Added ip address validation on saas and websites related settings

orchestra/contrib/saas/backends/__init__.py

@@ -6,13 +6,13 @@ from orchestra.contrib.resources import ServiceMonitor
 from .. import settings
 
 
-class SaaSWebTraffic(ServiceMonitor):
+class ApacheTrafficByHost(ServiceMonitor):
     """
     Parses apache logs,
     looking for the size of each request on the last word of the log line.
     
     Compatible log format:
-    <tt>LogFormat "%h %l %u %t \"%r\" %>s %O \"%{Host}i\"" host</tt>
+    <tt>LogFormat "%h %l %u %t \"%r\" %>s %O %{Host}i" host</tt>
     <tt>CustomLog /home/pangea/logs/apache/host_blog.pangea.org.log host</tt>
     """
     model = 'saas.SaaS'
@@ -74,7 +74,6 @@ class SaaSWebTraffic(ServiceMonitor):
                                 if host in {ignore_hosts}:
                                     continue
                                 size, hostname = line[-2:]
-                                hostname = hostname.replace('"', '')
                                 try:
                                     site = sites[hostname]
                                 except KeyError:
@@ -85,7 +84,6 @@ class SaaSWebTraffic(ServiceMonitor):
                                     year, hour, min, sec = date.split(':')
                                     date = year + months[month] + day + hour + min + sec
                                     if site[0] < int(date) < end_date:
-                                        status, size = response.split()
                                         site[2] += int(size)
                     except IOError as e:
                         sys.stderr.write(str(e)+'\\n')

orchestra/contrib/saas/backends/dokuwikimu.py

@@ -7,7 +7,7 @@ from django.utils.translation import ugettext_lazy as _
 from orchestra.contrib.orchestration import ServiceController
 from orchestra.utils.python import random_ascii
 
-from . import SaaSWebTraffic
+from . import ApacheTrafficByHost
 from .. import settings
 
 
@@ -67,8 +67,8 @@ class DokuWikiMuBackend(ServiceController):
         return context
 
 
-class DokuWikiMuTraffic(SaaSWebTraffic):
-    __doc__ = SaaSWebTraffic.__doc__
+class DokuWikiMuTraffic(ApacheTrafficByHost):
+    __doc__ = ApacheTrafficByHost.__doc__
     verbose_name = _("DokuWiki MU Traffic")
     default_route_match = "saas.service == 'dokuwiki'"
     doc_settings = (settings,

orchestra/contrib/saas/backends/wordpressmu.py

@@ -5,7 +5,7 @@ from django.utils.translation import ugettext_lazy as _
 
 from orchestra.contrib.orchestration import ServiceController
 
-from . import SaaSWebTraffic
+from . import ApacheTrafficByHost
 from .. import settings
 
 
@@ -122,8 +122,8 @@ class WordpressMuBackend(ServiceController):
         self.append(self.delete_blog, saas)
 
 
-class WordpressMuTraffic(SaaSWebTraffic):
-    __doc__ = SaaSWebTraffic.__doc__
+class WordpressMuTraffic(ApacheTrafficByHost):
+    __doc__ = ApacheTrafficByHost.__doc__
     verbose_name = _("Wordpress MU Traffic")
     default_route_match = "saas.service == 'wordpress'"
     doc_settings = (settings,

orchestra/contrib/saas/settings.py

@@ -1,6 +1,7 @@
 from django.utils.translation import ugettext_lazy as _
 
 from orchestra.contrib.settings import Setting
+from orchestra.core.validators import validate_ip_address
 from orchestra.settings import ORCHESTRA_BASE_DOMAIN
 
 from .. import saas
@@ -24,49 +25,48 @@ SAAS_ENABLED_SERVICES = Setting('SAAS_ENABLED_SERVICES',
 
 
 SAAS_TRAFFIC_IGNORE_HOSTS = Setting('SAAS_TRAFFIC_IGNORE_HOSTS',
-    (),
+    ('127.0.0.1',),
     help_text=_("IP addresses to ignore during traffic accountability."),
+    validators=[lambda hosts: (validate_ip_address(host) for host in hosts)]
 )
 
 
+# WordPress
+
 SAAS_WORDPRESS_LOG_PATH = Setting('SAAS_WORDPRESS_LOG_PATH',
     '',
     help_text=_('Filesystem path for the webserver access logs.<br>'
                 '<tt>LogFormat "%h %l %u %t \"%r\" %>s %O \"%{Host}i\"" host</tt>'),
 )
 
-
 SAAS_WORDPRESS_ADMIN_PASSWORD = Setting('SAAS_WORDPRESS_ADMIN_PASSWORD',
     'secret'
 )
 
-
 SAAS_WORDPRESS_BASE_URL = Setting('SAAS_WORDPRESS_BASE_URL',
     'https://blogs.{}/'.format(ORCHESTRA_BASE_DOMAIN),
     help_text="Uses <tt>ORCHESTRA_BASE_DOMAIN</tt> by default.",
 )
 
-
 SAAS_WORDPRESS_BASE_DOMAIN = Setting('SAAS_WORDPRESS_BASE_DOMAIN',
     'blogs.{}'.format(ORCHESTRA_BASE_DOMAIN),
 )
 
 
+# DokuWiki
+
 SAAS_DOKUWIKI_TEMPLATE_PATH = Setting('SAAS_DOKUWIKI_TEMPLATE_PATH',
     '/home/httpd/htdocs/wikifarm/template.tar.gz'
 )
 
