snappy-hwe-snaps

Merge ~teknoraver/snappy-hwe-snaps/+git/wifi-ap:master into ~snappy-hwe-team/snappy-hwe-snaps/+git/wifi-ap:master

Git
lp:~teknoraver/snappy-hwe-snaps/+git/wifi-ap
master
Merge into master

Proposed by Matteo Croce on 2016-11-29

Status:	Superseded
Proposed branch:	~teknoraver/snappy-hwe-snaps/+git/wifi-ap:master
Merge into:	~snappy-hwe-team/snappy-hwe-snaps/+git/wifi-ap:master
Diff against target:	2417 lines (+1506/-604) 27 files modified MAINTAINERS (+1/-0) README.md (+35/-0) bin/ap.sh (+31/-9) bin/first-config.sh (+25/-0) bin/helper.sh (+1/-2) cmd/client/client.go (+5/-0) cmd/client/cmd_config.go (+4/-12) cmd/client/cmd_status.go (+58/-0) cmd/client/utils.go (+33/-0) cmd/service/api.go (+176/-0) cmd/service/api_test.go (+344/-0) cmd/service/background_process.go (+138/-0) cmd/service/background_process_test.go (+36/-0) cmd/service/config.go (+140/-0) cmd/service/config_test.go (+66/-0) cmd/service/main.go (+11/-266) cmd/service/response.go (+73/-0) cmd/service/response_test.go (+47/-0) cmd/service/service.go (+159/-0) dev/null (+0/-298) snapcraft.yaml (+14/-8) tests/lib/prepare-all.sh (+7/-0) tests/lib/restore-each.sh (+0/-3) tests/main/background-process-control/task.yaml (+46/-0) tests/main/default-conf-brings-up-ap/task.yaml (+0/-3) tests/main/stress-ap-status-control/task.yaml (+49/-0) tests/main/utf8-ssid/task.yaml (+7/-3)
Related bugs:	Link a bug report

Reviewer	Review Type	Date Requested	Status
System Enablement Bot	continuous-integration	2016-11-29	Approve on 2016-11-29
Review via email: mp+312061@code.launchpad.net

This proposal has been superseded by a proposal from 2016-11-29.

Description of the change

run wizaard of first boot

Revision history for this message

System Enablement Bot (system-enablement-ci-bot) wrote on 2016-11-29:

FAILED: Continuous integration, rev:93e735e85a5888659598f8ce31cc87ff5dc53203
https://jenkins.canonical.com/system-enablement/job/generic-build-snap/402/
Executed test runs:
FAILURE: https://jenkins.canonical.com/system-enablement/job/generic-run-snap-spread-tests/148/console
None: https://jenkins.canonical.com/system-enablement/job/generic-update-snap-mp/310/console

Click here to trigger a rebuild:
https://jenkins.canonical.com/system-enablement/job/generic-build-snap/402/rebuild

review: Needs Fixing (continuous-integration)

Revision history for this message

System Enablement Bot (system-enablement-ci-bot) wrote on 2016-11-29:

PASSED: Continuous integration, rev:93e735e85a5888659598f8ce31cc87ff5dc53203
https://jenkins.canonical.com/system-enablement/job/generic-build-snap/403/
Executed test runs:
SUCCESS: https://jenkins.canonical.com/system-enablement/job/generic-run-snap-spread-tests/149
None: https://jenkins.canonical.com/system-enablement/job/generic-update-snap-mp/311/console

Click here to trigger a rebuild:
https://jenkins.canonical.com/system-enablement/job/generic-build-snap/403/rebuild

review: Approve (continuous-integration)

Unmerged commits

93e735e... by Matteo Croce on 2016-11-29

run wizard --auto on first boot

0871e0a... by Simon Fels on 2016-11-29

Set SSID before enabling the access point

5f4d419... by Simon Fels on 2016-11-29

Use higher number of iterations for stress test an check process count

19c64ab... by Simon Fels on 2016-11-29

Kill the whole process group instead of just the main process

31520f4... by Simon Fels on 2016-11-29

Mark stress test as manual only for now

The test isn't stable yet and requires some more changes in the
process management infrastructure.

60a3f50... by Simon Fels on 2016-11-28

Add stress test for new background process infrastructure

f5f7fbf... by Simon Fels on 2016-11-28

Don't rebuild wifi-ap snap when already build locally

649c860... by Simon Fels on 2016-11-28

Respect review comments

c90122c... by Simon Fels on 2016-11-25

Add missing absolute path to wifi-ap command

25734ea... by Simon Fels on 2016-11-25

Fix UTF8 SSID test case

Preview Diff

[H/L] Next/Prev Comment, [J/K] Next/Prev File, [N/P] Next/Prev Hunk

Subscribers

People subscribed via source and target branches

to all changes:

