feat: added cert manager capability as well as scores to install openshift subscription to community cert-manager operator

Cargo.lock

@@ -1754,24 +1754,6 @@ dependencies = [
  "url",
 ]
 
-[[package]]
-name = "example-ha-cluster"
-version = "0.1.0"
-dependencies = [
- "brocade",
- "cidr",
- "env_logger",
- "harmony",
- "harmony_macros",
- "harmony_secret",
- "harmony_tui",
- "harmony_types",
- "log",
- "serde",
- "tokio",
- "url",
-]
-
 [[package]]
 name = "example-kube-rs"
 version = "0.1.0"
@@ -1960,28 +1942,9 @@ dependencies = [
  "cidr",
  "env_logger",
  "harmony",
- "harmony_cli",
  "harmony_macros",
  "harmony_secret",
- "harmony_types",
+ "harmony_tui",
- "log",
- "serde",
- "tokio",
- "url",
-]
-
-[[package]]
-name = "example-opnsense-node-exporter"
-version = "0.1.0"
-dependencies = [
- "async-trait",
- "cidr",
- "env_logger",
- "harmony",
- "harmony_cli",
- "harmony_macros",
- "harmony_secret",
- "harmony_secret_derive",
  "harmony_types",
  "log",
  "serde",
@@ -2019,6 +1982,25 @@ dependencies = [
  "url",
 ]
 
+[[package]]
+name = "example-opnsense-node-exporter"
+version = "0.1.0"
+dependencies = [
+ "async-trait",
+ "cidr",
+ "env_logger",
+ "harmony",
+ "harmony_cli",
+ "harmony_macros",
+ "harmony_secret",
+ "harmony_secret_derive",
+ "harmony_types",
+ "log",
+ "serde",
+ "tokio",
+ "url",
+]
+
 [[package]]
 name = "example-pxe"
 version = "0.1.0"
@@ -3482,25 +3464,6 @@ dependencies = [
  "thiserror 1.0.69",
 ]
 
-[[package]]
-name = "json-prompt"
-version = "0.1.0"
-dependencies = [
- "brocade",
- "cidr",
- "env_logger",
- "harmony",
- "harmony_cli",
- "harmony_macros",
- "harmony_secret",
- "harmony_secret_derive",
- "harmony_types",
- "log",
- "serde",
- "tokio",
- "url",
-]
-
 [[package]]
 name = "jsonpath-rust"
 version = "0.7.5"
@@ -6099,25 +6062,6 @@ dependencies = [
  "syn 2.0.106",
 ]
 
-[[package]]
-name = "sttest"
-version = "0.1.0"
-dependencies = [
- "brocade",
- "cidr",
- "env_logger",
- "harmony",
- "harmony_cli",
- "harmony_macros",
- "harmony_secret",
- "harmony_secret_derive",
- "harmony_types",
- "log",
- "serde",
- "tokio",
- "url",
-]
-
 [[package]]
 name = "subtle"
 version = "2.6.1"
@@ -7413,7 +7357,7 @@ checksum = "cfe53a6657fd280eaa890a3bc59152892ffa3e30101319d168b781ed6529b049"
 [[package]]
 name = "yaserde"
 version = "0.12.0"
-source = "git+https://github.com/jggc/yaserde.git#2eacb304113beee7270a10b81046d40ed3a99550"
+source = "git+https://github.com/jggc/yaserde.git#adfdb1c5f4d054f114e5bd0ea7bda9c07a369def"
 dependencies = [
  "log",
  "xml-rs",
@@ -7422,7 +7366,7 @@ dependencies = [
 [[package]]
 name = "yaserde_derive"
 version = "0.12.0"
-source = "git+https://github.com/jggc/yaserde.git#2eacb304113beee7270a10b81046d40ed3a99550"
+source = "git+https://github.com/jggc/yaserde.git#adfdb1c5f4d054f114e5bd0ea7bda9c07a369def"
 dependencies = [
  "heck",
  "log",

