1 // Copyright (C) 2016-2021 Internet Systems Consortium, Inc. ("ISC") 2 // 3 // This Source Code Form is subject to the terms of the Mozilla Public 4 // License, v. 2.0. If a copy of the MPL was not distributed with this 5 // file, You can obtain one at http://mozilla.org/MPL/2.0/. 6 7 #ifndef CTRL_AGENT_CFG_MGR_H 8 #define CTRL_AGENT_CFG_MGR_H 9 10 #include <cc/data.h> 11 #include <hooks/hooks_config.h> 12 #include <http/auth_config.h> 13 #include <process/d_cfg_mgr.h> 14 #include <boost/pointer_cast.hpp> 15 #include <map> 16 #include <string> 17 18 namespace isc { 19 namespace agent { 20 21 class CtrlAgentCfgContext; 22 /// @brief Pointer to a configuration context. 23 typedef boost::shared_ptr<CtrlAgentCfgContext> CtrlAgentCfgContextPtr; 24 25 /// @brief Control Agent Configuration Context. 26 /// 27 /// Implement the storage container for configuration context. 28 /// It provides a single enclosure for the storage of configuration parameters 29 /// and any other Control Agent specific information that needs to be accessible 30 /// during configuration parsing as well as to the application as a whole. 31 /// It is derived from the context base class, ConfigBase. 32 class CtrlAgentCfgContext : public process::ConfigBase { 33 public: 34 35 /// @brief Default constructor 36 CtrlAgentCfgContext(); 37 38 /// @brief Creates a clone of this context object. 39 /// 40 /// Note this method does not do deep copy the information about control sockets. 41 /// That data is stored as ConstElementPtr (a shared pointer) to the actual data. 42 /// 43 /// @return A pointer to the new clone. clone()44 virtual process::ConfigPtr clone() { 45 return (process::ConfigPtr(new CtrlAgentCfgContext(*this))); 46 } 47 48 /// @brief Returns information about control socket 49 /// 50 /// This method returns Element tree structure that describes the control 51 /// socket (or null pointer if the socket is not defined for a particular 52 /// server type). This information is expected to be compatible with 53 /// data passed to @ref isc::config::CommandMgr::openCommandSocket. 54 /// 55 /// @param service server being controlled 56 /// @return pointer to the Element that holds control-socket map (or NULL) 57 isc::data::ConstElementPtr 58 getControlSocketInfo(const std::string& service) const; 59 60 /// @brief Sets information about the control socket 61 /// 62 /// This method stores Element tree structure that describes the control 63 /// socket. This information is expected to be compatible with 64 /// data passed to @ref isc::config::CommandMgr::openCommandSocket. 65 /// 66 /// @param control_socket Element that holds control-socket map 67 /// @param service server being controlled 68 void setControlSocketInfo(const isc::data::ConstElementPtr& control_socket, 69 const std::string& service); 70 71 /// @brief Returns socket configuration summary in a textual format. 72 std::string getControlSocketInfoSummary() const; 73 74 /// @brief Sets http-host parameter 75 /// 76 /// @param host Hostname or IP address where the agent's HTTP service 77 /// will be available. setHttpHost(const std::string & host)78 void setHttpHost(const std::string& host) { 79 http_host_ = host; 80 } 81 82 /// @brief Returns http-host parameter 83 /// 84 /// @return Hostname or IP address where the agent's HTTP service is 85 /// available. getHttpHost()86 std::string getHttpHost() const { 87 return (http_host_); 88 } 89 90 /// @brief Sets http port 91 /// 92 /// @param port sets the TCP port the HTTP server will listen on setHttpPort(const uint16_t port)93 void setHttpPort(const uint16_t port) { 94 http_port_ = port; 95 } 96 97 /// @brief Returns the TCP post the HTTP server will listen on getHttpPort()98 uint16_t getHttpPort() const { 99 return (http_port_); 100 } 101 102 /// @brief Sets HTTP authentication configuration. 