From 8b85817a716832df959a8fb2e3bc64a148276e0c Mon Sep 17 00:00:00 2001
From: Durand Fabrice <oeufdure@gmail.com>
Date: Tue, 15 Nov 2022 10:56:57 -0500
Subject: [PATCH 001/103] Rewrite destination address if it's from docker to
 the management ip address.

---
 lib/pf/iptables.pm | 21 ++++++++++++++++++---
 1 file changed, 18 insertions(+), 3 deletions(-)

diff --git a/lib/pf/iptables.pm b/lib/pf/iptables.pm
index 53b9167bbd07..972883223980 100644
--- a/lib/pf/iptables.pm
+++ b/lib/pf/iptables.pm
@@ -161,9 +161,7 @@ sub iptables_generate {
     push @pfconnector_ips, $management_network->{Tip};
     @pfconnector_ips = uniq sort @pfconnector_ips;
     for my $ip (@pfconnector_ips) {
-        for my $dport (23001..23256) {
-            $tags{'pfconnector'} .= "-A input-management-if --protocol tcp --match tcp -s $ip --dport $dport --jump ACCEPT\n";
-        }
+        $tags{'pfconnector'} .= "-A input-management-if --protocol tcp --match multiport -s $ip --dports 23001:23256 -j ACCEPT\n";
     }
 
     # eduroam RADIUS virtual-server
@@ -204,6 +202,9 @@ sub iptables_generate {
     #NAT Intercept Proxy
     $self->generate_interception_rules(\$tags{'nat_if_src_to_chain'},\$tags{'nat_prerouting_vlan'},\$tags{'input_inter_vlan_if'} );
 
+    #DNAT traffic from docker to mgmt ip
+    $self->generate_dnat_from_docker(\$tags{'nat_if_src_to_chain'});
+
     # OAuth
     my $passthrough_enabled = (isenabled($Config{'fencing'}{'passthrough'}) || isenabled($Config{'fencing'}{'isolation_passthrough'}));
 
@@ -859,6 +860,20 @@ sub generate_netflow_rules {
     }
 }
 
+=item generate_dnat_from_docker
+
+DNAT to 100.64.0.1 the traffic coming from docker image to management ip address.
+
+=cut
+
+sub generate_dnat_from_docker {
+    my ($self, $nat_if_src_to_chain) = @_;
+    my $logger = get_logger();
+
+    my $mgmt_ip = (defined($management_network->tag('vip'))) ? $management_network->tag('vip') : $management_network->tag('ip');
+    $$nat_if_src_to_chain .= "-A PREROUTING --protocol udp -s 100.64.0.0/10 -d $mgmt_ip --jump DNAT --to 100.64.0.1\n";
+}
+
 =back
 
 =head1 AUTHOR

From 995726129b4a7a76da19e0d71674e42a057cc3b5 Mon Sep 17 00:00:00 2001
From: jegoi <13801368+JeGoi@users.noreply.github.com>
Date: Wed, 19 Oct 2022 16:30:44 -0400
Subject: [PATCH 002/103] [Venom] Security test random mac: first commit

---
 .../scenarios/inline/playbooks/run_tests.yml  |   2 +
 .../00_setup_network.yml                      |  52 ++++
 .../05_setup_packetfence.yml                  | 288 ++++++++++++++++++
 .../07_prepare_security_event_random_mac.yml  |  24 ++
 .../10_client_start.yml                       |  37 +++
 .../security_event_random_mac/30_tests.yml    |  53 ++++
 .../security_event_random_mac/Diagram.png     | Bin 0 -> 24599 bytes
 .../security_event_random_mac/TESTSUITE.md    |  29 ++
 .../teardown/00_client_stop.yml               |  17 ++
 .../teardown/05_deconfigure_packetfence.yml   | 120 ++++++++
 .../teardown/10_remove_network.yml            |  16 +
 t/venom/vars/all.yml                          |   9 +
 12 files changed, 647 insertions(+)
 create mode 100644 t/venom/test_suites/security_event_random_mac/00_setup_network.yml
 create mode 100644 t/venom/test_suites/security_event_random_mac/05_setup_packetfence.yml
 create mode 100644 t/venom/test_suites/security_event_random_mac/07_prepare_security_event_random_mac.yml
 create mode 100644 t/venom/test_suites/security_event_random_mac/10_client_start.yml
 create mode 100644 t/venom/test_suites/security_event_random_mac/30_tests.yml
 create mode 100644 t/venom/test_suites/security_event_random_mac/Diagram.png
 create mode 100644 t/venom/test_suites/security_event_random_mac/TESTSUITE.md
 create mode 100644 t/venom/test_suites/security_event_random_mac/teardown/00_client_stop.yml
 create mode 100644 t/venom/test_suites/security_event_random_mac/teardown/05_deconfigure_packetfence.yml
 create mode 100644 t/venom/test_suites/security_event_random_mac/teardown/10_remove_network.yml

diff --git a/t/venom/scenarios/inline/playbooks/run_tests.yml b/t/venom/scenarios/inline/playbooks/run_tests.yml
index 1446c6e37a95..ebd5f31d0788 100644
--- a/t/venom/scenarios/inline/playbooks/run_tests.yml
+++ b/t/venom/scenarios/inline/playbooks/run_tests.yml
@@ -13,6 +13,8 @@
       - inline/l2/teardown
       - security_event_suricata
       - security_event_suricata/teardown
+      - security_event_random_mac
+      - security_event_random_mac/teardown
 
