Add "secret" and "hidden" properties to the reference tree
Closed, ResolvedPublic

Description

The purpose of "secret" nodes is to hide their values from unprivileged users in the config output, or in output option meant specifically for sharing configs on the internet. It should display something like "*****" instead of the actual value in this case.
The purpose of "hidden" option can be used either a soft feature toggle for hiding experimental features, or for hiding "dangerous" commands that mess up with system internals and shouldn't be used without complete understanding of why they are there and what exactly they do, or for the more frivolous purpose of adding easter eggs.

Before we even decide how it should look in the CLI and config output, we need to add it to the interface definition schema, and to the reference tree module.

Here's what it takes:

  • Add <hidden/> and <secret/> tags to the RELAX-NG schema of the interface definitions (data/schemata/interface_definition.rnc), you can use the "multi" and "valueless" for the reference
  • Add "secret: bool" and "hidden: bool" fields to the ref_node_data record type in the Reference_tree module (src/reference_tree.ml) and its interface (src/reference_tree.mli)
  • Add those fields with default value of false to the default_data record
  • Add cases for loading those properties to the data_from_xml function (again, use the cases for "multi" and "valueless" for the reference)
  • Add is_secret and is_hidden function by analogy with the is_multi function
  • Add unit tests, by analogi with https://github.com/vyos/vyconf/blob/master/test/reference_tree_test.ml#L64-L72 (needs corresponding nodes in test/data/interface_definition_sample.xml, "system login password" is a perfect candidate for a "secret" node, and for hidden, we can just make something up)

Details

Difficulty level
Easy (less than an hour)
dmbaturin closed this task as Resolved.Dec 22 2016, 1:43 AM
dmbaturin claimed this task.

Thanks! Unit tests pass.

I'll need to add it to CI so that everyone can see that they pass, but that's for another task.

Awesome. I don't know if it's just me but I get a 502 Bad Gateway when accessing https://ci.vyos.net/

I get a 502 Bad Gateway too.
Is this related? https://phabricator.vyos.net/T222

Yes, related. I was just talking to myself really, we get the CI back first, and then we can look into adding vyconf to it.