[FIX] clouder_template_red_october: Review fixes

* Remove data and source from base
* Proxy compat
* Roadmap notes
* Switch user to red october
* Bugfixes

clouder_template_red_october/README.rst

@@ -6,7 +6,7 @@
 Clouder Template - Red October
 ==============================
 
-This module provides a Clouder Template for Red Octover.
+This module provides a Clouder Template for Red October.
 
 Red October is a cryptographically-secure implementation of the two-person rule
 to protect sensitive data. From a technical perspective, Red October is a
@@ -41,12 +41,12 @@ Usage
 
 To use this module, you need to:
 
-#. Create a CFSSL Service in the Clouder Control Panel
+#. Create a Red October application in Clouder
 
 Known issues / Roadmap
 ======================
 
-* Add more Signature Profile options - https://github.com/cloudflare/redoctober/blob/86ecfbe5750ebf05565e4c80104d0a7919792fee/doc/cmd/redoctober.txt#L113
+* The container is currently using a self-signed certificate. This should be changed once a CA exists.
 
 Bug Tracker
 ===========

clouder_template_red_october/__init__.py

@@ -1,3 +1,5 @@
 # -*- coding: utf-8 -*-
 # Copyright 2016 LasLabs Inc.
 # License LGPL-3.0 or later (http://www.gnu.org/licenses/lgpl.html).
+
+from . import models

clouder_template_red_october/__manifest__.py

@@ -18,7 +18,6 @@
         'data/image.xml',
         'data/image_port.xml',
         'data/image_volume.xml',
-        'data/application_tag.xml',
         'data/application_type.xml',
         'data/application_template.xml',
         'data/application.xml',

clouder_template_red_october/data/application.xml

@@ -5,7 +5,7 @@
 <odoo>
 
     <record id="application_redoctober_data" model="clouder.application">
-        <field name="name">CFSSL Data</field>
+        <field name="name">Red October Data</field>
         <field name="code">data</field>
         <field name="type_id" ref="application_type_redoctober" />
         <field name="tag_ids" eval="[(4, ref('clouder.tag_data'))]" />
@@ -15,7 +15,7 @@
     </record>
 
     <record id="application_redoctober_exec" model="clouder.application">
-        <field name="name">CFSSL Exec</field>
+        <field name="name">Red October Exec</field>
         <field name="code">exec</field>
         <field name="type_id" ref="application_type_redoctober" />
         <field name="tag_ids" eval="[(4, ref('clouder.tag_exec'))]" />
@@ -26,7 +26,7 @@
     </record>
 
     <record id="application_redoctober" model="clouder.application">
-        <field name="name">CFSSL</field>
+        <field name="name">Red October</field>
         <field name="code">redoctober</field>
         <field name="type_id" ref="application_type_redoctober" />
         <field name="tag_ids" eval="[(4, ref('tag_cert_authority'))]" />

clouder_template_red_october/data/application_template.xml

@@ -7,7 +7,7 @@
     <record id="application_template_redoctober"
             model="clouder.application.template"
             >
-        <field name="name">CFSSL</field>
+        <field name="name">Red October</field>
     </record>
 
 </odoo>

clouder_template_red_october/data/application_type.xml

@@ -8,10 +8,7 @@
             model="clouder.application.type"
             >
         <field name="name">redoctober</field>
-        <field name="system_user">root</field>
-        <field name="tag_ids"
-               eval="[(6, 0, [ref('tag_cert_authority')])]"
-               />
+        <field name="system_user">redoctober</field>
     </record>
 
 </odoo>

clouder_template_red_october/data/image.xml

@@ -9,7 +9,7 @@
         <field name="template_ids"
                eval="[(4, [ref('image_template_redoctober_data')])]"
                />
-        <field name="parent_from">lasley/redoctober-data</field>
+        <field name="parent_from">clouder/base:3.4</field>
     </record>
 
