diff options
author | Christian Breunig <christian@breunig.cc> | 2024-01-04 07:56:35 +0100 |
---|---|---|
committer | GitHub <noreply@github.com> | 2024-01-04 07:56:35 +0100 |
commit | ada6b103f15b5871fa28c5e194afcd2f5019b2e4 (patch) | |
tree | c8c6cdbdeccd48ff60a0ef6b0b6ed0d339687969 | |
parent | c08fea7a5d98e1626788280ac51f7131f3f29308 (diff) | |
parent | b152b52023ba0cf0d4919eae39e92de28a458917 (diff) | |
download | vyos-1x-ada6b103f15b5871fa28c5e194afcd2f5019b2e4.tar.gz vyos-1x-ada6b103f15b5871fa28c5e194afcd2f5019b2e4.zip |
Merge pull request #2750 from c-po/configdict-T5894
configdict: T5894: add get_config_dict() flag with_pki
21 files changed, 78 insertions, 86 deletions
diff --git a/interface-definitions/include/accel-ppp/client-ip-pool.xml.i b/interface-definitions/include/accel-ppp/client-ip-pool.xml.i index dff574e6c..71fe69f8d 100644 --- a/interface-definitions/include/accel-ppp/client-ip-pool.xml.i +++ b/interface-definitions/include/accel-ppp/client-ip-pool.xml.i @@ -7,7 +7,7 @@ <description>Name of IP pool</description> </valueHelp> <constraint> - <regex>[-_a-zA-Z0-9.]+</regex> + #include <include/constraint/alpha-numeric-hyphen-underscore-dot.xml.i> </constraint> </properties> <children> @@ -37,7 +37,7 @@ <description>Name of IP pool</description> </valueHelp> <constraint> - <regex>[-_a-zA-Z0-9.]+</regex> + #include <include/constraint/alpha-numeric-hyphen-underscore-dot.xml.i> </constraint> </properties> </leafNode> diff --git a/interface-definitions/include/accel-ppp/default-pool.xml.i b/interface-definitions/include/accel-ppp/default-pool.xml.i index 832594c12..a08b066b1 100644 --- a/interface-definitions/include/accel-ppp/default-pool.xml.i +++ b/interface-definitions/include/accel-ppp/default-pool.xml.i @@ -7,7 +7,7 @@ <description>Default IP pool</description> </valueHelp> <constraint> - <regex>[-_a-zA-Z0-9.]+</regex> + #include <include/constraint/alpha-numeric-hyphen-underscore-dot.xml.i> </constraint> </properties> </leafNode> diff --git a/interface-definitions/include/bgp/afi-route-map-export-import.xml.i b/interface-definitions/include/bgp/afi-route-map-export-import.xml.i index c218937c8..388991241 100644 --- a/interface-definitions/include/bgp/afi-route-map-export-import.xml.i +++ b/interface-definitions/include/bgp/afi-route-map-export-import.xml.i @@ -10,7 +10,7 @@ <description>Route map name</description> </valueHelp> <constraint> - <regex>[-_a-zA-Z0-9.]+</regex> + #include <include/constraint/alpha-numeric-hyphen-underscore-dot.xml.i> </constraint> <constraintErrorMessage>Name of route-map can only contain alpha-numeric letters, hyphen and underscores</constraintErrorMessage> </properties> @@ -26,7 +26,7 @@ <description>Route map name</description> </valueHelp> <constraint> - <regex>[-_a-zA-Z0-9.]+</regex> + #include <include/constraint/alpha-numeric-hyphen-underscore-dot.xml.i> </constraint> <constraintErrorMessage>Name of route-map can only contain alpha-numeric letters, hyphen and underscores</constraintErrorMessage> </properties> diff --git a/interface-definitions/include/bgp/neighbor-afi-ipv4-ipv6-common.xml.i b/interface-definitions/include/bgp/neighbor-afi-ipv4-ipv6-common.xml.i index 9ec513da9..c8ad68700 100644 --- a/interface-definitions/include/bgp/neighbor-afi-ipv4-ipv6-common.xml.i +++ b/interface-definitions/include/bgp/neighbor-afi-ipv4-ipv6-common.xml.i @@ -28,7 +28,7 @@ <description>Route map name</description> </valueHelp> <constraint> - <regex>[-_a-zA-Z0-9.]+</regex> + #include <include/constraint/alpha-numeric-hyphen-underscore-dot.xml.i> </constraint> <constraintErrorMessage>Name of route-map can only contain alpha-numeric letters, hyphen and underscores</constraintErrorMessage> </properties> @@ -44,7 +44,7 @@ <description>Route map name</description> </valueHelp> <constraint> - <regex>[-_a-zA-Z0-9.]