103 /// 104 /// @note Only the basic HTTP authentication is supported. 105 /// 106 /// @param auth_config HTTP authentication configuration. setAuthConfig(const isc::http::HttpAuthConfigPtr & auth_config)107 void setAuthConfig(const isc::http::HttpAuthConfigPtr& auth_config) { 108 auth_config_ = auth_config; 109 } 110 111 /// @brief Returns HTTP authentication configuration 112 /// 113 /// @note Only the basic HTTP authentication is supported. 114 /// 115 /// @return HTTP authentication configuration. getAuthConfig()116 const isc::http::HttpAuthConfigPtr& getAuthConfig() const { 117 return (auth_config_); 118 } 119 120 /// @brief Sets trust-anchor parameter 121 /// 122 /// @param ca Trust anchor aka Certificate Authority (can be a file name 123 /// or a directory path). setTrustAnchor(const std::string & ca)124 void setTrustAnchor(const std::string& ca) { 125 trust_anchor_ = ca; 126 } 127 128 /// @brief Returns trust-anchor parameter 129 /// 130 /// @return Trust anchor aka Certificate Authority getTrustAnchor()131 std::string getTrustAnchor() const { 132 return (trust_anchor_); 133 } 134 135 /// @brief Sets cert-file parameter 136 /// 137 /// @param cert Server certificate file name setCertFile(const std::string & cert)138 void setCertFile(const std::string& cert) { 139 cert_file_ = cert; 140 } 141 142 /// @brief Returns cert-file parameter 143 /// 144 /// @return Server certificate file name getCertFile()145 std::string getCertFile() const { 146 return (cert_file_); 147 } 148 149 /// @brief Sets key-file parameter 150 /// 151 /// @param key Server private key file name setKeyFile(const std::string & key)152 void setKeyFile(const std::string& key) { 153 key_file_ = key; 154 } 155 156 /// @brief Returns key-file parameter 157 /// 158 /// @return Server private key file name getKeyFile()159 std::string getKeyFile() const { 160 return (key_file_); 161 } 162 163 /// @brief Sets cert-required parameter 164 /// 165 /// @param required Client certificates are required when true 166 /// (the default) or optional when false setCertRequired(bool required)167 void setCertRequired(bool required) { 168 cert_required_ = required; 169 } 170 171 /// @brief Returns cert-required parameter 172 /// 173 /// @return True when client certificates are required, false when they 174 /// are optional, the default is to require them (true). getCertRequired()175 bool getCertRequired() const { 176 return (cert_required_); 177 } 178 179 /// @brief Returns non-const reference to configured hooks libraries. 180 /// 181 /// @return non-const reference to configured hooks libraries. getHooksConfig()182 isc::hooks::HooksConfig& getHooksConfig() { 183 return (hooks_config_); 184 } 185 186 /// @brief Returns const reference to configured hooks libraries. 187 /// 188 /// @return const reference to configured hooks libraries. getHooksConfig()189 const isc::hooks::HooksConfig& getHooksConfig() const { 190 return (hooks_config_); 191 } 192 193 /// @brief Unparse a configuration object 194 /// 195 /// Returns an element which must parse into the same object, i.e. 196 /// @code 197 /// for all valid config C parse(parse(C)->toElement()) == parse(C) 198 /// @endcode 199 /// 200 /// @return a pointer to a configuration which can be parsed into 201 /// the initial configuration object 202 virtual isc::data::ElementPtr toElement() const; 203 204 private: 205 206 /// @brief Private copy constructor 207 /// 208 /// It is private to forbid anyone outside of this class to make copies. 209 /// The only legal way to copy a context is to call @ref clone(). 210 /// 211 /// @param orig the original context to copy from 212 CtrlAgentCfgContext(const CtrlAgentCfgContext& orig); 213 214 /// @brief Private assignment operator to avoid potential for slicing. 