Matteo Croce

Snappy HWE Team

 diff --git a/MAINTAINERS b/MAINTAINERS
 index 420159f..1fed46c 100644
 --- a/MAINTAINERS
 +++ b/MAINTAINERS
@@ -1 +1,2 @@
  Simon Fels <simon.fels@canonical.com>
++Matteo Croce <matteo.croce@canonical.com>
 diff --git a/README.md b/README.md
 index 3c89bcd..1a49a98 100644
 --- a/README.md
 +++ b/README.md
@@ -5,6 +5,41 @@ This snap provided WiFi AP functionality out of the box.
  Documentation is currently available at
  https://docs.google.com/document/d/1vNu3fBqpOkBkjv_Vs9NZyTv50vOEfugrQqgxD0_f0rE/edit#
++## Development
++
++To modify any of the included services written in Go you need setup
++your build environment first.
++
++```
++ $ snapcraft clean
++ $ snapcraft
++```
++
++Now we need to export the GOPATH and point it to the directory
++snapcraft already created for us.
++
++```
++ $ export GOPATH=$PWD/parts/management-service/go
++```
++
++Now you can build the management-service by running
++
++```
++ $ cd cmd/service
++ $ go build -o management-service *.go
++```
++
++If you want to start it afterwards outside of a snap environment you
++need to setup the right environment variables.
++
++```
++ # Needs to be the top source dir which contains the snapcraft.yaml
++ $ export SNAP=`pwd`
++ $ mkdir tmp-data
++ $ export SNAP_DATA=$PWD/tmp-data
++ $ cmd/service/management-service
++```
++
  ## Running tests
  We have a set of spread (https://github.com/snapcore/spread) tests which
 diff --git a/bin/ap.sh b/bin/ap.sh
 index 54c12ac..be8dac4 100755
 --- a/bin/ap.sh
 +++ b/bin/ap.sh
@@ -39,10 +39,18 @@ if ! ifconfig $WIFI_INTERFACE ; then
  fi
  cleanup_on_exit() {
++	read HOSTAPD_PID <$SNAP_DATA/hostapd.pid
++	if [ -n "$HOSTAPD_PID" ] ; then
++		kill -TERM $HOSTAPD_PID || true
++		wait $HOSTAPD_PID
++	fi
++
  	read DNSMASQ_PID <$SNAP_DATA/dnsmasq.pid
--	# If dnsmasq is already gone don't error out here
--	kill -TERM $DNSMASQ_PID || true
--	wait $DNSMASQ_PID
++	if [ -n "$DNSMASQ_PID" ] ; then
++		# If dnsmasq is already gone don't error out here
++		kill -TERM $DNSMASQ_PID || true
++		wait $DNSMASQ_PID
++	fi
  	iface=$WIFI_INTERFACE
  	if [ "$WIFI_INTERFACE_MODE" = "virtual" ] ; then
@@ -56,18 +64,22 @@ cleanup_on_exit() {
  		sysctl -w net.ipv4.ip_forward=0
  	fi
--	if [ "$WIFI_INTERFACE_MODE" = "virtual" ] && does_interface_exist $iface ; then
--		$SNAP/bin/iw dev $iface del
--	fi
--
  	if is_nm_running ; then
  		# Hand interface back to network-manager. This will also trigger the
  		# auto connection process inside network-manager to get connected
  		# with the previous network.
  		$SNAP/bin/nmcli d set $iface managed yes
  	fi
++
++	if [ "$WIFI_INTERFACE_MODE" = "virtual" ] ; then
++		$SNAP/bin/iw dev $iface del
++	fi
+ }
++# We need to install this right before we do anything to
++# ensure that we cleanup everything again when we termiante.
++trap cleanup_on_exit TERM
++
  iface=$WIFI_INTERFACE
  if [ "$WIFI_INTERFACE_MODE" = "virtual" ] ; then
  	iface=$DEFAULT_ACCESS_POINT_INTERFACE
@@ -139,7 +151,13 @@ if [ $SHARE_DISABLED -eq 0 ] ; then
  fi
  generate_dnsmasq_config $SNAP_DATA/dnsmasq.conf
--$SNAP/bin/dnsmasq -k -C $SNAP_DATA/dnsmasq.conf -l $SNAP_DATA/dnsmasq.leases -x $SNAP_DATA/dnsmasq.pid &
++$SNAP/bin/dnsmasq \
++	-k \
++	-C $SNAP_DATA/dnsmasq.conf \
++	-l $SNAP_DATA/dnsmasq.leases \
++	-x $SNAP_DATA/dnsmasq.pid \
++	-u root -g root \
++	&
  driver=$WIFI_HOSTAPD_DRIVER
  if [ "$driver" = "rtl8188" ] ; then
@@ -219,6 +237,10 @@ case "$WIFI_HOSTAPD_DRIVER" in
  esac
  # Startup hostapd with the configuration we've put in place
--$hostapd $EXTRA_ARGS $SNAP_DATA/hostapd.conf
++$hostapd $EXTRA_ARGS $SNAP_DATA/hostapd.conf &
++hostapd_pid=$!
++echo $hostapd_pid > $SNAP_DATA/hostapd.pid
++wait $hostapd_pid
++
  cleanup_on_exit
  exit 0
 diff --git a/bin/first-config.sh b/bin/first-config.sh
 new file mode 100755
 index 0000000..fd1665b
 --- /dev/null
 +++ b/bin/first-config.sh
@@ -0,0 +1,25 @@
++#!/bin/sh
++#
++# Copyright (C) 2015, 2016 Canonical Ltd
++#
++# This program is free software: you can redistribute it and/or modify
++# it under the terms of the GNU General Public License version 3 as
++# published by the Free Software Foundation.
++#
++# This program is distributed in the hope that it will be useful,
++# but WITHOUT ANY WARRANTY; without even the implied warranty of
++# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
++# GNU General Public License for more details.
++#
++# You should have received a copy of the GNU General Public License
++# along with this program.  If not, see <http://www.gnu.org/licenses/>.
++
++set -x
++
++[ -f "$SNAP_DATA/conf/config" ] && exit 0
++
++while ! /snap/bin/wifi-ap.status; do
++	sleep .5
++done
++
++exec /snap/bin/wifi-ap.setup-wizard wizard --auto
 diff --git a/bin/helper.sh b/bin/helper.sh
 index 718a2d6..4a557d6 100644
 --- a/bin/helper.sh
 +++ b/bin/helper.sh
@@ -56,6 +56,5 @@ generate_dnsmasq_config() {
  is_nm_running() {
  	nm_status=`$SNAP/bin/nmcli -t -f RUNNING general`
--	[ "$nm_status" = "running" ] && return 1
--	return 0
++	[ "$nm_status" = "running" ]
+ }
 diff --git a/cmd/client/client.go b/cmd/client/client.go
 index 0a770d7..ec8bb76 100644
 --- a/cmd/client/client.go
 +++ b/cmd/client/client.go
@@ -25,6 +25,7 @@ import (
  const (
  	servicePort        = 5005
  	configurationV1Uri = "/v1/configuration"
++	statusV1Uri        = "/v1/status"
+ )
  type serviceResponse struct {
@@ -38,6 +39,10 @@ func getServiceConfigurationURI() string {
  	return fmt.Sprintf("http://localhost:%d%s", servicePort, configurationV1Uri)
+ }
++func getServiceStatusURI() string {
++	return fmt.Sprintf("http://localhost:%d%s", servicePort, statusV1Uri)
++}
++
  type doer interface {
  	Do(*http.Request) (*http.Response, error)
+ }
 diff --git a/cmd/client/cmd_config.go b/cmd/client/cmd_config.go
 index 8a82f4a..f0d6b4c 100644
 --- a/cmd/client/cmd_config.go
 +++ b/cmd/client/cmd_config.go
@@ -20,7 +20,6 @@ import (
  	"encoding/json"
  	"fmt"
  	"os"
--	"sort"
+ )
  type setCommand struct{}
@@ -58,14 +57,7 @@ func (cmd *getCommand) Execute(args []string) error {
  			return fmt.Errorf("Config item '%s' does not exist", wantedKey)
+ 		}
  	} else {
--		sortedKeys := make([]string, 0, len(response.Result))
--		for key, _ := range response.Result {
--			sortedKeys = append(sortedKeys, key)
--		}
--		sort.Strings(sortedKeys)
--		for n := range sortedKeys {
--			fmt.Fprintf(os.Stdout, "%s: %s\n", sortedKeys[n], response.Result[sortedKeys[n]])
--		}
++		printMapSorted(response.Result)
+ 	}
  	return nil
@@ -78,7 +70,7 @@ func (cmd *configCommand) Execute(args []string) error {
+ }
  func init() {
--	cmdConfig, _ := addCommand("config", "Adjust the service configuration", "", &configCommand{})
--	cmdConfig.AddCommand("set", "", "", &setCommand{})
--	cmdConfig.AddCommand("get", "", "", &getCommand{})
++	cmd, _ := addCommand("config", "Adjust the service configuration", "", &configCommand{})
++	cmd.AddCommand("set", "", "", &setCommand{})
++	cmd.AddCommand("get", "", "", &getCommand{})
+ }
 diff --git a/cmd/client/cmd_status.go b/cmd/client/cmd_status.go
 new file mode 100644
 index 0000000..e120e47
 --- /dev/null
 +++ b/cmd/client/cmd_status.go
@@ -0,0 +1,58 @@
++//
++// Copyright (C) 2016 Canonical Ltd
++//
++// This program is free software: you can redistribute it and/or modify
++// it under the terms of the GNU General Public License version 3 as
++// published by the Free Software Foundation.
++//
++// This program is distributed in the hope that it will be useful,
++// but WITHOUT ANY WARRANTY; without even the implied warranty of
++// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
++// GNU General Public License for more details.
++//
++// You should have received a copy of the GNU General Public License
++// along with this program.  If not, see <http://www.gnu.org/licenses/>.
++
++package main
++
++import (
++	"bytes"
++	"encoding/json"
++)
++
++type restartCommand struct{}
++
++func (cmd *restartCommand) Execute(args []string) error {
++	req := make(map[string]string)
++	req["action"] = "restart-ap"
++
++	b, err := json.Marshal(req)
++	if err != nil {
++		return err
++	}
++
++	_, err = sendHTTPRequest(getServiceStatusURI(), "POST", bytes.NewReader(b))
++	if err != nil {
++		return err
++	}
++
++	return nil
++}
++
++type statusCommand struct{}
++
++func (cmd *statusCommand) Execute(args []string) error {
++	response, err := sendHTTPRequest(getServiceStatusURI(), "GET", nil)
++	if err != nil {
++		return err
++	}
++	printMapSorted(response.Result)
++	return nil
++}
++
++func init() {
++	cmd, _ := addCommand("status", "Show various status information about the access point", "", &statusCommand{})
++	cmd.SubcommandsOptional = true
++
++	cmd.AddCommand("restart-ap", "Restart access point", "", &restartCommand{})
++}
 diff --git a/cmd/client/utils.go b/cmd/client/utils.go
 new file mode 100644
 index 0000000..f5c55a3
 --- /dev/null
 +++ b/cmd/client/utils.go
@@ -0,0 +1,33 @@
++//
++// Copyright (C) 2016 Canonical Ltd
++//
++// This program is free software: you can redistribute it and/or modify
++// it under the terms of the GNU General Public License version 3 as
++// published by the Free Software Foundation.
++//
++// This program is distributed in the hope that it will be useful,
++// but WITHOUT ANY WARRANTY; without even the implied warranty of
++// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
++// GNU General Public License for more details.
++//
++// You should have received a copy of the GNU General Public License
++// along with this program.  If not, see <http://www.gnu.org/licenses/>.
++
++package main
++
++import (
++	"fmt"
++	"os"
++	"sort"
++)
++
++func printMapSorted(m map[string]string) {
++	sortedKeys := make([]string, 0, len(m))
++	for key, _ := range m {
++		sortedKeys = append(sortedKeys, key)
++	}
++	sort.Strings(sortedKeys)
++	for _, k := range sortedKeys {
++		fmt.Fprintf(os.Stdout, "%s: %s\n", k, m[k])
++	}
++}
 diff --git a/cmd/service/api.go b/cmd/service/api.go
 new file mode 100644
 index 0000000..5c4c6fd
 --- /dev/null
 +++ b/cmd/service/api.go
@@ -0,0 +1,176 @@
++//
++// Copyright (C) 2016 Canonical Ltd
++//
++// This program is free software: you can redistribute it and/or modify
++// it under the terms of the GNU General Public License version 3 as
++// published by the Free Software Foundation.
