Last minute documentation and testing changes befoire 4.6

2020-08-13 14:58:42 +02:00 · 2020-08-13 14:58:42 +02:00 · 3d33335f4b
commit 3d33335f4b
parent 8f9aa9bc80
10 changed files with 23 additions and 31 deletions
--- a/apps/backend/backend_startup.c
+++ b/apps/backend/backend_startup.c
@ -279,7 +279,9 @@ startup_extraxml(clicon_handle        h,

 failsafe      ----------------------+
                            reset    \ commit
-running                       |-------+---------------> RUNNING FAILSAFE
+running                   ----|-------+---------------> RUNNING FAILSAFE
+                           \
+tmp                         |----------------------> 
 */
 int
 startup_failsafe(clicon_handle h)
--- a/apps/restconf/README.md
+++ b/apps/restconf/README.md
@ -109,7 +109,7 @@ Set the Clixon configuration options:
 ```
 In this example, the stream EXAMPLE would be accessed with `https://example.com/streams/EXAMPLE`.

-The retention is configured as 1 hour, i.e., the stream replay function will only save timeseries one other.
+The retention is configured as 1 hour, i.e., the stream replay function will only save timeseries one hour.

 Clixon defines an internal in-memory (not persistent) replay function
 controlled by the configure option above.
--- a/apps/restconf/restconf_main_evhtp.c
+++ b/apps/restconf/restconf_main_evhtp.c
@ -792,6 +792,7 @@ main(int    argc,
 	clicon_err(OE_UNIX, errno, "evhtp_bind_socket");
 	goto done;
    }
+    /* Drop privileges to WWWUSER if started as root */
    if (restconf_drop_privileges(h, WWWUSER) < 0)
 	goto done;

--- a/apps/restconf/restconf_main_fcgi.c
+++ b/apps/restconf/restconf_main_fcgi.c
@ -443,10 +443,9 @@ main(int    argc,
 	clicon_err(OE_UNIX, errno, "chmod");
 	goto done;
    }
-#if 1
+    /* Drop privileges to WWWUSER if started as root */
    if (restconf_drop_privileges(h, WWWUSER) < 0)
 	goto done;
-#endif
    if (FCGX_InitRequest(req, sock, 0) != 0){
 	clicon_err(OE_CFG, errno, "FCGX_InitRequest");
 	goto done;
--- a/docker/main/startsystem_fcgi.sh
+++ b/docker/main/startsystem_fcgi.sh
@ -88,7 +88,7 @@ EOF
 # - test_order.sh XXX this is a bug need debugging
 cat <<EOF > /usr/local/bin/test/site.sh
 # Add your local site specific env variables (or tests) here.
-SKIPLIST="test_api.sh test_c++.sh test_yangmodels.sh test_openconfig.sh test_install.sh test_nacm_recovery.sh test_privileges.sh"
+SKIPLIST="test_api.sh test_c++.sh test_yangmodels.sh test_openconfig.sh test_install.sh test_privileges.sh"
 #IETFRFC=
 EOF

--- a/lib/clixon/clixon_plugin.h
+++ b/lib/clixon/clixon_plugin.h
@ -131,7 +131,7 @@ typedef int (plgexit_t)(clicon_handle);		       /* Plugin exit */
 */
 typedef int (plgextension_t)(clicon_handle h, yang_stmt *yext, yang_stmt *ys);

-/*! Called by restconf to check credentials and return username
+/*! Called by restconf on each incoming request to check credentials and return username
 */

 /* Plugin authorization. Set username option (or not)
@ -182,7 +182,7 @@ typedef char *(cli_prompthook_t)(clicon_handle, char *mode);
 typedef int (datastore_upgrade_t)(clicon_handle h, const char *db, cxobj *xt, modstate_diff_t *msd);

 /*! Startup status for use in startup-callback
- * Note that for STARTUP_ERR and _INVALID, running runs in failsafe mode
+ * Note that for STARTUP_ERR and STARTUP_INVALID, running runs in failsafe mode
 * and startup contains the erroneous or invalid database.