examples/cert_manager/Cargo.toml

@@ -1,5 +1,5 @@
 [package]
-name = "sttest"
+name = "cert_manager"
 edition = "2024"
 version.workspace = true
 readme.workspace = true
@@ -13,10 +13,7 @@ harmony_types = { path = "../../harmony_types" }
 cidr = { workspace = true }
 tokio = { workspace = true }
 harmony_macros = { path = "../../harmony_macros" }
-harmony_secret = { path = "../../harmony_secret" }
-harmony_secret_derive = { path = "../../harmony_secret_derive" }
 log = { workspace = true }
 env_logger = { workspace = true }
 url = { workspace = true }
-serde = { workspace = true }
+assert_cmd = "2.0.16"
-brocade = { path = "../../brocade" }

examples/cert_manager/src/main.rs

@@ -0,0 +1,26 @@
+use harmony::{
+    inventory::Inventory,
+    modules::{
+        cert_manager::{
+            capability::CertificateManagementConfig, score_k8s::CertificateManagementScore,
+        },
+        postgresql::{PostgreSQLScore, capability::PostgreSQLConfig},
+    },
+    topology::K8sAnywhereTopology,
+};
+
+#[tokio::main]
+async fn main() {
+    let cert_manager = CertificateManagementScore {
+        config: CertificateManagementConfig {},
+    };
+
+    harmony_cli::run(
+        Inventory::autoload(),
+        K8sAnywhereTopology::from_env(),
+        vec![Box::new(cert_manager)],
+        None,
+    )
+    .await
+    .unwrap();
+}

examples/sttest/data

@@ -1 +0,0 @@
-../../data/

examples/sttest/env.sh

@@ -1,4 +0,0 @@
-export HARMONY_SECRET_NAMESPACE=sttest0
-export HARMONY_SECRET_STORE=file
-export HARMONY_DATABASE_URL=sqlite://harmony_sttest0.sqlite
-export RUST_LOG=info

examples/sttest/src/main.rs

@@ -1,41 +0,0 @@
-mod topology;
-
-use crate::topology::{get_inventory, get_topology};
-use harmony::{
-    config::secret::SshKeyPair,
-    data::{FileContent, FilePath},
-    modules::{
-        inventory::HarmonyDiscoveryStrategy,
-        okd::{installation::OKDInstallationPipeline, ipxe::OKDIpxeScore},
-    },
-    score::Score,
-    topology::HAClusterTopology,
-};
-use harmony_secret::SecretManager;
-
-#[tokio::main]
-async fn main() {
-    // env_logger::init();
-
-    let inventory = get_inventory();
-    let topology = get_topology().await;
-
-    let ssh_key = SecretManager::get_or_prompt::<SshKeyPair>().await.unwrap();
-
-    let mut scores: Vec<Box<dyn Score<HAClusterTopology>>> = vec![Box::new(OKDIpxeScore {
-        kickstart_filename: "inventory.kickstart".to_string(),
-        harmony_inventory_agent: "harmony_inventory_agent".to_string(),
-        cluster_pubkey: FileContent {
-            path: FilePath::Relative("cluster_ssh_key.pub".to_string()),
-            content: ssh_key.public,
-        },
-    })];
-
-    // let mut scores: Vec<Box<dyn Score<HAClusterTopology>>> = vec![];
-    scores
-        .append(&mut OKDInstallationPipeline::get_all_scores(HarmonyDiscoveryStrategy::MDNS).await);
-
-    harmony_cli::run(inventory, topology, scores, None)
-        .await
-        .unwrap();
-}