++//
++// This program is distributed in the hope that it will be useful,
++// but WITHOUT ANY WARRANTY; without even the implied warranty of
++// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
++// GNU General Public License for more details.
++//
++// You should have received a copy of the GNU General Public License
++// along with this program.  If not, see <http://www.gnu.org/licenses/>.
++
++package main
++
++import (
++	"encoding/json"
++	"fmt"
++	"io/ioutil"
++	"net/http"
++	"os"
++)
++
++var api = []*serviceCommand{
++	configurationCmd,
++	statusCmd,
++}
++
++var (
++	configurationCmd = &serviceCommand{
++		Path: "/v1/configuration",
++		GET:  getConfiguration,
++		POST: postConfiguration,
++	}
++	statusCmd = &serviceCommand{
++		Path: "/v1/status",
++		GET:  getStatus,
++		POST: postStatus,
++	}
++	validTokens map[string]bool
++)
++
++func getConfiguration(c *serviceCommand, writer http.ResponseWriter, request *http.Request) {
++	config := make(map[string]string)
++	if err := readConfiguration(configurationPaths, config); err == nil {
++		sendHTTPResponse(writer, makeResponse(http.StatusOK, config))
++	} else {
++		resp := makeErrorResponse(http.StatusInternalServerError, "Failed to read configuration data", "internal-error")
++		sendHTTPResponse(writer, resp)
++	}
++}
++
++func postConfiguration(c *serviceCommand, writer http.ResponseWriter, request *http.Request) {
++	path := getConfigOnPath(os.Getenv("SNAP_DATA"))
++	config := map[string]string{}
++	if readConfiguration([]string{path}, config) != nil {
++		resp := makeErrorResponse(http.StatusInternalServerError,
++			"Failed to read existing configuration file", "internal-error")
++		sendHTTPResponse(writer, resp)
++		return
++	}
++
++	if validTokens == nil || len(validTokens) == 0 {
++		errResponse := makeErrorResponse(http.StatusInternalServerError, "No default configuration file available", "internal-error")
++		sendHTTPResponse(writer, errResponse)
++		return
++	}
++
++	file, err := os.Create(path)
++	if err != nil {
++		resp := makeErrorResponse(http.StatusInternalServerError, "Can't write configuration file", "internal-error")
++		sendHTTPResponse(writer, resp)
++		return
++	}
++	defer file.Close()
++
++	body, err := ioutil.ReadAll(request.Body)
++	if err != nil {
++		resp := makeErrorResponse(http.StatusInternalServerError, "Error reading the request body", "internal-error")
++		sendHTTPResponse(writer, resp)
++		return
++	}
++
++	var items map[string]string
++	if err = json.Unmarshal(body, &items); err != nil {
++		resp := makeErrorResponse(http.StatusInternalServerError, "Malformed request", "internal-error")
++		sendHTTPResponse(writer, resp)
++		return
++	}
++
++	// Add the items in the config, but only if all are in the whitelist
++	for key, value := range items {
++		if _, present := validTokens[key]; !present {
++			errResponse := makeErrorResponse(http.StatusInternalServerError, `Invalid key "`+key+`"`, "internal-error")
++			sendHTTPResponse(writer, errResponse)
++			return
++		}
++		config[key] = value
++	}
++
++	for key, value := range config {
++		key = convertKeyToStorageFormat(key)
++		value = escapeTextForShell(value)
++		file.WriteString(fmt.Sprintf("%s=%s\n", key, value))
++	}
++
++	if err := restartAccessPoint(c); err != nil {
++		resp := makeErrorResponse(http.StatusInternalServerError, "Failed to restart AP process", "internal-error")
++		sendHTTPResponse(writer, resp)
++		return
++	}
++
++	sendHTTPResponse(writer, makeResponse(http.StatusOK, nil))
++}
++
++func restartAccessPoint(c *serviceCommand) error {
++	if c.s.ap != nil {
++		// Now that we have all configuration changes successfully applied
++		// we can safely restart the service.
++		if err := c.s.ap.Restart(); err != nil {
++			return err
++		}
++	}
++	return nil
++}
++
++func getStatus(c *serviceCommand, writer http.ResponseWriter, request *http.Request) {
++	status := make(map[string]string)
++
++	status["ap.active"] = "0"
++	if c.s.ap != nil && c.s.ap.Running() {
++		status["ap.active"] = "1"
++	}
++
++	sendHTTPResponse(writer, makeResponse(http.StatusOK, status))
++}
++
++func postStatus(c *serviceCommand, writer http.ResponseWriter, request *http.Request) {
++	body, err := ioutil.ReadAll(request.Body)
++	if err != nil {
++		resp := makeErrorResponse(http.StatusInternalServerError, "Error reading the request body", "internal-error")
++		sendHTTPResponse(writer, resp)
++		return
++	}
++
++	var items map[string]string
++	if json.Unmarshal(body, &items) != nil {
++		resp := makeErrorResponse(http.StatusInternalServerError, "Malformed request", "internal-error")
++		sendHTTPResponse(writer, resp)
++		return
++	}
++
++	action, ok := items["action"]
++	if !ok {
++		resp := makeErrorResponse(http.StatusInternalServerError, "Mailformed request", "internal-error")
++		sendHTTPResponse(writer, resp)
++		return
++	}
++
++	switch action {
++	case "restart-ap":
++		if err = restartAccessPoint(c); err != nil {
++			resp := makeErrorResponse(http.StatusInternalServerError, "Failed to restart AP process", "internal-error")
++			sendHTTPResponse(writer, resp)
++			return
++		}
++
++		resp := makeResponse(http.StatusOK, nil)
++		sendHTTPResponse(writer, resp)
++	}
++
++	resp := makeErrorResponse(http.StatusInternalServerError, "Invalid request", "internal-error")
++	sendHTTPResponse(writer, resp)
++}
 diff --git a/cmd/service/api_test.go b/cmd/service/api_test.go
 new file mode 100644
 index 0000000..433843b
 --- /dev/null
 +++ b/cmd/service/api_test.go
@@ -0,0 +1,344 @@
++//
++// Copyright (C) 2016 Canonical Ltd
++//
++// This program is free software: you can redistribute it and/or modify
++// it under the terms of the GNU General Public License version 3 as
++// published by the Free Software Foundation.
++//
++// This program is distributed in the hope that it will be useful,
++// but WITHOUT ANY WARRANTY; without even the implied warranty of
++// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
++// GNU General Public License for more details.
++//
++// You should have received a copy of the GNU General Public License
++// along with this program.  If not, see <http://www.gnu.org/licenses/>.
++
++package main
++
++import (
++	"bytes"
++	"encoding/json"
++	"io/ioutil"
++	"net/http"
++	"net/http/httptest"
++	"os"
++	"path/filepath"
++	"strings"
++	"testing"
++
++	"gopkg.in/check.v1"
++)
++
++// gopkg.in/check.v1 stuff
++func Test(t *testing.T) { check.TestingT(t) }
++
++type S struct{}
++
++var _ = check.Suite(&S{})
++
++type mockBackgroundProcess struct {
++	running bool
++}
++
++func (p *mockBackgroundProcess) Start() error {
++	p.running = true
++	return nil
++}
++
++func (p *mockBackgroundProcess) Stop() error {
++	p.running = false
++	return nil
++}
++
++func (p *mockBackgroundProcess) Restart() error {
++	p.running = true
++	return nil
++}
++
++func (p *mockBackgroundProcess) Running() bool {
++	return p.running
++}
++
++func newMockServiceCommand() *serviceCommand {
++	return &serviceCommand{
++		s: &service{
++			ap: &mockBackgroundProcess{},
++		},
++	}
++}
++
++func (s *S) TestGetConfiguration(c *check.C) {
++	// Check it we get a valid JSON as configuration
++	req, err := http.NewRequest(http.MethodGet, "/v1/configuration", nil)
++	c.Assert(err, check.IsNil)
++
++	rec := httptest.NewRecorder()
++
++	cmd := newMockServiceCommand()
++	getConfiguration(cmd, rec, req)
++
++	body, err := ioutil.ReadAll(rec.Body)
++	c.Assert(err, check.IsNil)
++
++	// Parse the returned JSON
++	var resp serviceResponse
++	err = json.Unmarshal(body, &resp)
++	c.Assert(err, check.IsNil)
++
++	// Check for 200 status code
++	c.Assert(resp.Status, check.Equals, http.StatusText(http.StatusOK))
++	c.Assert(resp.StatusCode, check.Equals, http.StatusOK)
++	c.Assert(resp.Type, check.Equals, "sync")
++}
++
++func (s *S) TestNoDefaultConfiguration(c *check.C) {
++	oldsnap := os.Getenv("SNAP")
++	os.Setenv("SNAP", "/nodir")
++	os.Setenv("SNAP_DATA", "/tmp")
++
++	req, err := http.NewRequest(http.MethodPost, "/v1/configuration", nil)
++	c.Assert(err, check.IsNil)
++
++	rec := httptest.NewRecorder()
++	cmd := newMockServiceCommand()
++
++	validTokens = nil
++
++	postConfiguration(cmd, rec, req)
++
++	c.Assert(rec.Code, check.Equals, http.StatusInternalServerError)
++
++	body, err := ioutil.ReadAll(rec.Body)
++	c.Assert(err, check.IsNil)
++
++	// Parse the returned JSON
++	var resp serviceResponse
++	err = json.Unmarshal(body, &resp)
++	c.Assert(err, check.IsNil)
++
++	// Check for 500 status code and other error fields
++	c.Assert(resp.Status, check.Equals, http.StatusText(http.StatusInternalServerError))
++	c.Assert(resp.StatusCode, check.Equals, http.StatusInternalServerError)
++	c.Assert(resp.Type, check.Equals, "error")
++	c.Assert(resp.Result["kind"], check.Equals, "internal-error")
++	c.Assert(resp.Result["message"], check.Equals, "No default configuration file available")
++
++	os.Setenv("SNAP", oldsnap)
++}
++
++func (s *S) TestWriteError(c *check.C) {
++	// Test a non writable path:
++	os.Setenv("SNAP_DATA", "/nodir")
++
++	req, err := http.NewRequest(http.MethodPost, "/v1/configuration", nil)
++	c.Assert(err, check.IsNil)
++
++	rec := httptest.NewRecorder()
++	cmd := newMockServiceCommand()
++
++	validTokens, err = loadValidTokens(filepath.Join(os.Getenv("SNAP"), "/conf/default-config"))
++	c.Assert(validTokens, check.NotNil)
++	c.Assert(err, check.IsNil)
++
++	postConfiguration(cmd, rec, req)
++
++	c.Assert(rec.Code, check.Equals, http.StatusInternalServerError)
++
++	body, err := ioutil.ReadAll(rec.Body)
++	c.Assert(err, check.IsNil)
++
++	// Parse the returned JSON
++	var resp serviceResponse
++	err = json.Unmarshal(body, &resp)
++	c.Assert(err, check.IsNil)
++
++	// Check for 500 status code and other error fields
++	c.Assert(resp.Status, check.Equals, http.StatusText(http.StatusInternalServerError))
++	c.Assert(resp.StatusCode, check.Equals, http.StatusInternalServerError)
++	c.Assert(resp.Type, check.Equals, "error")
++	c.Assert(resp.Result["kind"], check.Equals, "internal-error")
++	c.Assert(resp.Result["message"], check.Equals, "Can't write configuration file")
++}
++
++func (s *S) TestInvalidJSON(c *check.C) {
++	// Test an invalid JSON
++	os.Setenv("SNAP_DATA", "/tmp")
++	req, err := http.NewRequest(http.MethodPost, "/v1/configuration", strings.NewReader("not a JSON content"))
