From da23f084863d6bde2bb50fcc175129610fe2a603 Mon Sep 17 00:00:00 2001
From: Christian Poessinger <christian@poessinger.com>
Date: Tue, 29 Dec 2020 10:52:24 +0100
Subject: xml: T1466: provide common includes for SSL certificate CLI nodes
Gather all SSL certificate, ca and key nodes into a single representation of
XML which can be #included into the XML definitions of the CLI interface to be
rendered.
---
interface-definitions/include/certificate-ca.xml.i | 14 ++
.../include/certificate-key.xml.i | 14 ++
interface-definitions/include/certificate.xml.i | 14 ++
.../include/webproxy-url-filtering.xml.i | 238 ++++++++++-----------
interface-definitions/interfaces-openvpn.xml.in | 39 +---
interface-definitions/vpn_ipsec.xml.in | 20 +-
interface-definitions/vpn_l2tp.xml.in | 10 +-
interface-definitions/vpn_openconnect.xml.in | 42 +---
interface-definitions/vpn_sstp.xml.in | 38 +---
9 files changed, 173 insertions(+), 256 deletions(-)
create mode 100644 interface-definitions/include/certificate-ca.xml.i
create mode 100644 interface-definitions/include/certificate-key.xml.i
create mode 100644 interface-definitions/include/certificate.xml.i
diff --git a/interface-definitions/include/certificate-ca.xml.i b/interface-definitions/include/certificate-ca.xml.i
new file mode 100644
index 000000000..196cfa6d7
--- /dev/null
+++ b/interface-definitions/include/certificate-ca.xml.i
@@ -0,0 +1,14 @@
+<!-- included start from certificate-ca.xml.i -->
+<leafNode name="ca-cert-file">
+ <properties>
+ <help>Certificate Authority in x509 PEM format</help>
+ <valueHelp>
+ <format>file</format>
+ <description>File in /config/auth directory</description>
+ </valueHelp>
+ <constraint>
+ <validator name="file-exists" argument="--directory /config/auth"/>
+ </constraint>
+ </properties>
+</leafNode>
+<!-- included end -->
diff --git a/interface-definitions/include/certificate-key.xml.i b/interface-definitions/include/certificate-key.xml.i
new file mode 100644
index 000000000..3bfa4416d
--- /dev/null
+++ b/interface-definitions/include/certificate-key.xml.i
@@ -0,0 +1,14 @@
+<!-- included start from certificate-key.xml.i -->
+<leafNode name="key-file">
+ <properties>
+ <help>Certificate private key in x509 PEM format</help>
+ <valueHelp>
+ <format>file</format>
+ <description>File in /config/auth directory</description>
+ </valueHelp>
+ <constraint>
+ <validator name="file-exists" argument="--directory /config/auth"/>
+ </constraint>
+ </properties>
+</leafNode>
+<!-- included end -->
diff --git a/interface-definitions/include/certificate.xml.i b/interface-definitions/include/certificate.xml.i
new file mode 100644
index 000000000..73ae2dace
--- /dev/null
+++ b/interface-definitions/include/certificate.xml.i
@@ -0,0 +1,14 @@
+<!-- included start from certificate.xml.i -->
+<leafNode name="cert-file">
+ <properties>
+ <help>Certificate public key in x509 PEM format</help>
+ <valueHelp>
+ <format>file</format>
+ <description>File in /config/auth directory</description>
+ </valueHelp>
+ <constraint>
+ <validator name="file-exists" argument="--directory /config/auth"/>
+ </constraint>
+ </properties>
+</leafNode>
+<!-- included end -->
diff --git a/interface-definitions/include/webproxy-url-filtering.xml.i b/interface-definitions/include/webproxy-url-filtering.xml.i
index de6ebffde..07db0948f 100644
--- a/interface-definitions/include/webproxy-url-filtering.xml.i
+++ b/interface-definitions/include/webproxy-url-filtering.xml.i
@@ -1,119 +1,119 @@
-<!-- included start from webproxy-url-filtering.xml.i -->
-<leafNode name="allow-category">
- <properties>
- <help>Category to allow</help>
- <completionHelp>
- <script>${vyos_completion_dir}/list_webproxy_category.sh</script>
- </completionHelp>
- <multi/>
- </properties>
-</leafNode>
-<leafNode name="allow-ipaddr-url">
- <properties>
- <help>Allow IP address URLs</help>
- <valueless/>
- </properties>
-</leafNode>
-<leafNode name="block-category">
- <properties>
- <help>Category to block</help>
