Fixing Issues with Ballot Variables

ballot-box/main.yml

@@ -127,7 +127,7 @@
 - name: ballot-box, Key store setup (1)
   become: true
   shell:
-    cmd: openssl pkcs12 -export -in '{{ config.http.internal_tls_cert_path }}' -inkey '{{ config.http.internal_tls_cert_key_path }}' -out certs.p12 -name client -password "pass:{{ config.ballot_box.keystore_pass }}"
+    cmd: openssl pkcs12 -export -in '{{ config.http.internal_tls_cert_path }}' -inkey '{{ config.http.internal_tls_cert_key_path }}' -out certs.p12 -name client -password "pass:{{ config['ballot-box'].keystore_pass }}"
     chdir: /home/ballotbox/
 
 - name: ballot-box, Key store setup (3)
@@ -141,7 +141,7 @@
   become: true
   become_user: ballotbox
   shell:
-    cmd: yes | keytool -importkeystore -deststorepass "{{ config.ballot_box.keystore_pass }}" -destkeypass "{{ config.ballot_box.keystore_pass }}" -destkeystore keystore.jks -srckeystore certs.p12 -srcstoretype PKCS12 -srcstorepass "{{ config.ballot_box.keystore_pass }}" -alias client
+    cmd: yes | keytool -importkeystore -deststorepass "{{ config['ballot-box'].keystore_pass }}" -destkeypass "{{ config['ballot-box'].keystore_pass }}" -destkeystore keystore.jks -srckeystore certs.p12 -srcstoretype PKCS12 -srcstorepass "{{ config['ballot-box'].keystore_pass }}" -alias client
     chdir: /home/ballotbox/
 
 # Admin tool setup

ballot-box/postgres.yml

@@ -34,7 +34,7 @@
   when: config.load_balancing.is_master
   postgresql_user:
     user: ballot_box
-    password: "{{config.ballot_box.db_password}}"
+    password: "{{config['ballot-box'].db_password}}"
     port: 5432
 
 - name: ballot-box, Create Database

ballot-box/templates/.pg_service.conf

@@ -2,7 +2,7 @@
 host=localhost
 port=5432
 user=ballot_box
-password={{config.ballot_box.db_password}}
+password={{config['ballot-box'].db_password}}
 
 [iam]
 host=localhost

ballot-box/templates/application.local.conf

@@ -3,28 +3,28 @@ application.secret = "{{ config.global_secret_key }}"
 db.default.url="jdbc:postgresql://{{ config.load_balancing.slave.master_hostname if not config.load_balancing.is_master else 'localhost' }}:5432/ballot_box"
 db.default.driver="org.postgresql.Driver"
 db.default.user=ballot_box
-db.default.pass="{{config.ballot_box.db_password}}"
+db.default.pass="{{config['ballot-box'].db_password}}"
 
 app.datastore.public="/home/ballotbox/datastore/public"
 app.datastore.private="/home/ballotbox/datastore/private"
 applyEvolutions.default=true
 
-app.api.root="http://{{config.ballot_box.domain}}:{{config.ballot_box.port}}"
-app.datastore.root="http://{{config.ballot_box.domain}}:{{config.ballot_box.port}}"
-app.datastore.ssl_root="https://{{config.ballot_box.domain}}:{{config.ballot_box.ssl_port}}"
+app.api.root="http://{{config['ballot-box'].domain}}:{{config['ballot-box'].port}}"
+app.datastore.root="http://{{config['ballot-box'].domain}}:{{config['ballot-box'].port}}"
+app.datastore.ssl_root="https://{{config['ballot-box'].domain}}:{{config['ballot-box'].ssl_port}}"
 
-app.api.max_revotes={{config.ballot_box.max_revotes}}
-app.download_tally_timeout={{config.ballot_box.download_tally_timeout}}
-app.download_tally_retries={{config.ballot_box.download_tally_retries}}
+app.api.max_revotes={{config['ballot-box'].max_revotes}}
+app.download_tally_timeout={{config['ballot-box'].download_tally_timeout}}
+app.download_tally_retries={{config['ballot-box'].download_tally_retries}}
 
