diff options
author | Christian Poessinger <christian@poessinger.com> | 2020-12-29 10:52:24 +0100 |
---|---|---|
committer | Christian Poessinger <christian@poessinger.com> | 2020-12-29 10:55:39 +0100 |
commit | da23f084863d6bde2bb50fcc175129610fe2a603 (patch) | |
tree | 87f3726572b14e889c944fba1b020be8e3743b92 /interface-definitions | |
parent | 8568da747d7103b8adea9b925b74101ea818e328 (diff) | |
download | vyos-1x-da23f084863d6bde2bb50fcc175129610fe2a603.tar.gz vyos-1x-da23f084863d6bde2bb50fcc175129610fe2a603.zip |
xml: T1466: provide common includes for SSL certificate CLI nodes
Gather all SSL certificate, ca and key nodes into a single representation of
XML which can be #included into the XML definitions of the CLI interface to be
rendered.
Diffstat (limited to 'interface-definitions')
-rw-r--r-- | interface-definitions/include/certificate-ca.xml.i | 14 | ||||
-rw-r--r-- | interface-definitions/include/certificate-key.xml.i | 14 | ||||
-rw-r--r-- | interface-definitions/include/certificate.xml.i | 14 | ||||
-rw-r--r-- | interface-definitions/include/webproxy-url-filtering.xml.i | 238 | ||||
-rw-r--r-- | interface-definitions/interfaces-openvpn.xml.in | 39 | ||||
-rw-r--r-- | interface-definitions/vpn_ipsec.xml.in | 20 | ||||
-rw-r--r-- | interface-definitions/vpn_l2tp.xml.in | 10 | ||||
-rw-r--r-- | interface-definitions/vpn_openconnect.xml.in | 42 | ||||
-rw-r--r-- | interface-definitions/vpn_sstp.xml.in | 38 |
9 files changed, 173 insertions, 256 deletions
diff --git a/interface-definitions/include/certificate-ca.xml.i b/interface-definitions/include/certificate-ca.xml.i new file mode 100644 index 000000000..196cfa6d7 --- /dev/null +++ b/interface-definitions/include/certificate-ca.xml.i @@ -0,0 +1,14 @@ +<!-- included start from certificate-ca.xml.i --> +<leafNode name="ca-cert-file"> + <properties> + <help>Certificate Authority in x509 PEM format</help> + <valueHelp> + <format>file</format> + <description>File in /config/auth directory</description> + </valueHelp> + <constraint> + <validator name="file-exists" argument="--directory /config/auth"/> + </constraint> + </properties> +</leafNode> +<!-- included end --> diff --git a/interface-definitions/include/certificate-key.xml.i b/interface-definitions/include/certificate-key.xml.i new file mode 100644 index 000000000..3bfa4416d --- /dev/null +++ b/interface-definitions/include/certificate-key.xml.i @@ -0,0 +1,14 @@ +<!-- included start from certificate-key.xml.i --> +<leafNode name="key-file"> + <properties> + <help>Certificate private key in x509 PEM format</help> + <valueHelp> + <format>file</format> + <description>File in /config/auth directory</description> + </valueHelp> + <constraint> + <validator name="file-exists" argument="--directory /config/auth"/> + </constraint> + </properties> +</leafNode> +<!-- included end --> diff --git a/interface-definitions/include/certificate.xml.i b/interface-definitions/include/certificate.xml.i new file mode 100644 index 000000000..73ae2dace --- /dev/null +++ b/interface-definitions/include/certificate.xml.i @@ -0,0 +1,14 @@ +<!-- included start from certificate.xml.i --> +<leafNode name="cert-file"> + <properties> + <help>Certificate public key in x509 PEM format</help> + <valueHelp> + <format>file</format> + <description>File in /config/auth directory</description> + </valueHelp> + <constraint> + <validator name="file-exists" argument="--directory /config/auth"/> + </constraint> + </properties> +</leafNode> +<!-- included end --> diff --git a/interface-definitions/include/webproxy-url-filtering.xml.i b/interface-definitions/include/webproxy-url-filtering.xml.i index de6ebffde..07db0948f 100644 --- a/interface-definitions/include/webproxy-url-filtering.xml.i +++ b/interface-definitions/include/webproxy-url-filtering.xml.i @@ -1,119 +1,119 @@ -<!-- included start from webproxy-url-filtering.xml.i -->
-<leafNode name="allow-category">
- <properties>
- <help>Category to allow</help>
- <completionHelp>
- <script>${vyos_completion_dir}/list_webproxy_category.sh</script>
