From ea8f374a37ecbed6e256ddeab2c837d7cc6ad611 Mon Sep 17 00:00:00 2001
From: Viacheslav Hletenko <v.gletenko@vyos.io>
Date: Tue, 6 Feb 2024 14:39:15 +0000
Subject: T5921: Fix OpenConnect verify for local users

Fix verify error for the VPN OpenConnect configuration with
local authentication and without any user

  File "/usr/libexec/vyos/conf_mode/vpn_openconnect.py", line 94, in verify
    if not ocserv["authentication"]["local_users"]:
KeyError: 'local_users'

(cherry picked from commit 71644dfed63f6248525db3c3bc9493c059707a2a)
---
 src/conf_mode/vpn_openconnect.py | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/src/conf_mode/vpn_openconnect.py b/src/conf_mode/vpn_openconnect.py
index 421ac6997..08e4fc6db 100755
--- a/src/conf_mode/vpn_openconnect.py
+++ b/src/conf_mode/vpn_openconnect.py
@@ -91,7 +91,7 @@ def verify(ocserv):
                 if not ocserv["authentication"]['radius']['server']:
                     raise ConfigError('Openconnect authentication mode radius requires at least one RADIUS server')
             if "local" in ocserv["authentication"]["mode"]:
-                if not ocserv["authentication"]["local_users"]:
+                if not ocserv.get("authentication", {}).get("local_users"):
                     raise ConfigError('openconnect mode local required at least one user')
                 if not ocserv["authentication"]["local_users"]["username"]:
                     raise ConfigError('openconnect mode local required at least one user')
-- 
cgit v1.2.3