examples/sttest/src/topology.rs

@@ -1,99 +0,0 @@
-use cidr::Ipv4Cidr;
-use harmony::{
-    hardware::{Location, SwitchGroup},
-    infra::{brocade::UnmanagedSwitch, opnsense::OPNSenseManagementInterface},
-    inventory::Inventory,
-    topology::{HAClusterTopology, LogicalHost, UnmanagedRouter},
-};
-use harmony_macros::{ip, ipv4};
-use harmony_secret::{Secret, SecretManager};
-use serde::{Deserialize, Serialize};
-use std::{
-    net::IpAddr,
-    sync::{Arc, OnceLock},
-};
-
-#[derive(Secret, Serialize, Deserialize, Debug, PartialEq)]
-struct OPNSenseFirewallConfig {
-    username: String,
-    password: String,
-}
-
-pub async fn get_topology() -> HAClusterTopology {
-    let firewall = harmony::topology::LogicalHost {
-        ip: ip!("192.168.40.1"),
-        name: String::from("fw0"),
-    };
-
-    let switch_client = UnmanagedSwitch::init()
-        .await
-        .expect("Failed to connect to switch");
-
-    let switch_client = Arc::new(switch_client);
-
-    let config = SecretManager::get_or_prompt::<OPNSenseFirewallConfig>().await;
-    let config = config.unwrap();
-
-    let opnsense = Arc::new(
-        harmony::infra::opnsense::OPNSenseFirewall::new(
-            firewall,
-            None,
-            &config.username,
-            &config.password,
-        )
-        .await,
-    );
-    let lan_subnet = ipv4!("192.168.40.0");
-    let gateway_ipv4 = ipv4!("192.168.40.1");
-    let gateway_ip = IpAddr::V4(gateway_ipv4);
-    harmony::topology::HAClusterTopology {
-        kubeconfig: None,
-        domain_name: "sttest0.harmony.mcd".to_string(),
-        router: Arc::new(UnmanagedRouter::new(
-            gateway_ip,
-            Ipv4Cidr::new(lan_subnet, 24).unwrap(),
-        )),
-        load_balancer: opnsense.clone(),
-        firewall: opnsense.clone(),
-        tftp_server: opnsense.clone(),
-        http_server: opnsense.clone(),
-        dhcp_server: opnsense.clone(),
-        dns_server: opnsense.clone(),
-        control_plane: vec![
-            LogicalHost {
-                ip: ip!("192.168.40.20"),
-                name: "cp0".to_string(),
-            },
-            LogicalHost {
-                ip: ip!("192.168.40.21"),
-                name: "cp1".to_string(),
-            },
-            LogicalHost {
-                ip: ip!("192.168.40.22"),
-                name: "cp2".to_string(),
-            },
-        ],
-        bootstrap_host: LogicalHost {
-            ip: ip!("192.168.40.10"),
-            name: "bootstrap".to_string(),
-        },
-        workers: vec![LogicalHost {
-            ip: ip!("192.168.40.30"),
-            name: "wk0".to_string(),
-        }],
-        node_exporter: opnsense.clone(),
-        switch_client: switch_client.clone(),
-        network_manager: OnceLock::new(),
-    }
-}
-
-pub fn get_inventory() -> Inventory {
-    Inventory {
-        location: Location::new("Sylvain's basement".to_string(), "Charlesbourg".to_string()),
-        switch: SwitchGroup::from([]),
-        firewall_mgmt: Box::new(OPNSenseManagementInterface::new()),
-        storage_host: vec![],
-        worker_host: vec![],
-        control_plane_host: vec![],
-    }
-}

harmony/src/domain/topology/k8s_anywhere/k8s_anywhere.rs

@@ -17,6 +17,10 @@ use crate::{
     interpret::InterpretStatus,
     inventory::Inventory,
     modules::{
+        cert_manager::{
+            capability::{CertificateManagement, CertificateManagementConfig},
+            operator::CertManagerOperatorScore,
+        },
         k3d::K3DInstallationScore,
         k8s::ingress::{K8sIngressScore, PathType},
         monitoring::{
@@ -359,6 +363,27 @@ impl Serialize for K8sAnywhereTopology {
     }
 }
 
+#[async_trait]
+impl CertificateManagement for K8sAnywhereTopology {
+    async fn install(
+        &self,
+        config: &CertificateManagementConfig,
+    ) -> Result<PreparationOutcome, PreparationError> {
+        let cert_management_operator = CertManagerOperatorScore::default();
+
+        cert_management_operator
+            .interpret(&Inventory::empty(), self)
+            .await
+            .map_err(|e| PreparationError { msg: e.to_string() })?;
+        Ok(PreparationOutcome::Success {
+            details: format!(
+                "Installed cert-manager into ns: {}",
+                cert_management_operator.namespace
+            ),
+        })
+    }
+}
+
 impl K8sAnywhereTopology {
     pub fn from_env() -> Self {
         Self {

harmony/src/modules/cert_manager/capability.rs

@@ -0,0 +1,18 @@
+use async_trait::async_trait;
+use serde::Serialize;
+
+use crate::{
+    interpret::Outcome,
+    topology::{PreparationError, PreparationOutcome},
+};
+
+#[async_trait]
+pub trait CertificateManagement: Send + Sync {
+    async fn install(
+        &self,
+        config: &CertificateManagementConfig,
+    ) -> Result<PreparationOutcome, PreparationError>;
+}
+
+#[derive(Debug, Clone, Serialize)]
+pub struct CertificateManagementConfig {}