   tasks:
     - name: Run Venom testsuites
diff --git a/t/venom/test_suites/security_event_random_mac/00_setup_network.yml b/t/venom/test_suites/security_event_random_mac/00_setup_network.yml
new file mode 100644
index 000000000000..66c7653ef0b6
--- /dev/null
+++ b/t/venom/test_suites/security_event_random_mac/00_setup_network.yml
@@ -0,0 +1,52 @@
+name: Setup inlinel2 network
+testcases:
+
+  - name: create_two_virtual_ethernet_interfaces
+    steps:
+    - type: exec
+      script: ip link add bridgeinlinel2 type veth peer name inlinel2
+
+  - name: create_tap_interface
+    steps:
+      - type: exec
+        script: ip tuntap add blok-tap1 mode tap
+
+  - name: set_blok-tap1_up
+    steps:
+      - type: exec
+        script: ip link set blok-tap1 up
+
+  - name: create_bridge
+    steps:
+    - type: exec
+      script: ip link add blok-br1 type bridge
+
+  - name: set_bridge_up
+    steps:
+    - type: exec
+      script: ip link set blok-br1 up
+
+  - name: set_blok-vpeer0_up
+    steps:
+    - type: exec
+      script:  ip link set inlinel2 up
+
+  - name: set_bridgeinlinel2_up
+    steps:
+    - type: exec
+      script:  ip link set bridgeinlinel2 up
+ 
+  - name: add_ip_to_inlinel2_interface
+    steps:
+    - type: exec
+      script: 'ip addr add {{.security_event_random_mac.pf_portal}}/24 dev inlinel2'
+
+  - name: add_bridgeinlinel2_in_the_blok-br1_bridge
+    steps:
+    - type: exec
+      script: ip link set bridgeinlinel2 master blok-br1
+
+  - name: add_blok-tap1_in_the_blok-br1_bridge
+    steps:
+    - type: exec
+      script: ip link set blok-tap1 master blok-br1
diff --git a/t/venom/test_suites/security_event_random_mac/05_setup_packetfence.yml b/t/venom/test_suites/security_event_random_mac/05_setup_packetfence.yml
new file mode 100644
index 000000000000..0e6d19976960
--- /dev/null
+++ b/t/venom/test_suites/security_event_random_mac/05_setup_packetfence.yml
@@ -0,0 +1,288 @@
+name: Enable Inline l2 configuration in PacketFence
+testcases:
+- name: get_login_token
+  steps:
+  - type: get_login_token
+
+- name: configure_interface_inlinel2_as_type_inline_l2
+  steps:
+  - type: http
+    method: PATCH
+    url: '{{.pfserver_webadmin_url}}/api/v1/config/interface/inlinel2'
+    ignore_verify_ssl: true
+    body: >-
+     {
+       "id": "inlinel2",
+       "isClone": false,
+       "isNew": false,
+       "prefixRouteName": "",
+       "additional_listening_daemons": [],
+       "coa": null,
+       "dhcpd_enabled": "enabled",
+       "dns": "8.8.8.8",
+       "high_availability": 0,
+       "hwaddr": "92:ed:ee:36:e9:6a",
+       "ifindex": "10",
+       "ipv6_address": null,
+       "ipv6_prefix": null,
+       "is_running": true,
+       "master": null,
+       "name": "inlinel2",
+       "nat_enabled": "enabled",
+       "network": null,
+       "network_iseditable": false,
+       "networks": [],
+       "not_editable": false,
+       "reg_network": null,
+       "split_network": null,
+       "type": "inlinel2",
+       "vip": null,
+       "vlan": null,
+       "ipaddress": "{{.security_event_random_mac.pf_portal}}",
+       "netmask": "255.255.255.0"
+     }
+    headers:
+      "Authorization": "{{.get_login_token.result.token}}"
+      "Content-Type": "application/json"
+    assertions:
+      - result.statuscode ShouldEqual 200
+
+- name: configure_inline_l2_network
+  steps:
+  - type: http
+    method: PATCH
+    url: '{{.pfserver_webadmin_url}}/api/v1/config/l2_network/{{.security_event_random_mac.networks}}'
+    ignore_verify_ssl: true
+    body: >-
+     {
+       "id": "{{.security_event_random_mac.networks}}",
+       "isClone": false,
+       "isNew": false,
+       "algorithm": 1,
+       "description": null,
+       "dhcp_default_lease_time": "30",
+       "dhcp_end": "{{.security_event_random_mac.node.ipaddress}}",
+       "dhcp_max_lease_time": "30",
+       "dhcp_start": "{{.security_event_random_mac.node.ipaddress}}",
+       "dns": "8.8.8.8",
+       "ip_assigned": null,
+       "ip_reserved": null,
+       "netflow_accounting_enabled": "enabled",
+       "netmask": "255.255.255.0",
+       "not_deletable": false,
+       "not_sortable": false,
+       "pool_backend": "memory",
+       "portal_fqdn": null,
+       "type": "inlinel2"
+     }
+    headers:
+      "Authorization": "{{.get_login_token.result.token}}"
+      "Content-Type": "application/json"
+    assertions:
+      - result.statuscode ShouldEqual 200
+
+- name: create_a_user
+  steps:
+  - type: http
+    method: POST
+    url: '{{.pfserver_webadmin_url}}/api/v1/users'
+    ignore_verify_ssl: true
+    body: >-
+     {
+       "valid_from": "2021-12-06 00:00:00",
+       "expiration": null,
+       "actions": [
+         {
+           "type": "set_role",
+           "value": "1"
+         },
+         {
+           "type": "set_access_duration",
+           "value": "1h"
+         }
+       ],
+       "pid_overwrite": 0,
+       "pid": "iastigmate",
+       "email": "iastigmate@test.ca",
+       "sponsor": "",
+       "password": "password",
+       "login_remaining": null,
+       "gender": "",
+       "title": "",
+       "firstname": "Igmout",
+       "lastname": "Astigmate",
+       "nickname": "",
+       "company": "",
+       "telephone": "",
+       "cell_phone": "",
+       "work_phone": "",
+       "address": "",
+       "apartment_number": "",
+       "building_number": "",
+       "room_number": "",
+       "anniversary": "",
+       "birthday": "",
+       "psk": "",
+       "notes": "",
+       "custom_field_1": "",
+       "custom_field_2": "",
+       "custom_field_3": "",
+       "custom_field_4": "",
+       "custom_field_5": "",
+       "custom_field_6": "",
+       "custom_field_7": "",
+       "custom_field_8": "",
+       "custom_field_9": ""
+     }
+    headers:
+      "Authorization": "{{.get_login_token.result.token}}"
+      "Content-Type": "application/json"
+    assertions:
+      - result.statuscode ShouldEqual 201
+
+- name: assign_a_password_to_the_user
+  steps:
+  - type: http
+    method: POST
+    url: '{{.pfserver_webadmin_url}}/api/v1/user/iastigmate/password'
+    ignore_verify_ssl: true
+    body: >-
+     {
+       "quiet": true,
+       "valid_from": "2021-12-06 00:00:00",
+       "expiration": "{{.inline_lx_iastigmate.password.expiration}}",
+       "actions": [
+         {
+           "type": "set_role",
+           "value": "1"
+         },
+         {
+           "type": "set_access_duration",
+           "value": "1h"
+         }
+       ],
+       "pid_overwrite": 0,
+       "pid": "iastigmate",
+       "email": "iastigmate@test.ca",
+       "sponsor": "",
+       "password": "password",
+       "login_remaining": null,
+       "gender": "",
+       "title": "",
+       "firstname": "Igmout",
+       "lastname": "Astigmate",
+       "nickname": "",
+       "company": "",
+       "telephone": "",
+       "cell_phone": "",
+       "work_phone": "",
+       "address": "",
+       "apartment_number": "",
+       "building_number": "",
+       "room_number": "",
+       "anniversary": "",
+       "birthday": "",
+       "psk": "",
+       "notes": "",
+       "custom_field_1": "",
+       "custom_field_2": "",
+       "custom_field_3": "",
+       "custom_field_4": "",
+       "custom_field_5": "",
+       "custom_field_6": "",
+       "custom_field_7": "",
+       "custom_field_8": "",
+       "custom_field_9": "",
+       "access_duration": "1h",
+       "access_level": null,
+       "can_sponsor": null,
+       "category": "1",
+       "unregdate": null
+     }
+    headers:
+      "Authorization": "{{.get_login_token.result.token}}"
+      "Content-Type": "application/json"
+    assertions:
+      - result.statuscode ShouldEqual 201
+
+- name: configure_snat_interface_for_passthroughs
+  steps:
+  - type: http
+    method: PATCH
+    url: '{{.pfserver_webadmin_url}}/api/v1/config/base/network'
+    ignore_verify_ssl: true
+    body: >-
+      {
+        "interfaceSNAT":"eth0"
+      }
+    headers:
+      "Authorization": "{{.get_login_token.result.token}}"
+      "Content-Type": "application/json"
+    assertions:
+      - result.statuscode ShouldEqual 200
+      - result.bodyjson.message ShouldEqual "Settings updated"
+
+- name: configure_snat_interface_for_inline
+  steps:
+  - type: http
+    method: PATCH
+    url: '{{.pfserver_webadmin_url}}/api/v1/config/base/inline'
+    ignore_verify_ssl: true
+    body: >-
+     {
+       "id": "inline",
+       "interfaceSNAT": "eth0"
+     }
+    headers:
+      "Authorization": "{{.get_login_token.result.token}}"
+      "Content-Type": "application/json"
+    assertions:
+      - result.statuscode ShouldEqual 200
+
+- name: restart_iptables
+  steps:
+  - type: systemctl_service_restart
+    service: packetfence-iptables
+    time_to_sleep: 5
+
+- name: restart_pfdns_service
+  steps:
+  - type: systemctl_service_restart
+    service: packetfence-pfdns
+    time_to_sleep: 5
+
+- name: restart_pfdhcp_service
+  steps:
+  - type: systemctl_service_restart
+    service: packetfence-pfdhcp
+    time_to_sleep: 5
+
+- name: restart_haproxy-portal_service
+  steps:
+  - type: systemctl_service_restart
+    service: packetfence-haproxy-portal
+    time_to_sleep: 5
+
+- name: restart_keepalived_service
+  steps:
+  - type: systemctl_service_restart
+    service: packetfence-keepalived
+    time_to_sleep: 5
+
+- name: restart_pfdhcplistener_service
+  steps:
+  - type: systemctl_service_restart
+    service: packetfence-pfdhcplistener
+    time_to_sleep: 5
+
+- name: restart_pfacct_service
+  steps:
+  - type: systemctl_service_restart
+    service: packetfence-pfacct
+    time_to_sleep: 5
+
+- name: restart_pfqueue_service
+  steps:
+  - type: systemctl_service_restart
+    service: packetfence-pfqueue
+    time_to_sleep: 5
diff --git a/t/venom/test_suites/security_event_random_mac/07_prepare_security_event_random_mac.yml b/t/venom/test_suites/security_event_random_mac/07_prepare_security_event_random_mac.yml
new file mode 100644
index 000000000000..282eebdee093
--- /dev/null
+++ b/t/venom/test_suites/security_event_random_mac/07_prepare_security_event_random_mac.yml
@@ -0,0 +1,24 @@
+name: Set Random Mac Security event
+testcases:
+- name: enable_security_event
+  steps:
+  - type: pf_api_action
+    method: PATCH
+    url: 'config/security_event/{{.security_event_random_mac.event.id}}'
+    body: '{"id":"{{.security_event_random_mac.event.id}}","enabled":"Y","quiet":true}'
+
+# restart pfqueue et pf detect
+- name: restart_service_pfqueue
+  steps:
+  - type: systemctl_service_restart 
+    service: packetfence-pfqueue
+
+- name: restart_service_pfdetect
+  steps:
+  - type: systemctl_service_restart 
+    service: packetfence-pfdetect
+
+- name: clear_fingerbank_cache
+  steps:
+  - type: pfcmd_run_command 
+    script: 'cache fingerbank clear'
diff --git a/t/venom/test_suites/security_event_random_mac/10_client_start.yml b/t/venom/test_suites/security_event_random_mac/10_client_start.yml
new file mode 100644
index 000000000000..08202b9670ed
--- /dev/null
+++ b/t/venom/test_suites/security_event_random_mac/10_client_start.yml
@@ -0,0 +1,37 @@
+name: Start client
+testcases:
+  - name: download_ulinux
+    steps:
+    - type: exec
+      script: wget http://inverse.ca/downloads/PacketFence/LiveCD/ulinux.qcow2 -O /tmp/ulinux.qcow2
+
+  - name: install_systemd_script
+    steps:
+      - type: exec
+        script: |
+          cat > /lib/systemd/system/ulinux.service << EOF
+          [Unit]
+          Description=QEMU virtual machine
+
+          [Service]
+          ExecStart= /usr/bin/qemu-system-x86_64 -boot d -hda /tmp/ulinux.qcow2 -m 128M -device "virtio-net-pci,netdev=network0,mac={{.security_event_random_mac.node.macaddress}}" -netdev tap,id=network0,ifname=blok-tap1,script=no,downscript=no -nographic -serial telnet:localhost:4321,server,nowait
+          ExecStop=pkill -f qemu
+          ExecStop=/usr/bin/bash -c 'while nc localhost 7100; do sleep 1; done'
+
+          [Install]
+          WantedBy=multi-user.target
+          EOF
+
+  - name: systemctl_daemon-reload
+    steps:
+      - type: exec
+        script: systemctl daemon-reload
+
+  - name: start_the_client
+    steps:
+      - type: exec
+        script: systemctl start ulinux
+      
+      # let ulinux start
+      - type: exec
+        script: sleep 30
diff --git a/t/venom/test_suites/security_event_random_mac/30_tests.yml b/t/venom/test_suites/security_event_random_mac/30_tests.yml
new file mode 100644
index 000000000000..a27ef46d3162
--- /dev/null
+++ b/t/venom/test_suites/security_event_random_mac/30_tests.yml
@@ -0,0 +1,53 @@
+name: Test inline l2 violation
+testcases:
+- name: get_login_token
+  steps:
+  - type: get_login_token
+
+- name: test_if_the_device_is_in_the_isolation_ipset
+  steps:
+  - type: exec
+    script: 'ipset test pfsession_Isol_{{.security_event_random_mac.networks}} {{.security_event_random_mac.node.ipaddress}}'
+    delay: 5
+    retry: 14
+
+- name: get_security_event_id
+  steps: 
+  - type: pf_api_node_security_events
+    id: "{{.security_event_random_mac.node.macaddress}}"
+    vars:
+      all_events:
+        from: result.pf_api_node_security_event_
+
+- name: get_event_id
+  steps: 
+  - type:
+    script: echo '{{.get_security_event_id.all_events}}' | jq '.[] | if (.security_event_id == {{.security_event_random_mac.event.id}} and .status == "open") then .id else false end ' | grep -v "false"
+    vars:
+      event_id:
+        from: result.systemout
+
+- name: release_violation_on_the_node
+  steps:
+  - type: http
+    method: PUT
+    url: '{{.pfserver_webadmin_url}}/api/v1/node/{{.security_event_random_mac.node.macaddress}}/close_security_event'
+    ignore_verify_ssl: true
+    body: >-
+     {
+       "security_event_id": "{{.get_event_id.event_id}}",
+       "mac": "{{.security_event_random_mac.node.macaddress}}"
+     }
+    headers:
+      "Authorization": "{{.get_login_token.result.token}}"
+      "Content-Type": "application/json"
+    assertions:
+      - result.statuscode ShouldEqual 200
+
+
+- name: test_if_the_device_is_back_in_the_register_ipset
+  steps:
+  - type: exec
+    script: 'ipset test pfsession_Unreg_{{.security_event_random_mac.networks}} {{.security_event_random_mac.node.ipaddress}}'
+    delay: 10
+    retry: 15
diff --git a/t/venom/test_suites/security_event_random_mac/Diagram.png b/t/venom/test_suites/security_event_random_mac/Diagram.png
new file mode 100644
index 0000000000000000000000000000000000000000..f67e372bf8bfc9e3bed55acc390338787cae44ef
GIT binary patch
literal 24599
zcmZU)1z1#3_b&{Hf;1>4U83aB3>`yv3=GZC%rMlz&>@XTN{L8`NSB1PgtVX_T`DEr
zUHACD|L?o^K6jqy)IMj|+I!V+t%=puRv{*MLV$&ZMXaU@(Z|BVNyfs$=E8pflxU3*
z{sJ!8Xnhq0tjZDk4d4OSQC>?P3#%rP@EU#}cz)=vYJ$eXBI)^eV5f1D&|zWWoqH+4
zyimRl&Mx*?972l!z2guBIk};|ID{Y^f`V{&cRo93xT7Z=h30d$_X3K5_b4|zX9s6{
zyZ?S82oe<F6%gbV5HS=4aR|wa{O2UZ2ND-G{qOg1M|;=*X;6d@1T^qW3vTP|>g9%Z
z;t)~*p4D8v>|KB>Pz;=P41g01I0Qge0wPvo&w*QccXt<iV|yD7XJ8D<B0^$(LZU$N
zGYwTkElmzVMd04W8EFq(RP1e$ZvUz%I(fRGfD&aem=DA!EG8=YpS}&?4scKB|D%zA
zGqU%BJN|bzo?-}pM+Y4>bz`)uj<ARc%*a*wzq7#Dd!n7)T>tx-fCwL$4;aC}%3gl%
z_Wvz)baQib0lF0A5K;mN`ahHdK5>NuBl!<Sbpc}V3jDXC^Z!uL#=#yeU?V2ND`F>T
z%PS}f2l0Y!1?+eQgv3Pz#Kpm)Vq)U|ZB)z%VQS-r7FN~;!F9z=9QBPcz9t-k3PMUq
zA2mBQB}GLqSEPo98p_z%NXJ=ES;tohF75#JP&f8NiRpQum9%tRMSc8iF<@6$Eg^rf
zyr`}N$i-GuObjJ%ujH@qqvtAU<7Ve=A`DVe(gee`Ttq;g&I$s;E(Y=j+Wv5TV{xT_
zv{UlaQqp(v)I%xwiYocRTn)7~#5IL|g<ag0)xaoy6Gc@qv?18bPXHk<;Om3(RZtVx
zH}$juDGCd@_#+*i<aLDPb>XV&{!Tu2-YO=JzS>H_ER<~g)%;bFrv4yD0i?IOsEWU?
z09s4SS69eXNmNBtMZitn-`ECb01|QY@w79An}Cf){Y_x{B4`gqQ(ZMLU>7L+r~wVx
zD*4HyMHTfSPPUpTaYrpDdqWWcH(hmQQx7dWAwLacX91+2i=i&u84gjiSMoG<gL(S9
zBHY{s)X*4bh?9q!tDuo0%E(98NC$*a01FF<3OH!Pj77xMAy8p=kf^_ip^|}?mY~0q
zle4Ctwu6wUr#cEEudAWxZUpw$6o-j;fJML<4`(rdAy0i(U3YIy8%Hq8UdL0&)78e_
zPf^hwsb^qfVj!sRCTQSg<S8nmrRS_>12fhJR$5tC8#p2D9e}f-urd_5IJjZZ7(rhM
zP^6#)7r-dU>w6oj>H4^tsQY<3su_W8^-aZ$^pw<0Tpa8L9h@D7G?9X)_GqB0fdW*>
z$W_7DS<_AhW1s@_LK`SMVW5UW@}4>#2Bw~h`cRCmtsO*I(@V@2<AK2lV7!bWo-hF;
zH=wqTxRHy#0a#vBOdkw$fr&!V%0il|N+Kdoc3yTGMt(-72FAYfHr{sP!U!KBe_at3
zcZiRTzqhiYI6@5LAZ~~TXyERH0>*9XDvSZ94s%0jYWgUH5QdIGAyh-b$pHg&q~>mF
zVj?DjQba=h+?+v<I!HHL4KI*@jjE%agNr*%N!`^~9<AuDr0$`vpd{?>VIW{Hsw-sd
z>Z|Fb=LT_6ad1Iu%iEjU0@6cS<KHf@5f%4Fx`PZ<J#A2;BBm;UoKQAavez;aQ}ROD
zxf^<m`@6fU+Il<b`no8=Q3!n(ZLmDZ8R>4M<F4Z^;;JJL*D?}SN9yQ<l%YQU-WWqM
z7e^mE6CqVqLw7$9PZ$OUF;aB|m|0oL!5yxRfSM?v5GrsbxPhw?%FD@FALgn0k2~E^
z9s-JPMjq-mwmPm_Zu$;d0yegy0s<~3PRdGfBuof`_BB9*p{7QHx+0DWE^2UJ5o2wn
zk1iO2*7noz5zzKT2<QO~!PJGcVcHn5k(h?3yg16k1p(CpdN=eC_cBmZca!%4q`sQ4
zp0kpPyuKn>6Yc1w0TMP+aWU0H!vQ&~tfcKIj*<s%ypT#Dc`t2e1r1Xt8+DMDIv`aQ
zRGb}D!3bMDk$?BvdMd^yezqzq2w_igR}C#CVGRuxc`vlLr>B;uqK6|0V+;^a)f9%*
zvbA$@b5(#k!rgR*#bItHJ}_N%gp$3VjlP$Ss;I4lx~-EKup&Tr%KAonu3|7nB^zZ;
zS7UcAJri#QZCzuCua7>;AA~jqsSDaFIVqU9D0&;II*Vull2=(%(Lml*1SW!1MfiDm
zxVQ=#nu6gFw7;L8xSFZGfx8eCEa2qghSqmh1XPQHlA)%kzM#0bHwx)!1622MH1u-O
z1NN3K+&~|!qi5=-DvI$E@U^is0h!pKVEQ(|)>L-(H?a3L5fSn**4Og0^99*yDQSry
zz($%#uz|9tfT6FEmba0OgR+RYu+l$CW$!IuBW|zarsn|2G&MzG7|2xK7~^UTj6hjf
z#YtC0%@nC7<_hRPWgjsVLQfc_?q&~$qScWQl!>|m!pGD=UrgUX+0akj(MjXq#)SAQ
z+W9G~z(hptP2Alv@-QKNm;%DrPY+NMf&d*9+`Y7w|7~qYCnZ2tDl3@?dIK5;<7g=2
zpy2_iA!Si@W3USt_|nf-#2bTF1r!ia`v2*m|0pEj`G1tWkWv{nZY>s;aj_ai-q6=_
zX93UG5PJDwpHy{^{RP%T4rY1(v`SS2GNYQxw({oF-R50W<C{6U%1S=b9!n!VdH=n(
zGYTA*c=p1xh`UzDT`kwBH+E0oywOZKYaEqoLOTiyy|EvDyO(|Rj>=Ip!rZ|}zlc3&
z<aJ%Pg4#FU)Pga=9jZh2YcgS+**mpc8A}SvZGJtLTZ#n<)k`mYu_ZYO#PuuL22R`=
z$Kd?J!&>Xnhv3Yt5AQfwjbq{nUaPf94srxZ4n?4C>pnpsD+r=w?K+O%sjU(rW!JUR
zmXd5^eC%?UUm?Y%YKHEixaYpkjbwTjk5g0C5Uwu@*B%d!yrxY_vB+Cs^}Gm$`FV~p
z)6O@=W1?bW%p+OG)N*dU-xDPL+S}nE)%nZ$+TSNdZ(+6s4Ow}DOf2kgmF`<z_$v89
z_bp!-^Tn9G;)DP>dD8<$JLxpz>|`?;E7m2HOnIfOaAocW^|YMxqwT87N67)%gS^5w
zER9-4{0k+ORsoCP!><*~AD}~2n-b*YU}~T`vs{87vY}iyi!1+D=I|?O*&eYpGFt)p
zNw&7Dp7d5LWZIrOy??(_ul7%kGf@fz!uN&Dgj6iJ0oFd}1-tBn43^LJs<~BCa2(<X
zqzG!sdzNggYGxp#v)QZ`WaL{SV`8#Dd^k;`j{qm(Cl$*H%2D`H1u`Bq^{hWK(AxLo
zU}asmi7CGqL@7GljFP&?o{ZPEPGO*lm1`X68XME^N5i@$N16nK2t}fqW2LCpo-LyZ
zF4xn6X2V&=<m1jbOJ$Ormcyabkd>Kz@Yi+9Tr(G3U@b>F$u^kFuW^rG*wHbujz*6@
zm#GSUR~Qr152j&d5Dq!>IPvz})86DJ_mdI6#dA?o|5t}fmSj3e(BMJqad;geaZ-=5
z+vJESQ`5!Q!;R6opB`Rw)=igx7B{E$tgf3awAUZ2#Zj@IS;-D>NMCbl-W4w0`M<w>
z@??d((PDSj8E?ejs=wamRz^eLlfdpuXiAldFN%$|RLqE#!CjDBCuoP7A-`Qz%<n#j
zC$o%&MZ>n%<cNf8*+#$t%~fKNhO<c%X3}qPXtclm{l}kZmpS9JDQAAiHvSP^JrCua
zppZA$M++Q+0RzE1JlLnz(LLj9qrkS9AXO~9r;jF>m?|b4iDVzG^V3Pm9vsdXFA6D(
zEdkG(;M}0!76m25#uNtwq)5sti|qe}b&}Tq$XZ7Iu*Cer??C1aIH2W%{hiX?{AR8#
zD{CoJlq%li^z@P{Y#GZ<Zau}TUvu%EdxYqfNK)hef_jw*gKX5eY@^cbdS*<_W;9Dm
z_5(r_^ZSYOu;pa#rHnrm4_H}Q5i}J!Vm}f}sJKZu2404%2|le1Zx$AV$<^9?Y8uVS
zt;*1(`2n5WQ%z-}+D>Pp-cGj4U`&cck_?^RJg4}($F?(vTXtod)p1#!YMdE9QTSs$
z#+Z96WQbn9KecLo*RZ>;gJ+RHq+E)fyOA9r+6DzV74z@>$@L-|kAYTb^iKh!U>%u`
z7Kw(4zB|MS$xOA7o<(4r*-YR!5s%5M!x><WM;kq+)M#h<m8%`3g<5n)ceGQKkcoqv
zsJ;p0?iAbLHStr1*#{ct8Tho*pW2$O_4E+R?adV^-#nrnx{8E>;|q}>%mHnC^_$?}
z*qH42G}Y4AT?P6V9kkrg7Dn8+T{dW?^15<`1Ww1HK3P=B(WZ6JP%hPOT4M){`zj$j
zCA-x|L^F;s!DF}L4HEjfyzIPZ{BSp8>nDMS`Irv1>K=L)(Ku-lv`Agf-iPcQjV4%L
z?{Injv4}s}?QWXG?DT2L5mHlrtQZ{)0$1sHt#XJK)nf?B$&--+5dC+lsp%Rv>Jyt*
zhL3o;UlLBz8<j;eoUB$!+6`R3pA{iz+B4$f`5k7<u!a?Ua;3eKbwiO-yP{=)uk@8-
zHUe)@$S1MnblQ8h{A_igk-F?9JJ9e)o0vig<d1^LY}wDBTKB(*Uz{0a6c5SnN_Cjh
zTz&0C!2OM0l+Wqam*Gd*F8O(;Ncr_Sd3PQpEkYHOi-+wq+xsjz4bUs!MtSe8+}D1X
zB;nY~e`&7L+OBs`a)8+2YJl>Q|KMNw`RB1QF;e#w*(V<2{2(NKmA3WqI8C&o%#_g^
z!BpCnLxR3c$PurwC|k(r*!i9Sk!T=<wtTDWnG}6OzZAU69GgJ!V<aX}q^})er|zHA
zdO3i2&RwNDCE!SgJvKMwhdpMp7uQjhA?4c*^80;T<GGxBS+XzgVJAlU^k2`|K+mxq
zxs8x0lf8`CNH*AcL7c2}NQ|cH;A8@%vbi_|<JC|`-1wE#!C9ptANy=b$jFE=NyqGA
z66d(*>f5FkMC-OxQt85#3m_USgS-lkw<ncblmT@D$hiTI<|kCXg>P`Or9nL|E+*m7
zzJ{K!$_SOU{H3hfzt*3xKHOCr#+fm5vGzY^?t@jxF@kfRmo>2e^qr~Z)@x~8-VU;I
zseo~^vK~IZ)>7j8A@Ng3QZQOPpwPi^$Ju<2UWv#(AOL!Eq%}S}3sZ0p+<2dc=p_8*
zk=sm2*&lWB(JJE%kk|c>1RyCIhN;HT2WAa*d$}gT@DhyO?jDSe$NI+x%a1HpMej#v
z;{mFs;~xXenlPTZPxz_hw~H3$JiPs^VgNdkhr}go*sW4ItFY?*ele@}tzgbb<ToEz
z4FiGq<-V{rC0a`%EU=zUkHvE%%6G@q+sRsHt(8y2@;joqa`UjAjGWw$HA>Yp_Hp-j
zufEfKpoQvZA3hkpfY=^vx7v8S5O-y^>j<~wmAyfAs&5!G=IEk6(rmMjlLgUi{qO3{
zD+WyyPh2Hy<J6sWC$c+dG+fT~uP3UvG+^!%XRxk$m17skcSzj3NfxLXhmA_+LiAW2
zveG#BKU5e80o?KzDyNY-b^iP8Z9Q^rqQ5sdw*F##T6{;<u6yLQ=L)0<Q$a9-0vVF?
z)A>|l426R9v_f+mG0H2lODNCcM0=F^$$w_^BucgP(Kh_1QH*-f=Lj>jS<yGaC-gV}
zeAI`!Eaz3T89!4o!;B;3E+MV$F?oM=%kUH$GdS5cuo;FT@z5qkW)j9)ptdRh?p1^p
zwqMdE9!*jsp=sY~f%d1v)HnBrNDVD9jH*9e1@=a4TjS@RQIIDK{p0sl%GCasT78E7
zZ%?*JCKP{sR=?bg3z#aI#VmQRL*FjPfKCr|%zoaVqu<okYdxDiszaW3|Dh#9Z5{Fd
z$fb~+5ieU!C|jgPQdLUx0HW2<FILuM!k6JlIll3xVLSAnWYN0;cFe*nUgyA|*3xhM
z!U~@Q{+#|0bcK~;iX?22jLYd!5<H=PJ2kPT3kke8e+pJ6R5(>z`k8k$DVG(W<PPDF
z9{lBH<8o8!5Af^ds*$0w5L$2JpT&lS%s6@!Y9%pd0qmEZ|CQG4_2<7l{KE^tF~c*e
zP0Ko}%~0?TwOGw`a<Jk8{i;a!F2`c7SUvYsDqt5atC^%xHcbBoZTw^zu9Qh39+=o8
z1e4@i1V-fw1z~apf};K@L0D{|zdQ#Snu0TT$wHZUd*wJUqB;gTT)YU#K^@YhUz`6n
zL~*_Vgn}H9cHK0rz-VIn;Y7(0;I{&bQU#P7t0#>jAPWJr>J>{0@H&RRmrU*7dlK6i
z_J8lA|KI8>RJk{;T8lTHZLMb$51cjM)@P)q4;@!cmQCGG>`B%Gb|$2UOwF|hWmQWb
zqmvP&qBHP@;H;;=(V;R;#p-PpU)&_aj}eKY&xM+&Oj^cOK|?w0J3PQ3fR%rpmi~r6
z@~i!(r$mdcqz2H`$d~_rM1@bcewZl_K59%f%Fy7886N>=mMjG9_;B<D(LiyGTx>jv
zK}H@H(~irxeN(QHpLdi{ap%R4LYDs&33r{iZ2^M;uVrS7iDl*|lbm;gkeqiC5J`<w
z-(PpPNwtRr-q)Su2J9?gv$ZOT!ghysDz%|>UUoqqxv1j}=8)#<=;quHk;ug2NU-}v
zk0k{IWx<-{E;zf0s>9BKS{>jabD7`fu^{QmloJ*E#tqR-(OvV6c@|9uvo70fP)H-7
z@(mMTBt|qEYdF&}KI_KwO1<NqFWX&TU*_180;@5YeFDrLo;ezRK(S1O(eIy~q{z2P
z6!*<iy9MtU^!2DUCj8!<)^B<qc-!pNap?#8_$V>_tjIg2!z<pIcS>i2JGiKiz3=y@
zxY2!d(de#F(J1JjZN;6ug2}zB)v~<vs^6B%EX85Z^Njv}+&8Fr*t?D_tQ)2mkH>85
z==~<h`1vZ3l7cD3_C?@jM@6l}oChVSaa$`T^*GQwM5;abZpFZFGy6k$pWq6hNe3<&
zVpEc#c{uF9E_8}kjUM!8G5>A5`}W{O0?=s|w9MGplvO(!99LXcfc{RvAiX*DYbTH<
zb_7G>lT3Jf#FleK3!JO5jZ}lXifh)I5XjFYK&R~J){NIX{ZI&OHFKUCChKvyX|`x_
zSokRGmX@oDT_w}qiyyl;Z2Hk(epB~_%Ol2TEb{G}^)t&m{F4JY-D_NI#ifWXEN5!k
z!qSY>FGxRtJqNg-=}jF-H2aWbkl#qE1D4PM!v40Hbw2p~=IL`DF6b1%9#04q*+uYi
z3p<u%Ol5o>UTWU;+4&v0QI~xGFjp(q)SFir-6t2q1lUmT%!NuCH^x+yNjKT`l3#2#
z%;tF(D>?=I?freYD9fKrz01U1B`xvexcTY81oheEE}Q}90ATi=tp0v%hSen<3s!y^
zkakYXnS#jmO`_yz#=dUI4&!9d;W*Wf>dJg&^5Nw&bxEYWnAM~eW0PM*>*Zfu5q6UE
znU1XP-gSUZ)&J<k*b2`iP_-!NhE$!f5Xqp=G6zf9qtezZWXcmN<kR*K52T^z*IN^c
zcH7@!;~(PYLG`&=W+rq*@tnDX6P2-2D1X-oF*dg<BTvg*l39_hc7cedqf5w;R>o;Y
zIu+%x_KxBQ#X0Mp*%{GYiRaHZ)_!A#g95)C-@=SQ2e<PfH@d)#D#J@=0ru7FwvJ(M
z+#)xVF5dtVy<#pBGCJp3kU)i+3zxpdeDg3n<3Osgwv9R)n5?2B7W?VR5O-2dYo#A}
zdw&P<5Y!UoO9W*yfXY$yQJe+M&-wV$!@_WOo{)pXSW={3);x(x8*BKB#@*r?(2b;@
z6;qb<)a)AI*->TZnbv_4ZYfkL;80P)T?;ETT-*Id*x5foZ-^iX3hrG@veBe-mFL~(
z2g|GDI<oaww+*RjX(fBI?!Q8tZ<iBg2XpVP9h){w%T_|}u5uq!<=ps%++M7&PMWz*
zRL-0Z@ptqmvn9BpUgnl*y%jy2Ft&1bjOiyQN?y@pB|_t&k6zZZt!s>ymrBvB+emc5
zo}(BxKQe&%xIb=YaN=+nIm|WFNP4bP8{JoDRk^sh7<fs^U8oqH_0a|Eb^+{pm-VY=
zZR8#IlsP)Sr>CcXHN%QeN9rJ=^>|EUR=RZFbBOnF<+ToC%0+Q{zPTQe@TrZAG1q_d
z`NfviUFka(RuvE=MMXe#s&~JkEHxEMe1C2(W<KRW08#d;0LNh9PahX|)#V$3kXmHl
zB*p?^R<3CHdTdPJ?{ecKhmerL?bXuV;HOa;Zm|Wg*AOM80geoF){ojyZ+fhNJu7|v
zf-tK_*9E)%U!8{wK1(G>%5l{E=>dCf#*6-2yiLEO=vIEHFs13pTtHgt2gg2WK+`C8
zKQEJ9{0b+v+n%o31T*>m!hX)rpW&F}r;OR1FJZiwh}^pHSjtz79$e22;cE*xOYdU}
zF;C~W;uCThPRb3rH4zjPT&Zl?)lZc6KmLoTa-6EP*fdvFjWPFG@J^eUPECCb)%tp7
z?)5{d7Bwg8om1Qd?7l=#iN1L;3We}3%Z0LdkKgL)zrhSI7(BdYnnaAX;wd3Ry#C*r
zEzZ`}f>zub<7>CZ+T(Y=N<ix6i%shhX-|~3)zwp|tpfF$efBEDX484iR=P=Lf9^Uv
z?A?&_2^ikYBC7@zNu>)FsJpU$yz^Ones|s{TZd%bnyShWu<do4Dy5eVZuLA5xVyda
zyt_FY+G$*>Y(Kj>TQaU%@1=7~t+Z$<?V|@-hkje{b95gs(%PgCTRNGt;&1amNkLY%
z8AXvY@!efcb=ZyONORRK2AwTz9_*v3C@BXb9zH5mNn|Vy%gW8=uWG+6^>5YSZ!^@+
zmEpAtxv3{84}U<MQeIx_%m>k8P-OReY|FMw!bham8;Zzg+Q451otKPXq)8r%m!f<p
z5Qp8Ig7s{yXA*bUM^LP8dL>*D>DC#Wom)yuO0HIxq~F)y#FolS(~6I2Sz6)GBsn=%
zpfm#I*ZbY1$i~^IJ|(A~pi#*^DJVJQGa&&%N{)1Zy05Qq#pvB)z+TBz{1<9+a+dX+
zfXXKYxuU47;cT#hG#^)5=&xp%89_A-jn@FHEp0mH$OJWKsl@(9N9Y?0k_%b|U)Vd(
zHB|7J)Ix&z_0WLwXS{bqn&Bo<WbtT&!Zzrwf}@;}`@&)T!R(J2#HRfspWtWD%qLYr
z2hHyR&8Qt*GfVIzJrk2Zo7_K7iT9zudO4ogo46d(V0~^({p1P4J3lVD{>s*unrwc5
z=F2L;+o?Z)elpXC|D{gT3|we*%Y8);)^GXRp#4t5S)~An&B%yu=IFXRig-Ms6ggA-
z!Q5{(4YA9~^-97}arw_5cIGeFORuJ<VL-9*%3r;sb%v<}sq^3nts!SDh!(9Pd(%6Q
z#rGuZ4kL?}O%qI)N(r=MN(?Ps=kS`@WWUDD3A04xRH=19XGl=BW(!7C_?ZgYgW<IG
z7C<z>X>a&H*suNrTH0@HGo&s~ZNMm)l&$k-q(|D3?2m@^cl?tx=EC8j7t3MNhkubr
z^+J%5AEnTfckdClJGc0+_vhR?O5j%Jy5Fuk?yh9LEu-PKL{_$ze|qETpd#NHEiFa%
zu<S>V*!E4jbfv@A?^B!Stp&1*KfrsdqCmz>$|zNAlyNWWvtHWIT*6Lh2%q6oa!70z
zA>imp;^yfD&vFfk_Lkk`)l?mik7tzHE<mYI^jW?^zn4)2QF~jB&OEOQt~CwL>@ah<
z{;ZS}=vWiDztcM?lhj}iu5qltFE@R5IdhgV5Y9jP+NZ;upIeO6FqhO>Nj0x(!^0oY
z{$=gCzR2Xj(<9M(S#g}*ax0&HLZ(Vkn-8JgM$|bX&Lc)j$=W(E%PQu#GmkqMvz_^5
z^D7Q58_`4CTUM@Mnv`B$Ukful>@JS3+_q7-hjCH0pFTljAmZ15;`rIc#EgkY6Q78v
z-yckry@l0-yUcZmvA?>D=Z(d#_f?BUb?L>kBl!O5+V9T-h8Ecktmoc`jdh8rltMQj
zWY1}jFwL8^tVuL#(dqJHJ!Q9l6SgBT)4*?1i~bgeLYT4a?yXl~W=l#`*q^+iqwYLE
z&$j5K72`2dCN6(c+PyEXAaaVQ^2MTYIbs(6u|ZCK<ry*!{AIs<#5Z?#H!*DvIaQf9
zSz%Vz6p3%txPW=vOuT>NL>ZwZP%O7eEuCs2*iK@`*M4qOPxF8fvF#VkX5L38O0|`@
zqYHy&n*NaXJG5*1^O9RL*O;mPC4Jcdxjs4bkCbPEg8B=4ZXs81&o3_rf0h_bw5kTl
zaOk1GcO7fQcBE||cg=r0?8^RjxSh&!xc!r5)}*#Coc}Jri>*gFTCFu-uaV@%&g?*t
z%Y*-z_1%5n2z7Sb9b%5fBEMy6-XYqyWwR<1?mWMKLA3n-3p&2ObVRaO{o4M$+}S44
zPx&Zd&|v)Aqt%+1mld3RMt$iZqBfgx0kEBa5McQl&gCWSC_s;nS=uD~>2j-*-*al0
zUD=GfyIeRChy4KnsEP)T_vEGzPXHjIH)l#Ih~w)2GI^UwqJs5IdcvrA@;vYiS@o29
zKmiuHOo=Z_*-cM>8MBqX6n|jIqF3Rv)ZW%y*$u)32DU;}RLXv-+eIu9I~OepIn!RG
zWF<R_j~J)zPUhcIF#f4(w;6x=-P)>t|C36FYDPjYm=HiLX;|Ok#cBP~%I5-0>jVaw
z4uIcvP2jxF+6u0GoeX8Z(tPm<P153p|9U!ea;!9+tB~#X_LOztN7l!Vs}=U~QS+mD
zzQAYWT6Z<z<P^5ZuOBvL1$Sm~HMYp6>ZK8zfYa7*QSH$KnAwQOYIklOY@jfaLLEHl
zb@5gd&F+`qE(o$rycqRA0IJwOonKRmn9{|jVC}-OJI>P<g!>v(I=!Q1K4SnwFPO-$
z?M=)=ait{JTu3%2EQ!(YH~X<R=&#G(#F%r)9MlC0`DC<8*?!=Gq0h^)HrB`W3rw$6
zM@O*7I7M}B=C0J<g4`bNS1|VJ*7S&e<`1q@;FVZFPYbQj)>3R>8L<vz8OvC5z>7k~
z%H3Xh?UHf*E|Pmm7Q=E_Kd0Tl{o#sxT~M3h5vPGBwWn+wMeHb_OgG@&)t>b~H)*_y
za9Mm^_)Y+cBzR>}5Xd3iuVIQ8prIPN!-vmd@5o+NZ9eu%ePw?@L2a;D<{QC%lE;!!
zC+N|~<N+XvL?}y2x!=mfh2sgP$1Z3nF&#j|S}%IOj*azp;d=4{o~~zPF7?i9rL6>~
zsbPtRleAp{?6LZw1(hTU9m*kcgG{MxL#NB2f_K8SvaMyC)_)#~XYXL$ZgK{gJm}wj
z*S*?w)eFP`$VJFuJTLPdY(u3uXRV%+5@y7W5>^?9Mr4Y%3p&VUntKG(Z7lJsn$`>6
z-O6n>`Z!b^#b|K?i@3RQOBYoNC;|&sLvE(>>h1(_>6Qk)iU7uT=g(69L#hvn4=38g
z`_b^+4Ln9)xfX}01(V(8ExtFx&M8uWhE7RN&R<|Htsprq=oJm0_GvD9=UP2`k)pw;
z$Net;JN<POovUu+&EXJ#T1W&3C+CplUhDgj_dz6=GN$1cHjF{XdbEIHGJ9Cvz)Sao
z=Nd4BCn}+xN7f-O0gO6#O(lMV!+fd6vL+mKn5U&%J8Xe=vwu~azCXS!V0(A9bUE2+
z>ABd{DLC+0(}M^v(Y}9a$&|gX+)KiPlf+T-*Vm@Et5)<QPZ6o&*%qIAdLWc*-ye~;
zQT!m)i@quOK~FDF{;mE80bU#9`e<&|B^#@I{wUjNVf*PUa&$KTK|cAF@o1Ka1{JR<
zyNQWOnq)hVWh?B&_Ih3RuH-bQw|%<f_Ok31gQO8(^Iz5p(e=x%stmXG3*{Y|a1;e^
zfC>qt6s-P4epGqeIsR8{UR(uvy!%|(eZrsUo149m3}dSxXp55J731~1(@eN@Ez)1A
z?s#LizHIiJGHIsSDSL_QquntXLDdImyLlFDJ__yuJL40xBIE1tZ9`xEWni^5{qTK)
z3MIq)uw>1$*Zn57-F2hFh4?=LAodA=RDTvPV6Zq0XXb}J!C3!LWLKcWVO20vRaLbQ
zRbc8pTMDt-Av)^BV=BJ-vqi|?>ON^XGtIT1tiqT){!u5FlC?%-81O1AOm2F11*cga
zTp`%xD$N?TcNE@tkVvK17{6Z}I#?NaJ(jPCS0BmJ4n!3fUz@qLL0d9tE%~#u-_O2$
zu+mEw%e6UW6~fB|taf~2w7cK$Nb1r#%=UD?!b+d4YjVX^O1+9_uDtZz&^u$&$;xC&
z>pqZ+beUw8O7*d9-wm&C1LI&?1zy>$Q`64j3&Fa*nYJX0`0g19q%g|0<L)+~{wPk*
zGUtMt5@U}Y!SyA0%xBT><Lrh~WAKfCJ!b<4E}xWWX?A*p+fwC|!1o2Q>W&^BHM8~)
zpq;UgI7@HpYY2%Io;EPoxtubPkuf7D%k@UFqe&R_&8ST0u-9*|_Kd5#XOWN-^lY7T
zy$oZR<NC-u=vPYJ7m(27Gw0{wf5PT5okzd@4z5=ir@sx;F!vpkB9pKlhBxC4rP-E>
zW}jbYph{z#TK>US$y#hG35MOnI?^Yp1hJ!1N3SFj2kojX+kPg1z+kXvAA?V^beRA>
ziXYbyx2}&dKvVe@O@0{L8ix%&Z4?o00S-e{+5zPpn`u|2uy1^5z6Wm4bAuw)j^LZ0
z;DEd=iGWj=`XC#v#OPe6qvwEuw4pdH-GW<ewY}T?>*C8h#lPQZFQrG$YY;E{IJ&z&
z1ib3NRKV*<4pZnjvwRH0rew`{?Po{acf0-}T%vHg&QX~wO<rI5@7;kAA~9PTX6sB^
z#nJO-x25($EC*5|;(KeltcAgc1DuFE#Bj)b6Z&K8;UG8HJWHX?XNEX9W^b{gy$?ST
zy%cm-GRUF8)80ppUyL7nNfkZGNGjA(eU2CByg!TCnf(y8n)tP^Y%jkEb(ygRVA>OX
zB-)lz2F6a7GWL)Ni4lIDH2#pK{Dg%_mXs`!>)PVII_vF_(mTPz=I%i7p%lJ)CZXR-
zKlzE<4d5miPIRM3z$&NPGw->)X*?G{d%T}ehimEjMF4j33FT}(@*`CZb1`;Q6MX)&
zM=9&eYQ#pmnQQVynQ_@gHjQOpwzkSOu=)s(#F5$M-;QTTM+R`J?mu@Iqai;7hh=Zi
z6|eXZrR~?KX!du5(7v6npr2BzI%A8+S;{8@qXLVcw+e?%JaidafG~>)66XES$Joh2
z!7N@r_yg0lei%otD_z1}r&(i;W&Mzaax_ux`gFeIsZ*NgxRzLnt<>&TRYzqM8NgPS
z^?$#Z7Bfow*ZuQYS{y7C6v7Yzf1X9CNXe|dNnY>lz~c#iBj%QaSPBmbp;=U_&IUXf
z)B2!|4;iJS4{n1tbCc_lQ-h65!DR_Z&*gZr!Dy!7Vya>0)ZnuPpUtB}V~Lt4^ysHG
z6!iJTiX-QZr@JkCrEn+u_nsH?=+Tm^WszTDA;!H|Ghw-;cdiFQFDm*JMIKk_bmSpk
zPWkQuOM9g^Ugy8%VbXFFAwhDC<S?i&&HdOZ`m(JBw{*Fwh^(Z;!5F}AYwvN9IXM^T
zH26F<l+Fn}RNFEAwof>kd}S8iCkMTs6MX4hKaJgy8F02+(S>6)YT6|Qn*aE;n0{i_
z8xAAuj!ozGFM<C`q$GlGRSVK`R|>p}<6<!qwaq8|CG<j8O83Q2{!5(HNJ8q;(huZ}
zbLW(x)cA|EA3uJKebiwRu}e^rQH&;mHs(_%0>4Y2yVE(hG6Z`Vmr(%QPuIm(6X}sO
zV@s1AZ{{yg_8cSDr>ySX-oOQjZ}TFu7!#k64#Vf0#Y_O#K}F`;_4RelX41AyYSE?S
zEVqD&O0Y$<Rm)SsTAdio%A2SYf)aX%zAem(V+D7VD&iEh^sqw?#6%DuS#$ZA`kLbE
z`e+pTxyzg%m+!bw5v%)VU;3|YBfR^;PVz9c{;gZPNwfFX(~z4js|kKNLw9Bl4y7B`
z-lJbv$8d0+uzUddmp{05YVwIv^Q7GRCll2Y0efy+7q39Cq8m6#rH_-c?nPN;7k9xF
zCho^EynOlc=T%sfv#-@Y`j2Q`Q0KgW@P}Rkv+9#;U!5O1`v4h?DSrg)HmSVpL*L86
zOMJ1{t@~7g09aoxnvvzEgJ$pIl+(Q>t2Rc%B=NSq-D(Ls#c^erW;hq~ZHGLR<OQkw
zD_Qkd)P~zwcUH6kS~v=<yWw0#l?ETRH<upZFqI~sOR);$T!IUJi_3)gzh#!|?^({%
zBD-Cn$+hapt95P7B{y=iZRfD&V-F^=&`NYX{wRA>GJB@i-MzW;FRVKyW5OE}5|A8t
zJx*oPAOHkuG}D$c7?Mca7oO>8S+S0`cWAcfd@=yy!N?`&g-zZ*j;b%_Um0BqoZh|P
zY`hm=Rxf;GA$)9pq${a#e5f_~_DJ#(z?uR0%$a8qR=Ve3qw{&M$ENF?UlSPPD*)gj
z*Kl6J0f4m>Z!!eW{K-i5$fQntH2l7c><JEa)XN`kB#F^1vJslc1&U}pLl@A}HUQ?O
zb-dbd%XEtjjhrexs~4(WzZH?rCGX0!g!d#d;Rq-ca2$6l#>j>CUWMfn5@(WI{#d);
zQAqBj$I-=qo0Y=^|MivH%5aY`N|3yvM)zJP1%Nk6oCMphlNpBY%Pb%4o9e}Ov65bw
z;}7Fk;cxuCh+bETBx<zn&&ej7@Es2Ky3aG&$%K`@6M)tDd+9}ugu2~BGwgOSI{wn1
zr)15-T-$!F4894N#r8s)MTP4FFTbskMFmw~^<+iAl(w)dZtU?Eu9~-MKgi716dGOi
zq7<d`!Fn4nCVl=jk}`v)^4{=Q1z9P>q1Lvx3FBeep6vcFU*sm}NU@6n7&1+I@A%=x
zbn?B#Xt2d!bhMv&adF`FL7$-eFS&_I-29Ik8GKxi;Z9_)j|7Nb9Zi3`hrXv*KYouA
zhe3hL@}4CrmmrN%*$zN6rm*$JwgBko@qB`aQf97LUy`ABGW$~arT9O6nRJPjLVIus
z4buRY`5290r?Sq&fsP-&S0doj#K+Hk{W2%u(p_{>cKAn+JDdO6Z*P`X+hT?^wHrqz
z1E;#o&ZOsE+*}2rWETK*_72Kn^U1^WK99{8dSRD<DVeSyZp>?;ms%MVZv>xe7iICC
zd`PqwZm4em=M{WjtELw>s;A^!<7;?$WJK*EA5(#YCLH7dya7+GjN@{BuzSJf<lFan
z-YIlNM)i>jN{?PVeoExZYccDGp&Wa5;uU+{K6xE%%}KZIw9Hiw(f<@3TBvy5)!x($
z?~Za-fr93v{LCcUK0L&s;q$M5kWb33j=hdurc0hcmZLi(B$GkX9Uu__7PhL4t-q2y
z3@k1zP$IMx!^yD^tt+zaOW5S*im|?Uf(*EQ_~>addeV9j%aXLKr2RAY{;dD$c8P@$
zX$vcim8U>GcD?gHoEkf={~g)i2F4yf*4?IG7n_7Z`~pn0`_aOuDvb|9aQ_HJIX}$|
zwm~5@6=Bu{iFddDiuR$97CNGJOR@F}g5aB$`z3?sWk67hr(eTn_FR2b8{0FuL-&mo
zk2#dayI9kPQq-C+pOIOhuUg=~Y7AnBZ9yV409HAh!mOfgS88i)9aHE)ny(bC{=R0E
zK_Ql7IKNA`oMh?VWdb9owqeD~?%<xh(Sa^0`R#9Ugi(<vexb?<4V*QYkbqoL=olVT
zpl<#1PA(WvLA45Mf<PtMlFd*+K<p@9Y*BYY<@o7OI3*~m%e(m6h8$Oce=TQoH2iEn
zhw=<E5~045w=3`30?c~rV{UM*1l}w~(SUU`DTb(vDamOoVich`+sditz+Yl|9L6#)
z8y}MtT=dI{)bJU<48M6V5xxQTqv`@$N>vwB@z#$TINi&sv;%Kj*c_CGwPdC{gjs+m
zE}b1#9mZv%MHT@{eZ^v3cljlW+xjzAi_fnE5H%U4jI{M8w-NbIvP&{g&`SJfHuv;Z
zV6lvKC)TNgvJxq^tu7juD{lG)Zk*}n<xznw^RK&mxW26!p-q_?R>4jFONk7UMT<Vy
zccIlUuUK6QE@ReJ@axSfHCGT^kly<(JAYJT>KgWma%t;0yB!~o%YOMxLt>zQJh}`3
zwS}`F7FC-OA!V9s@sj)=&Kx5&t+y>+)WH241r9^P@PxmNJ5}wn{Y%%;0$fS{lw+_T
zNS9ZXhPb;6(H2K7QGg*P9l=EO?oX9V`DbB1o|<yVABnX+_z$8e^P1Vmzwr}aY|`I$
zzaop;q?!Gbmq@>+q^zu5+7vw9PE4sWywm-Mv|R9knPN-&@sz>b4bopm>OnhG2S~TR
zo1e^<`;pn)q)9uq@@HZLY^+iE=+TzDg;jjq8O6<I^(8eS7<5N*#8Bglhc?FU_yT%|
zRknI?hutu&=-cNm6@2mgW-8=4g@{iBRSq$ejQLZYobsaiziha$;iyq^37NbTa=@+*
z2SP183FE&z9%bHJAgkUypOeL?>D4sd>;8fc+hjOqRcKx9!iN9ZvbgCei?1gr*~;gw
z#x~xm8Hp4jai8eQ>XpcEdfu5NO4Y?2F?}y&z*ZbDi0#DhMJQP;=p_N|8iaMl`m<`T
zS?q5k9#MJKTA#n4W#(@JeXT%56&;-3LBX02<;YZGAl7|KOAEN2)SddIIiYv2^3{ab
z99Tb_5w@Dc6f5)i%V{4+!yV3c>}pTQ)|A&KnyVjJP`L0)b!#i0x3UTsD8w%KRvVD!
zt#ivn|AoC6eO$EvH^@^U2$zMzKz$z7oA}m#uKlt1{KR9%K4RfJpH5osLdu~6-j5#&
z{=CZ40HeGLF&fJv0p87pjv4B(nB3Mw_iyiAygStk@#NyDh^S%VRDzk`%^%fC`u&OJ
ztV1^Z&Tz57Ja#4_gKZNhg|e6)#|l4Cl?%5opX?1Ot|_HC+nQ@c*wZVJmuBqZd;Qv7
z?;b@4>TF(KXZl3$-8W=E!FpIM@#G#mv#<@N_^oUW6?1GBw+dAbt(iF7>jC!o(vo@n
zcyt5ygj$dai;o0Zt|cvV&7ptl>$f4c`QMy&1eR@{_)zLk$-g~KN;6=;O2}!eu5G7b
zrF${^^6O`dr5A-yy%+R)##&o6?*yKRSd1)UC0PcYK<m56dEG$f5jpYG#Njc;EaJ8M
zL?O7QT|Xbog_ts!M&!4pw^S@STNdNr8+j;!JfEShmcv6oZ0Qq@zjNJ^oc;o&!_6ii
zfgt|)JdfpCD6UVUo2+1&@Q0naZ5QrL!*k<iLNqMTY}#qKY?NvA>*n=(CP$e6hQzSE
zavm=#nfw0!dn@5r_#2th$l=|SO2Z1Pr))&F?{Q*fVw|Gl;q0shQTpRuLJ_^k$64X`
zm2p6h6jz085d|GQmpuif<&tp1t`o^&77Fe%i>3e~Dn7pek$7_AIuV5>O*xLK85&k;
z+^9F4+S$cf0{j4CQ4uNx*qFj;z29+WYpgTKHD8KWV!l@2_h+<$GVCHFKu+^|xGp<H
zVbH$mNzy93yH2^!knx?cFp|UXSwe?P&o}3Q?9uLty8UgyU^SL>|4nL%JihOK{+<T?
zB|I$bC!fJ|#o$7ks<fO!b{utU1fFF3;M{BP7-3RpTSrF6y^r6>HdsK%u{X{K*k5rS
zfzU3ItThb|ijwSc4U)i`RX8t=i0e)9lRq9<W)u0Qv4m7o)~-)(+435#<aHskGQ(_&
zq%uT$f3@C|>mN{a-@g266zo)u+KyL+KypZrV)Zh=I6Z!HYKt@o3diwM=pPv|N>jU*
z`A)rr^^*86+e4Uc_#d3$(Y!3@vhZ*r4tDziw;__^q0)*zZbiE}<$27<e44i(Y@?YR
zZDNkedKV-9u1B^<UY4T16wq9+I-1vo7EN6mc>qvDOR0K6bj~h+$VD7M_UAl{a1Jxc
z@X$s72i4Z_i^Ek%UI%7Y)=^_%@vhITmY(H5J(sy||4!Z7Gz+9%3c5|Ocy~5LT|}-i
z`1^~)J2k%2CjS{D@b2_5h|a%D=lyoqu?Nn6`oW&E=<JiB#bzAKm?F*khdghbDB4%N
zA=L|Xv%G&hDY{28?~2caTeoY6etJi!nPX9^1_{=Cyp<_-b|m{^^|5)O#itDJu42Uh
z2uPv1r;y0U)q4B&)xrTV!Y)Jana`w0H*aOyz&9nsffr{}TdN0RRK-L25v9;GZy?i`
z1r!+n8^@4dpfJ=gUfCbN2St;WBOB7*Tp6u8>?6-jyZtPbLG^nW_M?ItK^p2|RHxFC
zUSZKYd8{M5eN#}#gBAvB-?>qKJ>GKXA2)E5mQ(n~qD`viIt2>I?8zU~M<3u$)FokY
z9vf7CSXMK5{0o^7FypuO9NB!?PDzx^h(l-wG7M$GBeGutV$8F=Yj9lQ%3vUl_45yP
zor_$5AmFibn+g7XlqbMM0qp^>B?}8N!QE&2<0H)9+k*m5Ox-29(wr=8UzQ@^#HD#_
zLr?sQODkxAY@2aPBnt($K2thJ-}zNmw~yruKhw}p03&0$@YZ`QD^pH_F8r=ecer}6
zsYdd^Jl5y56(QAqLQ%y6>*Qqn$KPX$Mx6S>sif0E;3sjmqHc@jVH??CwBa7VA!p4j
zNt(*GIhIpqJmTpH3JA)1e#8N?m3+AP#S)Vyj3RlSRVJOUu+}Ta3H?hoUwK6V_A7-A
z4l?jBq@^15AN*uh16d&SO)<(lS!lsFnDj?BPr{*z<=hbwH$3M7t1?KK(E1C{IYqqB
zh&e?a^r-Y%F=bG3AcY9!{ArST=Xj&Ei{?x9LA#Um<yvp6TJ{gCsvc?+fAs$@aOf%@
zlO*4#6IzXU{=Jizy76^e-=Y27?^Xmh=~grVsrPeqvqAVRcQu|RiL{ihUD4gYY)ske
zh3;*|={6u78#cV5OT%nms?xIOo_{&M^GU)K4Ib{8c%BzF#gB;C&JDg;zF)hnn$w&x
zb&#PkJH$A?WzpCtMg1rMvwV>5DjhU=l-IHRGnt&i#UC~KYu%!DwT|FjuXPLpWfzlS
zE?(_zzb}(w_-v@bzQh(8brP3s_L2B|<xFClss!PwY5lekfJUtl`~!J2I`)$KmSE5B
z%<7E)JOXe^W)}AE^f7}(vCcKmAt;HY0Ha8<)tb~{iVJUV|JBxxtkQs0s-+Hp;|8AD
zKumRbSb?WO=qMCEdB_r<_^J1p#y?b8&=u4;_1NVOmJ2`eJJcFIIvO<CEc@^(TmQnr
zqm*Dgy$U-Z<fDDspboco2?5vN?wN+v^mjM(r-14DDK8d`>16?SH)VPA?fFOE!;y0D
zS`1xtVrIA@;7>)|hl*S)i=YPg@gI_&PL3GLQ<5m)wAsN%$-D(b300;gavT_ydl#n_
zM~TxhQIw11EQ_1;T-g%ki;E$x0PMcV;^?)cOFO|?XF95cD~_vXc03hT`m8i|huDm4
zb4>fKA|s~1Qya{tH42}P$5Wg)(`1>!&-WN<CVDQg@W8Udv>3(QM@;m(-Qpg1bS3%I
z^(-8&sLv;nB4odePh<*k{4OGL1TjwKm|lVZWa6zD{nZm+?)z5j?N*CXE>w(2e6sjX
zR6<{Zt}83iM`NNu+0DTAA@*h#;ao9R<k0GRqh7wg56@S6Rz<D#OK-vy?IKV~x9y+o
z#V_>vsPWs<?@_<R{a~M;wC~P<<^DNCwpwtl=)4$kVnf}-qx83Y2+k13DWj*P#8V?i
z(eSgaK9!Q+2bM+anc{`@{xS<{6<Nh|o*?5k?Jv6LC(Cn#NsOIi6URc#kUKvYvy)Go
zy2K(Qu{_U8vxJ)Ajs@G2p6X+QhpS!*%PljYf4PPekD`bh83)mGN=!vAuYkWB41|PC
z^R$q@Y1|<uJuvEgctkxKiz$C2&Xta@t6Y5Tjk2OtAbjZ(Eu}F>x(+1?u=SzGRnfrD
z{;bt_1%pnE;ZJ;(jeqqx_sQw+Ua0}KB6sH|<3<69Y1B`PD3-%G%{@AW26C>~_$?AV
zqK5~y3}>f(AImmy?*e^duh-||xnQ$#EGhk1W+CuZ34X1;!};8i*N2I_$?HWqK*Y$>
zw`6G5%9N9cl9kk^CN6-_Kc?r%EWjeiy)#6I_k+XAkjj!<sf%Yk*F41FmjKCci7wOr
zds3AolH=3dyk%V3XT|VD*X3$aBa~S<Gt5kdmB_;kFwUwcY1d8G9;X_Qyf{8_E{VFW
zaAw&4(8bRD*l|5Wt^7I678{lX&(~gWXdfHgXZ3j#b~8LPx4N!$RVO5}yy=1`oG~#2
z(IPi?e9is0?9+sM*&~cWjj^XgEI~@Vv$yD<Udd0B#t-^|*c0M>cJy%+54>hLp?mEm
zT^L2wXYb7QkI_z)a>OsRqa!&wDg^d$9WQPq6ITY5QT@$2E_p<IP!XoXIS%JELKCve
zV`hhvpO3de>trCWgx_9Y5F5UzbNcSZ$<vEPZ(%D@C&^W>#Dffho3g0Bc$phE6J7#^
z-tJOYIjG0L<oG5{Aa7}sa_{~t1m~jLmq2wM37laO)ZDCDLN-rox0+H);kV@oAjP#m
zT#RJA(xguv$T`)MW`WqiBU<<x*6{pmmok{jiIQrHenqpmAhE~DgQJ>)M|7QF9PtD>
z?R^caN~B5F$caW{l)dUBm5|%<rilP+(*V@v*M85FCh{&%^FFL5JJ@F;A>7S>`KCa0
zs?g$70!!_~^X*TghDRR2|2TX*J3A5K4+1$pNk@;{EtV>7(%g_npAwabzS?|lN~=#E
zRW4v|Irkx?@za&k?9dONFXDIP-M=O+6YDiT$HUz;f^6?Wz4fcy*H);9(0lv_eUl)F
zC^ismNd|JJN<e_rB*yC$;N#QYk%+1yN@4xVVP8s6LN_g~8uqRRuYr*H*XAFa>xs?n
zSw5KF4xf`+;gQgNX=GL3>{p|1Po(Z@`$j?Wpx+1QHy4N9*V3EQ6pD6iVs494GXP9B
zyQ{nOAQ?zejIwvK1MEFpPWCrG8l8VgmIrNhY`1m%glA4gBVqH$GfV@UwR&%t{*sWh
zK&$wxisv7Hui$^8aCBlqsQ+{8D$r8hzS~>n+Sv|bkIb{DTeb(X*}YwQ$Y%QU2_8<D
zCINjIxw@Y8eovoz`*!}C;y*BRFWH8im@Ba}X&bzegwVokn(O<ltH89ygNjfPB?UE-
zFu?qN_l!T3ywkm+A*kTPNdWriXw($-lWBF+X&N#9=VgAY5>XA_vV7BQZ!w%eUI*Yj
z)S%`X2HZMso?2R3dIF{f(h*2(&Sw^8l=9V0dHs4~YK@WAhe<t6p`uBIE2($E?#as<
zaxo(gCQTm0vL@_`sPD}5WMjcFjQUPw{7WXP1$uG4JR|olq_b|5aKj_d=z}Q6B>d*-
z9CFDc>lz(@Ov&(4rU|N#L6})gP@7}An%_7fi}4<BXnE(T7)EYl^I*d4Q5~C5RKK!j
zl>)0=RJ7S%gboC<8~H0UHTCEAJ$9G5+yaJtwZ<zhj7Y4&HY_}Cg4@S#pi2unN1Z_T
zv)MH9>+0O6l_8~)!}^U{gd=7Z;le{CXtX(hpEvH+5$KVA+)4&?<8Y?+@tZaY3ku>O
z?f{>MsZJI3iIvE!QUo&LxfI_*I>%ey1|#83svUl5iL6}GtL)_h+ZdNZeSLkq-dD7n
znTkL}ZpB&f6QTW7r=j<&iU;w;bx2$D&nWQYxiR-HUl+UU;31`7_#rSo6f%ao`|FfW
zOld=31BW3~75#Y8EGF!G*S;MuZ!XL>&~o{P7rJP(8flZbb5K-`+yYm7(sBQa4+z^L
z<6=OOQ#v}ewtHJm7^S(0?qca6L~jAtq-+7JvU!v1;-HTS$oIA*d>ao4sc*eCkNTO#
zM$YE^@g=8L{JcILL?RRV`89?mbFJxQmihQ|u;v~*tfW3v(1lcI%wqTIyUI7Q+dtNr
z-OzWQD2<H3t<#SSe^vIGj-s@nq-ZML#XsIJaup%=#E@%e1{+`2ta2mZ`y_r@J4(c8
zigzykL)2*ay}*?>0eq>y<d}?D>B>lDuXTe~&4JwZL&zLyW^`?hPu<7+s$W<s4Ob*G
z`6hALt#6s5JV*Dax!3}tiy2&{IOK3jOMP#`m%}DT#Lf|WR4L~(`)$RglT^&uyot<>
zd60%(A^vK3j7tQFT9B7lOF5B|ceyWd>R<M`U&1S%qdy5*QIRDFUqHTIg?_=S`M5{)
z`oI?I|C|T>O|pMHH65y|o#Xc+x}$2{aJM-4c;ci_JL@V~5F#r0$#FEDK@y`1q*ty0
z5&ZA}X_KUl;9+{4PVoVvB2xAG?rm0bAKA=wH31-Ca!9y8c@rgTsl2T&EqQnlYeJM9
zKM+MsXV)2a|9>@d<>64a@wz^hQdzT=b!=JULu8386C*nzd$MLLBSeN0B3Z_oJxh!+
z_I0e4Z7h+o?_m(aXGtNP=cVsl=Q`&)*E#c-%gp<}&-*;T=lA@U`@U(Jm<W~fz%WX%
z1~3;PlZ;mKI7B&Bz^|BGX4n-vYkFEm0P!c#%`ql<JwMqU>TL2w>8zfXn^bKt=u<}}
zirZtYDQ)R!(0u19FqgN5uGz~j<z)94Pe}nclwrhK@^(JOy<4{pVDi%lOt8)lfpRWK
ziZ}k300QGf&sd#6-n-^qmAOJaGqbMK67V0{{;vBKfZB(r6hvzpF$<zS=;)nS2h);F
zC9H;7sX59@OKqTT;72JMX{}?*9x~N24iQY?JuRmI-jdScN@frt1v_|p^_>wX9+r$*
z-Rg0P-InHs4doezUcXz2S)YCE$=VWlI<H8UPQ2g9>(}%vb{hb_B<355KzLq2dL>~}
z`97zQeH(;mhWH3kxZNDyi-HN?{jl#a!M^+gGs8?9^<s#8?=-RA1(Qv>L`dSA51%s+
zcjpXUdQ`BunG|i#;ihXv%vG-Tj1Mt;_yNDtKScL%euXM;U0v2ZlQp!twcIY`Nq@F{
zYX8vAvxxkn!gA!?9pg&p#B$e(B+h6I+x)}yA;87O7QsnAJ|RNF1yQ6o*nbqmjeI-}
z4toICBN(Box!7lnLV2xgNyjaZ;?b@6sL9Fs`7}6*$yaOLJ4k&u=~g4ST&@Q0s0!oj
zGY)sA5OeR+r~7LkmF-R*jCiH_jhQQfDkSa`QOw)pKyn4Q$qF24!~V9ZN0$J%?!>hF
z>mEV*D!T6Q-fmiSzE!tbPoYb{+YEm&p|!BM`qL%Y=Qx6JuhkOB)md*!KaARyK`m+}
zmI*4d$|hR`)vZ*HWm~IKexw;_G3#5POV|H$s|rq%2Lr+sF`Wt5=GSZMmtvJSzK0hx
zr9xlpev9Ek68ailV~rLb#p(F78}IzOzPQrdzKh4>Y3b>Cf`WodK_)1@R<~Jh8bYuD
zOx(GE8}{m+R-qJ8BIc5JYl8^hmEYB(wGXNcexpq8^a!6EH69xC!YNRw3y>lN$=kn9
zvX+;nEj&e5)*UQ5@)t>Qf!46i(ph&*cI(1|!6KG+5l}0%Cp=!jD=F`X;3BWwG8Y1*
zW1)R(nC+m;YzhPS)YI9EP?gPQgVeqOK*$dEp#+PwQ8)Y>?s{_PbXF{+a#`-%26&!F
zZ=!zBGK|!S0KA|4OP|UF*&;Ta`KB3^95EEhVk1<4oQq3KonWkNm(~d~YmifCjg&45
zGn2(f%GibA$bZ{P%omK59ynmJi0&GfIt{l^&HJtsHSN7ws&gQ<j)TCwfbz2a;Zh9X
zMrR5{HPx!Lzi!J>1NHuL(@--q`gYRR&6T9(ipUEa-zc(m?L0HEDs~I>>JIM`%wz<V
zeCwr?3q=#FILnZ3{Zo(FKTkW`^NXKuH`Qz`)<FlpYW)$z$9FMS(qr6Y1;V{Tea|zL
zELTmdTnD;obzO=nu7o*kNk<J)N~_u>9Taaqc+Tzk7_cqlN7T3TXBFKP#W2r`Wq5n4
ze%@=qO~hnHkpEob@G>)yXiV{^=%@2jM0xB5I)=H_$p5IgxjCjX@O4<%Sy+q2bp4=h
z;bOY%EbOwcFf(98Hvy~~?ZhApOBGvJOseYUfT*|RU3O5VY}z$idkpHJbS`RA?-|Da
z<)~j**uAZa+4so`Amjefrd~VetQx_l8%Oy1j>G$VNgH$q-PO_K&BLE|6mfP|e9fBu
z1kkHbNLQEP3(nGbQ=(|1BR09@Of9VNzE#&XYk85Kwq!O^%Gt};Cetw{VO>)wGs^e2
zAOIoI7t`~5Mt@Q{@on}FJk4pPl5S&eO%_1B87a@kxMwa)?uVI?%W*bZq+reI@Y~Vy
zVs;3|6%+bk1mhSWVQbmV<zWGNKI2ln!<AmsH>L02zi;<H*kt$kUDdd+`4<`4fT#ou
zWuOo5tw$oE6x#`vfXz?GkiA{bm)UAP()x7A>VOS!D!x|VUmW0h9_DhhxiD*|)XH*z
zS~3R)u}(Y-WP%Y?ZV<Q}v}4}QEBOJhH);%nW#+V1e>nrv-E6Og6Z&s2#4`Lo-|!JP
z5_fGc!bp>5X`mqd=HsTn0ha^REfsuxYRa94v^qLFZ9y4^*y!)S!T{al;oSTw;~Gv2
zJ#nlF*X>{*^}E%P<rg>OzacEwH?2H~1A1cW+?*ANh+GDB&jv{oM=@KC6b%V;$4}IY
zCoOyydA#Qn?QH;l2Vl_}!Db2}7_1&{SNj(Kj`jRJ{%|(BA!DOsu9ui!pYA#6mzZPO
zKohwdReobnJ^B9F`K#fSx%8c{mGQ_u48o&+PrP<OTK(4VihMJ<>I%<-hx}Is3>1-x
ziviZ^)0~qt%b$ta`8IQLc{`CRqAN-yi0?vQDhWzk9K5_LT4^`=Hy3&m!bBSGL0qyz
zWI8`wcs!X)kZn1mFn2z_BYW{xwxz~%A)o46nT4}*@SG$i8&g?j(hX3)nS2zXK3Gcz
z3V#H&`AbrILb?8sN3WGUEorP=5Q$NNX{^eD+*jM^Vs7-_h3_L4-QnS}8K|t5o}mW+
zrVHqc-($4p(Ex|14-RNvKoEc;2DBh2yig{VPd0t!eJYLjVx-N^&|16RM!I6O9Yvg%
zKgw)=tsVV#a1uGR<3d^w%k1Bm<hw-hNN0(&UgSag{p8sBS;6`qh4Hctd2?YS+SHyc
zCL2e)Gy7t7sl@g7_qWa=JqfEWsJW~wGHQW~@=X>aA|pX_Vp!8CoL}ZE3UtB`s+b!^
zGPRuwZX?X}QioMP%1`Z8MCWQMZWf*&MJTETZTY%J-jpgVsB7T3J+Zc^KAJ!D`t#px
z2M2+^HN477zfC$&jFoZrxs^tdH&ALxb#^tk8V-Z4rp5MqSmknx906-O1<{Re?stYD
ztt~AE$~cml;tP4~i(hziE}joPrm{}Af(d6NZ3xsOrM6)Z&c+o##{f|P@w7@L;y%7~
zF<oxpM}2z`vMG0+C_S#qaEq32$j|p~C5uQDRpBx>xqcYw#hMnOBw-Jm;TYJmzHp{<
z-&!-{dlh#m#d@@e>q=&KZe6c7+aABJ-$WYESo$K5ITz}E=PfTajK84wdMV|`UWBtg
zMm-_WXt(2;dS8Fk?u=?pK1V2MCHd@s!A6j=n(h%|8#0i4xKs2TQw=gI8=4>26#JGF
z-4CV3c!lo;u#fZ7ys!|P&FS9Q8GVviCT_ZMD5oQLAl}H^ZdBEF$HyY^@~5dorAH%f
znK}o~yE|!z`s9o3vm!T83?fzGZ(@IHSiL3Cq?C+42kf8xzia^54LHY;acBQKXo~yQ
z?*xWrKB!yNe=<8=XLT>It06bp?28=YjF)7U*_d~!&iraed?t}%XSKUfEYB;%cPBxZ
zmfp<ZBYq)yc4I%MuXLSV?!D<1OJjF#?FjpLg0`23fkA7ereaS|?Rz27)5D6Xe>D%~
z2T?@Tc&Kj7Esm(gF`nvvEe=ahY&e)Ici8E~AiO_ZvJhFa^;!MFJn9wNbv<ZU@Jw)f
zLRAZP`4#c?ToZjRDNWRc)T3<D39JI0pgHBgb+@Drf7Kvo`+VF&PG!PFvQH$-1Wz61
zWq8Dc5NCz)nWzxVbhFBC$K=AZ{Lc2F-Nb+?ycm2;@ibR0-IN^n!OurAVUu#0?vFJ3
zXO#!E)3b)TI<)2S_%fMbOHi}4vblTkRlyOxJ32ceN1Q3VM%-AvCJ>lolU^TkitX~0
zA#rNe(tBrT)iwHQ4SXW_4vdYAv1>u2J@4}TiX#P%n&HbG)HR{JsBE0x;#3J1{qq)Y
zRZKfd$sh_|q34fl^V7K7v~)CB4va!~qPVIr3dIcAvzJc<-0#`;TOxAeuu1n^DPAyj
zxB9B$D!UWqi;)fY(<u+4(Uv&@uy-B5ilp0@m<;y|UR_>lIOu!&Lki=nl*ykx-*7|6
z+)#c}*_D+!qkAl?g5g4AgIwi?sOQZ-b@}Q-$6xrkxT*QG@lR1TB7?RV?{}OB1wcZ}
zANMO^ucNfh(REJA=AyC<nW!OW)2C1UqBJxTH-)tL1>~}V-;|uN+a+G7zf42Hm(<Ov
z)6l?Su<=@uG|jF>*v&FPQO;)m?vIkdzN+paxXx$%LlvJJ>XpynDD^ww1{DJ7naBUD
zLZ`>T#A1_pN+?@#;7Kd?N#DL8Nyh~J#s}5dB`RmAS;#zYB5xX#G5^F>&Vu9K_dc28
zxLy3;_M3tH_vbIg=YM#EPd%Er6AlY64Msi)aMPgo2FfX=Kjgl@Y}jCJ81QSd*1)b%
zGvNg*8ENT|&A^@M@R13*x8t^&L;_M>=|!EdclmbeeB14>O-l}^#D&aL-K_1sZ7p8^
zny4~3UD?K~lD8ApWc~SM+5VI#wnzdP|Ghr<IdxK&tj!noz3fNjjW@+6>rBRz;&Y}}
z-%_1py3>}Tjhk2Dp)YDQ$5d_k_(j4GQMnZ5XB*%VGfUskJa3(G_}lNZ#1H|Xbc=v+
z4oo{b-ZTdr*lRT@aDg}R6GOyF147?vTgM;ea>%fbIR(cOlYJLwm58>U8*=gT2_?MM
zYm+3{Kq0x}fW`V^3z4%+_4IvKKeoHqb<f={CK<lG%Xk6pYN)HrsS9*B@|$cs<J*H6
zEie;GAeHKW`dDi0^WTiLCpQAl3*UbZSl5{<pdIyjc<>eAV<-JZX<yshbL&vZ$in-5
zb4yG63o>#@$_EY)2drM#W-!IT2<UO}nsxxQwC%^}(z37!<>lqgtXWosoq%YW)=hV^
zlbQ0PE<{1k8!n+;JhQ&OPONY;^6=gIrW+bA@hA#ZIpF>Gps#%BH*%6)LF5Mp!uui)
z!6+ys6bm4uYFb(mIO8%El?ax+KO+Y}e}DmX60H;|^ht<5o^%03LDr`1pcUiznh9q9
z4UmuGUXoMYNtZ{FUJDi;<+n5veizWfTT_PzMkrhQqsuM}<J{15oe7=8CDuT}PfvpJ
z(MYs+Ds)Fm-Yblv-9a`-<H-pI;~8%BZ`}GmqR-05%X{a^lX4ke=y3w~VD2aDDZBxw
z_iupIr_qgRzLOneYipY~Khx6EQtG{F$9(f?F+}{Q(d`2fW=sY}=m}}tj!S1CBD`ZM
zU~;^1L4ikNr0<73$rNe$r4#|s9s*GSRR^MDXqM%GdQ$T>N<b9G;J<#l%x7GD|Aj`<
zb+v+4m7{mg%y|=s;Ile@Cptq|>ixC|R<ZjZPE?3rtdwdtd<89=Cdh=f?wg@Mp8)wh
z{PRgc^pDv1_?)D$S(ot&r-ZG=K2=D6C<L?kfTuL=$S}an9UF$-%Q%A1(wB^v+yLSK
zDd@cIOmip{`GK%49DMUu)H;|V3V@!EXUi^#vy|<R83|I_5A{N&wghv}#OBu44v=(!
zs2Lgo8OY3SoR^is-~Hpow8rGgk}lDJnfbc0vC&bOjfDkwyxcd3FQB2OP)6Vd0IhA>
zYeT^AJ@@=vi5H}FRILnpwbL1Lz*^x{DY4~LyT3g)2MDDxs%+lyNxwZ853PmoLzS*=
z=i0jj`U_JpM)uabSDQ!P2G1l3Nh*_A^ovXR%;b=pXG521GtA3Y(irC*R4YB!SU4jm
z#guC8OqCley*KCcZc99>TMq{NAkSUKzOfR>&)6GXMJ;}GgH)d2BuNQF7}Y3^h03t8
zu5vY2GmtEfFuyUX6WWEzpiKlsbvFB@w@X$)h$(~+C&l+i@&MG?p^HHh4yN*dN+Jx-
zDERI&mq#g{zhZjLzN1snX7AvVwC_!Q*;$hYc?+?x<DNtw84X!z2H|PhEkM>HMbWZ}
z-+BgD8JZ{Mu5z%x{h+;FWU#xsr`oCn`J<)2!s+OV{EipVW7|BPZ`i94wU60DUDo&t
zOe(*)x}|>qEj9uQ@1FwpNpY&YP#6tHtlxhb=5JDM6py<l(DW<_kv^=jf?M9N+laN9
zk8gMXX>oN0_OiU}E*+|h#q`h;vRUb{iSth5I?(O`e&y5Z9TH)ZlbEl*FNp4}vVW*5
zA)98%&GX(q+tMud*N)Fa`*Q(gs5xvHVBTSiX(0<;o!O?Aex#g}qTzK2OU<$Q{ZHXh
z<EsDNWg$4Id78*7Zwm+rCsaH`9!X4KK1$pRNfEoLG^+Z`!M>gCS>&8J)D}XkI{ZUD
zQeb*xg`qSDhtr^?rR^6z5})v<sIdP0G4MiYS&4Nx8%&w3p8G@5K`po4e5{(=!`rqY
z-+QxOojP3-6nSlNaq+lo=4Jwuf;}D{-Ozb;=4(4M&yNNUXxG!|&JNDJ3H5Z2vk3h@
z!J|-9zB$xAI1!AJj!rZ0xRagAk_Rswb5k00(T=4ddtd{kOOEyrY@zI#@8zbEv#1~S
zzkG)L5h*z3$G%(fG)F#@gw%L)v|j(4h5UEXj0*UpkAVE6FLwr7H!yxNu6!LzwoYna
zaJ;}^rR1;5lBs`-KCdrZk2^9&CRlRR%X7?P<ebE<fB$o|<o{o}4kx!(xNPN8ZqPH^
zBSoZz#N!n}M6$_oU%iTuRgWk3_3?0WDzdK0#fv!oBoTg1n?nno=dR+g_EH|L-`d=M
zw-53>1cQ5_$KoF&=AkSjvTz@dbNyfz>n<iD#p>V2A!McXLc0h8I%7sEfjh}iQ3iUe
z1#6ztbBd4OEYp5Ga&5v3k3+WB*U?ak<Lk$lJd%=z=0N2KmO0-tO+AvMdF9;s^ZISm
z)6>8bGJ&oaaCtjlA4`Hoq>=8LruJUy=Wp-m&}&OfOa#q<tUteaECr8`jRkakRU4qq
zLCek#B;%lU-z3tySW)uWV7C8;mI}V@fOl2RtlMvq`Dg@<4)*M^)y1QGzX4sLkCP)m
z>;6_nLCb;U`Cs<^zpJ_#LTwCcnqlG4*@5PBT;JOuv!5@Nx_UfiEky0}KRY1B51Tb=
zkhAN^ntE+Y+H|yUJ@~T-f3`vAsGPKz-%}&}Ql`b|h`_x#b5MbV#@bDUJWL`m0NNpG
zrI{MILvDVx7<_lHriePpRHu+t+UT)@;0obKH0X66Z<zp~7FcebZ$=NxTRq-(84`#P
zA)&&0fw!ra!gKWY+yXG2y1FIH71_iju4^VCfOkUd?$@?+O?;YcVPx93>|W(=%~cRg
z@Q~Fa)U1SxJy3Y_=G&C+k?0D^*Odyrz3V;4Pu~w|R6tT1sRgxr7Ab=E8i%#}(c7bm
zHJu%TG3kaW(cduC-n)h8kE4>$<fgx=p?Uhh1ZQx%1>M3z0&&g#EFRx6UiJk>`DG%^
zo}S7cs&n-5ov&GqX-8yqTpP+knLt!jmvaUXY0bI7dO4bz;3oWjcL7eMSY6|f$pFAu
z>j14&o}BQat?!pO3QQ`12W2h)V%&H`^)C(1Wr$(AAXZ92I<&*-DVFkwJY<ALPTmZF
z%HbiG-<$mG78d4@X{^WV-02i37he@eDyZTYi3b8w4RTJY+&Lsfl)qq=tHd{o;Q*Qe
z4QKJ45Prl_Kp<HWjF9rEQK($gMk}9V9%UZd0E#Uq7b;_3$c-7Dj{+qMF^{L!zn&)N
zBD>Ak(uS-f&-OW8nG}Sx+LL0jcd!!GmTSWbJGOKD{QR<6*hWb0qqf2ixC)&^c8{tO
zDxi2sgDxAUhg~7c=9~z9Y{Sek9fNNl)opTOpXSmJPJU^MR0;k3Jb#Kx(S5b%Lhc#0
z)l^MjQ>!z*oXEi<*?zw-@)p-f8z8qY_Wxn!94MhZJv*Ufz?_j?{^=5JXMYLL?0%P`
zSl=aXK@!kd>I5g$lCSxZ><_y3sdLEnGX#Dvn7~WMr^LT2(Qb$<j#ma-QB=GP08L}O
z#DYZ+GTaye4R$b><1JjuB;v*O4ZuauIWa=K#L<+08u3rIl{43Dl;p5D?qWAZ^s)aI
zW@CiuqTuwj!r$0=-9!(Th6ypjCE;(B2kx&GOESGA>HF6!RGdIwIx=^Bm}(H>*<Uv1
z($;6kk=3IX+ZUY3F27|L3sT#PfK#cdzU2P%yEf-%Aq?_`6j9HYY*8X-UwY{3`Lr(0
zPCxMN63t1ktzBG@tdxM<!3Mm-_1QPdv+8Fx&uTkN_wfy)#sqyb0d&jp>UgiY%drde
zS`VS#*=AfGA0*V3D2}n0AC{2+JEB0ub-G&w>W2f**;c-%T?yT95ih0SfptwiId>fA
zN~fy^9z_(6W;gAQosR_D(d+-uSmQe`NMg9GrWm79@J|KL_>*M0Jz49De}IjTN{rQb
zMMPB#8$8n*3t)8-E298GRz{1aOH!W`v>%X_j-0g9bBjOYA%T#m-r&>%*L<m2NHtyt
z(9w~xp)Zqu(d_cF2C}6E()E(i+uO_L(}r?{riFjI;cy-syKM*?8qw7abALB#)VE9=
zp~L-qZ^`XHM}gaade1*W(|@Wm9Um1(2J>Hby`}(sduPbP+esHoqBlZ>)m9SHvPbtM
zp?!m%O)}%5H5VcCHR)idO5sZ7@;#14NgCn8@CK<H#%w#&fu5SAAnEpv=0oh-s-B)9
zC)Hup)m)_d+`tY$vS+BxcBb}K^WlMu*thqn=oEA8>W!Ux<&CC!fJP8b^F!D@>WOB~
zC%y+2#5tSz9lyxK*sF{U9y$WU@lalYc=&{K<DN<=i@X8OoKB4(g#NWfyONa1uiWvm
zAJ#6C7e$u~lFGQ;Y<t;TJ6~%eN=4oyED{qkSF2?65JU|{{i+*y1aY&2)M_=2lxZ|u
zee0ni$<}G4OrnZ#61-;W;04W#<9t%fr=;qux4hRzBQ_Fr(a64k9_!!3c^7gAH#Oq9
z454b@`XlyOew6au>lao)!xVh_zbV^@c0^Qs8_aQZwR!6=$bYruK#u9mka@o#d{<>J
z|F+B{OV%tXSB1eGVmV94qfS!g8eDW4BVvQo_56i|2x^_z#4SaQy{~F}rV3puioZr0
znTkI4(5Jv0dxmeJD^xc~pp1eOMNLqr7fsAm-|MqRHA?G?ZFG`WTJlDX@80Mk3>?bA
z`pyKlYkPS~Oe~ZOjVEVK0L@X5eG0=Zo>^2wf@SXM6I?Ml?0TE5;U-KBjl(A7eR{Qh
zO|w}x6TQBnzE563wO{xtpS(@&&+`0<J98Vo7gI^42Ubwk%Ir|Bj^gMPwCOMgXWFa^
zS%D|0Rv{K1r#ohp2*17~$lY{_DXXatC|iKf-DDN076XC>D~a7dfjh`2p|40B=tJ@>
Y-;dhJ67&=h^FN_>TMJ&ObU)xf0Bxsxc>n+a

literal 0
HcmV?d00001

diff --git a/t/venom/test_suites/security_event_random_mac/TESTSUITE.md b/t/venom/test_suites/security_event_random_mac/TESTSUITE.md
new file mode 100644
index 000000000000..d13eed932fec
--- /dev/null
+++ b/t/venom/test_suites/security_event_random_mac/TESTSUITE.md
@@ -0,0 +1,29 @@
+# Security Event Random Mac Address
+
+Create a Inline L2 network, start a client on this network apply a security suricata event, tests.
+
+## Requirements
+
+### Global config steps
+1. Create a Inline l2 network (virtual ethernet interfaces, bridge and tap)
+
+## Scenario steps
+1. Enable the interface inlinel2 as a inlinel2 interface
+1. Configure the network 192.168.4.0 to lower the lease time
+1. Create a user to use to authenticate on the portal
+1. Configure interfaceSNAT (network and inline) to allow internet access for the client once registered
+1. Restart services associated to inline configuration
+1. Set Random Mac Security event configuration
+1. Download ulinux image, install systemd service and start the client on the inline l2 network
+1. Test if the device is in the Isolation ipset set
+1. Release the security event on the node
+1. Test if the device is in the unregistered ipset set
+
+## Teardown steps
+1. Stop the client and remove the systemd script
+1. Set inlinel2 interface as none
+1. Delete user in db
+1. Deconfigure interfaceSNAT (network and inline)
+1. Restart services related to inline setup
+1. Remove Inline L2 network (remove virtual ethernet interfaces, bridge and tap)
+1. Disable Random Mac security configuration
diff --git a/t/venom/test_suites/security_event_random_mac/teardown/00_client_stop.yml b/t/venom/test_suites/security_event_random_mac/teardown/00_client_stop.yml
new file mode 100644
index 000000000000..05dbf9d94d72
--- /dev/null
+++ b/t/venom/test_suites/security_event_random_mac/teardown/00_client_stop.yml
@@ -0,0 +1,17 @@
+name: Stop client
+testcases:
+- name: stop_the_client
+  steps:
+  - type: systemctl_service
+    service: ulinux
+    unit_command: stop
+
+- name: delete_systemd_script
+  steps:
+  - type: file_delete
+    file: /lib/systemd/system/ulinux.service
+
+- name: systemctl_daemon-reload
+  steps:
+  - type: systemctl_service
+    service: daemon-reload
diff --git a/t/venom/test_suites/security_event_random_mac/teardown/05_deconfigure_packetfence.yml b/t/venom/test_suites/security_event_random_mac/teardown/05_deconfigure_packetfence.yml
new file mode 100644
index 000000000000..be9aa838949a
--- /dev/null
+++ b/t/venom/test_suites/security_event_random_mac/teardown/05_deconfigure_packetfence.yml
@@ -0,0 +1,120 @@
+name: Delete configuration in PacketFence
+testcases:
+- name: get_login_token
+  steps:
+  - type: get_login_token
+
+- name: configure_inlinel2_as_other
+  steps:
+  - type: http
+    method: PATCH
+    url: '{{.pfserver_webadmin_url}}/api/v1/config/interface/inlinel2'
+    ignore_verify_ssl: true
+    body: >-
+     {
+       "id": "inlinel2",
+       "isClone": false,
+       "isNew": false,
+       "type": "none",
+     }
+    headers:
+      "Authorization": "{{.get_login_token.result.token}}"
+      "Content-Type": "application/json"
+    assertions:
+      - result.statuscode ShouldEqual 200
+
+- name: delete_user_in_db
+  steps:
+  - type: http
+    method: DELETE
+    url: '{{.pfserver_webadmin_url}}/api/v1/user/iastigmate'
+    ignore_verify_ssl: true
+    headers:
+      "Authorization": "{{.get_login_token.result.token}}"
+      "Content-Type": "application/json"
+    assertions:
+      - result.statuscode ShouldEqual 200
+
+- name: deconfigure_snat_interface_for_passthroughs
+  steps:
+  - type: http
+    method: PATCH
+    url: '{{.pfserver_webadmin_url}}/api/v1/config/base/network'
+    ignore_verify_ssl: true
+    body: >-
+      {
+        "interfaceSNAT":""
+      }
+    headers:
+      "Authorization": "{{.get_login_token.result.token}}"
+      "Content-Type": "application/json"
+    assertions:
+      - result.statuscode ShouldEqual 200
+      - result.bodyjson.message ShouldEqual "Settings updated"
+
+- name: deconfigure_snat_interface_for_inline
+  steps:
+  - type: http
+    method: PATCH
+    url: '{{.pfserver_webadmin_url}}/api/v1/config/base/inline'
+    ignore_verify_ssl: true
+    body: >-
+     {
+       "id": "inline",
+       "interfaceSNAT": ""
+     }
+    headers:
+      "Authorization": "{{.get_login_token.result.token}}"
+      "Content-Type": "application/json"
+    assertions:
+      - result.statuscode ShouldEqual 200
+
+- name: desable_security_event
+  steps:
+  - type: pf_api_action
+    method: PATCH
+    url: 'config/security_event/{{.security_event_random_mac.event.id}}'
+    body: '{"id":"{{.security_event_random_mac.event.id}}","enabled":"N","quiet":true}'
+
+
+- name: restart_iptables
+  steps:
+  - type: systemctl_service_restart
+    service: packetfence-iptables
+    time_to_sleep: 5
+
+- name: restart_pfdns_service
+  steps:
+  - type: systemctl_service_restart
+    service: packetfence-pfdns
+    time_to_sleep: 5
+
+- name: restart_pfdhcp_service
+  steps:
+  - type: systemctl_service_restart
+    service: packetfence-pfdhcp
+    time_to_sleep: 5
+
+- name: restart_haproxy-portal_service
+  steps:
+  - type: systemctl_service_restart
+    service: packetfence-haproxy-portal
+    time_to_sleep: 5
+
+- name: restart_keepalived_service
+  steps:
+  - type: systemctl_service_restart
+    service: packetfence-keepalived
+    time_to_sleep: 5
+
+- name: restart_pfdhcplistener_service
+  steps:
+  - type: systemctl_service_restart
+    service: packetfence-pfdhcplistener
+    time_to_sleep: 5
+
+- name: restart_pfacct_service
+  steps:
+  - type: systemctl_service_restart
+    service: packetfence-pfacct
+    time_to_sleep: 5
diff --git a/t/venom/test_suites/security_event_random_mac/teardown/10_remove_network.yml b/t/venom/test_suites/security_event_random_mac/teardown/10_remove_network.yml
new file mode 100644
index 000000000000..66d123c61e35
--- /dev/null
+++ b/t/venom/test_suites/security_event_random_mac/teardown/10_remove_network.yml
@@ -0,0 +1,16 @@
+name: Remove inlinel2 network
+testcases:
+- name: Delete bridgeinline2 interface
+  steps:
+  - type: exec
+    script: ip link del bridgeinlinel2
+
+- name: Delete blok-tap1 interface
+  steps:
+  - type: exec
+    script: ip link del blok-tap1
+
+- name: Delete blok-br1 bridge
+  steps:
+  - type: exec
+    script: ip link del blok-br1
diff --git a/t/venom/vars/all.yml b/t/venom/vars/all.yml
index 76b315a8be0b..b16b003b8921 100644
--- a/t/venom/vars/all.yml
+++ b/t/venom/vars/all.yml
@@ -609,6 +609,15 @@ security_event_suricata.node.ipaddress: 192.168.3.10
 security_event_suricata.pf_portal: 192.168.3.1
 security_event_suricata.networks: 192.168.3.0
 
