scottk/ols-ucentral-schema
1
0
Fork 0
mirror of https://github.com/Telecominfraproject/ols-ucentral-schema.git synced 2025-10-29 17:22:23 +00:00
Code Issues Packages Projects Releases 3 Wiki Activity

ieee8021x: rework render code

Browse Source 
Signed-off-by: John Crispin <john@phrozen.org>
This commit is contained in:
John Crispin
2023-10-05 12:15:46 +02:00
parent 01e80a671e
commit 2e2993d2c4
6 changed files with 47 additions and 165 deletions
Download Patch File Download Diff File Expand all files Collapse all files

99
renderer/templates/services/ieee8021x.uc
View File

@@ -1,58 +1,53 @@
{% if (!services.is_present("ieee8021x")) return %}
{% let interfaces = services.lookup_interfaces("ieee8021x") %}
{% let enable = length(interfaces) %}
{% services.set_enabled("ieee8021x", enable) %}
{% if (!enable) return %}
{% let ports = [];
for (let p in ieee8021x.port_filter)
if (ethernet.ports[p])
push(ports, ethernet.ports[p].netdev);
{%
if (!services.is_present("ieee8021x"))
return;
let interfaces = services.lookup_interfaces("ieee8021x");
let enable = length(interfaces);
if (ieee8021x.mode == "radius") {
if (!ieee8021x.radius.auth_server_addr ||
!ieee8021x.radius.auth_server_port ||
!ieee8021x.radius.auth_server_secret) {
warn(invalid radius configuration);
enable = false;
}
}
services.set_enabled("ieee8021x", enable);
if (!enable)
return;
let ports = [];
for (let p in ieee8021x.port_filter)
if (ethernet.ports[p])
push(ports, ethernet.ports[p].netdev);
cursor.load("system")
let certs = cursor.get_all("system", "@certificates[-1]")
%}
# IEEE8021x service configuration
{% if(ieee8021x.mode == "radius"): %}
add ieee8021x radius
set ieee8021x.@radius[-1].nas_identifier={{ s(ieee8021x.radius.nas_identifier) }}
set ieee8021x.@radius[-1].auth_server_addr={{ s(ieee8021x.radius.auth_server_addr) }}
set ieee8021x.@radius[-1].auth_server_port={{ s(ieee8021x.radius.auth_server_port) }}
set ieee8021x.@radius[-1].auth_server_secret={{ s(ieee8021x.radius.auth_server_secret) }}
set ieee8021x.@radius[-1].acct_server_addr={{ s(ieee8021x.radius.acct_server_addr) }}
set ieee8021x.@radius[-1].acct_server_port={{ s(ieee8021x.radius.acct_server_port) }}
set ieee8021x.@radius[-1].acct_server_secret={{ s(ieee8021x.radius.acct_server_secret) }}
set ieee8021x.@radius[-1].coa_server_addr={{ s(ieee8021x.radius.coa_server_addr) }}
set ieee8021x.@radius[-1].coa_server_port={{ s(ieee8021x.radius.coa_server_port) }}
set ieee8021x.@radius[-1].coa_server_secret={{ s(ieee8021x.radius.coa_server_secret) }}
{% else %}
{% files.add_named("/var/run/hostapd-ieee8021x.eap_user", render("../eap_users.uc", { users: ieee8021x.users })) %}
{% endif %}
add ieee8021x certificates
{% if (ieee8021x.use_local_certificates): %}
{% cursor.load("system") %}
{% let certs = cursor.get_all("system", "@certificates[-1]") %}
set ieee8021x.@certificates[-1].ca={{ s(certs.ca) }}
set ieee8021x.@certificates[-1].cert={{ s(certs.cert) }}
set ieee8021x.@certificates[-1].key={{ s(certs.key) }}
{% else %}
set ieee8021x.@certificates[-1].ca={{ s(ieee8021x.ca_certificate) }}
set ieee8021x.@certificates[-1].cert={{ s(ieee8021x.server_certificate) }}
set ieee8021x.@certificates[-1].key={{ s(ieee8021x.private_key) }}
{% endif %}
{% for (let interface in interfaces): %}
{% let name = ethernet.calculate_name(interface) %}
add ieee8021x network
set ieee8021x.@network[-1].network={{ name }}
{% for (let port in ethernet.lookup_by_interface_spec(interface, ieee8021x.port_filter)): %}
{% if (length(ports) && port in ports) continue; %}
add_list ieee8021x.@network[-1].ports={{ s(port) }}
{% endfor %}
{% for (let port in ethernet.lookup_by_interface_spec(interface, ieee8021x.port_filter)): %}
{% if (length(ports) && port in ports) continue;
port = replace(port, '.', '_');
add ieee8021x config
{% if (ieee8021x.mode == "radius"): %}
add ieee8021x config
set ieee8021x.@config[-1].nas_identifier={{ s(ieee8021x.radius.nas_identifier) }}
set ieee8021x.@config[-1].auth_server_addr={{ s(ieee8021x.radius.auth_server_addr) }}
set ieee8021x.@config[-1].auth_server_port={{ s(ieee8021x.radius.auth_server_port) }}
set ieee8021x.@config[-1].auth_server_secret={{ s(ieee8021x.radius.auth_server_secret) }}
set ieee8021x.@config[-1].acct_server_addr={{ s(ieee8021x.radius.acct_server_addr) }}
set ieee8021x.@config[-1].acct_server_port={{ s(ieee8021x.radius.acct_server_port) }}
set ieee8021x.@config[-1].acct_server_secret={{ s(ieee8021x.radius.acct_server_secret) }}
set ieee8021x.@config[-1].coa_server_addr={{ s(ieee8021x.radius.coa_server_addr) }}
set ieee8021x.@config[-1].coa_server_port={{ s(ieee8021x.radius.coa_server_port) }}
set ieee8021x.@config[-1].coa_server_secret={{ s(ieee8021x.radius.coa_server_secret) }}
{% else
files.add_named("/var/run/hostapd-ieee8021x.eap_user", render("../eap_users.uc", { users: ieee8021x.users })) %}
endif
%}
set network.{{ port }}=device
set ieee8021x.@config[-1].ca={{ s(certs.ca) }}
set ieee8021x.@config[-1].cert={{ s(certs.cert) }}
set ieee8021x.@config[-1].key={{ s(certs.key) }}
{% for (let port in ports): %}
add_list ieee8021x.@config[-1].ports={{ s(port) }}
set network.{{ replace(port, '.', '_') }}=device
set network.@device[-1].name={{ s(port) }}
set network.@device[-1].auth='1'
{% endfor %}
{% endfor %}
{% endfor %}