 * The user should repair the startup and 
 * (1) restart the backend
--- a/test/config.sh.in
+++ b/test/config.sh.in
@ -5,4 +5,5 @@ WITH_RESTCONF=@with_restconf@ # evhtp, fcgi or ""
 WITH_LIBXML2=@with_libxml2@ # yes or ""
 CXX=@CXX@
 CC=@CC@
-
+WWWUSER=@wwwuser@
+WWWDIR=@wwwdir@
--- a/test/lib.sh
+++ b/test/lib.sh
@ -105,10 +105,6 @@ fi
 # RESTCONF protocol, eg http or https
 : ${RCPROTO:=http}

-# www user (on linux typically www-data, freebsd www)
-# @see wwwstartuser which can be dropped to this
-: ${wwwuser:=www-data}
-
 # www user (on linux typically www-data, freebsd www)
 # Start restconf user, can be root which is dropped to wwwuser
 : ${wwwstartuser:=root} 
@ -136,9 +132,9 @@ BUSER=clicon

 : ${clixon_cli:=clixon_cli}

-: ${clixon_netconf:=clixon_netconf}
+: ${clixon_netconf:=$(which clixon_netconf)}

-: ${clixon_restconf:=/www-data/clixon_restconf}
+: ${clixon_restconf:=$WWWDIR/clixon_restconf}

 : ${clixon_backend:=clixon_backend}

@ -268,9 +264,9 @@ stop_restconf_pre(){
 # Stop restconf daemon after test
 # Two caveats in pkill:
 # 1) Dont use $clixon_restconf (dont work in valgrind)
-# 2) Dont use -u $wwwuser since clixon_restconf may drop privileges.
+# 2) Dont use -u $WWWUSER since clixon_restconf may drop privileges.
 stop_restconf(){
-    #    sudo pkill -u $wwwuser -f clixon_restconf # Dont use $clixon_restoconf doesnt work in valgrind
+    #    sudo pkill -u $WWWUSER -f clixon_restconf # Dont use $clixon_restoconf doesnt work in valgrind
    sudo pkill -f clixon_restconf
    if [ $valgrindtest -eq 3 ]; then 
 	sleep 1
--- a/test/vagrant/vagrant.sh
+++ b/test/vagrant/vagrant.sh
@ -195,7 +195,7 @@ case $release in
 	# restconf
 	case ${with_restconf} in
 	    fcgi)
-		buildfcgi=true # some ubuntu dont have fcgidev
+		buildfcgi=true # some ubuntu dont have fcgi-dev
 		$sshcmd sudo apt install -y nginx
 		;;
 	    evhtp)
@ -258,7 +258,6 @@ case ${with_restconf} in
 	    $sshcmd "(cd cmake; sudo make install)"
 	fi
 	if $buildevhtp; then
-	    if true; then
 		$sshcmd << 'EOF'
 		test -d libevhtp || sudo git clone https://github.com/criticalstack/libevhtp.git
 		cd libevhtp/build; 
@ -267,12 +266,6 @@ case ${with_restconf} in
 		sudo make
 		sudo make install
 EOF
-	    else
-		$sshcmd "test -d libevhtp || sudo git clone https://github.com/criticalstack/libevhtp.git"
-		$sshcmd "(cd libevhtp/build; sudo /usr/local/bin/cmake -DEVHTP_DISABLE_REGEX=ON -DEVHTP_DISABLE_EVTHR=ON ..)"
-		$sshcmd "(cd libevhtp/build; sudo make)"
-		$sshcmd "(cd libevhtp/build; sudo make install)"
-	    fi
 	fi
 	;;
 esac
--- a/yang/clixon/clixon-config@2020-06-17.yang
+++ b/yang/clixon/clixon-config@2020-06-17.yang
@ -246,8 +246,7 @@ module clixon-config {
 	    }
 	    enum exact {
 		description
-		  "Exact match between NACM user and unix socket peer user.
-                   Except for root user that can pose as any user.";
+		  "Exact match between NACM user and unix socket peer user.";
 	    }
 	    enum except {
 		description
@ -691,13 +690,14 @@ module clixon-config {
 	leaf CLICON_NACM_MODE {
 	    type nacm_mode;
 	    default disabled;
-	    description "RFC8341 network access configuration control model 
-                         (NACM) mode: disabled, in regular (internal) config
-                         or separate external file given by CLICON_NACM_FILE";
+	    description
+		"RFC8341 network access configuration control model (NACM) mode: disabled, 
+                 in regular (internal) config or separate external file given by CLICON_NACM_FILE";
 	}
 	leaf CLICON_NACM_FILE {
 	    type string;
-	    description "RFC8341 NACM external configuration file";
+	    description
+		"RFC8341 NACM external configuration file (if CLIXON_NACM_MODE is external)";
 	}
 	leaf CLICON_NACM_CREDENTIALS {
 	    type nacm_cred_mode;
@ -710,7 +710,7 @@ module clixon-config {
        leaf CLICON_NACM_RECOVERY_USER {
 	    type string;
 	    description
-		"RFC8341 defines a 'recovery session' as outside the scope. Clixon
+		"RFC8341 defines a 'recovery session' as outside its scope. Clixon
                 defines this user as having special admin rights to exempt from
                 all access control enforcements.
                 Note setting of CLICON_NACM_CREDENTIALS is important, if set to