From 93de3abe1368cab5ab8cd292689466d7af8e86bc Mon Sep 17 00:00:00 2001
From: Jamie Austin <jamiea@opusv.com.au>
Date: Thu, 20 Apr 2023 17:07:53 +1000
Subject: ocserv: T3896: refactor: change ocserv config-per-x node name

Changes the node name from config-per-x to identity-based-config, as a result the j2 templates and vpn_openeconnect.py has been refactored to update the node name when accessing it's child nodes.
---
 src/conf_mode/vpn_openconnect.py | 20 ++++++++++----------
 1 file changed, 10 insertions(+), 10 deletions(-)

(limited to 'src')

diff --git a/src/conf_mode/vpn_openconnect.py b/src/conf_mode/vpn_openconnect.py
index 12165a4f2..16a5b5952 100755
--- a/src/conf_mode/vpn_openconnect.py
+++ b/src/conf_mode/vpn_openconnect.py
@@ -113,17 +113,17 @@ def verify(ocserv):
                                 users_wo_pswd.append(user)
                         if users_wo_pswd:
                             raise ConfigError(f'password required for users:\n{users_wo_pswd}')
-            # Validate that if config-per-x is configured all child config nodes are set
-            if 'config_per_x' in ocserv["authentication"]:
-                if 'disabled' not in ocserv["authentication"]["config_per_x"]:
-                    if 'mode' not in ocserv["authentication"]["config_per_x"]:
-                        raise ConfigError('OpenConnect radius config-per-x enabled but mode not selected')
-                    elif 'group' in ocserv["authentication"]["config_per_x"]["mode"] and "radius" not in ocserv["authentication"]["mode"]:
+            # Validate that if identity-based-config is configured all child config nodes are set
+            if 'identity_based_config' in ocserv["authentication"]:
+                if 'disabled' not in ocserv["authentication"]["identity_based_config"]:
+                    if 'mode' not in ocserv["authentication"]["identity_based_config"]:
+                        raise ConfigError('OpenConnect radius identity-based-config enabled but mode not selected')
+                    elif 'group' in ocserv["authentication"]["identity_based_config"]["mode"] and "radius" not in ocserv["authentication"]["mode"]:
                         raise ConfigError('OpenConnect config-per-group must be used with radius authentication')
-                    if 'directory' not in ocserv["authentication"]["config_per_x"]:
-                        raise ConfigError('OpenConnect config-per-x enabled but directory not set')
-                    if 'default_config' not in ocserv["authentication"]["config_per_x"]:
-                        raise ConfigError('OpenConnect config-per-x enabled but default-config not set')
+                    if 'directory' not in ocserv["authentication"]["identity_based_config"]:
+                        raise ConfigError('OpenConnect identity-based-config enabled but directory not set')
+                    if 'default_config' not in ocserv["authentication"]["identity_based_config"]:
+                        raise ConfigError('OpenConnect identity-based-config enabled but default-config not set')
         else:
             raise ConfigError('openconnect authentication mode required')
     else:
-- 
cgit v1.2.3