harmony/src/modules/cert_manager/mod.rs

@@ -1,3 +1,6 @@
+pub mod capability;
 pub mod cluster_issuer;
 mod helm;
+pub mod operator;
+pub mod score_k8s;
 pub use helm::*;

harmony/src/modules/cert_manager/operator.rs

@@ -0,0 +1,64 @@
+use kube::api::ObjectMeta;
+use serde::Serialize;
+
+use crate::{
+    interpret::Interpret,
+    modules::k8s::{
+        apps::crd::{Subscription, SubscriptionSpec},
+        resource::K8sResourceScore,
+    },
+    score::Score,
+    topology::{K8sclient, Topology, k8s::K8sClient},
+};
+
+/// Install the Cert-Manager Operator via RedHat Community Operators registry.redhat.io/redhat/community-operator-index:v4.19
+/// This Score creates a Subscription CR in the specified namespace
+
+#[derive(Debug, Clone, Serialize)]
+pub struct CertManagerOperatorScore {
+    pub namespace: String,
+    pub channel: String,
+    pub install_plan_approval: String,
+    pub source: String,
+    pub source_namespace: String,
+}
+
+impl Default for CertManagerOperatorScore {
+    fn default() -> Self {
+        Self {
+            namespace: "openshift-operators".to_string(),
+            channel: "stable".to_string(),
+            install_plan_approval: "Automatic".to_string(),
+            source: "community-operators".to_string(),
+            source_namespace: "openshift-marketplace".to_string(),
+        }
+    }
+}
+
+impl<T: Topology + K8sclient> Score<T> for CertManagerOperatorScore {
+    fn name(&self) -> String {
+        "CertManagerOperatorScore".to_string()
+    }
+
+    fn create_interpret(&self) -> Box<dyn Interpret<T>> {
+        let metadata = ObjectMeta {
+            name: Some("cert-manager".to_string()),
+            namespace: Some(self.namespace.clone()),
+            ..ObjectMeta::default()
+        };
+
+        let spec = SubscriptionSpec {
+            channel: Some(self.channel.clone()),
+            config: None,
+            install_plan_approval: Some(self.install_plan_approval.clone()),
+            name: "cert-manager".to_string(),
+            source: self.source.clone(),
+            source_namespace: self.source_namespace.clone(),
+            starting_csv: None,
+        };
+
+        let subscription = Subscription { metadata, spec };
+
+        K8sResourceScore::single(subscription, Some(self.namespace.clone())).create_interpret()
+    }
+}

harmony/src/modules/cert_manager/score_k8s.rs

@@ -0,0 +1,66 @@
+use async_trait::async_trait;
+use harmony_types::id::Id;
+use serde::Serialize;
+
+use crate::{
+    data::Version,
+    interpret::{Interpret, InterpretError, InterpretName, InterpretStatus, Outcome},
+    inventory::Inventory,
+    modules::cert_manager::capability::{CertificateManagement, CertificateManagementConfig},
+    score::Score,
+    topology::Topology,
+};
+
+#[derive(Debug, Clone, Serialize)]
+pub struct CertificateManagementScore {
+    pub config: CertificateManagementConfig,
+}
+
+impl<T: Topology + CertificateManagement> Score<T> for CertificateManagementScore {
+    fn name(&self) -> String {
+        "CertificateManagementScore".to_string()
+    }
+
+    fn create_interpret(&self) -> Box<dyn Interpret<T>> {
+        Box::new(CertificateManagementInterpret {
+            config: self.config.clone(),
+        })
+    }
+}
+
+#[derive(Debug)]
+struct CertificateManagementInterpret {
+    config: CertificateManagementConfig,
+}
+
+#[async_trait]
+impl<T: Topology + CertificateManagement> Interpret<T> for CertificateManagementInterpret {
+    async fn execute(
+        &self,
+        inventory: &Inventory,
+        topology: &T,
+    ) -> Result<Outcome, InterpretError> {
+        let cert_management = topology
+            .install(&self.config)
+            .await
+            .map_err(|e| InterpretError::new(e.to_string()))?;
+
+        Ok(Outcome::success(format!("Installed CertificateManagement")))
+    }
+
+    fn get_name(&self) -> InterpretName {
+        InterpretName::Custom("CertificateManagementInterpret")
+    }
+
+    fn get_version(&self) -> Version {
+        todo!()
+    }
+
+    fn get_status(&self) -> InterpretStatus {
+        todo!()
+    }
+
+    fn get_children(&self) -> Vec<Id> {
+        todo!()
+    }
+}