-{% if config.ballot_box.enforce_state_controls %}
+{% if config['ballot-box'].enforce_state_controls %}
 elections.enforceStateControls = true
 {% else %}
 elections.enforceStateControls = false
 {% endif %}
 
 app.callbacks = {
-{% for callback in config.ballot_box.callbacks %}
+{% for callback in config['ballot-box'].callbacks %}
 
     {% if 'vote' == callback.name %}
       {% if 'default' == callback.mode %}
@@ -47,7 +47,7 @@ app.callbacks = {
 
 }
 
-{% if config.ballot_box.always_publish %}
+{% if config['ballot-box'].always_publish %}
 app.always_publish=true
 {% else %}
 app.always_publish=false
@@ -97,7 +97,7 @@ election.limits {
 # subelections is not checked, and that is why support for virtual elections
 # is disabled by default and should only be enabled in dedicated
 # installations.
-{% if config.ballot_box.virtualElectionsAllowed %}
+{% if config['ballot-box'].virtualElectionsAllowed %}
 election.virtualElectionsAllowed=true
 {% else %}
 election.virtualElectionsAllowed=false
@@ -117,7 +117,7 @@ app.authorities = {
 }
 
 app.trustee_users = {
-{% for trustee in config.ballot_box.trustee_users %}
+{% for trustee in config['ballot-box'].trustee_users %}
 
   {{ trustee.username }} = {
     authority_id = "{{ trustee.authority_id }}",
@@ -129,20 +129,20 @@ app.trustee_users = {
 
 app.eopeers.dir=/etc/eopeers/
 
-elections.auth.secret="{{config.ballot_box.shared_secret}}"
+elections.auth.secret="{{config['ballot-box'].shared_secret}}"
 elections.auth.expiry={{config.iam.auth_token_expiration_seconds}}
 elections.auth.admin_expiry={{config.iam.admin_auth_token_expiration_seconds}}
 
 ws.ssl {
   loose.disableHostnameVerification=true
   keyManager = {
     stores = [
-      { type = "JKS", path = "/home/ballotbox/keystore.jks", password = "{{ config.ballot_box.keystore_pass }}" }
+      { type = "JKS", path = "/home/ballotbox/keystore.jks", password = "{{ config['ballot-box'].keystore_pass }}" }
     ]
   }
   trustManager = {
     stores = [
-      { type = "JKS", path = "/home/ballotbox/keystore.jks", password = "{{ config.ballot_box.keystore_pass }}" }
+      { type = "JKS", path = "/home/ballotbox/keystore.jks", password = "{{ config['ballot-box'].keystore_pass }}" }
     ]
   }
 }
@@ -165,4 +165,4 @@ share_social {
 ehcacheplugin=disabled
 memcached.host="127.0.0.1:11211"
 logger.memcached=WARN
-app.cache.expiration_seconds = {{config.ballot_box.cache_expiration_seconds}}
+app.cache.expiration_seconds = {{config['ballot-box'].cache_expiration_seconds}}

ballot-box/templates/ballot-box-admin-settings.json

@@ -2,9 +2,9 @@
     "datastore": "/home/ballotbox/datastore",
     "public_ds": "/home/ballotbox/datastore/public",
     "private_ds": "/home/ballotbox/datastore/private",
-    "shared_secret": "{{ config.ballot_box.shared_secret }}",
+    "shared_secret": "{{ config['ballot-box'].shared_secret }}",
     "db_user": "ballot_box",
-    "db_password": "{{ config.ballot_box.db_password }}",
+    "db_password": "{{ config['ballot-box'].db_password }}",
     "db_name": "ballot_box",
     "db_port": 5432,
     "app_host": "{{ config.load_balancing.slave.master_hostname if not config.load_balancing.is_master else 'localhost' }}",

ballot-box/templates/nginx.conf

@@ -1,12 +1,12 @@
 
 server {
-        listen         {{config.ballot_box.port}};
-        server_name    {{config.ballot_box.domain}};
+        listen         {{config['ballot-box'].port}};
+        server_name    {{config['ballot-box'].domain}};
 
