diff --git a/internal/ocrunner/config.go b/internal/ocrunner/config.go new file mode 100644 index 0000000..d21a94d --- /dev/null +++ b/internal/ocrunner/config.go @@ -0,0 +1,92 @@ +package ocrunner + +import "strconv" + +var ( + // XMLProfile is the default AnyConnect Profile + XMLProfile = "/var/lib/oc-daemon/profile.xml" + + // VPNCScript is the default vpnc-script + VPNCScript = "/usr/bin/oc-daemon-vpncscript" + + // VPNDevice is the default vpn network device name + VPNDevice = "oc-daemon-tun0" + + // PIDFile is the default file path of the PID file for openconnect + PIDFile = "/run/oc-daemon/openconnect.pid" + + // PIDOwner is the default owner of the PID file + PIDOwner = "" + + // PIDGroup is the default group of the PID file + PIDGroup = "" + + // PIDPermissions are the default file permissions of the PID file + PIDPermissions = "0600" + + // NoProxy specifies whether the no proxy flag is set in openconnect + NoProxy = true + + // ExtraEnv are extra environment variables used by openconnect + ExtraEnv = []string{} + + // ExtraArgs are extra command line arguments used by openconnect + ExtraArgs = []string{} +) + +// Config is the configuration for an openconnect connection runner +type Config struct { + XMLProfile string + VPNCScript string + VPNDevice string + + PIDFile string + PIDOwner string + PIDGroup string + PIDPermissions string + + NoProxy bool + ExtraEnv []string + ExtraArgs []string +} + +// Valid returns whether the openconnect configuration is valid +func (c *Config) Valid() bool { + if c == nil || + c.XMLProfile == "" || + c.VPNCScript == "" || + c.VPNDevice == "" || + c.PIDFile == "" || + c.PIDPermissions == "" { + + return false + } + if c.PIDPermissions != "" { + perm, err := strconv.ParseUint(c.PIDPermissions, 8, 32) + if err != nil { + return false + } + if perm > 0777 { + return false + } + } + return true +} + +// NewConfig returns a new configuration for an openconnect connection runner +func NewConfig() *Config { + return &Config{ + XMLProfile: XMLProfile, + VPNCScript: VPNCScript, + VPNDevice: VPNDevice, + + PIDFile: PIDFile, + PIDOwner: PIDOwner, + PIDGroup: PIDGroup, + PIDPermissions: PIDPermissions, + + NoProxy: NoProxy, + ExtraEnv: ExtraEnv, + ExtraArgs: ExtraArgs, + } +} diff --git a/internal/ocrunner/config_test.go b/internal/ocrunner/config_test.go new file mode 100644 index 0000000..74db19e --- /dev/null +++ b/internal/ocrunner/config_test.go @@ -0,0 +1,77 @@ +package ocrunner + +import ( + "reflect" + "testing" +) + +// TestConfigValid tests Valid of Config +func TestConfigValid(t *testing.T) { + // test invalid + for _, invalid := range []*Config{ + nil, + {}, + { + XMLProfile: "/test/profile", + VPNCScript: "/test/vpncscript", + VPNDevice: "test-device", + PIDFile: "/test/pid", + PIDPermissions: "invalid", + }, + { + XMLProfile: "/test/profile", + VPNCScript: "/test/vpncscript", + VPNDevice: "test-device", + PIDFile: "/test/pid", + PIDPermissions: "1234", + }, + } { + want := false + got := invalid.Valid() + + if got != want { + t.Errorf("got %t, want %t for %v", got, want, invalid) + } + } + + // test valid + for _, valid := range []*Config{ + NewConfig(), + { + XMLProfile: "/test/profile", + VPNCScript: "/test/vpncscript", + VPNDevice: "test-device", + PIDFile: "/test/pid", + PIDPermissions: "777", + }, + } { + want := true + got := valid.Valid() + + if got != want { + t.Errorf("got %t, want %t for %v", got, want, valid) + } + } +} + +// TestNewConfig tests NewConfig +func TestNewConfig(t *testing.T) { + want := &Config{ + XMLProfile: XMLProfile, + VPNCScript: VPNCScript, + VPNDevice: VPNDevice, + + PIDFile: PIDFile, + PIDOwner: PIDOwner, + PIDGroup: PIDGroup, + PIDPermissions: PIDPermissions, + + NoProxy: NoProxy, + ExtraEnv: ExtraEnv, + ExtraArgs: ExtraArgs, + } + got := NewConfig() + if !reflect.DeepEqual(got, want) { + t.Errorf("got %v, want %v", got, want) + } +}