- </completionHelp>
- <multi/>
- </properties>
-</leafNode>
-<leafNode name="allow-ipaddr-url">
- <properties>
- <help>Allow IP address URLs</help>
- <valueless/>
- </properties>
-</leafNode>
-<leafNode name="block-category">
- <properties>
- <help>Category to block</help>
- <completionHelp>
- <script>${vyos_completion_dir}/list_webproxy_category.sh</script>
- </completionHelp>
- <multi/>
- </properties>
-</leafNode>
-<leafNode name="default-action">
- <properties>
- <help>Default action (default: allow)</help>
- <completionHelp>
- <list>allow block</list>
- </completionHelp>
- <valueHelp>
- <format>allow</format>
- <description>Default filter action is allow)</description>
- </valueHelp>
- <valueHelp>
- <format>block</format>
- <description>Default filter action is block</description>
- </valueHelp>
- <constraint>
- <regex>^(allow|block)$</regex>
- </constraint>
- </properties>
-</leafNode>
-<leafNode name="enable-safe-search">
- <properties>
- <help>Enable safe-mode search on popular search engines</help>
- <valueless/>
- </properties>
-</leafNode>
-<leafNode name="local-block-keyword">
- <properties>
- <help>Local keyword to block</help>
- <valueHelp>
- <format>keyword</format>
- <description>Keyword (or regex) to block</description>
- </valueHelp>
- <multi/>
- </properties>
-</leafNode>
-<leafNode name="local-block-url">
- <properties>
- <help>Local URL to block</help>
- <valueHelp>
- <format>url</format>
- <description>Local URL to block (without "http://")</description>
- </valueHelp>
- <multi/>
- </properties>
-</leafNode>
-<leafNode name="local-block">
- <properties>
- <help>Local site to block</help>
- <valueHelp>
- <format>ipv4</format>
- <description>IP address of site to block</description>
- </valueHelp>
- <constraint>
- <validator name="ipv4-address"/>
- <validator name="fqdn"/>
- </constraint>
- <multi/>
- </properties>
-</leafNode>
-<leafNode name="local-ok-url">
- <properties>
- <help>Local URL to allow</help>
- <valueHelp>
- <format>url</format>
- <description>Local URL to allow (without "http://")</description>
- </valueHelp>
- <multi/>
- </properties>
-</leafNode>
-<leafNode name="local-ok">
- <properties>
- <help>Local site to allow</help>
- <valueHelp>
- <format>ipv4</format>
- <description>IP address of site to allow</description>
- </valueHelp>
- <constraint>
- <validator name="ipv4-address"/>
- <validator name="fqdn"/>
- </constraint>
- <multi/>
- </properties>
-</leafNode>
-<leafNode name="log">
- <properties>
- <help>Log block category</help>
- <completionHelp>
- <script>${vyos_completion_dir}/list_webproxy_category.sh</script>
- <list>all</list>
- </completionHelp>
- <multi/>
- </properties>
-</leafNode>
-<!-- included end -->
+<!-- included start from webproxy-url-filtering.xml.i --> +<leafNode name="allow-category"> + <properties> + <help>Category to allow</help> + <completionHelp> + <script>${vyos_completion_dir}/list_webproxy_category.sh</script> + </completionHelp> + <multi/> + </properties> +</leafNode> +<leafNode name="allow-ipaddr-url"> + <properties> + <help>Allow IP address URLs</help> + <valueless/> + </properties> +</leafNode> +<leafNode name="block-category"> + <properties> + <help>Category to block</help> + <completionHelp> + <script>${vyos_completion_dir}/list_webproxy_category.sh</script> + </completionHelp> + <multi/> + </properties> +</leafNode> +<leafNode name="default-action"> + <properties> + <help>Default action (default: allow)</help> + <completionHelp> + <list>allow block</list> + </completionHelp> + <valueHelp> + <format>allow</format> + <description>Default filter action is allow)</description> + </valueHelp> + <valueHelp> + <format>block</format> + <description>Default filter action is block</description> + </valueHelp> + <constraint> + <regex>^(allow|block)$</regex> + </constraint> + </properties> +</leafNode> +<leafNode name="enable-safe-search"> + <properties> + <help>Enable safe-mode search on popular search engines</help> + <valueless/> + </properties> +</leafNode> +<leafNode name="local-block-keyword"> + <properties> + <help>Local