<?xml version="1.0"?>
<interfaceDefinition>
  <node name="service">
    <children>
      <node name="https" owner="${vyos_conf_scripts_dir}/https.py">
        <properties>
          <help>HTTPS configuration</help>
          <priority>1001</priority>
        </properties>
        <children>
          <tagNode name="virtual-host">
            <properties>
              <help>Identifier for virtual host</help>
              <constraint>
                <regex>[a-zA-Z0-9-_.:]{1,255}</regex>
              </constraint>
              <constraintErrorMessage>illegal characters in identifier or identifier longer than 255 characters</constraintErrorMessage>
            </properties>
            <children>
              <leafNode name="listen-address">
                <properties>
                  <help>Address to listen for HTTPS requests</help>
                  <completionHelp>
                    <script>${vyos_completion_dir}/list_local_ips.sh --both</script>
                  </completionHelp>
                  <valueHelp>
                    <format>ipv4</format>
                   <description>HTTPS IPv4 address</description>
                  </valueHelp>
                  <valueHelp>
                    <format>ipv6</format>
                    <description>HTTPS IPv6 address</description>
                  </valueHelp>
                  <valueHelp>
                    <format>'*'</format>
                    <description>any</description>
                  </valueHelp>
                  <constraint>
                    <validator name="ipv4-address"/>
                    <validator name="ipv6-address"/>
                    <regex>\*</regex>
                  </constraint>
                </properties>
              </leafNode>
              <leafNode name='listen-port'>
                <properties>
                  <help>Port to listen for HTTPS requests; default 443</help>
                  <valueHelp>
                    <format>u32:1-65535</format>
                    <description>Numeric IP port</description>
                  </valueHelp>
                  <constraint>
                    <validator name="numeric" argument="--range 1-65535"/>
                  </constraint>
                </properties>
              </leafNode>
              <leafNode name="server-name">
                <properties>
                  <help>Server names: exact, wildcard, or regex</help>
                  <multi/>
                </properties>
              </leafNode>
              #include <include/allow-client.xml.i>
            </children>
          </tagNode>
          <node name="api" owner="${vyos_conf_scripts_dir}/http-api.py">
            <properties>
              <help>VyOS HTTP API configuration</help>
              <priority>1002</priority>
            </properties>
            <children>
              #include <include/port-number.xml.i>
              <node name="keys">
                <properties>
                  <help>HTTP API keys</help>
                </properties>
                <children>
                  <tagNode name="id">
                    <properties>
                      <help>HTTP API id</help>
                    </properties>
                    <children>
                      <leafNode name="key">
                        <properties>
                          <help>HTTP API plaintext key</help>
                        </properties>
                      </leafNode>
                    </children>
                  </tagNode>
                </children>
              </node>
              <leafNode name="strict">
                <properties>
                  <help>Enforce strict path checking</help>
                  <valueless/>
                </properties>
              </leafNode>
              <leafNode name="debug">
                <properties>
                  <help>Debug</help>
                  <valueless/>
                  <hidden/>
                </properties>
              </leafNode>
              <leafNode name="socket">
                <properties>
                  <help>Run server on Unix domain socket</help>
                  <valueless/>
                </properties>
              </leafNode>
              <node name="graphql">
                <properties>
                  <help>GraphQL support</help>
                </properties>
                <children>
                  <leafNode name="introspection">
                    <properties>
                      <help>Schema introspection</help>
                      <valueless/>
                    </properties>
                  </leafNode>
                  <node name="authentication">
                    <properties>
                      <help>GraphQL authentication</help>
                    </properties>
                    <children>
                      <leafNode name="type">
                        <properties>
                          <help>Authentication type</help>
                          <completionHelp>
                            <list>key token</list>
                          </completionHelp>
                          <valueHelp>
                            <format>key</format>
                            <description>Use API keys</description>
                          </valueHelp>
                          <valueHelp>
                            <format>token</format>
                            <description>Use JWT token</description>
                          </valueHelp>
                          <constraint>
                            <regex>(key|token)</regex>
                          </constraint>
                        </properties>
                        <defaultValue>key</defaultValue>
                      </leafNode>
                      <leafNode name="expiration">
                        <properties>
                          <help>Token time to expire in seconds</help>
                          <valueHelp>
                            <format>u32:60-31536000</format>
                            <description>Token lifetime in seconds</description>
                          </valueHelp>
                          <constraint>
                            <validator name="numeric" argument="--range 60-31536000"/>
                          </constraint>
                        </properties>
                        <defaultValue>3600</defaultValue>
                      </leafNode>
                      <leafNode name="secret-length">
                        <properties>
                          <help>Length of shared secret in bytes</help>
                          <valueHelp>
                            <format>u32:16-65535</format>
                            <description>Byte length of generated shared secret</description>
                          </valueHelp>
                          <constraint>
                            <validator name="numeric" argument="--range 16-65535"/>
                          </constraint>
                        </properties>
                        <defaultValue>32</defaultValue>
                      </leafNode>
                    </children>
                  </node>
                </children>
              </node>
              <node name="cors">
                <properties>
                  <help>Set CORS options</help>
                </properties>
                <children>
                  <leafNode name="allow-origin">
                    <properties>
                      <help>Allow resource request from origin</help>
                      <multi/>
                    </properties>
                  </leafNode>
                </children>
              </node>
            </children>
          </node>
          <node name="api-restrict">
            <properties>
              <help>Restrict api proxy to subset of virtual hosts</help>
            </properties>
            <children>
              <leafNode name="virtual-host">
                <properties>
                  <help>Restrict proxy to virtual host(s)</help>
                  <multi/>
                </properties>
              </leafNode>
            </children>
          </node>
          <node name="certificates">
            <properties>
              <help>TLS certificates</help>
            </properties>
            <children>
              #include <include/pki/ca-certificate.xml.i>
              #include <include/pki/certificate.xml.i>
              <node name="certbot" owner="${vyos_conf_scripts_dir}/le_cert.py">
                <properties>
                  <help>Request or apply a letsencrypt certificate for domain-name</help>
                </properties>
                <children>
                  <leafNode name="domain-name">
                    <properties>
                      <help>Domain name(s) for which to obtain certificate</help>
                      <multi/>
                    </properties>
                  </leafNode>
                  <leafNode name="email">
                    <properties>
                      <help>Email address to associate with certificate</help>
                    </properties>
                  </leafNode>
                </children>
              </node>
            </children>
          </node>
          #include <include/interface/vrf.xml.i>
        </children>
      </node>
    </children>
  </node>
</interfaceDefinition>