+################################################################################
+## Security event random_mac test suite specific variables
+#################################################################################
+security_event_random_mac.event.id: '3000007'
+security_event_random_mac.node.macaddress: 02:06:19:98:00:04
+security_event_random_mac.node.ipaddress: 192.168.4.10
+security_event_random_mac.pf_portal: 192.168.4.1
+security_event_random_mac.networks: 192.168.4.0
+
 #################################################################################
 ## inline_l2_and_radius test suite specific variables
 #################################################################################

From 8f7a61320a11f51817558a1bba9a3763567554cf Mon Sep 17 00:00:00 2001
From: jegoi <13801368+JeGoi@users.noreply.github.com>
Date: Thu, 17 Nov 2022 15:58:10 -0500
Subject: [PATCH 003/103] [Venom] Security test random mac: add async restart
 services

---
 .../05_setup_packetfence.yml                  | 32 +++++++++----------
 .../07_prepare_security_event_random_mac.yml  |  9 +++---
 2 files changed, 21 insertions(+), 20 deletions(-)

diff --git a/t/venom/test_suites/security_event_random_mac/05_setup_packetfence.yml b/t/venom/test_suites/security_event_random_mac/05_setup_packetfence.yml
index 0e6d19976960..1661e358f94f 100644
--- a/t/venom/test_suites/security_event_random_mac/05_setup_packetfence.yml
+++ b/t/venom/test_suites/security_event_random_mac/05_setup_packetfence.yml
@@ -241,48 +241,48 @@ testcases:
 
 - name: restart_iptables
   steps:
-  - type: systemctl_service_restart
-    service: packetfence-iptables
+  - type: pf_api_service_restart_async
+    service: "packetfence-iptables"
     time_to_sleep: 5
 
 - name: restart_pfdns_service
   steps:
-  - type: systemctl_service_restart
-    service: packetfence-pfdns
+  - type: pf_api_service_restart_async
+    service: "packetfence-pfdns"
     time_to_sleep: 5
 
 - name: restart_pfdhcp_service
   steps:
-  - type: systemctl_service_restart
-    service: packetfence-pfdhcp
+  - type: pf_api_service_restart_async
+    service: "packetfence-pfdhcp"
     time_to_sleep: 5
 
 - name: restart_haproxy-portal_service
   steps:
-  - type: systemctl_service_restart
-    service: packetfence-haproxy-portal
+  - type: pf_api_service_restart_async
+    service: "packetfence-haproxy-portal"
     time_to_sleep: 5
 
 - name: restart_keepalived_service
   steps:
-  - type: systemctl_service_restart
-    service: packetfence-keepalived
+  - type: pf_api_service_restart_async
+    service: "packetfence-keepalived"
     time_to_sleep: 5
 
 - name: restart_pfdhcplistener_service
   steps:
-  - type: systemctl_service_restart
-    service: packetfence-pfdhcplistener
+  - type: pf_api_service_restart_async
+    service: "packetfence-pfdhcplistener"
     time_to_sleep: 5
 
 - name: restart_pfacct_service
   steps:
-  - type: systemctl_service_restart
-    service: packetfence-pfacct
+  - type: pf_api_service_restart_async
+    service: "packetfence-pfacct"
     time_to_sleep: 5
 
 - name: restart_pfqueue_service
   steps:
-  - type: systemctl_service_restart
-    service: packetfence-pfqueue
+  - type: pf_api_system_service_restart_async
+    service: "packetfence-pfqueue"
     time_to_sleep: 5
diff --git a/t/venom/test_suites/security_event_random_mac/07_prepare_security_event_random_mac.yml b/t/venom/test_suites/security_event_random_mac/07_prepare_security_event_random_mac.yml
index 282eebdee093..13707d81d5f1 100644
--- a/t/venom/test_suites/security_event_random_mac/07_prepare_security_event_random_mac.yml
+++ b/t/venom/test_suites/security_event_random_mac/07_prepare_security_event_random_mac.yml
@@ -10,13 +10,14 @@ testcases:
 # restart pfqueue et pf detect
 - name: restart_service_pfqueue
   steps:
-  - type: systemctl_service_restart 
-    service: packetfence-pfqueue
+  - type: pf_api_system_service_restart_async 
+    service: "packetfence-pfqueue"
+    time_to_sleep: 5
 
 - name: restart_service_pfdetect
   steps:
-  - type: systemctl_service_restart 
-    service: packetfence-pfdetect
+  - type: pf_api_service_restart_async
+    service: "packetfence-pfdetect"
 
 - name: clear_fingerbank_cache
   steps:

From ad5dcd2dcd1d984c1b7600e75e700e935bd78b02 Mon Sep 17 00:00:00 2001
From: jegoi <13801368+JeGoi@users.noreply.github.com>
Date: Thu, 17 Nov 2022 16:11:27 -0500
Subject: [PATCH 004/103] [Venom] Security test random mac: add async restart
 services on teardown

---
 .../teardown/05_deconfigure_packetfence.yml   | 28 +++++++++----------
 1 file changed, 14 insertions(+), 14 deletions(-)

diff --git a/t/venom/test_suites/security_event_random_mac/teardown/05_deconfigure_packetfence.yml b/t/venom/test_suites/security_event_random_mac/teardown/05_deconfigure_packetfence.yml
index be9aa838949a..11b733a12e03 100644
--- a/t/venom/test_suites/security_event_random_mac/teardown/05_deconfigure_packetfence.yml
+++ b/t/venom/test_suites/security_event_random_mac/teardown/05_deconfigure_packetfence.yml
@@ -79,42 +79,42 @@ testcases:
 
 - name: restart_iptables
   steps:
-  - type: systemctl_service_restart
-    service: packetfence-iptables
+  - type: pf_api_service_restart_async
+    service: "packetfence-iptables"
     time_to_sleep: 5
 
 - name: restart_pfdns_service
   steps:
-  - type: systemctl_service_restart
-    service: packetfence-pfdns
+  - type: pf_api_service_restart_async
+    service: "packetfence-pfdns"
     time_to_sleep: 5
 
 - name: restart_pfdhcp_service
   steps:
-  - type: systemctl_service_restart
-    service: packetfence-pfdhcp
+  - type: pf_api_service_restart_async
+    service: "packetfence-pfdhcp"
     time_to_sleep: 5
 
 - name: restart_haproxy-portal_service
   steps:
-  - type: systemctl_service_restart
-    service: packetfence-haproxy-portal
+  - type: pf_api_service_restart_async
+    service: "packetfence-haproxy-portal"
     time_to_sleep: 5
 
 - name: restart_keepalived_service
   steps:
-  - type: systemctl_service_restart
-    service: packetfence-keepalived
+  - type: pf_api_service_restart_async
+    service: "packetfence-keepalived"
     time_to_sleep: 5
 
 - name: restart_pfdhcplistener_service
   steps:
-  - type: systemctl_service_restart
-    service: packetfence-pfdhcplistener
+  - type: pf_api_service_restart_async
+    service: "packetfence-pfdhcplistener"
     time_to_sleep: 5
 
 - name: restart_pfacct_service
   steps:
-  - type: systemctl_service_restart
-    service: packetfence-pfacct
+  - type: pf_api_service_restart_async
+    service: "packetfence-pfacct"
     time_to_sleep: 5

From bff317690d9c589bca798bb8664dcda48385f9f5 Mon Sep 17 00:00:00 2001
From: jegoi <13801368+JeGoi@users.noreply.github.com>
Date: Mon, 21 Nov 2022 09:38:37 -0500
Subject: [PATCH 005/103] [Venom] Security Event Mac random: fix step names

---
 t/venom/test_suites/security_event_random_mac/30_tests.yml      | 2 +-
 .../teardown/05_deconfigure_packetfence.yml                     | 2 +-
 2 files changed, 2 insertions(+), 2 deletions(-)

diff --git a/t/venom/test_suites/security_event_random_mac/30_tests.yml b/t/venom/test_suites/security_event_random_mac/30_tests.yml
index a27ef46d3162..f156d7454a20 100644
--- a/t/venom/test_suites/security_event_random_mac/30_tests.yml
+++ b/t/venom/test_suites/security_event_random_mac/30_tests.yml
@@ -45,7 +45,7 @@ testcases:
       - result.statuscode ShouldEqual 200
 
 
-- name: test_if_the_device_is_back_in_the_register_ipset
+- name: test_if_the_device_is_back_in_the_unregister_ipset
   steps:
   - type: exec
     script: 'ipset test pfsession_Unreg_{{.security_event_random_mac.networks}} {{.security_event_random_mac.node.ipaddress}}'
diff --git a/t/venom/test_suites/security_event_random_mac/teardown/05_deconfigure_packetfence.yml b/t/venom/test_suites/security_event_random_mac/teardown/05_deconfigure_packetfence.yml
index 11b733a12e03..2756278a5b6a 100644
--- a/t/venom/test_suites/security_event_random_mac/teardown/05_deconfigure_packetfence.yml
+++ b/t/venom/test_suites/security_event_random_mac/teardown/05_deconfigure_packetfence.yml
@@ -69,7 +69,7 @@ testcases:
     assertions:
       - result.statuscode ShouldEqual 200
 
-- name: desable_security_event
+- name: disable_security_event
   steps:
   - type: pf_api_action
     method: PATCH

From 59bfe0bf7eacc90a8bcc481d8fc386451f6e457b Mon Sep 17 00:00:00 2001
From: jegoi <13801368+JeGoi@users.noreply.github.com>
Date: Mon, 21 Nov 2022 09:54:47 -0500
Subject: [PATCH 006/103] [Venom] EAP TLS: fix cron restart

---
 t/venom/test_suites/common/restart_pfcron_service.yml | 11 ++---------
 1 file changed, 2 insertions(+), 9 deletions(-)

diff --git a/t/venom/test_suites/common/restart_pfcron_service.yml b/t/venom/test_suites/common/restart_pfcron_service.yml
index e76a57483714..0fa0cb9a7ed9 100644
--- a/t/venom/test_suites/common/restart_pfcron_service.yml
+++ b/t/venom/test_suites/common/restart_pfcron_service.yml
@@ -6,12 +6,5 @@ testcases:
 
 - name: restart_pfcron_service
   steps:
-  - type: http
-    method: POST
-    url: '{{.pfserver_webadmin_url}}/api/v1/service/pfcron/restart'
-    ignore_verify_ssl: true
-    headers:
-      "Authorization": "{{.get_login_token.result.token}}"
-      "Content-Type": "application/json"
-    assertions:
-      - result.statuscode ShouldEqual 200
+  - type: pf_api_service_restart_async 
+    service: 'pfcron'

From 371d7eb7dd3403102ff9006e32fa3692172076c4 Mon Sep 17 00:00:00 2001
From: jegoi <13801368+JeGoi@users.noreply.github.com>
Date: Mon, 21 Nov 2022 10:06:23 -0500
Subject: [PATCH 007/103] [Venom] Common test suite: fix restart services

---
 .../common/restart_iptables_service.yml       | 15 ++---------
 .../common/restart_pfdhcp_service.yml         | 15 ++---------
 .../common/restart_pfdhcplistener_service.yml | 15 ++---------
 t/venom/test_suites/common/restart_pfdns.yml  | 15 ++---------
 .../common/restart_pfdns_service.yml          | 15 ++---------
 .../common/restart_radius_services.yml        | 25 +++----------------
 6 files changed, 14 insertions(+), 86 deletions(-)

diff --git a/t/venom/test_suites/common/restart_iptables_service.yml b/t/venom/test_suites/common/restart_iptables_service.yml
index b608c6e2234c..b7ea61e77907 100644
--- a/t/venom/test_suites/common/restart_iptables_service.yml
+++ b/t/venom/test_suites/common/restart_iptables_service.yml
@@ -1,17 +1,6 @@
 name: Restart iptables service
 testcases:
-- name: get_login_token
-  steps:
-  - type: get_login_token
-
 - name: restart_iptables_service
   steps:
-  - type: http
-    method: POST
-    url: '{{.pfserver_webadmin_url}}/api/v1/service/iptables/restart'
-    ignore_verify_ssl: true
-    headers:
-      "Authorization": "{{.get_login_token.result.token}}"
-      "Content-Type": "application/json"
-    assertions:
-      - result.statuscode ShouldEqual 200
+  - type: pf_api_service_restart_async
+    service: 'iptables'
diff --git a/t/venom/test_suites/common/restart_pfdhcp_service.yml b/t/venom/test_suites/common/restart_pfdhcp_service.yml
index 8b3cec82804f..57336c16611c 100644
--- a/t/venom/test_suites/common/restart_pfdhcp_service.yml
+++ b/t/venom/test_suites/common/restart_pfdhcp_service.yml
@@ -1,17 +1,6 @@
 name: Restart pfdhcp service
 testcases:
-- name: get_login_token
-  steps:
-  - type: get_login_token
-
 - name: restart_pfdhcp_service
   steps:
-  - type: http
-    method: POST
-    url: '{{.pfserver_webadmin_url}}/api/v1/service/pfdhcp/restart'
-    ignore_verify_ssl: true
-    headers:
-      "Authorization": "{{.get_login_token.result.token}}"
-      "Content-Type": "application/json"
-    assertions:
-      - result.statuscode ShouldEqual 200
+  - type: pf_api_service_restart_async
+    service: 'pfdhcp'
diff --git a/t/venom/test_suites/common/restart_pfdhcplistener_service.yml b/t/venom/test_suites/common/restart_pfdhcplistener_service.yml
index d9c00b1f15ea..5e1d57b8c4b3 100644
--- a/t/venom/test_suites/common/restart_pfdhcplistener_service.yml
+++ b/t/venom/test_suites/common/restart_pfdhcplistener_service.yml
@@ -1,17 +1,6 @@
 name: Restart pfdhcplistener service
 testcases:
-- name: get_login_token
-  steps:
-  - type: get_login_token
-
 - name: restart_pfdhcplistener_service
   steps:
-  - type: http
-    method: POST
-    url: '{{.pfserver_webadmin_url}}/api/v1/service/pfdhcplistener/restart'
-    ignore_verify_ssl: true
-    headers:
-      "Authorization": "{{.get_login_token.result.token}}"
-      "Content-Type": "application/json"
-    assertions:
-      - result.statuscode ShouldEqual 200
+  - type: pf_api_service_restart_async
+    service: 'pfdhcplistener'
diff --git a/t/venom/test_suites/common/restart_pfdns.yml b/t/venom/test_suites/common/restart_pfdns.yml
index 2475b9cc96ab..0f465e469c63 100644
--- a/t/venom/test_suites/common/restart_pfdns.yml
+++ b/t/venom/test_suites/common/restart_pfdns.yml
@@ -1,17 +1,6 @@
 name: Restart pfdns service
 testcases:
-- name: get_login_token
-  steps:
-  - type: get_login_token
-
 - name: restart_pfdns_service
   steps:
-  - type: http
-    method: POST
-    url: '{{.pfserver_webadmin_url}}/api/v1/service/pfdns/restart'
-    ignore_verify_ssl: true
-    headers:
-      "Authorization": "{{.get_login_token.result.token}}"
-      "Content-Type": "application/json"
-    assertions:
-      - result.statuscode ShouldEqual 200
+  - type: pf_api_service_restart_async
+    service: 'pfdns'
diff --git a/t/venom/test_suites/common/restart_pfdns_service.yml b/t/venom/test_suites/common/restart_pfdns_service.yml
index 2475b9cc96ab..0f465e469c63 100644
--- a/t/venom/test_suites/common/restart_pfdns_service.yml
+++ b/t/venom/test_suites/common/restart_pfdns_service.yml
@@ -1,17 +1,6 @@
 name: Restart pfdns service
 testcases:
-- name: get_login_token
-  steps:
-  - type: get_login_token
-
 - name: restart_pfdns_service
   steps:
-  - type: http
-    method: POST
-    url: '{{.pfserver_webadmin_url}}/api/v1/service/pfdns/restart'
-    ignore_verify_ssl: true
-    headers:
-      "Authorization": "{{.get_login_token.result.token}}"
-      "Content-Type": "application/json"
-    assertions:
-      - result.statuscode ShouldEqual 200
+  - type: pf_api_service_restart_async
+    service: 'pfdns'
diff --git a/t/venom/test_suites/common/restart_radius_services.yml b/t/venom/test_suites/common/restart_radius_services.yml
index 8dbc968ab0b1..bb6bc7b22d55 100644
--- a/t/venom/test_suites/common/restart_radius_services.yml
+++ b/t/venom/test_suites/common/restart_radius_services.yml
@@ -1,27 +1,10 @@
 name: Restart RADIUS services
 testcases:
-- name: get_login_token
-  steps:
-  - type: get_login_token
-
 - name: restart_radius_services
   steps:
-  - type: http
-    method: POST
-    url: '{{.pfserver_webadmin_url}}/api/v1/service/radiusd-auth/restart'
-    ignore_verify_ssl: true
-    headers:
-      "Authorization": "{{.get_login_token.result.token}}"
-      "Content-Type": "application/json"
-    assertions:
-      - result.statuscode ShouldEqual 200
+  - type: pf_api_service_restart_async
+    service: 'radiusd-auth'
 
   - type: http
-    method: POST
-    url: '{{.pfserver_webadmin_url}}/api/v1/service/pfacct/restart'
-    ignore_verify_ssl: true
-    headers:
-      "Authorization": "{{.get_login_token.result.token}}"
-      "Content-Type": "application/json"
-    assertions:
-      - result.statuscode ShouldEqual 200
+    method: pf_api_service_restart_async
+    service: 'pfacct'

From 1adbcf0e71ce9c18bb4f79744d70f25835e364bd Mon Sep 17 00:00:00 2001
From: jegoi <13801368+JeGoi@users.noreply.github.com>
Date: Tue, 22 Nov 2022 16:07:29 -0500
Subject: [PATCH 008/103] [Venom] Test suite common: Remove extra steps

---
 t/venom/test_suites/common/restart_pfcron_service.yml | 4 ----
 1 file changed, 4 deletions(-)

diff --git a/t/venom/test_suites/common/restart_pfcron_service.yml b/t/venom/test_suites/common/restart_pfcron_service.yml
index 0fa0cb9a7ed9..4e7740510bdb 100644
--- a/t/venom/test_suites/common/restart_pfcron_service.yml
+++ b/t/venom/test_suites/common/restart_pfcron_service.yml
@@ -1,9 +1,5 @@
 name: Restart pfcron service
 testcases:
-- name: get_login_token
-  steps:
-  - type: get_login_token
-
 - name: restart_pfcron_service
   steps:
   - type: pf_api_service_restart_async 

From 10c0460ef8ace33a73c295205f8459d2c9ae191e Mon Sep 17 00:00:00 2001
From: jegoi <13801368+JeGoi@users.noreply.github.com>
Date: Tue, 22 Nov 2022 16:08:50 -0500
Subject: [PATCH 009/103] [Venom] Security random: remove packetfence- for
 services to restart and remove time to sleep since async

---
 .../05_setup_packetfence.yml                  | 24 +++++++------------
 .../teardown/05_deconfigure_packetfence.yml   | 22 ++++++-----------
 2 files changed, 15 insertions(+), 31 deletions(-)

diff --git a/t/venom/test_suites/security_event_random_mac/05_setup_packetfence.yml b/t/venom/test_suites/security_event_random_mac/05_setup_packetfence.yml
index 1661e358f94f..c9949c957299 100644
--- a/t/venom/test_suites/security_event_random_mac/05_setup_packetfence.yml
+++ b/t/venom/test_suites/security_event_random_mac/05_setup_packetfence.yml
@@ -242,47 +242,39 @@ testcases:
 - name: restart_iptables
   steps:
   - type: pf_api_service_restart_async
-    service: "packetfence-iptables"
-    time_to_sleep: 5
+    service: "iptables"
 
 - name: restart_pfdns_service
   steps:
   - type: pf_api_service_restart_async
-    service: "packetfence-pfdns"
-    time_to_sleep: 5
+    service: "pfdns"
 
 - name: restart_pfdhcp_service
   steps:
   - type: pf_api_service_restart_async
-    service: "packetfence-pfdhcp"
-    time_to_sleep: 5
+    service: "pfdhcp"
 
 - name: restart_haproxy-portal_service
   steps:
   - type: pf_api_service_restart_async
-    service: "packetfence-haproxy-portal"
-    time_to_sleep: 5
+    service: "haproxy-portal"
 
 - name: restart_keepalived_service
   steps:
   - type: pf_api_service_restart_async
-    service: "packetfence-keepalived"
-    time_to_sleep: 5
+    service: "keepalived"
 
 - name: restart_pfdhcplistener_service
   steps:
   - type: pf_api_service_restart_async
-    service: "packetfence-pfdhcplistener"
-    time_to_sleep: 5
+    service: "pfdhcplistener"
 
 - name: restart_pfacct_service
   steps:
   - type: pf_api_service_restart_async
-    service: "packetfence-pfacct"
-    time_to_sleep: 5
+    service: "pfacct"
 
 - name: restart_pfqueue_service
   steps:
   - type: pf_api_system_service_restart_async
-    service: "packetfence-pfqueue"
-    time_to_sleep: 5
+    service: "pfqueue"
diff --git a/t/venom/test_suites/security_event_random_mac/teardown/05_deconfigure_packetfence.yml b/t/venom/test_suites/security_event_random_mac/teardown/05_deconfigure_packetfence.yml
index 2756278a5b6a..285a25e682fc 100644
--- a/t/venom/test_suites/security_event_random_mac/teardown/05_deconfigure_packetfence.yml
+++ b/t/venom/test_suites/security_event_random_mac/teardown/05_deconfigure_packetfence.yml
@@ -76,45 +76,37 @@ testcases:
     url: 'config/security_event/{{.security_event_random_mac.event.id}}'
     body: '{"id":"{{.security_event_random_mac.event.id}}","enabled":"N","quiet":true}'
 
-
 - name: restart_iptables
   steps:
   - type: pf_api_service_restart_async
-    service: "packetfence-iptables"
-    time_to_sleep: 5
+    service: "iptables"
 
 - name: restart_pfdns_service
   steps:
   - type: pf_api_service_restart_async
-    service: "packetfence-pfdns"
-    time_to_sleep: 5
+    service: "pfdns"
 
 - name: restart_pfdhcp_service
   steps:
   - type: pf_api_service_restart_async
-    service: "packetfence-pfdhcp"
-    time_to_sleep: 5
+    service: "pfdhcp"
 
 - name: restart_haproxy-portal_service
   steps:
   - type: pf_api_service_restart_async
-    service: "packetfence-haproxy-portal"
-    time_to_sleep: 5
+    service: "haproxy-portal"
 
 - name: restart_keepalived_service
   steps:
   - type: pf_api_service_restart_async
-    service: "packetfence-keepalived"
-    time_to_sleep: 5
+    service: "keepalived"
 
 - name: restart_pfdhcplistener_service
   steps:
   - type: pf_api_service_restart_async
-    service: "packetfence-pfdhcplistener"
-    time_to_sleep: 5
+    service: "pfdhcplistener"
 
 - name: restart_pfacct_service
   steps:
   - type: pf_api_service_restart_async
-    service: "packetfence-pfacct"
-    time_to_sleep: 5
+    service: "pfacct"

From b987c1da31bfb109d792ba9c4470d4ec3cf2958d Mon Sep 17 00:00:00 2001
From: jegoi <13801368+JeGoi@users.noreply.github.com>
Date: Wed, 23 Nov 2022 16:29:57 -0500
Subject: [PATCH 010/103] [Venom] Security Random Mac: fix restart service name

---
 .../07_prepare_security_event_random_mac.yml                  | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/t/venom/test_suites/security_event_random_mac/07_prepare_security_event_random_mac.yml b/t/venom/test_suites/security_event_random_mac/07_prepare_security_event_random_mac.yml
index 13707d81d5f1..77e0b75f03a1 100644
--- a/t/venom/test_suites/security_event_random_mac/07_prepare_security_event_random_mac.yml
+++ b/t/venom/test_suites/security_event_random_mac/07_prepare_security_event_random_mac.yml
@@ -11,13 +11,13 @@ testcases:
 - name: restart_service_pfqueue
   steps:
   - type: pf_api_system_service_restart_async 
-    service: "packetfence-pfqueue"
+    service: "pfqueue"
     time_to_sleep: 5
 
 - name: restart_service_pfdetect
   steps:
   - type: pf_api_service_restart_async
-    service: "packetfence-pfdetect"
+    service: "pfdetect"
 
 - name: clear_fingerbank_cache
   steps:

From b5cb35d4f12fadffc2f29179c307c6ebdbe94452 Mon Sep 17 00:00:00 2001
From: jegoi <13801368+JeGoi@users.noreply.github.com>
Date: Wed, 23 Nov 2022 16:30:37 -0500
Subject: [PATCH 011/103] [Venom] Security Random Mac: test pf queue with
 classic restart

---
 .../07_prepare_security_event_random_mac.yml                    | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/t/venom/test_suites/security_event_random_mac/07_prepare_security_event_random_mac.yml b/t/venom/test_suites/security_event_random_mac/07_prepare_security_event_random_mac.yml
index 77e0b75f03a1..058a56083c6b 100644
--- a/t/venom/test_suites/security_event_random_mac/07_prepare_security_event_random_mac.yml
+++ b/t/venom/test_suites/security_event_random_mac/07_prepare_security_event_random_mac.yml
@@ -10,7 +10,7 @@ testcases:
 # restart pfqueue et pf detect
 - name: restart_service_pfqueue
   steps:
-  - type: pf_api_system_service_restart_async 
+  - type: pf_api_service_restart_async 
     service: "pfqueue"
     time_to_sleep: 5
 

From 49ef0912ad6a0bedbcfee15a215ecd9a1660fe82 Mon Sep 17 00:00:00 2001
From: nqb <nquiniou@akamai.com>
Date: Fri, 25 Nov 2022 06:54:58 +0100
Subject: [PATCH 012/103] [Venom]: remove duplicate file

---
 t/venom/test_suites/common/restart_pfdns.yml | 6 ------
 1 file changed, 6 deletions(-)
 delete mode 100644 t/venom/test_suites/common/restart_pfdns.yml

diff --git a/t/venom/test_suites/common/restart_pfdns.yml b/t/venom/test_suites/common/restart_pfdns.yml
deleted file mode 100644
index 0f465e469c63..000000000000
--- a/t/venom/test_suites/common/restart_pfdns.yml
+++ /dev/null
@@ -1,6 +0,0 @@
-name: Restart pfdns service
-testcases:
-- name: restart_pfdns_service
-  steps:
-  - type: pf_api_service_restart_async
-    service: 'pfdns'

From 24ee9e1ddf32854edc194405c6c64e059219a3ef Mon Sep 17 00:00:00 2001
From: nqb <nquiniou@akamai.com>
Date: Fri, 25 Nov 2022 13:22:34 +0100
Subject: [PATCH 013/103] build kaniko-build img before all other images

using upstream/debug image

exclude new image from pull
---
 .gitlab-ci.yml                     | 53 ++++++++++++++++++++++++++----
 containers/kaniko-build/Dockerfile |  6 ++++
 containers/manage-images.sh        |  1 +
 3 files changed, 53 insertions(+), 7 deletions(-)
 create mode 100644 containers/kaniko-build/Dockerfile

diff --git a/.gitlab-ci.yml b/.gitlab-ci.yml
index 60515ff2eb1f..194327c3efb0 100644
--- a/.gitlab-ci.yml
+++ b/.gitlab-ci.yml
@@ -30,6 +30,7 @@ variables:
   PFBUILD_CENTOS_8_IMG: ghcr.io/inverse-inc/packetfence/pfbuild-centos-8
   PFBUILD_DEB_BULLSEYE_IMG: ghcr.io/inverse-inc/packetfence/pfbuild-debian-bullseye
   KANIKO_DEBUG_IMG: gcr.io/kaniko-project/executor:debug
+  KANIKOBUILD_IMG: ghcr.io/inverse-inc/packetfence/kaniko-build
   KNK_REGISTRY: ghcr.io
   KNK_REGISTRY_URL: ${KNK_REGISTRY}/inverse-inc/packetfence
   KNK_CACHE: "true"
@@ -279,6 +280,14 @@ variables:
     - shell
 
 .build_img_container_job:
+  stage: build_img_container
+  dependencies: []
+  image:
+    name: ${KANIKOBUILD_IMG}
+  tags:
+    - docker
+
+.build_img_container_kanikobuild_job:
   stage: build_img_container
   dependencies: []
   image:
@@ -528,10 +537,19 @@ run_pipeline_if_necessary:
 # BUILD_IMG_CONTAINER JOBS
 ########################################
 # devel
+kaniko_dev:
+  extends:
+    - .build_img_container_kanikobuild_job
+    - .build_img_container_devel_rules
+  variables:
+    IMAGE_NAME: "kaniko-build"
+    IMAGE_TAGS: "${CI_COMMIT_REF_SLUG},latest"
+
 pfdeb_dev:
   extends:
     - .build_img_container_job
     - .build_img_container_devel_rules
+  needs: ["kaniko_dev"]
   variables:
     IMAGE_NAME: "pfdebian"
     IMAGE_TAGS: "${CI_COMMIT_REF_SLUG},latest"
@@ -569,6 +587,7 @@ img_dev:
   extends:
     - .build_img_container_job
     - .build_img_container_devel_rules
+  needs: ["kaniko_dev"]
   variables:
     IMAGE_TAGS: "${CI_COMMIT_REF_SLUG},latest"
   parallel:
@@ -593,10 +612,19 @@ rad_based_dev:
           - "radiusd-eduroam"
 
 # branches and maintenance
+kaniko_br_maint:
+  extends:
+    - .build_img_container_kanikobuild_job
+    - .build_img_container_branches_and_maintenance_rules
+  variables:
+    IMAGE_NAME: "kaniko-build"
+    IMAGE_TAGS: ${CI_COMMIT_REF_SLUG}
+
 pfdeb_br_maint:
   extends:
     - .build_img_container_job
     - .build_img_container_branches_and_maintenance_rules
+  needs: ["kaniko_br_maint"]
   variables:
     IMAGE_NAME: "pfdebian"
     IMAGE_TAGS: ${CI_COMMIT_REF_SLUG}
@@ -634,6 +662,7 @@ img_br_maint:
   extends:
     - .build_img_container_job
     - .build_img_container_branches_and_maintenance_rules
+  needs: ["kaniko_br_maint"]
   variables:
     IMAGE_TAGS: ${CI_COMMIT_REF_SLUG}
   parallel:
@@ -658,10 +687,19 @@ rad_based_br_maint:
           - "radiusd-eduroam"
 
 # release
+kaniko_rel:
+  extends:
+    - .build_img_container_kanikobuild_job
+    - .release_only_rules
+  variables:
+    IMAGE_NAME: "kaniko-build"
+    IMAGE_TAGS: ${CI_COMMIT_TAG}
+
 pfdeb_rel:
   extends:
     - .build_img_container_job
     - .release_only_rules
+  needs: ["kaniko_rel"]
   variables:
     IMAGE_NAME: "pfdebian"
     IMAGE_TAGS: ${CI_COMMIT_TAG}
@@ -696,14 +734,15 @@ pfdeb_based_rel:
           - "proxysql"
 
 img_rel:
- extends:
-   - .build_img_container_job
-   - .release_only_rules
- variables:
+  extends:
+    - .build_img_container_job
+    - .release_only_rules
+  needs: ["kaniko_rel"]
+  variables:
    IMAGE_TAGS: ${CI_COMMIT_TAG}
- parallel:
-   matrix:
-     - IMAGE_NAME:
+  parallel:
+    matrix:
+      - IMAGE_NAME:
           - "fingerbank-db"
 
 rad_based_rel:
diff --git a/containers/kaniko-build/Dockerfile b/containers/kaniko-build/Dockerfile
new file mode 100644
index 000000000000..01425635e0f9
--- /dev/null
+++ b/containers/kaniko-build/Dockerfile
@@ -0,0 +1,6 @@
+FROM gcr.io/kaniko-project/executor:debug
+
+COPY containers/kanikobuild /bin/kanikobuild
+RUN chmod +x /bin/kanikobuild
+
+ENTRYPOINT /bin/kanikobuild
diff --git a/containers/manage-images.sh b/containers/manage-images.sh
index 8264da632a7b..84fdc850e61e 100755
--- a/containers/manage-images.sh
+++ b/containers/manage-images.sh
@@ -24,6 +24,7 @@ configure_and_check() {
                            -not -path "*/pfdebian/*" \
                            -not -path "*/radiusd/*" \
                            -not -path "*/pfconnector-*/*" \
+                           -not -path "*/kaniko-build/*" \
                            -printf "%P\n")
 
     for file in ${DOCKERFILE_DIRS}; do

From b39c9d5823b2bf832b9e30929bf2c7b0442edaa6 Mon Sep 17 00:00:00 2001
From: nqb <nquiniou@akamai.com>
Date: Fri, 25 Nov 2022 13:39:04 +0100
Subject: [PATCH 014/103] move specific variables in a dedicated file

define default value for KNK_CACHE

build_img_docker=no
---
 .gitlab-ci.yml         |  1 -
 containers/kaniko_vars | 10 ++++++++++
 containers/kanikobuild | 40 +++++++++++++++++++++-------------------
 3 files changed, 31 insertions(+), 20 deletions(-)
 create mode 100644 containers/kaniko_vars

diff --git a/.gitlab-ci.yml b/.gitlab-ci.yml
index 194327c3efb0..a35dc9497caf 100644
--- a/.gitlab-ci.yml
+++ b/.gitlab-ci.yml
@@ -33,7 +33,6 @@ variables:
   KANIKOBUILD_IMG: ghcr.io/inverse-inc/packetfence/kaniko-build
   KNK_REGISTRY: ghcr.io
   KNK_REGISTRY_URL: ${KNK_REGISTRY}/inverse-inc/packetfence
-  KNK_CACHE: "true"
   PFBUILD_DEFAULT_DEV_TAG: latest
   CIDIR: ci
   CILIBDIR: ci/lib
diff --git a/containers/kaniko_vars b/containers/kaniko_vars
new file mode 100644
index 000000000000..4d8027db8b43
--- /dev/null
+++ b/containers/kaniko_vars
@@ -0,0 +1,10 @@
+### collect variables needed inside Dockerfile
+
+# returns X.Y
+export PF_VERSION=$(egrep -o '[0-9]+\.[0-9]+' $CI_PROJECT_DIR/conf/pf-release)
+
+# only used for pfdebian build
+export PKGS_TO_EXCLUDE="packetfence|freeradius"
+
+# variables to pass during build
+DOCKFILE_VARS='PF_VERSION KNK_REGISTRY_URL IMAGE_TAG FINGERBANK_BUILD_API_KEY BUILD_PFAPPSERVER_VUE PKGS_TO_EXCLUDE'
\ No newline at end of file
diff --git a/containers/kanikobuild b/containers/kanikobuild
index 64e6c1cf36f7..921e2e8b0a02 100755
--- a/containers/kanikobuild
+++ b/containers/kanikobuild
@@ -6,22 +6,22 @@ set -o nounset -o pipefail -o errexit
 # CI_PROJECT_DIR must be equal to root of PF source tree (full path)
 
 setup_vars() {
-    DOCKFILE_PATH=$CI_PROJECT_DIR/containers/$IMAGE_NAME/Dockerfile
+    # all specific variables need to be defined in kaniko_vars
+    if [ -f "$CI_PROJECT_DIR/containers/kaniko_vars" ]; then
+	source $CI_PROJECT_DIR/containers/kaniko_vars
+    else
+	echo "No specific variables added to build"
+    fi
 
-    ### collect variables needed inside Dockerfile
-    # returns X.Y
-    export PF_VERSION=$(egrep -o '[0-9]+\.[0-9]+' $CI_PROJECT_DIR/conf/pf-release)
+    # necessary if variables are not defined in kaniko_vars or in environment
+    DOCKFILE_PATH=${DOCKFILE_PATH:-"$CI_PROJECT_DIR/containers/$IMAGE_NAME/Dockerfile"}
+    DOCKFILE_VARS=${DOCKFILE_VARS:-}
+    KNK_CACHE=${KNK_CACHE:-true}
 
     # IMAGE_TAG is used inside DockerFile to reference other image
     # only one tag can be used in Dockerfile
     export IMAGE_TAG=$(echo $IMAGE_TAGS | cut -d ',' -f 1)
 
-    # only used for pfdebian build
-    export PKGS_TO_EXCLUDE="packetfence|freeradius"
-
-    # variables to pass during build
-    DOCKFILE_VARS='PF_VERSION KNK_REGISTRY_URL IMAGE_TAG FINGERBANK_BUILD_API_KEY BUILD_PFAPPSERVER_VUE PKGS_TO_EXCLUDE'
-
     echo "Building ${IMAGE_NAME} using ${DOCKFILE_PATH}"
 }
 
@@ -35,15 +35,17 @@ generate_knk_config() {
 # already in the environment
 generate_build_args() {
     local build_args=''
-    for var in ${DOCKFILE_VARS}; do
-      # just to handle case of first iteration
-      if [ -z "$build_args" ]; then 
-        build_args="--build-arg ${var}"
-      else
-        build_args="$build_args --build-arg ${var}"
-      fi
-    done
-    echo "$build_args"
+    if [ -n "${DOCKFILE_VARS}" ]; then
+        for var in ${DOCKFILE_VARS}; do
+          # just to handle case of first iteration
+          if [ -z "$build_args" ]; then
+            build_args="--build-arg ${var}"
+          else
+            build_args="$build_args --build-arg ${var}"
+          fi
+        done
+        echo "$build_args"
+    fi
 }
 
 detect_multi_tags() {

From bcac401e431f4f424978899a546aa956655864c3 Mon Sep 17 00:00:00 2001
From: nqb <nquiniou@akamai.com>
Date: Fri, 25 Nov 2022 14:39:42 +0000
Subject: [PATCH 015/103] use kaniko-build img just built to build PF images

---
 .gitlab-ci.yml | 44 ++++++++++++++++++++++++++++++--------------
 1 file changed, 30 insertions(+), 14 deletions(-)

diff --git a/.gitlab-ci.yml b/.gitlab-ci.yml
index a35dc9497caf..effd8bf7b358 100644
--- a/.gitlab-ci.yml
+++ b/.gitlab-ci.yml
@@ -278,11 +278,27 @@ variables:
   tags:
     - shell
 
-.build_img_container_job:
+.build_img_container_job_dev:
   stage: build_img_container
   dependencies: []
   image:
-    name: ${KANIKOBUILD_IMG}
+    name: ${KANIKOBUILD_IMG}:${CI_COMMIT_REF_SLUG}
+  tags:
+    - docker
+
+.build_img_container_job_br_maint:
+  stage: build_img_container
+  dependencies: []
+  image:
+    name: ${KANIKOBUILD_IMG}:${CI_COMMIT_REF_SLUG}
+  tags:
+    - docker
+
+.build_img_container_job_rel:
+  stage: build_img_container
+  dependencies: []
+  image:
+    name: ${KANIKOBUILD_IMG}:${CI_COMMIT_TAG}
   tags:
     - docker
 
@@ -546,7 +562,7 @@ kaniko_dev:
 
 pfdeb_dev:
   extends:
-    - .build_img_container_job
+    - .build_img_container_job_dev
     - .build_img_container_devel_rules
   needs: ["kaniko_dev"]
   variables:
@@ -555,7 +571,7 @@ pfdeb_dev:
 
 pfdeb_based_dev:
   extends:
-    - .build_img_container_job
+    - .build_img_container_job_dev
     - .build_img_container_devel_rules
   needs: ["pfdeb_dev"]
   variables:
@@ -584,7 +600,7 @@ pfdeb_based_dev:
 
 img_dev:
   extends:
-    - .build_img_container_job
+    - .build_img_container_job_dev
     - .build_img_container_devel_rules
   needs: ["kaniko_dev"]
   variables:
@@ -596,7 +612,7 @@ img_dev:
 
 rad_based_dev:
   extends:
-    - .build_img_container_job
+    - .build_img_container_job_dev
     - .build_img_container_devel_rules
   needs: ["pfdeb_based_dev"]
   variables:
@@ -621,7 +637,7 @@ kaniko_br_maint:
 
 pfdeb_br_maint:
   extends:
-    - .build_img_container_job
+    - .build_img_container_job_br_maint
     - .build_img_container_branches_and_maintenance_rules
   needs: ["kaniko_br_maint"]
   variables:
@@ -630,7 +646,7 @@ pfdeb_br_maint:
 
 pfdeb_based_br_maint:
   extends:
-    - .build_img_container_job
+    - .build_img_container_job_br_maint
     - .build_img_container_branches_and_maintenance_rules
   needs: ["pfdeb_br_maint"]
   variables:
@@ -659,7 +675,7 @@ pfdeb_based_br_maint:
 
 img_br_maint:
   extends:
-    - .build_img_container_job
+    - .build_img_container_job_br_maint
     - .build_img_container_branches_and_maintenance_rules
   needs: ["kaniko_br_maint"]
   variables:
@@ -671,7 +687,7 @@ img_br_maint:
 
 rad_based_br_maint:
   extends:
-    - .build_img_container_job
+    - .build_img_container_job_br_maint
     - .build_img_container_branches_and_maintenance_rules
   needs: ["pfdeb_based_br_maint"]
   variables:
@@ -696,7 +712,7 @@ kaniko_rel:
 
 pfdeb_rel:
   extends:
-    - .build_img_container_job
+    - .build_img_container_job_rel
     - .release_only_rules
   needs: ["kaniko_rel"]
   variables:
@@ -705,7 +721,7 @@ pfdeb_rel:
 
 pfdeb_based_rel:
   extends:
-    - .build_img_container_job
+    - .build_img_container_job_rel
     - .release_only_rules
   needs: ["pfdeb_rel"]
   variables:
@@ -734,7 +750,7 @@ pfdeb_based_rel:
 
 img_rel:
   extends:
-    - .build_img_container_job
+    - .build_img_container_job_rel
     - .release_only_rules
   needs: ["kaniko_rel"]
   variables:
@@ -746,7 +762,7 @@ img_rel:
 
 rad_based_rel:
   extends:
-    - .build_img_container_job
+    - .build_img_container_job_rel
     - .release_only_rules
   needs: ["pfdeb_based_rel"]
   variables:

From a617c20c7a45b64811d50da0c6893c50175e1671 Mon Sep 17 00:00:00 2001
From: nqb <nquiniou@akamai.com>
Date: Fri, 25 Nov 2022 14:42:53 +0000
Subject: [PATCH 016/103] update targets used for tests

---
 containers/Makefile | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/containers/Makefile b/containers/Makefile
index b2e7e8d7dc4d..1e7313b2de71 100644
--- a/containers/Makefile
+++ b/containers/Makefile
@@ -22,8 +22,8 @@ endif
 .PHONY: run_kaniko
 
 run_kaniko:
-	docker pull gcr.io/kaniko-project/executor:debug
-	docker container run --entrypoint '/busybox/sh' --rm --name "kaniko" --volume="$(SRC_ROOT_DIR)":/workspace -it gcr.io/kaniko-project/executor:debug
+	docker pull ghcr.io/inverse-inc/packetfence/kaniko-build:devel
+	docker container run --entrypoint '/busybox/sh' --rm --name "kaniko" --volume="$(SRC_ROOT_DIR)":/workspace -it ghcr.io/inverse-inc/packetfence/kaniko-build:devel
 
 ### Targets for localdev
 DOCKERFILE_DIRS = $(shell find -type f -name "Dockerfile" -printf "%P\n")
@@ -43,4 +43,4 @@ $(CONTAINER_IMAGES):
 			-e "KNK_REGISTRY_URL=$(KNK_REGISTRY_URL)" \
 			-e "KNK_REGISTRY_USER" -e "KNK_REGISTRY_PASSWORD" \
 			--volume="$(SRC_ROOT_DIR)":/workspace \
-			-it gcr.io/kaniko-project/executor:debug
+			-it ghcr.io/inverse-inc/packetfence/kaniko-build:devel

From d97af677ad64c7981285ab2e191e144af89f9863 Mon Sep 17 00:00:00 2001
From: Darren Satkunas <dsatkuna@akamai.com>
Date: Fri, 25 Nov 2022 12:07:00 -0500
Subject: [PATCH 017/103] add rename

---
 .../Configuration/connectionProfiles/_api.js  |  13 +-
 .../_components/InlineName.vue                | 134 ++++++++++++++++++
 .../_components/ModalFile.vue                 |   5 +-
 .../_components/TheFilesList.vue              |  72 ++++++----
 .../connectionProfiles/_components/index.js   |   2 +
 .../connectionProfiles/_store.js              |  17 +++
 .../connectionProfiles/schema.js              |   4 +-
 7 files changed, 212 insertions(+), 35 deletions(-)
 create mode 100644 html/pfappserver/root/src/views/Configuration/connectionProfiles/_components/InlineName.vue

diff --git a/html/pfappserver/root/src/views/Configuration/connectionProfiles/_api.js b/html/pfappserver/root/src/views/Configuration/connectionProfiles/_api.js
index af0b39aa3546..606709548269 100644
--- a/html/pfappserver/root/src/views/Configuration/connectionProfiles/_api.js
+++ b/html/pfappserver/root/src/views/Configuration/connectionProfiles/_api.js
@@ -51,22 +51,25 @@ export default {
     })
   },
   file: params => {
-    const get = params.quiet ? 'getQuiet' : 'get'
-    return apiCall[get](['config', 'connection_profile', params.id, 'files', ...params.filename.split('/').filter(p => p)], { nocache: true }).then(response => {
+    const method = params.quiet ? 'getQuiet' : 'get'
+    return apiCall[method](['config', 'connection_profile', params.id, 'files', ...params.filename.split('/').filter(p => p)], { nocache: true }).then(response => {
       return response.data
     })
   },
   createFile: params => {
-    return apiCall.put(['config', 'connection_profile', params.id, 'files', ...params.filename.split('/')], params.content).then(response => {
+    const method = params.quiet ? 'putQuiet' : 'put'
+    return apiCall[method](['config', 'connection_profile', params.id, 'files', ...params.filename.split('/')], params.content).then(response => {
       return response.data
     })
   },
   updateFile: params => {
-    return apiCall.patch(['config', 'connection_profile', params.id, 'files', ...params.filename.split('/')], params.content).then(response => {
+    const method = params.quiet ? 'patchQuiet' : 'patch'
+    return apiCall[method](['config', 'connection_profile', params.id, 'files', ...params.filename.split('/')], params.content).then(response => {
       return response.data
     })
   },
   deleteFile: params => {
-    return apiCall.delete(['config', 'connection_profile', params.id, 'files', ...params.filename.split('/')])
+    const method = params.quiet ? 'deleteQuiet' : 'delete'
+    return apiCall[method](['config', 'connection_profile', params.id, 'files', ...params.filename.split('/')])
   }
 }
diff --git a/html/pfappserver/root/src/views/Configuration/connectionProfiles/_components/InlineName.vue b/html/pfappserver/root/src/views/Configuration/connectionProfiles/_components/InlineName.vue
new file mode 100644
index 000000000000..26f251eb0bc7
--- /dev/null
+++ b/html/pfappserver/root/src/views/Configuration/connectionProfiles/_components/InlineName.vue
@@ -0,0 +1,134 @@
+<template>
+  <div @click.stop class="d-flex flex-grow-1">
+    <template v-if="!rename">
+      <span style="cursor: text;" @click.stop="onShow">{{ item.name }}</span>
+    </template>
+    <template v-else>
+      <b-form @submit.prevent="onRename" ref="formRef"
+        class="d-flex w-100">
+        <base-form
+          class="p-0 my-1 w-100"
+          :form="form"
+          :schema="schema"
+          :isLoading="isLoading"
+        >
+          <input-name namespace="name" ref="inputRef"
+            class="w-100" :placeholder="item.name"
+            @click.stop.prevent
+          />
+        </base-form>
+        <b-button :disabled="isLoading || !canRename"
+          size="sm" variant="primary" class="ml-1 my-1" @click="onRename">{{ $i18n.t('Rename') }}</b-button>
+        <b-button :disabled="isLoading"
+          size="sm" variant="danger" class="ml-1 my-1" @click.stop="onCancel">{{ $i18n.t('Cancel') }}</b-button>
+      </b-form>
+    </template>
+  </div>
+</template>
+<script>
+import {
+  BaseForm,
+  BaseInput,
+} from '@/components/new/'
+
+const components = {
+  BaseForm,
+  InputName: BaseInput,
+}
+
+const props = {
+  id: {
+    type: String
+  },
+  item: {
+    type: Object
+  },
+  entries: {
+    type: Array
+  }
+}
+
+import { computed, nextTick, ref, toRefs, watch } from '@vue/composition-api'
+import { useDebouncedWatchHandler } from '@/composables/useDebounce'
+import i18n from '@/utils/locale'
+import { yup } from '../schema'
+
+const setup = (props, context) => {
+
+  const { root: { $store } = {} } = context
+
+  const {
+    id,
+    item,
+    entries,
+  } = toRefs(props)
+
+  const schema = computed(() => yup.object({
+    name: yup.string()
+      .required(i18n.t('Filename required.'))
+      .isFilenameWithExtension(['html', 'mjml'])
+      .pathNotExists(entries, ref(item.value.path), i18n.t('Filename exists.'), item.value.name)
+  }))
+
+  const form = ref()
+  watch(item, () => {
+    form.value = { ...item.value } // dereferenced
+  }, { immediate: true })
+
+  const formRef = ref(null)
+  const inputRef = ref(null)
+
+  const rename = ref(false)
+
+  const onShow = () => {
+    rename.value = true
+    nextTick(() => { // after DOM update
+      const { $refs: { input: { focus = () => {} } = {} } = {} } = inputRef.value || {}
+      focus() // focus input element
+    })
+  }
+
+  const onCancel = () => {
+    form.value = { ...item.value } // dereferenced
+    rename.value = false
+  }
+
+  const isLoading = computed(() => $store.getters['$_connection_profiles/isLoadingFiles'])
+  const onRename = () => {
+    if (isValid.value) {
+      const { path } = item.value
+      return $store.dispatch(`$_connection_profiles/renameFile`, {
+        from: { id: id.value, filename: `${path}/${item.value.name}`.replace('//', '/') },
+        to: { id: id.value, filename: `${path}/${form.value.name}`.replace('//', '/')  },
+        quiet: true
+      }).then(onCancel)
+    }
+  }
+
+  const isValid = useDebouncedWatchHandler([form, entries], () => (!formRef.value || formRef.value.querySelectorAll('.is-invalid').length === 0), { immediate: false })
+  const isModified = computed(() => form.value.name !== item.value.name)
+  const canRename = computed(() => isValid.value && isModified.value)
+
+  return {
+    form,
+    formRef,
+    inputRef,
+    schema,
+
+    isLoading,
+    rename,
+    onShow,
+    onCancel,
+    onRename,
+
+    canRename
+  }
+}
+
+export default {
+  name: 'inline-name',
+  components,
+  props,
+  setup
+}
+</script>
diff --git a/html/pfappserver/root/src/views/Configuration/connectionProfiles/_components/ModalFile.vue b/html/pfappserver/root/src/views/Configuration/connectionProfiles/_components/ModalFile.vue
index e8f3d53e29a7..1bdb79f19c54 100644
--- a/html/pfappserver/root/src/views/Configuration/connectionProfiles/_components/ModalFile.vue
+++ b/html/pfappserver/root/src/views/Configuration/connectionProfiles/_components/ModalFile.vue
@@ -74,7 +74,10 @@
         reverse
         @click="onDelete"
       >{{ $t('Revert') }}</button-revert>
-      <b-button class="mr-1" variant="secondary" @click="onHide">{{ $t('Cancel') }}</b-button>
+      <b-button v-if="isNew"
+        class="mr-1" variant="secondary" @click="onHide">{{ $t('Cancel') }}</b-button>
+      <b-button v-else
+        class="mr-1" variant="secondary" @click="onHide">{{ $t('Close') }}</b-button>
     </template>
   </b-modal>
 </template>
diff --git a/html/pfappserver/root/src/views/Configuration/connectionProfiles/_components/TheFilesList.vue b/html/pfappserver/root/src/views/Configuration/connectionProfiles/_components/TheFilesList.vue
index 5b309dca14e0..05db3e5b9d55 100644
--- a/html/pfappserver/root/src/views/Configuration/connectionProfiles/_components/TheFilesList.vue
+++ b/html/pfappserver/root/src/views/Configuration/connectionProfiles/_components/TheFilesList.vue
@@ -11,7 +11,7 @@
     />
     <b-table :items="tableItems" :fields="tableFields" :sort-by="sortBy" :sort-desc="sortDesc"
       class="the-files-list"
-      small hover striped show-empty no-local-sorting no-select-on-click borderless
+      small hover responsive striped show-empty no-local-sorting no-select-on-click borderless
       @sort-changed="onSortChanged($event)"
       @row-clicked="onRowClicked($event)"
     >
@@ -22,7 +22,7 @@
           :disabled="false"
         >
           <icon v-for="(name, n) in item.icons" :key="n"
-            :name="name" class="nav-icon"/>
+            :name="name" class="nav-icon" />
 
           <icon v-if="item.expand"
             name="regular/folder-open"/>
@@ -32,13 +32,18 @@
         <div v-else
           class="d-flex align-items-center"
           variant="link"
+          :class="{ 'text-primary': !item.not_revertible || !item.not_deletable }"
         >
           <icon v-for="(name, n) in item.icons" :key="n"
-            :name="name" class="nav-icon"/>
+            :name="name" class="nav-icon" />
 
-          <icon name="file" v-if="!item.not_revertible || !item.not_deletable"/>
-          <icon name="regular/file" v-else/>
-          {{ item.name }}
+          <icon name="file" v-if="!item.not_revertible || !item.not_deletable" />
+          <icon name="regular/file" v-else />
+
+          <inline-name v-if="!item.not_revertible || !item.not_deletable"
+            :id="id" :item="item" :entries="entries" />
+          <span v-else
+            >{{ item.name }}</span>
         </div>
       </template>
       <template v-slot:cell(buttons)="{ item }">
@@ -69,10 +74,13 @@
         <div v-else-if="item.type === 'dir'"
           class="text-right text-nowrap">
 
-          <b-dropdown :text="$i18n.t('Create')"
-            size="sm" variant="outline-primary" class="my-1" right>
-            <b-dropdown-item @click="onToggleDirectory(item)">New Sub Directory</b-dropdown-item>
-            <b-dropdown-item @click="onToggleFile(item)">New File</b-dropdown-item>
+          <b-dropdown size="sm" variant="outline-primary" class="my-1" right>
+            <template #button-content>
+              <icon name="plus-circle" />
+            </template>
+            <b-dropdown-item @click="onToggleDirectory(item)">{{ $i18n.t('Create New Sub Directory') }}</b-dropdown-item>
+            <b-dropdown-item @click="onToggleFile(item)">{{ $i18n.t('Create New File') }}</b-dropdown-item>
+            <b-dropdown-item @click="onToggleUpload(item)">{{ $i18n.t('Upload File') }}</b-dropdown-item>
           </b-dropdown>
 
         </div>
@@ -107,15 +115,17 @@ import {
   BaseFormGroupToggle
 } from '@/components/new/'
 import {
+  InlineName,
   ModalDirectory,
-  ModalFile
+  ModalFile,
 } from './'
 
 const components = {
   BaseButtonConfirm,
+  InlineName,
   InputToggle: BaseFormGroupToggle,
   ModalDirectory,
-  ModalFile
+  ModalFile,
 }
 
 const props = {
@@ -171,7 +181,6 @@ const setup = (props, context) => {
 
   const sortBy = ref(undefined)
   const sortDesc = ref(false)
-  const entries = ref([])
 
   const expandPaths = ref(['/'])
   const expandPath = (path) => {
@@ -187,6 +196,17 @@ const setup = (props, context) => {
 
   const tableItems = ref([])
   const isLoading = computed(() => $store.getters['$_connection_profiles/isLoadingFiles'])
+  //const entries = ref([])
+  const entries = computed(() => {
+    const { [id.value]: { entries = [] } = {} } = $store.state.$_connection_profiles.files.cache
+    return [{
+      name: '/',
+      type: 'dir',
+      entries: JSON.parse(JSON.stringify(entries))
+    }]
+  })
+
+
 
   const _getFiles = () => {
     let sort = ['type']
@@ -196,13 +216,7 @@ const setup = (props, context) => {
     }
     else
       sort.push('name')
-    $store.dispatch('$_connection_profiles/files', { id: id.value, sort }).then(response => {
-      entries.value = [{
-        name: '/',
-        type: 'dir',
-        entries: JSON.parse(JSON.stringify(response.entries))
-      }]
-    })
+    $store.dispatch('$_connection_profiles/files', { id: id.value, sort })
   }
 
   watch([sortBy, sortDesc], () => _getFiles(), { immediate: true })
@@ -299,13 +313,7 @@ const setup = (props, context) => {
 
   const onDelete = (item) => {
     const { path, name } = item
-    $store.dispatch('$_connection_profiles/deleteFile', { id: id.value, filename: `${path}/${name}`.replace('//', '/') }).then(response => {
-      entries.value = entries.value = [{
-        name: '/',
-        type: 'dir',
-        entries: JSON.parse(JSON.stringify(response.entries))
-      }]
-    })
+    $store.dispatch('$_connection_profiles/deleteFile', { id: id.value, filename: `${path}/${name}`.replace('//', '/') })
   }
 
   const previewUrl = (item) => {
@@ -331,6 +339,13 @@ const setup = (props, context) => {
     isShowFileModal.value = !isShowFileModal.value
   }
 
+  const isShowUploadModal = ref(false)
+  const onToggleUpload = (item) => {
+    const { path = '', name = '' } = item || {}
+    lastPath.value = `${path}/${name}`.replace('//', '/')
+    isShowUploadModal.value = !isShowUploadModal.value
+  }
+
   const onCreateDirectory = (name) => {
     let _entries = entries.value
     let parts = ['/', ...lastPath.value.split('/').filter(p => p)]
@@ -385,6 +400,9 @@ const setup = (props, context) => {
     onDeleteFile,
     onToggleFile,
 
+    isShowUploadModal,
+    onToggleUpload,
+
     lastPath,
     hideDefaultFiles
   }
diff --git a/html/pfappserver/root/src/views/Configuration/connectionProfiles/_components/index.js b/html/pfappserver/root/src/views/Configuration/connectionProfiles/_components/index.js
index 6654a172b598..8ad36374d9c3 100644
--- a/html/pfappserver/root/src/views/Configuration/connectionProfiles/_components/index.js
+++ b/html/pfappserver/root/src/views/Configuration/connectionProfiles/_components/index.js
@@ -15,6 +15,7 @@ import BaseFormGroupProvisioners from './BaseFormGroupProvisioners'
 import BaseFormGroupScanners from './BaseFormGroupScanners'
 import BaseFormGroupSources from './BaseFormGroupSources'
 import ButtonPreviewPortal from './ButtonPreviewPortal'
+import InlineName from './InlineName'
 import ModalDirectory from './ModalDirectory'
 import ModalFile from './ModalFile'
 import TheFilesList from './TheFilesList'
@@ -64,6 +65,7 @@ export {
   BaseFormGroupLocales                as FormGroupLocale,
 
   ButtonPreviewPortal,
+  InlineName,
   ModalDirectory,
   ModalFile,
   TheFilesList,
diff --git a/html/pfappserver/root/src/views/Configuration/connectionProfiles/_store.js b/html/pfappserver/root/src/views/Configuration/connectionProfiles/_store.js
index 8ca7c6a6bab3..bd684d5eee18 100644
--- a/html/pfappserver/root/src/views/Configuration/connectionProfiles/_store.js
+++ b/html/pfappserver/root/src/views/Configuration/connectionProfiles/_store.js
@@ -233,6 +233,23 @@ const actions = {
       commit('FILE_ERROR', err.response)
       throw err
     })
+  },
+  renameFile: ({ commit, dispatch }, params) => {
+    const { to, from, ...options } = params
+    commit('FILE_REQUEST')
+    return api.file(from).then(content => {
+      return api.createFile({ ...to, ...options, content }).then(response => {
+        return api.deleteFile({ ...from, ...options }).then(() => {
+          return dispatch('files', { id: from.id })
+        }).catch(err => {
+          commit('FILE_ERROR', err.response)
+          throw err
+        })
+      }).catch(err => {
+        commit('FILE_ERROR', err.response)
+        throw err
+      })
+    })
   }
 }
 
diff --git a/html/pfappserver/root/src/views/Configuration/connectionProfiles/schema.js b/html/pfappserver/root/src/views/Configuration/connectionProfiles/schema.js
index 22d7569cc2ab..b443e31c08bc 100644
--- a/html/pfappserver/root/src/views/Configuration/connectionProfiles/schema.js
+++ b/html/pfappserver/root/src/views/Configuration/connectionProfiles/schema.js
@@ -18,7 +18,7 @@ yup.addMethod(yup.string, 'connectionProfileIdNotExistsExcept', function (except
   })
 })
 
-yup.addMethod(yup.string, 'pathNotExists', function (entries, path, message) {
+yup.addMethod(yup.string, 'pathNotExists', function (entries, path, message, except) {
   return this.test({
     name: 'pathNotExists',
     message: message || i18n.t('File exists.'),
@@ -43,7 +43,7 @@ yup.addMethod(yup.string, 'pathNotExists', function (entries, path, message) {
       for (let e = 0; e < ptrEntries.length; e++) {
         const { name } = ptrEntries[e]
         if (name === value.trim())
-          return false
+          return (name === except)
       }
       return true
     }

From 2b5d994a877d7fc44bfc805e8ec3ecd1e17e6127 Mon Sep 17 00:00:00 2001
From: Darren Satkunas <dsatkuna@akamai.com>
Date: Fri, 25 Nov 2022 16:26:01 -0500
Subject: [PATCH 018/103] add upload

---
 .../src/components/new/BaseButtonUpload.vue   | 18 +++++-
 html/pfappserver/root/src/store/base/file.js  | 16 ++++-
 .../_components/InlineName.vue                |  2 +-
 .../_components/ModalDirectory.vue            |  2 +-
 .../_components/ModalFile.vue                 |  6 +-
 .../_components/TheFilesList.vue              | 62 +++++++++++++++++--
 .../connectionProfiles/_store.js              |  2 +-
 .../connectionProfiles/schema.js              | 55 ++++++++--------
 8 files changed, 122 insertions(+), 41 deletions(-)

diff --git a/html/pfappserver/root/src/components/new/BaseButtonUpload.vue b/html/pfappserver/root/src/components/new/BaseButtonUpload.vue
index 277a9b25318a..b8a97fdef672 100644
--- a/html/pfappserver/root/src/components/new/BaseButtonUpload.vue
+++ b/html/pfappserver/root/src/components/new/BaseButtonUpload.vue
@@ -1,13 +1,18 @@
 <template>
-  <div class="base-button-upload" v-b-tooltip.hover.top.d300 :title="title" :class="`btn-${size}`">
+  <div class="base-button-upload d-flex flex-grow-1"
+    :title="title" :class="`btn-${size}`"
+    v-b-tooltip.hover.top.d300
+  >
     <label class="base-button-upload-label mb-0">
       <b-form ref="formRef" @submit.prevent>
         <!-- MUTLIPLE UPLOAD -->
         <input v-if="multiple"
+          @click.stop
           type="file" @change="doUpload" :accept="accept" title=" " multiple
           :disabled="disabled" />
         <!-- SINGLE UPLOAD -->
         <input v-else
+          @click.stop
           ref="inputRef"
           type="file" @change="doUpload" :accept="accept" title=" "
           :disabled="disabled" />
@@ -61,6 +66,10 @@ export const props = {
     type: Function,
     default: input => input
   },
+  encoding: {
+    type: String,
+    default: 'utf-8'
+  },
   size: {
     type: String,
     default: 'md',
@@ -81,6 +90,7 @@ const setup = (props, context) => {
     readAsText,
     multiple,
     encode,
+    encoding,
   } = toRefs(props)
 
   const { emit, refs, root: { $store } = {} } = context
@@ -92,7 +102,9 @@ const setup = (props, context) => {
 
   watch($files, files => {
     const filesMapped = files.map(file => ({ ...file, storeName: storeNameFromFile(file), close: () => { doClose(file) } }))
-    emit('files', filesMapped)
+    if (!readAsText.value || filesMapped.filter(file => !file.end).length === 0) {
+      emit('files', filesMapped)
+    }
     if (!multiple.value && readAsText.value && filesMapped[0] && filesMapped[0].result)
       emit('input', encode.value(filesMapped[0].result))
     if (files.length)
@@ -150,7 +162,7 @@ const setup = (props, context) => {
         if (isAccept(file)) { // contentType accepted
           const storeName = storeNameFromFile(file)
           if (!$store.state[storeName]) { // register store module only once
-            const fileStore = new FileStore(file, accept.value)
+            const fileStore = new FileStore(file, encoding.value)
             $store.registerModule(storeName, fileStore.module())
           }
           if (readAsText.value)
diff --git a/html/pfappserver/root/src/store/base/file.js b/html/pfappserver/root/src/store/base/file.js
index c6aaa3f93375..4e57f877a880 100644
--- a/html/pfappserver/root/src/store/base/file.js
+++ b/html/pfappserver/root/src/store/base/file.js
@@ -1,7 +1,7 @@
 import { types } from '@/store'
 
 export default class FileStore {
-  constructor (blob, encoding) {
+  constructor(blob, encoding) {
     this.blob = blob
     this.encoding = encoding
   }
@@ -30,6 +30,7 @@ export default class FileStore {
           encoding: this.encoding || 'utf-8', // user defined character encoding
           percent: 0, // FileReader onprogress percent
           result: null, // FileReader onload result
+          end: false, // FileReader onloadend
           error: null // FileReader onerror error
         }
       }
@@ -63,7 +64,12 @@ export default class FileStore {
               const start = state.offsets[lineIndex]
               const end = state.offsets[lineIndex + 1] - state.newLine.length
               dispatch('readSlice', { start, end }).then(result => {
-                const decoded = new TextDecoder(state.file.encoding).decode(result)
+                let decoded = result
+//                if (state.file.type.match(/^text\//i)) { // is text
+                  try {
+                    decoded = new TextDecoder(state.file.encoding).decode(result)
+                  } catch (e) {/* noop */ }
+//                }
                 resolve(decoded)
               }).catch(err => {
                 reject(err)
@@ -154,6 +160,9 @@ export default class FileStore {
         const { target: { result } = {} } = event
         state.file.result = result
       },
+      READER_LOADEND: (state) => {
+        state.file.end = true
+      },
       READER_ERROR: (state, event) => {
         state.status = types.ERROR
         const { target: { error: { code, message, name } = {} } = {} } = event
@@ -171,6 +180,9 @@ export default class FileStore {
         reader.onload = (event) => {
           commit('READER_LOAD', event)
         }
+        reader.onloadend = (event) => {
+          commit('READER_LOADEND', event)
+        }
         reader.onerror = (event) => {
           commit('READER_ERROR', event)
         }
diff --git a/html/pfappserver/root/src/views/Configuration/connectionProfiles/_components/InlineName.vue b/html/pfappserver/root/src/views/Configuration/connectionProfiles/_components/InlineName.vue
index 26f251eb0bc7..3fe74fc7d193 100644
--- a/html/pfappserver/root/src/views/Configuration/connectionProfiles/_components/InlineName.vue
+++ b/html/pfappserver/root/src/views/Configuration/connectionProfiles/_components/InlineName.vue
@@ -67,7 +67,7 @@ const setup = (props, context) => {
     name: yup.string()
       .required(i18n.t('Filename required.'))
       .isFilenameWithExtension(['html', 'mjml'])
-      .pathNotExists(entries, ref(item.value.path), i18n.t('Filename exists.'), item.value.name)
+      .fileNotExists(entries.value, item.value.path, i18n.t('File exists.'), item.value.name)
   }))
 
   const form = ref()
diff --git a/html/pfappserver/root/src/views/Configuration/connectionProfiles/_components/ModalDirectory.vue b/html/pfappserver/root/src/views/Configuration/connectionProfiles/_components/ModalDirectory.vue
index 2497e26f9541..89b15cec3073 100644
--- a/html/pfappserver/root/src/views/Configuration/connectionProfiles/_components/ModalDirectory.vue
+++ b/html/pfappserver/root/src/views/Configuration/connectionProfiles/_components/ModalDirectory.vue
@@ -80,7 +80,7 @@ const setup = (props, context) => {
     name: yup.string()
       .required(i18n.t('A new directory name is required.'))
       .isFilename(i18n.t('Invalid directory name.'))
-      .pathNotExists(entries, path, i18n.t('Directory name exists.'))
+      .fileNotExists(entries.value, path.value, i18n.t('Directory exists.'))
   }))
 
   const form = ref(defaults())
diff --git a/html/pfappserver/root/src/views/Configuration/connectionProfiles/_components/ModalFile.vue b/html/pfappserver/root/src/views/Configuration/connectionProfiles/_components/ModalFile.vue
index 1bdb79f19c54..d8da5df3403d 100644
--- a/html/pfappserver/root/src/views/Configuration/connectionProfiles/_components/ModalFile.vue
+++ b/html/pfappserver/root/src/views/Configuration/connectionProfiles/_components/ModalFile.vue
@@ -137,12 +137,12 @@ const setup = (props, context) => {
     value,
   } = toRefs(props)
 
-  const schema = yup.object({
+  const schema = computed(() => yup.object({
     name: yup.string()
       .required(i18n.t('File name required.'))
       .isFilenameWithExtension(['html', 'mjml'])
-      .pathNotExists(entries, path, i18n.t('Filename exists.'))
-  })
+      .fileNotExists(entries.value, path.value, i18n.t('File exists.'))
+  }))
 
   const form = ref(defaults())
   const formRef = ref(null)
diff --git a/html/pfappserver/root/src/views/Configuration/connectionProfiles/_components/TheFilesList.vue b/html/pfappserver/root/src/views/Configuration/connectionProfiles/_components/TheFilesList.vue
index 05db3e5b9d55..222f8d6dd42a 100644
--- a/html/pfappserver/root/src/views/Configuration/connectionProfiles/_components/TheFilesList.vue
+++ b/html/pfappserver/root/src/views/Configuration/connectionProfiles/_components/TheFilesList.vue
@@ -78,9 +78,17 @@
             <template #button-content>
               <icon name="plus-circle" />
             </template>
+            <b-dropdown-header>{{ `${item.path}/${item.name}`.replace('//', '/') }}</b-dropdown-header>
+            <b-dropdown-divider />
             <b-dropdown-item @click="onToggleDirectory(item)">{{ $i18n.t('Create New Sub Directory') }}</b-dropdown-item>
             <b-dropdown-item @click="onToggleFile(item)">{{ $i18n.t('Create New File') }}</b-dropdown-item>
-            <b-dropdown-item @click="onToggleUpload(item)">{{ $i18n.t('Upload File') }}</b-dropdown-item>
+            <b-dropdown-item @click="onToggleUpload(item)">
+              <base-button-upload
+                @files="onUploadFiles(item, $event)"
+                :accept="uploadAccept"
+                multiple
+              >{{ $i18n.t('Upload File(s)') }}</base-button-upload>
+            </b-dropdown-item>
           </b-dropdown>
 
         </div>
@@ -112,6 +120,7 @@
 <script>
 import {
   BaseButtonConfirm,
+  BaseButtonUpload,
   BaseFormGroupToggle
 } from '@/components/new/'
 import {
@@ -122,6 +131,7 @@ import {
 
 const components = {
   BaseButtonConfirm,
+  BaseButtonUpload,
   InlineName,
   InputToggle: BaseFormGroupToggle,
   ModalDirectory,
@@ -170,6 +180,8 @@ const tableFields = [
 ]
 
 import { computed, ref, toRefs, watch } from '@vue/composition-api'
+import i18n from '@/utils/locale'
+import { fileNotExists } from '../schema'
 
 const setup = (props, context) => {
 
@@ -206,8 +218,6 @@ const setup = (props, context) => {
     }]
   })
 
-
-
   const _getFiles = () => {
     let sort = ['type']
     if (sortBy.value) {
@@ -377,6 +387,47 @@ const setup = (props, context) => {
     _getFiles()
   }
 
+  const onUploadFiles = (item, files) => {
+console.log('onUploadFiles', {item, files})
+    const { path, name } = item
+    const pathname = `${path}/${name}`.replace('//', '/')
+    files.forEach(file => {
+      const exists = !fileNotExists(entries.value, pathname, file.name)
+      if (exists) {
+        $store.dispatch('notification/danger', {
+          icon: 'exclamation-triangle',
+          url: file.name,
+          message: i18n.t('{file} exists.', { file: `<code>${pathname}/${file.name}</code>` })
+        })
+      }
+      else {
+        $store.dispatch(`${file.storeName}/readSlice`, { start: 0, end: file.size }).then(content => {
+          $store.dispatch('$_connection_profiles/createFile', {
+            id: id.value,
+            filename: `${pathname}/${file.name}`.replace('//', '/'),
+            content, // file.result
+            quiet: true
+          }).then(() => {
+            $store.dispatch('notification/info', {
+              url: file.name,
+              message: i18n.t('{file} uploaded.', { file: `<code>${pathname}/${file.name}</code>` })
+            })
+          }).catch(error => {
+            const { response: { data: { message = '' } = {} } = {} } = error
+            $store.dispatch('notification/danger', {
+              icon: 'exclamation-triangle',
+              url: file.name,
+              message
+            })
+            throw error
+          })
+        })
+      }
+    })
+  }
+
+  const uploadAccept = '*/*'
+
   return {
     sortBy,
     sortDesc,
@@ -404,7 +455,10 @@ const setup = (props, context) => {
     onToggleUpload,
 
     lastPath,
-    hideDefaultFiles
+    hideDefaultFiles,
+
+    onUploadFiles,
+    uploadAccept,
   }
 }
 
diff --git a/html/pfappserver/root/src/views/Configuration/connectionProfiles/_store.js b/html/pfappserver/root/src/views/Configuration/connectionProfiles/_store.js
index bd684d5eee18..777fe925cd40 100644
--- a/html/pfappserver/root/src/views/Configuration/connectionProfiles/_store.js
+++ b/html/pfappserver/root/src/views/Configuration/connectionProfiles/_store.js
@@ -238,7 +238,7 @@ const actions = {
     const { to, from, ...options } = params
     commit('FILE_REQUEST')
     return api.file(from).then(content => {
-      return api.createFile({ ...to, ...options, content }).then(response => {
+      return api.createFile({ ...to, ...options, content }).then(() => {
         return api.deleteFile({ ...from, ...options }).then(() => {
           return dispatch('files', { id: from.id })
         }).catch(err => {
diff --git a/html/pfappserver/root/src/views/Configuration/connectionProfiles/schema.js b/html/pfappserver/root/src/views/Configuration/connectionProfiles/schema.js
index b443e31c08bc..e6e5ed8da251 100644
--- a/html/pfappserver/root/src/views/Configuration/connectionProfiles/schema.js
+++ b/html/pfappserver/root/src/views/Configuration/connectionProfiles/schema.js
@@ -18,34 +18,34 @@ yup.addMethod(yup.string, 'connectionProfileIdNotExistsExcept', function (except
   })
 })
 
-yup.addMethod(yup.string, 'pathNotExists', function (entries, path, message, except) {
+const fileNotExists = (entries, path, filename, except) => {
+  // traverse tree using path parts
+  let parts = ['/', ...path.split('/').filter(p => p)]
+  while (parts.length > 0) {
+    for (let e = 0; e < entries.length; e++) {
+      const { name, entries: childEntries = [] } = entries[e]
+      if (name === parts[0]) {
+        // update pointer
+        entries = childEntries
+        break
+      }
+    }
+    parts = parts.slice(1)
+  }
+  for (let e = 0; e < entries.length; e++) {
+    const { name } = entries[e]
+    if (name === filename.trim())
+      return (name === except)
+  }
+  return true
+}
+
+yup.addMethod(yup.string, 'fileNotExists', function (entries, path, message, except) {
   return this.test({
-    name: 'pathNotExists',
+    name: 'fileNotExists',
     message: message || i18n.t('File exists.'),
     test: (value) => {
-      if (!value)
-        return true
-      // point @ primitive
-      let ptrEntries = entries.value
-      // traverse tree using path parts
-      let parts = ['/', ...path.value.split('/').filter(p => p)]
-      while (parts.length > 0) {
-        for (let e = 0; e < ptrEntries.length; e++) {
-          const { name, entries: childEntries = [] } = ptrEntries[e]
-          if (name === parts[0]) {
-            // update pointer
-            ptrEntries = childEntries
-            break
-          }
-        }
-        parts = parts.slice(1)
-      }
-      for (let e = 0; e < ptrEntries.length; e++) {
-        const { name } = ptrEntries[e]
-        if (name === value.trim())
-          return (name === except)
-      }
-      return true
+      return !value || fileNotExists(entries, path, value, except)
     }
   })
 })
@@ -107,4 +107,7 @@ export default (props) => {
   })
 }
 
-export { yup }
+export {
+  yup,
+  fileNotExists
+}

From 3ac6242a9fdb5ff0ddd74bae7083dd8c3e658510 Mon Sep 17 00:00:00 2001
From: James Rouzier <jrouzier@inverse.ca>
Date: Fri, 25 Nov 2022 22:21:31 +0000
Subject: [PATCH 019/103] Use the raw bytes for file upload

---
 lib/pf/UnifiedApi/Controller/Config/ConnectionProfiles.pm | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/lib/pf/UnifiedApi/Controller/Config/ConnectionProfiles.pm b/lib/pf/UnifiedApi/Controller/Config/ConnectionProfiles.pm
index 40ae4a201bd6..b9743515b161 100644
--- a/lib/pf/UnifiedApi/Controller/Config/ConnectionProfiles.pm
+++ b/lib/pf/UnifiedApi/Controller/Config/ConnectionProfiles.pm
@@ -162,11 +162,11 @@ sub new_file {
        return $self->render_error(412, "'$file' already exists");
     }
 
-    my $content = $self->req->text;
+    my $content = $self->req->body;
     eval {
         my (undef, $file_parent_dir, undef) = splitpath($path);
         pf_make_dir($file_parent_dir);
-        write_file($path, {binmode => ':utf8', no_clobber => 1}, $content);
+        write_file($path, {binmode => ':raw', no_clobber => 1}, $content);
     };
     if ($@) {
        pf::log::get_logger->error("Error writing file: $@");

From eea8c6317641d1ef14314314609a39ee0365ddd5 Mon Sep 17 00:00:00 2001
From: nqb <nquiniou@akamai.com>
Date: Fri, 25 Nov 2022 14:58:36 +0000
Subject: [PATCH 020/103] use script to run a command inside image

even if entrypoint is already defined
---
 .gitlab-ci.yml | 15 +++++++++------
 1 file changed, 9 insertions(+), 6 deletions(-)

diff --git a/.gitlab-ci.yml b/.gitlab-ci.yml
index effd8bf7b358..64ab132e91ad 100644
--- a/.gitlab-ci.yml
+++ b/.gitlab-ci.yml
@@ -281,24 +281,27 @@ variables:
 .build_img_container_job_dev:
   stage: build_img_container
   dependencies: []
-  image:
-    name: ${KANIKOBUILD_IMG}:${CI_COMMIT_REF_SLUG}
+  image: ${KANIKOBUILD_IMG}:${CI_COMMIT_REF_SLUG}
+  script:
+    - /bin/kanikobuild
   tags:
     - docker
 
 .build_img_container_job_br_maint:
   stage: build_img_container
   dependencies: []
-  image:
-    name: ${KANIKOBUILD_IMG}:${CI_COMMIT_REF_SLUG}
+  image: ${KANIKOBUILD_IMG}:${CI_COMMIT_REF_SLUG}
+  script:
+    - /bin/kanikobuild
   tags:
     - docker
 
 .build_img_container_job_rel:
   stage: build_img_container
   dependencies: []
-  image:
-    name: ${KANIKOBUILD_IMG}:${CI_COMMIT_TAG}
+  image: ${KANIKOBUILD_IMG}:${CI_COMMIT_TAG}
+  script:
+    - /bin/kanikobuild
   tags:
     - docker
 

From 4772a2597cda0c99a9760f33de2aa22c519edea5 Mon Sep 17 00:00:00 2001
From: Darren Satkunas <dsatkuna@akamai.com>
Date: Mon, 28 Nov 2022 09:30:26 -0500
Subject: [PATCH 021/103] utf8 validator

---
 html/pfappserver/root/src/utils/yup.js | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/html/pfappserver/root/src/utils/yup.js b/html/pfappserver/root/src/utils/yup.js
index 9876f64170df..a4ee7c16240a 100644
--- a/html/pfappserver/root/src/utils/yup.js
+++ b/html/pfappserver/root/src/utils/yup.js
@@ -293,7 +293,7 @@ yup.addMethod(yup.string, 'isFilenameWithExtension', function (extensions, messa
     name: 'isFilenameWithExtension',
     message: message || i18n.t('Invalid extension. Must be one of: {extensions}.', { extensions: extensions.join(', ') }),
     test: value => {
-      const re = RegExp('^[a-zA-Z0-9_]+[a-zA-Z0-9_\\-\\.]*\\.(' + extensions.join('|') + ')$')
+      const re = RegExp('^[0-9a-z\xC0-\xff_]+[0-9a-z\xC0-\xff_\\-\\.]*\\.(' + extensions.join('|') + ')$', 'gi')
       return !value || re.test(value)
     }
   })

From 477c7b54fa6933e39a90fb319e6e11390c90b8bd Mon Sep 17 00:00:00 2001
From: Darren Satkunas <dsatkuna@akamai.com>
Date: Mon, 28 Nov 2022 09:30:55 -0500
Subject: [PATCH 022/103] do not filter images

---
 lib/pf/UnifiedApi/Controller/Config/ConnectionProfiles.pm | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/lib/pf/UnifiedApi/Controller/Config/ConnectionProfiles.pm b/lib/pf/UnifiedApi/Controller/Config/ConnectionProfiles.pm
index b9743515b161..07f803f067e4 100644
--- a/lib/pf/UnifiedApi/Controller/Config/ConnectionProfiles.pm
+++ b/lib/pf/UnifiedApi/Controller/Config/ConnectionProfiles.pm
@@ -422,7 +422,7 @@ file_excluded
 
 sub file_excluded {
     my ($file) = @_;
-    return $file !~ /\.(html|mjml)$/ || $file =~ /^\./;
+    return $file !~ /\.(html|mjml|jpg|jpeg|gif|png)$/ || $file =~ /^\./;
 }
 
 sub dir_excluded {

From 94ff0d3a2e2ba961ae914b05840ba23344c9fa0f Mon Sep 17 00:00:00 2001
From: Darren Satkunas <dsatkuna@akamai.com>
Date: Mon, 28 Nov 2022 09:31:32 -0500
Subject: [PATCH 023/103] improve validation

---
 .../_components/InlineName.vue                | 23 +++++++++++++++++--
 .../_components/TheFilesList.vue              | 16 ++++++-------
 2 files changed, 29 insertions(+), 10 deletions(-)

diff --git a/html/pfappserver/root/src/views/Configuration/connectionProfiles/_components/InlineName.vue b/html/pfappserver/root/src/views/Configuration/connectionProfiles/_components/InlineName.vue
index 3fe74fc7d193..71e42aa79ac4 100644
--- a/html/pfappserver/root/src/views/Configuration/connectionProfiles/_components/InlineName.vue
+++ b/html/pfappserver/root/src/views/Configuration/connectionProfiles/_components/InlineName.vue
@@ -45,7 +45,7 @@ const props = {
   },
   entries: {
     type: Array
-  }
+  },
 }
 
 import { computed, nextTick, ref, toRefs, watch } from '@vue/composition-api'
@@ -63,10 +63,29 @@ const setup = (props, context) => {
     entries,
   } = toRefs(props)
 
+  const allowedExtensions = computed(() => {
+    const { name } = item.value
+    const extension = name.split('.').reverse()[0] || 'html'
+    switch (extension.toLowerCase()) {
+      case 'gif':
+        return ['gif']
+        // break
+      case 'jpg':
+      case 'jpeg':
+        return ['jpg', 'jpeg']
+        // break
+      case 'png':
+        return ['png']
+        //  break
+      default:
+        return ['html', 'mjml']
+    }
+  })
+
   const schema = computed(() => yup.object({
     name: yup.string()
       .required(i18n.t('Filename required.'))
-      .isFilenameWithExtension(['html', 'mjml'])
+      .isFilenameWithExtension(allowedExtensions.value)
       .fileNotExists(entries.value, item.value.path, i18n.t('File exists.'), item.value.name)
   }))
 
diff --git a/html/pfappserver/root/src/views/Configuration/connectionProfiles/_components/TheFilesList.vue b/html/pfappserver/root/src/views/Configuration/connectionProfiles/_components/TheFilesList.vue
index 222f8d6dd42a..b5168ed1c75a 100644
--- a/html/pfappserver/root/src/views/Configuration/connectionProfiles/_components/TheFilesList.vue
+++ b/html/pfappserver/root/src/views/Configuration/connectionProfiles/_components/TheFilesList.vue
@@ -388,35 +388,35 @@ const setup = (props, context) => {
   }
 
   const onUploadFiles = (item, files) => {
-console.log('onUploadFiles', {item, files})
     const { path, name } = item
     const pathname = `${path}/${name}`.replace('//', '/')
     files.forEach(file => {
-      const exists = !fileNotExists(entries.value, pathname, file.name)
+      const filename = file.name.trim()
+      const exists = !fileNotExists(entries.value, pathname, filename)
       if (exists) {
         $store.dispatch('notification/danger', {
           icon: 'exclamation-triangle',
-          url: file.name,
-          message: i18n.t('{file} exists.', { file: `<code>${pathname}/${file.name}</code>` })
+          url: filename,
+          message: i18n.t('{file} exists.', { file: `<code>${pathname}/${filename}</code>` })
         })
       }
       else {
         $store.dispatch(`${file.storeName}/readSlice`, { start: 0, end: file.size }).then(content => {
           $store.dispatch('$_connection_profiles/createFile', {
             id: id.value,
-            filename: `${pathname}/${file.name}`.replace('//', '/'),
+            filename: `${pathname}/${filename}`.replace('//', '/'),
             content, // file.result
             quiet: true
           }).then(() => {
             $store.dispatch('notification/info', {
-              url: file.name,
-              message: i18n.t('{file} uploaded.', { file: `<code>${pathname}/${file.name}</code>` })
+              url: filename,
+              message: i18n.t('{file} uploaded.', { file: `<code>${pathname}/${filename}</code>` })
             })
           }).catch(error => {
             const { response: { data: { message = '' } = {} } = {} } = error
             $store.dispatch('notification/danger', {
               icon: 'exclamation-triangle',
-              url: file.name,
+              url: filename,
               message
             })
             throw error

From e3fbde4f6739dd46ebffbd70da51d01e76b95c5b Mon Sep 17 00:00:00 2001
From: Darren Satkunas <dsatkuna@akamai.com>
Date: Mon, 28 Nov 2022 13:38:43 -0500
Subject: [PATCH 024/103] improve list

---
 html/pfappserver/root/src/main.js             |   1 +
 .../{ModalFile.vue => ModalEdit.vue}          |   2 +-
 .../_components/ModalView.vue                 | 132 ++++++++++++++++++
 .../_components/TheFilesList.vue              |  72 +++++++---
 .../connectionProfiles/_components/index.js   |   6 +-
 5 files changed, 192 insertions(+), 21 deletions(-)
 rename html/pfappserver/root/src/views/Configuration/connectionProfiles/_components/{ModalFile.vue => ModalEdit.vue} (99%)
 create mode 100644 html/pfappserver/root/src/views/Configuration/connectionProfiles/_components/ModalView.vue

diff --git a/html/pfappserver/root/src/main.js b/html/pfappserver/root/src/main.js
index 2eea1071c382..680acb9daec5 100644
--- a/html/pfappserver/root/src/main.js
+++ b/html/pfappserver/root/src/main.js
@@ -58,6 +58,7 @@ import 'vue-awesome/icons/file'
 import 'vue-awesome/icons/file-csv'
 import 'vue-awesome/icons/file-excel'
 import 'vue-awesome/icons/file-export'
+import 'vue-awesome/icons/file-image'
 import 'vue-awesome/icons/font'
 import 'vue-awesome/icons/regular/file'
 import 'vue-awesome/icons/fingerprint'
diff --git a/html/pfappserver/root/src/views/Configuration/connectionProfiles/_components/ModalFile.vue b/html/pfappserver/root/src/views/Configuration/connectionProfiles/_components/ModalEdit.vue
similarity index 99%
rename from html/pfappserver/root/src/views/Configuration/connectionProfiles/_components/ModalFile.vue
rename to html/pfappserver/root/src/views/Configuration/connectionProfiles/_components/ModalEdit.vue
index d8da5df3403d..eb709a975872 100644
--- a/html/pfappserver/root/src/views/Configuration/connectionProfiles/_components/ModalFile.vue
+++ b/html/pfappserver/root/src/views/Configuration/connectionProfiles/_components/ModalEdit.vue
@@ -334,7 +334,7 @@ const setup = (props, context) => {
 }
 
 export default {
-  name: 'modal-file',
+  name: 'modal-edit',
   components,
   props,
   setup
diff --git a/html/pfappserver/root/src/views/Configuration/connectionProfiles/_components/ModalView.vue b/html/pfappserver/root/src/views/Configuration/connectionProfiles/_components/ModalView.vue
new file mode 100644
index 000000000000..d0f333a30b43
--- /dev/null
+++ b/html/pfappserver/root/src/views/Configuration/connectionProfiles/_components/ModalView.vue
@@ -0,0 +1,132 @@
+<template>
+  <b-modal v-model="show"
+    size="xl" body-class="d-flex justify-content-md-center p-3"
+  >
+    <template v-slot:modal-title>
+      {{ $i18n.t('View File') }} <code>{{ path }}</code>
+    </template>
+    <template v-slot:default>
+      <img :src="previewUrl" class="align-self-center" />
+    </template>
+    <template v-slot:modal-footer>
+      <button-delete v-if="isDeletable"
+        variant="danger" class="mr-1"
+        :disabled="isLoading"
+        :confirm="$t('Delete file?')"
+        reverse
+        @click="onDelete"
+      >{{ $t('Delete') }}</button-delete>
+      <b-button
+        class="mr-1" variant="secondary" @click="onHide">{{ $t('Close') }}</b-button>
+    </template>
+  </b-modal>
+</template>
+<script>
+import {
+  BaseButtonConfirm,
+} from '@/components/new/'
+
+const components = {
+  ButtonDelete: BaseButtonConfirm,
+}
+
+const props = {
+  entries: {
+    type: Array
+  },
+  id: {
+    type: String
+  },
+  path: {
+    type: String,
+    default: ''
+  },
+  value: { // v-model: show/hide
+    type: Boolean
+  }
+}
+
+import { computed, customRef, ref, toRefs, watch } from '@vue/composition-api'
+
+const setup = (props, context) => {
+
+  const { root: { $store } = {}, emit } = context
+
+  const {
+    entries,
+    id,
+    path,
+    value,
+  } = toRefs(props)
+
+  const isLoading = computed(() => $store.getters['$_connection_profiles/isLoadingFiles'])
+
+  const isDeletable = ref(false)
+  const isRevertible = ref(false)
+  watch([path, entries], () => {
+    $store.dispatch('$_connection_profiles/getFile', { id: id.value, filename: path.value }).then(response => {
+      const { meta: { not_deletable, not_revertible } = {} } = response
+      isDeletable.value = !not_deletable
+      isRevertible.value = !not_revertible
+    })
+  }, { deep: true })
+
+  const previewUrl = computed(() => {
+    let url = ['/config/profile', id.value, 'preview']
+    if (path.value)
+      url.push(...path.value.split('/').filter(u => u))
+    return url.join('/')
+  })
+
+  const onDelete = () => {
+    $store.dispatch('$_connection_profiles/deleteFile', { id: id.value, filename: path.value }).then(() => {
+      emit('delete', path.value)
+    })
+  }
+
+  const show = customRef((track, trigger) => ({ // use v-model
+    get() {
+      track()
+      return value.value
+    },
+    set(newValue) {
+      emit('input', newValue)
+      trigger()
+    }
+  }))
+
+  const onHide = () => {
+    show.value = false
+  }
+
+  return {
+    isLoading,
+    isDeletable,
+    isRevertible,
+    onDelete,
+
+    // modal
+    show,
+    onHide,
+
+    previewUrl
+  }
+}
+
+export default {
+  name: 'modal-view',
+  components,
+  props,
+  setup
+}
+</script>
+<style lang="scss" scoped>
+::v-deep {
+  .modal-dialog {
+    & > .modal-content {
+      /* take max height */
+      height: calc(100vh - (2 * 1.75rem)); /* 2 x $modal-dialog-margin-y-sm-up */
+    }
+  }
+}
+</style>
diff --git a/html/pfappserver/root/src/views/Configuration/connectionProfiles/_components/TheFilesList.vue b/html/pfappserver/root/src/views/Configuration/connectionProfiles/_components/TheFilesList.vue
index b5168ed1c75a..4dac558b52ce 100644
--- a/html/pfappserver/root/src/views/Configuration/connectionProfiles/_components/TheFilesList.vue
+++ b/html/pfappserver/root/src/views/Configuration/connectionProfiles/_components/TheFilesList.vue
@@ -37,8 +37,7 @@
           <icon v-for="(name, n) in item.icons" :key="n"
             :name="name" class="nav-icon" />
 
-          <icon name="file" v-if="!item.not_revertible || !item.not_deletable" />
-          <icon name="regular/file" v-else />
+          <icon :name="(item.isImage) ? 'file-image' : 'file'" />
 
           <inline-name v-if="!item.not_revertible || !item.not_deletable"
             :id="id" :item="item" :entries="entries" />
@@ -81,7 +80,7 @@
             <b-dropdown-header>{{ `${item.path}/${item.name}`.replace('//', '/') }}</b-dropdown-header>
             <b-dropdown-divider />
             <b-dropdown-item @click="onToggleDirectory(item)">{{ $i18n.t('Create New Sub Directory') }}</b-dropdown-item>
-            <b-dropdown-item @click="onToggleFile(item)">{{ $i18n.t('Create New File') }}</b-dropdown-item>
+            <b-dropdown-item @click="onToggleEdit(item)">{{ $i18n.t('Create New File') }}</b-dropdown-item>
             <b-dropdown-item @click="onToggleUpload(item)">
               <base-button-upload
                 @files="onUploadFiles(item, $event)"
@@ -104,15 +103,24 @@
       @hidden="onToggleDirectory"
     />
 
-    <modal-file
-      v-model="isShowFileModal"
+    <modal-edit
+      v-model="isShowEditModal"
       :entries="entries"
       :id="id"
       :path="lastPath"
       @create="onCreateFile($event)"
       @update="onUpdateFile($event)"
       @delete="onDeleteFile($event)"
-      @hidden="onToggleFile"
+      @hidden="onToggleEdit"
+    />
+
+    <modal-view
+      v-model="isShowViewModal"
+      :entries="entries"
+      :id="id"
+      :path="lastPath"
+      @delete="onDeleteFile($event)"
+      @hidden="onToggleView"
     />
 
   </div>
@@ -126,7 +134,8 @@ import {
 import {
   InlineName,
   ModalDirectory,
-  ModalFile,
+  ModalEdit,
+  ModalView,
 } from './'
 
 const components = {
@@ -135,7 +144,8 @@ const components = {
   InlineName,
   InputToggle: BaseFormGroupToggle,
   ModalDirectory,
-  ModalFile,
+  ModalEdit,
+  ModalView,
 }
 
 const props = {
@@ -261,7 +271,9 @@ const setup = (props, context) => {
               }
               break
             case 'file':
-              reduced.push({ ...rest, path, icons })
+              reduced.push({ ...rest, path, icons,
+                isImage: (['gif', 'jpg', 'jpeg', 'png'].includes(name.split('.').reverse()[0].toLowerCase()))
+              })
               break
           }
           return reduced
@@ -292,7 +304,9 @@ const setup = (props, context) => {
                 reduced.push({ ...rest, path, expand: false, icons })
               break
             case 'file':
-              reduced.push({ ...rest, path, icons })
+              reduced.push({ ...rest, path, icons,
+                isImage: (['gif', 'jpg', 'jpeg', 'png'].includes(name.split('.').reverse()[0].toLowerCase()))
+              })
               break
           }
           return reduced
@@ -317,7 +331,17 @@ const setup = (props, context) => {
         expandPath(fullPath)
     }
     else if (type === 'file') {
-      onToggleFile(row)
+      const extension = name.split('.').reverse()[0]
+      switch (extension.toLowerCase()) {
+        case 'gif':
+        case 'jpg':
+        case 'jpeg':
+        case 'png':
+          onToggleView(row)
+          break
+        default:
+          onToggleEdit(row)
+      }
     }
   }
 
@@ -342,11 +366,18 @@ const setup = (props, context) => {
     isShowDirectoryModal.value = !isShowDirectoryModal.value
   }
 
-  const isShowFileModal = ref(false)
-  const onToggleFile = (item) => {
+  const isShowEditModal = ref(false)
+  const onToggleEdit = (item) => {
     const { path = '', name = '' } = item || {}
     lastPath.value = `${path}/${name}`.replace('//', '/')
-    isShowFileModal.value = !isShowFileModal.value
+    isShowEditModal.value = !isShowEditModal.value
+  }
+
+  const isShowViewModal = ref(false)
+  const onToggleView = (item) => {
+    const { path = '', name = '' } = item || {}
+    lastPath.value = `${path}/${name}`.replace('//', '/')
+    isShowViewModal.value = !isShowViewModal.value
   }
 
   const isShowUploadModal = ref(false)
@@ -383,7 +414,8 @@ const setup = (props, context) => {
   const onUpdateFile = () => _getFiles()
 
   const onDeleteFile = () => {
-    isShowFileModal.value = false
+    isShowEditModal.value = false
+    isShowViewModal.value = false
     _getFiles()
   }
 
@@ -412,6 +444,7 @@ const setup = (props, context) => {
               url: filename,
               message: i18n.t('{file} uploaded.', { file: `<code>${pathname}/${filename}</code>` })
             })
+
           }).catch(error => {
             const { response: { data: { message = '' } = {} } = {} } = error
             $store.dispatch('notification/danger', {
@@ -420,7 +453,7 @@ const setup = (props, context) => {
               message
             })
             throw error
-          })
+          }).finally(_getFiles)
         })
       }
     })
@@ -445,11 +478,14 @@ const setup = (props, context) => {
     onCreateDirectory,
     onToggleDirectory,
 
-    isShowFileModal,
+    isShowEditModal,
     onCreateFile,
     onUpdateFile,
     onDeleteFile,
-    onToggleFile,
+    onToggleEdit,
+
+    isShowViewModal,
+    onToggleView,
 
     isShowUploadModal,
     onToggleUpload,
diff --git a/html/pfappserver/root/src/views/Configuration/connectionProfiles/_components/index.js b/html/pfappserver/root/src/views/Configuration/connectionProfiles/_components/index.js
index 8ad36374d9c3..c0fe90bf528b 100644
--- a/html/pfappserver/root/src/views/Configuration/connectionProfiles/_components/index.js
+++ b/html/pfappserver/root/src/views/Configuration/connectionProfiles/_components/index.js
@@ -17,7 +17,8 @@ import BaseFormGroupSources from './BaseFormGroupSources'
 import ButtonPreviewPortal from './ButtonPreviewPortal'
 import InlineName from './InlineName'
 import ModalDirectory from './ModalDirectory'
-import ModalFile from './ModalFile'
+import ModalEdit from './ModalEdit'
+import ModalView from './ModalView'
 import TheFilesList from './TheFilesList'
 import TheForm from './TheForm'
 import TheView from './TheView'
@@ -67,7 +68,8 @@ export {
   ButtonPreviewPortal,
   InlineName,
   ModalDirectory,
-  ModalFile,
+  ModalEdit,
+  ModalView,
   TheFilesList,
   TheForm,
   TheView,

From eadb254521703a12ff31519e8b942f538be6cc42 Mon Sep 17 00:00:00 2001
From: nqb <nquiniou@akamai.com>
Date: Mon, 28 Nov 2022 21:28:32 +0100
Subject: [PATCH 025/103] add packetfence-ci-lib to Debian packages

---
 Makefile       | 14 ++++++++++++++
 config.mk      |  3 +++
 debian/control |  5 +++++
 debian/rules   | 11 +++++++++++
 4 files changed, 33 insertions(+)

diff --git a/Makefile b/Makefile
index 06895265bddd..6970db12a0b6 100644
--- a/Makefile
+++ b/Makefile
@@ -321,6 +321,20 @@ pfconnector_remote_install:
 	make -C $(SRC_GODIR) pfconnector
 	install -v -m 0755 $(SRC_GODIR)/pfconnector $(DESTDIR)$(PFCONNECTOR_BINDIR)/pfconnector
 
+# install -D will automatically create target directories
+# SRC_RELATIVE_CILIBDIR is used to only get relative paths from PF source tree
+# $$file in destination of install command contain relative path
+.PHONY: ci_lib_install
+ci_lib_install:
+	@echo "create directories under $(DESTDIR)$(CIDIR)"
+	install -d -m0755 $(DESTDIR)$(CIDIR)
+	install -d -m0755 $(DESTDIR)$(CILIBDIR)
+
+	@echo "install $(SRC_RELATIVE_CILIBDIR) files"
+	for file in $(shell find $(SRC_RELATIVE_CILIBDIR) -type f); do \
+            install -v -m 0644 $$file -D $(DESTDIR)$(PF_PREFIX)/$$file ; \
+	done
+
 # packetfence-export package
 .PHONY: distclean-packetfence-export
 distclean-packetfence-export:
diff --git a/config.mk b/config.mk
index 633cd683b088..6dbae0c13393 100644
--- a/config.mk
+++ b/config.mk
@@ -12,6 +12,8 @@ PFCONNECTOR_PREFIX = $(PREFIX)/pfconnector-remote
 BINDIR = $(PF_PREFIX)/bin
 SBINDIR = $(PF_PREFIX)/sbin
 TESTDIR = $(PF_PREFIX)/t
+CIDIR = $(PF_PREFIX)/ci
+CILIBDIR = $(CIDIR)/lib
 
 # PF connector
 PFCONNECTOR_BINDIR = $(PFCONNECTOR_PREFIX)/bin
@@ -32,6 +34,7 @@ SRC_CI_TESTDIR = $(SRC_CIDIR)/lib/test
 SRC_GODIR = $(SRC_ROOT_DIR)/go
 SRC_TESTDIR= $(SRC_ROOT_DIR)/t
 SRC_RELATIVE_TESTDIR = t
+SRC_RELATIVE_CILIBDIR = ci/lib
 SRC_ADDONSDIR = $(SRC_ROOT_DIR)/addons
 SRC_FULL_IMPORTDIR = $(SRC_ADDONSDIR)/full-import
 SRC_FULL_UPGRADEDIR = $(SRC_ADDONSDIR)/full-upgrade
diff --git a/debian/control b/debian/control
index 26bb66ab437f..82df109919f8 100644
--- a/debian/control
+++ b/debian/control
@@ -202,6 +202,11 @@ Depends: fingerbank-collector-remote (>= 1.4.1)
 Description: PacketFence Connector
  PacketFence Connector files. This package contains all files related to PacketFence Connector.
 