         location /public {
             root /home/ballotbox/datastore;
         }
-        # calls to keydone/tallydone should go to port {{config.ballot_box.ssl_port}}
+        # calls to keydone/tallydone should go to port {{config['ballot-box'].ssl_port}}
         # and include the client certificate
         location ~* /api/election/(.*)/(key|tally)done {
             deny all;
@@ -18,11 +18,11 @@ server {
 }
 
 server {
-    listen         {{config.ballot_box.ssl_port}};
+    listen         {{config['ballot-box'].ssl_port}};
     include        /etc/nginx/internal_secure.conf;
-    server_name    {{config.ballot_box.domain}};
+    server_name    {{config['ballot-box'].domain}};
 
-    {% if config.ballot_box.private_path_verify_ssl_client_certificate %}
+    {% if config['ballot-box'].private_path_verify_ssl_client_certificate %}
     ssl_client_certificate {{ config.http.internal_tls_calist_path }};
     ssl_verify_client on;
     {% endif %}

ballot-box/templates/test.local.conf

@@ -1,7 +1,7 @@
 db.default.url="jdbc:postgresql://localhost:5432/ballot_box"
 db.default.driver="org.postgresql.Driver"
 db.default.user=ballot_box
-db.default.pass={{config.ballot_box.db_password}}
+db.default.pass={{config['ballot-box'].db_password}}
 
 app.datastore.public="/tmp/ballot_box/datastore/public"
 app.datastore.private="/tmp/ballot_box/datastore/private"
@@ -12,20 +12,20 @@ app.datastore.ssl_root="https://{{ config.private_ipaddress }}:14453"
 
 app.eopeers.dir=/etc/eopeers/
 
-booth.auth.secret={{config.ballot_box.shared_secret}}
+booth.auth.secret={{config['ballot-box'].shared_secret}}
 elections.auth.expiry={{config.iam.auth_token_expiration_seconds}}
 elections.auth.admin_expiry={{config.iam.admin_auth_token_expiration_seconds}}
 
 ws.ssl {
   loose.disableHostnameVerification=true
   keyManager = {
     stores = [
-      { type = "JKS", path = "/home/ballotbox/keystore.jks", password = "{{ config.ballot_box.keystore_pass }}" }
+      { type = "JKS", path = "/home/ballotbox/keystore.jks", password = "{{ config['ballot-box'].keystore_pass }}" }
     ]
   }
   trustManager = {
     stores = [
-      { type = "JKS", path = "/home/ballotbox/keystore.jks", password = "{{ config.ballot_box.keystore_pass }}" }
+      { type = "JKS", path = "/home/ballotbox/keystore.jks", password = "{{ config['ballot-box'].keystore_pass }}" }
     ]
   }
 }

election-verifier/aguiconfig.yml

@@ -46,7 +46,7 @@
   replace:
     dest: /home/ui_user/{{ item }}/SequentConfig.js
     regexp: "link:.*"
-    replace: 'link: "https://{{config.ballot_box.domain}}/verifier/election-verifier",'
+    replace: 'link: "https://{{config['ballot-box'].domain}}/verifier/election-verifier",'
   with_items:
     - admin-console
     - election-portal

iam/templates/deploy.py

@@ -93,14 +93,14 @@ def on_celery_setup_logging(**kwargs):
     }
 }
 
-SHARED_SECRET = b'{{config.ballot_box.shared_secret}}'
+SHARED_SECRET = b'{{config['ballot-box'].shared_secret}}'
 
 TIMEOUT = {{config.iam.auth_token_expiration_seconds}}
 
 ADMIN_TIMEOUT = {{config.iam.admin_auth_token_expiration_seconds}}
 
 SECRET_KEY = '{{ config.global_secret_key }}'
-HOME_URL = "https://{{ config.ballot_box.domain }}/election/__EVENT_ID__/public/home"
+HOME_URL = "https://{{ config['ballot-box'].domain }}/election/__EVENT_ID__/public/home"
 
