summaryrefslogtreecommitdiff
AgeCommit message (Collapse)Author
2024-10-18pki: T4914: Rewrite the PKI op mode in the new styleNataliia Solomko
2024-10-11T6712: Add nonproduction banner (#4149)mergify[bot]
(cherry picked from commit 3abe7c72c95c3d9b825db08b092c555786e9fbcf) Co-authored-by: Viacheslav Hletenko <v.gletenko@vyos.io>
2024-10-10Merge pull request #4146 from sarthurdev/pki_ecDaniil Baturin
pki: T6766: Add support for ECDSA private keys
2024-10-10Merge pull request #4147 from sarthurdev/haproxyDaniil Baturin
haproxy: T6745: Rename reverse-proxy to haproxy
2024-10-09haproxy: T6745: Add haproxy migration to config testsarthurdev
2024-10-09haproxy: T6745: Rename `reverse-proxy` to `haproxy`sarthurdev
2024-10-09pki: T6766: Add support for ECDSA private keyssarthurdev
2024-10-08Merge pull request #4128 from jestabro/commit-confirm-soft-rollbackJohn Estabrook
config-mgmt: T5976: add option for commit-confirm to use 'soft' rollback
2024-10-08config-mgmt: T5976: display message when reverting to previous configJohn Estabrook
2024-10-07Merge pull request #4138 from natali-rs1985/T4318-currentJohn Estabrook
vyos.configtree: T4318: Allow set tag flag to true or false
2024-10-07vyos.configtree: T4318: Allow set tag flag to true or falseNataliia Solomko
2024-10-07Merge pull request #4129 from c-po/accel-smoketestChristian Breunig
smoketest: T4576: add guard timeout for systemd in log level tests
2024-10-07config-mgmt: T5976: move commit-confirm revert action to subnodeJohn Estabrook
2024-10-07Merge pull request #4124 from dmbaturin/T6740-set-to-config-converterJohn Estabrook
cli: T6740: add a converter from set commands to config
2024-10-07cli: T6740: set_tag on created paths and add parse step for orderingJohn Estabrook
Signed-off-by: Daniil Baturin <daniil@baturin.org>
2024-10-07Merge pull request #3938 from talmakion/feature/T6430-local-pbrChristian Breunig
pbr: T6430: Local IP rules targeting VRFs by name as well as route table IDs
2024-10-07xml: T6430: add re-usable vrf CLI node for firewall and pbrChristian Breunig
2024-10-07pbr: T6430: Local IP rules routing into VRFs by nameAndrew Topp
* This is the `policy local-route*` part of T6430, manipulating ip rules, another PR covers firewall-backed `policy route*` for similar functionality * Local PBR (policy local-route*) can only target table IDs up to 200 and the previous PR to extend the range was rejected * PBR with this PR can now also target VRFs directly by name, working around targeting problems for VRF table IDs outside the overlapping 100-200 range * Validation ensures rules can't target both a table ID and a VRF name (internally they are handled the same) * Relocated TestPolicyRoute.verify_rules() into VyOSUnitTestSHIM.TestCase, extended to allow lookups in other address families (IPv6 in the new tests). verify_rules() is used by original pbr and new lpbr smoketests in this PR.
2024-10-07Merge pull request #4118 from c-po/acme-ca-certDaniil Baturin
pki: T6481: auto import ACME certificate chain into CLI
2024-10-07Merge pull request #4133 from c-po/parallel-smoketestsChristian Breunig
GitHub: T6494: add parallel step to run interface based smoketests
2024-10-06pki: T6481: auto import ACME certificate chain into CLIChristian Breunig
When using an ACME based certificate with VyOS we provide the necessary PEM files opaque in the background when using the internal tools. This however will not properly work with the CA chain portion, as the system is based on the "pki certificate <name> acme" CLI node of a certificate but CA chains reside under "pki ca". This adds support for importing the PEM data of a CA chain issued via ACME into the "pki ca AUTOCHAIN_<name> certificate" subsystem so it can be queried by other daemons. Importing the chain only happens, when the chain was not already added manually by the user. ACME certificate chains that are automatically added to the CLI are all prefixed using AUTOCHAIN_certname so they can be consumed by any daemon. This also adds a safeguard when the intermediate CA changes, the referenced name on the CLI stays consitent for any pending daemon updates.
