T4758: Fix conflicts op-mode-standardized

author: Viacheslav Hletenko <v.gletenko@vyos.io> 2022-11-02 14:55:27 +0200
committer: Viacheslav Hletenko <v.gletenko@vyos.io> 2022-11-02 12:59:57 +0000
commit: 46eda54c88ae96ed1f4aaa9ce56c505ed837f3d7 (patch)
tree: 852b802c592919fec3fe66c14dd2f4aaaf8fd7ed /src/conf_mode/vpn_ipsec.py
parent: 738641a6c66d22c09b8c028ee3d8a90527d9701f (diff)
parent: f2ec92a78c4ee2a35e7d071387460fc6ce360740 (diff)
download: vyos-1x-46eda54c88ae96ed1f4aaa9ce56c505ed837f3d7.tar.gz
vyos-1x-46eda54c88ae96ed1f4aaa9ce56c505ed837f3d7.zip
1 files changed, 15 insertions, 2 deletions
diff --git a/src/conf_mode/vpn_ipsec.py b/src/conf_mode/vpn_ipsec.py
index 77a425f8b..cfefcfbe8 100755
--- a/src/conf_mode/vpn_ipsec.py
+++ b/src/conf_mode/vpn_ipsec.py
@@ -117,13 +117,26 @@ def get_config(config=None):
                     ipsec['ike_group'][group]['proposal'][proposal] = dict_merge(default_values,
                         ipsec['ike_group'][group]['proposal'][proposal])
 
-    if 'remote_access' in ipsec and 'connection' in ipsec['remote_access']:
+    # XXX: T2665: we can not safely rely on the defaults() when there are
+    # tagNodes in place, it is better to blend in the defaults manually.
+    if dict_search('remote_access.connection', ipsec):
         default_values = defaults(base + ['remote-access', 'connection'])
         for rw in ipsec['remote_access']['connection']:
             ipsec['remote_access']['connection'][rw] = dict_merge(default_values,
               ipsec['remote_access']['connection'][rw])
 
-    if 'remote_access' in ipsec and 'radius' in ipsec['remote_access'] and 'server' in ipsec['remote_access']['radius']:
+    # XXX: T2665: we can not safely rely on the defaults() when there are
+    # tagNodes in place, it is better to blend in the defaults manually.
+    if dict_search('remote_access.radius.server', ipsec):
+        # Fist handle the "base" stuff like RADIUS timeout
+        default_values = defaults(base + ['remote-access', 'radius'])
+        if 'server' in default_values:
+            del default_values['server']
+        ipsec['remote_access']['radius'] = dict_merge(default_values,
+                                                      ipsec['remote_access']['radius'])
+
+        # Take care about individual RADIUS servers implemented as tagNodes - this
+        # requires special treatment
         default_values = defaults(base + ['remote-access', 'radius', 'server'])
         for server in ipsec['remote_access']['radius']['server']:
             ipsec['remote_access']['radius']['server'][server] = dict_merge(default_values,
author	Viacheslav Hletenko <v.gletenko@vyos.io>	2022-11-02 14:55:27 +0200
committer	Viacheslav Hletenko <v.gletenko@vyos.io>	2022-11-02 12:59:57 +0000
commit	46eda54c88ae96ed1f4aaa9ce56c505ed837f3d7 (patch)
tree	852b802c592919fec3fe66c14dd2f4aaaf8fd7ed /src/conf_mode/vpn_ipsec.py
parent	738641a6c66d22c09b8c028ee3d8a90527d9701f (diff)
parent	f2ec92a78c4ee2a35e7d071387460fc6ce360740 (diff)
download	vyos-1x-46eda54c88ae96ed1f4aaa9ce56c505ed837f3d7.tar.gz vyos-1x-46eda54c88ae96ed1f4aaa9ce56c505ed837f3d7.zip