diff options
author | Christian Poessinger <christian@poessinger.com> | 2021-07-03 15:39:17 +0200 |
---|---|---|
committer | Christian Poessinger <christian@poessinger.com> | 2021-07-03 15:39:17 +0200 |
commit | 1e74c0df2179c60036e440e15ed9036163039b2a (patch) | |
tree | 4352ed737a931a3d6fbbfb6ecd99cfb84f34661f /src/conf_mode/vpn_ipsec.py | |
parent | a1abb118c9eb413f3c78cfb2077f9c0d4b443c3a (diff) | |
download | vyos-1x-1e74c0df2179c60036e440e15ed9036163039b2a.tar.gz vyos-1x-1e74c0df2179c60036e440e15ed9036163039b2a.zip |
ipsec: T2816: remove default values from Jinja2 template and place them in XML
VyOS has a known to work mechanism in supplying CLI default values into the
Python configuration scripts. This commit removes hardcoded default values from
the Jinja2 template and places them into the appropriate XML definitions.
The big advantage is that the default value itself and the corresponding help
string are located in the exact same file.
Diffstat (limited to 'src/conf_mode/vpn_ipsec.py')
-rwxr-xr-x | src/conf_mode/vpn_ipsec.py | 15 |
1 files changed, 15 insertions, 0 deletions
diff --git a/src/conf_mode/vpn_ipsec.py b/src/conf_mode/vpn_ipsec.py index e95a3e82d..6d5d24e52 100755 --- a/src/conf_mode/vpn_ipsec.py +++ b/src/conf_mode/vpn_ipsec.py @@ -23,6 +23,7 @@ from time import sleep from vyos.config import Config from vyos.configdict import leaf_node_changed from vyos.configverify import verify_interface_exists +from vyos.configdict import dict_merge from vyos.ifconfig import Interface from vyos.pki import wrap_certificate from vyos.pki import wrap_crl @@ -35,6 +36,7 @@ from vyos.util import call from vyos.util import dict_search from vyos.util import process_named_running from vyos.util import run +from vyos.xml import defaults from vyos import ConfigError from vyos import airbag airbag.enable() @@ -77,6 +79,19 @@ def get_config(config=None): ipsec = conf.get_config_dict(base, key_mangling=('-', '_'), get_first_key=True, no_tag_node_value_mangle=True) + if 'esp_group' in ipsec: + default_values = defaults(base + ['esp-group']) + for group in ipsec['esp_group']: + ipsec['esp_group'][group] = dict_merge(default_values, + ipsec['esp_group'][group]) + + if 'ike_group' in ipsec: + default_values = defaults(base + ['ike-group']) + for group in ipsec['ike_group']: + ipsec['ike_group'][group] = dict_merge(default_values, + ipsec['ike_group'][group]) + + ipsec['dhcp_no_address'] = {} ipsec['interface_change'] = leaf_node_changed(conf, base + ['ipsec-interfaces', 'interface']) |