- <completionHelp>
- <script>${vyos_completion_dir}/list_webproxy_category.sh</script>
- </completionHelp>
- <multi/>
- </properties>
-</leafNode>
-<leafNode name="default-action">
- <properties>
- <help>Default action (default: allow)</help>
- <completionHelp>
- <list>allow block</list>
- </completionHelp>
- <valueHelp>
- <format>allow</format>
- <description>Default filter action is allow)</description>
- </valueHelp>
- <valueHelp>
- <format>block</format>
- <description>Default filter action is block</description>
- </valueHelp>
- <constraint>
- <regex>^(allow|block)$</regex>
- </constraint>
- </properties>
-</leafNode>
-<leafNode name="enable-safe-search">
- <properties>
- <help>Enable safe-mode search on popular search engines</help>
- <valueless/>
- </properties>
-</leafNode>
-<leafNode name="local-block-keyword">
- <properties>
- <help>Local keyword to block</help>
- <valueHelp>
- <format>keyword</format>
- <description>Keyword (or regex) to block</description>
- </valueHelp>
- <multi/>
- </properties>
-</leafNode>
-<leafNode name="local-block-url">
- <properties>
- <help>Local URL to block</help>
- <valueHelp>
- <format>url</format>
- <description>Local URL to block (without "http://")</description>
- </valueHelp>
- <multi/>
- </properties>
-</leafNode>
-<leafNode name="local-block">
- <properties>
- <help>Local site to block</help>
- <valueHelp>
- <format>ipv4</format>
- <description>IP address of site to block</description>
- </valueHelp>
- <constraint>
- <validator name="ipv4-address"/>
- <validator name="fqdn"/>
- </constraint>
- <multi/>
- </properties>
-</leafNode>
-<leafNode name="local-ok-url">
- <properties>
- <help>Local URL to allow</help>
- <valueHelp>
- <format>url</format>
- <description>Local URL to allow (without "http://")</description>
- </valueHelp>
- <multi/>
- </properties>
-</leafNode>
-<leafNode name="local-ok">
- <properties>
- <help>Local site to allow</help>
- <valueHelp>
- <format>ipv4</format>
- <description>IP address of site to allow</description>
- </valueHelp>
- <constraint>
- <validator name="ipv4-address"/>
- <validator name="fqdn"/>
- </constraint>
- <multi/>
- </properties>
-</leafNode>
-<leafNode name="log">
- <properties>
- <help>Log block category</help>
- <completionHelp>
- <script>${vyos_completion_dir}/list_webproxy_category.sh</script>
- <list>all</list>
- </completionHelp>
- <multi/>
- </properties>
-</leafNode>
-<!-- included end -->
+<!-- included start from webproxy-url-filtering.xml.i -->
+<leafNode name="allow-category">
+ <properties>
+ <help>Category to allow</help>
+ <completionHelp>
+ <script>${vyos_completion_dir}/list_webproxy_category.sh</script>
+ </completionHelp>
+ <multi/>
+ </properties>
+</leafNode>
+<leafNode name="allow-ipaddr-url">
+ <properties>
+ <help>Allow IP address URLs</help>
+ <valueless/>
+ </properties>
+</leafNode>
+<leafNode name="block-category">
+ <properties>
+ <help>Category to block</help>
+ <completionHelp>
+ <script>${vyos_completion_dir}/list_webproxy_category.sh</script>
+ </completionHelp>
+ <multi/>
+ </properties>
+</leafNode>
+<leafNode name="default-action">
+ <properties>
+ <help>Default action (default: allow)</help>
+ <completionHelp>
+ <list>allow block</list>
+ </completionHelp>
+ <valueHelp>
+ <format>allow</format>
+ <description>Default filter action is allow)</description>
+ </valueHelp>
+ <valueHelp>
+ <format>block</format>
+ <description>Default filter action is block</description>
+ </valueHelp>
+ <constraint>
+ <regex>^(allow|block)$</regex>
+ </constraint>
+ </properties>
+</leafNode>
+<leafNode name="enable-safe-search">
+ <properties>
+ <help>Enable safe-mode search on popular search engines</help>
+ <valueless/>
+ </properties>
+</leafNode>
+<leafNode name="local-block-keyword">
+ <properties>
+ <help>Local keyword to block</help>
+ <valueHelp>
+ <format>keyword</format>
+ <description>Keyword (or regex) to block</description>
+ </valueHelp>
+ <multi/>
+ </properties>