++	c.Assert(err, check.IsNil)
++
++	rec := httptest.NewRecorder()
++	cmd := newMockServiceCommand()
++
++	postConfiguration(cmd, rec, req)
++
++	c.Assert(rec.Code, check.Equals, http.StatusInternalServerError)
++
++	body, err := ioutil.ReadAll(rec.Body)
++	c.Assert(err, check.IsNil)
++
++	// Parse the returned JSON
++	resp := serviceResponse{}
++	err = json.Unmarshal(body, &resp)
++	c.Assert(err, check.IsNil)
++
++	// Check for 500 status code and other error fields
++	c.Assert(resp.Status, check.Equals, http.StatusText(http.StatusInternalServerError))
++	c.Assert(resp.StatusCode, check.Equals, http.StatusInternalServerError)
++	c.Assert(resp.Type, check.Equals, "error")
++	c.Assert(resp.Result["kind"], check.Equals, "internal-error")
++	c.Assert(resp.Result["message"], check.Equals, "Malformed request")
++}
++
++func (s *S) TestInvalidToken(c *check.C) {
++	// Test a succesful configuration set
++	// Values to be used in the config
++	values := map[string]string{
++		"wifi.security":            "wpa2",
++		"wifi.ssid":                "UbuntuAP",
++		"wifi.security-passphrase": "12345678",
++		"bad.token":                "xyz",
++	}
++
++	// Convert the map into JSON
++	args, err := json.Marshal(values)
++	c.Assert(err, check.IsNil)
++
++	req, err := http.NewRequest(http.MethodPost, "/v1/configuration", bytes.NewReader(args))
++	c.Assert(err, check.IsNil)
++
++	rec := httptest.NewRecorder()
++	cmd := newMockServiceCommand()
++
++	validTokens, err = loadValidTokens(filepath.Join(os.Getenv("SNAP"), "/conf/default-config"))
++	c.Assert(validTokens, check.NotNil)
++	c.Assert(err, check.IsNil)
++
++	// Do the request
++	postConfiguration(cmd, rec, req)
++
++	c.Assert(rec.Code, check.Equals, http.StatusInternalServerError)
++
++	// Read the result JSON
++	body, err := ioutil.ReadAll(rec.Body)
++	c.Assert(err, check.IsNil)
++
++	// Parse the returned JSON
++	resp := serviceResponse{}
++	err = json.Unmarshal(body, &resp)
++	c.Assert(err, check.IsNil)
++
++	// Check for 500 status code and other succesful fields
++	c.Assert(resp.Status, check.Equals, http.StatusText(http.StatusInternalServerError))
++	c.Assert(resp.StatusCode, check.Equals, http.StatusInternalServerError)
++	c.Assert(resp.Type, check.Equals, "error")
++}
++
++func (s *S) TestChangeConfiguration(c *check.C) {
++	// Values to be used in the config
++	values := map[string]string{
++		"disabled":                 "0",
++		"wifi.security":            "wpa2",
++		"wifi.ssid":                "UbuntuAP",
++		"wifi.security-passphrase": "12345678",
++	}
++
++	// Convert the map into JSON
++	args, err := json.Marshal(values)
++	c.Assert(err, check.IsNil)
++
++	req, err := http.NewRequest(http.MethodPost, "/v1/configuration", bytes.NewReader(args))
++	c.Assert(err, check.IsNil)
++
++	rec := httptest.NewRecorder()
++	cmd := newMockServiceCommand()
++
++	validTokens, err = loadValidTokens(filepath.Join(os.Getenv("SNAP"), "/conf/default-config"))
++	c.Assert(validTokens, check.NotNil)
++	c.Assert(err, check.IsNil)
++
++	// Do the request
++	postConfiguration(cmd, rec, req)
++
++	c.Assert(rec.Code, check.Equals, http.StatusOK)
++
++	// Read the result JSON
++	body, err := ioutil.ReadAll(rec.Body)
++	c.Assert(err, check.IsNil)
++
++	// Parse the returned JSON
++	resp := serviceResponse{}
++	err = json.Unmarshal(body, &resp)
++	c.Assert(err, check.IsNil)
++
++	// Check for 200 status code and other succesful fields
++	c.Assert(resp.Status, check.Equals, http.StatusText(http.StatusOK))
++	c.Assert(resp.StatusCode, check.Equals, http.StatusOK)
++	c.Assert(resp.Type, check.Equals, "sync")
++
++	// Read the generated config and check that values were set
++	config, err := ioutil.ReadFile(getConfigOnPath(os.Getenv("SNAP_DATA")))
++	c.Assert(err, check.IsNil)
++
++	for key, value := range values {
++		c.Assert(strings.Contains(string(config),
++			convertKeyToStorageFormat(key)+"="+value+"\n"),
++			check.Equals, true)
++	}
++
++	// As we've set 'disabled' to '0' above the AP should be active
++	// now as the configuration post request will trigger an automatic
++	// restart of the relevant background processes.
++	c.Assert(cmd.s.ap.Running(), check.Equals, true)
++
++	// Don't leave garbage in /tmp
++	os.Remove(getConfigOnPath(os.Getenv("SNAP_DATA")))
++}
++
++func (s *S) TestGetStatusDefaultOk(c *check.C) {
++	req, err := http.NewRequest(http.MethodGet, "/v1/status", nil)
++	c.Assert(err, check.IsNil)
++
++	rec := httptest.NewRecorder()
++
++	cmd := newMockServiceCommand()
++
++	getStatus(cmd, rec, req)
++
++	body, err := ioutil.ReadAll(rec.Body)
++	c.Assert(err, check.IsNil)
++
++	var resp serviceResponse
++	err = json.Unmarshal(body, &resp)
++	c.Assert(err, check.IsNil)
++
++	c.Assert(resp.Status, check.Equals, http.StatusText(http.StatusOK))
++	c.Assert(resp.StatusCode, check.Equals, http.StatusOK)
++	c.Assert(resp.Type, check.Equals, "sync")
++
++	c.Assert(resp.Result["ap.active"], check.Equals, "0")
++}
++
++func (s *S) TestGetStatusReturnsCorrectApStatus(c *check.C) {
++	req, err := http.NewRequest(http.MethodGet, "/v1/status", nil)
++	c.Assert(err, check.IsNil)
++
++	rec := httptest.NewRecorder()
++
++	cmd := newMockServiceCommand()
++	cmd.s.ap.Start()
++
++	getStatus(cmd, rec, req)
++
++	body, err := ioutil.ReadAll(rec.Body)
++	c.Assert(err, check.IsNil)
++
++	var resp serviceResponse
++	err = json.Unmarshal(body, &resp)
++	c.Assert(err, check.IsNil)
++
++	c.Assert(resp.Status, check.Equals, http.StatusText(http.StatusOK))
++	c.Assert(resp.StatusCode, check.Equals, http.StatusOK)
++	c.Assert(resp.Type, check.Equals, "sync")
++
++	c.Assert(resp.Result["ap.active"], check.Equals, "1")
++}
 diff --git a/cmd/service/background_process.go b/cmd/service/background_process.go
 new file mode 100644
 index 0000000..4b1d350
 --- /dev/null
 +++ b/cmd/service/background_process.go
@@ -0,0 +1,138 @@
++//
++// Copyright (C) 2016 Canonical Ltd
++//
++// This program is free software: you can redistribute it and/or modify
++// it under the terms of the GNU General Public License version 3 as
++// published by the Free Software Foundation.
++//
++// This program is distributed in the hope that it will be useful,
++// but WITHOUT ANY WARRANTY; without even the implied warranty of
++// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
++// GNU General Public License for more details.
++//
++// You should have received a copy of the GNU General Public License
++// along with this program.  If not, see <http://www.gnu.org/licenses/>.
++
++package main
++
++import (
++	"fmt"
++	"os"
++	"os/exec"
++	"syscall"
++	"time"
++
++	"gopkg.in/tomb.v2"
++)
++
++type backgroundProcessImpl struct {
++	path    string
++	args    []string
++	command *exec.Cmd
++	tomb    *tomb.Tomb
++}
++
++// BackgroundProcess provides control over a process running in the
++// background.
++type BackgroundProcess interface {
++	Start() error
++	Stop() error
++	Restart() error
++	Running() bool
++}
++
++func NewBackgroundProcess(path string, args ...string) (BackgroundProcess, error) {
++	p := &backgroundProcessImpl{
++		path:    path,
++		args:    args,
++		command: nil,
++	}
++	if p == nil {
++		return nil, fmt.Errorf("Failed to create background process")
++	}
++
++	return p, nil
++}
++
++func (p *backgroundProcessImpl) Start() error {
++	if p.Running() {
++		return fmt.Errorf("Background process is already running")
++	}
++
++	p.command = exec.Command(p.path, p.args...)
++	if p.command == nil {
++		return fmt.Errorf("Failed to create background process")
++	}
++
++	// Forward output to regular stdout/stderr
++	p.command.Stdout = os.Stdout
++	p.command.Stderr = os.Stderr
++
++	// Create a new process group
++	p.command.SysProcAttr = &syscall.SysProcAttr{Setpgid: true}
++
++	// We need to recreate the tomb here everytime as otherwise
++	// it will not cleanup its state from the last time.
++	p.tomb = &tomb.Tomb{}
++
++	c := make(chan int)
++	p.tomb.Go(func() error {
++		err := p.command.Start()
++		if err != nil {
++			fmt.Printf("Failed to execute process for binary '%s'", p.path)
++			return err
++		}
++		c <- 1
++		p.command.Wait()
++		p.command = nil
++		return nil
++	})
++
++	// Wait until the process is really started
++	_ = <-c
++
++	return nil
++}
++
++func (p *backgroundProcessImpl) Restart() error {
++	if err := p.Stop(); err != nil {
++		return err
++	}
++	if err := p.Start(); err != nil {
++		return err
++	}
++	return nil
++}
++
++func (p *backgroundProcessImpl) killProcess(signal syscall.Signal) error {
++	if p == nil || p.command == nil {
++		return fmt.Errorf("Process is not running")
++	}
++	// We need to kill the whole process group as otherwise some
++	// child processes are still around
++	pgid, err := syscall.Getpgid(p.command.Process.Pid)
++	if err == nil {
++		syscall.Kill(-pgid, signal)
++	} else {
++		syscall.Kill(p.command.Process.Pid, signal)
++	}
++	return nil
++}
++
++func (p *backgroundProcessImpl) Stop() error {
++	if !p.Running() {
++		return nil
++	}
++	timer := time.AfterFunc(10*time.Second, func() {
++		p.killProcess(syscall.SIGKILL)
++	})
++	p.killProcess(syscall.SIGTERM)
++	p.tomb.Kill(nil)
++	p.tomb.Wait()
++	timer.Stop()
++	return nil
++}
++
++func (p *backgroundProcessImpl) Running() bool {
++	return p.command != nil
++}
 diff --git a/cmd/service/background_process_test.go b/cmd/service/background_process_test.go
 new file mode 100644
 index 0000000..5ae9cd7
 --- /dev/null
 +++ b/cmd/service/background_process_test.go
@@ -0,0 +1,36 @@
++//
++// Copyright (C) 2016 Canonical Ltd
++//
++// This program is free software: you can redistribute it and/or modify
++// it under the terms of the GNU General Public License version 3 as
++// published by the Free Software Foundation.
++//
++// This program is distributed in the hope that it will be useful,
++// but WITHOUT ANY WARRANTY; without even the implied warranty of
++// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
++// GNU General Public License for more details.
++//
++// You should have received a copy of the GNU General Public License
++// along with this program.  If not, see <http://www.gnu.org/licenses/>.
++
++package main
++
++import (
++	"fmt"
++
++	"gopkg.in/check.v1"
++)
++
++func (s *S) TestBackgroundProcessStartStop(c *check.C) {
++	p, err := NewBackgroundProcess("/bin/sleep", "1000")
++	c.Assert(err, check.IsNil)
