From 681b9448ba24a68f436655aad99f690bfdac6339 Mon Sep 17 00:00:00 2001 From: Christian Poessinger Date: Wed, 13 Apr 2022 22:52:06 +0200 Subject: squid: T4333: migrate to new vyos_defined Jinja2 test --- data/templates/squid/squid.conf.tmpl | 42 +++++++++++++++---------------- data/templates/squid/squidGuard.conf.tmpl | 34 ++++++++++++------------- 2 files changed, 37 insertions(+), 39 deletions(-) (limited to 'data/templates/squid') diff --git a/data/templates/squid/squid.conf.tmpl b/data/templates/squid/squid.conf.tmpl index 26aff90bf..e8627b022 100644 --- a/data/templates/squid/squid.conf.tmpl +++ b/data/templates/squid/squid.conf.tmpl @@ -15,20 +15,20 @@ acl Safe_ports port 591 # filemaker acl Safe_ports port 777 # multiling http acl CONNECT method CONNECT -{% if authentication is defined and authentication is not none %} -{% if authentication.children is defined and authentication.children is not none %} +{% if authentication is vyos_defined %} +{% if authentication.children is vyos_defined %} auth_param basic children {{ authentication.children }} {% endif %} -{% if authentication.credentials_ttl is defined and authentication.credentials_ttl is not none %} +{% if authentication.credentials_ttl is vyos_defined %} auth_param basic credentialsttl {{ authentication.credentials_ttl }} minute {% endif %} -{% if authentication.realm is defined and authentication.realm is not none %} +{% if authentication.realm is vyos_defined %} auth_param basic realm "{{ authentication.realm }}" {% endif %} {# LDAP based Authentication #} -{% if authentication.method is defined and authentication.method is not none %} -{% if authentication.ldap is defined and authentication.ldap is not none and authentication.method == 'ldap' %} -auth_param basic program /usr/lib/squid/basic_ldap_auth -v {{ authentication.ldap.version }} -b "{{ authentication.ldap.base_dn }}" {{ '-D "' + authentication.ldap.bind_dn + '"' if authentication.ldap.bind_dn is defined }} {{ '-w "' + authentication.ldap.password + '"' if authentication.ldap.password is defined }} {{ '-f "' + authentication.ldap.filter_expression + '"' if authentication.ldap.filter_expression is defined }} {{ '-u "' + authentication.ldap.username_attribute + '"' if authentication.ldap.username_attribute is defined }} -p {{ authentication.ldap.port }} {{ '-ZZ' if authentication.ldap.use_ssl is defined }} -R -h "{{ authentication.ldap.server }}" +{% if authentication.method is vyos_defined %} +{% if authentication.ldap is vyos_defined and authentication.method is vyos_defined('ldap') %} +auth_param basic program /usr/lib/squid/basic_ldap_auth -v {{ authentication.ldap.version }} -b "{{ authentication.ldap.base_dn }}" {{ '-D "' ~ authentication.ldap.bind_dn ~ '"' if authentication.ldap.bind_dn is vyos_defined }} {{ '-w "' ~ authentication.ldap.password ~ '"' if authentication.ldap.password is vyos_defined }} {{ '-f "' ~ authentication.ldap.filter_expression ~ '"' if authentication.ldap.filter_expression is vyos_defined }} {{ '-u "' ~ authentication.ldap.username_attribute ~ '"' if authentication.ldap.username_attribute is vyos_defined }} -p {{ authentication.ldap.port }} {{ '-ZZ' if authentication.ldap.use_ssl is vyos_defined }} -R -h "{{ authentication.ldap.server }}" {% endif %} acl auth proxy_auth REQUIRED http_access allow auth @@ -43,24 +43,24 @@ http_access allow localhost http_access allow net http_access deny all -{% if reply_block_mime is defined and reply_block_mime is not none %} +{% if reply_block_mime is vyos_defined %} {% for mime_type in reply_block_mime %} acl BLOCK_MIME rep_mime_type {{ mime_type }} {% endfor %} http_reply_access deny BLOCK_MIME {% endif %} -{% if cache_size is defined and cache_size is not none %} +{% if cache_size is