+</leafNode>
+<leafNode name="local-block-url">
+ <properties>
+ <help>Local URL to block</help>
+ <valueHelp>
+ <format>url</format>
+ <description>Local URL to block (without "http://")</description>
+ </valueHelp>
+ <multi/>
+ </properties>
+</leafNode>
+<leafNode name="local-block">
+ <properties>
+ <help>Local site to block</help>
+ <valueHelp>
+ <format>ipv4</format>
+ <description>IP address of site to block</description>
+ </valueHelp>
+ <constraint>
+ <validator name="ipv4-address"/>
+ <validator name="fqdn"/>
+ </constraint>
+ <multi/>
+ </properties>
+</leafNode>
+<leafNode name="local-ok-url">
+ <properties>
+ <help>Local URL to allow</help>
+ <valueHelp>
+ <format>url</format>
+ <description>Local URL to allow (without "http://")</description>
+ </valueHelp>
+ <multi/>
+ </properties>
+</leafNode>
+<leafNode name="local-ok">
+ <properties>
+ <help>Local site to allow</help>
+ <valueHelp>
+ <format>ipv4</format>
+ <description>IP address of site to allow</description>
+ </valueHelp>
+ <constraint>
+ <validator name="ipv4-address"/>
+ <validator name="fqdn"/>
+ </constraint>
+ <multi/>
+ </properties>
+</leafNode>
+<leafNode name="log">
+ <properties>
+ <help>Log block category</help>
+ <completionHelp>
+ <script>${vyos_completion_dir}/list_webproxy_category.sh</script>
+ <list>all</list>
+ </completionHelp>
+ <multi/>
+ </properties>
+</leafNode>
+<!-- included end -->
diff --git a/interface-definitions/interfaces-openvpn.xml.in b/interface-definitions/interfaces-openvpn.xml.in
index 4c572a8b2..95a14d718 100644
--- a/interface-definitions/interfaces-openvpn.xml.in
+++ b/interface-definitions/interfaces-openvpn.xml.in
@@ -687,30 +687,8 @@
</constraint>
</properties>
</leafNode>
- <leafNode name="ca-cert-file">
- <properties>
- <help>File containing certificate for Certificate Authority (CA)</help>
- <valueHelp>
- <format>file</format>
- <description>File in /config/auth directory</description>
- </valueHelp>
- <constraint>
- <validator name="file-exists" argument="--directory /config/auth"/>
- </constraint>
- </properties>
- </leafNode>
- <leafNode name="cert-file">
- <properties>
- <help>File containing certificate for this host</help>
- <valueHelp>
- <format>file</format>
- <description>File in /config/auth directory</description>
- </valueHelp>
- <constraint>
- <validator name="file-exists" argument="--directory /config/auth"/>
- </constraint>
- </properties>
- </leafNode>
+ #include <include/certificate.xml.i>
+ #include <include/certificate-ca.xml.i>
<leafNode name="crl-file">
<properties>
<help>File containing certificate revocation list (CRL) for this host</help>
@@ -735,18 +713,7 @@
</constraint>
</properties>
</leafNode>
- <leafNode name="key-file">
- <properties>
- <help>Private key for this host</help>
- <valueHelp>
- <format>file</format>
- <description>File in /config/auth directory</description>
- </valueHelp>
- <constraint>
- <validator name="file-exists" argument="--directory /config/auth"/>
- </constraint>
- </properties>
- </leafNode>
+ #include <include/certificate-key.xml.i>
<leafNode name="crypt-file">
<properties>
<help>File containing encryption key to authenticate control channel</help>
diff --git a/interface-definitions/vpn_ipsec.xml.in b/interface-definitions/vpn_ipsec.xml.in
index c804c1683..daf98a833 100644
--- a/interface-definitions/vpn_ipsec.xml.in
+++ b/interface-definitions/vpn_ipsec.xml.in
@@ -847,24 +847,8 @@
<help>X.509 certificate</help>
</properties>
<children>
- <leafNode name="ca-cert-file">
- <properties>
- <help>File containing the X.509 certificate for the Certificate Authority (CA)</help>
- <valueHelp>
- <format>txt</format>
- <description>File in /config/auth</description>
- </valueHelp>
- </properties>
- </leafNode>
- <leafNode name="cert-file">
- <properties>
- <help>File containing the X.509 certificate for this host</help>
- <valueHelp>
- <format>txt</format>
- <description>File in /config/auth</description>
- </valueHelp>
- </properties>