++	c.Assert(p.Running(), check.Equals, false)
++	c.Assert(p.Start(), check.IsNil)
++	c.Assert(p.Running(), check.Equals, true)
++	c.Assert(p.Stop(), check.IsNil)
++	c.Assert(p.Running(), check.Equals, false)
++	c.Assert(p.Restart(), check.IsNil)
++	c.Assert(p.Running(), check.Equals, true)
++	c.Assert(p.Start(), check.DeepEquals, fmt.Errorf("Background process is already running"))
++	c.Assert(p.Running(), check.Equals, true)
++}
 diff --git a/cmd/service/config.go b/cmd/service/config.go
 new file mode 100644
 index 0000000..bbc047e
 --- /dev/null
 +++ b/cmd/service/config.go
@@ -0,0 +1,140 @@
++//
++// Copyright (C) 2016 Canonical Ltd
++//
++// This program is free software: you can redistribute it and/or modify
++// it under the terms of the GNU General Public License version 3 as
++// published by the Free Software Foundation.
++//
++// This program is distributed in the hope that it will be useful,
++// but WITHOUT ANY WARRANTY; without even the implied warranty of
++// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
++// GNU General Public License for more details.
++//
++// You should have received a copy of the GNU General Public License
++// along with this program.  If not, see <http://www.gnu.org/licenses/>.
++
++package main
++
++import (
++	"bufio"
++	"fmt"
++	"os"
++	"path/filepath"
++	"regexp"
++	"strings"
++)
++
++func getConfigOnPath(path string) string {
++	return filepath.Join(path, "config")
++}
++
++// Array of paths where the config file can be found.
++// The first one is readonly, the others are writable
++// they are readed in order and the configuration is merged
++var configurationPaths = []string{
++	filepath.Join(os.Getenv("SNAP"), "conf", "default-config"),
++	getConfigOnPath(os.Getenv("SNAP_DATA")),
++	getConfigOnPath(os.Getenv("SNAP_USER_DATA"))}
++
++// Convert eg. WIFI_OPERATION_MODE to wifi.operation-mode
++func convertKeyToRepresentationFormat(key string) string {
++	newKey := strings.ToLower(key)
++	newKey = strings.Replace(newKey, "_", ".", 1)
++	return strings.Replace(newKey, "_", "-", -1)
++}
++
++func convertKeyToStorageFormat(key string) string {
++	// Convert eg. wifi.operation-mode to WIFI_OPERATION_MODE
++	newKey := strings.ToUpper(key)
++	newKey = strings.Replace(newKey, ".", "_", -1)
++	return strings.Replace(newKey, "-", "_", -1)
++}
++
++func readConfigurationFile(filePath string, config map[string]string) (err error) {
++	file, err := os.Open(filePath)
++	if err != nil {
++		return nil
++	}
++
++	defer file.Close()
++
++	for scanner := bufio.NewScanner(file); scanner.Scan(); {
++		// Ignore all empty or commented lines
++		if line := scanner.Text(); len(line) != 0 && line[0] != '#' {
++			// Line must be in the KEY=VALUE format
++			if parts := strings.Split(line, "="); len(parts) == 2 {
++				value := unescapeTextByShell(parts[1])
++				config[convertKeyToRepresentationFormat(parts[0])] = value
++			}
++		}
++	}
++
++	return nil
++}
++
++func readConfiguration(paths []string, config map[string]string) (err error) {
++	for _, location := range paths {
++		if readConfigurationFile(location, config) != nil {
++			return fmt.Errorf("Failed to read configuration file '%s'", location)
++		}
++	}
++
++	return nil
++}
++
++// Escape shell special characters, avoid injection
++// eg. SSID set to "My AP$(nc -lp 2323 -e /bin/sh)"
++// to get a root shell
++func escapeTextForShell(input string) string {
++	if strings.ContainsAny(input, "\\\"'`$\n\t #") {
++		input = strings.Replace(input, `\`, `\\`, -1)
++		input = strings.Replace(input, `"`, `\"`, -1)
++		input = strings.Replace(input, "`", "\\`", -1)
++		input = strings.Replace(input, `$`, `\$`, -1)
++
++		input = `"` + input + `"`
++	}
++	return input
++}
++
++// Do the reverse of escapeTextForShell() here
++// strip any \ followed by \$`"
++func unescapeTextByShell(input string) string {
++	input = strings.Trim(input, `"'`)
++	if strings.ContainsAny(input, "\\") {
++		re := regexp.MustCompile("\\\\([\\\\$\\`\\\"])")
++		input = re.ReplaceAllString(input, "$1")
++	}
++	return input
++}
++
++func loadValidTokens(path string) (map[string]bool, error) {
++	def, err := os.Open(path)
++	if err != nil {
++		return nil, err
++	}
++	defer def.Close()
++
++	tokens := map[string]bool{}
++
++	scanner := bufio.NewScanner(def)
++	for scanner.Scan() {
++		line := scanner.Text()
++
++		// Skip empty lines and comments
++		if len(line) == 0 || line[0] == '#' {
++			continue
++		}
++
++		// Get the substring before the '='
++		if eq := strings.IndexRune(line, '='); eq > 0 {
++			// Add the token to the whitelist, converted in our format
++			tokens[convertKeyToRepresentationFormat(line[:eq])] = true
++		}
++	}
++	if err := scanner.Err(); err != nil {
++		return nil, err
++	}
++
++	return tokens, nil
++}
 diff --git a/cmd/service/config_test.go b/cmd/service/config_test.go
 new file mode 100644
 index 0000000..9f59ea9
 --- /dev/null
 +++ b/cmd/service/config_test.go
@@ -0,0 +1,66 @@
++//
++// Copyright (C) 2016 Canonical Ltd
++//
++// This program is free software: you can redistribute it and/or modify
++// it under the terms of the GNU General Public License version 3 as
++// published by the Free Software Foundation.
++//
++// This program is distributed in the hope that it will be useful,
++// but WITHOUT ANY WARRANTY; without even the implied warranty of
++// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
++// GNU General Public License for more details.
++//
++// You should have received a copy of the GNU General Public License
++// along with this program.  If not, see <http://www.gnu.org/licenses/>.
++
++package main
++
++import (
++	"gopkg.in/check.v1"
++)
++
++// Test the config file path append routine
++func (s *S) TestPath(c *check.C) {
++	c.Assert(getConfigOnPath("/test"), check.Equals, "/test/config")
++}
++
++// List of tokens to be translated
++var cfgKeys = [...][2]string{
++	{"DISABLED", "disabled"},
++	{"WIFI_SSID", "wifi.ssid"},
++	{"WIFI_INTERFACE", "wifi.interface"},
++	{"WIFI_INTERFACE_MODE", "wifi.interface-mode"},
++	{"DHCP_RANGE_START", "dhcp.range-start"},
++	{"MYTOKEN", "mytoken"},
++	{"CFG_TOKEN", "cfg.token"},
++	{"MY_TOKEN$", "my.token$"},
++}
++
++// Test token conversion from internal format
++func (s *S) TestConvertKeyToRepresentationFormat(c *check.C) {
++	for _, st := range cfgKeys {
++		c.Assert(convertKeyToRepresentationFormat(st[0]), check.Equals, st[1])
++	}
++}
++
++// Test token conversion to internal format
++func (s *S) TestConvertKeyToStorageFormat(c *check.C) {
++	for _, st := range cfgKeys {
++		c.Assert(convertKeyToStorageFormat(st[1]), check.Equals, st[0])
++	}
++}
++
++// List of malicious tokens which needs to be escaped
++func (s *S) TestEscapeShell(c *check.C) {
++	cmds := [...][2]string{
++		{"my_ap", "my_ap"},
++		{`my ap`, `"my ap"`},
++		{`my "ap"`, `"my \"ap\""`},
++		{`$(ps ax)`, `"\$(ps ax)"`},
++		{"`ls /`", "\"\\`ls /\\`\""},
++		{`c:\dir`, `"c:\\dir"`},
++	}
++	for _, st := range cmds {
++		c.Assert(escapeTextForShell(st[0]), check.Equals, st[1])
++	}
++}
 diff --git a/cmd/service/main.go b/cmd/service/main.go
 index 0fd82e7..ae5e679 100644
 --- a/cmd/service/main.go
 +++ b/cmd/service/main.go
@@ -1,4 +1,3 @@
--//
  // Copyright (C) 2016 Canonical Ltd
  //
  // This program is free software: you can redistribute it and/or modify
@@ -16,277 +15,23 @@
  package main
  import (
--	"bufio"
--	"encoding/json"
--	"fmt"
--	"io/ioutil"
  	"log"
--	"net/http"
  	"os"
--	"path/filepath"
--	"regexp"
--	"strconv"
--	"strings"
--
--	"github.com/gorilla/mux"
--)
--
--/* JSON message format, as described here:
--{
--	"result": {
--		"key" : "val"
--	},
--	"status": "OK",
--	"status-code": 200,
--	"type": "sync"
--}
--*/
--
--type serviceResponse struct {
--	Result     map[string]string `json:"result"`
--	Status     string            `json:"status"`
--	StatusCode int               `json:"status-code"`
--	Type       string            `json:"type"`
--}
--
--func makeErrorResponse(code int, message, kind string) *serviceResponse {
--	return &serviceResponse{
--		Type:       "error",
--		Status:     http.StatusText(code),
--		StatusCode: code,
--		Result: map[string]string{
--			"message": message,
--			"kind":    kind,
--		},
--	}
--}
--
--func makeResponse(status int, result map[string]string) *serviceResponse {
--	resp := &serviceResponse{
--		Type:       "sync",
--		Status:     http.StatusText(status),
--		StatusCode: status,
--		Result:     result,
--	}
--
--	if resp.Result == nil {
--		resp.Result = make(map[string]string)
--	}
--
--	return resp
--}
--
--func sendHTTPResponse(writer http.ResponseWriter, response *serviceResponse) {
--	writer.WriteHeader(response.StatusCode)
--	data, _ := json.Marshal(response)
--	fmt.Fprintln(writer, string(data))
--}
--
--func getConfigOnPath(confPath string) string {
--	return filepath.Join(confPath, "config")
--}
--
--// Array of paths where the config file can be found.
--// The first one is readonly, the others are writable
--// they are readed in order and the configuration is merged
--var configurationPaths = []string{
--	filepath.Join(os.Getenv("SNAP"), "conf", "default-config"),
--	getConfigOnPath(os.Getenv("SNAP_DATA")),
--	getConfigOnPath(os.Getenv("SNAP_USER_DATA"))}
--
--const (
--	servicePort        = 5005
--	configurationV1Uri = "/v1/configuration"
++	"os/signal"
++	"syscall"
+ )
--var validTokens map[string]bool
--
--func loadValidTokens(path string) (map[string]bool, error) {
--	def, err := os.Open(path)
--	if err != nil {
--		return nil, err
--	}
--	defer def.Close()
--
--	tokens := map[string]bool{}
--
--	scanner := bufio.NewScanner(def)
--	for scanner.Scan() {
--		line := scanner.Text()
--
--		// Skip empty lines and comments
--		if len(line) == 0 || line[0] == '#' {
--			continue
--		}
--
--		// Get the substring before the '='
--		if eq := strings.IndexRune(line, '='); eq > 0 {
--			// Add the token to the whitelist, converted in our format
--			tokens[convertKeyToRepresentationFormat(line[:eq])] = true
--		}
--	}
--	if err := scanner.Err(); err != nil {
--		return nil, err
--	}
--
--	return tokens, nil
--}
--
  func main() {
--	r := mux.NewRouter().StrictSlash(true)
++	s := &service{}
--	var err error
--	if validTokens, err = loadValidTokens(filepath.Join(os.Getenv("SNAP"), "conf", "default-config")); err != nil {