+Package: packetfence-ci-lib
+Architecture: all
+Description: CI librairies used by PacketFence
+ PacketFence CI librairies. This package contains all files related to PacketFence CI librairies.
+
 Package: packetfence-pfcmd-suid
 Architecture: any
 Depends: ${misc:Depends}, ${shlibs:Depends}
diff --git a/debian/rules b/debian/rules
index e2223d37c591..fb3a9a8e0747 100755
--- a/debian/rules
+++ b/debian/rules
@@ -77,6 +77,9 @@ install: build
 	# packetfence-pfconnector-remote package
 	make DESTDIR=$(CURDIR)/debian/packetfence-pfconnector-remote pfconnector_remote_install
 
+	# packetfence-ci-lib package
+	make DESTDIR=$(CURDIR)/debian/packetfence-ci-lib ci_lib_install
+
 	# packetfence-config package
 	for i in `find * -path 'lib/pfconfig*' -type d`; do \
 		install -d -m0700 $(CURDIR)/debian/packetfence-config$(PREFIX)/$(NAME)/$$i; \
@@ -347,6 +350,14 @@ binary-arch: build install
 
 	# Addon Stress-tester
 	chmod 0755 $(CURDIR)/debian/packetfence$(PREFIX)/$(NAME)/addons/stress-tester/dhcp_test
+
+	# packetfence-ci-lib
+	chmod 0755 $(CURDIR)/debian/packetfence-ci-lib$(PREFIX)/$(NAME)/ci/lib/build/*.sh
+	chmod 0755 $(CURDIR)/debian/packetfence-ci-lib$(PREFIX)/$(NAME)/ci/lib/check/*.sh
+	chmod 0755 $(CURDIR)/debian/packetfence-ci-lib$(PREFIX)/$(NAME)/ci/lib/common/*.sh
+	chmod 0755 $(CURDIR)/debian/packetfence-ci-lib$(PREFIX)/$(NAME)/ci/lib/release/*.sh
+	chmod 0755 $(CURDIR)/debian/packetfence-ci-lib$(PREFIX)/$(NAME)/ci/lib/test/*.sh
+	chmod 0755 $(CURDIR)/debian/packetfence-ci-lib$(PREFIX)/$(NAME)/ci/lib/upload/*.sh
 	# packetfence pkg
 	chmod 0755 $(CURDIR)/debian/packetfence$(PREFIX)/$(NAME)/addons/*.pl
 	chmod 0755 $(CURDIR)/debian/packetfence$(PREFIX)/$(NAME)/addons/*.sh

From 37796277f5f7c4d0b86cc147abf0352b6c556db2 Mon Sep 17 00:00:00 2001
From: nqb <nquiniou@akamai.com>
Date: Mon, 28 Nov 2022 22:23:46 +0100
Subject: [PATCH 026/103] deploy packetfence-ci-lib package in a common
 location

---
 .gitlab-ci.yml                    |  1 +
 ci/lib/upload/deploy-artifacts.sh | 17 +++++++++++++++++
 2 files changed, 18 insertions(+)

diff --git a/.gitlab-ci.yml b/.gitlab-ci.yml
index 64ab132e91ad..675e8499d17b 100644
--- a/.gitlab-ci.yml
+++ b/.gitlab-ci.yml
@@ -470,6 +470,7 @@ variables:
   script:
     - ./${UPLOAD_DIR}/deploy-artifacts.sh packetfence-release
     - ./${UPLOAD_DIR}/deploy-artifacts.sh packetfence-export
+    - ./${UPLOAD_DIR}/deploy-artifacts.sh packetfence-ci-lib
   tags:
     - shell
 
diff --git a/ci/lib/upload/deploy-artifacts.sh b/ci/lib/upload/deploy-artifacts.sh
index ccd93849f975..7de21223d43a 100755
--- a/ci/lib/upload/deploy-artifacts.sh
+++ b/ci/lib/upload/deploy-artifacts.sh
@@ -149,6 +149,22 @@ packetfence_export_deploy() {
     done
 }
 
+packetfence_ci_lib_deploy() {
+    # Deb (only)
+    for release_name in $(ls $DEB_RESULT_DIR); do
+        src_dir="$DEB_RESULT_DIR/${release_name}"
+        dst_repo="$DEB_BASE_DIR/debian"
+        dst_dir="$DEPLOY_USER@$DEPLOY_HOST:$dst_repo"
+        pf_ci_lib_deb_file=$(basename $(ls $src_dir/packetfence-ci-lib*))
+        pf_ci_lib_deb_dest_name=${PF_CI_LIB_DEB_DEST_NAME:-"packetfence-ci-lib_${PF_MINOR_RELEASE}.deb"}
+        declare -p src_dir dst_dir pf_ci_lib_deb_file pf_ci_lib_deb_dest_name
+
+        echo "scp: ${src_dir}/${pf_ci_lib_deb_file} -> ${dst_dir}/${pf_ci_lib_deb_dest_name}"
+        scp "${src_dir}/${pf_ci_lib_deb_file}" "${dst_dir}/${pf_ci_lib_deb_dest_name}" \
+            || die "scp failed"
+    done
+}
+
 ppa_deploy() {
     # warning: slashs at end of dirs are significant for rsync
     src_dir="$PUBLIC_DIR/"
@@ -185,6 +201,7 @@ case $1 in
     deb) deb_deploy ;;
     packetfence-release) packetfence_release_deploy ;;
     packetfence-export) packetfence_export_deploy ;;
+    packetfence-ci-lib) packetfence_ci_lib_deploy ;;
     ppa) ppa_deploy ;;
     website) website_deploy ;;
     *)   die "Wrong argument"

From 9a353c9c1c51a8ecc35ede7ee52a82d696c48965 Mon Sep 17 00:00:00 2001
From: James Rouzier <jrouzier@inverse.ca>
Date: Mon, 28 Nov 2022 22:10:52 +0000
Subject: [PATCH 027/103] Just serve non template files

---
 lib/pf/UnifiedApi/Controller/Config/ConnectionProfiles.pm | 6 ++++++
 1 file changed, 6 insertions(+)

diff --git a/lib/pf/UnifiedApi/Controller/Config/ConnectionProfiles.pm b/lib/pf/UnifiedApi/Controller/Config/ConnectionProfiles.pm
index 07f803f067e4..96d6a3e15b21 100644
--- a/lib/pf/UnifiedApi/Controller/Config/ConnectionProfiles.pm
+++ b/lib/pf/UnifiedApi/Controller/Config/ConnectionProfiles.pm
@@ -620,6 +620,12 @@ sub preview_file {
     if (!defined $path) {
         return $self->render_error(404, "'$file' not found");
     }
+
+    if ($path !~ /\.html/) {
+        $self->reply->file($path);
+        return;
+    }
+
     my $profile =
       pf::Connection::ProfileFactory->instantiate( "00:11:22:33:44:55",
         { portal => $self->id } );

From 6d15cc3d89a0bdffb060aa6d90b34572d79bb9c4 Mon Sep 17 00:00:00 2001
From: James Rouzier <jrouzier@inverse.ca>
Date: Tue, 29 Nov 2022 04:44:37 +0000
Subject: [PATCH 028/103] Update content type

---
 lib/pf/UnifiedApi/Controller/Config/ConnectionProfiles.pm | 6 +++++-
 1 file changed, 5 insertions(+), 1 deletion(-)

diff --git a/lib/pf/UnifiedApi/Controller/Config/ConnectionProfiles.pm b/lib/pf/UnifiedApi/Controller/Config/ConnectionProfiles.pm
index 96d6a3e15b21..bddccedd4393 100644
--- a/lib/pf/UnifiedApi/Controller/Config/ConnectionProfiles.pm
+++ b/lib/pf/UnifiedApi/Controller/Config/ConnectionProfiles.pm
@@ -621,7 +621,11 @@ sub preview_file {
         return $self->render_error(404, "'$file' not found");
     }
 
-    if ($path !~ /\.html/) {
+    if ($path !~ /\.html$/) {
+        my $type = $self->app->types->file_type($path);
+        if ($type) {
+            $self->res->headers->content_type($type);
+        }
         $self->reply->file($path);
         return;
     }

From 2e906b3fec45c9782f0f57822f49860b45b72eb6 Mon Sep 17 00:00:00 2001
From: James Rouzier <jrouzier@inverse.ca>
Date: Tue, 29 Nov 2022 14:55:00 +0000
Subject: [PATCH 029/103] Add the content type

---
 go/httpdportalpreview/httpdportalpreview.go | 16 ++++++++++++++--
 1 file changed, 14 insertions(+), 2 deletions(-)

diff --git a/go/httpdportalpreview/httpdportalpreview.go b/go/httpdportalpreview/httpdportalpreview.go
index 9eefb14cc2a9..01ca2d9e40a9 100644
--- a/go/httpdportalpreview/httpdportalpreview.go
+++ b/go/httpdportalpreview/httpdportalpreview.go
@@ -6,10 +6,12 @@ import (
 	"errors"
 	"fmt"
 	"io/ioutil"
+	"mime"
 	"net"
 	"net/http"
 	"net/http/httputil"
 	"net/url"
+	"path/filepath"
 	"regexp"
 	"strings"
 	"time"
@@ -114,10 +116,20 @@ func (p *Proxy) ServeHTTP(w http.ResponseWriter, r *http.Request) {
 func (p *Proxy) ServeStatic(r *http.Response) error {
 	apiClient := unifiedapiclient.NewFromConfig(context.Background())
 	params, _ := getParams(`/config/profile/(?P<Profile>.*)/preview/(?P<File>.*)`, p.Uri)
+	file := params["File"]
+	buffer, _ := apiClient.CallSimpleHtml(p.Ctx, "GET", "/api/v1/config/connection_profile/"+params["Profile"]+"/preview/"+file, "")
+	ext := filepath.Ext(file)
+	if strings.HasSuffix(file, ".html") {
+		return p.RewriteAnswer(r, buffer)
+	}
 
-	buffer, _ := apiClient.CallSimpleHtml(p.Ctx, "GET", "/api/v1/config/connection_profile/"+params["Profile"]+"/preview/"+params["File"], "")
+	mimeType := mime.TypeByExtension(ext)
+	if mimeType != "" {
+		r.Header["Content-Type"] = []string{mimeType}
+	}
 
-	p.RewriteAnswer(r, buffer)
+	boeuf := bytes.NewBuffer(buffer)
+	r.Body = ioutil.NopCloser(boeuf)
 	return nil
 }
 

From c275d5d6def7f2f1074c01162ab6ab066cd0e3e8 Mon Sep 17 00:00:00 2001
From: Darren Satkunas <dsatkuna@akamai.com>
Date: Tue, 29 Nov 2022 15:10:02 -0500
Subject: [PATCH 030/103] switch to base64 encoding

---
 html/pfappserver/root/src/store/base/file.js  | 20 +++++++++++++++++--
 .../Configuration/connectionProfiles/_api.js  |  2 +-
 .../_components/ModalEdit.vue                 |  4 ++--
 .../_components/ModalView.vue                 | 10 ----------
 .../_components/TheFilesList.vue              |  2 +-
 .../connectionProfiles/_store.js              |  4 +++-
 .../Controller/Config/ConnectionProfiles.pm   | 18 ++++++++++++-----
 7 files changed, 38 insertions(+), 22 deletions(-)

diff --git a/html/pfappserver/root/src/store/base/file.js b/html/pfappserver/root/src/store/base/file.js
index 4e57f877a880..4b6bbcdf7be5 100644
--- a/html/pfappserver/root/src/store/base/file.js
+++ b/html/pfappserver/root/src/store/base/file.js
@@ -65,11 +65,9 @@ export default class FileStore {
               const end = state.offsets[lineIndex + 1] - state.newLine.length
               dispatch('readSlice', { start, end }).then(result => {
                 let decoded = result
-//                if (state.file.type.match(/^text\//i)) { // is text
                   try {
                     decoded = new TextDecoder(state.file.encoding).decode(result)
                   } catch (e) {/* noop */ }
-//                }
                 resolve(decoded)
               }).catch(err => {
                 reject(err)
@@ -99,6 +97,24 @@ export default class FileStore {
           reader.readAsArrayBuffer(slice)
         })
       },
+      readAsDataURL: ({ commit, state }) => {
+        return new Promise((resolve, reject) => {
+          const reader = new FileReader()
+          reader.onerror = (event) => {
+            const { target: { error } = {} } = event
+            commit('SET_ERROR', error)
+            reader.abort()
+            reject(error)
+          }
+          reader.onload = (event) => {
+            const { target: { result } = {} } = event
+            // eslint-disable-next-line no-unused-vars
+            const [ dataString, base64 ] = result.split(',', 2)
+            resolve(base64)
+          }
+          reader.readAsDataURL(state.blob)
+        })
+      },
       buildOffset: ({ commit, state, dispatch }, lineIndex) => {
         return new Promise((resolve, reject) => {
           const scan = async (index, start) => {
diff --git a/html/pfappserver/root/src/views/Configuration/connectionProfiles/_api.js b/html/pfappserver/root/src/views/Configuration/connectionProfiles/_api.js
index 606709548269..5faad2b1dc1e 100644
--- a/html/pfappserver/root/src/views/Configuration/connectionProfiles/_api.js
+++ b/html/pfappserver/root/src/views/Configuration/connectionProfiles/_api.js
@@ -52,7 +52,7 @@ export default {
   },
   file: params => {
     const method = params.quiet ? 'getQuiet' : 'get'
-    return apiCall[method](['config', 'connection_profile', params.id, 'files', ...params.filename.split('/').filter(p => p)], { nocache: true }).then(response => {
+    return apiCall[method](['config', 'connection_profile', params.id, 'files', ...params.filename.split('/').filter(p => p)], { ...params, nocache: true }).then(response => {
       return response.data
     })
   },
diff --git a/html/pfappserver/root/src/views/Configuration/connectionProfiles/_components/ModalEdit.vue b/html/pfappserver/root/src/views/Configuration/connectionProfiles/_components/ModalEdit.vue
index eb709a975872..3ebe9998c3a3 100644
--- a/html/pfappserver/root/src/views/Configuration/connectionProfiles/_components/ModalEdit.vue
+++ b/html/pfappserver/root/src/views/Configuration/connectionProfiles/_components/ModalEdit.vue
@@ -189,7 +189,7 @@ const setup = (props, context) => {
     else {
       $store.dispatch('$_connection_profiles/getFile', { id: id.value, filename: path.value }).then(response => {
         const { content, meta: { not_deletable, not_revertible } = {} } = response
-        editorContent.value = content
+        editorContent.value = atob(content)
         isDeletable.value = !not_deletable
         isRevertible.value = !not_revertible
       })
@@ -209,7 +209,7 @@ const setup = (props, context) => {
     let params = {
       id: id.value,
       filename: path.value.split('/').filter(u => u).join('/'),
-      content: editorContent.value
+      content: btoa(editorContent.value)
     }
     if (isNew.value)
       params.filename += `/${form.value.name}`
diff --git a/html/pfappserver/root/src/views/Configuration/connectionProfiles/_components/ModalView.vue b/html/pfappserver/root/src/views/Configuration/connectionProfiles/_components/ModalView.vue
index d0f333a30b43..614daf3f36ca 100644
--- a/html/pfappserver/root/src/views/Configuration/connectionProfiles/_components/ModalView.vue
+++ b/html/pfappserver/root/src/views/Configuration/connectionProfiles/_components/ModalView.vue
@@ -120,13 +120,3 @@ export default {
   setup
 }
 </script>
-<style lang="scss" scoped>
-::v-deep {
-  .modal-dialog {
-    & > .modal-content {
-      /* take max height */
-      height: calc(100vh - (2 * 1.75rem)); /* 2 x $modal-dialog-margin-y-sm-up */
-    }
-  }
-}
-</style>
diff --git a/html/pfappserver/root/src/views/Configuration/connectionProfiles/_components/TheFilesList.vue b/html/pfappserver/root/src/views/Configuration/connectionProfiles/_components/TheFilesList.vue
index 4dac558b52ce..fe32716d9de0 100644
--- a/html/pfappserver/root/src/views/Configuration/connectionProfiles/_components/TheFilesList.vue
+++ b/html/pfappserver/root/src/views/Configuration/connectionProfiles/_components/TheFilesList.vue
@@ -433,7 +433,7 @@ const setup = (props, context) => {
         })
       }
       else {
-        $store.dispatch(`${file.storeName}/readSlice`, { start: 0, end: file.size }).then(content => {
+        $store.dispatch(`${file.storeName}/readAsDataURL`).then(content => {
           $store.dispatch('$_connection_profiles/createFile', {
             id: id.value,
             filename: `${pathname}/${filename}`.replace('//', '/'),
diff --git a/html/pfappserver/root/src/views/Configuration/connectionProfiles/_store.js b/html/pfappserver/root/src/views/Configuration/connectionProfiles/_store.js
index 777fe925cd40..1397046c7ff0 100644
--- a/html/pfappserver/root/src/views/Configuration/connectionProfiles/_store.js
+++ b/html/pfappserver/root/src/views/Configuration/connectionProfiles/_store.js
@@ -238,7 +238,9 @@ const actions = {
     const { to, from, ...options } = params
     commit('FILE_REQUEST')
     return api.file(from).then(content => {
-      return api.createFile({ ...to, ...options, content }).then(() => {
+      return api.createFile({
+        ...to, ...options, content
+      }).then(() => {
         return api.deleteFile({ ...from, ...options }).then(() => {
           return dispatch('files', { id: from.id })
         }).catch(err => {
diff --git a/lib/pf/UnifiedApi/Controller/Config/ConnectionProfiles.pm b/lib/pf/UnifiedApi/Controller/Config/ConnectionProfiles.pm
index bddccedd4393..d8cc32b3c5d2 100644
--- a/lib/pf/UnifiedApi/Controller/Config/ConnectionProfiles.pm
+++ b/lib/pf/UnifiedApi/Controller/Config/ConnectionProfiles.pm
@@ -15,12 +15,13 @@ pf::UnifiedApi::Controller::Config::ConnectionProfiles
 use strict;
 use warnings;
 use captiveportal::DynamicRouting::Application;
+use Mojo::Asset;
 use Mojo::Base qw(pf::UnifiedApi::Controller::Config);
 use pf::ConfigStore::Profile;
 use pf::UnifiedApi::Request;
 use pfappserver::Form::Config::Profile;
 use pfappserver::Form::Config::Profile::Default;
-use File::Slurp qw(write_file);
+use File::Slurp qw(read_file write_file);
 use POSIX qw(:errno_h);
 use JSON::MaybeXS qw();
 use File::Find;
@@ -38,6 +39,7 @@ use pf::file_paths qw(
 );
 use pf::error qw(is_error);
 use pfconfig::git_storage;
+use MIME::Base64 qw(encode_base64 decode_base64);
 
 has 'config_store_class' => 'pf::ConfigStore::Profile';
 has 'form_class' => 'pfappserver::Form::Config::Profile';
@@ -141,7 +143,13 @@ sub get_file {
         return $self->render_error(404, "'$file' not found");
     }
 
-    return $self->reply->file($path);
+    my $content = read_file($path);
+    my $encoded = encode_base64($content);
+
+    my $asset = Mojo::Asset::Memory->new;
+    $asset->add_chunk($encoded);
+
+    return $self->reply->asset($asset);
 }
 
 =head2 new_file
@@ -162,7 +170,7 @@ sub new_file {
        return $self->render_error(412, "'$file' already exists");
     }
 
-    my $content = $self->req->body;
+    my $content = decode_base64($self->req->body);
     eval {
         my (undef, $file_parent_dir, undef) = splitpath($path);
         pf_make_dir($file_parent_dir);
@@ -199,10 +207,10 @@ sub replace_file {
     }
 
     my $path = profileFilePath($id, $file);
-    my $content = $self->req->text;
+    my $content = decode_base64($self->req->body);
 
     eval {
-        write_file($path, {atomic=> 1, binmode => ':utf8', no_clobber => 0}, $content);
+        write_file($path, {atomic=> 1, binmode => ':raw', no_clobber => 1}, $content);
     };
     if ($@) {
        pf::log::get_logger->error("Error writing file: $@");

From 71632bda4de063506d60d7ad94070f7ab161d75e Mon Sep 17 00:00:00 2001
From: James Rouzier <jrouzier@inverse.ca>
Date: Thu, 20 Jan 2022 07:47:04 -0500
Subject: [PATCH 031/103] Make handling the radius requests async

---
 go/cmd/pfacct/pfacct.go |  3 +--
 go/cmd/pfacct/radius.go | 14 ++++----------
 2 files changed, 5 insertions(+), 12 deletions(-)

diff --git a/go/cmd/pfacct/pfacct.go b/go/cmd/pfacct/pfacct.go
index a9f9c87d6c0f..fa824a322cc4 100644
--- a/go/cmd/pfacct/pfacct.go
+++ b/go/cmd/pfacct/pfacct.go
@@ -29,7 +29,6 @@ type radiusRequest struct {
 	switchInfo *SwitchInfo
 	status     rfc2866.AcctStatusType
 	mac        mac.Mac
-	done       chan struct{}
 }
 
 type PfAcct struct {
@@ -83,7 +82,7 @@ func NewPfAcct() *PfAcct {
 	pfAcct.RadiusStatements.Setup(pfAcct.Db)
 
 	pfAcct.SetupConfig(ctx)
-	pfAcct.radiusRequests = makeRadiusRequests(pfAcct, 5, 10)
+	pfAcct.radiusRequests = makeRadiusRequests(pfAcct, 5, 1000)
 	pfAcct.AAAClient = jsonrpc2.NewAAAClientFromConfig(ctx)
 	//pfAcct.Dispatcher = NewDispatcher(16, 128)
 	pfAcct.runPing()
diff --git a/go/cmd/pfacct/radius.go b/go/cmd/pfacct/radius.go
index 1e8f82b8688e..2d3283995ef4 100644
--- a/go/cmd/pfacct/radius.go
+++ b/go/cmd/pfacct/radius.go
@@ -91,15 +91,16 @@ func (h *PfAcct) HandleAccounting(w radius.ResponseWriter, r *radius.Request) {
 	callingStation := rfc2865.CallingStationID_GetString(r.Packet)
 	mac, _ := mac.NewFromString(callingStation)
 	rr := radiusRequest{
-		w:          w,
 		r:          r,
 		status:     status,
 		switchInfo: switchInfo,
 		mac:        mac,
-		done:       make(chan struct{}),
 	}
 
 	h.sendRadiusRequestToQueue(rr)
+	outPacket := r.Response(radius.CodeAccountingResponse)
+	rfc2865.ReplyMessage_SetString(outPacket, "Accounting OK")
+	w.Write(h.AddProxyState(outPacket, r))
 	// h.handleAccountingRequest(w, r, switchInfo, mac)
 	// h.Dispatcher.SubmitJob(Work(func() { h.handleAccountingRequest(r, switchInfo) }))
 }
@@ -107,18 +108,11 @@ func (h *PfAcct) HandleAccounting(w radius.ResponseWriter, r *radius.Request) {
 func (h *PfAcct) sendRadiusRequestToQueue(rr radiusRequest) {
 	queueIndex := djb2Hash(rr.mac[:]) % uint64(len(h.radiusRequests))
 	h.radiusRequests[queueIndex] <- rr
-	<-rr.done
 }
 
 func (h *PfAcct) handleAccountingRequest(rr radiusRequest) {
-	r, w, switchInfo, mac, status := rr.r, rr.w, rr.switchInfo, rr.mac, rr.status
+	r, switchInfo, mac, status := rr.r, rr.switchInfo, rr.mac, rr.status
 	defer h.NewTiming().Send("pfacct.accounting." + rr.status.String())
-	outPacket := r.Response(radius.CodeAccountingResponse)
-	rfc2865.ReplyMessage_SetString(outPacket, "Accounting OK")
-	defer func() {
-		w.Write(h.AddProxyState(outPacket, r))
-		rr.done <- struct{}{}
-	}()
 	ctx := r.Context()
 	in_bytes := int64(rfc2866.AcctInputOctets_Get(r.Packet))
 	out_bytes := int64(rfc2866.AcctOutputOctets_Get(r.Packet))

From cd38fcc7647e19414620e77d7220bb98320dddc2 Mon Sep 17 00:00:00 2001
From: Darren Satkunas <dsatkuna@akamai.com>
Date: Tue, 29 Nov 2022 16:01:08 -0500
Subject: [PATCH 032/103] fix proxy content length header

---
 go/httpdportalpreview/httpdportalpreview.go | 1 +
 1 file changed, 1 insertion(+)

diff --git a/go/httpdportalpreview/httpdportalpreview.go b/go/httpdportalpreview/httpdportalpreview.go
index 01ca2d9e40a9..059116acc6dd 100644
--- a/go/httpdportalpreview/httpdportalpreview.go
+++ b/go/httpdportalpreview/httpdportalpreview.go
@@ -130,6 +130,7 @@ func (p *Proxy) ServeStatic(r *http.Response) error {
 
 	boeuf := bytes.NewBuffer(buffer)
 	r.Body = ioutil.NopCloser(boeuf)
+	r.Header["Content-Length"] = []string{fmt.Sprint(boeuf.Len())}
 	return nil
 }
 

From 94f3b88fcf851fdf7689b92165ad0ee0ed37a286 Mon Sep 17 00:00:00 2001
From: Durand Fabrice <oeufdure@gmail.com>
Date: Wed, 30 Nov 2022 10:42:59 -0500
Subject: [PATCH 033/103] Test if $port is defined

---
 lib/pf/radius.pm | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/lib/pf/radius.pm b/lib/pf/radius.pm
index 88b0456eada7..b93b018d2d9b 100644
--- a/lib/pf/radius.pm
+++ b/lib/pf/radius.pm
@@ -806,7 +806,7 @@ sub switch_access {
 
     $logger->info("handling radius autz request: from switch_ip => ($switch_ip), "
         . "connection_type => " . connection_type_to_str($connection_type) . ","
-        . "switch_mac => ".( defined($switch_mac) ? "($switch_mac)" : "(Unknown)" ).", mac => [$mac], port => $port, username => \"$user_name\"" );
+        . "switch_mac => ".( defined($switch_mac) ? "($switch_mac)" : "(Unknown)" ).", mac => [$mac], port => ".( defined($port) ? "($port)" : "(Unknown)" ).", username => \"$user_name\"" );
 
     if ( !$switch->canDoCliAccess && !$switch->supportsVPN()) {
         $logger->warn("CLI Access is not permit on this switch $switch->{_id}");

From d75f863f6831bbfef0af761fabeae878d3141dd4 Mon Sep 17 00:00:00 2001
From: James Rouzier <jrouzier@inverse.ca>
Date: Wed, 30 Nov 2022 15:50:17 +0000
Subject: [PATCH 034/103] Retry insertBandwidthAccountingStart and
 insertBandwidthAccountingUpdate on deadlocks and timeouts

---
 go/cmd/pfacct/radius.go | 44 +++++++++++++++++++++++++++++++++++++++--
 go/go.mod               |  1 +
 go/go.sum               |  2 ++
 3 files changed, 45 insertions(+), 2 deletions(-)

diff --git a/go/cmd/pfacct/radius.go b/go/cmd/pfacct/radius.go
index 2d3283995ef4..f8d7927b5204 100644
--- a/go/cmd/pfacct/radius.go
+++ b/go/cmd/pfacct/radius.go
@@ -12,7 +12,9 @@ import (
 	"time"
 
 	"github.com/OneOfOne/xxhash"
+	"github.com/VividCortex/mysqlerr"
 	cache "github.com/fdurand/go-cache"
+	"github.com/go-sql-driver/mysql"
 
 	"github.com/inverse-inc/go-radius"
 	"github.com/inverse-inc/go-radius/dictionary"
@@ -591,6 +593,38 @@ func setupStmt(db *sql.DB, stmt **sql.Stmt, sql string) {
 	}
 }
 
+func isErrorRetryable(err error) bool {
+	driverErr, ok := err.(*mysql.MySQLError)
+	if !ok {
+		return false
+	}
+
+	return driverErr.Number == mysqlerr.ER_LOCK_DEADLOCK || driverErr.Number == mysqlerr.ER_LOCK_WAIT_TIMEOUT
+}
+
+func tryExecute(retry int, pause time.Duration, stmt *sql.Stmt, args ...interface{}) (sql.Result, error) {
+	var err error
+	var res sql.Result
+	for retry >= 0 {
+		retry--
+		res, err = stmt.Exec(args...)
+		if err == nil {
+			break
+		}
+
+		if isErrorRetryable(err) {
+			if pause != 0 {
+				time.Sleep(pause)
+			}
+			continue
+		}
+
+		break
+	}
+
+	return res, err
+}
+
 func (rs *RadiusStatements) Setup(db *sql.DB) {
 	setupStmt(db, &rs.switchLookup, `
 		SELECT nasname, secret, unique_session_attributes
@@ -781,7 +815,10 @@ func (h *PfAcct) InsertBandwidthAccounting(status rfc2866.AcctStatusType, node_i
 	var err error
 	if status == rfc2866.AcctStatusType_Value_Start {
 		h.SetAcctSession(node_id, unique_session, &AcctSession{in_bytes: in_bytes, out_bytes: out_bytes})
-		_, err = h.insertBandwidthAccountingStart.Exec(
+		_, err = tryExecute(
+			3,
+			time.Millisecond*10,
+			h.insertBandwidthAccountingStart,
 			node_id,
 			mac,
 			unique_session,
@@ -799,7 +836,10 @@ func (h *PfAcct) InsertBandwidthAccounting(status rfc2866.AcctStatusType, node_i
 		}
 
 		h.SetAcctSession(node_id, unique_session, &AcctSession{in_bytes: in_bytes, out_bytes: out_bytes})
-		_, err = h.insertBandwidthAccountingUpdate.Exec(
+		_, err = tryExecute(
+			3,
+			time.Millisecond*10,
+			h.insertBandwidthAccountingUpdate,
 			node_id,
 			mac,
 			unique_session,
diff --git a/go/go.mod b/go/go.mod
index d404209d0590..b4071380c502 100644
--- a/go/go.mod
+++ b/go/go.mod
@@ -114,6 +114,7 @@ require (
 	github.com/Azure/go-autorest/logger v0.2.0 // indirect
 	github.com/Azure/go-autorest/tracing v0.6.0 // indirect
 	github.com/AzureAD/microsoft-authentication-library-for-go v0.5.1 // indirect
+	github.com/VividCortex/mysqlerr v1.0.0 // indirect
 	github.com/beorn7/perks v1.0.1 // indirect
 	github.com/bifurcation/mint v0.0.0-20180715133206-93c51c6ce115 // indirect
 	github.com/cenkalti/backoff v2.2.1+incompatible // indirect
diff --git a/go/go.sum b/go/go.sum
index fcbbe6198b99..fff192e28ddf 100644
--- a/go/go.sum
+++ b/go/go.sum
@@ -84,6 +84,8 @@ github.com/Sereal/Sereal v0.0.0-20200729022450-08708a3c86f3/go.mod h1:D0JMgToj/W
 github.com/Shopify/sarama v1.19.0/go.mod h1:FVkBWblsNy7DGZRfXLU0O9RCGt5g3g3yEuWXgklEdEo=
 github.com/Shopify/toxiproxy v2.1.4+incompatible/go.mod h1:OXgGpZ6Cli1/URJOF1DMxUHB2q5Ap20/P/eIdh4G0pI=
 github.com/VividCortex/gohistogram v1.0.0/go.mod h1:Pf5mBqqDxYaXu3hDrrU+w6nw50o/4+TcAqDqk/vUH7g=
+github.com/VividCortex/mysqlerr v1.0.0 h1:5pZ2TZA+YnzPgzBfiUWGqWmKDVNBdrkf9g+DNe1Tiq8=
+github.com/VividCortex/mysqlerr v1.0.0/go.mod h1:xERx8E4tBhLvpjzdUyQiSfUxeMcATEQrflDAfXsqcAE=
 github.com/afex/hystrix-go v0.0.0-20180502004556-fa1af6a1f4f5/go.mod h1:SkGFH1ia65gfNATL8TAiHDNxPzPdmEL5uirI2Uyuz6c=
 github.com/alecthomas/template v0.0.0-20160405071501-a0175ee3bccc/go.mod h1:LOuyumcjzFXgccqObfd/Ljyb9UuFJ6TxHnclSeseNhc=
 github.com/alecthomas/template v0.0.0-20190718012654-fb15b899a751/go.mod h1:LOuyumcjzFXgccqObfd/Ljyb9UuFJ6TxHnclSeseNhc=

From 12710f211dec463545f9a1e2326ac491a6852445 Mon Sep 17 00:00:00 2001
From: Darren Satkunas <dsatkuna@akamai.com>
Date: Wed, 30 Nov 2022 11:02:39 -0500
Subject: [PATCH 035/103] add helpers

---
 html/pfappserver/root/src/utils/regex.js      |  5 +++-
 .../Configuration/connectionProfiles/_api.js  |  3 +--
 .../_components/InlineName.vue                | 24 ++++++++++++++-----
 .../_components/ModalEdit.vue                 |  4 ++--
 .../_components/TheFilesList.vue              | 16 +++++++++----
 .../connectionProfiles/_store.js              |  7 +++---
 .../connectionProfiles/config.js              |  2 ++
 7 files changed, 42 insertions(+), 19 deletions(-)

diff --git a/html/pfappserver/root/src/utils/regex.js b/html/pfappserver/root/src/utils/regex.js
index 424de383af10..c4cf1db35b4f 100644
--- a/html/pfappserver/root/src/utils/regex.js
+++ b/html/pfappserver/root/src/utils/regex.js
@@ -19,4 +19,7 @@ export const reMac = value => /^([0-9a-fA-F]{2}[-:]?){5,}([0-9a-fA-F]){2}$/.test
 export const reNumeric = value => /^-?[0-9]*$/.test(value)
 
 // eslint-disable-next-line no-useless-escape
-export const reStaticRoute = value => /^(?:[0-9]{1,3}\.){3}[0-9]{1,3}\/?(\d+)?\s+?(via\s+(?:[0-9]{1,3}\.){3}[0-9]{1,3}\s+?)?dev\s+[a-z,0-9\.]+$/i.test(value)
\ No newline at end of file
+export const reStaticRoute = value => /^(?:[0-9]{1,3}\.){3}[0-9]{1,3}\/?(\d+)?\s+?(via\s+(?:[0-9]{1,3}\.){3}[0-9]{1,3}\s+?)?dev\s+[a-z,0-9\.]+$/i.test(value)
+
+// eslint-disable-next-line no-control-regex
+export const reAscii = value => /^([\x20-\x7E]+)$/.test(value)
\ No newline at end of file
diff --git a/html/pfappserver/root/src/views/Configuration/connectionProfiles/_api.js b/html/pfappserver/root/src/views/Configuration/connectionProfiles/_api.js
index 5faad2b1dc1e..08ffe41ed87f 100644
--- a/html/pfappserver/root/src/views/Configuration/connectionProfiles/_api.js
+++ b/html/pfappserver/root/src/views/Configuration/connectionProfiles/_api.js
@@ -51,8 +51,7 @@ export default {
     })
   },
   file: params => {
-    const method = params.quiet ? 'getQuiet' : 'get'
-    return apiCall[method](['config', 'connection_profile', params.id, 'files', ...params.filename.split('/').filter(p => p)], { ...params, nocache: true }).then(response => {
+    return apiCall.getQuiet(['config', 'connection_profile', params.id, 'files', ...params.filename.split('/').filter(p => p)], { ...params, nocache: true }).then(response => {
       return response.data
     })
   },
diff --git a/html/pfappserver/root/src/views/Configuration/connectionProfiles/_components/InlineName.vue b/html/pfappserver/root/src/views/Configuration/connectionProfiles/_components/InlineName.vue
index 71e42aa79ac4..6d631e0a6013 100644
--- a/html/pfappserver/root/src/views/Configuration/connectionProfiles/_components/InlineName.vue
+++ b/html/pfappserver/root/src/views/Configuration/connectionProfiles/_components/InlineName.vue
@@ -1,7 +1,9 @@
 <template>
   <div @click.stop class="d-flex flex-grow-1">
     <template v-if="!rename">
-      <span style="cursor: text;" @click.stop="onShow">{{ item.name }}</span>
+      <span style="cursor: text;" @click.stop="onShow"
+        v-b-tooltip.hover.top.d300 :title="$i18n.t('Click to rename')"
+      >{{ item.name }}</span>
     </template>
     <template v-else>
       <b-form @submit.prevent="onRename" ref="formRef"
@@ -10,16 +12,21 @@
           class="p-0 my-1 w-100"
           :form="form"
           :schema="schema"
-          :isLoading="isLoading"
+          :isLoading="isLoading || isRenaming"
         >
           <input-name namespace="name" ref="inputRef"
             class="w-100" :placeholder="item.name"
             @click.stop.prevent
           />
         </base-form>
-        <b-button :disabled="isLoading || !canRename"
-          size="sm" variant="primary" class="ml-1 my-1" @click="onRename">{{ $i18n.t('Rename') }}</b-button>
-        <b-button :disabled="isLoading"
+        <b-button :disabled="isLoading || isRenaming || !canRename"
+          size="sm" variant="primary" class="ml-1 my-1 py-0" @click="onRename">
+            <template v-if="!isRenaming"
+              >{{ $i18n.t('Rename') }}</template>
+            <icon v-else
+              name="circle-notch" spin />
+        </b-button>
+        <b-button :disabled="isLoading || isRenaming"
           size="sm" variant="danger" class="ml-1 my-1" @click.stop="onCancel">{{ $i18n.t('Cancel') }}</b-button>
       </b-form>
     </template>
@@ -113,14 +120,18 @@ const setup = (props, context) => {
   }
 
   const isLoading = computed(() => $store.getters['$_connection_profiles/isLoadingFiles'])
+  const isRenaming = ref(false)
   const onRename = () => {
     if (isValid.value) {
+      isRenaming.value = true
       const { path } = item.value
       return $store.dispatch(`$_connection_profiles/renameFile`, {
         from: { id: id.value, filename: `${path}/${item.value.name}`.replace('//', '/') },
         to: { id: id.value, filename: `${path}/${form.value.name}`.replace('//', '/')  },
         quiet: true
-      }).then(onCancel)
+      })
+        .then(onCancel)
+        .finally(() => isRenaming.value = false)
     }
   }
 
@@ -135,6 +146,7 @@ const setup = (props, context) => {
     schema,
 
     isLoading,
+    isRenaming,
     rename,
     onShow,
     onCancel,
diff --git a/html/pfappserver/root/src/views/Configuration/connectionProfiles/_components/ModalEdit.vue b/html/pfappserver/root/src/views/Configuration/connectionProfiles/_components/ModalEdit.vue
index 3ebe9998c3a3..f83c69f939d7 100644
--- a/html/pfappserver/root/src/views/Configuration/connectionProfiles/_components/ModalEdit.vue
+++ b/html/pfappserver/root/src/views/Configuration/connectionProfiles/_components/ModalEdit.vue
@@ -188,8 +188,8 @@ const setup = (props, context) => {
     }
     else {
       $store.dispatch('$_connection_profiles/getFile', { id: id.value, filename: path.value }).then(response => {
-        const { content, meta: { not_deletable, not_revertible } = {} } = response
-        editorContent.value = atob(content)
+        const { content: { message }, meta: { not_deletable, not_revertible } = {} } = response
+        editorContent.value = atob(message)
         isDeletable.value = !not_deletable
         isRevertible.value = !not_revertible
       })
diff --git a/html/pfappserver/root/src/views/Configuration/connectionProfiles/_components/TheFilesList.vue b/html/pfappserver/root/src/views/Configuration/connectionProfiles/_components/TheFilesList.vue
index fe32716d9de0..aa04b8b73578 100644
--- a/html/pfappserver/root/src/views/Configuration/connectionProfiles/_components/TheFilesList.vue
+++ b/html/pfappserver/root/src/views/Configuration/connectionProfiles/_components/TheFilesList.vue
@@ -40,6 +40,7 @@
           <icon :name="(item.isImage) ? 'file-image' : 'file'" />
 
           <inline-name v-if="!item.not_revertible || !item.not_deletable"
+            :key="`${item.path}/${item.name}`"
             :id="id" :item="item" :entries="entries" />
           <span v-else
             >{{ item.name }}</span>
@@ -84,7 +85,7 @@
             <b-dropdown-item @click="onToggleUpload(item)">
               <base-button-upload
                 @files="onUploadFiles(item, $event)"
-                :accept="uploadAccept"
+                :accept="acceptMimes"
                 multiple
               >{{ $i18n.t('Upload File(s)') }}</base-button-upload>
             </b-dropdown-item>
@@ -191,6 +192,8 @@ const tableFields = [
 
 import { computed, ref, toRefs, watch } from '@vue/composition-api'
 import i18n from '@/utils/locale'
+import { reAscii } from '@/utils/regex'
+import { acceptMimes } from '../config'
 import { fileNotExists } from '../schema'
 
 const setup = (props, context) => {
@@ -424,6 +427,13 @@ const setup = (props, context) => {
     const pathname = `${path}/${name}`.replace('//', '/')
     files.forEach(file => {
       const filename = file.name.trim()
+      if(!reAscii(filename)) {
+        return $store.dispatch('notification/danger', {
+          icon: 'exclamation-triangle',
+          url: filename,
+          message: i18n.t('Upload skipped. {filename} contains non-ASCII characters and is not a valid filename.', { filename: `<code>${filename}</code>` })
+        })
+      }
       const exists = !fileNotExists(entries.value, pathname, filename)
       if (exists) {
         $store.dispatch('notification/danger', {
@@ -459,8 +469,6 @@ const setup = (props, context) => {
     })
   }
 
-  const uploadAccept = '*/*'
-
   return {
     sortBy,
     sortDesc,
@@ -494,7 +502,7 @@ const setup = (props, context) => {
     hideDefaultFiles,
 
     onUploadFiles,
-    uploadAccept,
+    acceptMimes,
   }
 }
 
diff --git a/html/pfappserver/root/src/views/Configuration/connectionProfiles/_store.js b/html/pfappserver/root/src/views/Configuration/connectionProfiles/_store.js
index 1397046c7ff0..468c7844c237 100644
--- a/html/pfappserver/root/src/views/Configuration/connectionProfiles/_store.js
+++ b/html/pfappserver/root/src/views/Configuration/connectionProfiles/_store.js
@@ -237,10 +237,9 @@ const actions = {
   renameFile: ({ commit, dispatch }, params) => {
     const { to, from, ...options } = params
     commit('FILE_REQUEST')
-    return api.file(from).then(content => {
-      return api.createFile({
-        ...to, ...options, content
-      }).then(() => {
+    return api.file(from).then(response => {
+      const { message: content = '' } = response
+      return api.createFile({ ...to, ...options, content }).then(() => {
         return api.deleteFile({ ...from, ...options }).then(() => {
           return dispatch('files', { id: from.id })
         }).catch(err => {
diff --git a/html/pfappserver/root/src/views/Configuration/connectionProfiles/config.js b/html/pfappserver/root/src/views/Configuration/connectionProfiles/config.js
index 41567e3036f1..8eada5f89514 100644
--- a/html/pfappserver/root/src/views/Configuration/connectionProfiles/config.js
+++ b/html/pfappserver/root/src/views/Configuration/connectionProfiles/config.js
@@ -86,3 +86,5 @@ export const filters = {
     types: [pfFieldType.SUBSTRING]
   }
 }
+
+export const acceptMimes = 'text/*, image/*'

From fcd92994ee2a11be2ac903516ef3b7598f2b3f3d Mon Sep 17 00:00:00 2001
From: James Rouzier <jrouzier@inverse.ca>
Date: Wed, 30 Nov 2022 16:12:33 +0000
Subject: [PATCH 036/103] Add pfacct_worker and pfacct_work_queue_size to
 pf.conf radius configuration

---
 conf/documentation.conf      | 13 +++++++++++++
 conf/pf.conf.defaults        |  8 ++++++++
 go/pfconfigdriver/structs.go |  2 ++
 3 files changed, 23 insertions(+)

diff --git a/conf/documentation.conf b/conf/documentation.conf
index 83586f919981..a7e6cdfb721f 100644
--- a/conf/documentation.conf
+++ b/conf/documentation.conf
@@ -1841,6 +1841,19 @@ description=<<EOT
 Process bandwidth accounting.
 EOT
 
+[radius_configuration.pfacct_workers]
+type=numeric
+options=enabled|disabled
+description=<<EOT
+The number of workers proccessing accounting packets.
+EOT
+
+[radius_configuration.pfacct_work_queue_size]
+type=numeric
+description=<<EOT
+The size of the queue for each worker.
+EOT
+
 [dns_configuration.record_dns_in_sql]
 type=toggle
 options=enabled|disabled
diff --git a/conf/pf.conf.defaults b/conf/pf.conf.defaults
index b24aead8e3f3..7a6bc53f9879 100644
--- a/conf/pf.conf.defaults
+++ b/conf/pf.conf.defaults
@@ -1367,6 +1367,14 @@ local_auth=disabled
 #
 # Process bandwidth accounting.
 process_bandwidth_accounting = disabled
+# radius_configuration.pfacct_workers
+#
+# The number of workers proccessing accounting packets.
+pfacct_workers = 5
+# radius_configuration.pfacct_work_queue_size
+#
+# The size of the queue for each worker.
+pfacct_work_queue_size = 1000
 
