T4958: ocserv: openconnect: refactor RADIUS accounting support

3 files changed, 14 insertions, 20 deletions

diff --git a/data/templates/ocserv/ocserv_config.j2 b/data/templates/ocserv/ocserv_config.j2
index aa8897703..aa1073bca 100644
--- a/data/templates/ocserv/ocserv_config.j2
+++ b/data/templates/ocserv/ocserv_config.j2
@@ -10,7 +10,7 @@ udp-port = {{ listen_ports.udp }}
 run-as-user = nobody
 run-as-group = daemon
 
-{% if "radius" in accounting.mode %}
+{% if accounting.mode.radius is vyos_defined %}
 acct = "radius [config=/run/ocserv/radiusclient.conf]"
 {% endif %}
 
diff --git a/data/templates/ocserv/radius_conf.j2 b/data/templates/ocserv/radius_conf.j2
index 65548e3ad..1ab322f69 100644
--- a/data/templates/ocserv/radius_conf.j2
+++ b/data/templates/ocserv/radius_conf.j2
@@ -2,27 +2,23 @@
 nas-identifier VyOS
 
 #### Accounting
-{% if "radius" in accounting['mode'] %}
-{%     for acctsrv in accounting['radius']['server'] %}
-{%         if not "disable" in accounting['radius']['server'][acctsrv] %}
-{%             if "port" in accounting['radius']['server'][acctsrv] %}
-acctserver {{ acctsrv }}:{{ accounting['radius']['server'][acctsrv]['port'] }}
-{%             else %}
+{% if accounting.mode.radius is vyos_defined %}
+{%     for acctsrv, srv_conf in accounting.radius.server.items() if 'disable' not in srv_conf %}
+{%         if srv_conf.port is vyos_defined %}
+acctserver {{ acctsrv }}:{{ srv_conf.port }}
+{%         else %}
 acctserver {{ acctsrv }}
-{%             endif %}
 {%         endif %}
 {%     endfor %}
 {% endif %}
 
 #### Authentication
-{% if "radius" in authentication['mode'] %}
-{%     for authsrv in authentication['radius']['server'] %}
-{%         if not "disable" in authentication['radius']['server'][authsrv] %}
-{%             if "port" in authentication['radius']['server'][authsrv] %}
-authserver {{ authsrv }}:{{ authentication['radius']['server'][authsrv]['port'] }}
-{%             else %}
+{% if authentication.mode.radius is vyos_defined %}
+{%     for authsrv, srv_conf in authentication.radius.server.items() if 'disable' not in srv_conf %}
+{%         if srv_conf.port is vyos_defined %}
+authserver {{ authsrv }}:{{ srv_conf.port }}
+{%         else %}
 authserver {{ authsrv }}
-{%             endif %}
 {%         endif %}
 {%     endfor %}
 radius_timeout {{ authentication['radius']['timeout'] }}
diff --git a/src/conf_mode/vpn_openconnect.py b/src/conf_mode/vpn_openconnect.py
index 12ddac23c..737e23145 100755
--- a/src/conf_mode/vpn_openconnect.py
+++ b/src/conf_mode/vpn_openconnect.py
@@ -210,18 +210,16 @@ def generate(ocserv):
         return None
 
     if "radius" in ocserv["authentication"]["mode"]:
-        if "accounting" in ocserv and "mode" in ocserv["accounting"] and "radius" in ocserv["accounting"]["mode"]:
-            acct_and_auth_config = {'accounting': ocserv["accounting"], 'authentication': ocserv["authentication"]}
+        if dict_search(ocserv, 'accounting.mode.radius'):
             # Render radius client configuration
-            render(radius_cfg, 'ocserv/radius_conf.j2', acct_and_auth_config)
+            render(radius_cfg, 'ocserv/radius_conf.j2', ocserv)
             merged_servers = ocserv["accounting"]["radius"]["server"] | ocserv["authentication"]["radius"]["server"]
             # Render radius servers
             # Merge the accounting and authentication servers into a single dictionary
             render(radius_servers, 'ocserv/radius_servers.j2', {'server': merged_servers})
         else:
-            acct_and_auth_config = {'accounting': {'mode': ''}, 'authentication': ocserv['authentication']}
             # Render radius client configuration
-            render(radius_cfg, 'ocserv/radius_conf.j2', acct_and_auth_config)
+            render(radius_cfg, 'ocserv/radius_conf.j2', ocserv)
             # Render radius servers
             render(radius_servers, 'ocserv/radius_servers.j2', ocserv["authentication"]["radius"])
     elif "local" in ocserv["authentication"]["mode"]: