def enhance_config(self, domains, config, chain_path): """Enhance the configuration. :param list domains: list of domains to configure :ivar config: Namespace typically produced by :meth:`argparse.ArgumentParser.parse_args`. it must have the redirect, hsts and uir attributes. :type namespace: :class:`argparse.Namespace` :param chain_path: chain file path :type chain_path: `str` or `None` :raises .errors.Error: if no installer is specified in the client. """ if self.installer is None: logger.warning("No installer is specified, there isn't any " "configuration to enhance.") raise errors.Error("No installer available") if config is None: logger.warning("No config is specified.") raise errors.Error("No config available") supported = self.installer.supported_enhancements() redirect = config.redirect if "redirect" in supported else False hsts = config.hsts if "ensure-http-header" in supported else False uir = config.uir if "ensure-http-header" in supported else False staple = config.staple if "staple-ocsp" in supported else False if redirect is None: redirect = enhancements.ask("redirect") if redirect: self.apply_enhancement(domains, "redirect") if hsts: self.apply_enhancement(domains, "ensure-http-header", "Strict-Transport-Security") if uir: self.apply_enhancement(domains, "ensure-http-header", "Upgrade-Insecure-Requests") if staple: self.apply_enhancement(domains, "staple-ocsp", chain_path) msg = ("We were unable to restart web server") if redirect or hsts or uir or staple: with error_handler.ErrorHandler(self._rollback_and_restart, msg): self.installer.restart()
def enhance_config(self, domains, config, chain_path): """Enhance the configuration. :param list domains: list of domains to configure :ivar config: Namespace typically produced by :meth:`argparse.ArgumentParser.parse_args`. it must have the redirect, hsts and uir attributes. :type namespace: :class:`argparse.Namespace` :param chain_path: chain file path :type chain_path: `str` or `None` :raises .errors.Error: if no installer is specified in the client. """ if self.installer is None: logger.warning("No installer is specified, there isn't any " "configuration to enhance.") raise errors.Error("No installer available") if config is None: logger.warning("No config is specified.") raise errors.Error("No config available") supported = self.installer.supported_enhancements() redirect = config.redirect if "redirect" in supported else False hsts = config.hsts if "ensure-http-header" in supported else False uir = config.uir if "ensure-http-header" in supported else False staple = config.staple if "staple-ocsp" in supported else False if redirect is None: redirect = enhancements.ask("redirect") if redirect: self.apply_enhancement(domains, "redirect") if hsts: self.apply_enhancement(domains, "ensure-http-header", "Strict-Transport-Security") if uir: self.apply_enhancement(domains, "ensure-http-header", "Upgrade-Insecure-Requests") if staple: self.apply_enhancement(domains, "staple-ocsp", chain_path) msg = ("We were unable to restart web server") if redirect or hsts or uir or staple: with error_handler.ErrorHandler(self._rollback_and_restart, msg): self.installer.restart()
def enhance_config(self, domains, chain_path, ask_redirect=True): """Enhance the configuration. :param list domains: list of domains to configure :param chain_path: chain file path :type chain_path: `str` or `None` :raises .errors.Error: if no installer is specified in the client. """ if self.installer is None: logger.warning("No installer is specified, there isn't any " "configuration to enhance.") raise errors.Error("No installer available") enhanced = False enhancement_info = ( ("hsts", "ensure-http-header", "Strict-Transport-Security"), ("redirect", "redirect", None), ("staple", "staple-ocsp", chain_path), ("uir", "ensure-http-header", "Upgrade-Insecure-Requests"), ) supported = self.installer.supported_enhancements() for config_name, enhancement_name, option in enhancement_info: config_value = getattr(self.config, config_name) if enhancement_name in supported: if ask_redirect: if config_name == "redirect" and config_value is None: config_value = enhancements.ask(enhancement_name) if not config_value: logger.warning( "Future versions of Certbot will automatically " "configure the webserver so that all requests redirect to secure " "HTTPS access. You can control this behavior and disable this " "warning with the --redirect and --no-redirect flags." ) if config_value: self.apply_enhancement(domains, enhancement_name, option) enhanced = True elif config_value: logger.warning( "Option %s is not supported by the selected installer. " "Skipping enhancement.", config_name) msg = ("We were unable to restart web server") if enhanced: with error_handler.ErrorHandler(self._rollback_and_restart, msg): self.installer.restart()
def enhance_config(self, domains, chain_path, ask_redirect=True): """Enhance the configuration. :param list domains: list of domains to configure :param chain_path: chain file path :type chain_path: `str` or `None` :raises .errors.Error: if no installer is specified in the client. """ if self.installer is None: logger.warning("No installer is specified, there isn't any " "configuration to enhance.") raise errors.Error("No installer available") enhanced = False enhancement_info = ( ("hsts", "ensure-http-header", "Strict-Transport-Security"), ("redirect", "redirect", None), ("staple", "staple-ocsp", chain_path), ("uir", "ensure-http-header", "Upgrade-Insecure-Requests"),) supported = self.installer.supported_enhancements() for config_name, enhancement_name, option in enhancement_info: config_value = getattr(self.config, config_name) if enhancement_name in supported: if ask_redirect: if config_name == "redirect" and config_value is None: config_value = enhancements.ask(enhancement_name) if not config_value: logger.warning("Future versions of Certbot will automatically " "configure the webserver so that all requests redirect to secure " "HTTPS access. You can control this behavior and disable this " "warning with the --redirect and --no-redirect flags.") if config_value: self.apply_enhancement(domains, enhancement_name, option) enhanced = True elif config_value: logger.warning( "Option %s is not supported by the selected installer. " "Skipping enhancement.", config_name) msg = ("We were unable to restart web server") if enhanced: with error_handler.ErrorHandler(self._rollback_and_restart, msg): self.installer.restart()
def _call(cls, enhancement): from certbot.display.enhancements import ask return ask(enhancement)