 [dns_configuration]
 #
diff --git a/go/pfconfigdriver/structs.go b/go/pfconfigdriver/structs.go
index 1e9141dc9ba4..55c13e4b00db 100644
--- a/go/pfconfigdriver/structs.go
+++ b/go/pfconfigdriver/structs.go
@@ -719,6 +719,8 @@ type PfConfRadiusConfiguration struct {
 	UsernameAttributes                 []string `json:"username_attributes"`
 	ForwardKeyBalanced                 string   `json:"forward_key_balanced"`
 	ProcessBandwidthAccounting         string   `json:"process_bandwidth_accounting"`
+	PfacctWorker                       string   `json:"pfacct_worker"`
+	PfacctWorkQueueSize                string   `json:"pfacct_work_queue_size"`
 }
 
 type Certificate struct {

From bbe71ff08615f84a451a53441cc9e30a19b9d9e4 Mon Sep 17 00:00:00 2001
From: Darren Satkunas <dsatkuna@akamai.com>
Date: Wed, 30 Nov 2022 11:15:15 -0500
Subject: [PATCH 037/103] admin(npm): bump version

---
 html/pfappserver/root/package.json | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/html/pfappserver/root/package.json b/html/pfappserver/root/package.json
index 5e1746656a47..883db77e4657 100644
--- a/html/pfappserver/root/package.json
+++ b/html/pfappserver/root/package.json
@@ -1,6 +1,6 @@
 {
   "name": "packetfence-admin",
-  "version": "12.1.0",
+  "version": "12.2.0",
   "private": true,
   "scripts": {
     "serve": "vue-cli-service serve",

From df4b994db1abea99448f8c4f4dd5af00199b9ab8 Mon Sep 17 00:00:00 2001
From: Darren Satkunas <dsatkuna@akamai.com>
Date: Wed, 30 Nov 2022 11:24:47 -0500
Subject: [PATCH 038/103] admin(js): fix cert validators, fixes #7392

---
 .../src/views/Configuration/sources/schema.js | 19 ++++++++++++++++---
 1 file changed, 16 insertions(+), 3 deletions(-)

diff --git a/html/pfappserver/root/src/views/Configuration/sources/schema.js b/html/pfappserver/root/src/views/Configuration/sources/schema.js
index e84e747ca016..aed811a5afa1 100644
--- a/html/pfappserver/root/src/views/Configuration/sources/schema.js
+++ b/html/pfappserver/root/src/views/Configuration/sources/schema.js
@@ -84,14 +84,17 @@ export const schema = (props) => {
 
   const {
     cert_file_upload,
-    key_file_upload,
+    client_cert_file_upload,
+    client_key_file_upload,
     idp_ca_cert_path_upload,
     idp_cert_path_upload,
     idp_metadata_path_upload,
+    key_file_upload,
     path_upload,
     paypal_cert_file_upload,
     sp_cert_path_upload,
     sp_key_path_upload,
+
   } = form || {}
 
   return yup.object({
@@ -123,9 +126,19 @@ export const schema = (props) => {
           : yup.string().nullable()
       }),
     cert_id: yup.string().label(i18n.t('ID')),
-    client_cert_file: yup.string().label(i18n.t('Client Certificate')),
+    client_cert_file: yup.string()
+      .when('client_cert_file_upload', () => {
+        return (!client_cert_file_upload)
+          ? yup.string().nullable().required(i18n.t('Client certificate required.'))
+          : yup.string().nullable()
+      }),
     client_id: yup.string().label(i18n.t('Client ID')),
-    client_key_file: yup.string().label(i18n.t('Client Key')),
+    client_key_file: yup.string()
+      .when('client_key_file_upload', () => {
+        return (!client_key_file_upload)
+          ? yup.string().nullable().required(i18n.t('Client key required.'))
+          : yup.string().nullable()
+      }),
     client_secret: yup.string().label(i18n.t('Secret')),
     description: yup.string().label(i18n.t('Description')),
     domains: yup.string().label(i18n.t('Domains')),

From 4f52b665917a2dca624110b1aabe3c228d50c966 Mon Sep 17 00:00:00 2001
From: James Rouzier <jrouzier@inverse.ca>
Date: Wed, 30 Nov 2022 16:55:53 +0000
Subject: [PATCH 039/103] use the radius worker configuration pfconfig

---
 go/cmd/pfacct/pfacct.go | 27 +++++++++++++++++++++++++--
 1 file changed, 25 insertions(+), 2 deletions(-)

diff --git a/go/cmd/pfacct/pfacct.go b/go/cmd/pfacct/pfacct.go
index fa824a322cc4..27799ed80621 100644
--- a/go/cmd/pfacct/pfacct.go
+++ b/go/cmd/pfacct/pfacct.go
@@ -5,6 +5,7 @@ import (
 	"database/sql"
 	"fmt"
 	"net"
+	"strconv"
 	"time"
 
 	cache "github.com/fdurand/go-cache"
@@ -22,6 +23,8 @@ import (
 )
 
 const DefaultTimeDuration = 5 * time.Minute
+const DefaultRadiusWorkers = 5
+const DefaultRadiusWorkQueueSize = 1000
 
 type radiusRequest struct {
 	w          radius.ResponseWriter
@@ -55,6 +58,8 @@ type PfAcct struct {
 	radiusdAcctEnabled   bool
 	AllNetworks          bool
 	ProcessBandwidthAcct bool
+	RadiusWorkers        int
+	RadiusWorkQueueSize  int
 }
 
 func NewPfAcct() *PfAcct {
@@ -74,7 +79,12 @@ func NewPfAcct() *PfAcct {
 		err = Database.Ping()
 	}
 
-	pfAcct := &PfAcct{Db: Database, TimeDuration: DefaultTimeDuration}
+	pfAcct := &PfAcct{
+		Db:                  Database,
+		TimeDuration:        DefaultTimeDuration,
+		RadiusWorkers:       DefaultRadiusWorkers,
+		RadiusWorkQueueSize: DefaultRadiusWorkQueueSize,
+	}
 	pfAcct.SwitchInfoCache = cache.New(5*time.Minute, 10*time.Minute)
 	pfAcct.NodeSessionCache = cache.New(cache.NoExpiration, cache.NoExpiration)
 	pfAcct.AcctSessionCache = cache.New(5*time.Minute, 10*time.Minute)
@@ -82,7 +92,7 @@ func NewPfAcct() *PfAcct {
 	pfAcct.RadiusStatements.Setup(pfAcct.Db)
 
 	pfAcct.SetupConfig(ctx)
-	pfAcct.radiusRequests = makeRadiusRequests(pfAcct, 5, 1000)
+	pfAcct.radiusRequests = makeRadiusRequests(pfAcct, pfAcct.RadiusWorkers, pfAcct.RadiusWorkQueueSize)
 	pfAcct.AAAClient = jsonrpc2.NewAAAClientFromConfig(ctx)
 	//pfAcct.Dispatcher = NewDispatcher(16, 128)
 	pfAcct.runPing()
@@ -153,10 +163,23 @@ func (pfAcct *PfAcct) SetupConfig(ctx context.Context) {
 	var RadiusConfiguration pfconfigdriver.PfConfRadiusConfiguration
 	pfconfigdriver.FetchDecodeSocket(ctx, &RadiusConfiguration)
 	pfAcct.ProcessBandwidthAcct = sharedutils.IsEnabled(RadiusConfiguration.ProcessBandwidthAccounting)
+
 	if !pfAcct.ProcessBandwidthAcct {
 		logInfo(ctx, "Not processing bandwidth accounting records. To enable set radius_configuration.process_bandwidth_accounting = enabled")
 	}
 
+	if i, err := strconv.ParseInt(RadiusConfiguration.PfacctWorker, 10, 64); err != nil {
+		logWarn(ctx, fmt.Sprintf("Invalid number '%s' pfacct_worker defaulting to '%d'", RadiusConfiguration.PfacctWorker, pfAcct.RadiusWorkers))
+	} else {
+		pfAcct.RadiusWorkers = int(i)
+	}
+
+	if i, err := strconv.ParseInt(RadiusConfiguration.PfacctWorkQueueSize, 10, 64); err != nil {
+		logWarn(ctx, fmt.Sprintf("Invalid number '%s' pfacct_work_queue_size defaulting to '%d'", RadiusConfiguration.PfacctWorkQueueSize, pfAcct.RadiusWorkQueueSize))
+	} else {
+		pfAcct.RadiusWorkQueueSize = int(i)
+	}
+
 	localSecret := pfconfigdriver.LocalSecret{}
 	pfconfigdriver.FetchDecodeSocket(ctx, &localSecret)
 	pfAcct.localSecret = localSecret.Element

From ac3c6413ea3d1473551442fdab84093664ff3c62 Mon Sep 17 00:00:00 2001
From: James Rouzier <jrouzier@inverse.ca>
Date: Wed, 30 Nov 2022 17:12:17 +0000
Subject: [PATCH 040/103] Add to the form

---
 .../radius/general/_components/TheForm.vue     | 18 ++++++++++++++++--
 .../radius/general/_components/index.js        |  5 ++++-
 2 files changed, 20 insertions(+), 3 deletions(-)

diff --git a/html/pfappserver/root/src/views/Configuration/radius/general/_components/TheForm.vue b/html/pfappserver/root/src/views/Configuration/radius/general/_components/TheForm.vue
index 3ba96a6603a0..3d8a8943bc00 100644
--- a/html/pfappserver/root/src/views/Configuration/radius/general/_components/TheForm.vue
+++ b/html/pfappserver/root/src/views/Configuration/radius/general/_components/TheForm.vue
@@ -67,6 +67,16 @@
       :text="$i18n.t('Enables processing of bandwidth accounting. Requires a restart of pfacct to be effective')"
     />
 
+    <form-group-pfacct-workers namespace="pfacct_workers"
+      :column-label="$i18n.t('Pfacct workers')"
+      :text="$i18n.t('The number of processing accounting packets. Requires a restart of pfacct to be effective')"
+    />
+
+    <form-group-pfacct-work-queue-size namespace="pfacct_work_queue_size"
+      :column-label="$i18n.t('Pfacct Work Queue Size')"
+      :text="$i18n.t('The size of the queue for each worker. Requires a restart of pfacct to be effective')"
+    />
+
     <form-group-radius-attributes namespace="radius_attributes"
       :column-label="$i18n.t('RADIUS attributes')"
       :text="$i18n.t('List of RADIUS attributes that can be used in the sources configuration.')"
@@ -120,7 +130,9 @@ import {
   FormGroupRadiusAttributes,
   FormGroupNormalizeRadiusMachineAuthUsername,
   FormGroupProcessBandwidthAccounting,
-  FormGroupUsernameAttributes
+  FormGroupUsernameAttributes,
+  FormGroupPfacctWorkers,
+  FormGroupPfacctWorkQueueSize
 } from './'
 
 const components = {
@@ -142,7 +154,9 @@ const components = {
   FormGroupRadiusAttributes,
   FormGroupNormalizeRadiusMachineAuthUsername,
   FormGroupProcessBandwidthAccounting,
-  FormGroupUsernameAttributes
+  FormGroupUsernameAttributes,
+  FormGroupPfacctWorkers,
+  FormGroupPfacctWorkQueueSize
 }
 
 export const props = {
diff --git a/html/pfappserver/root/src/views/Configuration/radius/general/_components/index.js b/html/pfappserver/root/src/views/Configuration/radius/general/_components/index.js
index f7b454eac577..d128a29b8955 100644
--- a/html/pfappserver/root/src/views/Configuration/radius/general/_components/index.js
+++ b/html/pfappserver/root/src/views/Configuration/radius/general/_components/index.js
@@ -1,7 +1,8 @@
 import {
   BaseFormButtonBar,
   BaseFormGroupTextarea,
-  BaseFormGroupToggleDisabledEnabled
+  BaseFormGroupToggleDisabledEnabled,
+  BaseFormGroupInputNumber
 } from '@/components/new/'
 import { BaseViewResource } from '../../../_components/new/'
 import AlertServices from './AlertServices'
@@ -28,6 +29,8 @@ export {
   BaseFormGroupTextarea               as FormGroupRadiusAttributes,
   BaseFormGroupToggleDisabledEnabled  as FormGroupNormalizeRadiusMachineAuthUsername,
   BaseFormGroupTextarea               as FormGroupUsernameAttributes,
+  BaseFormGroupInputNumber            as FormGroupPfacctWorkers,
+  BaseFormGroupInputNumber            as FormGroupPfacctWorkQueueSize,
 
   AlertServices,
   BaseViewResource                    as BaseView,

From fdd2a85ed425e81c7a10c4758daa1b5b0ad21b29 Mon Sep 17 00:00:00 2001
From: James Rouzier <jrouzier@inverse.ca>
Date: Wed, 30 Nov 2022 17:34:54 +0000
Subject: [PATCH 041/103] Fix typo

---
 go/cmd/pfacct/pfacct.go      | 4 ++--
 go/pfconfigdriver/structs.go | 2 +-
 2 files changed, 3 insertions(+), 3 deletions(-)

diff --git a/go/cmd/pfacct/pfacct.go b/go/cmd/pfacct/pfacct.go
index 27799ed80621..891dc3f93501 100644
--- a/go/cmd/pfacct/pfacct.go
+++ b/go/cmd/pfacct/pfacct.go
@@ -168,8 +168,8 @@ func (pfAcct *PfAcct) SetupConfig(ctx context.Context) {
 		logInfo(ctx, "Not processing bandwidth accounting records. To enable set radius_configuration.process_bandwidth_accounting = enabled")
 	}
 
-	if i, err := strconv.ParseInt(RadiusConfiguration.PfacctWorker, 10, 64); err != nil {
-		logWarn(ctx, fmt.Sprintf("Invalid number '%s' pfacct_worker defaulting to '%d'", RadiusConfiguration.PfacctWorker, pfAcct.RadiusWorkers))
+	if i, err := strconv.ParseInt(RadiusConfiguration.PfacctWorkers, 10, 64); err != nil {
+		logWarn(ctx, fmt.Sprintf("Invalid number '%s' pfacct_worker defaulting to '%d'", RadiusConfiguration.PfacctWorkers, pfAcct.RadiusWorkers))
 	} else {
 		pfAcct.RadiusWorkers = int(i)
 	}
diff --git a/go/pfconfigdriver/structs.go b/go/pfconfigdriver/structs.go
index 55c13e4b00db..0ced6374fa99 100644
--- a/go/pfconfigdriver/structs.go
+++ b/go/pfconfigdriver/structs.go
@@ -719,7 +719,7 @@ type PfConfRadiusConfiguration struct {
 	UsernameAttributes                 []string `json:"username_attributes"`
 	ForwardKeyBalanced                 string   `json:"forward_key_balanced"`
 	ProcessBandwidthAccounting         string   `json:"process_bandwidth_accounting"`
-	PfacctWorker                       string   `json:"pfacct_worker"`
+	PfacctWorkers                      string   `json:"pfacct_workers"`
 	PfacctWorkQueueSize                string   `json:"pfacct_work_queue_size"`
 }
 

From 88a27dfb2c769bbf4f36081e8db975a660cd7021 Mon Sep 17 00:00:00 2001
From: Darren Satkunas <dsatkuna@akamai.com>
Date: Thu, 1 Dec 2022 10:12:08 -0500
Subject: [PATCH 042/103] fix(admin(js)): add support for toggle in CSV import
 static mappings, fixes #7373

---
 html/pfappserver/root/src/globals/pfField.js   |  7 ++++++-
 .../root/src/views/Nodes/_config/index.js      | 18 ++++++++++++++++--
 2 files changed, 22 insertions(+), 3 deletions(-)

diff --git a/html/pfappserver/root/src/globals/pfField.js b/html/pfappserver/root/src/globals/pfField.js
index ceddf6b193c5..551f78c9eccb 100644
--- a/html/pfappserver/root/src/globals/pfField.js
+++ b/html/pfappserver/root/src/globals/pfField.js
@@ -345,7 +345,8 @@ import {
   BaseInputGroupMultiplier,
   BaseInputNumber,
   BaseInputChosenMultiple,
-  BaseInputChosenOne
+  BaseInputChosenOne,
+  BaseInputToggle,
 } from '@/components/new'
 
 export const useField = (field) => {
@@ -392,6 +393,10 @@ export const useField = (field) => {
           return { is: BaseInputNumber, ...props }
           // break
 
+        case pfComponentType.TOGGLE:
+          return { is: BaseInputToggle, ...props }
+          // break
+
         case pfComponentType.HIDDEN:
         case pfComponentType.NONE:
           return undefined
diff --git a/html/pfappserver/root/src/views/Nodes/_config/index.js b/html/pfappserver/root/src/views/Nodes/_config/index.js
index d60e7a8c785a..e4543b2cc60a 100644
--- a/html/pfappserver/root/src/views/Nodes/_config/index.js
+++ b/html/pfappserver/root/src/views/Nodes/_config/index.js
@@ -43,7 +43,14 @@ export const importFields = [
     types: [fieldType.YESNO],
     required: false,
     formatter: formatter.yesNoFromString,
-    validator: validatorFromColumnSchemas(MysqlDatabase.node.autoreg)
+    validator: validatorFromColumnSchemas(MysqlDatabase.node.autoreg),
+    props: {
+      options: [
+        { value: 'no', label: i18n.t('No') },
+        { value: 'yes', label: i18n.t('Yes'), color: 'var(--primary)' }
+      ],
+      labelRight: true
+    }
   },
   {
     value: 'bandwidth_balance',
@@ -120,7 +127,14 @@ export const importFields = [
     types: [fieldType.YESNO],
     required: false,
     formatter: formatter.yesNoFromString,
-    validator: validatorFromColumnSchemas(MysqlDatabase.node.voip)
+    validator: validatorFromColumnSchemas(MysqlDatabase.node.voip),
+    props: {
+      options: [
+        { value: 'no', label: i18n.t('No') },
+        { value: 'yes', label: i18n.t('Yes'), color: 'var(--primary)' }
+      ],
+      labelRight: true
+    }
   }
 ]
 

From 1a3aa5b050203d58fee58229ad39bea31e6ef8f8 Mon Sep 17 00:00:00 2001
From: Julien Semaan <jul.semaan@gmail.com>
Date: Thu, 1 Dec 2022 15:35:13 +0000
Subject: [PATCH 043/103] make the default logo location be in the profile
 templates

---
 Makefile                    | 5 +++++
 conf/profiles.conf.defaults | 2 +-
 debian/packetfence.postinst | 9 ++++++++-
 rpm/packetfence.spec        | 5 ++++-
 4 files changed, 18 insertions(+), 3 deletions(-)

diff --git a/Makefile b/Makefile
index 06895265bddd..060b9140f0ae 100644
--- a/Makefile
+++ b/Makefile
@@ -358,3 +358,8 @@ material: DESTDIR=result
 material:
 	mkdir -p $(CURDIR)/$(DESTDIR)
 	perl $(SRC_ADDONSDIR)/dev-helpers/bin/switch_options_table.pl > $(CURDIR)/$(DESTDIR)/material.html
+
+html/captive-portal/profile-templates/default/logo.png:
+	mkdir -p html/captive-portal/profile-templates/default
+	cp html/common/packetfence-cp.png /usr/local/pf/html/captive-portal/profile-templates/default/logo.png
+
diff --git a/conf/profiles.conf.defaults b/conf/profiles.conf.defaults
index e6c69573884b..c02aa5ab6a67 100644
--- a/conf/profiles.conf.defaults
+++ b/conf/profiles.conf.defaults
@@ -8,7 +8,7 @@
 
 [default]
 description=Default Profile
-logo=/common/packetfence-cp.png
+logo=/profile-templates/default/logo.png
 redirecturl=http://www.packetfence.org/
 always_use_redirecturl=disabled
 locale=en_US
diff --git a/debian/packetfence.postinst b/debian/packetfence.postinst
index c88ee86c6548..8c3de82e9cf2 100644
--- a/debian/packetfence.postinst
+++ b/debian/packetfence.postinst
@@ -54,11 +54,15 @@ case "$1" in
         VERSIONSQL=$(ls pf-schema-* |sort --version-sort -r | head -1)
         ln -f -s $VERSIONSQL ./pf-schema.sql
 
-        #Make ssl certificate
         cd /usr/local/pf
+
+        #Make ssl certificate
         make conf/ssl/server.pem
         chown pf $PACKETFENCE/conf/ssl/server.key
 
+        #Make configurable logo in default profile templates
+        make html/captive-portal/profile-templates/default/logo.png
+
         # Stop packetfence-config during upgrade process to ensure
         # it is started with latest code
         if [ "$(/bin/systemctl show -p ActiveState packetfence-config | awk -F '=' '{print $2}')" = "active" ]; then
@@ -98,6 +102,9 @@ case "$1" in
             echo "pf.conf already exists, won't touch it!"
         fi
 
+        mkdir -p /usr/local/pf/html/captive-portal/profile-templates/default
+        cp /usr/local/pf/html/common/packetfence-cp.png /usr/local/pf/html/captive-portal/profile-templates/default/logo.png
+
         # managing services
         set +e
         for service in apache2 snmptrapfmt freeradius apparmor haproxy keepalived redis-server smbd samba winbind nmbd mysql snmpd netdata collectd proxysql; do
diff --git a/rpm/packetfence.spec b/rpm/packetfence.spec
index fb65e52540ce..0b54d399aa49 100644
--- a/rpm/packetfence.spec
+++ b/rpm/packetfence.spec
@@ -655,12 +655,15 @@ gpg --no-default-keyring --keyring /root/.gnupg/pubring.kbx --import /etc/pki/rp
 # Remove the monit service from the multi-user target if its there
 rm -f /etc/systemd/system/multi-user.target.wants/monit.service
 
+cd /usr/local/pf
 
 #Make ssl certificate
-cd /usr/local/pf
 make conf/ssl/server.pem
 chown pf /usr/local/pf/conf/ssl/server.key
 
+#Make configurable logo in default profile templates
+make html/captive-portal/profile-templates/default/logo.png
+
 # Create server local RADIUS secret
 if [ ! -f /usr/local/pf/conf/local_secret ]; then
     date +%s | sha256sum | base64 | head -c 32 > /usr/local/pf/conf/local_secret

From ae3e0761292a3ea87ff29849c8a07ca317dd9faf Mon Sep 17 00:00:00 2001
From: Julien Semaan <jul.semaan@gmail.com>
Date: Thu, 1 Dec 2022 15:53:28 +0000
Subject: [PATCH 044/103] adjust logo doc

---
 .../customizing_packetfence.asciidoc          | 30 +++----------------
 1 file changed, 4 insertions(+), 26 deletions(-)

diff --git a/docs/developer/customizing_packetfence.asciidoc b/docs/developer/customizing_packetfence.asciidoc
index a92474e19aaf..44600f2992fd 100644
--- a/docs/developer/customizing_packetfence.asciidoc
+++ b/docs/developer/customizing_packetfence.asciidoc
@@ -44,35 +44,13 @@ Note that you cannot use the full locale in the template name (i.e. `aup_text.en
 
 ===== Logo
 
-WARNING: If you perform an upgrade from a 11.X version, these steps have been handled by an upgrade script.
+In order to customize the default logo that is shown on the captive portal, go in _Configuration->Policies And Access Control->Connection Profiles->default->Files_. Next, upload your logo at the root of the files. Once it has been uploaded, go in the _Captive Portal_ section of the connection profile and change the Logo field to `/profile-templates/default/filename-of-your-logo.png`.
 
-In order to display your own logo on captive portal, you need to follow these
-steps on your PacketFence server (or on first node of your cluster):
+Alternatively, you could also delete the existing `logo.png` in the files, then upload your logo and rename it to `logo.png`. Doing so will not require to alter the value of 'Logo' in the connection profile.
 
-. Upload your logo through SSH in [filename]`/tmp/my_logo.png`
-. Run following commands:
+You can also have a different logo per connection profile. In order to do so, upload your logo in the appropriate connection profile, then edit it's 'Logo' value to be `/profile-templates/CONNECTION_PROFILE_ID/filename-of-your-logo.png`.
 
-.Standalone and clusters
-[source,bash]
-----
-mkdir /usr/local/pf/html/captive-portal/profile-templates/default
-cp /tmp/my_logo.png /usr/local/pf/html/captive-portal/profile-templates/default/my_logo.png
-----
-
-.Clusters only
-[source,bash]
-----
-cat >> /usr/local/pf/conf/cluster-files.txt << EOF
-/usr/local/pf/conf/cluster-files.txt
-/usr/local/pf/html/captive-portal/profile-templates/default/my_logo.png
-EOF
-/usr/local/pf/bin/cluster/sync --as-master
-----
-
-Once done, connect to PacketFence web admin and configure `default` connection
-profile (_Configuration -> Policies and Access control -> Connection profiles_) like this:
-
-* Logo: [filename]`/profile-templates/default/logo.png`
+For the best results, your logo size should be approximately 330x75 pixels.
 
 ===== CSS
 

From ec71597fe700ca695f14531a4de0a6dc60ad332f Mon Sep 17 00:00:00 2001
From: Darren Satkunas <dsatkuna@akamai.com>
Date: Thu, 1 Dec 2022 08:12:46 -0800
Subject: [PATCH 045/103] allow upload replacement

---
 .../root/src/globals/pfFormatters.js          |  2 +-
 .../_components/TheFilesList.vue              | 47 +++++++------------
 2 files changed, 19 insertions(+), 30 deletions(-)

diff --git a/html/pfappserver/root/src/globals/pfFormatters.js b/html/pfappserver/root/src/globals/pfFormatters.js
index 7f3ecfe08b30..c58f165c50ed 100644
--- a/html/pfappserver/root/src/globals/pfFormatters.js
+++ b/html/pfappserver/root/src/globals/pfFormatters.js
@@ -94,5 +94,5 @@ export const pfFormatters = {
   },
   shortDateTime: (value) => {
     return filters.shortDateTime(parseInt(value) * 1000)
-  },
+  }
 }
diff --git a/html/pfappserver/root/src/views/Configuration/connectionProfiles/_components/TheFilesList.vue b/html/pfappserver/root/src/views/Configuration/connectionProfiles/_components/TheFilesList.vue
index aa04b8b73578..a257c593f40d 100644
--- a/html/pfappserver/root/src/views/Configuration/connectionProfiles/_components/TheFilesList.vue
+++ b/html/pfappserver/root/src/views/Configuration/connectionProfiles/_components/TheFilesList.vue
@@ -435,37 +435,26 @@ const setup = (props, context) => {
         })
       }
       const exists = !fileNotExists(entries.value, pathname, filename)
+      let method = 'createFile'
+      let message = i18n.t('{file} uploaded.', { file: `<code>${pathname}/${filename}</code>` })
       if (exists) {
-        $store.dispatch('notification/danger', {
-          icon: 'exclamation-triangle',
-          url: filename,
-          message: i18n.t('{file} exists.', { file: `<code>${pathname}/${filename}</code>` })
-        })
-      }
-      else {
-        $store.dispatch(`${file.storeName}/readAsDataURL`).then(content => {
-          $store.dispatch('$_connection_profiles/createFile', {
-            id: id.value,
-            filename: `${pathname}/${filename}`.replace('//', '/'),
-            content, // file.result
-            quiet: true
-          }).then(() => {
-            $store.dispatch('notification/info', {
-              url: filename,
-              message: i18n.t('{file} uploaded.', { file: `<code>${pathname}/${filename}</code>` })
-            })
-
-          }).catch(error => {
-            const { response: { data: { message = '' } = {} } = {} } = error
-            $store.dispatch('notification/danger', {
-              icon: 'exclamation-triangle',
-              url: filename,
-              message
-            })
-            throw error
-          }).finally(_getFiles)
-        })
+        method = 'updateFile'
+        message = i18n.t('{file} replaced.', { file: `<code>${pathname}/${filename}</code>` })
       }
+      $store.dispatch(`${file.storeName}/readAsDataURL`).then(content => {
+        $store.dispatch(`$_connection_profiles/${method}`, {
+          id: id.value,
+          filename: `${pathname}/${filename}`.replace('//', '/'),
+          content,
+          quiet: true
+        }).then(() => {
+          $store.dispatch('notification/info', { url: filename, message })
+        }).catch(error => {
+          const { response: { data: { message = '' } = {} } = {} } = error
+          $store.dispatch('notification/danger', { icon: 'exclamation-triangle', url: filename, message })
+          throw error
+        }).finally(_getFiles)
+      })
     })
   }
 

From 6e9b9fea03cf6cb5decef4cfc26df19f12816130 Mon Sep 17 00:00:00 2001
From: Julien Semaan <jul.semaan@gmail.com>
Date: Thu, 1 Dec 2022 16:43:28 +0000
Subject: [PATCH 046/103] minor tweaks on logo doc

---
 docs/developer/customizing_packetfence.asciidoc | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/docs/developer/customizing_packetfence.asciidoc b/docs/developer/customizing_packetfence.asciidoc
index 44600f2992fd..7141a44de05d 100644
--- a/docs/developer/customizing_packetfence.asciidoc
+++ b/docs/developer/customizing_packetfence.asciidoc
@@ -44,7 +44,7 @@ Note that you cannot use the full locale in the template name (i.e. `aup_text.en
 
 ===== Logo
 
-In order to customize the default logo that is shown on the captive portal, go in _Configuration->Policies And Access Control->Connection Profiles->default->Files_. Next, upload your logo at the root of the files. Once it has been uploaded, go in the _Captive Portal_ section of the connection profile and change the Logo field to `/profile-templates/default/filename-of-your-logo.png`.
+In order to customize the default logo that is shown on the captive portal, go in _Configuration->Policies And Access Control->Connection Profiles->default->Files_. Next, upload your logo at the root of the files. Once it has been uploaded, go in the _Captive Portal_ section of the connection profile and change the 'Logo' field value to `/profile-templates/default/filename-of-your-logo.png`.
 
 Alternatively, you could also delete the existing `logo.png` in the files, then upload your logo and rename it to `logo.png`. Doing so will not require to alter the value of 'Logo' in the connection profile.
 

From c1d0872fec8be658931302d5ec55a91dfd716315 Mon Sep 17 00:00:00 2001
From: Julien Semaan <jul.semaan@gmail.com>
Date: Thu, 1 Dec 2022 16:55:18 +0000
Subject: [PATCH 047/103] add back the common directory in the packaging (for
 the logo)

---
 debian/rules         | 4 ++--
 rpm/packetfence.spec | 1 +
 2 files changed, 3 insertions(+), 2 deletions(-)

diff --git a/debian/rules b/debian/rules
index e2223d37c591..452bf2d4e0d6 100755
--- a/debian/rules
+++ b/debian/rules
@@ -53,11 +53,11 @@ install: build
 	# Install all except debian and t directory
 	# dir* to exclude directory itself
 	for i in `find * ! -path 'debian/*' ! -path 'debian' ! -path 'docs/*' ! -path 'docs' ! -path 't/*' ! -path 't' ! -path 'lib/pfconfig/*' ! -path 'lib/pfconfig' ! -path 'sbin/pfconfig*' \
-	-not -path "addons/full-upgrade*" -not -path "html/common*" -not -path "html/parking*" -type d`; do \
+	-not -path "addons/full-upgrade*" -not -path "html/parking*" -type d`; do \
 		install -d -m0700 $(CURDIR)/debian/packetfence$(PREFIX)/$(NAME)/$$i; \
 	done
 	for i in `find * ! -path 'debian/*' ! -path 'debian' ! -path 'docs/*' ! -path 'docs' ! -path 't/*' ! -path 't' ! -path 'lib/pfconfig/*' ! -path 'lib/pfconfig' ! -path 'sbin/pfconfig*' \
-	-not -path "addons/full-upgrade/*" -not -path "html/common/*" -not -path "html/parking/*" ! -path 'conf/pfconfig.conf*' ! -path 'conf/redis_cache.conf*' ! -type d`; do \
+	-not -path "addons/full-upgrade/*" -not -path "html/parking/*" ! -path 'conf/pfconfig.conf*' ! -path 'conf/redis_cache.conf*' ! -type d`; do \
 		$(INSTALL) $$i $(CURDIR)/debian/packetfence$(PREFIX)/$(NAME)/$$i; \
 	done
 
diff --git a/rpm/packetfence.spec b/rpm/packetfence.spec
index 0b54d399aa49..564bfe0a21c7 100644
--- a/rpm/packetfence.spec
+++ b/rpm/packetfence.spec
@@ -1247,6 +1247,7 @@ fi
 
 # html dir
 %dir                    /usr/local/pf/html
+                        /usr/local/pf/html/common
 %dir                    /usr/local/pf/html/pfappserver
                         /usr/local/pf/html/pfappserver/root
 /usr/local/pf/html/pfappserver/lib

From 130c066e15d98be2c07401c0963c0f80c6d9e919 Mon Sep 17 00:00:00 2001
From: Darren Satkunas <dsatkuna@akamai.com>
Date: Thu, 1 Dec 2022 09:36:26 -0800
Subject: [PATCH 048/103] improve mime support

---
 html/pfappserver/root/src/utils/yup.js        | 22 +++++++++++++
 .../_components/InlineName.vue                | 22 +++----------
 .../_components/ModalEdit.vue                 |  3 +-
 .../_components/TheFilesList.vue              | 31 ++++++++-----------
 .../connectionProfiles/config.js              | 16 +++++++++-
 .../Controller/Config/ConnectionProfiles.pm   |  2 +-
 6 files changed, 58 insertions(+), 38 deletions(-)

diff --git a/html/pfappserver/root/src/utils/yup.js b/html/pfappserver/root/src/utils/yup.js
index a4ee7c16240a..d53d2f76b46d 100644
--- a/html/pfappserver/root/src/utils/yup.js
+++ b/html/pfappserver/root/src/utils/yup.js
@@ -1,5 +1,6 @@
 import * as yup from 'yup'
 import { parse, format, isValid, compareAsc } from 'date-fns'
+import mime from 'mime-types'
 import i18n from './locale'
 import {
   reAlphaNumeric,
@@ -299,6 +300,27 @@ yup.addMethod(yup.string, 'isFilenameWithExtension', function (extensions, messa
   })
 })
 
+yup.addMethod(yup.string, 'isFilenameWithContentType', function (contentTypes, message) {
+  return this.test({
+    name: 'isFilenameWithContentType',
+    message: message || i18n.t('Invalid content-type. Must be one of: {contentTypes}.', { contentTypes: contentTypes.join(', ') }),
+    test: value => {
+      const contentType = mime.lookup(value)
+      if (!contentType)
+        return false
+      const [ contentTypeMs, contentTypeLs ] = contentType.split('/')
+      return contentTypes.reduce((valid, allowed) => {
+        if (allowed === '*/*')
+          return true
+        const [ allowedMs, allowedLs ] = allowed.split('/')
+        if (contentTypeMs === allowedMs && (allowedLs === '*' || contentTypeLs === allowedLs))
+          return true
+        return valid
+      }, false)
+    }
+  })
+})
+
 export const isFQDN = value => {
   if (['', null, undefined].includes(value))
     return true
diff --git a/html/pfappserver/root/src/views/Configuration/connectionProfiles/_components/InlineName.vue b/html/pfappserver/root/src/views/Configuration/connectionProfiles/_components/InlineName.vue
index 6d631e0a6013..fc606c6091ee 100644
--- a/html/pfappserver/root/src/views/Configuration/connectionProfiles/_components/InlineName.vue
+++ b/html/pfappserver/root/src/views/Configuration/connectionProfiles/_components/InlineName.vue
@@ -58,6 +58,7 @@ const props = {
 import { computed, nextTick, ref, toRefs, watch } from '@vue/composition-api'
 import { useDebouncedWatchHandler } from '@/composables/useDebounce'
 import i18n from '@/utils/locale'
+import mime from 'mime-types'
 import { yup } from '../schema'
 
 const setup = (props, context) => {
@@ -70,29 +71,16 @@ const setup = (props, context) => {
     entries,
   } = toRefs(props)
 
-  const allowedExtensions = computed(() => {
+
+  const contentType = computed(() => {
     const { name } = item.value
-    const extension = name.split('.').reverse()[0] || 'html'
-    switch (extension.toLowerCase()) {
-      case 'gif':
-        return ['gif']
-        // break
-      case 'jpg':
-      case 'jpeg':
-        return ['jpg', 'jpeg']
-        // break
-      case 'png':
-        return ['png']
-        //  break
-      default:
-        return ['html', 'mjml']
-    }
+    return mime.lookup(name)
   })
 
   const schema = computed(() => yup.object({
     name: yup.string()
       .required(i18n.t('Filename required.'))
-      .isFilenameWithExtension(allowedExtensions.value)
+      .isFilenameWithContentType([contentType.value])
       .fileNotExists(entries.value, item.value.path, i18n.t('File exists.'), item.value.name)
   }))
 
diff --git a/html/pfappserver/root/src/views/Configuration/connectionProfiles/_components/ModalEdit.vue b/html/pfappserver/root/src/views/Configuration/connectionProfiles/_components/ModalEdit.vue
index f83c69f939d7..b3e10c148370 100644
--- a/html/pfappserver/root/src/views/Configuration/connectionProfiles/_components/ModalEdit.vue
+++ b/html/pfappserver/root/src/views/Configuration/connectionProfiles/_components/ModalEdit.vue
@@ -120,6 +120,7 @@ import { createDebouncer } from 'promised-debounce'
 import { useDebouncedWatchHandler } from '@/composables/useDebounce'
 import useEventJail from '@/composables/useEventJail'
 import i18n from '@/utils/locale'
+import { acceptTextMimes } from '../config'
 import { yup } from '../schema'
 
 const defaults = () => ({
@@ -140,7 +141,7 @@ const setup = (props, context) => {
   const schema = computed(() => yup.object({
     name: yup.string()
       .required(i18n.t('File name required.'))
-      .isFilenameWithExtension(['html', 'mjml'])
+      .isFilenameWithContentType(acceptTextMimes)
       .fileNotExists(entries.value, path.value, i18n.t('File exists.'))
   }))
 
diff --git a/html/pfappserver/root/src/views/Configuration/connectionProfiles/_components/TheFilesList.vue b/html/pfappserver/root/src/views/Configuration/connectionProfiles/_components/TheFilesList.vue
index a257c593f40d..39b315159564 100644
--- a/html/pfappserver/root/src/views/Configuration/connectionProfiles/_components/TheFilesList.vue
+++ b/html/pfappserver/root/src/views/Configuration/connectionProfiles/_components/TheFilesList.vue
@@ -85,7 +85,7 @@
             <b-dropdown-item @click="onToggleUpload(item)">
               <base-button-upload
                 @files="onUploadFiles(item, $event)"
-                :accept="acceptMimes"
+                :accept="acceptMimes.join(',')"
                 multiple
               >{{ $i18n.t('Upload File(s)') }}</base-button-upload>
             </b-dropdown-item>
@@ -191,6 +191,7 @@ const tableFields = [
 ]
 
 import { computed, ref, toRefs, watch } from '@vue/composition-api'
+import mime from 'mime-types'
 import i18n from '@/utils/locale'
 import { reAscii } from '@/utils/regex'
 import { acceptMimes } from '../config'
@@ -258,6 +259,8 @@ const setup = (props, context) => {
           let { entries: childEntries = [], ...rest } = entry || {}
           const { type, name } = rest || {}
           const fullPath = `${path}/${name}`.replace('//', '/')
+          const contentType = mime.lookup(name)
+          const isImage = /^image\//.test(contentType)
           switch(type) {
             case 'dir':
               childEntries = childEntries.filter(visibleFilter)
@@ -274,9 +277,7 @@ const setup = (props, context) => {
               }
               break
             case 'file':
-              reduced.push({ ...rest, path, icons,
-                isImage: (['gif', 'jpg', 'jpeg', 'png'].includes(name.split('.').reverse()[0].toLowerCase()))
-              })
+              reduced.push({ ...rest, path, icons, isImage })
               break
           }
           return reduced
@@ -294,6 +295,8 @@ const setup = (props, context) => {
           const { entries: childEntries = [], ...rest } = entry || {}
           const { type, name } = rest || {}
           const fullPath = `${path}/${name}`.replace('//', '/')
+          const contentType = mime.lookup(name)
+          const isImage = /^image\//.test(contentType)
           switch(type) {
             case 'dir':
               if (expandPaths.value.includes(fullPath)) {
@@ -307,9 +310,7 @@ const setup = (props, context) => {
                 reduced.push({ ...rest, path, expand: false, icons })
               break
             case 'file':
-              reduced.push({ ...rest, path, icons,
-                isImage: (['gif', 'jpg', 'jpeg', 'png'].includes(name.split('.').reverse()[0].toLowerCase()))
-              })
+              reduced.push({ ...rest, path, icons, isImage })
               break
           }
           return reduced
@@ -334,17 +335,11 @@ const setup = (props, context) => {
         expandPath(fullPath)
     }
     else if (type === 'file') {
-      const extension = name.split('.').reverse()[0]
-      switch (extension.toLowerCase()) {
-        case 'gif':
-        case 'jpg':
-        case 'jpeg':
-        case 'png':
-          onToggleView(row)
-          break
-        default:
-          onToggleEdit(row)
-      }
+      const contentType = mime.lookup(name)
+      if (/^image\//.test(contentType))
+        onToggleView(row)
+      else
+        onToggleEdit(row)
     }
   }
 
diff --git a/html/pfappserver/root/src/views/Configuration/connectionProfiles/config.js b/html/pfappserver/root/src/views/Configuration/connectionProfiles/config.js
index 8eada5f89514..a8dac2cc0850 100644
--- a/html/pfappserver/root/src/views/Configuration/connectionProfiles/config.js
+++ b/html/pfappserver/root/src/views/Configuration/connectionProfiles/config.js
@@ -87,4 +87,18 @@ export const filters = {
   }
 }
 
-export const acceptMimes = 'text/*, image/*'
+export const acceptMediaMimes = [
+  'font/*',
+  'image/*'
+]
+
+export const acceptTextMimes = [
+  'text/*',
+  'application/json',
+  'application/javascript'
+]
+
+export const acceptMimes = [
+  ...acceptMediaMimes,
+  ...acceptTextMimes
+]
diff --git a/lib/pf/UnifiedApi/Controller/Config/ConnectionProfiles.pm b/lib/pf/UnifiedApi/Controller/Config/ConnectionProfiles.pm
index d8cc32b3c5d2..9cfe2577ad24 100644
--- a/lib/pf/UnifiedApi/Controller/Config/ConnectionProfiles.pm
+++ b/lib/pf/UnifiedApi/Controller/Config/ConnectionProfiles.pm
@@ -430,7 +430,7 @@ file_excluded
 
 sub file_excluded {
     my ($file) = @_;
-    return $file !~ /\.(html|mjml|jpg|jpeg|gif|png)$/ || $file =~ /^\./;
+    return $file !~ /\.(html|mjml|jpg|jpeg|gif|png|svg|json|js|css|scss|otf|ttf|woff|woff2)$/ || $file =~ /^\./;
 }
 
 sub dir_excluded {

From 053ed8f7ae9c229dddf62e0712b83fc9ca3e1030 Mon Sep 17 00:00:00 2001
From: Julien Semaan <jul.semaan@gmail.com>
Date: Thu, 1 Dec 2022 18:42:52 +0000
Subject: [PATCH 049/103] adjust rpm build for html/common

---
 rpm/packetfence.spec | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/rpm/packetfence.spec b/rpm/packetfence.spec
index 564bfe0a21c7..cfb384b2ed32 100644
--- a/rpm/packetfence.spec
+++ b/rpm/packetfence.spec
@@ -461,6 +461,7 @@ done
 %{__install} -d %{buildroot}/etc/cron.d
 %{__install} -d %{buildroot}/etc/docker
 %{__install} -d %{buildroot}/usr/local/pf/html
+%{__install} -d %{buildroot}/usr/local/pf/html/common
 %{__install} -d %{buildroot}/usr/local/pf/html/pfappserver
 %{__install} -d %{buildroot}/usr/local/pf/html/captive-portal
 touch %{buildroot}/usr/local/pf/var/cache_control
@@ -507,6 +508,7 @@ cp -r containers %{buildroot}/usr/local/pf
 # temp
 cp -r html/pfappserver %{buildroot}/usr/local/pf/html
 cp -r html/captive-portal %{buildroot}/usr/local/pf/html
+cp -r html/common %{buildroot}/usr/local/pf/html
 
 cp -r lib %{buildroot}/usr/local/pf/
 cp -r go %{buildroot}/usr/local/pf/

From c2b1489e429018cbdeb13a7b584dec62041116fc Mon Sep 17 00:00:00 2001
From: nqb <nquiniou@akamai.com>
Date: Mon, 5 Dec 2022 11:58:12 +0100
Subject: [PATCH 050/103] fix(docs): release_minor substitution

fixes #7401
---
 docs/installation/linode/linode.asciidoc | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/docs/installation/linode/linode.asciidoc b/docs/installation/linode/linode.asciidoc
index 3cfdaa42d46f..4a1480a994cc 100644
--- a/docs/installation/linode/linode.asciidoc
+++ b/docs/installation/linode/linode.asciidoc
@@ -135,7 +135,7 @@ PacketFence Connector released with PacketFence 12.0.0 was not packaged.
 In order to upgrade your PacketFence Connector to a packaged version, you need
 to run following commands:
 
-[source,bash]
+[source,bash,subs="attributes"]
 ----
 echo 'deb http://inverse.ca/downloads/PacketFence/debian/{release_minor} bullseye bullseye' > \
 /etc/apt/sources.list.d/packetfence-pfconnector-remote.list
@@ -157,7 +157,7 @@ systemctl restart packetfence-pfconnector-remote
 
 In order to upgrade PacketFence Connector, you need to run following commands:
 
-[source,bash]
+[source,bash,subs="attributes"]
 ----
 echo 'deb http://inverse.ca/downloads/PacketFence/debian/{release_minor} bullseye bullseye' > \
 /etc/apt/sources.list.d/packetfence-pfconnector-remote.list

From 3dccb23a4e6a1e7967fb9732fdcd451b59632836 Mon Sep 17 00:00:00 2001
From: nqb <nquiniou@akamai.com>
Date: Mon, 5 Dec 2022 13:21:21 +0100
Subject: [PATCH 051/103] fix(docs): maintenance patches on cluster

---
 docs/PacketFence_Upgrade_Guide.asciidoc | 11 +++++++++++
 docs/common/reboot.asciidoc             | 24 ++++++++++++++++++++++++
 2 files changed, 35 insertions(+)
 create mode 100644 docs/common/reboot.asciidoc

diff --git a/docs/PacketFence_Upgrade_Guide.asciidoc b/docs/PacketFence_Upgrade_Guide.asciidoc
index 2724cf48a24a..00d60e47c754 100644
--- a/docs/PacketFence_Upgrade_Guide.asciidoc
+++ b/docs/PacketFence_Upgrade_Guide.asciidoc
@@ -83,6 +83,13 @@ For all PacketFence versions prior to 11.0.0, follow the steps described in the
 
 == Apply maintenance patches
 
+=== Important note for cluster environments
+
+In cluster environments, you need to perform following steps on **one server
+at a time**. To avoid, several moves of virtual IP addresses, you can start by
+node(s) which didn't own any virtual IP addresses first. You must ensure all
+services have been restarted correctly before moving to next nodes.
+
 === Disable monit alerts (only if monit is installed)
 
 If `monit` is installed and running, shut it down with:
@@ -113,6 +120,10 @@ include::common/upgrade_packages.asciidoc[]
 
 include::common/new_config_files.asciidoc[]
 
+=== Rebooting after services have been stopped (optional)
+
+include::common/reboot.asciidoc[]
+
 === Restart PacketFence services
 
 include::common/restart.asciidoc[]
diff --git a/docs/common/reboot.asciidoc b/docs/common/reboot.asciidoc
new file mode 100644
index 000000000000..6d8ea6b44c0b
--- /dev/null
+++ b/docs/common/reboot.asciidoc
@@ -0,0 +1,24 @@
+If you need to reboot a standalone server or one server from a cluster after services
+have been stopped, make sure you set the systemd target to `multi-user.target`
+before rebooting:
+
+[source,bash]
+----
+systemctl set-default multi-user.target
+----
+
+This will make sure your services don't start up after the reboot.
+
+Set it back to previous target after it boots up:
+
+.Cluster
+[source,bash]
+----
+systemctl set-default packetfence-cluster.target
+----
+
+.Standalone
+[source,bash]
+----
+systemctl set-default packetfence.target
+----

From 4137fe306275bfa7733e724d72f4fc8a6778193b Mon Sep 17 00:00:00 2001
From: Nicolas Quiniou-Briand <nquiniou@akamai.com>
Date: Mon, 5 Dec 2022 15:05:00 +0100
Subject: [PATCH 052/103] Update docs/PacketFence_Upgrade_Guide.asciidoc

Co-authored-by: Julien Semaan <jul.semaan@gmail.com>
---
 docs/PacketFence_Upgrade_Guide.asciidoc | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/docs/PacketFence_Upgrade_Guide.asciidoc b/docs/PacketFence_Upgrade_Guide.asciidoc
index 00d60e47c754..7a3659818f01 100644
--- a/docs/PacketFence_Upgrade_Guide.asciidoc
+++ b/docs/PacketFence_Upgrade_Guide.asciidoc
@@ -86,7 +86,7 @@ For all PacketFence versions prior to 11.0.0, follow the steps described in the
 === Important note for cluster environments
 
 In cluster environments, you need to perform following steps on **one server
-at a time**. To avoid, several moves of virtual IP addresses, you can start by
+at a time**. To avoid multiple moves of the virtual IP addresses, you can start with
 node(s) which didn't own any virtual IP addresses first. You must ensure all
 services have been restarted correctly before moving to next nodes.
 

From 7dec9cde56fc9d8f2ba3984a133c23efb1c6c2e5 Mon Sep 17 00:00:00 2001
From: Nicolas Quiniou-Briand <nquiniou@akamai.com>
Date: Mon, 5 Dec 2022 15:05:12 +0100
Subject: [PATCH 053/103] Update docs/PacketFence_Upgrade_Guide.asciidoc

Co-authored-by: Julien Semaan <jul.semaan@gmail.com>
---
 docs/PacketFence_Upgrade_Guide.asciidoc | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/docs/PacketFence_Upgrade_Guide.asciidoc b/docs/PacketFence_Upgrade_Guide.asciidoc
index 7a3659818f01..0b4543ec6f61 100644
--- a/docs/PacketFence_Upgrade_Guide.asciidoc
+++ b/docs/PacketFence_Upgrade_Guide.asciidoc
@@ -87,7 +87,7 @@ For all PacketFence versions prior to 11.0.0, follow the steps described in the
 
 In cluster environments, you need to perform following steps on **one server
 at a time**. To avoid multiple moves of the virtual IP addresses, you can start with
-node(s) which didn't own any virtual IP addresses first. You must ensure all
+nodes which don't own any virtual IP addresses first. You must ensure all
 services have been restarted correctly before moving to next nodes.
 