     <record id="image_redoctober_exec" model="clouder.image">

clouder_template_red_october/data/image_port.xml

@@ -8,8 +8,16 @@
             model="clouder.image.port"
             >
         <field name="template_id" ref="image_template_redoctober_exec" />
-        <field name="name">redoctober-http</field>
-        <field name="local_port">8888</field>
+        <field name="name">https</field>
+        <field name="local_port">8080</field>
+    </record>
+
+    <record id="image_port_redoctober_comm"
+            model="clouder.image.port"
+            >
+        <field name="template_id" ref="image_template_redoctober_exec" />
+        <field name="name">comm</field>
+        <field name="local_port">8081</field>
     </record>
 
 </odoo>

clouder_template_red_october/data/image_volume.xml

@@ -8,9 +8,9 @@
             model="clouder.image.volume"
             >
         <field name="template_id" ref="image_template_redoctober_data" />
-        <field name="name">cert_store</field>
-        <field name="localpath">/var/pki</field>
-        <field name="user">root</field>
+        <field name="name">data</field>
+        <field name="localpath">/var/lib/redoctober/data</field>
+        <field name="user">redoctober</field>
     </record>
 
 </odoo>

clouder_template_red_october/images/exec/Dockerfile

@@ -1,7 +1,6 @@
 FROM clouder/base:3.4
 MAINTAINER Dave Lasley <[email protected]>
 
-
 RUN groupadd -r redoctober --gid=999 && useradd -r -g redoctober --uid=999 redoctober
 
 # Install Build Dependencies
@@ -17,21 +16,18 @@ ENV buildDeps "build-base \
 RUN apk add --no-cache $buildDeps
 
 # Install Red October
-
 RUN git clone --depth=1 https://github.com/cloudflare/redoctober.git /go/src/github.com/cloudflare/redoctober
-
 RUN go install github.com/cloudflare/redoctober
 
-EXPOSE 8080 8081
-ENV RO_CERTS=/var/lib/redoctober/data/server.crt \
-    RO_KEYS=/var/lib/redoctober/data/server.pem \
-    RO_DATA=/var/lib/redoctober/data \
-    RO_CERTPASSWD=password \
-    RO_COMMONNAME=localhost
+# Setup Environment
+ENV RO_DATA=/var/lib/redoctober/data \
+    RO_CERTS=$RO_DATA/server.crt \
+    RO_KEYS=$RO_DATA/server.pem
 
 ENTRYPOINT ["/go/src/github.com/cloudflare/redoctober/scripts/docker-entrypoint.sh"]
+
 CMD ["redoctober", \
     "-addr=:8080", \
-    "-vaultpath=/var/lib/redoctober/data/diskrecord.json", \
-    "-certs=/var/lib/redoctober/data/server.crt", \
-    "-keys=/var/lib/redoctober/data/server.pem"]
+    "-vaultpath=$RO_DATA/diskrecord.json", \
+    "-certs=$RO_CERTS", \
+    "-keys=$RO_KEYS"]

clouder_template_red_october/models/__init__.py

@@ -0,0 +1,5 @@
+# -*- coding: utf-8 -*-
+# Copyright 2016 LasLabs Inc.
+# License LGPL-3.0 or later (http://www.gnu.org/licenses/lgpl.html).
+
+from . import container

clouder_template_red_october/models/container.py

@@ -0,0 +1,18 @@
+# -*- coding: utf-8 -*-
+# Copyright 2016 LasLabs Inc.
+# License LGPL-3.0 or later (http://www.gnu.org/licenses/lgpl.html).
+
+from odoo import api, models
+
+
+class ClouderContainer(models.Model):
+    _inherit = 'clouder.container'
+
+    @api.multi
+    def deploy_post(self):
+        super(ClouderContainer, self).deploy_post()
+        for record in self:
+            if record.application_id.type_id.name == 'redoctober':
+                if record.application_id.code == 'data':
+                    # @TODO: Create a CSR, sign it with the CA, execute echo
+                    pass