215 /// 216 /// @param rhs Context to be assigned. 217 CtrlAgentCfgContext& operator=(const CtrlAgentCfgContext& rhs); 218 219 /// Socket information will be stored here (for all supported servers) 220 std::map<std::string, isc::data::ConstElementPtr> ctrl_sockets_; 221 222 /// Hostname the CA should listen on. 223 std::string http_host_; 224 225 /// TCP port the CA should listen on. 226 uint16_t http_port_; 227 228 /// Trust anchor aka Certificate Authority (can be a file name or 229 /// a directory path). 230 std::string trust_anchor_; 231 232 /// Server certificate file name. 233 std::string cert_file_; 234 235 /// Server private key file name. 236 std::string key_file_; 237 238 /// Client certificates requirement flag (default is true i.e. to 239 /// require them). 240 bool cert_required_; 241 242 /// @brief Configured hooks libraries. 243 isc::hooks::HooksConfig hooks_config_; 244 245 /// @brief Configured basic HTTP authentification clients. 246 isc::http::HttpAuthConfigPtr auth_config_; 247 }; 248 249 /// @brief Ctrl Agent Configuration Manager. 250 /// 251 /// Provides the mechanisms for managing the Control Agent application's 252 /// configuration. 253 class CtrlAgentCfgMgr : public process::DCfgMgrBase { 254 public: 255 256 /// @brief Constructor. 257 CtrlAgentCfgMgr(); 258 259 /// @brief Destructor 260 virtual ~CtrlAgentCfgMgr(); 261 262 /// @brief Convenience method that returns the Control Agent configuration 263 /// context. 264 /// 265 /// @return returns a pointer to the configuration context. getCtrlAgentCfgContext()266 CtrlAgentCfgContextPtr getCtrlAgentCfgContext() { 267 return (boost::dynamic_pointer_cast<CtrlAgentCfgContext>(getContext())); 268 } 269 270 /// @brief Returns configuration summary in the textual format. 271 /// 272 /// @param selection Bitfield which describes the parts of the configuration 273 /// to be returned. This parameter is ignored for the Control Agent. 274 /// 275 /// @return Summary of the configuration in the textual format. 276 virtual std::string getConfigSummary(const uint32_t selection) override; 277 278 protected: 279 280 /// @brief Parses configuration of the Control Agent. 281 /// 282 /// @param config Pointer to a configuration specified for the agent. 283 /// @param check_only Boolean flag indicating if this method should 284 /// only verify correctness of the provided configuration. 285 /// @return Pointer to a result of configuration parsing. 286 virtual isc::data::ConstElementPtr 287 parse(isc::data::ConstElementPtr config, bool check_only) override; 288 289 /// @brief Creates a new, blank CtrlAgentCfgContext context. 290 /// 291 /// 292 /// This method is used at the beginning of configuration process to 293 /// create a fresh, empty copy of a CtrlAgentCfgContext. This new context 294 /// will be populated during the configuration process and will replace the 295 /// existing context provided the configuration process completes without 296 /// error. 297 /// 298 /// @return Returns a ConfigPtr to the new context instance. 299 virtual process::ConfigPtr createNewContext() override; 300 301 /// @brief Return a list of all paths that contain passwords or secrets. 302 /// 303 /// Used in @ref isc::process::DCfgMgrBase::redactConfig. 304 /// 305 /// @return the list of lists of sequential JSON map keys needed to reach 306 /// the passwords and secrets. 307 std::list<std::list<std::string>> jsonPathsToRedact() const final override; 308 }; 309 310 /// @brief Defines a shared pointer to CtrlAgentCfgMgr. 311 typedef boost::shared_ptr<CtrlAgentCfgMgr> CtrlAgentCfgMgrPtr; 312 313 } // namespace isc::agent 314 } // namespace isc 315 316 #endif // CTRL_AGENT_CFG_MGR_H 317