 === Disable monit alerts (only if monit is installed)

From 95f8e570055d346b04a5ea4eee387a5d61120959 Mon Sep 17 00:00:00 2001
From: Nicolas Quiniou-Briand <nquiniou@akamai.com>
Date: Mon, 5 Dec 2022 15:05:21 +0100
Subject: [PATCH 054/103] Update docs/PacketFence_Upgrade_Guide.asciidoc

Co-authored-by: Julien Semaan <jul.semaan@gmail.com>
---
 docs/PacketFence_Upgrade_Guide.asciidoc | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/docs/PacketFence_Upgrade_Guide.asciidoc b/docs/PacketFence_Upgrade_Guide.asciidoc
index 0b4543ec6f61..db628af8a113 100644
--- a/docs/PacketFence_Upgrade_Guide.asciidoc
+++ b/docs/PacketFence_Upgrade_Guide.asciidoc
@@ -88,7 +88,7 @@ For all PacketFence versions prior to 11.0.0, follow the steps described in the
 In cluster environments, you need to perform following steps on **one server
 at a time**. To avoid multiple moves of the virtual IP addresses, you can start with
 nodes which don't own any virtual IP addresses first. You must ensure all
-services have been restarted correctly before moving to next nodes.
+services have been restarted correctly before moving to the next node.
 
 === Disable monit alerts (only if monit is installed)
 

From 1099fdbdfd5ec6ae8660f3065fbcbdc6033db10e Mon Sep 17 00:00:00 2001
From: Nicolas Quiniou-Briand <nquiniou@akamai.com>
Date: Mon, 5 Dec 2022 15:05:36 +0100
Subject: [PATCH 055/103] Update docs/common/reboot.asciidoc

Co-authored-by: Julien Semaan <jul.semaan@gmail.com>
---
 docs/common/reboot.asciidoc | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/docs/common/reboot.asciidoc b/docs/common/reboot.asciidoc
index 6d8ea6b44c0b..8d854e058358 100644
--- a/docs/common/reboot.asciidoc
+++ b/docs/common/reboot.asciidoc
@@ -1,4 +1,4 @@
-If you need to reboot a standalone server or one server from a cluster after services
+If you need to reboot a standalone server or a server from a cluster after services
 have been stopped, make sure you set the systemd target to `multi-user.target`
 before rebooting:
 

From a64d82edf2e998eefd4540ad5b1e531b069fff56 Mon Sep 17 00:00:00 2001
From: nqb <nquiniou@akamai.com>
Date: Thu, 1 Dec 2022 13:47:40 +0100
Subject: [PATCH 056/103] fix(tests): more retries when Internet access is
 required

---
 addons/vagrant/requirements.yml | 4 ++--
 t/venom/requirements.yml        | 4 ++--
 2 files changed, 4 insertions(+), 4 deletions(-)

diff --git a/addons/vagrant/requirements.yml b/addons/vagrant/requirements.yml
index 9d8946bce434..fa310a01a13d 100644
--- a/addons/vagrant/requirements.yml
+++ b/addons/vagrant/requirements.yml
@@ -2,7 +2,7 @@
 # versions in roles should be equals to tags
 roles:
   - src: inverse_inc.gitlab_buildpkg_tools
-    version: v1.3.2
+    version: v1.3.4
 
 # For roles, to test locally with Vagrant (due to --force option)
 # Ansible will create an export, not a symlink to git repository
@@ -21,7 +21,7 @@ collections:
   - name: inverse_inc.cumulus
     version: 1.1.1
   - name: inverse_inc.utils
-    version: 1.1.1
+    version: 1.1.2
   - name: inverse_inc.wireless
     version: 0.2.2
 
diff --git a/t/venom/requirements.yml b/t/venom/requirements.yml
index a17dbc274016..b3e508bb6c75 100644
--- a/t/venom/requirements.yml
+++ b/t/venom/requirements.yml
@@ -1,6 +1,6 @@
 roles:
   - src: inverse_inc.gitlab_buildpkg_tools
-    version: v1.3.2
+    version: v1.3.4
 
   - src: geerlingguy.nodejs
     version: 6.0.0
@@ -22,7 +22,7 @@ collections:
   - name: inverse_inc.cumulus
     version: 1.1.1
   - name: inverse_inc.utils
-    version: 1.1.1
+    version: 1.1.2
   - name: inverse_inc.wireless
     version: 0.2.2
 

From 15d881a7c810bc4a61d4c20009f86d74090a572a Mon Sep 17 00:00:00 2001
From: Julien Semaan <jul.semaan@gmail.com>
Date: Mon, 5 Dec 2022 15:46:56 +0000
Subject: [PATCH 057/103] clear active dyn reverses when a pfconnector
 reconnects

---
 go/chisel/server/server_handler.go             |  2 ++
 go/chisel/share/settings/active_dyn_reverse.go | 16 ++++++++++++++++
 2 files changed, 18 insertions(+)

diff --git a/go/chisel/server/server_handler.go b/go/chisel/server/server_handler.go
index 981538f81a48..a3075a1ea433 100644
--- a/go/chisel/server/server_handler.go
+++ b/go/chisel/server/server_handler.go
@@ -196,6 +196,8 @@ func (s *Server) handleWebsocket(w http.ResponseWriter, req *http.Request) {
 		return tunnel.BindRemotes(ctx, serverInbound)
 	})
 	if user != nil {
+		l.Infof("Connector %s has just connected to this server", user.Name)
+		settings.ClearActiveDynReverseConnector(ctx, user.Name)
 		activeTunnels.Store(user.Name, tunnel)
 		res := s.redis.Set(fmt.Sprintf("%s%s", s.redisTunnelsNamespace, user.Name), fmt.Sprintf("%s://%s", s.listenProto, req.Context().Value(http.LocalAddrContextKey).(net.Addr).String()), 0)
 		if res.Err() != nil {
diff --git a/go/chisel/share/settings/active_dyn_reverse.go b/go/chisel/share/settings/active_dyn_reverse.go
index c5ff0233a1c9..18f3c7b184ee 100644
--- a/go/chisel/share/settings/active_dyn_reverse.go
+++ b/go/chisel/share/settings/active_dyn_reverse.go
@@ -1,7 +1,12 @@
 package settings
 
 import (
+	"context"
+	"fmt"
+	"strings"
 	"sync"
+
+	"github.com/inverse-inc/go-utils/log"
 )
 
 var ActiveDynReverse = sync.Map{}
@@ -19,3 +24,14 @@ func ClearFromActiveDynReverse(r *Remote) bool {
 	})
 	return cleared
 }
+
+func ClearActiveDynReverseConnector(ctx context.Context, id string) {
+	ActiveDynReverse.Range(func(kInt, v interface{}) bool {
+		k := kInt.(string)
+		if strings.HasPrefix(k, id) {
+			log.LoggerWContext(ctx).Debug(fmt.Sprintf("Clearing %s from ActiveDynReverse", k))
+			ActiveDynReverse.Delete(k)
+		}
+		return true
+	})
+}

From 3cb58e63ae6cd3c6519710aa1881fc5552b04527 Mon Sep 17 00:00:00 2001
From: Julien Semaan <jul.semaan@gmail.com>
Date: Mon, 5 Dec 2022 15:47:12 +0000
Subject: [PATCH 058/103] turn on verbose in chisel if log leve is debug

---
 go/chisel/main.go | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/go/chisel/main.go b/go/chisel/main.go
index 808b688e9eef..2d866cc2ef9e 100644
--- a/go/chisel/main.go
+++ b/go/chisel/main.go
@@ -412,7 +412,7 @@ func client(args []string) {
 	flags.StringVar(&config.SrcIP, "src-ip", "", "")
 	hostname := flags.String("hostname", "", "")
 	pid := flags.Bool("pid", false, "")
-	verbose := flags.Bool("v", false, "")
+	verbose := flags.Bool("v", (strings.ToLower(os.Getenv("LOG_LEVEL")) == "debug"), "")
 	flags.Usage = func() {
 		fmt.Print(clientHelp)
 		os.Exit(0)

From 53d0f26bec3e1cee80bfc0e3addae2d05d04a402 Mon Sep 17 00:00:00 2001
From: Darren Satkunas <dsatkuna@akamai.com>
Date: Mon, 5 Dec 2022 08:38:02 -0800
Subject: [PATCH 059/103] fix(admin(js)): improve create multiple user
 workflow, fixes #7379

---
 .../_components/TheFormCreateMultiple.vue     | 14 +++++---
 .../Users/_components/ThePreviewModal.vue     | 33 +++++++++----------
 2 files changed, 25 insertions(+), 22 deletions(-)

diff --git a/html/pfappserver/root/src/views/Users/_components/TheFormCreateMultiple.vue b/html/pfappserver/root/src/views/Users/_components/TheFormCreateMultiple.vue
index e839fee720f2..a47a5f939dae 100644
--- a/html/pfappserver/root/src/views/Users/_components/TheFormCreateMultiple.vue
+++ b/html/pfappserver/root/src/views/Users/_components/TheFormCreateMultiple.vue
@@ -170,6 +170,7 @@ const setup = (props, context) => {
     }
     let createdUsers = ref([])
     let promises = []
+    $store.commit('$_users/CREATED_USERS_REPLACED', [])
     for (let i = 0; i < base.quantity; i++) {
       let _form = {
         ...base,
@@ -178,20 +179,24 @@ const setup = (props, context) => {
       }
       promises.push($store.dispatch('$_users/exists', _form.pid).then(() => {
         // user exists
+        completed.value += 1/3
         return $store.dispatch('$_users/updateUser', _form).then(() => {
-          completed.value += 0.5
+          completed.value += 1/3
           return $store.dispatch('$_users/updatePassword', _form).then(() => {
+            completed.value += 1/3
             createdUsers.value.push(_form)
-            completed.value += 0.5
+            $store.commit('$_users/CREATED_USERS_REPLACED', createdUsers.value)
           })
         })
       }).catch(() => {
         // user not exist
+        completed.value += 1/3
         return $store.dispatch('$_users/createUser', _form).then(() => {
-          completed.value += 0.5
+          completed.value += 1/3
           return $store.dispatch('$_users/createPassword', _form).then(() => {
+            completed.value += 1/3
             createdUsers.value.push(_form)
-            completed.value += 0.5
+            $store.commit('$_users/CREATED_USERS_REPLACED', createdUsers.value)
           })
         })
       }))
@@ -204,7 +209,6 @@ const setup = (props, context) => {
         skipped: null,
         failed: null
       })
-      $store.commit('$_users/CREATED_USERS_REPLACED', createdUsers.value)
     })
   }
 
diff --git a/html/pfappserver/root/src/views/Users/_components/ThePreviewModal.vue b/html/pfappserver/root/src/views/Users/_components/ThePreviewModal.vue
index 1476a29f54b9..abcf492afbe8 100644
--- a/html/pfappserver/root/src/views/Users/_components/ThePreviewModal.vue
+++ b/html/pfappserver/root/src/views/Users/_components/ThePreviewModal.vue
@@ -1,21 +1,19 @@
 <template>
   <b-modal v-model="show" size="lg" :title="$t('Create Users')"
-    centered no-close-on-backdrop no-close-on-esc lazy scrollable
+    centered lazy scrollable
   >
-    <template v-slot:modal-header v-if="isLoading">
-      <h4>{{ $i18n.t('Creating Users') }}</h4>
-    </template>
-    <template v-slot:modal-header v-else>
-      <h4>{{ $i18n.t('The following users have been created') }}</h4>
+    <template v-slot:modal-header>
+      <div v-if="Math.round(progress) < 100"
+        class="w-100 text-small mt-3">
+        {{ $i18n.t('Creating {quantity} users:', { quantity }) }} {{ Math.round(progress) }}%
+        <b-progress :max="100" height="4px">
+          <b-progress-bar :value="progress" :precision="2" variant="success" :show-value="false"></b-progress-bar>
+          <b-progress-bar :value="100 - progress" :precision="2" variant="light" :show-value="false" style="opacity: 0.2"></b-progress-bar>
+        </b-progress>
+      </div>
+      <h4 v-else>{{ $i18n.t('Created {quantity} users', { quantity }) }}</h4>
     </template>
-    <div v-if="progress < 100" class="text-small">
-      {{ Math.round(progress) }}%
-      <b-progress :max="100" height="4px">
-        <b-progress-bar :value="progress" :precision="2" variant="success" :show-value="false"></b-progress-bar>
-        <b-progress-bar :value="100 - progress" :precision="2" variant="light" :show-value="false" style="opacity: 0.2"></b-progress-bar>
-      </b-progress>
-    </div>
-    <b-table v-else
+    <b-table
       :items="users"
       :fields="visibleUsersFields"
       :sortBy="usersSortBy"
@@ -23,13 +21,14 @@
       show-empty responsive striped>
       <template v-slot:empty>
         <slot name="emptySearch" v-bind="{ isLoading }">
-        <base-table-empty :is-loading="isLoading">{{ $t('No users created') }}</base-table-empty>
+          <base-table-empty :is-loading="isLoading">{{ $t('No users created') }}</base-table-empty>
         </slot>
       </template>
     </b-table>
     <template v-slot:modal-footer>
-      <div class="w-100">
-        <b-button :disabled="isLoading" variant="primary" class="float-right" @click="goToPreview">{{ $i18n.t('Preview') }}</b-button>
+      <div class="w-100 text-right">
+        <b-button variant="secondary" class="mr-1" @click="show = false;">{{ $i18n.t('Close') }}</b-button>
+        <b-button variant="primary" class="mr-1" @click="goToPreview">{{ $i18n.t('Preview Messages') }}</b-button>
       </div>
     </template>
   </b-modal>

From a12170e955c43aa3558f2ff1c6f4fb96753f1094 Mon Sep 17 00:00:00 2001
From: Julien Semaan <jul.semaan@gmail.com>
Date: Mon, 5 Dec 2022 20:04:28 +0000
Subject: [PATCH 060/103] properly handle multiple x-forwarded-proto for secure
 redirect

fixes #7409
---
 conf/httpd.conf.d/httpd.portal.tt.example | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/conf/httpd.conf.d/httpd.portal.tt.example b/conf/httpd.conf.d/httpd.portal.tt.example
index d6167d6988a7..5f1fc92858f9 100644
--- a/conf/httpd.conf.d/httpd.portal.tt.example
+++ b/conf/httpd.conf.d/httpd.portal.tt.example
@@ -150,7 +150,7 @@ Listen [% vhost %]:80
      [% IF captive_portal.secure_redirect %]
      RewriteEngine On
      RewriteCond %{REQUEST_URI} !^/access.* [NC]
-     RewriteCond %{HTTP:X-Forwarded-Proto} !=https
+     RewriteCond %{HTTP:X-Forwarded-Proto} !https
      RewriteCond %{HTTP:X-Forwarded-For-PacketFence} =""
      RewriteCond %{HTTPS} !=on
      RewriteRule ^/?(.*) https://%{SERVER_NAME}/$1 [R,L]

From 3f322ecdd0c45c4c3b7a1043770d02f93fa5959a Mon Sep 17 00:00:00 2001
From: nqb <nquiniou@akamai.com>
Date: Tue, 6 Dec 2022 06:40:41 +0100
Subject: [PATCH 061/103] fix: typo in Ansible roles

related to #7398
---
 addons/vagrant/requirements.yml                     | 2 +-
 ci/packer/provisionners_pfbuild/requirements.yml    | 1 +
 ci/packer/vagrant_img/provisioners/requirements.yml | 1 +
 t/venom/requirements.yml                            | 2 +-
 4 files changed, 4 insertions(+), 2 deletions(-)

diff --git a/addons/vagrant/requirements.yml b/addons/vagrant/requirements.yml
index fa310a01a13d..c3d444d3fe66 100644
--- a/addons/vagrant/requirements.yml
+++ b/addons/vagrant/requirements.yml
@@ -2,7 +2,7 @@
 # versions in roles should be equals to tags
 roles:
   - src: inverse_inc.gitlab_buildpkg_tools
-    version: v1.3.4
+    version: v1.3.5
 
 # For roles, to test locally with Vagrant (due to --force option)
 # Ansible will create an export, not a symlink to git repository
diff --git a/ci/packer/provisionners_pfbuild/requirements.yml b/ci/packer/provisionners_pfbuild/requirements.yml
index 04e9ec18f807..edf3b21a9117 100644
--- a/ci/packer/provisionners_pfbuild/requirements.yml
+++ b/ci/packer/provisionners_pfbuild/requirements.yml
@@ -1,3 +1,4 @@
 ---
 roles:
   - src: inverse_inc.gitlab_buildpkg_tools
+    version: v1.3.5
diff --git a/ci/packer/vagrant_img/provisioners/requirements.yml b/ci/packer/vagrant_img/provisioners/requirements.yml
index ea5dc9dd6401..ad3e23153c09 100644
--- a/ci/packer/vagrant_img/provisioners/requirements.yml
+++ b/ci/packer/vagrant_img/provisioners/requirements.yml
@@ -1,6 +1,7 @@
 ---
 roles:
   - src: inverse_inc.gitlab_buildpkg_tools
+    version: v1.3.5
   - src: geerlingguy.nodejs
     version: 6.0.0
 
diff --git a/t/venom/requirements.yml b/t/venom/requirements.yml
index b3e508bb6c75..766ec4dbf10e 100644
--- a/t/venom/requirements.yml
+++ b/t/venom/requirements.yml
@@ -1,6 +1,6 @@
 roles:
   - src: inverse_inc.gitlab_buildpkg_tools
-    version: v1.3.4
+    version: v1.3.5
 
   - src: geerlingguy.nodejs
     version: 6.0.0

From 3889a5b9869a93702e1c41d3b99beff55a9c397d Mon Sep 17 00:00:00 2001
From: Darren Satkunas <dsatkuna@akamai.com>
Date: Tue, 6 Dec 2022 05:22:46 -0800
Subject: [PATCH 062/103] fix(admin(js)): support integers in validators, fixes
 #7330

---
 html/pfappserver/root/src/utils/yup.js                        | 4 ++--
 .../root/src/views/Configuration/securityEvents/schema.js     | 2 +-
 2 files changed, 3 insertions(+), 3 deletions(-)

diff --git a/html/pfappserver/root/src/utils/yup.js b/html/pfappserver/root/src/utils/yup.js
index 9876f64170df..2faf41c3d065 100644
--- a/html/pfappserver/root/src/utils/yup.js
+++ b/html/pfappserver/root/src/utils/yup.js
@@ -187,7 +187,7 @@ yup.addMethod(yup.string, 'isCommonNameOrFQDNOrMAC', function (message) {
   return this.test({
     name: 'isCommonNameOrFQDNOrMAC',
     message: message || i18n.t('Invalid common name.'),
-    test: (value) => (isCommonName(value) || isFQDN(value) || value.toLowerCase().replace(/[^0-9a-f]/g, '').length === 12)
+    test: (value) => (isCommonName(value) || isFQDN(value) || `${value}`.toLowerCase().replace(/[^0-9a-f]/g, '').length === 12)
   })
 })
 
@@ -458,7 +458,7 @@ yup.addMethod(yup.string, 'mysql', function(columnSchema) {
           break
 
         case (type === MysqlMac):
-          if (value.toLowerCase().replace(/[^0-9a-f]/g, '').length !== 12)
+          if (`${value}`.toLowerCase().replace(/[^0-9a-f]/g, '').length !== 12)
             return this.createError({ message: i18n.t('Invalid MAC.') })
           break
       }
diff --git a/html/pfappserver/root/src/views/Configuration/securityEvents/schema.js b/html/pfappserver/root/src/views/Configuration/securityEvents/schema.js
index c45ce94ce75f..f4ed8ed0497d 100644
--- a/html/pfappserver/root/src/views/Configuration/securityEvents/schema.js
+++ b/html/pfappserver/root/src/views/Configuration/securityEvents/schema.js
@@ -10,7 +10,7 @@ yup.addMethod(yup.string, 'securityEventIdNotExistsExcept', function (exceptId =
     test: (value) => {
       if (!value || `${value}`.toLowerCase() === `${exceptId}`.toLowerCase()) return true
       return store.dispatch('config/getSecurityEvents').then(response => {
-        return Object.keys(response).filter(item => item.toLowerCase() === `${value}`.toLowerCase()).length === 0
+        return Object.keys(response).filter(item => `${item}`.toLowerCase() === `${value}`.toLowerCase()).length === 0
       }).catch(() => {
         return true
       })

From 2e56670072766d80bda72e717bfa09c3ee5091e4 Mon Sep 17 00:00:00 2001
From: nqb <nquiniou@akamai.com>
Date: Tue, 6 Dec 2022 14:45:56 +0100
Subject: [PATCH 063/103] fix(docs): add detail on MariaDB service stopped

---
 docs/common/reboot.asciidoc | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/docs/common/reboot.asciidoc b/docs/common/reboot.asciidoc
index 8d854e058358..40fe7e35906b 100644
--- a/docs/common/reboot.asciidoc
+++ b/docs/common/reboot.asciidoc
@@ -7,7 +7,7 @@ before rebooting:
 systemctl set-default multi-user.target
 ----
 
-This will make sure your services don't start up after the reboot.
+This will make sure your services don't start up after the reboot. It's also the case for `packetfence-mariadb` service.
 
 Set it back to previous target after it boots up:
 

From 49ed64c017c2fcef2c026a5d7af7e592be986fd4 Mon Sep 17 00:00:00 2001
From: Darren Satkunas <dsatkuna@akamai.com>
Date: Tue, 6 Dec 2022 08:26:54 -0800
Subject: [PATCH 064/103] fix(admin(js)): clear error message w/ service status
 success

---
 html/pfappserver/root/src/store/modules/cluster.js | 1 +
 1 file changed, 1 insertion(+)

diff --git a/html/pfappserver/root/src/store/modules/cluster.js b/html/pfappserver/root/src/store/modules/cluster.js
index cc5f9366cf93..9839049161b3 100644
--- a/html/pfappserver/root/src/store/modules/cluster.js
+++ b/html/pfappserver/root/src/store/modules/cluster.js
@@ -568,6 +568,7 @@ const mutations = {
   SERVICE_SUCCESS: (state, { server, id, service }) => {
     service.pid = parseInt(service.pid)
     state.status = types.SUCCESS
+    state.message = ''
     Vue.set(state.servers[server].services, id, { ...state.servers[server].services[id], ...service, status: types.SUCCESS })
   },
   SERVICE_DISABLING: (state, { server, id }) => {

From ae7dbc1c00913d57a39a623125ed91eee536be7b Mon Sep 17 00:00:00 2001
From: Julien Semaan <jul.semaan@gmail.com>
Date: Tue, 6 Dec 2022 16:48:52 +0000
Subject: [PATCH 065/103] ensure directory exists when replacing a connection
 profile file

---
 lib/pf/UnifiedApi/Controller/Config/ConnectionProfiles.pm | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/lib/pf/UnifiedApi/Controller/Config/ConnectionProfiles.pm b/lib/pf/UnifiedApi/Controller/Config/ConnectionProfiles.pm
index 9cfe2577ad24..0c51e709f1a6 100644
--- a/lib/pf/UnifiedApi/Controller/Config/ConnectionProfiles.pm
+++ b/lib/pf/UnifiedApi/Controller/Config/ConnectionProfiles.pm
@@ -210,6 +210,8 @@ sub replace_file {
     my $content = decode_base64($self->req->body);
 
     eval {
+        my (undef, $file_parent_dir, undef) = splitpath($path);
+        pf_make_dir($file_parent_dir);
         write_file($path, {atomic=> 1, binmode => ':raw', no_clobber => 1}, $content);
     };
     if ($@) {

From aa3e9c93b2d7dac0cbee6a36eff4a9b10d260f9b Mon Sep 17 00:00:00 2001
From: Darren Satkunas <dsatkuna@akamai.com>
Date: Wed, 7 Dec 2022 08:45:40 -0800
Subject: [PATCH 066/103] fix(admin(js)): revert required cert fields in LDAP
 sources, fixes #7411

---
 .../src/views/Configuration/sources/schema.js    | 16 ++--------------
 1 file changed, 2 insertions(+), 14 deletions(-)

diff --git a/html/pfappserver/root/src/views/Configuration/sources/schema.js b/html/pfappserver/root/src/views/Configuration/sources/schema.js
index aed811a5afa1..9220f12747e5 100644
--- a/html/pfappserver/root/src/views/Configuration/sources/schema.js
+++ b/html/pfappserver/root/src/views/Configuration/sources/schema.js
@@ -84,8 +84,6 @@ export const schema = (props) => {
 
   const {
     cert_file_upload,
-    client_cert_file_upload,
-    client_key_file_upload,
     idp_ca_cert_path_upload,
     idp_cert_path_upload,
     idp_metadata_path_upload,
@@ -126,19 +124,9 @@ export const schema = (props) => {
           : yup.string().nullable()
       }),
     cert_id: yup.string().label(i18n.t('ID')),
-    client_cert_file: yup.string()
-      .when('client_cert_file_upload', () => {
-        return (!client_cert_file_upload)
-          ? yup.string().nullable().required(i18n.t('Client certificate required.'))
-          : yup.string().nullable()
-      }),
+    client_cert_file: yup.string().nullable().label(i18n.t('Client certificate')),
     client_id: yup.string().label(i18n.t('Client ID')),
-    client_key_file: yup.string()
-      .when('client_key_file_upload', () => {
-        return (!client_key_file_upload)
-          ? yup.string().nullable().required(i18n.t('Client key required.'))
-          : yup.string().nullable()
-      }),
+    client_key_file: yup.string().nullable().label(i18n.t('Client key')),
     client_secret: yup.string().label(i18n.t('Secret')),
     description: yup.string().label(i18n.t('Description')),
     domains: yup.string().label(i18n.t('Domains')),

From d181923fd815029cf3c1ddbb4ea290a294c738de Mon Sep 17 00:00:00 2001
From: JeGoi <13801368+JeGoi@users.noreply.github.com>
Date: Wed, 7 Dec 2022 16:30:01 -0500
Subject: [PATCH 067/103] [Venom] Fix restart radius service

---
 t/venom/test_suites/common/restart_radius_services.yml | 3 +--
 1 file changed, 1 insertion(+), 2 deletions(-)

diff --git a/t/venom/test_suites/common/restart_radius_services.yml b/t/venom/test_suites/common/restart_radius_services.yml
index bb6bc7b22d55..a6bea5add1d9 100644
--- a/t/venom/test_suites/common/restart_radius_services.yml
+++ b/t/venom/test_suites/common/restart_radius_services.yml
@@ -5,6 +5,5 @@ testcases:
   - type: pf_api_service_restart_async
     service: 'radiusd-auth'
 
-  - type: http
-    method: pf_api_service_restart_async
+  - type: pf_api_service_restart_async
     service: 'pfacct'

From d7beb6b230326cfe43f07c728f58f3a888513d74 Mon Sep 17 00:00:00 2001
From: Durand Fabrice <oeufdure@gmail.com>
Date: Wed, 7 Dec 2022 16:39:45 -0500
Subject: [PATCH 068/103] Listen of every interfaces for the pfdhcp port 22222

---
 go/cmd/pfdhcp/main.go | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/go/cmd/pfdhcp/main.go b/go/cmd/pfdhcp/main.go
index f189c5af3515..24373e186be9 100644
--- a/go/cmd/pfdhcp/main.go
+++ b/go/cmd/pfdhcp/main.go
@@ -222,7 +222,7 @@ func main() {
 	http.Handle("/", httpauth.SimpleBasicAuth(webservices.User, webservices.Pass)(router))
 
 	srv := &http.Server{
-		Addr:        "127.0.0.1:22222",
+		Addr:        ":22222",
 		IdleTimeout: 5 * time.Second,
 		Handler:     router,
 	}

From e34e2e55aec32037e6daca39a2accd01a616b88b Mon Sep 17 00:00:00 2001
From: Durand Fabrice <oeufdure@gmail.com>
Date: Wed, 7 Dec 2022 16:54:05 -0500
Subject: [PATCH 069/103] Raised the batch number of bandwidth_maintenance to
 1000

---
 conf/pfcron.conf.defaults | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/conf/pfcron.conf.defaults b/conf/pfcron.conf.defaults
index 2697f19e3634..ce189aef30b8 100644
--- a/conf/pfcron.conf.defaults
+++ b/conf/pfcron.conf.defaults
@@ -827,7 +827,7 @@ schedule=@every 1m
 # batch
 #
 # How many bandwidth_accounting entries to clean up in one run
-batch=100
+batch=1000
 #
 # timeout
 #

From 2bff13bd75eb7744309d40e39d82035666c61208 Mon Sep 17 00:00:00 2001
From: JeGoi <13801368+JeGoi@users.noreply.github.com>
Date: Wed, 30 Nov 2022 16:56:13 -0500
Subject: [PATCH 070/103] [Venom] Fix systemctl status issue

---
 t/venom/lib/systemctl_service.yml        | 15 ++++++++++++---
 t/venom/lib/systemctl_service_status.yml |  2 +-
 2 files changed, 13 insertions(+), 4 deletions(-)

diff --git a/t/venom/lib/systemctl_service.yml b/t/venom/lib/systemctl_service.yml
index 5baf000a8da9..915e85dbc0d8 100644
--- a/t/venom/lib/systemctl_service.yml
+++ b/t/venom/lib/systemctl_service.yml
@@ -6,8 +6,17 @@ input:
 steps:
 - type: exec
   script: '{{.input.sudo}} systemctl {{.input.unit_command}} {{.input.service}}'
-  # TO BE REMOVE IF DEFAULT IF ENOUGH
-  #assertions:
-  #  - result.systemout ShouldContainSubstring "
+
+  vars:
+    status_lines:
+      from: result.systemout
+
+- type: exec
+  script: echo -n '{{.status_lines}}' | sed -nr 's/.*(Loaded.*CPU).*/\1/p'
+  vars:
+   first_lines:
+     from: result.systemout
+
 output:
   service_systemout: "{{.result.systemout}}"
+  service_first_lines: "{{.first_lines}}"
diff --git a/t/venom/lib/systemctl_service_status.yml b/t/venom/lib/systemctl_service_status.yml
index 8ba198c75beb..3e630c961311 100644
--- a/t/venom/lib/systemctl_service_status.yml
+++ b/t/venom/lib/systemctl_service_status.yml
@@ -9,6 +9,6 @@ steps:
   service: "{{.input.service}}"
   sudo: "{{.input.sudo}}"
   assertions:
-    - result.service_systemout ShouldContainSubstring '{{.input.substring}}'
+    - result.service_first_lines ShouldContainSubstring '{{.input.substring}}'
 output:
   service_status_systemout: "{{.result.service_systemout}}"

From ba4e4b3cad25bae1d891279449c7223247d0233c Mon Sep 17 00:00:00 2001
From: JeGoi <13801368+JeGoi@users.noreply.github.com>
Date: Wed, 30 Nov 2022 16:58:25 -0500
Subject: [PATCH 071/103] [Venom] Make Re-use Token available

---
 t/venom/lib/pf_api_action.yml         | 1 +
 t/venom/lib/pf_api_service_action.yml | 1 +
 2 files changed, 2 insertions(+)

diff --git a/t/venom/lib/pf_api_action.yml b/t/venom/lib/pf_api_action.yml
index dbfd809168f0..0ec6efc0dd0a 100644
--- a/t/venom/lib/pf_api_action.yml
+++ b/t/venom/lib/pf_api_action.yml
@@ -39,3 +39,4 @@ output:
   pf_api_action__node_unregdate: "{{.http_json.item.unregdate}}" 
   pf_api_action__node_security_event_id: "{{.http_json.items.items0.security_event_id}}" 
   pf_api_action__items: "{{.http_json.items}}" 
+  pf_api_action__token: "{{.result.token}}" 
diff --git a/t/venom/lib/pf_api_service_action.yml b/t/venom/lib/pf_api_service_action.yml
index 6d3ad9a518ed..843636f3f6d8 100644
--- a/t/venom/lib/pf_api_service_action.yml
+++ b/t/venom/lib/pf_api_service_action.yml
@@ -19,3 +19,4 @@ steps:
 
 output: 
   pf_api_service_action_: "{{.service_temp}}"
+  pf_api_service__token: "{{.result.pf_api_action__token}}"

From 2cc1d5b69d1d041c36d2c8136cba52311789f9b2 Mon Sep 17 00:00:00 2001
From: JeGoi <13801368+JeGoi@users.noreply.github.com>
Date: Wed, 30 Nov 2022 16:59:48 -0500
Subject: [PATCH 072/103] [Venom] Test async with the same token session

---
 t/venom/lib/pf_api_action_with_token.yml     | 40 ++++++++++++++++++++
 t/venom/lib/pf_api_poll_with_token.yml       | 24 ++++++++++++
 t/venom/lib/pf_api_service_restart_async.yml |  9 +++--
 3 files changed, 70 insertions(+), 3 deletions(-)
 create mode 100644 t/venom/lib/pf_api_action_with_token.yml
 create mode 100644 t/venom/lib/pf_api_poll_with_token.yml

diff --git a/t/venom/lib/pf_api_action_with_token.yml b/t/venom/lib/pf_api_action_with_token.yml
new file mode 100644
index 000000000000..6058d6da3977
--- /dev/null
+++ b/t/venom/lib/pf_api_action_with_token.yml
@@ -0,0 +1,40 @@
+executor: pf_api_action_with_token
+input:
+  body: {}
+  method: GET
+  status_code: 200
+  url: ""
+  time_to_sleep: 0
+  i_token: ""
+steps:
+- type: http
+  method: "{{.input.method}}"
+  url: '{{.pfserver_webadmin_url}}/api/v1/{{.input.url}}'
+  ignore_verify_ssl: true
+  body: '{{.input.body}}'
+  headers:
+    "Authorization": "{{.input.i_token}}"
+    "Content-Type": "application/json"
+  assertions:
+    - result.statuscode ShouldEqual "{{.input.status_code}}"
+    - result.bodyjson.__type__ ShouldEqual Map
+  #info:
+  # - "{{.http_json.items.items0.security_event_id}}"
+  vars:
+    http_json:
+      from: result.bodyjson
+
+- type: sleep
+  time_to_sleep: "{{.input.time_to_sleep}}"
+
+output:
+  pf_api_action_: "{{.http_json}}"
+  pf_api_action__items_item0_id: "{{.http_json.items.items0.id}}" 
+  pf_api_action__message: "{{.http_json.message}}" 
+  pf_api_action__progress: "{{.http_json.progress}}" 
+  pf_api_action__status: "{{.http_json.status}}" 
+  pf_api_action__node_status: "{{.http_json.item.status}}" 
+  pf_api_action__node_dhcp_fingerprint: "{{.http_json.item.dhcp_fingerprint}}" 
+  pf_api_action__node_unregdate: "{{.http_json.item.unregdate}}" 
+  pf_api_action__node_security_event_id: "{{.http_json.items.items0.security_event_id}}" 
+  pf_api_action__items: "{{.http_json.items}}" 
diff --git a/t/venom/lib/pf_api_poll_with_token.yml b/t/venom/lib/pf_api_poll_with_token.yml
new file mode 100644
index 000000000000..c97d24ea9643
--- /dev/null
+++ b/t/venom/lib/pf_api_poll_with_token.yml
@@ -0,0 +1,24 @@
+executor: pf_api_poll_with_token
+input:
+  i_task_id: ""
+  i_message: "Completed"
+  i_progress: 100
+  i_retry: 24
+  i_delay: 5
+  i_token: ""
+steps:
+- type: pf_api_action_with_token
+  url: "pfqueue/task/{{.input.i_task_id}}/status/poll"
+  # wait two minutes by default
+  retry: "{{.input.i_retry}}"
+  delay: "{{.input.i_delay}}"
+  i_token: "{{.input.i_token}}"
+  assertions:
+    - result.pf_api_action_json.message ShouldEqual "{{.input.i_message}}"
+    - result.pf_api_action_json.progress ShouldEqual "{{.input.i_progress}}"
+  vars:
+    poll_temp:
+       from: result.pf_api_action_
+
+output: 
+  pf_api_poll_: "{{.poll_temp}}"
diff --git a/t/venom/lib/pf_api_service_restart_async.yml b/t/venom/lib/pf_api_service_restart_async.yml
index ec1f4df8ba76..5df32bab067f 100644
--- a/t/venom/lib/pf_api_service_restart_async.yml
+++ b/t/venom/lib/pf_api_service_restart_async.yml
@@ -2,8 +2,8 @@ executor: pf_api_service_restart_async
 input:
   service: ""
   time_to_sleep: 0
-  i_retry: 24
-  i_delay: 5
+  i_retry: 48
+  i_delay: 3
   time_to_sleep_before_status: 0
 steps:
 - type: pf_api_service_action
@@ -19,11 +19,14 @@ steps:
   vars:
     task_id:
       from: result.pf_api_service_action_json.task_id
+    task_token:
+      from: result.pf_api_service__token
 
-- type: pf_api_poll
+- type: pf_api_poll_with_token
   i_task_id: "{{.task_id}}"
   i_retry: "{{.input.i_retry}}"
   i_delay: "{{.input.i_delay}}"
+  i_token: "{{.task_token}}"
 
 - type: sleep
   time_to_sleep: "{{.input.time_to_sleep_before_status}}"

From ffae9024722441eccd709afd8d4b9e9b1b4f0b22 Mon Sep 17 00:00:00 2001
From: JeGoi <13801368+JeGoi@users.noreply.github.com>
Date: Wed, 30 Nov 2022 17:01:10 -0500
Subject: [PATCH 073/103] [Venom] Fix TERM=linux issue when not in CI

---
 t/venom/scenarios/configurator/playbooks/rsync.yml | 10 ++++++++++
 1 file changed, 10 insertions(+)

diff --git a/t/venom/scenarios/configurator/playbooks/rsync.yml b/t/venom/scenarios/configurator/playbooks/rsync.yml
index a592f83c0c79..6758830c7490 100644
--- a/t/venom/scenarios/configurator/playbooks/rsync.yml
+++ b/t/venom/scenarios/configurator/playbooks/rsync.yml
@@ -15,4 +15,14 @@
         # exclude files dynamically generated by Ansible
         rsync_opts:
           - "--exclude=vars/local.yml"
+    - name: Set term linux
+      ansible.builtin.lineinfile:
+        path: /etc/environment
+        regexp: '^TERM='
+        line: TERM=linux
 
+    - name: Set term linux
+      ansible.builtin.lineinfile:
+        path: /root/.profile
+        regexp: '^export TERM='
+        line: export TERM=linux

From eec66b2dc9ea557ef8ba086ec07cbd523fd3f750 Mon Sep 17 00:00:00 2001
From: JeGoi <13801368+JeGoi@users.noreply.github.com>
Date: Thu, 1 Dec 2022 10:44:21 -0500
Subject: [PATCH 074/103] [Venom] Use async for more services

---
 .../configurator/50_run_configurator_step4.yml      | 13 ++++++-------
 1 file changed, 6 insertions(+), 7 deletions(-)

diff --git a/t/venom/test_suites/configurator/50_run_configurator_step4.yml b/t/venom/test_suites/configurator/50_run_configurator_step4.yml
index dbba66c6773f..7540710da764 100644
--- a/t/venom/test_suites/configurator/50_run_configurator_step4.yml
+++ b/t/venom/test_suites/configurator/50_run_configurator_step4.yml
@@ -7,8 +7,8 @@ testcases:
 
 - name: restart_pfqueue_service
   steps:
-  - type: pf_api_system_service_restart_async
-    service: "packetfence-pfqueue"
+  - type: pf_api_service_restart_async
+    service: "pfqueue"
     time_to_sleep: 5
 
 - name: update_systemd
@@ -32,13 +32,12 @@ testcases:
 # no API call usable
 - name: restart_pfperl_api_service
   steps:
-  - type: systemctl_service_restart
-    service: 'packetfence-pfperl-api'
-    time_to_sleep: 10
+  - type: pf_api_service_restart_async
+    service: 'pfperl-api'
 
 - name: start_pf_services
   steps:
   - type: pf_api_service_start_async
     service: 'pf'
-    i_retry: 30
-    i_delay: 60
+    i_retry: 120
+    i_delay: 15

From e910fea2560d69f9835bc7a5339d4ca97aca1af4 Mon Sep 17 00:00:00 2001
From: jegoi <13801368+JeGoi@users.noreply.github.com>
Date: Thu, 1 Dec 2022 16:16:19 -0500
Subject: [PATCH 075/103] [Venom] Remove async for pfperl api (to be able to
 test pf start async)

---
 .../test_suites/configurator/50_run_configurator_step4.yml   | 5 +++--
 1 file changed, 3 insertions(+), 2 deletions(-)

diff --git a/t/venom/test_suites/configurator/50_run_configurator_step4.yml b/t/venom/test_suites/configurator/50_run_configurator_step4.yml
index 7540710da764..b80ad2c6bdd8 100644
--- a/t/venom/test_suites/configurator/50_run_configurator_step4.yml
+++ b/t/venom/test_suites/configurator/50_run_configurator_step4.yml
@@ -32,8 +32,9 @@ testcases:
 # no API call usable
 - name: restart_pfperl_api_service
   steps:
-  - type: pf_api_service_restart_async
-    service: 'pfperl-api'
+  - type: systemctl_service_restart
+    service: 'packetfence-pfperl-api'
+    time_to_sleep: 10
 
 - name: start_pf_services
   steps:

From 1ae81b1277763f35c3cdc9040d8f99a717fd6aa6 Mon Sep 17 00:00:00 2001
From: jegoi <13801368+JeGoi@users.noreply.github.com>
Date: Thu, 1 Dec 2022 16:17:10 -0500
Subject: [PATCH 076/103] [Venom] test start service pf api with same token in
 poll

---
 t/venom/lib/pf_api_service_start_async.yml | 5 ++++-
 1 file changed, 4 insertions(+), 1 deletion(-)

diff --git a/t/venom/lib/pf_api_service_start_async.yml b/t/venom/lib/pf_api_service_start_async.yml
index 8633b2cba647..cb9bdbcfba54 100644
--- a/t/venom/lib/pf_api_service_start_async.yml
+++ b/t/venom/lib/pf_api_service_start_async.yml
@@ -18,8 +18,11 @@ steps:
   vars:
     task_id:
       from: result.pf_api_service_action_json.task_id
+    task_token:
+      from: result.pf_api_service__token
 
-- type: pf_api_poll
+- type: pf_api_poll_with_token
   i_task_id: "{{.task_id}}"
   i_retry: "{{.input.i_retry}}"
   i_delay: "{{.input.i_delay}}"
+  i_token: "{{.task_token}}"

From 9e179268dea6dea49fb2671babda4fff840e4d82 Mon Sep 17 00:00:00 2001
From: jegoi <13801368+JeGoi@users.noreply.github.com>
Date: Tue, 6 Dec 2022 20:46:45 -0500
Subject: [PATCH 077/103] [Venom] Fix Term for el8

---
 t/venom/scenarios/configurator/playbooks/rsync.yml | 12 ++++++++++--
 1 file changed, 10 insertions(+), 2 deletions(-)

diff --git a/t/venom/scenarios/configurator/playbooks/rsync.yml b/t/venom/scenarios/configurator/playbooks/rsync.yml
index 6758830c7490..44bfd9aec9bd 100644
--- a/t/venom/scenarios/configurator/playbooks/rsync.yml
+++ b/t/venom/scenarios/configurator/playbooks/rsync.yml
@@ -15,14 +15,22 @@
         # exclude files dynamically generated by Ansible
         rsync_opts:
           - "--exclude=vars/local.yml"
-    - name: Set term linux
+
+    - name: Set users term linux
       ansible.builtin.lineinfile:
         path: /etc/environment
         regexp: '^TERM='
         line: TERM=linux
+      when: ansible_facts['os_family'] == "Debian"
 
-    - name: Set term linux
+    - name: Set root term linux
       ansible.builtin.lineinfile:
         path: /root/.profile
         regexp: '^export TERM='
         line: export TERM=linux
+      when: ansible_facts['os_family'] == "Debian"
+
+    - name: Add vim
+      ansible.builtin.package:
+        name: vim
+        state: present

From b87a49191da0df91a5fb198ec30773c38044a110 Mon Sep 17 00:00:00 2001
From: jegoi <13801368+JeGoi@users.noreply.github.com>
Date: Tue, 6 Dec 2022 20:49:21 -0500
Subject: [PATCH 078/103] [Venom] API service Add retry+delay on status

---
 t/venom/lib/pf_api_service_start.yml | 2 ++
 t/venom/lib/pf_api_service_stop.yml  | 2 ++
 2 files changed, 4 insertions(+)

diff --git a/t/venom/lib/pf_api_service_start.yml b/t/venom/lib/pf_api_service_start.yml
index 3a2cacd37fe3..6f72466f3b96 100644
--- a/t/venom/lib/pf_api_service_start.yml
+++ b/t/venom/lib/pf_api_service_start.yml
@@ -11,5 +11,7 @@ steps:
 
 - type: pf_api_service_status
   service: "{{.input.service}}"
+  retry: 25
+  delay: 3
   assertions:
     - result.pf_api_service_status_json.alive ShouldEqual 1
diff --git a/t/venom/lib/pf_api_service_stop.yml b/t/venom/lib/pf_api_service_stop.yml
index 6eb68577768a..083bfd7c65b4 100644
--- a/t/venom/lib/pf_api_service_stop.yml
+++ b/t/venom/lib/pf_api_service_stop.yml
@@ -11,5 +11,7 @@ steps:
 
 - type: pf_api_service_status
   service: "{{.input.service}}"
+  retry: 25
+  delay: 3
   assertions:
     - result.pf_api_service_status_json.pid ShouldEqual 0

From b5f77624a8a21db5adf8dbee63462aac1d93870e Mon Sep 17 00:00:00 2001
From: jegoi <13801368+JeGoi@users.noreply.github.com>
Date: Tue, 6 Dec 2022 20:49:47 -0500
Subject: [PATCH 079/103] [Venom] API service Add retry+delay on status (2)

---
 t/venom/lib/pf_api_service_restart.yml | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/t/venom/lib/pf_api_service_restart.yml b/t/venom/lib/pf_api_service_restart.yml
index 8f84d4ab5f9c..4cea2d8ced9b 100644
--- a/t/venom/lib/pf_api_service_restart.yml
+++ b/t/venom/lib/pf_api_service_restart.yml
@@ -11,5 +11,7 @@ steps:
 
 - type: pf_api_service_status
   service: "{{.input.service}}"
+  retry: 25
+  delay: 3
   assertions:
     - result.pf_api_service_status_json.alive ShouldEqual 1

From a5b53a94210b6c003b6ac5f233914761264b1f9a Mon Sep 17 00:00:00 2001
From: jegoi <13801368+JeGoi@users.noreply.github.com>
Date: Tue, 6 Dec 2022 20:50:53 -0500
Subject: [PATCH 080/103] [Venom] Add specific executor start for pf services

---
 t/venom/lib/pf_api_service_pf_start_async.yml | 19 +++++++++++++++++++
 1 file changed, 19 insertions(+)
 create mode 100644 t/venom/lib/pf_api_service_pf_start_async.yml

diff --git a/t/venom/lib/pf_api_service_pf_start_async.yml b/t/venom/lib/pf_api_service_pf_start_async.yml
new file mode 100644
index 000000000000..ce9ca9571ae2
--- /dev/null
+++ b/t/venom/lib/pf_api_service_pf_start_async.yml
@@ -0,0 +1,19 @@
+executor: pf_api_service_pf_start_async
+steps:
+- type: pf_api_service_action
+  service: "pf"
+  action: "start"
+  method: POST
+  time_to_sleep: "0"
+  status_code: 202
+  body: >-
+    {
+      "async": "true"
+    }
+
+- type: pf_api_service_status
+  service: "radiusd-auth"
+  retry: "120"
+  delay: "15"
+  assertions:
+    - result.pf_api_service_status_json.alive ShouldEqual 1

From a7f014b7c83fce02747d0e41f30d61e4f65183d1 Mon Sep 17 00:00:00 2001
From: jegoi <13801368+JeGoi@users.noreply.github.com>
Date: Tue, 6 Dec 2022 20:51:43 -0500
Subject: [PATCH 081/103] [Venom] el8 compliant for status test

---
 t/venom/lib/systemctl_service.yml | 3 +--
 1 file changed, 1 insertion(+), 2 deletions(-)

diff --git a/t/venom/lib/systemctl_service.yml b/t/venom/lib/systemctl_service.yml
index 915e85dbc0d8..d0e84d589f8c 100644
--- a/t/venom/lib/systemctl_service.yml
+++ b/t/venom/lib/systemctl_service.yml
@@ -6,13 +6,12 @@ input:
 steps:
 - type: exec
   script: '{{.input.sudo}} systemctl {{.input.unit_command}} {{.input.service}}'
-
   vars:
     status_lines:
       from: result.systemout
 
 - type: exec
-  script: echo -n '{{.status_lines}}' | sed -nr 's/.*(Loaded.*CPU).*/\1/p'
+  script: echo -n '{{.status_lines}}' | sed -nr 's/.*(Loaded.*Memory).*/\1/p'
   vars:
    first_lines:
      from: result.systemout

From ec78e4c926c400b10dc0ad76d1e0bab86f89638d Mon Sep 17 00:00:00 2001
From: jegoi <13801368+JeGoi@users.noreply.github.com>
Date: Tue, 6 Dec 2022 20:53:12 -0500
Subject: [PATCH 082/103] [Venom] Add retry+delays and default values on
 systemctl status

---
 t/venom/lib/systemctl_service_status.yml | 4 ++++
 1 file changed, 4 insertions(+)

diff --git a/t/venom/lib/systemctl_service_status.yml b/t/venom/lib/systemctl_service_status.yml
index 3e630c961311..98bf85b21764 100644
--- a/t/venom/lib/systemctl_service_status.yml
+++ b/t/venom/lib/systemctl_service_status.yml
@@ -3,11 +3,15 @@ input:
   service: "" 
   sudo: ""
   substring: "active (running)"
+  i_retry: 24
+  i_delay: 5
 steps:
 - type: systemctl_service
   unit_command: status
   service: "{{.input.service}}"
   sudo: "{{.input.sudo}}"
+  retry: "{{.input.i_retry}}"
+  delay: "{{.input.i_delay}}"
   assertions:
     - result.service_first_lines ShouldContainSubstring '{{.input.substring}}'
 output:

