Commit d4f5a592 authored by Sophie Herold's avatar Sophie Herold
Browse files

Release v0.14.0

parent d17ae39d
v0.14.0
- [web] Remove X.509 support, use ACME server side instead
v0.13.0
- [dns] Adds differentiation between domains and hostnames, allowing to use
additional valid custom dns entries.
......
......@@ -161,246 +161,6 @@ Columns
.. _TABLE-web.https:
``web.https``
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
stores https information
Primary key
- identifier
- domain
- port
.. BEGIN FKs
Foreign keys
- site
Local Columns
- domain
- port
Referenced Columns
- :ref:`web.site.domain <COLUMN-web.site.domain>`
- :ref:`web.site.port <COLUMN-web.site.port>`
.. END FKs
Columns
- .. _COLUMN-web.https.backend_status:
``backend_status`` *NULL* | :ref:`backend.t_status <DOMAIN-backend.t_status>`
Status of database entry in backend. NULL: nothing pending,
'ins': entry not present on backend client, 'upd': update
pending on backend client, 'del': deletion peding on
backend client.
Default
.. code-block:: sql
'ins'
- .. _COLUMN-web.https.identifier:
``identifier`` :ref:`commons.t_key <DOMAIN-commons.t_key>`
PK
- .. _COLUMN-web.https.domain:
``domain`` :ref:`dns.t_hostname <DOMAIN-dns.t_hostname>`
Domain
- .. _COLUMN-web.https.port:
``port`` :ref:`commons.t_port <DOMAIN-commons.t_port>`
Port
- .. _COLUMN-web.https.x509_request:
``x509_request`` *NULL* | :ref:`web.t_cert <DOMAIN-web.t_cert>`
Certificate request
- .. _COLUMN-web.https.x509_certificate:
``x509_certificate`` *NULL* | :ref:`web.t_cert <DOMAIN-web.t_cert>`
Certificate
- .. _COLUMN-web.https.authority_key_identifier:
``authority_key_identifier`` *NULL* | :ref:`varchar <DOMAIN-varchar>`
Identifier of the certificate that has signed this cert.
The Authority Key Identifier allows to build the chain of trust.
See <http://www.ietf.org/rfc/rfc3280.txt>.
Hopefully there exists an entry in web.intermediate_cert
or a root certificate with an equal subjectKeyIdentifier.
Is NULL whenever x509_certificate is NULL.
.. _TABLE-web.intermediate_cert:
``web.intermediate_cert``
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Intermediate certificates
Primary key
- subject_key_identifier
.. BEGIN FKs
.. END FKs
Columns
- .. _COLUMN-web.intermediate_cert.subject_key_identifier:
``subject_key_identifier`` :ref:`varchar <DOMAIN-varchar>`
Identifies this certificate
- .. _COLUMN-web.intermediate_cert.authority_key_identifier:
``authority_key_identifier`` :ref:`varchar <DOMAIN-varchar>`
Subject key identifier of the cert that has signed this cert.
NULL is not allowed, since self signed cert do not belong into intermediate
certs.
- .. _COLUMN-web.intermediate_cert.x509_certificate:
``x509_certificate`` :ref:`web.t_cert <DOMAIN-web.t_cert>`
Intermediate certificate
.. _TABLE-web.intermediate_chain:
``web.intermediate_chain``
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
xxx
Primary key
- domain
- port
- identifier
- subject_key_identifier
.. BEGIN FKs
Foreign keys
- https cert
Local Columns
- domain
- port
- identifier
Referenced Columns
- :ref:`web.https.domain <COLUMN-web.https.domain>`
- :ref:`web.https.port <COLUMN-web.https.port>`
- :ref:`web.https.identifier <COLUMN-web.https.identifier>`
.. END FKs
Columns
- .. _COLUMN-web.intermediate_chain.domain:
``domain`` :ref:`dns.t_hostname <DOMAIN-dns.t_hostname>`
Domain
- .. _COLUMN-web.intermediate_chain.port:
``port`` :ref:`commons.t_port <DOMAIN-commons.t_port>`
Port
- .. _COLUMN-web.intermediate_chain.identifier:
``identifier`` :ref:`commons.t_key <DOMAIN-commons.t_key>`
Identifier
- .. _COLUMN-web.intermediate_chain.order:
``order`` :ref:`integer <DOMAIN-integer>`
Ordering from leaf to root
- .. _COLUMN-web.intermediate_chain.subject_key_identifier:
``subject_key_identifier`` :ref:`varchar <DOMAIN-varchar>`