vyos_defined %} {% if cache_size | int > 0 %} cache_dir ufs /var/spool/squid {{ cache_size }} 16 256 {% else %} # disabling disk cache {% endif %} {% endif %} -{% if mem_cache_size is defined and mem_cache_size is not none %} +{% if mem_cache_size is vyos_defined %} cache_mem {{ mem_cache_size }} MB {% endif %} -{% if disable_access_log is defined %} +{% if disable_access_log is vyos_defined %} access_log none {% else %} access_log /var/log/squid/access.log squid @@ -69,26 +69,26 @@ access_log /var/log/squid/access.log squid {# by default we'll disable the store log #} cache_store_log none -{% if append_domain is defined and append_domain is not none %} +{% if append_domain is vyos_defined %} append_domain {{ append_domain }} {% endif %} -{% if maximum_object_size is defined and maximum_object_size is not none %} +{% if maximum_object_size is vyos_defined %} maximum_object_size {{ maximum_object_size }} KB {% endif %} -{% if minimum_object_size is defined and minimum_object_size is not none %} +{% if minimum_object_size is vyos_defined %} minimum_object_size {{ minimum_object_size }} KB {% endif %} -{% if reply_body_max_size is defined and reply_body_max_size is not none %} +{% if reply_body_max_size is vyos_defined %} reply_body_max_size {{ reply_body_max_size }} KB {% endif %} -{% if outgoing_address is defined and outgoing_address is not none %} +{% if outgoing_address is vyos_defined %} tcp_outgoing_address {{ outgoing_address }} {% endif %} -{% if listen_address is defined and listen_address is not none %} +{% if listen_address is vyos_defined %} {% for address, config in listen_address.items() %} -http_port {{ address | bracketize_ipv6 }}:{{ config.port if config.port is defined else default_port }} {{ 'intercept' if config.disable_transparent is not defined }} +http_port {{ address | bracketize_ipv6 }}:{{ config.port if config.port is vyos_defined else default_port }} {{ 'intercept' if config.disable_transparent is not vyos_defined }} {% endfor %} {% endif %} http_port 127.0.0.1:{{ default_port }} @@ -97,15 +97,13 @@ http_port 127.0.0.1:{{ default_port }} forwarded_for off {# SquidGuard #} -{% if url_filtering is defined and url_filtering.disable is not defined %} -{% if url_filtering.squidguard is defined and url_filtering.squidguard is not none %} +{% if url_filtering.disable is not vyos_defined and url_filtering.squidguard is vyos_defined %} url_rewrite_program /usr/bin/squidGuard -c {{ squidguard_conf }} url_rewrite_children 8 url_rewrite_bypass on -{% endif %} {% endif %} -{% if cache_peer is defined and cache_peer is not none %} +{% if cache_peer is vyos_defined %} {% for peer, config in cache_peer.items() %} cache_peer {{ config.address }} {{ config.type }} {{ config.http_port }} {{ config.icp_port }} {{ config.options }} {% endfor %} diff --git a/data/templates/squid/squidGuard.conf.tmpl b/data/templates/squid/squidGuard.conf.tmpl index c59dc901e..5e877f01f 100644 --- a/data/templates/squid/squidGuard.conf.tmpl +++ b/data/templates/squid/squidGuard.conf.tmpl @@ -8,14 +8,14 @@ dest {{ category }}-default { {% if expressions | is_file %} expressionlist {{ category }}/expressions {% endif %} -{% if log is defined %} +{% if log is vyos_defined %} log blacklist.log {% endif %} } {% endmacro %} -{% if url_filtering is defined and url_filtering.disable is not defined %} -{% if url_filtering.squidguard is defined and url_filtering.squidguard is not none %} +{% if url_filtering is vyos_defined and url_filtering.disable is not vyos_defined %} +{% if url_filtering.squidguard is vyos_defined %} {% set sg_config = url_filtering.squidguard %} {% set acl = namespace(value='local-ok-default') %} {% set acl.value = acl.value + ' !in-addr' if sg_config.allow_ipaddr_url is not defined