harmony/src/modules/okd/bootstrap_04_workers.rs

@@ -22,7 +22,7 @@ pub struct OKDSetup04WorkersScore {
 impl Score<HAClusterTopology> for OKDSetup04WorkersScore {
     fn create_interpret(&self) -> Box<dyn Interpret<HAClusterTopology>> {
         Box::new(OKDNodeInterpret::new(
-            HostRole::Worker,
+            HostRole::ControlPlane,
             self.discovery_strategy.clone(),
         ))
     }

opnsense-config-xml/Cargo.toml

@@ -9,7 +9,6 @@ license.workspace = true
 serde = { version = "1.0.123", features = [ "derive" ] }
 log = { workspace = true }
 env_logger = { workspace = true }
-#yaserde = { path = "../../yaserde/yaserde" }
 yaserde = { git = "https://github.com/jggc/yaserde.git" }
 yaserde_derive = { git = "https://github.com/jggc/yaserde.git" }
 xml-rs = "0.8"

opnsense-config-xml/src/data/caddy.rs

@@ -8,8 +8,6 @@ pub struct Pischem {
 
 #[derive(Default, PartialEq, Debug, YaSerialize, YaDeserialize)]
 pub struct Caddy {
-    #[yaserde(attribute = true)]
-    pub version: Option<String>,
     pub general: CaddyGeneral,
     pub reverseproxy: MaybeString,
 }

opnsense-config-xml/src/data/dnsmasq.rs

@@ -8,8 +8,6 @@ pub struct DnsMasq {
     pub version: String,
     #[yaserde(attribute = true)]
     pub persisted_at: Option<String>,
-    #[yaserde(attribute = true)]
-    pub description: Option<String>,
 
     pub enable: u8,
     pub regdhcp: u8,
@@ -25,7 +23,7 @@ pub struct DnsMasq {
     pub dnssec: u8,
     pub regdhcpdomain: MaybeString,
     pub interface: Option<String>,
-    pub port: Option<MaybeString>,
+    pub port: Option<u32>,
     pub dns_forward_max: MaybeString,
     pub cache_size: MaybeString,
     pub local_ttl: MaybeString,
@@ -75,8 +73,6 @@ pub struct Dhcp {
     pub reply_delay: MaybeString,
     pub enable_ra: u8,
     pub nosync: u8,
-    pub log_dhcp: Option<u8>,
-    pub log_quiet: Option<u8>,
 }
 
 // Represents a single <dhcp_ranges> element.

opnsense-config-xml/src/data/haproxy.rs

@@ -598,7 +598,7 @@ pub struct HAProxyServer {
     pub ssl_client_certificate: MaybeString,
     #[yaserde(rename = "maxConnections")]
     pub max_connections: MaybeString,
-    pub weight: Option<MaybeString>,
+    pub weight: Option<u32>,
     #[yaserde(rename = "checkInterval")]
     pub check_interval: MaybeString,
     #[yaserde(rename = "checkDownInterval")]

opnsense-config-xml/src/data/opnsense.rs

@@ -30,7 +30,6 @@ pub struct OPNsense {
     pub staticroutes: StaticRoutes,
     pub ca: MaybeString,
     pub gateways: Option<RawXml>,
-    pub hostwatch: Option<RawXml>,
     pub cert: Vec<Cert>,
     pub dhcpdv6: DhcpDv6,
     pub virtualip: VirtualIp,
@@ -163,15 +162,11 @@ pub struct Username {
 
 #[derive(Default, PartialEq, Debug, YaSerialize, YaDeserialize)]
 pub struct Sysctl {
-    #[yaserde(attribute = true)]
-    pub version: Option<String>,
     pub item: Vec<SysctlItem>,
 }
 