keyword to block</help> + <valueHelp> + <format>keyword</format> + <description>Keyword (or regex) to block</description> + </valueHelp> + <multi/> + </properties> +</leafNode> +<leafNode name="local-block-url"> + <properties> + <help>Local URL to block</help> + <valueHelp> + <format>url</format> + <description>Local URL to block (without "http://")</description> + </valueHelp> + <multi/> + </properties> +</leafNode> +<leafNode name="local-block"> + <properties> + <help>Local site to block</help> + <valueHelp> + <format>ipv4</format> + <description>IP address of site to block</description> + </valueHelp> + <constraint> + <validator name="ipv4-address"/> + <validator name="fqdn"/> + </constraint> + <multi/> + </properties> +</leafNode> +<leafNode name="local-ok-url"> + <properties> + <help>Local URL to allow</help> + <valueHelp> + <format>url</format> + <description>Local URL to allow (without "http://")</description> + </valueHelp> + <multi/> + </properties> +</leafNode> +<leafNode name="local-ok"> + <properties> + <help>Local site to allow</help> + <valueHelp> + <format>ipv4</format> + <description>IP address of site to allow</description> + </valueHelp> + <constraint> + <validator name="ipv4-address"/> + <validator name="fqdn"/> + </constraint> + <multi/> + </properties> +</leafNode> +<leafNode name="log"> + <properties> + <help>Log block category</help> + <completionHelp> + <script>${vyos_completion_dir}/list_webproxy_category.sh</script> + <list>all</list> + </completionHelp> + <multi/> + </properties> +</leafNode> +<!-- included end --> diff --git a/interface-definitions/interfaces-openvpn.xml.in b/interface-definitions/interfaces-openvpn.xml.in index 4c572a8b2..95a14d718 100644 --- a/interface-definitions/interfaces-openvpn.xml.in +++ b/interface-definitions/interfaces-openvpn.xml.in @@ -687,30 +687,8 @@ </constraint> </properties> </leafNode> - <leafNode name="ca-cert-file"> - <properties> - <help>File containing certificate for Certificate Authority (CA)</help> - <valueHelp> - <format>file</format> - <description>File in /config/auth directory</description> - </valueHelp> - <constraint> - <validator name="file-exists" argument="--directory /config/auth"/> - </constraint> - </properties> - </leafNode> - <leafNode name="cert-file"> - <properties> - <help>File containing certificate for this host</help> - <valueHelp> - <format>file</format> - <description>File in /config/auth directory</description> - </valueHelp> - <constraint> - <validator name="file-exists" argument="--directory /config/auth"/> - </constraint> - </properties> - </leafNode> + #include <include/certificate.xml.i> + #include <include/certificate-ca.xml.i> <leafNode name="crl-file"> <properties> <help>File containing certificate revocation list (CRL) for this host</help> @@ -735,18 +713,7 @@ </constraint> </properties> </leafNode> - <leafNode name="key-file"> - <properties> - <help>Private key for this host</help> - <valueHelp> - <format>file</format> - <description>File in /config/auth directory</description> - </valueHelp> - <constraint> - <validator name="file-exists" argument="--directory /config/auth"/> - </constraint> - </properties> - </leafNode> + #include <include/certificate-key.xml.i> <leafNode name="crypt-file"> <properties> <help>File containing encryption key to authenticate control channel</help> diff --git a/interface-definitions/vpn_ipsec.xml.in b/interface-definitions/vpn_ipsec.xml.in index c804c1683..daf98a833 100644 --- a/interface-definitions/vpn_ipsec.xml.in +++ b/interface-definitions/vpn_ipsec.xml.in @@ -847,24 +847,8 @@ <help>X.509 certificate</help> </properties> <children> - <leafNode name="ca-cert-file"> - <properties> - <help>File containing the X.509 certificate for the Certificate Authority (CA)</help> - <valueHelp> - <format>txt</format> - <description>File in /config/auth</description> - </valueHelp> - </properties> - </leafNode> - <leafNode name="cert-file"> - <properties> - <help>File containing the X.509 certificate for this