+</regex> + #include <include/constraint/alpha-numeric-hyphen-underscore-dot.xml.i> </constraint> <constraintErrorMessage>Name of route-map can only contain alpha-numeric letters, hyphen and underscores</constraintErrorMessage> </properties> @@ -60,7 +60,7 @@ <description>Route map name</description> </valueHelp> <constraint> - <regex>[-_a-zA-Z0-9.]+</regex> + #include <include/constraint/alpha-numeric-hyphen-underscore-dot.xml.i> </constraint> <constraintErrorMessage>Name of route-map can only contain alpha-numeric letters, hyphen and underscores</constraintErrorMessage> </properties> @@ -185,7 +185,7 @@ <description>Route map name</description> </valueHelp> <constraint> - <regex>[-_a-zA-Z0-9.]+</regex> + #include <include/constraint/alpha-numeric-hyphen-underscore-dot.xml.i> </constraint> <constraintErrorMessage>Name of route-map can only contain alpha-numeric letters, hyphen and underscores</constraintErrorMessage> </properties> diff --git a/interface-definitions/include/constraint/alpha-numeric-hyphen-underscore-dot.xml.i b/interface-definitions/include/constraint/alpha-numeric-hyphen-underscore-dot.xml.i new file mode 100644 index 000000000..7aeb85260 --- /dev/null +++ b/interface-definitions/include/constraint/alpha-numeric-hyphen-underscore-dot.xml.i @@ -0,0 +1,3 @@ +<!-- include start from constraint/alpha-numeric-hyphen-underscore-dot.xml.i --> +<regex>[-_a-zA-Z0-9.]+</regex> +<!-- include end --> diff --git a/interface-definitions/include/route-map.xml.i b/interface-definitions/include/route-map.xml.i index 019868373..e49c388d6 100644 --- a/interface-definitions/include/route-map.xml.i +++ b/interface-definitions/include/route-map.xml.i @@ -10,7 +10,7 @@ <description>Route map name</description> </valueHelp> <constraint> - <regex>[-_a-zA-Z0-9.]+</regex> + #include <include/constraint/alpha-numeric-hyphen-underscore-dot.xml.i> </constraint> <constraintErrorMessage>Name of route-map can only contain alpha-numeric letters, hyphen and underscores</constraintErrorMessage> </properties> diff --git a/interface-definitions/pki.xml.in b/interface-definitions/pki.xml.in index 3449819be..097c541ac 100644 --- a/interface-definitions/pki.xml.in +++ b/interface-definitions/pki.xml.in @@ -9,6 +9,9 @@ <tagNode name="ca"> <properties> <help>Certificate Authority</help> + <constraint> + #include <include/constraint/alpha-numeric-hyphen-underscore-dot.xml.i> + </constraint> </properties> <children> <leafNode name="certificate"> @@ -64,6 +67,9 @@ <tagNode name="certificate"> <properties> <help>Certificate</help> + <constraint> + #include <include/constraint/alpha-numeric-hyphen-underscore-dot.xml.i> + </constraint> </properties> <children> <leafNode name="certificate"> @@ -109,6 +115,9 @@ <tagNode name="dh"> <properties> <help>Diffie-Hellman parameters</help> + <constraint> + #include <include/constraint/alpha-numeric-hyphen-underscore-dot.xml.i> + </constraint> </properties> <children> <leafNode name="parameters"> diff --git a/interface-definitions/policy.xml.in b/interface-definitions/policy.xml.in index 0d2ed9746..0d82cd3f8 100644 --- a/interface-definitions/policy.xml.in +++ b/interface-definitions/policy.xml.in @@ -476,7 +476,7 @@ <description>Route map name</description> </valueHelp> <constraint> - <regex>[-_a-zA-Z0-9.]+</regex> + #include <include/constraint/alpha-numeric-hyphen-underscore-dot.xml.i> </constraint> <constraintErrorMessage>Name of route-map can only contain alpha-numeric letters, hyphen and underscores</constraintErrorMessage> </properties> diff --git a/interface-definitions/service_dhcp-server.xml.in b/interface-definitions/service_dhcp-server.xml.in index e35d845f1..8e13f9372 100644 --- a/interface-definitions/service_dhcp-server.xml.in +++ b/interface-definitions/service_dhcp-server.xml.in @@ -38,7 +38,7 @@ <properties> <help>Peer name used to identify connection</help> <constraint> - <regex>[-_a-zA-Z0-9.]