<?xml version="1.0"?>
<interfaceDefinition>
  <node name="service">
    <children>
      <node name="https" owner="${vyos_conf_scripts_dir}/service_https.py">
        <properties>
          <help>HTTPS configuration</help>
          <priority>1001</priority>
        </properties>
        <children>
          <node name="api">
            <properties>
              <help>VyOS HTTP API configuration</help>
            </properties>
            <children>
              <node name="keys">
                <properties>
                  <help>HTTP API keys</help>
                </properties>
                <children>
                  <tagNode name="id">
                    <properties>
                      <help>HTTP API id</help>
                    </properties>
                    <children>
                      <leafNode name="key">
                        <properties>
                          <help>HTTP API plaintext key</help>
                        </properties>
                      </leafNode>
                    </children>
                  </tagNode>
                </children>
              </node>
              <leafNode name="strict">
                <properties>
                  <help>Enforce strict path checking</help>
                  <valueless/>
                </properties>
              </leafNode>
              <leafNode name="debug">
                <properties>
                  <help>Debug</help>
                  <valueless/>
                  <hidden/>
                </properties>
              </leafNode>
              <node name="graphql">
                <properties>
                  <help>GraphQL support</help>
                </properties>
                <children>
                  <leafNode name="introspection">
                    <properties>
                      <help>Schema introspection</help>
                      <valueless/>
                    </properties>
                  </leafNode>
                  <node name="authentication">
                    <properties>
                      <help>GraphQL authentication</help>
                    </properties>
                    <children>
                      <leafNode name="type">
                        <properties>
                          <help>Authentication type</help>
                          <completionHelp>
                            <list>key token</list>
                          </completionHelp>
                          <valueHelp>
                            <format>key</format>
                            <description>Use API keys</description>
                          </valueHelp>
                          <valueHelp>
                            <format>token</format>
                            <description>Use JWT token</description>
                          </valueHelp>
                          <constraint>
                            <regex>(key|token)</regex>
                          </constraint>
                        </properties>
                        <defaultValue>key</defaultValue>
                      </leafNode>
                      <leafNode name="expiration">
                        <properties>
                          <help>Token time to expire in seconds</help>
                          <valueHelp>
                            <format>u32:60-31536000</format>
                            <description>Token lifetime in seconds</description>
                          </valueHelp>
                          <constraint>
                            <validator name="numeric" argument="--range 60-31536000"/>
                          </constraint>
                        </properties>
                        <defaultValue>3600</defaultValue>
                      </leafNode>
                      <leafNode name="secret-length">
                        <properties>
                          <help>Length of shared secret in bytes</help>
                          <valueHelp>
                            <format>u32:16-65535</format>
                            <description>Byte length of generated shared secret</description>
                          </valueHelp>
                          <constraint>
                            <validator name="numeric" argument="--range 16-65535"/>
                          </constraint>
                        </properties>
                        <defaultValue>32</defaultValue>
                      </leafNode>
                    </children>
                  </node>
                </children>
              </node>
              <node name="cors">
                <properties>
                  <help>Set CORS options</help>
                </properties>
                <children>
                  <leafNode name="allow-origin">
                    <properties>
                      <help>Allow resource request from origin</help>
                      <multi/>
                    </properties>
                  </leafNode>
                </children>
              </node>
            </children>
          </node>
          #include <include/allow-client.xml.i>
          <leafNode name="enable-http-redirect">
            <properties>
              <help>Enable HTTP to HTTPS redirect</help>
              <valueless/>
            </properties>
          </leafNode>
          #include <include/listen-address.xml.i>
          #include <include/port-number.xml.i>
          <leafNode name='port'>
            <defaultValue>443</defaultValue>
          </leafNode>
          <leafNode name="request-body-size-limit">
            <properties>
              <help>Maximum request body size in megabytes</help>
              <valueHelp>
                <format>u32:1-256</format>
                <description>Request body size in megabytes</description>
              </valueHelp>
              <constraint>
                <validator name="numeric" argument="--range 1-256"/>
              </constraint>
            </properties>
            <defaultValue>1</defaultValue>
          </leafNode>
          <node name="certificates">
            <properties>
              <help>TLS certificates</help>
            </properties>
            <children>
              #include <include/pki/ca-certificate.xml.i>
              #include <include/pki/certificate.xml.i>
              #include <include/pki/dh-params.xml.i>
            </children>
          </node>
          <leafNode name="tls-version">
            <properties>
              <help>Specify available TLS version(s)</help>
              <completionHelp>
                <list>1.2 1.3</list>
              </completionHelp>
              <valueHelp>
                <format>1.2</format>
                <description>TLSv1.2</description>
              </valueHelp>
              <valueHelp>
                <format>1.3</format>
                <description>TLSv1.3</description>
              </valueHelp>
              <constraint>
                <regex>(1.2|1.3)</regex>
              </constraint>
              <multi/>
            </properties>
            <defaultValue>1.2 1.3</defaultValue>
          </leafNode>
          #include <include/interface/vrf.xml.i>
        </children>
      </node>
    </children>
  </node>
</interfaceDefinition>