diff options
| author | Christian Poessinger <christian@poessinger.com> | 2022-05-01 20:42:45 +0200 |
|---|---|---|
| committer | Christian Poessinger <christian@poessinger.com> | 2022-05-01 20:42:45 +0200 |
| commit | 01bdf2dfdb09bf9dd7ca4e7b49def302b2cd7c29 (patch) | |
| tree | a27b8384d224819dc93ada5ede8c92c3aaee1e75 | |
| parent | 780d4fe16cd8471ca4fd27ba43fea998ef0240f0 (diff) | |
| download | vyos-1x-01bdf2dfdb09bf9dd7ca4e7b49def302b2cd7c29.tar.gz vyos-1x-01bdf2dfdb09bf9dd7ca4e7b49def302b2cd7c29.zip | |
openconnect: T4353: fix Jinja2 linting errors
| -rw-r--r-- | data/templates/ocserv/ocserv_config.j2 (renamed from data/templates/ocserv/ocserv_config.tmpl) | 38 | ||||
| -rw-r--r-- | data/templates/ocserv/ocserv_otp_usr.j2 (renamed from data/templates/ocserv/ocserv_otp_usr.tmpl) | 8 | ||||
| -rw-r--r-- | data/templates/ocserv/ocserv_passwd.j2 (renamed from data/templates/ocserv/ocserv_passwd.tmpl) | 0 | ||||
| -rw-r--r-- | data/templates/ocserv/radius_conf.j2 (renamed from data/templates/ocserv/radius_conf.tmpl) | 12 | ||||
| -rw-r--r-- | data/templates/ocserv/radius_servers.j2 | 7 | ||||
| -rw-r--r-- | data/templates/ocserv/radius_servers.tmpl | 7 | ||||
| -rwxr-xr-x | src/conf_mode/vpn_openconnect.py | 18 |
7 files changed, 45 insertions, 45 deletions
diff --git a/data/templates/ocserv/ocserv_config.tmpl b/data/templates/ocserv/ocserv_config.j2 index 05b85a610..8418a2185 100644 --- a/data/templates/ocserv/ocserv_config.tmpl +++ b/data/templates/ocserv/ocserv_config.j2 @@ -9,13 +9,13 @@ run-as-group = daemon {% if "radius" in authentication.mode %} auth = "radius [config=/run/ocserv/radiusclient.conf]" {% elif "local" in authentication.mode %} -{% if authentication.mode.local == "password-otp" %} +{% if authentication.mode.local == "password-otp" %} auth = "plain[passwd=/run/ocserv/ocpasswd,otp=/run/ocserv/users.oath]" -{% elif authentication.mode.local == "otp" %} +{% elif authentication.mode.local == "otp" %} auth = "plain[otp=/run/ocserv/users.oath]" -{% else %} +{% else %} auth = "plain[/run/ocserv/ocpasswd]" -{% endif %} +{% endif %} {% else %} auth = "plain[/run/ocserv/ocpasswd]" {% endif %} @@ -23,9 +23,9 @@ auth = "plain[/run/ocserv/ocpasswd]" {% if ssl.certificate is vyos_defined %} server-cert = /run/ocserv/cert.pem server-key = /run/ocserv/cert.key -{% if ssl.passphrase is vyos_defined %} +{% if ssl.passphrase is vyos_defined %} key-pin = {{ ssl.passphrase }} -{% endif %} +{% endif %} {% endif %} {% if ssl.ca_certificate is vyos_defined %} @@ -59,33 +59,33 @@ device = sslvpn # An alternative way of specifying the network: {% if network_settings %} # DNS settings -{% if network_settings.name_server is string %} +{% if network_settings.name_server is string %} dns = {{ network_settings.name_server }} -{% else %} -{% for dns in network_settings.name_server %} +{% else %} +{% for dns in network_settings.name_server %} dns = {{ dns }} -{% endfor %} -{% endif %} +{% endfor %} +{% endif %} # IPv4 network pool -{% if network_settings.client_ip_settings %} -{% if network_settings.client_ip_settings.subnet %} +{% if network_settings.client_ip_settings %} +{% if network_settings.client_ip_settings.subnet %} ipv4-network = {{ network_settings.client_ip_settings.subnet }} +{% endif %} {% endif %} -{% endif %} # IPv6 network pool -{% if network_settings.client_ipv6_pool %} -{% if network_settings.client_ipv6_pool.prefix %} +{% if network_settings.client_ipv6_pool %} +{% if network_settings.client_ipv6_pool.prefix %} ipv6-network = {{ network_settings.client_ipv6_pool.prefix }} ipv6-subnet-prefix = {{ network_settings.client_ipv6_pool.mask }} +{% endif %} {% endif %} -{% endif %} {% endif %} {% if network_settings.push_route is string %} route = {{ network_settings.push_route }} {% else %} -{% for route in network_settings.push_route %} +{% for route in network_settings.push_route %} route = {{ route }} -{% endfor %} +{% endfor %} {% endif %} diff --git a/data/templates/ocserv/ocserv_otp_usr.tmpl b/data/templates/ocserv/ocserv_otp_usr.j2 index 18de5fec6..b2511ed94 100644 --- a/data/templates/ocserv/ocserv_otp_usr.tmpl +++ b/data/templates/ocserv/ocserv_otp_usr.j2 @@ -1,8 +1,8 @@ #<token_type> <username> <pin> <secret_hex_key> <counter> <lastpass> <time> {% if username is vyos_defined %} -{% for user, user_config in username.items() %} -{% if user_config.disable is not vyos_defined and user_config.otp is vyos_defined %} +{% for user, user_config in username.items() %} +{% if user_config.disable is not vyos_defined and user_config.otp is vyos_defined %} {{ user_config.otp.token_tmpl }} {{ user }} {{ user_config.otp.pin | default("-", true) }} {{ user_config.otp.key }} -{% endif %} -{% endfor %} +{% endif %} +{% endfor %} {% endif %} diff --git a/data/templates/ocserv/ocserv_passwd.tmpl b/data/templates/ocserv/ocserv_passwd.j2 index 30c79d66a..30c79d66a 100644 --- a/data/templates/ocserv/ocserv_passwd.tmpl +++ b/data/templates/ocserv/ocserv_passwd.j2 diff --git a/data/templates/ocserv/radius_conf.tmpl b/data/templates/ocserv/radius_conf.j2 index 1712d83ef..b6612fee5 100644 --- a/data/templates/ocserv/radius_conf.tmpl +++ b/data/templates/ocserv/radius_conf.j2 @@ -1,13 +1,13 @@ ### generated by vpn_openconnect.py ### nas-identifier VyOS {% for srv in server %} -{% if not "disable" in server[srv] %} -{% if "port" in server[srv] %} -authserver {{ srv }}:{{server[srv]["port"]}} -{% else %} +{% if not "disable" in server[srv] %} +{% if "port" in server[srv] %} +authserver {{ srv }}:{{ server[srv]["port"] }} +{% else %} authserver {{ srv }} +{% endif %} {% endif %} -{% endif %} {% endfor %} radius_timeout {{ timeout }} {% if source_address %} @@ -15,7 +15,7 @@ bindaddr {{ source_address }} {% else %} bindaddr * {% endif %} -servers /run/ocserv/radius_servers +servers /run/ocserv/radius_servers dictionary /etc/radcli/dictionary default_realm radius_retries 3 diff --git a/data/templates/ocserv/radius_servers.j2 b/data/templates/ocserv/radius_servers.j2 new file mode 100644 index 000000000..302e91600 --- /dev/null +++ b/data/templates/ocserv/radius_servers.j2 @@ -0,0 +1,7 @@ +### generated by vpn_openconnect.py ### +# server key +{% for srv in server %} +{% if not "disable" in server[srv] %} +{{ srv }} {{ server[srv].key }} +{% endif %} +{% endfor %} diff --git a/data/templates/ocserv/radius_servers.tmpl b/data/templates/ocserv/radius_servers.tmpl deleted file mode 100644 index 7bacac992..000000000 --- a/data/templates/ocserv/radius_servers.tmpl +++ /dev/null @@ -1,7 +0,0 @@ -### generated by vpn_openconnect.py ### -# server key -{% for srv in server %} -{% if not "disable" in server[srv] %} -{{ srv }} {{ server[srv].key }} -{% endif %} -{% endfor %} diff --git a/src/conf_mode/vpn_openconnect.py b/src/conf_mode/vpn_openconnect.py index 84d31f9a5..8e0e30bbf 100755 --- a/src/conf_mode/vpn_openconnect.py +++ b/src/conf_mode/vpn_openconnect.py @@ -157,9 +157,9 @@ def generate(ocserv): if "radius" in ocserv["authentication"]["mode"]: # Render radius client configuration - render(radius_cfg, 'ocserv/radius_conf.tmpl', ocserv["authentication"]["radius"]) + render(radius_cfg, 'ocserv/radius_conf.j2', ocserv["authentication"]["radius"]) # Render radius servers - render(radius_servers, 'ocserv/radius_servers.tmpl', ocserv["authentication"]["radius"]) + render(radius_servers, 'ocserv/radius_servers.j2', ocserv["authentication"]["radius"]) elif "local" in ocserv["authentication"]["mode"]: # if mode "OTP", generate OTP users file parameters if "otp" in ocserv["authentication"]["mode"]["local"]: @@ -184,24 +184,24 @@ def generate(ocserv): if "password-otp" in ocserv["authentication"]["mode"]["local"]: # Render local users ocpasswd - render(ocserv_passwd, 'ocserv/ocserv_passwd.tmpl', ocserv["authentication"]["local_users"]) + render(ocserv_passwd, 'ocserv/ocserv_passwd.j2', ocserv["authentication"]["local_users"]) # Render local users OTP keys - render(ocserv_otp_usr, 'ocserv/ocserv_otp_usr.tmpl', ocserv["authentication"]["local_users"]) + render(ocserv_otp_usr, 'ocserv/ocserv_otp_usr.j2', ocserv["authentication"]["local_users"]) elif "password" in ocserv["authentication"]["mode"]["local"]: # Render local users ocpasswd - render(ocserv_passwd, 'ocserv/ocserv_passwd.tmpl', ocserv["authentication"]["local_users"]) + render(ocserv_passwd, 'ocserv/ocserv_passwd.j2', ocserv["authentication"]["local_users"]) elif "otp" in ocserv["authentication"]["mode"]["local"]: # Render local users OTP keys - render(ocserv_otp_usr, 'ocserv/ocserv_otp_usr.tmpl', ocserv["authentication"]["local_users"]) + render(ocserv_otp_usr, 'ocserv/ocserv_otp_usr.j2', ocserv["authentication"]["local_users"]) else: # Render local users ocpasswd - render(ocserv_passwd, 'ocserv/ocserv_passwd.tmpl', ocserv["authentication"]["local_users"]) + render(ocserv_passwd, 'ocserv/ocserv_passwd.j2', ocserv["authentication"]["local_users"]) else: if "local_users" in ocserv["authentication"]: for user in ocserv["authentication"]["local_users"]["username"]: ocserv["authentication"]["local_users"]["username"][user]["hash"] = get_hash(ocserv["authentication"]["local_users"]["username"][user]["password"]) # Render local users - render(ocserv_passwd, 'ocserv/ocserv_passwd.tmpl', ocserv["authentication"]["local_users"]) + render(ocserv_passwd, 'ocserv/ocserv_passwd.j2', ocserv["authentication"]["local_users"]) if "ssl" in ocserv: cert_file_path = os.path.join(cfg_dir, 'cert.pem') @@ -227,7 +227,7 @@ def generate(ocserv): f.write(wrap_certificate(pki_ca_cert['certificate'])) # Render config - render(ocserv_conf, 'ocserv/ocserv_config.tmpl', ocserv) + render(ocserv_conf, 'ocserv/ocserv_config.j2', ocserv) def apply(ocserv): |