 #[derive(Default, PartialEq, Debug, YaSerialize, YaDeserialize)]
 pub struct SysctlItem {
-    #[yaserde(attribute = true)]
-    pub uuid: Option<String>,
     pub descr: Option<MaybeString>,
     pub tunable: Option<String>,
     pub value: Option<MaybeString>,
@@ -179,8 +174,6 @@ pub struct SysctlItem {
 
 #[derive(Default, PartialEq, Debug, YaSerialize, YaDeserialize)]
 pub struct System {
-    #[yaserde(attribute = true)]
-    pub uuid: Option<String>,
     pub use_mfs_tmp: Option<MaybeString>,
     pub use_mfs_var: Option<MaybeString>,
     pub serialspeed: u32,
@@ -275,8 +268,6 @@ pub struct Bogons {
 
 #[derive(Default, PartialEq, Debug, YaSerialize, YaDeserialize)]
 pub struct Group {
-    #[yaserde(attribute = true)]
-    pub uuid: Option<String>,
     pub name: String,
     pub description: Option<String>,
     pub scope: String,
@@ -289,8 +280,6 @@ pub struct Group {
 
 #[derive(Default, PartialEq, Debug, YaSerialize, YaDeserialize)]
 pub struct User {
-    #[yaserde(attribute = true)]
-    pub uuid: Option<String>,
     pub name: String,
     pub descr: MaybeString,
     pub scope: String,
@@ -474,8 +463,6 @@ pub struct OPNsenseXmlSection {
     pub openvpn: ConfigOpenVPN,
     #[yaserde(rename = "Gateways")]
     pub gateways: RawXml,
-    #[yaserde(rename = "Hostwatch")]
-    pub hostwatch: Option<RawXml>,
     #[yaserde(rename = "HAProxy")]
     pub haproxy: Option<HAProxy>,
 }
@@ -1156,9 +1143,9 @@ pub struct UnboundGeneral {
     pub dns64: MaybeString,
     pub dns64prefix: MaybeString,
     pub noarecords: MaybeString,
-    pub regdhcp: Option<MaybeString>,
+    pub regdhcp: Option<i8>,
     pub regdhcpdomain: MaybeString,
-    pub regdhcpstatic: Option<MaybeString>,
+    pub regdhcpstatic: Option<i8>,
     pub noreglladdr6: MaybeString,
     pub noregrecords: MaybeString,
     pub txtsupport: MaybeString,
@@ -1166,27 +1153,27 @@ pub struct UnboundGeneral {
     pub local_zone_type: String,
     pub outgoing_interface: MaybeString,
     pub enable_wpad: MaybeString,
-    pub safesearch: Option<MaybeString>,
+    pub safesearch: MaybeString,
 }
 
 #[derive(Default, PartialEq, Debug, YaSerialize, YaDeserialize)]
 pub struct Advanced {
-    pub hideidentity: Option<MaybeString>,
+    pub hideidentity: Option<i8>,
-    pub hideversion: Option<MaybeString>,
+    pub hideversion: Option<i8>,
-    pub prefetch: Option<MaybeString>,
+    pub prefetch: Option<i8>,
-    pub prefetchkey: Option<MaybeString>,
+    pub prefetchkey: Option<i8>,
-    pub dnssecstripped: Option<MaybeString>,
+    pub dnssecstripped: Option<i8>,
     pub aggressivensec: Option<i8>,
-    pub serveexpired: Option<MaybeString>,
+    pub serveexpired: Option<i8>,
     pub serveexpiredreplyttl: MaybeString,
     pub serveexpiredttl: MaybeString,
-    pub serveexpiredttlreset: Option<MaybeString>,
+    pub serveexpiredttlreset: Option<i32>,
     pub serveexpiredclienttimeout: MaybeString,
-    pub qnameminstrict: Option<MaybeString>,
+    pub qnameminstrict: Option<i32>,
-    pub extendedstatistics: Option<MaybeString>,
+    pub extendedstatistics: Option<i32>,
-    pub logqueries: Option<MaybeString>,
+    pub logqueries: Option<i32>,
-    pub logreplies: Option<MaybeString>,
+    pub logreplies: Option<i32>,
-    pub logtagqueryreply: Option<MaybeString>,
+    pub logtagqueryreply: Option<i32>,
     pub logservfail: MaybeString,
     pub loglocalactions: MaybeString,
     pub logverbosity: i32,
@@ -1229,12 +1216,12 @@ pub struct Dnsbl {
     pub blocklists: Option<MaybeString>,
     pub wildcards: Option<MaybeString>,
     pub address: Option<MaybeString>,
-    pub nxdomain: Option<MaybeString>,
+    pub nxdomain: Option<i32>,
 }
 
