From da23f084863d6bde2bb50fcc175129610fe2a603 Mon Sep 17 00:00:00 2001
From: Christian Poessinger <christian@poessinger.com>
Date: Tue, 29 Dec 2020 10:52:24 +0100
Subject: xml: T1466: provide common includes for SSL certificate CLI nodes

Gather all SSL certificate, ca and key nodes into a single representation of
XML which can be #included into the XML definitions of the CLI interface to be
rendered.
---
 interface-definitions/include/certificate-ca.xml.i |  14 ++
 .../include/certificate-key.xml.i                  |  14 ++
 interface-definitions/include/certificate.xml.i    |  14 ++
 .../include/webproxy-url-filtering.xml.i           | 238 ++++++++++-----------
 interface-definitions/interfaces-openvpn.xml.in    |  39 +---
 interface-definitions/vpn_ipsec.xml.in             |  20 +-
 interface-definitions/vpn_l2tp.xml.in              |  10 +-
 interface-definitions/vpn_openconnect.xml.in       |  42 +---
 interface-definitions/vpn_sstp.xml.in              |  38 +---
 9 files changed, 173 insertions(+), 256 deletions(-)
 create mode 100644 interface-definitions/include/certificate-ca.xml.i
 create mode 100644 interface-definitions/include/certificate-key.xml.i
 create mode 100644 interface-definitions/include/certificate.xml.i

diff --git a/interface-definitions/include/certificate-ca.xml.i b/interface-definitions/include/certificate-ca.xml.i
new file mode 100644
index 000000000..196cfa6d7
--- /dev/null
+++ b/interface-definitions/include/certificate-ca.xml.i
@@ -0,0 +1,14 @@
+<!-- included start from certificate-ca.xml.i -->
+<leafNode name="ca-cert-file">
+  <properties>
+    <help>Certificate Authority in x509 PEM format</help>
+    <valueHelp>
+      <format>file</format>
+      <description>File in /config/auth directory</description>
+    </valueHelp>
+    <constraint>
+      <validator name="file-exists" argument="--directory /config/auth"/>
+    </constraint>
+  </properties>
+</leafNode>
+<!-- included end -->
diff --git a/interface-definitions/include/certificate-key.xml.i b/interface-definitions/include/certificate-key.xml.i
new file mode 100644
index 000000000..3bfa4416d
--- /dev/null
+++ b/interface-definitions/include/certificate-key.xml.i
@@ -0,0 +1,14 @@
+<!-- included start from certificate-key.xml.i -->
+<leafNode name="key-file">
+  <properties>
+    <help>Certificate private key in x509 PEM format</help>
+    <valueHelp>
+      <format>file</format>
+      <description>File in /config/auth directory</description>
+    </valueHelp>
+    <constraint>
+      <validator name="file-exists" argument="--directory /config/auth"/>
+    </constraint>
+  </properties>
+</leafNode>
+<!-- included end -->
diff --git a/interface-definitions/include/certificate.xml.i b/interface-definitions/include/certificate.xml.i
new file mode 100644
index 000000000..73ae2dace
--- /dev/null
+++ b/interface-definitions/include/certificate.xml.i
@@ -0,0 +1,14 @@
+<!-- included start from certificate.xml.i -->
+<leafNode name="cert-file">
+  <properties>
+    <help>Certificate public key in x509 PEM format</help>
+    <valueHelp>
+      <format>file</format>
+      <description>File in /config/auth directory</description>
+    </valueHelp>
+    <constraint>
+      <validator name="file-exists" argument="--directory /config/auth"/>
+    </constraint>
+  </properties>
+</leafNode>
+<!-- included end -->
diff --git a/interface-definitions/include/webproxy-url-filtering.xml.i b/interface-definitions/include/webproxy-url-filtering.xml.i
index de6ebffde..07db0948f 100644
--- a/interface-definitions/include/webproxy-url-filtering.xml.i
+++ b/interface-definitions/include/webproxy-url-filtering.xml.i
@@ -1,119 +1,119 @@
-<!-- included start from webproxy-url-filtering.xml.i -->
-<leafNode name="allow-category">
-  <properties>
-    <help>Category to allow</help>
-    <completionHelp>
-      <script>${vyos_completion_dir}/list_webproxy_category.sh</script>
-    </completionHelp>
-    <multi/>
-  </properties>
-</leafNode>
-<leafNode name="allow-ipaddr-url">
-  <properties>
-    <help>Allow IP address URLs</help>
-    <valueless/>
-  </properties>
-</leafNode>
-<leafNode name="block-category">
-  <properties>
-    <help>Category to block</help>
-    <completionHelp>
-      <script>${vyos_completion_dir}/list_webproxy_category.sh</script>
-    </completionHelp>
-    <multi/>
-  </properties>
-</leafNode>
-<leafNode name="default-action">
-  <properties>
-    <help>Default action (default: allow)</help>
-    <completionHelp>
-      <list>allow block</list>
-    </completionHelp>
-    <valueHelp>
-      <format>allow</format>
-      <description>Default filter action is allow)</description>
-    </valueHelp>
-    <valueHelp>
-      <format>block</format>
-      <description>Default filter action is block</description>
-    </valueHelp>
-    <constraint>
-      <regex>^(allow|block)$</regex>
-    </constraint>
-  </properties>
-</leafNode>
-<leafNode name="enable-safe-search">
-  <properties>
-    <help>Enable safe-mode search on popular search engines</help>