-
 SAAS_DOKUWIKI_FARM_PATH = Setting('WEBSITES_DOKUWIKI_FARM_PATH',
     '/home/httpd/htdocs/wikifarm/farm'
 )
 
-
 SAAS_DOKUWIKI_BASE_DOMAIN = Setting('SAAS_DOKUWIKI_BASE_DOMAIN',
     'dokuwiki.{}'.format(ORCHESTRA_BASE_DOMAIN),
 )
 
-
 SAAS_DOKUWIKI_TEMPLATE_PATH = Setting('SAAS_DOKUWIKI_TEMPLATE_PATH',
     '/var/www/wikifarm/template.tar.gz',
 )
@@ -75,45 +75,43 @@ SAAS_DOKUWIKI_FARM_PATH = Setting('SAAS_DOKUWIKI_FARM_PATH',
     '/var/www/wikifarm/farm'
 )
 
-
 SAAS_DOKUWIKI_USER = Setting('SAAS_DOKUWIKI_USER',
     'orchestra'
 )
 
-
 SAAS_DOKUWIKI_GROUP = Setting('SAAS_DOKUWIKI_GROUP',
     'orchestra'
 )
 
-
 SAAS_DOKUWIKI_LOG_PATH = Setting('SAAS_DOKUWIKI_LOG_PATH',
     '',
 )
 
 
+# Drupal
+
 SAAS_DRUPAL_SITES_PATH = Setting('WEBSITES_DRUPAL_SITES_PATH',
     '/home/httpd/htdocs/drupal-mu/sites/%(site_name)s',
 )
 
 
+# PhpList
+
 SAAS_PHPLIST_DB_USER = Setting('SAAS_PHPLIST_DB_USER',
     'phplist_mu',
     help_text=_("Needed for password changing support."),
 )
 
-
 SAAS_PHPLIST_DB_PASS = Setting('SAAS_PHPLIST_DB_PASS',
     'secret',
     help_text=_("Needed for password changing support."),
 )
 
-
 SAAS_PHPLIST_DB_NAME = Setting('SAAS_PHPLIST_DB_NAME',
     'phplist_mu_%(site_name)s',
     help_text=_("Needed for password changing support."),
 )
 
-
 SAAS_PHPLIST_DB_HOST = Setting('SAAS_PHPLIST_DB_HOST',
     'loclahost',
     help_text=_("Needed for password changing support."),
@@ -125,7 +123,6 @@ SAAS_PHPLIST_BASE_DOMAIN = Setting('SAAS_PHPLIST_BASE_DOMAIN',
     help_text="Uses <tt>ORCHESTRA_BASE_DOMAIN</tt> by default.",
 )
 
-
 SAAS_PHPLIST_VERIFY_SSL = Setting('SAAS_PHPLIST_VERIFY_SSL',
     True,
     help_text=_("Verify SSL certificate on the HTTP requests performed by the backend."),
@@ -155,38 +152,40 @@ SAAS_PHPLIST_MAIL_LOG_PATH = Setting('SAAS_PHPLIST_MAIL_LOG_PATH',
 )
 
 
+# SeaFile
+
 SAAS_SEAFILE_DOMAIN = Setting('SAAS_SEAFILE_DOMAIN',
     'seafile.{}'.format(ORCHESTRA_BASE_DOMAIN),
     help_text="Uses <tt>ORCHESTRA_BASE_DOMAIN</tt> by default.",
 )
 
-
 SAAS_SEAFILE_DEFAULT_QUOTA = Setting('SAAS_SEAFILE_DEFAULT_QUOTA',
     50
 )
 
 
+# BSCW
+
 SAAS_BSCW_DOMAIN = Setting('SAAS_BSCW_DOMAIN',
     'bscw.{}'.format(ORCHESTRA_BASE_DOMAIN),
     help_text="Uses <tt>ORCHESTRA_BASE_DOMAIN</tt> by default.",
 )
 
-
 SAAS_BSCW_DEFAULT_QUOTA = Setting('SAAS_BSCW_DEFAULT_QUOTA',
     50,
 )
 
-
 SAAS_BSCW_BSADMIN_PATH = Setting('SAAS_BSCW_BSADMIN_PATH', 
     '/home/httpd/bscw/bin/bsadmin',
 )
 
 
+# GitLab
+
 SAAS_GITLAB_ROOT_PASSWORD = Setting('SAAS_GITLAB_ROOT_PASSWORD',
     'secret',
 )
 
-
 SAAS_GITLAB_DOMAIN = Setting('SAAS_GITLAB_DOMAIN',
     'gitlab.{}'.format(ORCHESTRA_BASE_DOMAIN),
     help_text="Uses <tt>ORCHESTRA_BASE_DOMAIN</tt> by default.",

orchestra/contrib/websites/settings.py

@@ -1,6 +1,7 @@
 from django.utils.translation import ugettext_lazy as _
 
 from orchestra.contrib.settings import Setting
+from orchestra.core.validators import validate_ip_address
 
 from .. import websites
 
@@ -89,7 +90,9 @@ WEBSITES_WEBSITE_WWW_ERROR_LOG_PATH = Setting('WEBSITES_WEBSITE_WWW_ERROR_LOG_PA
 
 
 WEBSITES_TRAFFIC_IGNORE_HOSTS = Setting('WEBSITES_TRAFFIC_IGNORE_HOSTS',
-    ('127.0.0.1',)
+    ('127.0.0.1',),
+    help_text=_("IP addresses to ignore during traffic accountability."),
+    validators=[lambda hosts: (validate_ip_address(host) for host in hosts)],
 )