summaryrefslogtreecommitdiff
path: root/src/conf_mode/vpn_ipsec.py
diff options
context:
space:
mode:
authorChristian Breunig <christian@breunig.cc>2024-01-03 21:57:00 +0100
committerMergify <37929162+mergify[bot]@users.noreply.github.com>2024-01-04 06:58:41 +0000
commit706fdbb234202723e02f93ad8eb724649181a60a (patch)
tree14ad877fe86882f8325f6bda83471197aecc6c45 /src/conf_mode/vpn_ipsec.py
parent4b06cac36c8ca4d63926871885e8ac52a5a899f1 (diff)
downloadvyos-1x-706fdbb234202723e02f93ad8eb724649181a60a.tar.gz
vyos-1x-706fdbb234202723e02f93ad8eb724649181a60a.zip
configdict: T5894: add get_config_dict() flag with_pki
VyOS has several services relaying on the PKI CLI tree to retrieve certificates. Consuming services like ethernet, openvpn or ipsec all re-implemented the same code to retrieve the certificates from the CLI. This commit extends the signature of get_config_dict() with a new option with_pki that defaults to false. If this option is set, the PKI CLI tree will be blended into the resulting dictionary. (cherry picked from commit b152b52023ba0cf0d4919eae39e92de28a458917)
Diffstat (limited to 'src/conf_mode/vpn_ipsec.py')
-rwxr-xr-xsrc/conf_mode/vpn_ipsec.py8
1 files changed, 3 insertions, 5 deletions
diff --git a/src/conf_mode/vpn_ipsec.py b/src/conf_mode/vpn_ipsec.py
index 9e9385ddb..7fd32c230 100755
--- a/src/conf_mode/vpn_ipsec.py
+++ b/src/conf_mode/vpn_ipsec.py
@@ -1,6 +1,6 @@
#!/usr/bin/env python3
#
-# Copyright (C) 2021-2023 VyOS maintainers and contributors
+# Copyright (C) 2021-2024 VyOS maintainers and contributors
#
# This program is free software; you can redistribute it and/or modify
# it under the terms of the GNU General Public License version 2 or later as
@@ -87,15 +87,13 @@ def get_config(config=None):
ipsec = conf.get_config_dict(base, key_mangling=('-', '_'),
no_tag_node_value_mangle=True,
get_first_key=True,
- with_recursive_defaults=True)
+ with_recursive_defaults=True,
+ with_pki=True)
ipsec['dhcp_no_address'] = {}
ipsec['install_routes'] = 'no' if conf.exists(base + ["options", "disable-route-autoinstall"]) else default_install_routes
ipsec['interface_change'] = leaf_node_changed(conf, base + ['interface'])
ipsec['nhrp_exists'] = conf.exists(['protocols', 'nhrp', 'tunnel'])
- ipsec['pki'] = conf.get_config_dict(['pki'], key_mangling=('-', '_'),
- no_tag_node_value_mangle=True,
- get_first_key=True)
tmp = conf.get_config_dict(l2tp_base, key_mangling=('-', '_'),
no_tag_node_value_mangle=True,