From 4b4bbd73b84c2c478c7752f58e7f66ec6d90459e Mon Sep 17 00:00:00 2001
From: Christian Breunig <christian@breunig.cc>
Date: Tue, 20 May 2025 19:57:24 +0200
Subject: ssh: T6013: rename trusted-user-ca-key -> truster-user-ca

The current implementation for SSH CA based authentication uses "set service
ssh trusted-user-ca-key ca-certificate <foo>" to define an X.509 certificate
from "set pki ca <foo> ..." - fun fact, native OpenSSH does not support X.509
certificates and only runs with OpenSSH ssh-keygen generated RSA or EC keys.

This commit changes the bahavior to support antive certificates generated using
ssh-keygen and loaded to our PKI tree. As the previous implementation
did not work at all, no migrations cript is used.
---
 interface-definitions/service_ssh.xml.in | 16 ++++++++++------
 1 file changed, 10 insertions(+), 6 deletions(-)

(limited to 'interface-definitions')

diff --git a/interface-definitions/service_ssh.xml.in b/interface-definitions/service_ssh.xml.in
index 14d358c78..c659a7db7 100644
--- a/interface-definitions/service_ssh.xml.in
+++ b/interface-definitions/service_ssh.xml.in
@@ -275,14 +275,18 @@
               </constraint>
             </properties>
           </leafNode>
-          <node name="trusted-user-ca-key">
+          <leafNode name="trusted-user-ca">
             <properties>
-              <help>Trusted user CA key</help>
+              <help>OpenSSH trusted user CA</help>
+              <completionHelp>
+                <path>pki openssh</path>
+              </completionHelp>
+              <valueHelp>
+                <format>txt</format>
+                <description>OpenSSH certificate name from PKI subsystem</description>
+              </valueHelp>
             </properties>
-            <children>
-              #include <include/pki/ca-certificate.xml.i>
-            </children>
-          </node>
+          </leafNode>
           #include <include/vrf-multi.xml.i>
         </children>
       </node>
-- 
cgit v1.2.3