-    <valueless/>
-  </properties>
-</leafNode>
-<leafNode name="local-block-keyword">
-  <properties>
-    <help>Local keyword to block</help>
-    <valueHelp>
-      <format>keyword</format>
-      <description>Keyword (or regex) to block</description>
-    </valueHelp>
-    <multi/>
-  </properties>
-</leafNode>
-<leafNode name="local-block-url">
-  <properties>
-    <help>Local URL to block</help>
-    <valueHelp>
-      <format>url</format>
-      <description>Local URL to block (without "http://")</description>
-    </valueHelp>
-    <multi/>
-  </properties>
-</leafNode>
-<leafNode name="local-block">
-  <properties>
-    <help>Local site to block</help>
-    <valueHelp>
-      <format>ipv4</format>
-      <description>IP address of site to block</description>
-    </valueHelp>
-    <constraint>
-      <validator name="ipv4-address"/>
-      <validator name="fqdn"/>
-    </constraint>
-    <multi/>
-  </properties>
-</leafNode>
-<leafNode name="local-ok-url">
-  <properties>
-    <help>Local URL to allow</help>
-    <valueHelp>
-      <format>url</format>
-      <description>Local URL to allow (without "http://")</description>
-    </valueHelp>
-    <multi/>
-  </properties>
-</leafNode>
-<leafNode name="local-ok">
-  <properties>
-    <help>Local site to allow</help>
-    <valueHelp>
-      <format>ipv4</format>
-      <description>IP address of site to allow</description>
-    </valueHelp>
-    <constraint>
-      <validator name="ipv4-address"/>
-      <validator name="fqdn"/>
-    </constraint>
-    <multi/>
-  </properties>
-</leafNode>
-<leafNode name="log">
-  <properties>
-    <help>Log block category</help>
-    <completionHelp>
-      <script>${vyos_completion_dir}/list_webproxy_category.sh</script>
-      <list>all</list>
-    </completionHelp>
-    <multi/>
-  </properties>
-</leafNode>
-<!-- included end -->
+<!-- included start from webproxy-url-filtering.xml.i -->
+<leafNode name="allow-category">
+  <properties>
+    <help>Category to allow</help>
+    <completionHelp>
+      <script>${vyos_completion_dir}/list_webproxy_category.sh</script>
+    </completionHelp>
+    <multi/>
+  </properties>
+</leafNode>
+<leafNode name="allow-ipaddr-url">
+  <properties>
+    <help>Allow IP address URLs</help>
+    <valueless/>
+  </properties>
+</leafNode>
+<leafNode name="block-category">
+  <properties>
+    <help>Category to block</help>
+    <completionHelp>
+      <script>${vyos_completion_dir}/list_webproxy_category.sh</script>
+    </completionHelp>
+    <multi/>
+  </properties>
+</leafNode>
+<leafNode name="default-action">
+  <properties>
+    <help>Default action (default: allow)</help>
+    <completionHelp>
+      <list>allow block</list>
+    </completionHelp>
+    <valueHelp>
+      <format>allow</format>
+      <description>Default filter action is allow)</description>
+    </valueHelp>
+    <valueHelp>
+      <format>block</format>
+      <description>Default filter action is block</description>
+    </valueHelp>
+    <constraint>
+      <regex>^(allow|block)$</regex>
+    </constraint>
+  </properties>
+</leafNode>
+<leafNode name="enable-safe-search">
+  <properties>
+    <help>Enable safe-mode search on popular search engines</help>
+    <valueless/>
+  </properties>
+</leafNode>
+<leafNode name="local-block-keyword">
+  <properties>
+    <help>Local keyword to block</help>
+    <valueHelp>
+      <format>keyword</format>
+      <description>Keyword (or regex) to block</description>
+    </valueHelp>
+    <multi/>
+  </properties>
+</leafNode>
+<leafNode name="local-block-url">
+  <properties>
+    <help>Local URL to block</help>
+    <valueHelp>
+      <format>url</format>
+      <description>Local URL to block (without "http://")</description>
+    </valueHelp>
+    <multi/>
+  </properties>
+</leafNode>
+<leafNode name="local-block">
+  <properties>
+    <help>Local site to block</help>
+    <valueHelp>
+      <format>ipv4</format>
+      <description>IP address of site to block</description>
+    </valueHelp>
+    <constraint>
+      <validator name="ipv4-address"/>
+      <validator name="fqdn"/>
+    </constraint>
+    <multi/>
+  </properties>
+</leafNode>
+<leafNode name="local-ok-url">
+  <properties>
+    <help>Local URL to allow</help>
+    <valueHelp>
+      <format>url</format>
+      <description>Local URL to allow (without "http://")</description>
+    </valueHelp>
+    <multi/>
+  </properties>
+</leafNode>
+<leafNode name="local-ok">
+  <properties>
+    <help>Local site to allow</help>
+    <valueHelp>
+      <format>ipv4</format>
+      <description>IP address of site to allow</description>
+    </valueHelp>
+    <constraint>
+      <validator name="ipv4-address"/>
+      <validator name="fqdn"/>
+    </constraint>
+    <multi/>
+  </properties>
+</leafNode>
+<leafNode name="log">
+  <properties>
+    <help>Log block category</help>
+    <completionHelp>
+      <script>${vyos_completion_dir}/list_webproxy_category.sh</script>
+      <list>all</list>
+    </completionHelp>
