* Multi-socket feature (eg IPv4/IPv6 http/https) to restconf evhtp

* Added by-ref parameter to `ys_cv_validate()` returning which sub-yang spec was validated in a union.
2020-11-15 12:33:20 +01:00 · 2020-11-15 12:33:20 +01:00 · 6eb18da5e9
commit 6eb18da5e9
parent 707685f5ff
13 changed files with 683 additions and 382 deletions
--- a/yang/clixon/clixon-restconf@2020-10-30.yang
+++ b/yang/clixon/clixon-restconf@2020-10-30.yang
@ -57,10 +57,6 @@ module clixon-restconf {
 		description
 		"PAM password auth";
 	    }
-	    enum none {
-		description
-		"No authentication, no security.";
-	    }
 	}
 	description
 	    "Enumeration of HTTP authorization types.";
@ -91,31 +87,22 @@ module clixon-restconf {
 	presence "Enables RESTCONF";
 	description
 	    "HTTP daemon configuration.";
-	list socket {
-	    key "namespace address port";
-	    leaf namespace {
-		type string;
-		description "indicates a namespace for instance. On platforms where namespaces are not suppported, always 'default'";
-	    }
-	    leaf address {
-		type inet:ip-address;
-		description "IP address to bind to";
-	    }
-	    leaf port {
-		type inet:port-number;
-		description "IP port to bind to";
-	    }
-	    leaf ssl {
-		type boolean;
-		default true;
-		description "Enable for HTTPS otherwise HTTP protocol";
-	    }
+	leaf ssl-enable {
+	    description
+		"Enable ssl server functionality.
+                 Setting to false means the following are invalid: 
+                   - auth-type=client-certificate 
+                   - socket entries with ssl=true
+                  Also, the following are not releveant: server-cert-path, server-key-path, 
+                  server-ca-cert-path";
+	    type boolean;
+	    default false;
 	}
-	leaf auth-type {
+	leaf-list auth-type {
 	    type http-auth-type;
 	    description
 		"The authentication type.
-                 Note client-certificate applies only if socket has ssl enabled";
+                 Note client-certificate applies only if ssl-enable is true and socket has ssl";
 	}
 	leaf server-cert-path {
 	    type string;
@ -141,6 +128,26 @@ module clixon-restconf {
 	    default "/etc/ssl/certs/clixon-ca_crt.pem";
 	    /* CLICON_SSL_CA_CERT */
 	}
+	list socket {
+	    key "namespace address port";
+	    leaf namespace {
+		type string;
+		description "indicates a namespace for instance. On platforms where namespaces are not suppported, always 'default'";
+	    }
+	    leaf address {
+		type inet:ip-address;
+		description "IP address to bind to";
+	    }
+	    leaf port {
+		type inet:port-number;
+		description "IP port to bind to";
+	    }
+	    leaf ssl {
+		type boolean;
+		default true;
+		description "Enable for HTTPS otherwise HTTP protocol";
+	    }
+	}
    }
    rpc restconf-control {
 	input {