--		log.Println("Failed to read default configuration:", err)
--	}
++	c := make(chan os.Signal, 1)
++	signal.Notify(c, syscall.SIGHUP, syscall.SIGINT, syscall.SIGTERM, syscall.SIGQUIT)
++	go func(s *service) {
++		_ = <-c
++		s.Shutdown()
++	}(s)
--	r.HandleFunc(configurationV1Uri, getConfiguration).Methods(http.MethodGet)
--	r.HandleFunc(configurationV1Uri, changeConfiguration).Methods(http.MethodPost)
--
--	log.Fatal(http.ListenAndServe("127.0.0.1:"+strconv.Itoa(servicePort), r))
--}
--
--// Convert eg. WIFI_OPERATION_MODE to wifi.operation-mode
--func convertKeyToRepresentationFormat(key string) string {
--	newKey := strings.ToLower(key)
--	newKey = strings.Replace(newKey, "_", ".", 1)
--	return strings.Replace(newKey, "_", "-", -1)
--}
--
--func convertKeyToStorageFormat(key string) string {
--	// Convert eg. wifi.operation-mode to WIFI_OPERATION_MODE
--	newKey := strings.ToUpper(key)
--	newKey = strings.Replace(newKey, ".", "_", -1)
--	return strings.Replace(newKey, "-", "_", -1)
--}
--
--func readConfigurationFile(filePath string, config map[string]string) (err error) {
--	file, err := os.Open(filePath)
--	if err != nil {
--		return nil
--	}
--
--	defer file.Close()
--
--	for scanner := bufio.NewScanner(file); scanner.Scan(); {
--		// Ignore all empty or commented lines
--		if line := scanner.Text(); len(line) != 0 && line[0] != '#' {
--			// Line must be in the KEY=VALUE format
--			if parts := strings.Split(line, "="); len(parts) == 2 {
--				key := convertKeyToRepresentationFormat(parts[0])
--				value := unescapeTextByShell(parts[1])
--				config[key] = value
--			}
--		}
--	}
--
--	return nil
--}
--
--func readConfiguration(paths []string, config map[string]string) (err error) {
--	for _, location := range paths {
--		if readConfigurationFile(location, config) != nil {
--			return fmt.Errorf(`Failed to read configuration file "%s"`, location)
--		}
++	if err := s.Run(); err != nil {
++		log.Fatalf("Failed to start service: %s", err)
+ 	}
--
--	return nil
--}
--
--func getConfiguration(writer http.ResponseWriter, request *http.Request) {
--	config := make(map[string]string)
--	if err := readConfiguration(configurationPaths, config); err == nil {
--		sendHTTPResponse(writer, makeResponse(http.StatusOK, config))
--	} else {
--		log.Println("Read configuration failed:", err)
--		errResponse := makeErrorResponse(http.StatusInternalServerError, "Failed to read configuration data", "internal-error")
--		sendHTTPResponse(writer, errResponse)
--	}
--}
--
--// Escape shell special characters, avoid injection
--// eg. SSID set to "My AP$(nc -lp 2323 -e /bin/sh)"
--// to get a root shell
--func escapeTextForShell(input string) string {
--	if strings.ContainsAny(input, "\\\"'`$\n\t #") {
--		input = strings.Replace(input, `\`, `\\`, -1)
--		input = strings.Replace(input, `"`, `\"`, -1)
--		input = strings.Replace(input, "`", "\\`", -1)
--		input = strings.Replace(input, `$`, `\$`, -1)
--
--		input = `"` + input + `"`
--	}
--	return input
--}
--
--// Do the reverse of escapeTextForShell() here
--// strip any \ followed by \$`"
--func unescapeTextByShell(input string) string {
--	input = strings.Trim(input, `"'`)
--	if strings.ContainsAny(input, "\\") {
--		re := regexp.MustCompile("\\\\([\\\\$\\`\\\"])")
--		input = re.ReplaceAllString(input, "$1")
--	}
--	return input
--}
--
--func changeConfiguration(writer http.ResponseWriter, request *http.Request) {
--	path := getConfigOnPath(os.Getenv("SNAP_DATA"))
--	config := map[string]string{}
--	if readConfiguration([]string{path}, config) != nil {
--		errResponse := makeErrorResponse(http.StatusInternalServerError,
--			"Failed to read existing configuration file", "internal-error")
--		sendHTTPResponse(writer, errResponse)
--		return
--	}
--
--	if validTokens == nil || len(validTokens) == 0 {
--		errResponse := makeErrorResponse(http.StatusInternalServerError, "No default configuration file available", "internal-error")
--		sendHTTPResponse(writer, errResponse)
--		return
--	}
--
--	file, err := os.Create(path)
--	if err != nil {
--		log.Printf("Write to %q failed: %v\n", path, err)
--		errResponse := makeErrorResponse(http.StatusInternalServerError, "Can't write configuration file", "internal-error")
--		sendHTTPResponse(writer, errResponse)
--		return
--	}
--	defer file.Close()
--
--	body, err := ioutil.ReadAll(request.Body)
--	if err != nil {
--		log.Println("Failed to process incoming configuration change request:", err)
--		errResponse := makeErrorResponse(http.StatusInternalServerError, "Error reading the request body", "internal-error")
--		sendHTTPResponse(writer, errResponse)
--		return
--	}
--
--	var items map[string]string
--	if err = json.Unmarshal(body, &items); err != nil {
--		log.Println("Invalid input data", err)
--		errResponse := makeErrorResponse(http.StatusInternalServerError, "Malformed request", "internal-error")
--		sendHTTPResponse(writer, errResponse)
--		return
--	}
--
--	// Add the items in the config, but only if all are in the whitelist
--	for key, value := range items {
--		if _, present := validTokens[key]; !present {
--			log.Println(`Invalid key "` + key + `": ignoring request`)
--			errResponse := makeErrorResponse(http.StatusInternalServerError, `Invalid key "`+key+`"`, "internal-error")
--			sendHTTPResponse(writer, errResponse)
--			return
--		}
--		config[key] = value
--	}
--
--	for key, value := range config {
--		key = convertKeyToStorageFormat(key)
--		value = escapeTextForShell(value)
--		file.WriteString(fmt.Sprintf("%s=%s\n", key, value))
--	}
--
--	sendHTTPResponse(writer, makeResponse(http.StatusOK, nil))
+ }
 diff --git a/cmd/service/main_test.go b/cmd/service/main_test.go
 deleted file mode 100644
 index d0fc6be..0000000
 --- a/cmd/service/main_test.go
 +++ /dev/null
@@ -1,298 +0,0 @@
--//
--// Copyright (C) 2016 Canonical Ltd
--//
--// This program is free software: you can redistribute it and/or modify
--// it under the terms of the GNU General Public License version 3 as
--// published by the Free Software Foundation.
--//
--// This program is distributed in the hope that it will be useful,
--// but WITHOUT ANY WARRANTY; without even the implied warranty of
--// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
--// GNU General Public License for more details.
--//
--// You should have received a copy of the GNU General Public License
--// along with this program.  If not, see <http://www.gnu.org/licenses/>.
--
--package main
--
--import (
--	"bytes"
--	"encoding/json"
--	"io/ioutil"
--	"net/http"
--	"net/http/httptest"
--	"os"
--	"path/filepath"
--	"strings"
--	"testing"
--
--	"gopkg.in/check.v1"
--)
--
--// gopkg.in/check.v1 stuff
--func Test(t *testing.T) { check.TestingT(t) }
--
--type S struct{}
--
--var _ = check.Suite(&S{})
--
--// Test the config file path append routine
--func (s *S) TestPath(c *check.C) {
--	c.Assert(getConfigOnPath("/test"), check.Equals, "/test/config")
--}
--
--// List of tokens to be translated
--var cfgKeys = [...][2]string{
--	{"DISABLED", "disabled"},
--	{"WIFI_SSID", "wifi.ssid"},
--	{"WIFI_INTERFACE", "wifi.interface"},
--	{"WIFI_INTERFACE_MODE", "wifi.interface-mode"},
--	{"DHCP_RANGE_START", "dhcp.range-start"},
--	{"MYTOKEN", "mytoken"},
--	{"CFG_TOKEN", "cfg.token"},
--	{"MY_TOKEN$", "my.token$"},
--}
--
--// Test token conversion from internal format
--func (s *S) TestConvertKeyToRepresentationFormat(c *check.C) {
--	for _, st := range cfgKeys {
--		c.Assert(convertKeyToRepresentationFormat(st[0]), check.Equals, st[1])
--	}
--}
--
--// Test token conversion to internal format
--func (s *S) TestConvertKeyToStorageFormat(c *check.C) {
--	for _, st := range cfgKeys {
--		c.Assert(convertKeyToStorageFormat(st[1]), check.Equals, st[0])
--	}
--}
--
--// List of malicious tokens which needs to be escaped
--func (s *S) TestEscapeShell(c *check.C) {
--	cmds := [...][2]string{
--		{"my_ap", "my_ap"},
--		{`my ap`, `"my ap"`},
--		{`my "ap"`, `"my \"ap\""`},
--		{`$(ps ax)`, `"\$(ps ax)"`},
--		{"`ls /`", "\"\\`ls /\\`\""},
--		{`c:\dir`, `"c:\\dir"`},
--	}
--	for _, st := range cmds {
--		c.Assert(escapeTextForShell(st[0]), check.Equals, st[1])
--	}
--}
--
--func (s *S) TestGetConfiguration(c *check.C) {
--	// Check it we get a valid JSON as configuration
--	req, err := http.NewRequest(http.MethodGet, configurationV1Uri, nil)
--	c.Assert(err, check.IsNil)
--
--	rec := httptest.NewRecorder()
--
--	getConfiguration(rec, req)
--
--	body, err := ioutil.ReadAll(rec.Body)
--	c.Assert(err, check.IsNil)
--
--	// Parse the returned JSON
--	var resp serviceResponse
--	err = json.Unmarshal(body, &resp)
--	c.Assert(err, check.IsNil)
--
--	// Check for 200 status code
--	c.Assert(resp.Status, check.Equals, http.StatusText(http.StatusOK))
--	c.Assert(resp.StatusCode, check.Equals, http.StatusOK)
--	c.Assert(resp.Type, check.Equals, "sync")
--}
--
--func (s *S) TestNoDefaultConfiguration(c *check.C) {
--	oldsnap := os.Getenv("SNAP")
--	os.Setenv("SNAP", "/nodir")
--	os.Setenv("SNAP_DATA", "/tmp")
--
--	req, err := http.NewRequest(http.MethodPost, configurationV1Uri, nil)
--	c.Assert(err, check.IsNil)
--
--	rec := httptest.NewRecorder()
--
--	validTokens = nil
--
--	changeConfiguration(rec, req)
--
--	c.Assert(rec.Code, check.Equals, http.StatusInternalServerError)
--
--	body, err := ioutil.ReadAll(rec.Body)
--	c.Assert(err, check.IsNil)
--
--	// Parse the returned JSON
--	var resp serviceResponse
--	err = json.Unmarshal(body, &resp)
--	c.Assert(err, check.IsNil)
--
--	// Check for 500 status code and other error fields
--	c.Assert(resp.Status, check.Equals, http.StatusText(http.StatusInternalServerError))
--	c.Assert(resp.StatusCode, check.Equals, http.StatusInternalServerError)
--	c.Assert(resp.Type, check.Equals, "error")
--	c.Assert(resp.Result["kind"], check.Equals, "internal-error")
--	c.Assert(resp.Result["message"], check.Equals, "No default configuration file available")
--
--	os.Setenv("SNAP", oldsnap)
--}
--
--func (s *S) TestWriteError(c *check.C) {
--	// Test a non writable path:
--	os.Setenv("SNAP_DATA", "/nodir")
--
--	req, err := http.NewRequest(http.MethodPost, configurationV1Uri, nil)
--	c.Assert(err, check.IsNil)
--
--	rec := httptest.NewRecorder()
--
--	validTokens, err = loadValidTokens(filepath.Join(os.Getenv("SNAP"), "/conf/default-config"))
--	c.Assert(validTokens, check.NotNil)
