% endfor %} } diff --git a/sequent-ui/repo.yml b/sequent-ui/repo.yml index b0117cb8..9034e7fd 100644 --- a/sequent-ui/repo.yml +++ b/sequent-ui/repo.yml @@ -89,15 +89,15 @@ replace: '{{ item.replace }}' with_items: - regexp: 'baseUrl:.*$' - replace: 'baseUrl: "https://{{config['ballot-box']domain}}/admin-api/elections/api/",' + replace: 'baseUrl: "https://{{config['ballot-box'].domain}}/admin-api/elections/api/",' - regexp: 'publicURL:.*$' - replace: 'publicURL: "https://{{config['ballot-box']domain}}/admin-api/elections/public/",' + replace: 'publicURL: "https://{{config['ballot-box'].domain}}/admin-api/elections/public/",' - regexp: 'authAPI:.*$' - replace: 'authAPI: "https://{{config['ballot-box']domain}}/admin-api/iam/api/",' + replace: 'authAPI: "https://{{config['ballot-box'].domain}}/admin-api/iam/api/",' - regexp: 'dnieUrl:.*$' - replace: 'dnieUrl: "https://{{config['ballot-box']domain}}/admin-api/iam/api/authmethod/dnie/auth/",' + replace: 'dnieUrl: "https://{{config['ballot-box'].domain}}/admin-api/iam/api/authmethod/dnie/auth/",' - regexp: 'electionsAPI:.*$' - replace: 'electionsAPI: "https://{{config['ballot-box']domain}}/admin-api/elections/api/",' + replace: 'electionsAPI: "https://{{config['ballot-box'].domain}}/admin-api/elections/api/",' # this is not slow because yarn caches dependencies - name: sequent-ui, removing node_modules directory to start fresh diff --git a/sequent-ui/templates/SequentConfig.js b/sequent-ui/templates/SequentConfig.js index 1d6dd2b7..2a316908 100644 --- a/sequent-ui/templates/SequentConfig.js +++ b/sequent-ui/templates/SequentConfig.js @@ -28,7 +28,7 @@ var SequentConfigData = { // 'https://foo/api/v3/' and always ends in '/'. base: '', theme: "{{ config.sequent_ui.theme }}", - baseUrl: "https://{{config['ballot-box']domain}}/elections/api/", + baseUrl: "https://{{config['ballot-box'].domain}}/elections/api/", freeAuthId: 1, // Configurable Sign Up link @@ -57,10 +57,10 @@ var SequentConfigData = { preventSiteTranslation: {% if config.sequent_ui.prevent_site_translation %}true{% else %}false{% endif %}, // AuthApi base url - authAPI: "https://{{config['ballot-box']domain}}/iam/api/", - dnieUrl: "https://{{config['ballot-box']domain}}/iam/api/authmethod/dnie/auth/", + authAPI: "https://{{config['ballot-box'].domain}}/iam/api/", + dnieUrl: "https://{{config['ballot-box'].domain}}/iam/api/authmethod/dnie/auth/", // Agora Elections base url - electionsAPI: "https://{{config['ballot-box']domain}}/elections/api/", + electionsAPI: "https://{{config['ballot-box'].domain}}/elections/api/", // Agora Admin help url helpUrl: "{{ config.sequent_ui.technology.documentation }}", @@ -94,7 +94,7 @@ var SequentConfigData = { // if true, the calculated results are always automatically published // valid values: true, false - always_publish: {% if config['ballot-box']always_publish %}true{% else %}false{% endif %}, + always_publish: {% if config['ballot-box'].always_publish %}true{% else %}false{% endif %}, calculateResultsDefault: {{ config.sequent_ui.calculate_results_default }}, @@ -285,7 +285,7 @@ var SequentConfigData = { {% if config.sequent_ui.custom_public_download_url %} publicURL: "{{ config.sequent_ui.custom_public_download_url }}", {% else %} - publicURL: "https://{{config['ballot-box']domain}}/elections/public/", + publicURL: "https://{{config['ballot-box'].domain}}/elections/public/", {% endif %} // if we are in debug mode or not diff --git a/templates/cert.sh b/templates/cert.sh index c92dde6b..27487044 100644 --- a/templates/cert.sh +++ b/templates/cert.sh @@ -23,7 +23,7 @@ OU="{{ config.cert.OU }}" HOST=$(hostname) CN=$(hostname) EMAIL={{ config.cert.EMAIL }} -DNS1={{ config['ballot-box']domain }} +DNS1={{ config['ballot-box'].domain }} CERT_DIR="/srv/certs/selfsigned" CERT_PREFIX="cert" From eb1d30a562832dec3cdeacf88c29529dbb722e2a Mon Sep 17 00:00:00 2001 From: Diego Chacon Date: Sat, 17 Jun 2023 02:08:00 -0600 Subject: [PATCH 4/4] Fixing Issues with Ballot Variables --- system.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/system.yml b/system.yml index 23fa1ff0..9e788b4a 100644 --- a/system.yml +++ b/system.yml @@ -30,7 +30,7 @@ become: true lineinfile: dest: /etc/hosts - line: line: "{{ config.private_ipaddress }} {{ config['ballot-box'].domain }}" + line: "{{ config.private_ipaddress }} {{ config['ballot-box'].domain }}" state: present - name: System, Creating nginx group