+</regex> + #include <include/constraint/alpha-numeric-hyphen-underscore-dot.xml.i> </constraint> <constraintErrorMessage>Invalid failover peer name. May only contain letters, numbers and .-_</constraintErrorMessage> </properties> @@ -78,7 +78,7 @@ <properties> <help>Name of DHCP shared network</help> <constraint> - <regex>[-_a-zA-Z0-9.]+</regex> + #include <include/constraint/alpha-numeric-hyphen-underscore-dot.xml.i> </constraint> <constraintErrorMessage>Invalid shared network name. May only contain letters, numbers and .-_</constraintErrorMessage> </properties> @@ -251,7 +251,7 @@ <properties> <help>DHCP lease range</help> <constraint> - <regex>[-_a-zA-Z0-9.]+</regex> + #include <include/constraint/alpha-numeric-hyphen-underscore-dot.xml.i> </constraint> <constraintErrorMessage>Invalid range name, may only be alphanumeric, dot and hyphen</constraintErrorMessage> </properties> diff --git a/interface-definitions/service_dhcpv6-server.xml.in b/interface-definitions/service_dhcpv6-server.xml.in index 102c164a6..6f7f3c1da 100644 --- a/interface-definitions/service_dhcpv6-server.xml.in +++ b/interface-definitions/service_dhcpv6-server.xml.in @@ -34,7 +34,7 @@ <properties> <help>DHCPv6 shared network name</help> <constraint> - <regex>[-_a-zA-Z0-9.]+</regex> + #include <include/constraint/alpha-numeric-hyphen-underscore-dot.xml.i> </constraint> <constraintErrorMessage>Invalid DHCPv6 shared network name. May only contain letters, numbers and .-_</constraintErrorMessage> </properties> @@ -185,7 +185,7 @@ <properties> <help>NIS domain name for client to use</help> <constraint> - <regex>[-_a-zA-Z0-9.]+</regex> + #include <include/constraint/alpha-numeric-hyphen-underscore-dot.xml.i> </constraint> <constraintErrorMessage>Invalid NIS domain name</constraintErrorMessage> </properties> @@ -207,7 +207,7 @@ <properties> <help>NIS+ domain name for client to use</help> <constraint> - <regex>[-_a-zA-Z0-9.]+</regex> + #include <include/constraint/alpha-numeric-hyphen-underscore-dot.xml.i> </constraint> <constraintErrorMessage>Invalid NIS+ domain name. May only contain letters, numbers and .-_</constraintErrorMessage> </properties> diff --git a/python/vyos/config.py b/python/vyos/config.py index 0ca41718f..ca7b035e5 100644 --- a/python/vyos/config.py +++ b/python/vyos/config.py @@ -29,7 +29,7 @@ There are multiple types of config tree nodes in VyOS, each requires its own set of operations. *Leaf nodes* (such as "address" in interfaces) can have values, but cannot -have children. +have children. Leaf nodes can have one value, multiple values, or no values at all. For example, "system host-name" is a single-value leaf node, @@ -258,7 +258,9 @@ class Config(object): def get_config_dict(self, path=[], effective=False, key_mangling=None, get_first_key=False, no_multi_convert=False, no_tag_node_value_mangle=False, - with_defaults=False, with_recursive_defaults=False): + with_defaults=False, + with_recursive_defaults=False, + with_pki=False): """ Args: path (str list): Configuration tree path, can be empty @@ -274,6 +276,7 @@ class Config(object): del kwargs['no_multi_convert'] del kwargs['with_defaults'] del kwargs['with_recursive_defaults'] + del kwargs['with_pki'] lpath = self._make_path(path) root_dict = self.get_cached_root_dict(effective) @@ -298,6 +301,13 @@ class Config(object): else: conf_dict = ConfigDict(conf_dict) + if with_pki and conf_dict: + pki_dict = self.get_config_dict(['pki'], key_mangling=('-', '_'), + no_tag_node_value_mangle=True, + get_first_key=True) + if pki_dict: + conf_dict['pki'] = pki_dict + # save optional args for a call to get_config_defaults setattr(conf_dict, '_dict_kwargs', kwargs) diff --git a/python/vyos/configdict.py b/python/vyos/configdict.py index 6a421485f..4111d7271 100644 --- a/python/vyos/configdict.py +++ b/python/vyos/configdict.py @@ -163,6 +163,9 @@ def node_changed(conf, path, key_mangling=None, recursive=False, expand_nodes=No output.extend(list(tmp['delete'].keys())) if expand_nodes & Diff.ADD: output.extend(list(tmp['add'].keys())) + + # remove duplicate keys from list, this happens when a node (e.g. description) is altered + output = list(dict.fromkeys(output)) return output def get_removed_vlans(conf, path, dict): @@ -424,7 +427,7 @@ def get_pppoe_interfaces(conf, vrf=None): return pppoe_interfaces -def get_interface_dict(config, base, ifname='', recursive_defaults=True): +def get_interface_dict(config, base, ifname='', recursive_defaults=True, with_pki=False): """ Common utility function to retrieve and mangle the interfaces configuration from the CLI input nodes. All interfaces have a common base where value @@ -456,7 +459,8 @@ def get_interface_dict(config, base, ifname='', recursive_defaults=True): get_first_key=True, no_tag_node_value_mangle=True, with_defaults=True, - with_recursive_defaults=recursive_defaults) + with_recursive_defaults=recursive_defaults, + with_pki=with_pki) # If interface does not request an IPv4 DHCP address there is no need # to keep the dhcp-options key @@ -620,7 +624,7 @@ def get_vlan_ids(interface): return vlan_ids -def get_accel_dict(config, base, chap_secrets): +def get_accel_dict(config, base, chap_secrets, with_pki=False): """ Common utility function to retrieve and mangle the Accel-PPP configuration from different CLI input nodes. All Accel-PPP services have a common base @@ -635,7 +639,8 @@ def get_accel_dict(config, base, chap_secrets): dict = config.get_config_dict(base, key_mangling=('-', '_'), get_first_key=True, no_tag_node_value_mangle=True, - with_recursive_defaults=True) + with_recursive_defaults=True, + with_pki=with_pki) # set CPUs cores to process requests dict.update({'thread_count' : get_half_cpus()}) diff --git a/smoketest/scripts/cli/test_service_https.py b/smoketest/scripts/cli/test_service_https.py index 703e3e8c4..280932fd7 100755 --- a/smoketest/scripts/cli/test_service_https.py +++ b/smoketest/scripts/cli/test_service_https.py @@ -395,8 +395,7 @@ class TestHTTPSService(VyOSUnitTestSHIM.TestCase): @ignore_warning(InsecureRequestWarning) def test_api_config_file_load_http(self): - """Test load config from HTTP URL - """ + # Test load config from HTTP URL address = '127.0.0.1' key = 'VyOS-key' url = f'https://{address}/config-file' diff --git a/src/conf_mode/interfaces_ethernet.py b/src/conf_mode/interfaces_ethernet.py index 7374a29f7..2c0f846c3 100755 --- a/src/conf_mode/interfaces_ethernet.py +++ b/src/conf_mode/interfaces_ethernet.py @@ -1,6 +1,6 @@ #!/usr/bin/env python3 # -# Copyright (C) 2019-2021 VyOS maintainers and contributors +# Copyright (C) 2019-2024 VyOS maintainers and contributors # # This program is free software; you can redistribute it and/or modify # it under the terms of the GNU General Public License version 2 or later as @@ -150,19 +150,12 @@ def get_config(config=None): else: conf = Config() - # This must be called prior to get_interface_dict(), as this function will - # alter the config level (config.set_level()) - pki = conf.get_config_dict(['pki'], key_mangling=('-', '_'), - get_first_key=True, no_tag_node_value_mangle=True) - base = ['interfaces', 'ethernet'] - ifname, ethernet = get_interface_dict(conf, base) + ifname, ethernet = get_interface_dict(conf, base, with_pki=True) + if 'is_bond_member' in ethernet: update_bond_options(conf, ethernet) - if 'deleted' not in ethernet: - if pki: ethernet['pki'] = pki - tmp = is_node_changed(conf, base + [ifname, 'speed']) if tmp: ethernet.update({'speed_duplex_changed': {}}) @@ -171,8 +164,6 @@ def get_config(config=None): return ethernet - - def verify_speed_duplex(ethernet: dict, ethtool: Ethtool): """ Verify speed and duplex diff --git a/src/conf_mode/interfaces_openvpn.py b/src/conf_mode/interfaces_openvpn.py index bdeb44837..45569dd21 100755 --- a/src/conf_mode/interfaces_openvpn.py +++ b/src/conf_mode/interfaces_openvpn.py @@ -1,6 +1,6 @@ #!