summaryrefslogtreecommitdiff
path: root/python
AgeCommit message (Collapse)Author
6 daysT7499: call commit only if session_changedJohn Estabrook
6 daysT7499: clean up cache filesJohn Estabrook
6 daysT7499: add download/uncompress to vyconf load/mergeJohn Estabrook
6 daysT7499: add utility to download/uncompress config file, for load/mergeJohn Estabrook
6 daysT7499: formattingJohn Estabrook
6 daysT7499: expose direct request to http-apiJohn Estabrook
6 daysT7499: generated output for adding field 'destructive' to merge functionJohn Estabrook
6 daysT7499: use direct request to vyconfd to avoid re-validatingJohn Estabrook
6 daysT7499: expose destructive merge in http-apiJohn Estabrook
6 daysT7499: generated output for adding field 'cached' to load functionJohn Estabrook
6 daysT7499: load from internal representation to avoid re-parsingJohn Estabrook
6 daysT7499: fix typo in configtree write_cacheJohn Estabrook
6 daysT7499: update vyos-merge-config.py script to use tree merge functionJohn Estabrook
6 daysT7499: add interface for (non-)destructive configtree mergeJohn Estabrook
11 daysT7588: detach commit-confirm-notify from calling processJohn Estabrook
As we now await the call to commit-confirm, do not run commit-confirm-notify from a subshell.
11 daysT7588: add missing path argJohn Estabrook
11 daysT7588: restart vyos-commitd, http-api, after setting vyconf_backendJohn Estabrook
11 daysMerge pull request #4585 from c-po/copyright-noticeDaniil Baturin
T7591: remove copyright years from source files
13 daysMerge pull request #4584 from factor2431/add-cake-featuresDaniil Baturin
T7589: Add no-split-gso and ack-filter for CAKE
13 daysMerge pull request #4580 from ↵Daniil Baturin
dmbaturin/T7580-op-cache-generator-standalone-virtual build: T7580: add support for standalone and virtual tag nodes to the op mode cache generator
2025-06-29T7589: Add no-split-gso and ack-filter for CAKEfactor2431
2025-06-29Merge pull request #4581 from talmakion/bugfix/T7544/escape-vrfif-nftablesChristian Breunig
vrf: T7544: Ensure correct quoting for VRF ifnames in nftables
2025-06-28T7591: remove copyright years from source filesChristian Breunig
The legal team says years are not necessary so we can go ahead with it, since it will simplify backporting. Automatically removed using: git ls-files | grep -v libvyosconfig | xargs sed -i -E \ 's/^# Copyright (19|20)[0-9]{2}(-[0-9]{4})? VyOS maintainers.*/# Copyright VyOS maintainers and contributors <maintainers@vyos.io>/g' In addition we will error-out during "make" if someone re-adds a legacy copyright notice
2025-06-26build: T7578: fail the package build if there are non-unique op mode nodesDaniil Baturin
to ensure that the JSON cache is usable for command lookup
2025-06-27vrf: T7544: Ensure correct quoting for VRF ifnames in nftablesAndrew Topp
* For VRF create/delete: * Simple dquoting, as before, was parsed away by the shell * Just escaping the double quotes could cause issues with the shell mangling VRF names (however unlikely) * Wrapping original quotes in shell-escaped single quotes is a quick & easy way to guard against both improper shell parsing and string names being taken as nft keywords. * Firewall configuration: * Firewall "interface name" rules support VRF ifnames and used them unquoted, fixed for nft_rule template tags (parse_rule) * Went through and quoted all iif/oifname usage by zones and interface groups. VRF ifnames weren't available for all cases, but there is no harm in completeness. * For this, also created a simple quoted_join template filter to replace any use of |join(',') * PBR calls nft but doesn't mind the "vni" name - table IDs used instead I may have missed some niche nft use-cases that would be exposed to this problem.