+    <multi/>
+  </properties>
+</leafNode>
+<!-- included end -->
diff --git a/interface-definitions/interfaces-openvpn.xml.in b/interface-definitions/interfaces-openvpn.xml.in
index 4c572a8b2..95a14d718 100644
--- a/interface-definitions/interfaces-openvpn.xml.in
+++ b/interface-definitions/interfaces-openvpn.xml.in
@@ -687,30 +687,8 @@
                   </constraint>
                 </properties>
               </leafNode>
-              <leafNode name="ca-cert-file">
-                <properties>
-                  <help>File containing certificate for Certificate Authority (CA)</help>
-                  <valueHelp>
-                    <format>file</format>
-                    <description>File in /config/auth directory</description>
-                  </valueHelp>
-                  <constraint>
-                    <validator name="file-exists" argument="--directory /config/auth"/>
-                  </constraint>
-                </properties>
-              </leafNode>
-              <leafNode name="cert-file">
-                <properties>
-                  <help>File containing certificate for this host</help>
-                  <valueHelp>
-                    <format>file</format>
-                    <description>File in /config/auth directory</description>
-                  </valueHelp>
-                  <constraint>
-                    <validator name="file-exists" argument="--directory /config/auth"/>
-                  </constraint>
-                </properties>
-              </leafNode>
+              #include <include/certificate.xml.i>
+              #include <include/certificate-ca.xml.i>
               <leafNode name="crl-file">
                 <properties>
                   <help>File containing certificate revocation list (CRL) for this host</help>
@@ -735,18 +713,7 @@
                   </constraint>
                 </properties>
               </leafNode>
-              <leafNode name="key-file">
-                <properties>
-                  <help>Private key for this host</help>
-                  <valueHelp>
-                    <format>file</format>
-                    <description>File in /config/auth directory</description>
-                  </valueHelp>
-                  <constraint>
-                    <validator name="file-exists" argument="--directory /config/auth"/>
-                  </constraint>
-                </properties>
-              </leafNode>
+              #include <include/certificate-key.xml.i>
               <leafNode name="crypt-file">
                 <properties>
                   <help>File containing encryption key to authenticate control channel</help>
diff --git a/interface-definitions/vpn_ipsec.xml.in b/interface-definitions/vpn_ipsec.xml.in
index c804c1683..daf98a833 100644
--- a/interface-definitions/vpn_ipsec.xml.in
+++ b/interface-definitions/vpn_ipsec.xml.in
@@ -847,24 +847,8 @@
                           <help>X.509 certificate</help>
                         </properties>
                         <children>
-                          <leafNode name="ca-cert-file">
-                            <properties>
-                              <help>File containing the X.509 certificate for the Certificate Authority (CA)</help>
-                              <valueHelp>
-                                <format>txt</format>
-                                <description>File in /config/auth</description>
-                              </valueHelp>
-                            </properties>
-                          </leafNode>
-                          <leafNode name="cert-file">
-                            <properties>
-                              <help>File containing the X.509 certificate for this host</help>
-                              <valueHelp>
-                                <format>txt</format>
-                                <description>File in /config/auth</description>
-                              </valueHelp>
-                            </properties>
-                          </leafNode>
+                          #include <include/certificate.xml.i>
+                          #include <include/certificate-ca.xml.i>
                           <leafNode name="crl-file">
                             <properties>
                               <help>File containing the X.509 Certificate Revocation List (CRL)</help>
diff --git a/interface-definitions/vpn_l2tp.xml.in b/interface-definitions/vpn_l2tp.xml.in
index 5b31235b1..42da75a64 100644
--- a/interface-definitions/vpn_l2tp.xml.in
+++ b/interface-definitions/vpn_l2tp.xml.in
@@ -80,15 +80,7 @@
                           <help>X.509 certificate</help>
                         </properties>
                         <children>
-                          <leafNode name="ca-cert-file">
-                            <properties>
-                              <help>File containing the X.509 certificate for the Certificate Authority (CA)</help>
-                              <valueHelp>