--	c.Assert(err, check.IsNil)
--
--	changeConfiguration(rec, req)
--
--	c.Assert(rec.Code, check.Equals, http.StatusInternalServerError)
--
--	body, err := ioutil.ReadAll(rec.Body)
--	c.Assert(err, check.IsNil)
--
--	// Parse the returned JSON
--	var resp serviceResponse
--	err = json.Unmarshal(body, &resp)
--	c.Assert(err, check.IsNil)
--
--	// Check for 500 status code and other error fields
--	c.Assert(resp.Status, check.Equals, http.StatusText(http.StatusInternalServerError))
--	c.Assert(resp.StatusCode, check.Equals, http.StatusInternalServerError)
--	c.Assert(resp.Type, check.Equals, "error")
--	c.Assert(resp.Result["kind"], check.Equals, "internal-error")
--	c.Assert(resp.Result["message"], check.Equals, "Can't write configuration file")
--}
--
--func (s *S) TestInvalidJSON(c *check.C) {
--	// Test an invalid JSON
--	os.Setenv("SNAP_DATA", "/tmp")
--	req, err := http.NewRequest(http.MethodPost, configurationV1Uri, strings.NewReader("not a JSON content"))
--	c.Assert(err, check.IsNil)
--
--	rec := httptest.NewRecorder()
--
--	changeConfiguration(rec, req)
--
--	c.Assert(rec.Code, check.Equals, http.StatusInternalServerError)
--
--	body, err := ioutil.ReadAll(rec.Body)
--	c.Assert(err, check.IsNil)
--
--	// Parse the returned JSON
--	resp := serviceResponse{}
--	err = json.Unmarshal(body, &resp)
--	c.Assert(err, check.IsNil)
--
--	// Check for 500 status code and other error fields
--	c.Assert(resp.Status, check.Equals, http.StatusText(http.StatusInternalServerError))
--	c.Assert(resp.StatusCode, check.Equals, http.StatusInternalServerError)
--	c.Assert(resp.Type, check.Equals, "error")
--	c.Assert(resp.Result["kind"], check.Equals, "internal-error")
--	c.Assert(resp.Result["message"], check.Equals, "Malformed request")
--}
--
--func (s *S) TestInvalidToken(c *check.C) {
--	// Test a succesful configuration set
--	// Values to be used in the config
--	values := map[string]string{
--		"wifi.security":            "wpa2",
--		"wifi.ssid":                "UbuntuAP",
--		"wifi.security-passphrase": "12345678",
--		"bad.token":                "xyz",
--	}
--
--	// Convert the map into JSON
--	args, err := json.Marshal(values)
--	c.Assert(err, check.IsNil)
--
--	req, err := http.NewRequest(http.MethodPost, configurationV1Uri, bytes.NewReader(args))
--	c.Assert(err, check.IsNil)
--
--	rec := httptest.NewRecorder()
--
--	validTokens, err = loadValidTokens(filepath.Join(os.Getenv("SNAP"), "/conf/default-config"))
--	c.Assert(validTokens, check.NotNil)
--	c.Assert(err, check.IsNil)
--
--	// Do the request
--	changeConfiguration(rec, req)
--
--	c.Assert(rec.Code, check.Equals, http.StatusInternalServerError)
--
--	// Read the result JSON
--	body, err := ioutil.ReadAll(rec.Body)
--	c.Assert(err, check.IsNil)
--
--	// Parse the returned JSON
--	resp := serviceResponse{}
--	err = json.Unmarshal(body, &resp)
--	c.Assert(err, check.IsNil)
--
--	// Check for 500 status code and other succesful fields
--	c.Assert(resp.Status, check.Equals, http.StatusText(http.StatusInternalServerError))
--	c.Assert(resp.StatusCode, check.Equals, http.StatusInternalServerError)
--	c.Assert(resp.Type, check.Equals, "error")
--}
--
--func (s *S) TestChangeConfiguration(c *check.C) {
--	// Values to be used in the config
--	values := map[string]string{
--		"wifi.security":            "wpa2",
--		"wifi.ssid":                "UbuntuAP",
--		"wifi.security-passphrase": "12345678",
--	}
--
--	// Convert the map into JSON
--	args, err := json.Marshal(values)
--	c.Assert(err, check.IsNil)
--
--	req, err := http.NewRequest(http.MethodPost, configurationV1Uri, bytes.NewReader(args))
--	c.Assert(err, check.IsNil)
--
--	rec := httptest.NewRecorder()
--
--	validTokens, err = loadValidTokens(filepath.Join(os.Getenv("SNAP"), "/conf/default-config"))
--	c.Assert(validTokens, check.NotNil)
--	c.Assert(err, check.IsNil)
--
--	// Do the request
--	changeConfiguration(rec, req)
--
--	c.Assert(rec.Code, check.Equals, http.StatusOK)
--
--	// Read the result JSON
--	body, err := ioutil.ReadAll(rec.Body)
--	c.Assert(err, check.IsNil)
--
--	// Parse the returned JSON
--	resp := serviceResponse{}
--	err = json.Unmarshal(body, &resp)
--	c.Assert(err, check.IsNil)
--
--	// Check for 200 status code and other succesful fields
--	c.Assert(resp.Status, check.Equals, http.StatusText(http.StatusOK))
--	c.Assert(resp.StatusCode, check.Equals, http.StatusOK)
--	c.Assert(resp.Type, check.Equals, "sync")
--
--	// Read the generated config and check that values were set
--	config, err := ioutil.ReadFile(getConfigOnPath(os.Getenv("SNAP_DATA")))
--	c.Assert(err, check.IsNil)
--
--	for key, value := range values {
--		c.Assert(strings.Contains(string(config),
--			convertKeyToStorageFormat(key)+"="+value+"\n"),
--			check.Equals, true)
--	}
--
--	// Don't leave garbage in /tmp
--	os.Remove(getConfigOnPath(os.Getenv("SNAP_DATA")))
--}
 diff --git a/cmd/service/response.go b/cmd/service/response.go
 new file mode 100644
 index 0000000..cc8a558
 --- /dev/null
 +++ b/cmd/service/response.go
@@ -0,0 +1,73 @@
++//
++// Copyright (C) 2016 Canonical Ltd
++//
++// This program is free software: you can redistribute it and/or modify
++// it under the terms of the GNU General Public License version 3 as
++// published by the Free Software Foundation.
++//
++// This program is distributed in the hope that it will be useful,
++// but WITHOUT ANY WARRANTY; without even the implied warranty of
++// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
++// GNU General Public License for more details.
++//
++// You should have received a copy of the GNU General Public License
++// along with this program.  If not, see <http://www.gnu.org/licenses/>.
++
++package main
++
++import (
++	"encoding/json"
++	"fmt"
++	"net/http"
++)
++
++/* JSON message format, as described here:
++{
++	"result": {
++		"key" : "val"
++	},
++	"status": "OK",
++	"status-code": 200,
++	"type": "sync"
++}
++*/
++
++type serviceResponse struct {
++	Result     map[string]string `json:"result"`
++	Status     string            `json:"status"`
++	StatusCode int               `json:"status-code"`
++	Type       string            `json:"type"`
++}
++
++func makeErrorResponse(code int, message, kind string) *serviceResponse {
++	return &serviceResponse{
++		Type:       "error",
++		Status:     http.StatusText(code),
++		StatusCode: code,
++		Result: map[string]string{
++			"message": message,
++			"kind":    kind,
++		},
++	}
++}
++
++func makeResponse(status int, result map[string]string) *serviceResponse {
++	resp := &serviceResponse{
++		Type:       "sync",
++		Status:     http.StatusText(status),
++		StatusCode: status,
++		Result:     result,
++	}
++
++	if resp.Result == nil {
++		resp.Result = make(map[string]string)
++	}
++
++	return resp
++}
++
++func sendHTTPResponse(writer http.ResponseWriter, response *serviceResponse) {
++	writer.WriteHeader(response.StatusCode)
++	data, _ := json.Marshal(response)
++	fmt.Fprintln(writer, string(data))
++}
 diff --git a/cmd/service/response_test.go b/cmd/service/response_test.go
 new file mode 100644
 index 0000000..07d78f3
 --- /dev/null
 +++ b/cmd/service/response_test.go
@@ -0,0 +1,47 @@
++//
++// Copyright (C) 2016 Canonical Ltd
++//
++// This program is free software: you can redistribute it and/or modify
++// it under the terms of the GNU General Public License version 3 as
++// published by the Free Software Foundation.
++//
++// This program is distributed in the hope that it will be useful,
++// but WITHOUT ANY WARRANTY; without even the implied warranty of
++// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
++// GNU General Public License for more details.
++//
++// You should have received a copy of the GNU General Public License
++// along with this program.  If not, see <http://www.gnu.org/licenses/>.
++
++package main
++
++import (
++	"gopkg.in/check.v1"
++	"net/http"
++)
++
++func (s *S) TestMakeErrorResponse(c *check.C) {
++	resp := makeErrorResponse(http.StatusInternalServerError, "my error message", "internal-error")
++	c.Assert(resp.Result, check.DeepEquals, map[string]string{
++		"message": "my error message",
++		"kind":    "internal-error",
++	})
++	c.Assert(resp.Status, check.Equals, "Internal Server Error")
++	c.Assert(resp.StatusCode, check.Equals, http.StatusInternalServerError)
++	c.Assert(resp.Type, check.Equals, "error")
++}
++
++func (s *S) TestMakeResponse(c *check.C) {
++	resp := makeResponse(http.StatusOK, nil)
++	c.Assert(resp.Result, check.DeepEquals, map[string]string{})
++	c.Assert(resp.Status, check.Equals, "OK")
++	c.Assert(resp.StatusCode, check.Equals, http.StatusOK)
++	c.Assert(resp.Type, check.Equals, "sync")
++
++	data := map[string]string{"foo": "bar"}
++	resp = makeResponse(http.StatusOK, data)
++	c.Assert(resp.Result, check.DeepEquals, data)
++	c.Assert(resp.Status, check.Equals, "OK")
++	c.Assert(resp.StatusCode, check.Equals, http.StatusOK)
++	c.Assert(resp.Type, check.Equals, "sync")
++}
 diff --git a/cmd/service/service.go b/cmd/service/service.go
 new file mode 100644
 index 0000000..0ee04a8
 --- /dev/null
 +++ b/cmd/service/service.go
@@ -0,0 +1,159 @@
++//
++// Copyright (C) 2016 Canonical Ltd
++//
++// This program is free software: you can redistribute it and/or modify
++// it under the terms of the GNU General Public License version 3 as
++// published by the Free Software Foundation.
++//
++// This program is distributed in the hope that it will be useful,
++// but WITHOUT ANY WARRANTY; without even the implied warranty of
++// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
++// GNU General Public License for more details.
++//
++// You should have received a copy of the GNU General Public License
++// along with this program.  If not, see <http://www.gnu.org/licenses/>.
++
++package main
++
++import (
++	"fmt"
++	"github.com/gorilla/mux"
++	"log"
++	"net"
++	"net/http"
++	"os"
++	"path"
++	"path/filepath"
++	"time"
++
++	"gopkg.in/tomb.v2"
++)
++
++const (
++	serviceAddress = "127.0.0.1"
++	servicePort    = 5005
++)
++
++type responceFunc func(*serviceCommand, http.ResponseWriter, *http.Request)
++
++type serviceCommand struct {
++	Path   string
++	GET    responceFunc
++	PUT    responceFunc
++	POST   responceFunc
++	DELETE responceFunc
++	s      *service
++}
++
++type service struct {
++	tomb     tomb.Tomb
++	server   *http.Server