19
schema/service.ieee8021x.yml
View File

@@ -2,16 +2,6 @@ description:
This section allows enabling wired ieee802.1X
type: object
properties:
ca-certificate:
description:
The local servers CA bundle.
type: string
use-local-certificates:
description:
The device will use its local certificate bundle for the Radius server and
ignore all other certificate options in this section.
type: boolean
default: false
mode:
description:
This field must be set to 'radius or user'
@@ -27,14 +17,6 @@ properties:
type: string
examples:
- LAN1:
server-certificate:
description:
The local servers certificate.
type: string
private-key:
description:
The local servers private key/
type: string
users:
description:
Specifies a collection of local EAP user/psk/vid triplets.
@@ -114,4 +96,3 @@ properties:
type: string
examples:
- secret

47
schemareader.uc
View File

@@ -6699,31 +6699,6 @@ function instantiateServiceIeee8021x(location, value, errors) {
if (type(value) == "object") {
let obj = {};
function parseCaCertificate(location, value, errors) {
if (type(value) != "string")
push(errors, [ location, "must be of type string" ]);
return value;
}
if (exists(value, "ca-certificate")) {
obj.ca_certificate = parseCaCertificate(location + "/ca-certificate", value["ca-certificate"], errors);
}
function parseUseLocalCertificates(location, value, errors) {
if (type(value) != "bool")
push(errors, [ location, "must be of type boolean" ]);
return value;
}
if (exists(value, "use-local-certificates")) {
obj.use_local_certificates = parseUseLocalCertificates(location + "/use-local-certificates", value["use-local-certificates"], errors);
}
else {
obj.use_local_certificates = false;
}
function parseMode(location, value, errors) {
if (type(value) != "string")
push(errors, [ location, "must be of type string" ]);
@@ -6760,28 +6735,6 @@ function instantiateServiceIeee8021x(location, value, errors) {
obj.port_filter = parsePortFilter(location + "/port-filter", value["port-filter"], errors);
}
function parseServerCertificate(location, value, errors) {
if (type(value) != "string")
push(errors, [ location, "must be of type string" ]);
return value;
}
if (exists(value, "server-certificate")) {
obj.server_certificate = parseServerCertificate(location + "/server-certificate", value["server-certificate"], errors);
}
function parsePrivateKey(location, value, errors) {
if (type(value) != "string")
push(errors, [ location, "must be of type string" ]);
return value;
}
if (exists(value, "private-key")) {
obj.private_key = parsePrivateKey(location + "/private-key", value["private-key"], errors);
}
function parseUsers(location, value, errors) {
if (type(value) == "array") {
return map(value, (item, i) => instantiateInterfaceSsidRadiusLocalUser(location + "/" + i, item, errors));

17
ucentral.schema.full.json
View File

@@ -3023,15 +3023,6 @@
"description": "This section allows enabling wired ieee802.1X",
"type": "object",
"properties": {
"ca-certificate": {
"description": "The local servers CA bundle.",
"type": "string"
},
"use-local-certificates": {
"description": "The device will use its local certificate bundle for the Radius server and ignore all other certificate options in this section.",
"type": "boolean",
"default": false
},
"mode": {
"description": "This field must be set to 'radius or user'",
"type": "string",
@@ -3052,14 +3043,6 @@
]
}
},
"server-certificate": {
"description": "The local servers certificate.",
"type": "string"
},
"private-key": {
"description": "The local servers private key/",
"type": "string"
},
"users": {
"description": "Specifies a collection of local EAP user/psk/vid triplets.",
"type": "array",

13
ucentral.schema.json
View File

@@ -2427,13 +2427,6 @@
"service.ieee8021x": {
"type": "object",
"properties": {
"ca-certificate": {
"type": "string"
},
"use-local-certificates": {
"type": "boolean",
"default": false
},
"mode": {
"type": "string",
"enum": [
@@ -2452,12 +2445,6 @@
]
}
},
"server-certificate": {
"type": "string"
},
"private-key": {
"type": "string"
},
"users": {
"type": "array",
"items": {

17
ucentral.schema.pretty.json
View File

@@ -2771,15 +2771,6 @@
"description": "This section allows enabling wired ieee802.1X",
"type": "object",
"properties": {
"ca-certificate": {
"description": "The local servers CA bundle.",
"type": "string"
},
"use-local-certificates": {
"description": "The device will use its local certificate bundle for the Radius server and ignore all other certificate options in this section.",
"type": "boolean",
"default": false
},
"mode": {
"description": "This field must be set to 'radius or user'",
"type": "string",
@@ -2800,14 +2791,6 @@
]
}
},
"server-certificate": {
"description": "The local servers certificate.",
"type": "string"
},
"private-key": {
"description": "The local servers private key/",
"type": "string"
},
"users": {
"description": "Specifies a collection of local EAP user/psk/vid triplets.",
"type": "array",