o extend model with authgroup type (currently only for OpenVPN)
o add controller action to list user groups
o modify alias form to show group list in a similar way as network groups, simplify some of the code to prevent copying.
o add AuthGroup parser to glue the output of list_group_members.php and ovpn_status.py to a set of addresses per group for our new authgroup alias type to use
o hook 'learn-address' event in openvpn to trigger an alias update
Although theoretically we could pass addresses and common_names from learn-address further in our pipeline, for now we choose to use a common approach which should always offer the correct dataset (also after changing aliases and re-applying them). If for some reason this isn't fast enough, there are always options available to improve the situation, but usually at a cost in terms of complexity.
Replace a few easy spots. Eventually we want to call both
functions for each spot instead of doing both (in switching order)
or only one of them. They are both cheap operations since they
don't (re)start DNS processes any longer.
Cleanup alias handling uniforming operations so new types can be adopted more easily.
o move all pf actions to it's own class
o move all alias related modules to l`ib/alias`
o move AliasParser to alias.py to make update_tables.py more readable
o add targetted alias (type) updates (update a list of aliases including dependencies)
o cache non managed aliases as well, so targeted updates have the opportunity to nest these (interface or bogus aliases for example)
o refactor cleanup a bit to store and keep "txt" files for external aliases
o add `BaseContentParser` type which should be inherited by all parsers and wrap existing types into the new base class.
o add unit tests for all current parsers.
We are forcing a renew now when required anyway and if we keep the
cache file we can flush when it matters and bridge the gap between
same IP addresses with a non-address reload being triggered in between.
Go the extra mile now that we know we reached the bottom of the
barrel with reload functionality. The new guard is already working
so we can unconditionally run the second half as we already do in
IPv6 variant.
Eventually the old gui code should be replaced as well, but this is an easy to release step in between offering nearly the same output (p2p's presentation is aligned with server in stead of client) with code we are able to reuse for the openvpn aliases.