-                                <format>txt</format>
-                                <description>File in /config/auth</description>
-                              </valueHelp>
-                            </properties>
-                          </leafNode>
+                          #include <include/certificate-ca.xml.i>
                           <leafNode name="crl-file">
                             <properties>
                               <help>File containing the X.509 Certificate Revocation List (CRL)</help>
diff --git a/interface-definitions/vpn_openconnect.xml.in b/interface-definitions/vpn_openconnect.xml.in
index 791efcd80..ccf537e04 100644
--- a/interface-definitions/vpn_openconnect.xml.in
+++ b/interface-definitions/vpn_openconnect.xml.in
@@ -116,45 +116,9 @@
               <help>SSL Certificate, SSL Key and CA (/config/auth)</help>
             </properties>
             <children>
-              <leafNode name="ca-cert-file">
-                <properties>
-                  <help>Certificate Authority certificate</help>
-                  <completionHelp>
-                    <script>ls /config/auth</script>
-                  </completionHelp>
-                  <valueHelp>
-                    <format>file</format>
-                    <description>File in /config/auth directory</description>
-                  </valueHelp>
-                  <constraint>
-                    <validator name="file-exists" argument="--directory /config"/>
-                  </constraint>
-                </properties>
-              </leafNode>
-              <leafNode name="cert-file">
-                <properties>
-                  <help>Server Certificate</help>
-                  <valueHelp>
-                    <format>file</format>
-                    <description>File in /config/auth directory</description>
-                  </valueHelp>
-                  <constraint>
-                    <validator name="file-exists" argument="--directory /config"/>
-                  </constraint>
-                </properties>
-              </leafNode>
-              <leafNode name="key-file">
-                <properties>
-                  <help>Privat Key of the Server Certificate</help>
-                  <valueHelp>
-                    <format>file</format>
-                    <description>File in /config/auth directory</description>
-                  </valueHelp>
-                  <constraint>
-                    <validator name="file-exists" argument="--directory /config"/>
-                  </constraint>
-                </properties>
-              </leafNode>
+              #include <include/certificate.xml.i>
+              #include <include/certificate-ca.xml.i>
+              #include <include/certificate-key.xml.i>
             </children>
           </node>
           <node name="network-settings">
diff --git a/interface-definitions/vpn_sstp.xml.in b/interface-definitions/vpn_sstp.xml.in
index 77b1c1ec1..134858608 100644
--- a/interface-definitions/vpn_sstp.xml.in
+++ b/interface-definitions/vpn_sstp.xml.in
@@ -52,41 +52,9 @@
               <help>SSL Certificate, SSL Key and CA (/config/user-data/sstp)</help>
             </properties>
             <children>
-              <leafNode name="ca-cert-file">
-                <properties>
-                  <help>Certificate Authority certificate</help>
-                  <valueHelp>
-                    <format>file</format>
-                    <description>File in /config/auth directory</description>
-                  </valueHelp>
-                  <constraint>
-                    <validator name="file-exists" argument="--directory /config/auth"/>
-                  </constraint>
-                </properties>
-              </leafNode>
-              <leafNode name="cert-file">
-                <properties>
-                  <help>Server Certificate</help>
-                  <completionHelp>
-                    <script>ls /config</script>
-                  </completionHelp>
-                  <constraint>
-                    <validator name="file-exists" argument="--directory /config/auth"/>
-                  </constraint>
-                </properties>
-              </leafNode>
-              <leafNode name="key-file">
-                <properties>
-                  <help>Privat Key of the Server Certificate</help>
-                  <valueHelp>
-                    <format>file</format>
-                    <description>File in /config/auth directory</description>
-                  </valueHelp>
-                  <constraint>
-                    <validator name="file-exists" argument="--directory /config/auth"/>
-                  </constraint>
-                </properties>
-              </leafNode>
+              #include <include/certificate.xml.i>
+              #include <include/certificate-ca.xml.i>
+              #include <include/certificate-key.xml.i>
             </children>
           </node>
         </children>
-- 
cgit v1.2.3