++	listener net.Listener
++	router   *mux.Router
++	ap       BackgroundProcess
++}
++
++func (c *serviceCommand) ServeHTTP(w http.ResponseWriter, r *http.Request) {
++	var rspf responceFunc
++
++	switch r.Method {
++	case "GET":
++		rspf = c.GET
++	case "PUT":
++		rspf = c.PUT
++	case "POST":
++		rspf = c.POST
++	case "DELETE":
++		rspf = c.DELETE
++	}
++
++	if rspf == nil {
++		rsp := makeErrorResponse(http.StatusInternalServerError, "Invalid method called", "internal-error")
++		sendHTTPResponse(w, rsp)
++		return
++	}
++
++	rspf(c, w, r)
++}
++
++func (s *service) addRoutes() {
++	s.router = mux.NewRouter()
++
++	for _, c := range api {
++		c.s = s
++		log.Println("Adding route for ", c.Path)
++		s.router.Handle(c.Path, c).Name(c.Path)
++	}
++}
++
++func (s *service) setupAccesPoint() error {
++	path := path.Join(os.Getenv("SNAP"), "bin", "ap.sh")
++	ap, err := NewBackgroundProcess(path)
++	if err != nil {
++		return err
++	}
++
++	s.ap = ap
++	err = s.ap.Start()
++	if err != nil {
++		return err
++	}
++
++	return nil
++}
++
++func (s *service) Shutdown() {
++	log.Println("Shutting down ...")
++	s.listener.Close()
++	s.tomb.Kill(nil)
++	s.tomb.Wait()
++}
++
++func (s *service) Run() error {
++	s.addRoutes()
++	if err := s.setupAccesPoint(); err != nil {
++		return err
++	}
++
++	var err error
++	if validTokens, err = loadValidTokens(filepath.Join(os.Getenv("SNAP"), "conf", "default-config")); err != nil {
++		log.Println("Failed to read default configuration:", err)
++	}
++
++	addr := fmt.Sprintf("%s:%d", serviceAddress, servicePort)
++	s.server = &http.Server{Addr: addr, Handler: s.router}
++	s.listener, err = net.Listen("tcp", addr)
++	if err != nil {
++		return err
++	}
++
++	s.tomb.Go(func() error {
++		err := s.server.Serve(tcpKeepAliveListener{s.listener.(*net.TCPListener)})
++		if err != nil {
++			return fmt.Errorf("Failed to server HTTP: %s", err)
++		}
++		return nil
++	})
++
++	s.tomb.Wait()
++
++	if s.ap.Running() {
++		s.ap.Stop()
++	}
++
++	return nil
++}
++
++type tcpKeepAliveListener struct {
++	*net.TCPListener
++}
++
++func (ln tcpKeepAliveListener) Accept() (c net.Conn, err error) {
++	tc, err := ln.AcceptTCP()
++	if err != nil {
++		return
++	}
++	tc.SetKeepAlive(true)
++	tc.SetKeepAlivePeriod(3 * time.Minute)
++	return tc, nil
++}
 diff --git a/snapcraft.yaml b/snapcraft.yaml
 index 3a7d218..223498e 100644
 --- a/snapcraft.yaml
 +++ b/snapcraft.yaml
@@ -11,18 +11,14 @@ description: |
  grade: stable
  apps:
--  backend:
--    command: bin/ap.sh
--    daemon: simple
--    plugs:
--      - network-control
--      - firewall-control
--      - network-bind
--      - network-manager
    config:
      command: bin/client config
      plugs:
        - network
++  status:
++    command: bin/client status
++    plugs:
++      - network
    setup-wizard:
      command: bin/client wizard
      plugs:
@@ -32,6 +28,14 @@ apps:
      daemon: simple
      plugs:
        - network-bind
++      - network-control
++      - firewall-control
++      - network-manager
++  first-config:
++    command: bin/first-config.sh
++    daemon: simple
++    plugs:
++      - network-bind
  parts:
    common:
@@ -42,6 +46,7 @@ parts:
        - bin/config-internal.sh
        - bin/ap.sh
        - bin/helper.sh
++      - bin/first-config.sh
        - conf/default-config
    network-utils:
@@ -74,6 +79,7 @@ parts:
        - bin
      build-packages:
        - golang-github-gorilla-mux-dev
++      - golang-gopkg-tomb.v2-dev
    dnsmasq:
      plugin: make
 diff --git a/tests/lib/prepare-all.sh b/tests/lib/prepare-all.sh
 index 290b3ed..59e1349 100644
 --- a/tests/lib/prepare-all.sh
 +++ b/tests/lib/prepare-all.sh
@@ -6,6 +6,13 @@ if [ -n "$SNAP_CHANNEL" ] ; then
  	exit 0
  fi
++# If there is a wifi-ap snap prebuilt for us, lets take
++# that one to speed things up.
++if [ -e /home/wifi-ap/wifi-ap_*_amd64.snap ] ; then
++	exit 0
++fi
++
++
  # Setup classic snap and build the wifi-ap snap in there
  snap install --devmode --beta classic
  cat <<-EOF > /home/test/build-snap.sh
 diff --git a/tests/lib/restore-each.sh b/tests/lib/restore-each.sh
 index 799c605..1193b58 100644
 --- a/tests/lib/restore-each.sh
 +++ b/tests/lib/restore-each.sh
@@ -21,7 +21,6 @@ rm -rf /var/snap/$SNAP_NAME/common/*
  rm -rf /var/snap/$SNAP_NAME/current/*
  # Depending on what the test did both services are not meant to be
  # running here.
--systemctl stop snap.wifi-ap.backend || true
  systemctl stop snap.wifi-ap.management-service || true
  # Drop any generated or modified netplan configuration files. The original
@@ -40,7 +39,5 @@ netplan generate
  netplan apply
  # Start services again now that the system is restored
--systemctl start snap.wifi-ap.backend
  systemctl start snap.wifi-ap.management-service
--wait_for_systemd_service snap.wifi-ap.backend
  wait_for_systemd_service snap.wifi-ap.management-service
 diff --git a/tests/main/background-process-control/task.yaml b/tests/main/background-process-control/task.yaml
 new file mode 100644
 index 0000000..c884b52
 --- /dev/null
 +++ b/tests/main/background-process-control/task.yaml
@@ -0,0 +1,46 @@
++summary: Test correct service behavior to ensure the background AP process is running
++
++prepare: |
++    # Simulate two WiFi radio network interfaces
++    modprobe mac80211_hwsim radios=2
++
++    # We need some tools for scanning etc.
++    snap install wireless-tools
++    snap connect wireless-tools:network-control core
++
++restore: |
++    rmmod mac80211_hwsim
++
++execute: |
++    # Verify first the management service is up and running
++    /snap/bin/wifi-ap.config get
++    test "`/snap/bin/wifi-ap.config get disabled`" = "1"
++
++    # AP should be not active at this time as still disabled
++    /snap/bin/wifi-ap.status | grep "ap.active: 0"
++
++    # Now start the AP and ensure its reported as active
++    /snap/bin/wifi-ap.config set disabled 0
++    /snap/bin/wifi-ap.status | grep "ap.active: 1"
++    # And if we wait a bit more it should be still active
++    sleep 5
++    /snap/bin/wifi-ap.status | grep "ap.active: 1"
++
++    # Scan for networks on the other side of the WiFi network
++    # and ensure the network is available.
++    ifconfig wlan1 up
++    /snap/bin/wireless-tools.iw dev wlan1 scan | grep 'SSID: Ubuntu'
++
++    # Restart should get us back into the same state we were in before
++    /snap/bin/wifi-ap.status restart-ap
++    # Restart needs some time
++    sleep 5
++    /snap/bin/wifi-ap.status | grep "ap.active: 1"
++    /snap/bin/wireless-tools.iw dev wlan1 scan | grep 'SSID: Ubuntu'
++
++    # If we now stop the management-service the hostapd and dnsmasq
++    # instances should go away.
++    systemctl stop snap.wifi-ap.management-service
++    while /snap/bin/wifi-ap.status | grep "ap.active: 1" ; do
++        sleep 0.5
++    done
 diff --git a/tests/main/default-conf-brings-up-ap/task.yaml b/tests/main/default-conf-brings-up-ap/task.yaml
 index c8a09dd..5239813 100644
 --- a/tests/main/default-conf-brings-up-ap/task.yaml
 +++ b/tests/main/default-conf-brings-up-ap/task.yaml
@@ -13,9 +13,6 @@ execute: |
      # Default configuration will use wlan0 which we just created
      /snap/bin/wifi-ap.config set disabled 0
--    systemctl restart snap.wifi-ap.backend
--    wait_for_systemd_service snap.wifi-ap.backend
--
      snap install wireless-tools
      snap connect wireless-tools:network-control core
 diff --git a/tests/main/stress-ap-status-control/task.yaml b/tests/main/stress-ap-status-control/task.yaml
 new file mode 100644
 index 0000000..976c97e
 --- /dev/null
 +++ b/tests/main/stress-ap-status-control/task.yaml
@@ -0,0 +1,49 @@
++summary: Stress test for the AP status control API
++
++environment:
++    RESTART_ITERATIONS: 50
++
++prepare: |
++    # Simulate two WiFi radio network interfaces
++    modprobe mac80211_hwsim radios=2
++
++    # We need some tools for scanning etc.
++    snap install wireless-tools
++    snap connect wireless-tools:network-control core
++
++restore: |
++    rmmod mac80211_hwsim
++
++execute: |
++    # Bring up the access point first
++    /snap/bin/wifi-ap.config set disabled 0
++    while ! /snap/bin/wifi-ap.status | grep "ap.active: 1" ; do
++        sleep 0.5
++    done
++
++    # Scan for networks on the other side of the WiFi network
++    # and ensure the network is available.
++    sleep 3
++    ifconfig wlan1 up
++    sudo /snap/bin/wireless-tools.iw dev wlan1 scan | grep 'SSID: Ubuntu'
++
++    # We will restart the AP a huge number of times again and again
++    # and expect that the AP afterwards comes back up normally and
++    # we can still search and connect to it.
++    n=0
++    while [ $n -lt $RESTART_ITERATIONS ] ; do
++        /snap/bin/wifi-ap.status restart-ap
++        let n=n+1
++    done
++
++    # The AP should be still available in our scan result
++    sleep 3
++    sudo /snap/bin/wireless-tools.iw dev wlan1 scan | grep 'SSID: Ubuntu'
++    # Verify we can associate with the AP
++    sudo /snap/bin/wireless-tools.iw wlan1 connect Ubuntu
++    sudo /snap/bin/wireless-tools.iw dev wlan1 link | grep 'SSID: Ubuntu'
++
++    # We should only have one hostapd and one dnsmasq process at this time
++    # (we have to ignore the grep'ing process as otherwise we get a count of 2)
++    test `ps axu | grep hostapd | grep -v grep | wc -l` -eq 1
++    test `ps axu | grep dnsmasq | grep -v grep | wc -l` -eq 1
 \ No newline at end of file
 diff --git a/tests/main/utf8-ssid/task.yaml b/tests/main/utf8-ssid/task.yaml
 index 903bfdb..67c334f 100644
 --- a/tests/main/utf8-ssid/task.yaml
 +++ b/tests/main/utf8-ssid/task.yaml
@@ -13,11 +13,15 @@ execute: |
      wait_for_systemd_service snap.wifi-ap.management-service
      # Default configuration will use wlan0 which we just created
--    /snap/bin/wifi-ap.config set disabled 0
      /snap/bin/wifi-ap.config set wifi.ssid 'Ubuntu👍'
++    /snap/bin/wifi-ap.config set disabled 0
--    systemctl restart snap.wifi-ap.backend
--    wait_for_systemd_service snap.wifi-ap.backend
++    # Wait for AP to become active
++    while ! /snap/bin/wifi-ap.status | grep 'ap.active: 1' ; do
++        sleep 0.5
++    done
++    # Give AP a bit more to settle until it's marked as active
++    sleep 3
      snap install wireless-tools
      snap connect wireless-tools:network-control core