From 4a5e4cfd6c11a6eed3252744ec45638249d6d2b1 Mon Sep 17 00:00:00 2001
From: RageLtMan <rageltman [at] sempervictus>
Date: Thu, 18 Aug 2022 18:57:19 -0400
Subject: T3896: update groupconfig syntax per PR1463

Address @sever-sever's suggestion to refactor how groupconfig is
defined, parsed, and set (with his proposed conditional string
appending Py-sugar). Use the disable-mobike refactor as template
for XML simplification.

Testing:
  None yet
---
 data/templates/ocserv/ocserv_config.j2       |  6 +-----
 interface-definitions/vpn-openconnect.xml.in | 17 +----------------
 2 files changed, 2 insertions(+), 21 deletions(-)

diff --git a/data/templates/ocserv/ocserv_config.j2 b/data/templates/ocserv/ocserv_config.j2
index 5d5a4101b..fef49d30f 100644
--- a/data/templates/ocserv/ocserv_config.j2
+++ b/data/templates/ocserv/ocserv_config.j2
@@ -7,11 +7,7 @@ run-as-user = nobody
 run-as-group = daemon
 
 {% if "radius" in authentication.mode %}
-{%     if "yes" in authentication.radius.groupconfig %}
-auth = "radius [config=/run/ocserv/radiusclient.conf,groupconfig=true]"
-{%     else %}
-auth = "radius [config=/run/ocserv/radiusclient.conf]"
-{%     endif %}
+auth = "radius [config=/run/ocserv/radiusclient.conf{{ ',groupconfig=true' if authentication.radius.groupconfig is vyos_defined else '' }}]"
 {% elif "local" in authentication.mode %}
 {%     if authentication.mode.local == "password-otp" %}
 auth = "plain[passwd=/run/ocserv/ocpasswd,otp=/run/ocserv/users.oath]"
diff --git a/interface-definitions/vpn-openconnect.xml.in b/interface-definitions/vpn-openconnect.xml.in
index 54f93344b..7167b5d8d 100644
--- a/interface-definitions/vpn-openconnect.xml.in
+++ b/interface-definitions/vpn-openconnect.xml.in
@@ -156,23 +156,8 @@
                   </leafNode>
                   <leafNode name="groupconfig">
                     <properties>
-                      <help>If the groupconfig option is set to yes, then config-per-user will be overriden, and all configuration will be read from radius.</help>
-                      <completionHelp>
-                        <list>yes no</list>
-                      </completionHelp>
-                      <valueHelp>
-                        <format>yes</format>
-                        <description>Enable RADIUS acquisition of group properties</description>
-                      </valueHelp>
-                      <valueHelp>
-                        <format>no</format>
-                        <description>Disable RADIUS acquisition of group properties</description>
-                      </valueHelp>
-                      <constraint>
-                        <regex>(yes|no)</regex>
-                      </constraint>
+                      <help>If the groupconfig option is set, then config-per-user will be overriden, and all configuration will be read from radius.</help>
                     </properties>
-                    <defaultValue>no</defaultValue>
                   </leafNode>
                 </children>
               </node>
-- 
cgit v1.2.3