 ADMIN_AUTH_ID = 1
 
@@ -156,13 +156,13 @@ def on_celery_setup_logging(**kwargs):
 
 SMS_BASE_TEMPLATE = """{{config.iam.sms.base_template}}"""
 
-SMS_AUTH_CODE_URL = "https://{{ config.ballot_box.domain }}/election/__EVENT_ID__/public/login/__RECEIVER__"
+SMS_AUTH_CODE_URL = "https://{{ config['ballot-box'].domain }}/election/__EVENT_ID__/public/login/__RECEIVER__"
 
 {% endif %}
 
 {% if config.iam.email.enabled %}
 from django.core.mail.utils import DNS_NAME
-DNS_NAME._fqdn = "{{ config.ballot_box.domain }}"
+DNS_NAME._fqdn = "{{ config['ballot-box'].domain }}"
 
 DEFAULT_FROM_EMAIL = "{{config.iam.email.default_from_email}}"
 
@@ -174,9 +174,9 @@ def on_celery_setup_logging(**kwargs):
 
 EMAIL_BASE_TITLE_TEMPLATE = """{{config.iam.email.base_title_template}}"""
 
-EMAIL_AUTH_CODE_URL = "https://{{ config.ballot_box.domain }}/election/__EVENT_ID__/public/login/__RECEIVER__"
+EMAIL_AUTH_CODE_URL = "https://{{ config['ballot-box'].domain }}/election/__EVENT_ID__/public/login/__RECEIVER__"
 
-{% if config.ballot_box.enforce_state_controls %}
+{% if config['ballot-box'].enforce_state_controls %}
 ENFORCE_STATE_CONTROLS = True
 {% else %}
 ENFORCE_STATE_CONTROLS = False
@@ -219,9 +219,9 @@ def on_celery_setup_logging(**kwargs):
 
 ]
 
-OTL_URL = "https://{{ config.ballot_box.domain }}/election/__EVENT_ID__/public/otl/__SECRET__"
+OTL_URL = "https://{{ config['ballot-box'].domain }}/election/__EVENT_ID__/public/otl/__SECRET__"
 
-ALT_AUTH_BASE_URL = "https://{{ config.ballot_box.domain }}/election/__EVENT_ID__/public/login-alt/__AUTH_METHOD_ID__"
+ALT_AUTH_BASE_URL = "https://{{ config['ballot-box'].domain }}/election/__EVENT_ID__/public/login-alt/__AUTH_METHOD_ID__"
 
 # This is the command to be executed to launch a self-test
 TASK_SELF_TEST_COMMAND = [

misc-tools/templates/eoconf.json

@@ -5,7 +5,7 @@
     "PRIVATE_IP_ADDRESS": "{{ config.private_ipaddress }}",
     "HOSTNAME": "{{ config.hostname }}",
     "PORT": {{ config.election_orchestra.port }},
-    "KEYSTORE_PASS": "{{ config.ballot_box.keystore_pass }}",
+    "KEYSTORE_PASS": "{{ config['ballot-box'].keystore_pass }}",
     "TLS_CERT_PATH": "{{ config.http.internal_tls_cert_path }}",
     "TLS_CERT_KEY_PATH": "{{ config.http.internal_tls_cert_key_path }}",
     "TLS_CALIST_PATH": "{{ config.http.internal_tls_calist_path }}"

oneserver/templates/oneserver.conf

@@ -16,7 +16,7 @@
 {% if not config.load_balancing.enabled or config.load_balancing.use_https %}
 server {
      listen      80;
-     server_name    {{ config.ballot_box.domain }};
+     server_name    {{ config['ballot-box'].domain }};
      ## redirect http to https ##
      rewrite ^ https://$server_name$request_uri? permanent;
 }
@@ -30,7 +30,7 @@ server {
     listen              80;
     {% endif %}
 
-    server_name         {{ config.ballot_box.domain }};
+    server_name         {{ config['ballot-box'].domain }};
 