2025-06-26build: T7580: add support for standalone and virtual tag nodes to the op ↵Daniil Baturin
mode cache generator
2025-06-24Merge pull request #4562 from jestabro/op-mode-dataDaniil Baturin
T7561: simplify op-mode-definitions XML cache generation
2025-06-24Merge pull request #4573 from c-po/pki-T7574Daniil Baturin
pki: T7574: add optional force argument to renew certbot-issued certificates
2025-06-23pki: T7574: add optional force argument to renew certbot-issued certificatesChristian Breunig
Certbot renewal command in op-mode "renew certbot" only works if any of the certificates is up for renewal. There is no CLI option to forcefully renew a certificate. This is about adding a force option to the CLI and with this addition move the entire certbot renew handling to new-style op-mode commands. vyos@vyos:~$ renew certbot force - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Processing /config/auth/letsencrypt/renewal/vyos.conf - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Renewing an existing certificate for vyos.io - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Congratulations, all renewals succeeded: /config/auth/letsencrypt/live/vyos/fullchain.pem (success) - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Hook 'post-hook' ran with output: Updating certificates in /etc/ssl/certs... 0 added, 0 removed; done. Running hooks in /etc/ca-certificates/update.d... done.
2025-06-23T7355: periodical cleanup of unused Python3 import statementsChristian Breunig
2025-06-21T7561: generate json if no ambiguous paths in (a subset of) XML filesJohn Estabrook
2025-06-20T7561: add option --check-path-ambiguity to show duplicate pathsJohn Estabrook
2025-06-20T7561: refine xml consistency report to ignore children and file fieldsJohn Estabrook
2025-06-20T7561: minimize risk of collision with possible node namesJohn Estabrook
2025-06-20T7561: simplify op-mode-definitions XML cache and add interface methodsJohn Estabrook
The original implementation of the op-mode XML cache generation resulted in a structure that was difficult to use, for example, in documentation generation. The source of complication is that, unlike the XML of interface-definitions, path names are not unique: the same path may occur as both a regular node and as a tag node. Here we simplify the underlying structure by enriching path names with type information, thus disambiguating paths. An interface to the cache is provided by explicit generator and lookup functions.
2025-06-19Merge pull request #4564 from factor2431/fix-wireguard-fwmarkChristian Breunig
T7554: fix wireguard fwmark parsing
2025-06-19Merge pull request #4558 from natali-rs1985/T6951Daniil Baturin
firewall: T6951: Add a configuration command for ethertypes that bridge firewalls should always accept
2025-06-18T7554: fix wireguard fwmark parsingfactor2431
2025-06-17firewall: T6951: Add a configuration command for ethertypes that bridge ↵Nataliia Solomko
firewalls should always accept
2025-06-12Merge pull request #4552 from jestabro/reset-sectionViacheslav Hletenko
T7488: add utility for automatic rollback of section on apply stage error
2025-06-12Merge pull request #4497 from yzguy/T7432Daniil Baturin
T7432: RPKI VRF Support
2025-06-10T7488: add utility for automatic rollback of section on apply stage errJohn Estabrook
2025-06-09T7365: add env var used by post-commit scriptsJohn Estabrook
2025-06-09T7365: call commit hooks in vyconf sessionJohn Estabrook
2025-06-04Merge pull request #4533 from jestabro/api-commit-confirmViacheslav Hletenko
http-api: T3955: add commit-confirm to endpoints /configure /config-file
2025-05-30config-mgmt: T7508: use recursive defaults to read commit-confirm actionJohn Estabrook
2025-05-29http-api: T3955: add commit-confirm to endpoints /configure /config-fileJohn Estabrook
2025-05-29Merge pull request #4266 from takehaya/T6013-trusted-ca-keysChristian Breunig
T6013: Add support for AuthorizedPrincipalsFile to trusted_user_ca_key
2025-05-29Merge pull request #4531 from jestabro/commit-confirm-rebootChristian Breunig
config-mgmt: T7500: fix typo preventing commit-confirm hard rollback
2025-05-29Merge pull request #4530 from jestabro/api-extend-load-mergeChristian Breunig
http-api: T7498: allow passing config string in body of 'load' or 'merge' request