host</help> - <valueHelp> - <format>txt</format> - <description>File in /config/auth</description> - </valueHelp> - </properties> - </leafNode> + #include <include/certificate.xml.i> + #include <include/certificate-ca.xml.i> <leafNode name="crl-file"> <properties> <help>File containing the X.509 Certificate Revocation List (CRL)</help> diff --git a/interface-definitions/vpn_l2tp.xml.in b/interface-definitions/vpn_l2tp.xml.in index 5b31235b1..42da75a64 100644 --- a/interface-definitions/vpn_l2tp.xml.in +++ b/interface-definitions/vpn_l2tp.xml.in @@ -80,15 +80,7 @@ <help>X.509 certificate</help> </properties> <children> - <leafNode name="ca-cert-file"> - <properties> - <help>File containing the X.509 certificate for the Certificate Authority (CA)</help> - <valueHelp> - <format>txt</format> - <description>File in /config/auth</description> - </valueHelp> - </properties> - </leafNode> + #include <include/certificate-ca.xml.i> <leafNode name="crl-file"> <properties> <help>File containing the X.509 Certificate Revocation List (CRL)</help> diff --git a/interface-definitions/vpn_openconnect.xml.in b/interface-definitions/vpn_openconnect.xml.in index 791efcd80..ccf537e04 100644 --- a/interface-definitions/vpn_openconnect.xml.in +++ b/interface-definitions/vpn_openconnect.xml.in @@ -116,45 +116,9 @@ <help>SSL Certificate, SSL Key and CA (/config/auth)</help> </properties> <children> - <leafNode name="ca-cert-file"> - <properties> - <help>Certificate Authority certificate</help> - <completionHelp> - <script>ls /config/auth</script> - </completionHelp> - <valueHelp> - <format>file</format> - <description>File in /config/auth directory</description> - </valueHelp> - <constraint> - <validator name="file-exists" argument="--directory /config"/> - </constraint> - </properties> - </leafNode> - <leafNode name="cert-file"> - <properties> - <help>Server Certificate</help> - <valueHelp> - <format>file</format> - <description>File in /config/auth directory</description> - </valueHelp> - <constraint> - <validator name="file-exists" argument="--directory /config"/> - </constraint> - </properties> - </leafNode> - <leafNode name="key-file"> - <properties> - <help>Privat Key of the Server Certificate</help> - <valueHelp> - <format>file</format> - <description>File in /config/auth directory</description> - </valueHelp> - <constraint> - <validator name="file-exists" argument="--directory /config"/> - </constraint> - </properties> - </leafNode> + #include <include/certificate.xml.i> + #include <include/certificate-ca.xml.i> + #include <include/certificate-key.xml.i> </children> </node> <node name="network-settings"> diff --git a/interface-definitions/vpn_sstp.xml.in b/interface-definitions/vpn_sstp.xml.in index 77b1c1ec1..134858608 100644 --- a/interface-definitions/vpn_sstp.xml.in +++ b/interface-definitions/vpn_sstp.xml.in @@ -52,41 +52,9 @@ <help>SSL Certificate, SSL Key and CA (/config/user-data/sstp)</help> </properties> <children> - <leafNode name="ca-cert-file"> - <properties> - <help>Certificate Authority certificate</help> - <valueHelp> - <format>file</format> - <description>File in /config/auth directory</description> - </valueHelp> - <constraint> - <validator name="file-exists" argument="--directory /config/auth"/> - </constraint> - </properties> - </leafNode> - <leafNode name="cert-file"> - <properties> - <help>Server Certificate</help> - <completionHelp> - <script>ls /config</script> - </completionHelp> - <constraint> - <validator name="file-exists" argument="--directory /config/auth"/> - </constraint> - </properties> - </leafNode> - <leafNode name="key-file"> - <properties> - <help>Privat Key of the Server Certificate</help> - <valueHelp> - <format>file</format> - <description>File in /config/auth directory</description> - </valueHelp> - <constraint> - <validator name="file-exists" argument="--directory /config/auth"/> - </constraint> - </properties> - </leafNode> + #include <include/certificate.xml.i> + #include <include/certificate-ca.xml.i> + #include <include/certificate-key.xml.i> </children> </node> </children> |