 #[derive(Default, PartialEq, Debug, YaSerialize, YaDeserialize)]
 pub struct Forwarding {
-    pub enabled: Option<MaybeString>,
+    pub enabled: Option<i32>,
 }
 
 #[derive(Default, PartialEq, Debug, YaSerialize, YaDeserialize)]
@@ -1256,7 +1243,7 @@ pub struct Host {
     pub ttl: Option<MaybeString>,
     pub server: String,
     pub description: Option<String>,
-    pub txtdata: Option<MaybeString>,
+    pub txtdata: MaybeString,
 }
 
 impl Host {
@@ -1272,7 +1259,7 @@ impl Host {
             ttl: Some(MaybeString::default()),
             mx: MaybeString::default(),
             description: None,
-            txtdata: Some(MaybeString::default()),
+            txtdata: MaybeString::default(),
         }
     }
 }
@@ -1434,7 +1421,7 @@ pub struct StaticRoutes {
     #[yaserde(attribute = true)]
     pub version: String,
     #[yaserde(rename = "route")]
-    pub route: Option<RawXml>,
+    pub route: Option<MaybeString>,
 }
 
 #[derive(Default, PartialEq, Debug, YaSerialize, YaDeserialize)]

opnsense-config/src/config/config.rs

@@ -234,15 +234,14 @@ mod tests {
     #[tokio::test]
     async fn test_load_config_from_local_file() {
         for path in [
-            "src/tests/data/config-opnsense-25.1.xml",
+            // "src/tests/data/config-opnsense-25.1.xml",
-            "src/tests/data/config-vm-test.xml",
+            // "src/tests/data/config-vm-test.xml",
             "src/tests/data/config-structure.xml",
             "src/tests/data/config-full-1.xml",
             // "src/tests/data/config-full-ncd0.xml",
             // "src/tests/data/config-full-25.7.xml",
             // "src/tests/data/config-full-25.7-dummy-dnsmasq-options.xml",
             "src/tests/data/config-25.7-dnsmasq-static-host.xml",
-            "src/tests/data/config-full-25.7.11_2.xml",
         ] {
             let mut test_file_path = PathBuf::from(env!("CARGO_MANIFEST_DIR"));
             test_file_path.push(path);

opnsense-config/src/modules/dns.rs

@@ -1,4 +1,4 @@
-use opnsense_config_xml::{Host, MaybeString, OPNsense};
+use opnsense_config_xml::{Host, OPNsense};
 
 pub struct UnboundDnsConfig<'a> {
     opnsense: &'a mut OPNsense,
@@ -31,8 +31,7 @@ impl<'a> UnboundDnsConfig<'a> {
             None => todo!("Handle case where unboundplus is not used"),
         };
 
-        unbound.general.regdhcp = Some(MaybeString::from_bool_as_int("regdhcp", register));
+        unbound.general.regdhcp = Some(register as i8);
-        unbound.general.regdhcpstatic =
+        unbound.general.regdhcpstatic = Some(register as i8);
-            Some(MaybeString::from_bool_as_int("regdhcpstatic", register));
     }
 }

opnsense-config/src/tests/data/config-full-ncd0.xml

@@ -271,6 +271,7 @@
     </firmware>
     <language>en_US</language>
     <dnsserver>1.1.1.1</dnsserver>
+    <dnsserver>8.8.8.8</dnsserver>
     <dns1gw>none</dns1gw>
     <dns2gw>none</dns2gw>
     <dns3gw>none</dns3gw>