SubjectKeyIdentifier
References :ref:`web.intermediate_cert.subject_key_identifier <COLUMN-web.intermediate_cert.subject_key_identifier>`
.. _TABLE-web.site:
``web.site``
......@@ -440,18 +200,6 @@ Foreign keys
- :ref:`system.subservice_entity.service <COLUMN-system.subservice_entity.service>`
- :ref:`system.subservice_entity.subservice <COLUMN-system.subservice_entity.subservice>`
- https
Local Columns
- domain
- port
- https
Referenced Columns
- :ref:`web.https.domain <COLUMN-web.https.domain>`
- :ref:`web.https.port <COLUMN-web.https.port>`
- :ref:`web.https.identifier <COLUMN-web.https.identifier>`
- server_access
Local Columns
......@@ -565,8 +313,8 @@ Columns
- .. _COLUMN-web.site.https:
``https`` *NULL* | :ref:`commons.t_key <DOMAIN-commons.t_key>`
If null, HTTPS is deactivated
``https`` :ref:`bool <DOMAIN-bool>`
HTTPS
......@@ -636,52 +384,6 @@ Execute privilege
.. _FUNCTION-web.del_intermediate_chain:
``web.del_intermediate_chain``
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
sdf
Parameters
- ``p_domain`` :ref:`dns.t_hostname <DOMAIN-dns.t_hostname>`
- ``p_port`` :ref:`commons.t_port <DOMAIN-commons.t_port>`
- ``p_identifier`` :ref:`commons.t_key <DOMAIN-commons.t_key>`
Variables defined for body
- ``v_owner`` :ref:`user.t_user <DOMAIN-user.t_user>`
Returns
void
Execute privilege
- :ref:`userlogin <ROLE-userlogin>`
.. code-block:: plpgsql
-- begin userlogin prelude
v_owner := (SELECT t.act_as FROM "user"._get_login() AS t);
-- end userlogin prelude
DELETE FROM web.intermediate_chain
WHERE
domain = p_domain AND
port = p_port AND
identifier = p_identifier;
.. _FUNCTION-web.del_site:
``web.del_site``
......@@ -733,53 +435,6 @@ Execute privilege
.. _FUNCTION-web.fwd_x509_request:
``web.fwd_x509_request``
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
x509 request
Parameters
- ``p_domain`` :ref:`dns.t_hostname <DOMAIN-dns.t_hostname>`
- ``p_port`` :ref:`commons.t_port <DOMAIN-commons.t_port>`
- ``p_identifier`` :ref:`commons.t_key <DOMAIN-commons.t_key>`
- ``p_x509_request`` :ref:`web.t_cert <DOMAIN-web.t_cert>`
- ``p_include_inactive`` :ref:`boolean <DOMAIN-boolean>`
Returns
void
Execute privilege
- :ref:`backend <ROLE-backend>`
.. code-block:: plpgsql
PERFORM backend._get_login();
UPDATE web.https
SET x509_request = p_x509_request
WHERE
domain = p_domain AND
port = p_port AND
identifier = p_identifier;
.. _FUNCTION-web.ins_alias:
``web.ins_alias``
......@@ -846,153 +501,7 @@ Execute privilege
.. _FUNCTION-web.ins_https:
``web.ins_https``
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Create new HTTPS certificate
.. todo::
Fix missing owner verification (not critical)
Parameters
- ``p_domain`` :ref:`dns.t_hostname <DOMAIN-dns.t_hostname>`
- ``p_port`` :ref:`commons.t_port <DOMAIN-commons.t_port>`
- ``p_identifier`` :ref:`commons.t_key <DOMAIN-commons.t_key>`
Variables defined for body
- ``v_owner`` :ref:`user.t_user <DOMAIN-user.t_user>`
Returns
void
Execute privilege
- :ref:`userlogin <ROLE-userlogin>`
.. code-block:: plpgsql
-- begin userlogin prelude
v_owner := (SELECT t.act_as FROM "user"._get_login() AS t);
-- end userlogin prelude
INSERT INTO web.https
(domain, port, identifier)
VALUES
(p_domain, p_port, p_identifier);
PERFORM backend._notify_domain('web', 'site', p_domain);
.. _FUNCTION-web.ins_intermediate_cert:
``web.ins_intermediate_cert``
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Xxx
Parameters
- ``p_subject_key_identifier`` :ref:`varchar <DOMAIN-varchar>`
- ``p_authority_key_identifier`` :ref:`varchar <DOMAIN-varchar>`
- ``p_x509_certificate`` :ref:`web.t_cert <DOMAIN-web.t_cert>`
Variables defined for body
- ``v_owner`` :ref:`user.t_user <DOMAIN-user.t_user>`
Returns
void
Execute privilege
- :ref:`userlogin <ROLE-userlogin>`