2024-10-06Merge pull request #4132 from c-po/keyboard-layoutChristian Breunig
T6759: add support for italian keymap
2024-10-06Merge pull request #4131 from c-po/static-error-msgChristian Breunig
static: T4283: fix missing f'ormat string
2024-10-06GitHub: T6494: add parallel step to run interface based smoketestsChristian Breunig
2024-10-06T6759: add support for italian keymapChristian Breunig
set system option keyboard-layout it
2024-10-05op-mode: T6753: Fix json output for mtr / monitor traceroute (#4122)Nataliia S.
2024-10-05static: T4283: fix missing f'ormat stringChristian Breunig
This fixes the error message: Can not use both blackhole and reject for prefix "{prefix}"! Added in commit bb78f3a9ad28 ("static: T4283: support "reject" routes - emit an ICMP unreachable when matched")
2024-10-05Merge pull request #4130 from c-po/node-exporter-fixChristian Breunig
Debian: T973: add missing dependency on node-exporter package
2024-10-05Debian: T973: add missing dependency on node-exporter packageChristian Breunig
Extend commit a0c15a159 ("T973: add basic node_exporter implementation") by adding the required dependency to install node-exporter binary.
2024-10-05smoketest: T4576: add guard timeout for systemd in log level testsChristian Breunig
Systemd comes with a default of 5 restarts in 10 seconds policy, this limit can be hit by this reastart sequence, slow down a bit.
2024-10-05config-mgmt: T5976: add option for commit-confirm to use 'soft' rollbackJohn Estabrook
Commit-confirm will restore a previous configuration if a confirmation is not received in N minutes. Traditionally, this was restored by a reboot into the last configuration on disk; add a configurable option to reload the last completed commit without a reboot. The default setting is to reboot.
2024-10-05config-mgmt: T5976: normalize formattingJohn Estabrook
2024-10-04Merge pull request #4110 from jestabro/distinct-apiChristian Breunig
http-api: T6736: move REST API to a node distinct from GraphQL API
2024-10-04Merge pull request #4121 from natali-rs1985/T6101-currentChristian Breunig
ipsec: T6101: Add validation for proposal option used in IKE group
2024-10-04Merge pull request #4119 from sever-sever/T6755Christian Breunig
T6755: Change vyos mirror URL for smoketest
2024-10-04Merge pull request #4048 from rebortg/node_exporterChristian Breunig
T973: add basic node_exporter implementation
2024-10-04Merge pull request #4123 from nicolas-fort/fwall_set_commandsDaniil Baturin
T6760: firewall: add packet modifications existing in policy route to regular firewall ruleset.
2024-10-04Merge pull request #4126 from sever-sever/T6763Daniil Baturin
T6763: Delete Jenkins file
2024-10-04T6763: Delete Jenkins fileViacheslav Hletenko
2024-10-04Merge pull request #4125 from sever-sever/T6761Christian Breunig
T6761: Add timeout for OSPF smoketest fail
2024-10-03T973: remove irrelevant standard valuesrebortg
2024-10-03cli: T6752: add a wrapper for the show command (#4111)Daniil Baturin
2024-10-03T6761: Add timeout for OSPF smoketest failViacheslav Hletenko
From time to time the smoektest script checks frrconfig to early. I.e. FRR does not fully load the config during checking or the OSPF daemon is not started at the time of checking.
2024-10-03cli: T6740: add a converter from set commands to configDaniil Baturin
2024-10-03T6760: firewall: add packet modifications existing in policy route to ↵Nicolas Fort
regular firewall ruleset.
2024-10-03http-api: T6736: sanitize error message containing user inputJohn Estabrook
2024-10-03vyos.configtree: T6742: add bindings for create_node and is_leaf/set_leaf ↵Daniil Baturin
(#4109)
2024-10-03Merge pull request #4120 from nicolas-fort/T6757-ocserv-radiusDaniil Baturin
T6757: Openconnect: fix template for correct config parsing while configuring source address for radius authentication.
2024-10-02ipsec: T6101: Add validation for proposal option used in IKE groupNataliia Solomko
2024-10-02T6757: Openconnect: fix template for correct config parsing while ↵Nicolas Fort
configuring source address for radius authentication.