     {% if config.load_balancing.enabled %}
     set_real_ip_from   {{ config.load_balancing.loadbalancers_cidr }};
@@ -45,7 +45,7 @@ server {
     # cache config
     proxy_cache_key         "$scheme$host$uri$is_args$args";
     proxy_cache             STATIC;
-    proxy_cache_valid       any {{ config.ballot_box.cache_expiration_seconds }}s;
+    proxy_cache_valid       any {{ config['ballot-box'].cache_expiration_seconds }}s;
     proxy_cache_min_uses    3;
     proxy_cache_bypass      $http_authorization;
     proxy_cache_use_stale   error timeout updating http_500 http_502 http_503 http_504;
@@ -244,15 +244,15 @@ server {
         {% endif %}
 
 
-        proxy_pass http://127.0.0.1:{{ config.ballot_box.port }}/;
+        proxy_pass http://127.0.0.1:{{ config['ballot-box'].port }}/;
         proxy_set_header Host $host;
         proxy_set_header X-Real-IP $remote_addr;
         proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
 
-        {% for allow_ip in config.ballot_box.ips.allow %}
+        {% for allow_ip in config['ballot-box'].ips.allow %}
         allow {{allow_ip}};
         {% endfor %}
-        {% for deny_ip in config.ballot_box.ips.deny %}
+        {% for deny_ip in config['ballot-box'].ips.deny %}
         deny {{deny_ip}};
         {% endfor %}
     }
@@ -263,7 +263,7 @@ server {
         limit_req zone=admin_api {{config.hardening.nginx_rate_limit.static_files_config}};
         {% endif %}
 
-        proxy_pass http://127.0.0.1:{{ config.ballot_box.port }}/;
+        proxy_pass http://127.0.0.1:{{ config['ballot-box'].port }}/;
         proxy_set_header Host $host;
         proxy_set_header X-Real-IP $remote_addr;
         proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
@@ -274,10 +274,10 @@ server {
         {% endfor %}
         {% endif %}
 
-        {% for allow_ip in config.ballot_box.ips.allow %}
+        {% for allow_ip in config['ballot-box'].ips.allow %}
         allow {{allow_ip}};
         {% endfor %}
-        {% for deny_ip in config.ballot_box.ips.deny %}
+        {% for deny_ip in config['ballot-box'].ips.deny %}
         deny {{deny_ip}};
         {% endfor %}
     }

sequent-ui/repo.yml

@@ -89,15 +89,15 @@
     replace: '{{ item.replace }}'
   with_items:
     - regexp: 'baseUrl:.*$'
-      replace: 'baseUrl: "https://{{config.ballot_box.domain}}/admin-api/elections/api/",'
+      replace: 'baseUrl: "https://{{config['ballot-box'].domain}}/admin-api/elections/api/",'
     - regexp: 'publicURL:.*$'
-      replace: 'publicURL: "https://{{config.ballot_box.domain}}/admin-api/elections/public/",'
+      replace: 'publicURL: "https://{{config['ballot-box'].domain}}/admin-api/elections/public/",'
     - regexp: 'authAPI:.*$'
-      replace: 'authAPI: "https://{{config.ballot_box.domain}}/admin-api/iam/api/",'
+      replace: 'authAPI: "https://{{config['ballot-box'].domain}}/admin-api/iam/api/",'
     - regexp: 'dnieUrl:.*$'
-      replace: 'dnieUrl: "https://{{config.ballot_box.domain}}/admin-api/iam/api/authmethod/dnie/auth/",'
+      replace: 'dnieUrl: "https://{{config['ballot-box'].domain}}/admin-api/iam/api/authmethod/dnie/auth/",'
     - regexp: 'electionsAPI:.*$'
-      replace: 'electionsAPI: "https://{{config.ballot_box.domain}}/admin-api/elections/api/",'
+      replace: 'electionsAPI: "https://{{config['ballot-box'].domain}}/admin-api/elections/api/",'
 
 # this is not slow because yarn caches dependencies
 - name: sequent-ui, removing node_modules directory to start fresh