821675ab4a
Specs stay at repo root (cross-VM). Move deploy and code into logical projects with README per domain, updated manifest.yaml, and symlinks at legacy paths for VM122 backward compatibility.
55 lines
1.3 KiB
Python
55 lines
1.3 KiB
Python
"""Run all read-only audit checks for a tenant domain."""
|
|
|
|
from __future__ import annotations
|
|
|
|
from typing import Any
|
|
|
|
from . import dns, vm112, webmail
|
|
|
|
CHECK_LABELS = {
|
|
"carbonio": "Carbonio domain",
|
|
"nginx_vhost": "carbonio-nginx vhost",
|
|
"cert_le": "Let's Encrypt certificate",
|
|
"dns_mx": "MX record",
|
|
"dns_spf": "SPF",
|
|
"dns_dkim": "DKIM",
|
|
"dns_dmarc": "DMARC",
|
|
"webmail_http": "Webmail HTTPS",
|
|
}
|
|
|
|
TENANT_API_BASE = {
|
|
1: None, # filled from env in run_audit
|
|
}
|
|
|
|
|
|
def run_audit(
|
|
tenant_id: int,
|
|
domain: str,
|
|
*,
|
|
vm112_api: str | None = None,
|
|
mail_public_ip: str | None = None,
|
|
) -> dict[str, dict[str, Any]]:
|
|
domain = domain.lower().strip()
|
|
results: dict[str, dict[str, Any]] = {}
|
|
|
|
if tenant_id == 1:
|
|
api_base = vm112_api or "http://10.10.10.112:8090"
|
|
results.update(vm112.collect(domain, api_base))
|
|
|
|
results.update(dns.collect(domain, mail_public_ip=mail_public_ip))
|
|
results.update(webmail.collect(domain))
|
|
|
|
for check_id, label in CHECK_LABELS.items():
|
|
results.setdefault(
|
|
check_id,
|
|
{
|
|
"check_id": check_id,
|
|
"label": label,
|
|
"status": "skip",
|
|
"message": "Check not run",
|
|
"evidence": {},
|
|
},
|
|
)
|
|
results[check_id]["label"] = label
|
|
|
|
return results
|