opnsense-config/src/tests/data/config-opnsense-25.1.xml

@@ -30,17 +30,28 @@
     <item uuid="b6b18051-830f-4b27-81ec-f772b14681e2">
       <tunable>net.inet.ip.sourceroute</tunable>
       <value>default</value>
-      <descr>Source routing is another way for an attacker to try to reach non-routable addresses behind your box. It can also be used to probe for information about your internal networks. These functions come enabled as part of the standard FreeBSD core system.</descr>
+      <descr>
+        Source routing is another way for an attacker to try to reach non-routable addresses behind your box.
+        It can also be used to probe for information about your internal networks. These functions come enabled
+        as part of the standard FreeBSD core system.
+      </descr>
     </item>
     <item uuid="ea21409c-62d6-4040-aa2b-36bd01af5578">
       <tunable>net.inet.ip.accept_sourceroute</tunable>
       <value>default</value>
-      <descr>Source routing is another way for an attacker to try to reach non-routable addresses behind your box. It can also be used to probe for information about your internal networks. These functions come enabled as part of the standard FreeBSD core system.</descr>
+      <descr>
+        Source routing is another way for an attacker to try to reach non-routable addresses behind your box.
+        It can also be used to probe for information about your internal networks. These functions come enabled
+        as part of the standard FreeBSD core system.
+      </descr>
     </item>
     <item uuid="1613256c-ef7e-4b53-a44c-234440046293">
       <tunable>net.inet.icmp.log_redirect</tunable>
       <value>default</value>
-      <descr>This option turns off the logging of redirect packets because there is no limit and this could fill up your logs consuming your whole hard drive.</descr>
+      <descr>
+        This option turns off the logging of redirect packets because there is no limit and this could fill
+        up your logs consuming your whole hard drive.
+      </descr>
     </item>
     <item uuid="1ba88c72-6e5b-4f19-abba-351c2b76d5dc">
       <tunable>net.inet.tcp.drop_synfin</tunable>
@@ -170,7 +181,9 @@
     <item uuid="2c42ae2f-a7bc-48cb-b27d-db72e738e80b">
       <tunable>net.inet.ip.redirect</tunable>
       <value>default</value>
-      <descr>Enable/disable sending of ICMP redirects in response to IP packets for which a better, and for the sender directly reachable, route and next hop is known.</descr>
+      <descr>Enable/disable sending of ICMP redirects in response to IP packets for which a better,
+        and for the sender directly reachable, route and next hop is known.
+      </descr>
     </item>
     <item uuid="7d315fb1-c638-4b79-9f6c-240b41e6d643">
       <tunable>net.local.dgram.maxdgram</tunable>
@@ -925,3 +938,4 @@
   </cert>
   <syslog/>
 </opnsense>
+

opnsense-config/src/tests/data/config-vm-test.xml

@@ -28,17 +28,28 @@
       <value>default</value>
     </item>
     <item>
-      <descr>Source routing is another way for an attacker to try to reach non-routable addresses behind your box. It can also be used to probe for information about your internal networks. These functions come enabled as part of the standard FreeBSD core system.</descr>
+      <descr>
+        Source routing is another way for an attacker to try to reach non-routable addresses behind your box.
+        It can also be used to probe for information about your internal networks. These functions come enabled
+        as part of the standard FreeBSD core system.
+      </descr>
       <tunable>net.inet.ip.sourceroute</tunable>
       <value>default</value>
     </item>
     <item>
-      <descr>Source routing is another way for an attacker to try to reach non-routable addresses behind your box. It can also be used to probe for information about your internal networks. These functions come enabled as part of the standard FreeBSD core system.</descr>
+      <descr>
+        Source routing is another way for an attacker to try to reach non-routable addresses behind your box.
+        It can also be used to probe for information about your internal networks. These functions come enabled
+        as part of the standard FreeBSD core system.
+      </descr>
       <tunable>net.inet.ip.accept_sourceroute</tunable>
       <value>default</value>
     </item>
     <item>
-      <descr>This option turns off the logging of redirect packets because there is no limit and this could fill up your logs consuming your whole hard drive.</descr>
+      <descr>
+        This option turns off the logging of redirect packets because there is no limit and this could fill
+        up your logs consuming your whole hard drive.
+      </descr>
       <tunable>net.inet.icmp.log_redirect</tunable>
       <value>default</value>
     </item>
@@ -168,7 +179,9 @@
       <value>default</value>
     </item>
     <item>
-      <descr>Enable/disable sending of ICMP redirects in response to IP packets for which a better, and for the sender directly reachable, route and next hop is known.</descr>
+      <descr>Enable/disable sending of ICMP redirects in response to IP packets for which a better,
+        and for the sender directly reachable, route and next hop is known.
+      </descr>
       <tunable>net.inet.ip.redirect</tunable>
       <value>default</value>
     </item>