.. code-block:: plpgsql
-- begin userlogin prelude
v_owner := (SELECT t.act_as FROM "user"._get_login() AS t);
-- end userlogin prelude
INSERT INTO web.intermediate_cert
(subject_key_identifier, authority_key_identifier, x509_certificate)
VALUES
(p_subject_key_identifier, p_authority_key_identifier, p_x509_certificate);
.. _FUNCTION-web.ins_intermediate_chain:
``web.ins_intermediate_chain``
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
sdf
Parameters
- ``p_domain`` :ref:`dns.t_hostname <DOMAIN-dns.t_hostname>`
- ``p_port`` :ref:`commons.t_port <DOMAIN-commons.t_port>`
- ``p_identifier`` :ref:`commons.t_key <DOMAIN-commons.t_key>`
- ``p_order`` :ref:`integer <DOMAIN-integer>`
- ``p_subject_key_identifier`` :ref:`varchar <DOMAIN-varchar>`
Variables defined for body
- ``v_owner`` :ref:`user.t_user <DOMAIN-user.t_user>`
Returns
void
Execute privilege
- :ref:`userlogin <ROLE-userlogin>`
.. code-block:: plpgsql
-- begin userlogin prelude
v_owner := (SELECT t.act_as FROM "user"._get_login() AS t);
-- end userlogin prelude
INSERT INTO web.intermediate_chain
(domain, port, identifier, "order", subject_key_identifier)
VALUES
(p_domain, p_port, p_identifier, p_order, p_subject_key_identifier);
.. _FUNCTION-web.ins_site:
.. _FUNCTION-web.ins_site:
``web.ins_site``
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
......@@ -1008,6 +517,9 @@ Parameters
- ``p_port`` :ref:`commons.t_port <DOMAIN-commons.t_port>`
- ``p_https`` :ref:`bool <DOMAIN-bool>`
- ``p_user`` :ref:`server_access.t_user <DOMAIN-server_access.t_user>`
......@@ -1047,9 +559,9 @@ Execute privilege
);
INSERT INTO web.site
(domain, service, subservice, port, "user", service_entity_name, owner)
(domain, service, subservice, port, https, "user", service_entity_name, owner)
VALUES
(p_domain, 'web', 'site', p_port, p_user, p_service_entity_name, v_owner);
(p_domain, 'web', 'site', p_port, p_https, p_user, p_service_entity_name, v_owner);
PERFORM backend._notify_domain('web', 'site', p_domain);
......@@ -1117,173 +629,6 @@ Execute privilege
.. _FUNCTION-web.sel_https:
``web.sel_https``
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
sel https
Parameters
*None*
Variables defined for body
- ``v_owner`` :ref:`user.t_user <DOMAIN-user.t_user>`
Returns
TABLE
Returned columns
- ``identifier`` :ref:`commons.t_key <DOMAIN-commons.t_key>`
- ``domain`` :ref:`dns.t_hostname <DOMAIN-dns.t_hostname>`
- ``port`` :ref:`commons.t_port <DOMAIN-commons.t_port>`
- ``x509_request`` :ref:`web.t_cert <DOMAIN-web.t_cert>`
- ``x509_certificate`` :ref:`web.t_cert <DOMAIN-web.t_cert>`
- ``authority_key_identifier`` :ref:`varchar <DOMAIN-varchar>`
- ``backend_status`` :ref:`backend.t_status <DOMAIN-backend.t_status>`
Execute privilege
- :ref:`userlogin <ROLE-userlogin>`
.. code-block:: plpgsql
-- begin userlogin prelude
v_owner := (SELECT t.act_as FROM "user"._get_login() AS t);
-- end userlogin prelude
RETURN QUERY
SELECT
t.identifier,
t.domain,
t.port,
t.x509_request,
t.x509_certificate,
t.authority_key_identifier,
t.backend_status
FROM web.https AS t
ORDER BY t.backend_status, t.identifier;
.. _FUNCTION-web.sel_intermediate_cert:
``web.sel_intermediate_cert``
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
int
Parameters
- ``p_subject_key_identifier`` :ref:`varchar <DOMAIN-varchar>`
Variables defined for body
- ``v_owner`` :ref:`user.t_user <DOMAIN-user.t_user>`
Returns
TABLE
Returned columns
- ``subject_key_identifier`` :ref:`varchar <DOMAIN-varchar>`
- ``authority_key_identifier`` :ref:`varchar <DOMAIN-varchar>`
- ``x509_certificate`` :ref:`web.t_cert <DOMAIN-web.t_cert>`
Execute privilege
- :ref:`userlogin <ROLE-userlogin>`
.. code-block:: plpgsql
-- begin userlogin prelude
v_owner := (SELECT t.act_as FROM "user"._get_login() AS t);
-- end userlogin prelude