/usr/bin/env python3 # -# Copyright (C) 2019-2023 VyOS maintainers and contributors +# Copyright (C) 2019-2024 VyOS maintainers and contributors # # This program is free software; you can redistribute it and/or modify # it under the terms of the GNU General Public License version 2 or later as @@ -89,16 +89,12 @@ def get_config(config=None): conf = Config() base = ['interfaces', 'openvpn'] - ifname, openvpn = get_interface_dict(conf, base) + ifname, openvpn = get_interface_dict(conf, base, with_pki=True) openvpn['auth_user_pass_file'] = '/run/openvpn/{ifname}.pw'.format(**openvpn) if 'deleted' in openvpn: return openvpn - openvpn['pki'] = conf.get_config_dict(['pki'], key_mangling=('-', '_'), - get_first_key=True, - no_tag_node_value_mangle=True) - if is_node_changed(conf, base + [ifname, 'openvpn-option']): openvpn.update({'restart_required': {}}) if is_node_changed(conf, base + [ifname, 'enable-dco']): @@ -167,9 +163,10 @@ def verify_pki(openvpn): raise ConfigError(f'Invalid shared-secret on openvpn interface {interface}') # If PSK settings are correct, warn about its deprecation - DeprecationWarning("OpenVPN shared-secret support will be removed in future VyOS versions.\n\ - Please migrate your site-to-site tunnels to TLS.\n\ - You can use self-signed certificates with peer fingerprint verification, consult the documentation for details.") + DeprecationWarning('OpenVPN shared-secret support will be removed in future '\ + 'VyOS versions. Please migrate your site-to-site tunnels to '\ + 'TLS. You can use self-signed certificates with peer fingerprint '\ + 'verification, consult the documentation for details.') if tls: if (mode in ['server', 'client']) and ('ca_certificate' not in tls): @@ -729,4 +726,3 @@ if __name__ == '__main__': except ConfigError as e: print(e) exit(1) - diff --git a/src/conf_mode/interfaces_sstpc.py b/src/conf_mode/interfaces_sstpc.py index b588910dc..b9d7a74fb 100755 --- a/src/conf_mode/interfaces_sstpc.py +++ b/src/conf_mode/interfaces_sstpc.py @@ -45,7 +45,7 @@ def get_config(config=None): else: conf = Config() base = ['interfaces', 'sstpc'] - ifname, sstpc = get_interface_dict(conf, base) + ifname, sstpc = get_interface_dict(conf, base, with_pki=True) # We should only terminate the SSTP client session if critical parameters # change. All parameters that can be changed on-the-fly (like interface @@ -57,10 +57,6 @@ def get_config(config=None): # bail out early - no need to further process other nodes break - # Load PKI certificates for later processing - sstpc['pki'] = conf.get_config_dict(['pki'], key_mangling=('-', '_'), - get_first_key=True, - no_tag_node_value_mangle=True) return sstpc def verify(sstpc): diff --git a/src/conf_mode/load-balancing_reverse-proxy.py b/src/conf_mode/load-balancing_reverse-proxy.py index 333ebc66c..7338fe573 100755 --- a/src/conf_mode/load-balancing_reverse-proxy.py +++ b/src/conf_mode/load-balancing_reverse-proxy.py @@ -1,6 +1,6 @@ #!/usr/bin/env python3 # -# Copyright (C) 2023 VyOS maintainers and contributors +# Copyright (C) 2023-2024 VyOS maintainers and contributors # # This program is free software; you can redistribute it and/or modify # it under the terms of the GNU General Public License version 2 or later as @@ -43,17 +43,14 @@ def get_config(config=None): conf = Config() base = ['load-balancing', 'reverse-proxy'] + if not conf.exists(base): + return None lb = conf.get_config_dict(base, get_first_key=True, key_mangling=('-', '_'), - no_tag_node_value_mangle=True) - - if lb: - lb['pki'] = conf.get_config_dict(['pki'], key_mangling=('-', '_'), - get_first_key=True, no_tag_node_value_mangle=True) - - if lb: - lb = conf.merge_defaults(lb, recursive=True) + no_tag_node_value_mangle=True, + with_recursive_defaults=True, + with_pki=True) return lb diff --git a/src/conf_mode/service_https.py b/src/conf_mode/service_https.py index 3dc5dfc01..cb40acc9f 100755 --- a/src/conf_mode/service_https.py +++ b/src/conf_mode/service_https.py @@ -1,6 +1,6 @@ #!