else acl.value %} @@ -32,52 +32,52 @@ rewrite safesearch { log rewrite.log } -{% if sg_config.local_ok is defined and sg_config.local_ok is not none %} +{% if sg_config.local_ok is vyos_defined %} {% set acl.value = acl.value + ' local-ok-default' %} dest local-ok-default { domainlist local-ok-default/domains } {% endif %} -{% if sg_config.local_ok_url is defined and sg_config.local_ok_url is not none %} +{% if sg_config.local_ok_url is vyos_defined %} {% set acl.value = acl.value + ' local-ok-url-default' %} dest local-ok-url-default { urllist local-ok-url-default/urls } {% endif %} -{% if sg_config.local_block is defined and sg_config.local_block is not none %} +{% if sg_config.local_block is vyos_defined %} {% set acl.value = acl.value + ' !local-block-default' %} dest local-block-default { domainlist local-block-default/domains } {% endif %} -{% if sg_config.local_block_url is defined and sg_config.local_block_url is not none %} +{% if sg_config.local_block_url is vyos_defined %} {% set acl.value = acl.value + ' !local-block-url-default' %} dest local-block-url-default { urllist local-block-url-default/urls } {% endif %} -{% if sg_config.local_block_keyword is defined and sg_config.local_block_keyword is not none %} +{% if sg_config.local_block_keyword is vyos_defined %} {% set acl.value = acl.value + ' !local-block-keyword-default' %} dest local-block-keyword-default { expressionlist local-block-keyword-default/expressions } {% endif %} -{% if sg_config.block_category is defined and sg_config.block_category is not none %} +{% if sg_config.block_category is vyos_defined %} {% for category in sg_config.block_category %} {{ sg_rule(category, sg_config.log, squidguard_db_dir) }} {% set acl.value = acl.value + ' !' + category + '-default' %} {% endfor %} {% endif %} -{% if sg_config.allow_category is defined and sg_config.allow_category is not none %} +{% if sg_config.allow_category is vyos_defined %} {% for category in sg_config.allow_category %} {{ sg_rule(category, False, squidguard_db_dir) }} {% set acl.value = acl.value + ' ' + category + '-default' %} {% endfor %} {% endif %} -{% if sg_config.source_group is defined and sg_config.source_group is not none %} +{% if sg_config.source_group is vyos_defined %} {% for sgroup, sg_config in sg_config.source_group.items() %} -{% if sg_config.address is defined and sg_config.address is not none %} +{% if sg_config.address is vyos_defined %} src {{ sgroup }} { {% for address in sg_config.address %} ip {{ address }} @@ -87,7 +87,7 @@ src {{ sgroup }} { {% endif %} {% endfor %} {% endif %} -{% if sg_config.rule is defined and sg_config.rule is not none %} +{% if sg_config.rule is vyos_defined %} {% for rule, rule_config in sg_config.rule.items() %} {% for b_category in rule_config.block_category%} dest {{ b_category }} { @@ -99,7 +99,7 @@ dest {{ b_category }} { {% endfor %} {% endif %} acl { -{% if sg_config.rule is defined and sg_config.rule is not none %} +{% if sg_config.rule is vyos_defined %} {% for rule, rule_config in sg_config.rule.items() %} {{ rule_config.source_group }} { {% for b_category in rule_config.block_category%} @@ -110,12 +110,12 @@ acl { {% endif %} default { -{% if sg_config.enable_safe_search is defined %} +{% if sg_config.enable_safe_search is vyos_defined %} rewrite safesearch {% endif %} - pass {{ acl.value }} {{ 'none' if sg_config.default_action is defined and sg_config.default_action == 'block' else 'allow' }} + pass {{ acl.value }} {{ 'none' if sg_config.default_action is vyos_defined('block') else 'allow' }} redirect 302:http://{{ sg_config.redirect_url }} -{% if sg_config.log is defined and sg_config.log is not none %} +{% if sg_config.log is vyos_defined %} log blacklist.log {% endif %} } -- cgit v1.2.3