- </leafNode>
+ #include <include/certificate.xml.i>
+ #include <include/certificate-ca.xml.i>
<leafNode name="crl-file">
<properties>
<help>File containing the X.509 Certificate Revocation List (CRL)</help>
diff --git a/interface-definitions/vpn_l2tp.xml.in b/interface-definitions/vpn_l2tp.xml.in
index 5b31235b1..42da75a64 100644
--- a/interface-definitions/vpn_l2tp.xml.in
+++ b/interface-definitions/vpn_l2tp.xml.in
@@ -80,15 +80,7 @@
<help>X.509 certificate</help>
</properties>
<children>
- <leafNode name="ca-cert-file">
- <properties>
- <help>File containing the X.509 certificate for the Certificate Authority (CA)</help>
- <valueHelp>
- <format>txt</format>
- <description>File in /config/auth</description>
- </valueHelp>
- </properties>
- </leafNode>
+ #include <include/certificate-ca.xml.i>
<leafNode name="crl-file">
<properties>
<help>File containing the X.509 Certificate Revocation List (CRL)</help>
diff --git a/interface-definitions/vpn_openconnect.xml.in b/interface-definitions/vpn_openconnect.xml.in
index 791efcd80..ccf537e04 100644
--- a/interface-definitions/vpn_openconnect.xml.in
+++ b/interface-definitions/vpn_openconnect.xml.in
@@ -116,45 +116,9 @@
<help>SSL Certificate, SSL Key and CA (/config/auth)</help>
</properties>
<children>
- <leafNode name="ca-cert-file">
- <properties>
- <help>Certificate Authority certificate</help>
- <completionHelp>
- <script>ls /config/auth</script>
- </completionHelp>
- <valueHelp>
- <format>file</format>
- <description>File in /config/auth directory</description>
- </valueHelp>
- <constraint>
- <validator name="file-exists" argument="--directory /config"/>
- </constraint>
- </properties>
- </leafNode>
- <leafNode name="cert-file">
- <properties>
- <help>Server Certificate</help>
- <valueHelp>
- <format>file</format>
- <description>File in /config/auth directory</description>
- </valueHelp>
- <constraint>
- <validator name="file-exists" argument="--directory /config"/>
- </constraint>
- </properties>
- </leafNode>
- <leafNode name="key-file">
- <properties>
- <help>Privat Key of the Server Certificate</help>
- <valueHelp>
- <format>file</format>
- <description>File in /config/auth directory</description>
- </valueHelp>
- <constraint>
- <validator name="file-exists" argument="--directory /config"/>
- </constraint>
- </properties>
- </leafNode>
+ #include <include/certificate.xml.i>
+ #include <include/certificate-ca.xml.i>
+ #include <include/certificate-key.xml.i>
</children>
</node>
<node name="network-settings">
diff --git a/interface-definitions/vpn_sstp.xml.in b/interface-definitions/vpn_sstp.xml.in
index 77b1c1ec1..134858608 100644
--- a/interface-definitions/vpn_sstp.xml.in
+++ b/interface-definitions/vpn_sstp.xml.in
@@ -52,41 +52,9 @@
<help>SSL Certificate, SSL Key and CA (/config/user-data/sstp)</help>
</properties>
<children>
- <leafNode name="ca-cert-file">
- <properties>
- <help>Certificate Authority certificate</help>
- <valueHelp>
- <format>file</format>
- <description>File in /config/auth directory</description>
- </valueHelp>
- <constraint>
- <validator name="file-exists" argument="--directory /config/auth"/>
- </constraint>
- </properties>
- </leafNode>
- <leafNode name="cert-file">
- <properties>
- <help>Server Certificate</help>
- <completionHelp>
- <script>ls /config</script>
- </completionHelp>
- <constraint>
- <validator name="file-exists" argument="--directory /config/auth"/>
- </constraint>
- </properties>
- </leafNode>
- <leafNode name="key-file">
- <properties>
- <help>Privat Key of the Server Certificate</help>
- <valueHelp>
- <format>file</format>
- <description>File in /config/auth directory</description>
- </valueHelp>
- <constraint>
- <validator name="file-exists" argument="--directory /config/auth"/>
- </constraint>
- </properties>
- </leafNode>
+ #include <include/certificate.xml.i>
+ #include <include/certificate-ca.xml.i>
+ #include <include/certificate-key.xml.i>
</children>
</node>
</children>
--
cgit v1.2.3