/usr/bin/env python3 # -# Copyright (C) 2019-2023 VyOS maintainers and contributors +# Copyright (C) 2019-2024 VyOS maintainers and contributors # # This program is free software; you can redistribute it and/or modify # it under the terms of the GNU General Public License version 2 or later as @@ -78,12 +78,7 @@ def get_config(config=None): diff = get_config_diff(conf) - https = conf.get_config_dict(base, get_first_key=True) - - if https: - https['pki'] = conf.get_config_dict(['pki'], key_mangling=('-', '_'), - no_tag_node_value_mangle=True, - get_first_key=True) + https = conf.get_config_dict(base, get_first_key=True, with_pki=True) https['children_changed'] = diff.node_changed_children(base) https['api_add_or_delete'] = diff.node_changed_presence(base + ['api']) @@ -119,7 +114,7 @@ def verify(https): if 'certificate' in certificates: if not https['pki']: - raise ConfigError("PKI is not configured") + raise ConfigError('PKI is not configured') cert_name = certificates['certificate'] diff --git a/src/conf_mode/vpn_ipsec.py b/src/conf_mode/vpn_ipsec.py index 9e9385ddb..7fd32c230 100755 --- a/src/conf_mode/vpn_ipsec.py +++ b/src/conf_mode/vpn_ipsec.py @@ -1,6 +1,6 @@ #!/usr/bin/env python3 # -# Copyright (C) 2021-2023 VyOS maintainers and contributors +# Copyright (C) 2021-2024 VyOS maintainers and contributors # # This program is free software; you can redistribute it and/or modify # it under the terms of the GNU General Public License version 2 or later as @@ -87,15 +87,13 @@ def get_config(config=None): ipsec = conf.get_config_dict(base, key_mangling=('-', '_'), no_tag_node_value_mangle=True, get_first_key=True, - with_recursive_defaults=True) + with_recursive_defaults=True, + with_pki=True) ipsec['dhcp_no_address'] = {} ipsec['install_routes'] = 'no' if conf.exists(base + ["options", "disable-route-autoinstall"]) else default_install_routes ipsec['interface_change'] = leaf_node_changed(conf, base + ['interface']) ipsec['nhrp_exists'] = conf.exists(['protocols', 'nhrp', 'tunnel']) - ipsec['pki'] = conf.get_config_dict(['pki'], key_mangling=('-', '_'), - no_tag_node_value_mangle=True, - get_first_key=True) tmp = conf.get_config_dict(l2tp_base, key_mangling=('-', '_'), no_tag_node_value_mangle=True, diff --git a/src/conf_mode/vpn_openconnect.py b/src/conf_mode/vpn_openconnect.py index a039172c4..421ac6997 100755 --- a/src/conf_mode/vpn_openconnect.py +++ b/src/conf_mode/vpn_openconnect.py @@ -56,12 +56,8 @@ def get_config(config=None): ocserv = conf.get_config_dict(base, key_mangling=('-', '_'), get_first_key=True, - with_recursive_defaults=True) - - if ocserv: - ocserv['pki'] = conf.get_config_dict(['pki'], key_mangling=('-', '_'), - no_tag_node_value_mangle=True, - get_first_key=True) + with_recursive_defaults=True, + with_pki=True) return ocserv diff --git a/src/conf_mode/vpn_sstp.py b/src/conf_mode/vpn_sstp.py index ac053cc76..6bf9307e1 100755 --- a/src/conf_mode/vpn_sstp.py +++ b/src/conf_mode/vpn_sstp.py @@ -1,6 +1,6 @@ #!/usr/bin/env python3 # -# Copyright (C) 2018-2023 VyOS maintainers and contributors +# Copyright (C) 2018-2024 VyOS maintainers and contributors # # This program is free software; you can redistribute it and/or modify # it under the terms of the GNU General Public License version 2 or later as @@ -54,14 +54,11 @@ def get_config(config=None): return None # retrieve common dictionary keys - sstp = get_accel_dict(conf, base, sstp_chap_secrets) + sstp = get_accel_dict(conf, base, sstp_chap_secrets, with_pki=True) if dict_search('client_ip_pool', sstp): # Multiple named pools require ordered values T5099 sstp['ordered_named_pools'] = get_pools_in_order(dict_search('client_ip_pool', sstp)) - if sstp: - sstp['pki'] = conf.get_config_dict(['pki'], key_mangling=('-', '_'), - get_first_key=True, - no_tag_node_value_mangle=True) + sstp['server_type'] = 'sstp' return sstp |