From 45d8e68e717c7de02de2c286fe19a67aaeaf964a Mon Sep 17 00:00:00 2001
From: jegoi <13801368+JeGoi@users.noreply.github.com>
Date: Tue, 6 Dec 2022 20:54:36 -0500
Subject: [PATCH 083/103] [Venom] start pf all services with executor

---
 .../test_suites/configurator/50_run_configurator_step4.yml   | 5 +----
 1 file changed, 1 insertion(+), 4 deletions(-)

diff --git a/t/venom/test_suites/configurator/50_run_configurator_step4.yml b/t/venom/test_suites/configurator/50_run_configurator_step4.yml
index b80ad2c6bdd8..a297a2c37918 100644
--- a/t/venom/test_suites/configurator/50_run_configurator_step4.yml
+++ b/t/venom/test_suites/configurator/50_run_configurator_step4.yml
@@ -38,7 +38,4 @@ testcases:
 
 - name: start_pf_services
   steps:
-  - type: pf_api_service_start_async
-    service: 'pf'
-    i_retry: 120
-    i_delay: 15
+  - type: pf_api_service_pf_start_async

From 2484465a6925841f57fcecbcb85999e3ef936da1 Mon Sep 17 00:00:00 2001
From: jegoi <13801368+JeGoi@users.noreply.github.com>
Date: Wed, 7 Dec 2022 17:23:12 -0500
Subject: [PATCH 084/103] [Venom] Fix for 2 mins and retry every 3s for all
 executors

---
 t/venom/lib/pf_api_domain_join.yml                  | 4 ++--
 t/venom/lib/pf_api_domain_unjoin.yml                | 4 ++--
 t/venom/lib/pf_api_poll.yml                         | 4 ++--
 t/venom/lib/pf_api_poll_with_token.yml              | 4 ++--
 t/venom/lib/pf_api_service_pf_start_async.yml       | 4 ++--
 t/venom/lib/pf_api_service_restart.yml              | 2 +-
 t/venom/lib/pf_api_service_start.yml                | 2 +-
 t/venom/lib/pf_api_service_start_async.yml          | 4 ++--
 t/venom/lib/pf_api_service_stop.yml                 | 2 +-
 t/venom/lib/pf_api_system_service_restart_async.yml | 4 ++--
 t/venom/lib/systemctl_service_status.yml            | 4 ++--
 11 files changed, 19 insertions(+), 19 deletions(-)

diff --git a/t/venom/lib/pf_api_domain_join.yml b/t/venom/lib/pf_api_domain_join.yml
index a232ae7cc2c3..f84d6f8836e2 100644
--- a/t/venom/lib/pf_api_domain_join.yml
+++ b/t/venom/lib/pf_api_domain_join.yml
@@ -3,8 +3,8 @@ input:
   id: ""
   username: ""
   password: ""
-  i_retry: 24
-  i_delay: 5
+  i_retry: 40
+  i_delay: 3
 steps:
 - type: pf_api_domain_action
   method: POST
diff --git a/t/venom/lib/pf_api_domain_unjoin.yml b/t/venom/lib/pf_api_domain_unjoin.yml
index 3e97c650ecc4..595b1fefdc5e 100644
--- a/t/venom/lib/pf_api_domain_unjoin.yml
+++ b/t/venom/lib/pf_api_domain_unjoin.yml
@@ -3,8 +3,8 @@ input:
   id: ""
   username: ""
   password: ""
-  i_retry: 24
-  i_delay: 5
+  i_retry: 40
+  i_delay: 3
 steps:
 - type: pf_api_domain_action
   method: POST
diff --git a/t/venom/lib/pf_api_poll.yml b/t/venom/lib/pf_api_poll.yml
index 010fb8435ab9..ee023cd8f5dc 100644
--- a/t/venom/lib/pf_api_poll.yml
+++ b/t/venom/lib/pf_api_poll.yml
@@ -3,8 +3,8 @@ input:
   i_task_id: ""
   i_message: "Completed"
   i_progress: 100
-  i_retry: 24
-  i_delay: 5
+  i_retry: 40
+  i_delay: 3
 steps:
 - type: pf_api_action
   url: "pfqueue/task/{{.input.i_task_id}}/status/poll"
diff --git a/t/venom/lib/pf_api_poll_with_token.yml b/t/venom/lib/pf_api_poll_with_token.yml
index c97d24ea9643..a99aa1e4ddd3 100644
--- a/t/venom/lib/pf_api_poll_with_token.yml
+++ b/t/venom/lib/pf_api_poll_with_token.yml
@@ -3,8 +3,8 @@ input:
   i_task_id: ""
   i_message: "Completed"
   i_progress: 100
-  i_retry: 24
-  i_delay: 5
+  i_retry: 40
+  i_delay: 3
   i_token: ""
 steps:
 - type: pf_api_action_with_token
diff --git a/t/venom/lib/pf_api_service_pf_start_async.yml b/t/venom/lib/pf_api_service_pf_start_async.yml
index ce9ca9571ae2..99408ab0fd50 100644
--- a/t/venom/lib/pf_api_service_pf_start_async.yml
+++ b/t/venom/lib/pf_api_service_pf_start_async.yml
@@ -13,7 +13,7 @@ steps:
 
 - type: pf_api_service_status
   service: "radiusd-auth"
-  retry: "120"
-  delay: "15"
+  retry: 600
+  delay: 3
   assertions:
     - result.pf_api_service_status_json.alive ShouldEqual 1
diff --git a/t/venom/lib/pf_api_service_restart.yml b/t/venom/lib/pf_api_service_restart.yml
index 4cea2d8ced9b..bc68aa222be0 100644
--- a/t/venom/lib/pf_api_service_restart.yml
+++ b/t/venom/lib/pf_api_service_restart.yml
@@ -11,7 +11,7 @@ steps:
 
 - type: pf_api_service_status
   service: "{{.input.service}}"
-  retry: 25
+  retry: 40
   delay: 3
   assertions:
     - result.pf_api_service_status_json.alive ShouldEqual 1
diff --git a/t/venom/lib/pf_api_service_start.yml b/t/venom/lib/pf_api_service_start.yml
index 6f72466f3b96..b615805a1de5 100644
--- a/t/venom/lib/pf_api_service_start.yml
+++ b/t/venom/lib/pf_api_service_start.yml
@@ -11,7 +11,7 @@ steps:
 
 - type: pf_api_service_status
   service: "{{.input.service}}"
-  retry: 25
+  retry: 40
   delay: 3
   assertions:
     - result.pf_api_service_status_json.alive ShouldEqual 1
diff --git a/t/venom/lib/pf_api_service_start_async.yml b/t/venom/lib/pf_api_service_start_async.yml
index cb9bdbcfba54..5aeb84f6fb27 100644
--- a/t/venom/lib/pf_api_service_start_async.yml
+++ b/t/venom/lib/pf_api_service_start_async.yml
@@ -2,8 +2,8 @@ executor: pf_api_service_start_async
 input:
   service: ""
   time_to_sleep: 0
-  i_retry: 24
-  i_delay: 5
+  i_retry: 40
+  i_delay: 3
 steps:
 - type: pf_api_service_action
   service: "{{.input.service}}"
diff --git a/t/venom/lib/pf_api_service_stop.yml b/t/venom/lib/pf_api_service_stop.yml
index 083bfd7c65b4..7258cb35fccb 100644
--- a/t/venom/lib/pf_api_service_stop.yml
+++ b/t/venom/lib/pf_api_service_stop.yml
@@ -11,7 +11,7 @@ steps:
 
 - type: pf_api_service_status
   service: "{{.input.service}}"
-  retry: 25
+  retry: 40
   delay: 3
   assertions:
     - result.pf_api_service_status_json.pid ShouldEqual 0
diff --git a/t/venom/lib/pf_api_system_service_restart_async.yml b/t/venom/lib/pf_api_system_service_restart_async.yml
index 9a8def887caa..fb4b3acf1c42 100644
--- a/t/venom/lib/pf_api_system_service_restart_async.yml
+++ b/t/venom/lib/pf_api_system_service_restart_async.yml
@@ -2,8 +2,8 @@ executor: pf_api_system_service_restart_async
 input:
   service: ""
   time_to_sleep: 0
-  i_retry: 24
-  i_delay: 5
+  i_retry: 40
+  i_delay: 3
 steps:
 - type: pf_api_system_service_action
   service: "{{.input.service}}"
diff --git a/t/venom/lib/systemctl_service_status.yml b/t/venom/lib/systemctl_service_status.yml
index 98bf85b21764..837f4d14babb 100644
--- a/t/venom/lib/systemctl_service_status.yml
+++ b/t/venom/lib/systemctl_service_status.yml
@@ -3,8 +3,8 @@ input:
   service: "" 
   sudo: ""
   substring: "active (running)"
-  i_retry: 24
-  i_delay: 5
+  i_retry: 40
+  i_delay: 3
 steps:
 - type: systemctl_service
   unit_command: status

From 71bc2dc142666f5b3aa21b0ce0e934799d7f4e82 Mon Sep 17 00:00:00 2001
From: jegoi <13801368+JeGoi@users.noreply.github.com>
Date: Wed, 7 Dec 2022 17:24:27 -0500
Subject: [PATCH 085/103] [Venom] api restart service asinc: Remove poll with
 same token

---
 t/venom/lib/pf_api_service_restart_async.yml | 5 ++---
 1 file changed, 2 insertions(+), 3 deletions(-)

diff --git a/t/venom/lib/pf_api_service_restart_async.yml b/t/venom/lib/pf_api_service_restart_async.yml
index 5df32bab067f..930de745d0c9 100644
--- a/t/venom/lib/pf_api_service_restart_async.yml
+++ b/t/venom/lib/pf_api_service_restart_async.yml
@@ -2,7 +2,7 @@ executor: pf_api_service_restart_async
 input:
   service: ""
   time_to_sleep: 0
-  i_retry: 48
+  i_retry: 40
   i_delay: 3
   time_to_sleep_before_status: 0
 steps:
@@ -22,11 +22,10 @@ steps:
     task_token:
       from: result.pf_api_service__token
 
-- type: pf_api_poll_with_token
+- type: pf_api_poll
   i_task_id: "{{.task_id}}"
   i_retry: "{{.input.i_retry}}"
   i_delay: "{{.input.i_delay}}"
-  i_token: "{{.task_token}}"
 
 - type: sleep
   time_to_sleep: "{{.input.time_to_sleep_before_status}}"

From 17210e8e155eedb4bcf63e107ae9147128b5de63 Mon Sep 17 00:00:00 2001
From: jegoi <13801368+JeGoi@users.noreply.github.com>
Date: Wed, 7 Dec 2022 17:25:32 -0500
Subject: [PATCH 086/103] [Venom] systemctl restart: readd sudo as default

---
 t/venom/lib/systemctl_service_restart.yml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/t/venom/lib/systemctl_service_restart.yml b/t/venom/lib/systemctl_service_restart.yml
index 899e4a1aa48a..a515aab50644 100644
--- a/t/venom/lib/systemctl_service_restart.yml
+++ b/t/venom/lib/systemctl_service_restart.yml
@@ -2,7 +2,7 @@ executor: systemctl_service_restart
 input:
   service: "" 
   time_to_sleep: 0
-  sudo: ""
+  sudo: "sudo"
 steps:
 # service restarted by hand because using API cause Venom failure (EOF)
 - type: systemctl_service

From bb0423d73a8ec37ab84aeed193752f4d3e680f81 Mon Sep 17 00:00:00 2001
From: jegoi <13801368+JeGoi@users.noreply.github.com>
Date: Wed, 7 Dec 2022 17:27:31 -0500
Subject: [PATCH 087/103] [Venom] Cli Login Radius: Use the systemctl restart
 executor

---
 t/venom/test_suites/cli-login-radius/20_start_services.yml | 4 +---
 1 file changed, 1 insertion(+), 3 deletions(-)

diff --git a/t/venom/test_suites/cli-login-radius/20_start_services.yml b/t/venom/test_suites/cli-login-radius/20_start_services.yml
index 31882d9f6e07..366439880d8f 100644
--- a/t/venom/test_suites/cli-login-radius/20_start_services.yml
+++ b/t/venom/test_suites/cli-login-radius/20_start_services.yml
@@ -2,7 +2,5 @@ name: Start radius-test.service
 testcases:
 - name: start_radius_test_service
   steps:
-  - type: systemctl_service
-    unit_command: restart
+  - type: systemctl_service_restart
     service: radius-test.service
-    sudo: sudo

From cd0a96581e88022f8e194d1bfc0437ff817c8e6f Mon Sep 17 00:00:00 2001
From: jegoi <13801368+JeGoi@users.noreply.github.com>
Date: Wed, 7 Dec 2022 17:28:34 -0500
Subject: [PATCH 088/103] [Venom] Configurator inline*: to be as configurator
 steps

---
 .../configurator_inline/50_run_configurator_step4.yml    | 9 +++------
 .../configurator_inline_l2/50_run_configurator_step4.yml | 9 +++------
 2 files changed, 6 insertions(+), 12 deletions(-)

diff --git a/t/venom/test_suites/configurator_inline/50_run_configurator_step4.yml b/t/venom/test_suites/configurator_inline/50_run_configurator_step4.yml
index e70078d49514..a297a2c37918 100644
--- a/t/venom/test_suites/configurator_inline/50_run_configurator_step4.yml
+++ b/t/venom/test_suites/configurator_inline/50_run_configurator_step4.yml
@@ -7,8 +7,8 @@ testcases:
 
 - name: restart_pfqueue_service
   steps:
-  - type: pf_api_system_service_restart_async
-    service: "packetfence-pfqueue"
+  - type: pf_api_service_restart_async
+    service: "pfqueue"
     time_to_sleep: 5
 
 - name: update_systemd
@@ -38,7 +38,4 @@ testcases:
 
 - name: start_pf_services
   steps:
-  - type: pf_api_service_start_async
-    service: 'pf'
-    i_retry: 10
-    i_delay: 60
+  - type: pf_api_service_pf_start_async
diff --git a/t/venom/test_suites/configurator_inline_l2/50_run_configurator_step4.yml b/t/venom/test_suites/configurator_inline_l2/50_run_configurator_step4.yml
index e70078d49514..a297a2c37918 100644
--- a/t/venom/test_suites/configurator_inline_l2/50_run_configurator_step4.yml
+++ b/t/venom/test_suites/configurator_inline_l2/50_run_configurator_step4.yml
@@ -7,8 +7,8 @@ testcases:
 
 - name: restart_pfqueue_service
   steps:
-  - type: pf_api_system_service_restart_async
-    service: "packetfence-pfqueue"
+  - type: pf_api_service_restart_async
+    service: "pfqueue"
     time_to_sleep: 5
 
 - name: update_systemd
@@ -38,7 +38,4 @@ testcases:
 
 - name: start_pf_services
   steps:
-  - type: pf_api_service_start_async
-    service: 'pf'
-    i_retry: 10
-    i_delay: 60
+  - type: pf_api_service_pf_start_async

From f4b0feb5c340e7b49da098de14704e649e4e8747 Mon Sep 17 00:00:00 2001
From: jegoi <13801368+JeGoi@users.noreply.github.com>
Date: Thu, 8 Dec 2022 08:23:14 -0500
Subject: [PATCH 089/103] [Venom] Suricata: add async for restart services

---
 .../05_setup_packetfence.yml                  | 52 ++++++++-----------
 1 file changed, 22 insertions(+), 30 deletions(-)

diff --git a/t/venom/test_suites/security_event_suricata/05_setup_packetfence.yml b/t/venom/test_suites/security_event_suricata/05_setup_packetfence.yml
index b20d210f182c..25ad0f6e804a 100644
--- a/t/venom/test_suites/security_event_suricata/05_setup_packetfence.yml
+++ b/t/venom/test_suites/security_event_suricata/05_setup_packetfence.yml
@@ -241,48 +241,40 @@ testcases:
 
 - name: restart_iptables
   steps:
-  - type: systemctl_service_restart
-    service: packetfence-iptables
-    time_to_sleep: 5
+  - type: pf_api_service_restart
+    service: iptables
 
-- name: restart_pfdns_service
+- name: restart_pfdns
   steps:
-  - type: systemctl_service_restart
-    service: packetfence-pfdns
-    time_to_sleep: 5
+  - type: pf_api_service_restart
+    service: pfdns
 
-- name: restart_pfdhcp_service
+- name: restart_pfdhcp
   steps:
-  - type: systemctl_service_restart
-    service: packetfence-pfdhcp
-    time_to_sleep: 5
+  - type: pf_api_service_restart
+    service: pfdhcp
 
-- name: restart_haproxy-portal_service
+- name: restart_haproxy-portal
   steps:
-  - type: systemctl_service_restart
-    service: packetfence-haproxy-portal
-    time_to_sleep: 5
+  - type: pf_api_service_restart
+    service: haproxy-portal
 
-- name: restart_keepalived_service
+- name: restart_keepalived
   steps:
-  - type: systemctl_service_restart
-    service: packetfence-keepalived
-    time_to_sleep: 5
+  - type: pf_api_service_restart
+    service: keepalived
 
-- name: restart_pfdhcplistener_service
+- name: restart_pfdhcplistener
   steps:
-  - type: systemctl_service_restart
-    service: packetfence-pfdhcplistener
-    time_to_sleep: 5
+  - type: pf_api_service_restart
+    service: pfdhcplistener
 
-- name: restart_pfacct_service
+- name: restart_pfacct
   steps:
-  - type: systemctl_service_restart
-    service: packetfence-pfacct
-    time_to_sleep: 5
+  - type: pf_api_service_restart
+    service: pfacct
 
 - name: restart_pfqueue_service
   steps:
-  - type: systemctl_service_restart
-    service: packetfence-pfqueue
-    time_to_sleep: 5
+  - type: pf_api_service_restart 
+    service: pfqueue

From c9bb28db272de41f06704e2c4a863a36f2c1f48d Mon Sep 17 00:00:00 2001
From: James Rouzier <jrouzier@inverse.ca>
Date: Sun, 11 Dec 2022 05:50:23 +0000
Subject: [PATCH 090/103] If database_proxysql.status is enabled then configure
 a single server

---
 conf/proxysql.conf.example          |  2 ++
 lib/pf/services/manager/proxysql.pm | 24 ++++++++++++++++++++++--
 sbin/proxysql-docker-wrapper        |  1 +
 t/db/smoke_test.sql                 | 10 ++++++----
 4 files changed, 31 insertions(+), 6 deletions(-)

diff --git a/conf/proxysql.conf.example b/conf/proxysql.conf.example
index 2aabd302c465..47475fc27be1 100644
--- a/conf/proxysql.conf.example
+++ b/conf/proxysql.conf.example
@@ -66,6 +66,8 @@ mysql_variables=
     commands_stats=true
     sessions_sort=true
 
+[% mysql_ssl_p2s_capath %]
+
 [% monitor %]
 
     monitor_galera_healthcheck_interval=2000
diff --git a/lib/pf/services/manager/proxysql.pm b/lib/pf/services/manager/proxysql.pm
index 2687d6dce921..88848d119316 100644
--- a/lib/pf/services/manager/proxysql.pm
+++ b/lib/pf/services/manager/proxysql.pm
@@ -58,6 +58,7 @@ sub generateConfig {
     my ($package, $filename, $line) = caller();
 
     my %tags;
+    my $single_server = 0;
     $tags{'template'} = $self->proxysql_config_template;
     $tags{'geoDB'} = $FALSE;
     $tags{'mysql_servers'} = "";
@@ -72,7 +73,23 @@ EOT
 EOT
 
     my $i = 100;
-    if (pf::cluster::getWriteDB()) {
+    my $database_proxysql = $pf::config::Config{database_proxysql};
+
+    if (isenabled($database_proxysql->{status})) {
+        my $cacert = $database_proxysql->{cacert};
+        if ($cacert) {
+            $tags{'mysql_ssl_p2s_capath'} = << "EOT";
+    mysql-ssl_p2s_capath = "$cacert";
+EOT
+        }
+
+        $single_server = 1;
+        my $backend = $database_proxysql->{backend};
+        my $ssl = $cacert ? 1 : 0;
+        $tags{mysql_servers} .= << "EOT";
+    { address="$backend" , port=3306 , hostgroup=10, max_connections=1000, weight=$i, use_ssl=$ssl },
+EOT
+    } elsif (pf::cluster::getWriteDB()) {
         $tags{'geoDB'} = $TRUE;
         my @mysql_write_backend = pf::cluster::getWriteDB();
         my @mysql_read_backend = pf::cluster::getReadDB();
@@ -105,8 +122,11 @@ EOT
         }
     }
 
+
+
     my @mysql_servers = pf::cluster::mysql_servers();
-    $tags{'single_server'} = (scalar(@mysql_servers) == 1);
+
+    $tags{'single_server'} = $single_server || (scalar(@mysql_servers) == 1);
 
     $tags{'mysql_pf_user'} = $DB_Config->{user};
     $tags{'mysql_pf_user'} =~ s/"/\\"/g;
diff --git a/sbin/proxysql-docker-wrapper b/sbin/proxysql-docker-wrapper
index 294acd49e037..5c38982f0cc6 100755
--- a/sbin/proxysql-docker-wrapper
+++ b/sbin/proxysql-docker-wrapper
@@ -5,6 +5,7 @@ source /usr/local/pf/containers/systemd-service
 name=proxysql
 
 args=`base_args $name`
+args="$args -v/usr/local/pf/conf/:/usr/local/pf/conf/"
 args="$args -v/usr/local/pf/var/conf/:/usr/local/pf/var/conf/"
 args="$args -v /usr/local/pf/var/proxysql/:/usr/local/pf/var/proxysql/"
 args+=" -p 127.0.0.1:6032:6032 -p 6033:6033 -p 6080:6080"
diff --git a/t/db/smoke_test.sql b/t/db/smoke_test.sql
index 69a3527d7c0c..2ac330e96da6 100644
--- a/t/db/smoke_test.sql
+++ b/t/db/smoke_test.sql
@@ -1,7 +1,9 @@
 DROP USER IF EXISTS pf_smoke_tester@'%';
 DROP USER IF EXISTS pf_smoke_tester@'localhost';
-GRANT ALL PRIVILEGES ON `pf_smoke_test%`.* TO pf_smoke_tester@'%' IDENTIFIED BY 'packet';
-GRANT ALL PRIVILEGES ON `pf_smoke_test%`.* TO pf_smoke_tester@'localhost' IDENTIFIED BY 'packet';
-GRANT INSERT, ALTER ROUTINE, CREATE ROUTINE ON mysql.* TO pf_smoke_tester@'localhost' IDENTIFIED BY 'packet';
-GRANT INSERT, ALTER ROUTINE, CREATE ROUTINE ON mysql.* TO pf_smoke_tester@'%' IDENTIFIED BY 'packet';
+CREATE USER 'pf_smoke_tester'@'localhost' IDENTIFIED BY 'Packet^1';
+CREATE USER 'pf_smoke_tester'@'%' IDENTIFIED BY 'Packet^1';
+GRANT ALL PRIVILEGES ON `pf_smoke_test%`.* TO pf_smoke_tester@'%';
+GRANT ALL PRIVILEGES ON `pf_smoke_test%`.* TO pf_smoke_tester@'localhost';
+GRANT INSERT, ALTER ROUTINE, CREATE ROUTINE ON mysql.* TO pf_smoke_tester@'localhost';
+GRANT INSERT, ALTER ROUTINE, CREATE ROUTINE ON mysql.* TO pf_smoke_tester@'%';
 FLUSH PRIVILEGES;

From 6347e4e3920faa79502fc79b68b81f3327c336b6 Mon Sep 17 00:00:00 2001
From: Julien Semaan <jul.semaan@gmail.com>
Date: Mon, 12 Dec 2022 08:13:49 -0500
Subject: [PATCH 091/103] Update NEWS.asciidoc

---
 NEWS.asciidoc | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/NEWS.asciidoc b/NEWS.asciidoc
index 5dd5388b401d..357dd3a1f494 100644
--- a/NEWS.asciidoc
+++ b/NEWS.asciidoc
@@ -31,6 +31,8 @@ For a list of compatibility related changes see the <<PacketFence_Upgrade_Guide.
 
 === Bug Fixes
 
+ * Force the destination IP for UDP packets going through the pfconnector (#7323)
+
 == Version 12.1.0 released on 2022-11-22
 
 === New Features

From 28ccb728ad414a017670cc14476cd67eb6133b12 Mon Sep 17 00:00:00 2001
From: jegoi <13801368+JeGoi@users.noreply.github.com>
Date: Mon, 12 Dec 2022 08:38:55 -0500
Subject: [PATCH 092/103] [Venom] Remove token action = token poll

---
 t/venom/lib/pf_api_action_with_token.yml      | 40 -------------------
 t/venom/lib/pf_api_poll_with_token.yml        | 24 -----------
 t/venom/lib/pf_api_service_action.yml         |  1 -
 t/venom/lib/pf_api_service_pf_start_async.yml |  2 +
 t/venom/lib/pf_api_service_restart_async.yml  |  2 -
 t/venom/lib/pf_api_service_start_async.yml    |  5 +--
 6 files changed, 3 insertions(+), 71 deletions(-)
 delete mode 100644 t/venom/lib/pf_api_action_with_token.yml
 delete mode 100644 t/venom/lib/pf_api_poll_with_token.yml

diff --git a/t/venom/lib/pf_api_action_with_token.yml b/t/venom/lib/pf_api_action_with_token.yml
deleted file mode 100644
index 6058d6da3977..000000000000
--- a/t/venom/lib/pf_api_action_with_token.yml
+++ /dev/null
@@ -1,40 +0,0 @@
-executor: pf_api_action_with_token
-input:
-  body: {}
-  method: GET
-  status_code: 200
-  url: ""
-  time_to_sleep: 0
-  i_token: ""
-steps:
-- type: http
-  method: "{{.input.method}}"
-  url: '{{.pfserver_webadmin_url}}/api/v1/{{.input.url}}'
-  ignore_verify_ssl: true
-  body: '{{.input.body}}'
-  headers:
-    "Authorization": "{{.input.i_token}}"
-    "Content-Type": "application/json"
-  assertions:
-    - result.statuscode ShouldEqual "{{.input.status_code}}"
-    - result.bodyjson.__type__ ShouldEqual Map
-  #info:
-  # - "{{.http_json.items.items0.security_event_id}}"
-  vars:
-    http_json:
-      from: result.bodyjson
-
-- type: sleep
-  time_to_sleep: "{{.input.time_to_sleep}}"
-
-output:
-  pf_api_action_: "{{.http_json}}"
-  pf_api_action__items_item0_id: "{{.http_json.items.items0.id}}" 
-  pf_api_action__message: "{{.http_json.message}}" 
-  pf_api_action__progress: "{{.http_json.progress}}" 
-  pf_api_action__status: "{{.http_json.status}}" 
-  pf_api_action__node_status: "{{.http_json.item.status}}" 
-  pf_api_action__node_dhcp_fingerprint: "{{.http_json.item.dhcp_fingerprint}}" 
-  pf_api_action__node_unregdate: "{{.http_json.item.unregdate}}" 
-  pf_api_action__node_security_event_id: "{{.http_json.items.items0.security_event_id}}" 
-  pf_api_action__items: "{{.http_json.items}}" 
diff --git a/t/venom/lib/pf_api_poll_with_token.yml b/t/venom/lib/pf_api_poll_with_token.yml
deleted file mode 100644
index a99aa1e4ddd3..000000000000
--- a/t/venom/lib/pf_api_poll_with_token.yml
+++ /dev/null
@@ -1,24 +0,0 @@
-executor: pf_api_poll_with_token
-input:
-  i_task_id: ""
-  i_message: "Completed"
-  i_progress: 100
-  i_retry: 40
-  i_delay: 3
-  i_token: ""
-steps:
-- type: pf_api_action_with_token
-  url: "pfqueue/task/{{.input.i_task_id}}/status/poll"
-  # wait two minutes by default
-  retry: "{{.input.i_retry}}"
-  delay: "{{.input.i_delay}}"
-  i_token: "{{.input.i_token}}"
-  assertions:
-    - result.pf_api_action_json.message ShouldEqual "{{.input.i_message}}"
-    - result.pf_api_action_json.progress ShouldEqual "{{.input.i_progress}}"
-  vars:
-    poll_temp:
-       from: result.pf_api_action_
-
-output: 
-  pf_api_poll_: "{{.poll_temp}}"
diff --git a/t/venom/lib/pf_api_service_action.yml b/t/venom/lib/pf_api_service_action.yml
index 843636f3f6d8..6d3ad9a518ed 100644
--- a/t/venom/lib/pf_api_service_action.yml
+++ b/t/venom/lib/pf_api_service_action.yml
@@ -19,4 +19,3 @@ steps:
 
 output: 
   pf_api_service_action_: "{{.service_temp}}"
-  pf_api_service__token: "{{.result.pf_api_action__token}}"
diff --git a/t/venom/lib/pf_api_service_pf_start_async.yml b/t/venom/lib/pf_api_service_pf_start_async.yml
index 99408ab0fd50..55a836ec11a2 100644
--- a/t/venom/lib/pf_api_service_pf_start_async.yml
+++ b/t/venom/lib/pf_api_service_pf_start_async.yml
@@ -11,6 +11,8 @@ steps:
       "async": "true"
     }
 
+# radiusd-auth is a service with a lot of service dependencies
+# so, one of the lastest vital services to start
 - type: pf_api_service_status
   service: "radiusd-auth"
   retry: 600
diff --git a/t/venom/lib/pf_api_service_restart_async.yml b/t/venom/lib/pf_api_service_restart_async.yml
index 930de745d0c9..8a6fd59be842 100644
--- a/t/venom/lib/pf_api_service_restart_async.yml
+++ b/t/venom/lib/pf_api_service_restart_async.yml
@@ -19,8 +19,6 @@ steps:
   vars:
     task_id:
       from: result.pf_api_service_action_json.task_id
-    task_token:
-      from: result.pf_api_service__token
 
 - type: pf_api_poll
   i_task_id: "{{.task_id}}"
diff --git a/t/venom/lib/pf_api_service_start_async.yml b/t/venom/lib/pf_api_service_start_async.yml
index 5aeb84f6fb27..44a383fa4637 100644
--- a/t/venom/lib/pf_api_service_start_async.yml
+++ b/t/venom/lib/pf_api_service_start_async.yml
@@ -18,11 +18,8 @@ steps:
   vars:
     task_id:
       from: result.pf_api_service_action_json.task_id
-    task_token:
-      from: result.pf_api_service__token
 
-- type: pf_api_poll_with_token
+- type: pf_api_poll
   i_task_id: "{{.task_id}}"
   i_retry: "{{.input.i_retry}}"
   i_delay: "{{.input.i_delay}}"
-  i_token: "{{.task_token}}"

From bdbb2bb434fcf7d101deeb0712a0ed5503b2b20e Mon Sep 17 00:00:00 2001
From: jegoi <13801368+JeGoi@users.noreply.github.com>
Date: Mon, 12 Dec 2022 09:44:09 -0500
Subject: [PATCH 093/103] [Venom] Change rsync to dev playbook

---
 .../captive_portal/playbooks/rsync.yml        | 18 -----------
 t/venom/scenarios/captive_portal/site.yml     | 10 ++++---
 .../scenarios/cli_login/playbooks/rsync.yml   | 18 -----------
 t/venom/scenarios/cli_login/site.yml          | 10 ++++---
 t/venom/scenarios/cluster/playbooks/rsync.yml | 18 -----------
 t/venom/scenarios/cluster/site.yml            | 10 ++++---
 .../playbooks/rsync.yml => common/dev.yml}    |  0
 t/venom/scenarios/configurator/site.yml       | 10 ++++---
 .../dot1x_eap_peap/playbooks/rsync.yml        | 30 -------------------
 t/venom/scenarios/dot1x_eap_peap/site.yml     | 10 ++++---
 .../dot1x_eap_tls/playbooks/rsync.yml         | 18 -----------
 t/venom/scenarios/dot1x_eap_tls/site.yml      | 10 ++++---
 t/venom/scenarios/example/playbooks/rsync.yml | 18 -----------
 t/venom/scenarios/example/site.yml            | 10 ++++---
 .../export_import/playbooks/rsync.yml         | 18 -----------
 t/venom/scenarios/export_import/site.yml      | 10 ++++---
 .../external_integrations/playbooks/rsync.yml | 18 -----------
 .../scenarios/external_integrations/site.yml  | 10 ++++---
 .../fingerbank_invalid_db/playbooks/rsync.yml | 18 -----------
 .../scenarios/fingerbank_invalid_db/site.yml  | 10 ++++---
 t/venom/scenarios/inline/playbooks/rsync.yml  | 18 -----------
 t/venom/scenarios/inline/site.yml             | 10 ++++---
 .../inline_l2_and_radius/playbooks/rsync.yml  | 18 -----------
 .../scenarios/inline_l2_and_radius/site.yml   | 10 ++++---
 .../scenarios/mac_auth/playbooks/rsync.yml    | 18 -----------
 t/venom/scenarios/mac_auth/site.yml           | 10 ++++---
 .../security_events/playbooks/rsync.yml       | 18 -----------
 t/venom/scenarios/security_events/site.yml    | 10 ++++---
 .../scenarios/template/playbooks/rsync.yml    | 18 -----------
 t/venom/scenarios/template/site.yml           | 10 ++++---
 .../scenarios/test_venom/playbooks/rsync.yml  | 18 -----------
 t/venom/scenarios/test_venom/site.yml         | 10 ++++---
 .../scenarios/unit_tests/playbooks/rsync.yml  | 18 -----------
 t/venom/scenarios/unit_tests/site.yml         | 10 ++++---
 34 files changed, 102 insertions(+), 368 deletions(-)
 delete mode 100644 t/venom/scenarios/captive_portal/playbooks/rsync.yml
 delete mode 100644 t/venom/scenarios/cli_login/playbooks/rsync.yml
 delete mode 100644 t/venom/scenarios/cluster/playbooks/rsync.yml
 rename t/venom/scenarios/{configurator/playbooks/rsync.yml => common/dev.yml} (100%)
 delete mode 100644 t/venom/scenarios/dot1x_eap_peap/playbooks/rsync.yml
 delete mode 100644 t/venom/scenarios/dot1x_eap_tls/playbooks/rsync.yml
 delete mode 100644 t/venom/scenarios/example/playbooks/rsync.yml
 delete mode 100644 t/venom/scenarios/export_import/playbooks/rsync.yml
 delete mode 100644 t/venom/scenarios/external_integrations/playbooks/rsync.yml
 delete mode 100644 t/venom/scenarios/fingerbank_invalid_db/playbooks/rsync.yml
 delete mode 100644 t/venom/scenarios/inline/playbooks/rsync.yml
 delete mode 100644 t/venom/scenarios/inline_l2_and_radius/playbooks/rsync.yml
 delete mode 100644 t/venom/scenarios/mac_auth/playbooks/rsync.yml
 delete mode 100644 t/venom/scenarios/security_events/playbooks/rsync.yml
 delete mode 100644 t/venom/scenarios/template/playbooks/rsync.yml
 delete mode 100644 t/venom/scenarios/test_venom/playbooks/rsync.yml
 delete mode 100644 t/venom/scenarios/unit_tests/playbooks/rsync.yml

diff --git a/t/venom/scenarios/captive_portal/playbooks/rsync.yml b/t/venom/scenarios/captive_portal/playbooks/rsync.yml
deleted file mode 100644
index a592f83c0c79..000000000000
--- a/t/venom/scenarios/captive_portal/playbooks/rsync.yml
+++ /dev/null
@@ -1,18 +0,0 @@
----
-- hosts: pfservers, service_venom, nodes
-  name: Rsync Git repository t/venom with /usr/local/pf/t/venom (localdev only)
-  become: True
-
-  tasks:
-    - name: Synchronize Git repository t/venom with /usr/local/pf/t/venom
-      ansible.posix.synchronize:
-        # src is provided through test-wrapper.sh
-        # as $PWD/venom (no leading slash)
-        src: "{{ lookup('env', 'VENOM_ROOT_DIR') }}"
-        dest: '/usr/local/pf/t/'
-        archive: yes
-        delete: yes
-        # exclude files dynamically generated by Ansible
-        rsync_opts:
-          - "--exclude=vars/local.yml"
-
diff --git a/t/venom/scenarios/captive_portal/site.yml b/t/venom/scenarios/captive_portal/site.yml
index 7442a70f6840..f8a7db5cec2b 100644
--- a/t/venom/scenarios/captive_portal/site.yml
+++ b/t/venom/scenarios/captive_portal/site.yml
@@ -1,10 +1,12 @@
 ---
-# - import_playbook: playbooks/provision.yml
-
-# rsync before tests when doing local development
-- import_playbook: playbooks/rsync.yml
+# Development environnement
+## rsync before tests when doing local development
+## preinstall vim
+## fix term
+- import_playbook: ../common/dev.yml
   when: lookup("env", "CI") != 'true'
 
+# Add extra configuration before running venom tests
 #- import_playbook: playbooks/configure.yml
 
 - import_playbook: playbooks/run_tests.yml
diff --git a/t/venom/scenarios/cli_login/playbooks/rsync.yml b/t/venom/scenarios/cli_login/playbooks/rsync.yml
deleted file mode 100644
index a592f83c0c79..000000000000
--- a/t/venom/scenarios/cli_login/playbooks/rsync.yml
+++ /dev/null
@@ -1,18 +0,0 @@
----
-- hosts: pfservers, service_venom, nodes
-  name: Rsync Git repository t/venom with /usr/local/pf/t/venom (localdev only)
-  become: True
-
-  tasks:
-    - name: Synchronize Git repository t/venom with /usr/local/pf/t/venom
-      ansible.posix.synchronize:
-        # src is provided through test-wrapper.sh
-        # as $PWD/venom (no leading slash)
-        src: "{{ lookup('env', 'VENOM_ROOT_DIR') }}"
-        dest: '/usr/local/pf/t/'
-        archive: yes
-        delete: yes
-        # exclude files dynamically generated by Ansible
-        rsync_opts:
-          - "--exclude=vars/local.yml"
-
diff --git a/t/venom/scenarios/cli_login/site.yml b/t/venom/scenarios/cli_login/site.yml
index a9f7278308fe..8e99c97f135e 100644
--- a/t/venom/scenarios/cli_login/site.yml
+++ b/t/venom/scenarios/cli_login/site.yml
@@ -1,10 +1,12 @@
 ---
-# - import_playbook: playbooks/provision.yml
-
-# rsync before tests when doing local development
-- import_playbook: playbooks/rsync.yml
+# Development environnement
+## rsync before tests when doing local development
+## preinstall vim
+## fix term
+- import_playbook: ../common/dev.yml
   when: lookup("env", "CI") != 'true'
 
+# Add extra configuration before running venom tests
 - import_playbook: playbooks/configure.yml
 
 - import_playbook: playbooks/run_tests.yml
diff --git a/t/venom/scenarios/cluster/playbooks/rsync.yml b/t/venom/scenarios/cluster/playbooks/rsync.yml
deleted file mode 100644
index a592f83c0c79..000000000000
--- a/t/venom/scenarios/cluster/playbooks/rsync.yml
+++ /dev/null
@@ -1,18 +0,0 @@
----
-- hosts: pfservers, service_venom, nodes
-  name: Rsync Git repository t/venom with /usr/local/pf/t/venom (localdev only)
-  become: True
-
-  tasks:
-    - name: Synchronize Git repository t/venom with /usr/local/pf/t/venom
-      ansible.posix.synchronize:
-        # src is provided through test-wrapper.sh
-        # as $PWD/venom (no leading slash)
-        src: "{{ lookup('env', 'VENOM_ROOT_DIR') }}"
-        dest: '/usr/local/pf/t/'
-        archive: yes
-        delete: yes
-        # exclude files dynamically generated by Ansible
-        rsync_opts:
-          - "--exclude=vars/local.yml"
-
diff --git a/t/venom/scenarios/cluster/site.yml b/t/venom/scenarios/cluster/site.yml
index 7442a70f6840..f8a7db5cec2b 100644
--- a/t/venom/scenarios/cluster/site.yml
+++ b/t/venom/scenarios/cluster/site.yml
@@ -1,10 +1,12 @@
 ---
-# - import_playbook: playbooks/provision.yml
-
-# rsync before tests when doing local development
-- import_playbook: playbooks/rsync.yml
+# Development environnement
+## rsync before tests when doing local development
+## preinstall vim
+## fix term
+- import_playbook: ../common/dev.yml
   when: lookup("env", "CI") != 'true'
 
+# Add extra configuration before running venom tests
 #- import_playbook: playbooks/configure.yml
 
 - import_playbook: playbooks/run_tests.yml
diff --git a/t/venom/scenarios/configurator/playbooks/rsync.yml b/t/venom/scenarios/common/dev.yml
similarity index 100%
rename from t/venom/scenarios/configurator/playbooks/rsync.yml
rename to t/venom/scenarios/common/dev.yml
diff --git a/t/venom/scenarios/configurator/site.yml b/t/venom/scenarios/configurator/site.yml
index 7442a70f6840..f8a7db5cec2b 100644
--- a/t/venom/scenarios/configurator/site.yml
+++ b/t/venom/scenarios/configurator/site.yml
@@ -1,10 +1,12 @@
 ---
-# - import_playbook: playbooks/provision.yml
-
-# rsync before tests when doing local development
-- import_playbook: playbooks/rsync.yml
+# Development environnement
+## rsync before tests when doing local development
+## preinstall vim
+## fix term
+- import_playbook: ../common/dev.yml
   when: lookup("env", "CI") != 'true'
 
+# Add extra configuration before running venom tests
 #- import_playbook: playbooks/configure.yml
 
 - import_playbook: playbooks/run_tests.yml
diff --git a/t/venom/scenarios/dot1x_eap_peap/playbooks/rsync.yml b/t/venom/scenarios/dot1x_eap_peap/playbooks/rsync.yml
deleted file mode 100644
index f6515ea2ac67..000000000000
--- a/t/venom/scenarios/dot1x_eap_peap/playbooks/rsync.yml
+++ /dev/null
@@ -1,30 +0,0 @@
----
-- hosts: pfservers, service_venom, nodes
-  name: Rsync Git repository t/venom with /usr/local/pf/t/venom (localdev only)
-  become: True
-
-  tasks:
-    - name: Synchronize Git repository t/venom with /usr/local/pf/t/venom
-      ansible.posix.synchronize:
-        # src is provided through test-wrapper.sh
-        # as $PWD/venom (no leading slash)
-        src: "{{ lookup('env', 'VENOM_ROOT_DIR') }}"
-        dest: '/usr/local/pf/t/'
-        archive: yes
-        delete: yes
-        # exclude files dynamically generated by Ansible
-        rsync_opts:
-          - "--exclude=vars/local.yml"
-
-    - name: Synchronize Git repository t/mock_servers with /usr/local/pf/t/mock_servers
-      ansible.posix.synchronize:
-        # src is provided through test-wrapper.sh
-        # as $PWD/venom (no leading slash)
-        src: "{{ lookup('env', 'VENOM_ROOT_DIR') }}/../mock_servers"
-        dest: '/usr/local/pf/t/'
-        archive: yes
-        delete: yes
-        # exclude files dynamically generated by Ansible
-        rsync_opts:
-          - "--exclude=vars/local.yml"
-
diff --git a/t/venom/scenarios/dot1x_eap_peap/site.yml b/t/venom/scenarios/dot1x_eap_peap/site.yml
index a9f7278308fe..8e99c97f135e 100644
--- a/t/venom/scenarios/dot1x_eap_peap/site.yml
+++ b/t/venom/scenarios/dot1x_eap_peap/site.yml
@@ -1,10 +1,12 @@
 ---
-# - import_playbook: playbooks/provision.yml
-
-# rsync before tests when doing local development
-- import_playbook: playbooks/rsync.yml
+# Development environnement
+## rsync before tests when doing local development
+## preinstall vim
+## fix term
+- import_playbook: ../common/dev.yml
   when: lookup("env", "CI") != 'true'
 
+# Add extra configuration before running venom tests
 - import_playbook: playbooks/configure.yml
 
 - import_playbook: playbooks/run_tests.yml
diff --git a/t/venom/scenarios/dot1x_eap_tls/playbooks/rsync.yml b/t/venom/scenarios/dot1x_eap_tls/playbooks/rsync.yml
deleted file mode 100644
index a592f83c0c79..000000000000
--- a/t/venom/scenarios/dot1x_eap_tls/playbooks/rsync.yml
+++ /dev/null
@@ -1,18 +0,0 @@
----
-- hosts: pfservers, service_venom, nodes
-  name: Rsync Git repository t/venom with /usr/local/pf/t/venom (localdev only)
-  become: True
-
-  tasks:
-    - name: Synchronize Git repository t/venom with /usr/local/pf/t/venom
-      ansible.posix.synchronize:
-        # src is provided through test-wrapper.sh
-        # as $PWD/venom (no leading slash)
-        src: "{{ lookup('env', 'VENOM_ROOT_DIR') }}"
-        dest: '/usr/local/pf/t/'
-        archive: yes
-        delete: yes
-        # exclude files dynamically generated by Ansible
-        rsync_opts:
-          - "--exclude=vars/local.yml"
-
diff --git a/t/venom/scenarios/dot1x_eap_tls/site.yml b/t/venom/scenarios/dot1x_eap_tls/site.yml
index 7442a70f6840..f8a7db5cec2b 100644
--- a/t/venom/scenarios/dot1x_eap_tls/site.yml
+++ b/t/venom/scenarios/dot1x_eap_tls/site.yml
@@ -1,10 +1,12 @@
 ---
-# - import_playbook: playbooks/provision.yml
-
-# rsync before tests when doing local development
-- import_playbook: playbooks/rsync.yml
+# Development environnement
+## rsync before tests when doing local development
+## preinstall vim
+## fix term
+- import_playbook: ../common/dev.yml
   when: lookup("env", "CI") != 'true'
 
+# Add extra configuration before running venom tests
 #- import_playbook: playbooks/configure.yml
 
 - import_playbook: playbooks/run_tests.yml
diff --git a/t/venom/scenarios/example/playbooks/rsync.yml b/t/venom/scenarios/example/playbooks/rsync.yml
deleted file mode 100644
index a592f83c0c79..000000000000
--- a/t/venom/scenarios/example/playbooks/rsync.yml
+++ /dev/null
@@ -1,18 +0,0 @@
----
-- hosts: pfservers, service_venom, nodes
-  name: Rsync Git repository t/venom with /usr/local/pf/t/venom (localdev only)
-  become: True
-
-  tasks:
-    - name: Synchronize Git repository t/venom with /usr/local/pf/t/venom
-      ansible.posix.synchronize:
-        # src is provided through test-wrapper.sh
-        # as $PWD/venom (no leading slash)
-        src: "{{ lookup('env', 'VENOM_ROOT_DIR') }}"
-        dest: '/usr/local/pf/t/'
-        archive: yes
-        delete: yes
-        # exclude files dynamically generated by Ansible
-        rsync_opts:
-          - "--exclude=vars/local.yml"
-
diff --git a/t/venom/scenarios/example/site.yml b/t/venom/scenarios/example/site.yml
index 7442a70f6840..f8a7db5cec2b 100644
--- a/t/venom/scenarios/example/site.yml
+++ b/t/venom/scenarios/example/site.yml
@@ -1,10 +1,12 @@
 ---
-# - import_playbook: playbooks/provision.yml
-
-# rsync before tests when doing local development
-- import_playbook: playbooks/rsync.yml
+# Development environnement
+## rsync before tests when doing local development
+## preinstall vim
+## fix term
+- import_playbook: ../common/dev.yml
   when: lookup("env", "CI") != 'true'
 
+# Add extra configuration before running venom tests
 #- import_playbook: playbooks/configure.yml
 
 - import_playbook: playbooks/run_tests.yml
diff --git a/t/venom/scenarios/export_import/playbooks/rsync.yml b/t/venom/scenarios/export_import/playbooks/rsync.yml
deleted file mode 100644
index a592f83c0c79..000000000000
--- a/t/venom/scenarios/export_import/playbooks/rsync.yml
+++ /dev/null
@@ -1,18 +0,0 @@
----
-- hosts: pfservers, service_venom, nodes
-  name: Rsync Git repository t/venom with /usr/local/pf/t/venom (localdev only)
-  become: True
-
-  tasks:
-    - name: Synchronize Git repository t/venom with /usr/local/pf/t/venom
-      ansible.posix.synchronize:
-        # src is provided through test-wrapper.sh
-        # as $PWD/venom (no leading slash)
-        src: "{{ lookup('env', 'VENOM_ROOT_DIR') }}"
-        dest: '/usr/local/pf/t/'
-        archive: yes
-        delete: yes
-        # exclude files dynamically generated by Ansible
-        rsync_opts:
-          - "--exclude=vars/local.yml"
-
diff --git a/t/venom/scenarios/export_import/site.yml b/t/venom/scenarios/export_import/site.yml
index 7442a70f6840..f8a7db5cec2b 100644
--- a/t/venom/scenarios/export_import/site.yml
+++ b/t/venom/scenarios/export_import/site.yml
@@ -1,10 +1,12 @@
 ---
-# - import_playbook: playbooks/provision.yml
-
-# rsync before tests when doing local development
-- import_playbook: playbooks/rsync.yml
+# Development environnement
+## rsync before tests when doing local development
+## preinstall vim
+## fix term
+- import_playbook: ../common/dev.yml
   when: lookup("env", "CI") != 'true'
 
+# Add extra configuration before running venom tests
 #- import_playbook: playbooks/configure.yml
 
 - import_playbook: playbooks/run_tests.yml
diff --git a/t/venom/scenarios/external_integrations/playbooks/rsync.yml b/t/venom/scenarios/external_integrations/playbooks/rsync.yml
deleted file mode 100644
index a592f83c0c79..000000000000
--- a/t/venom/scenarios/external_integrations/playbooks/rsync.yml
+++ /dev/null
@@ -1,18 +0,0 @@
----
-- hosts: pfservers, service_venom, nodes
-  name: Rsync Git repository t/venom with /usr/local/pf/t/venom (localdev only)
-  become: True
-
-  tasks:
-    - name: Synchronize Git repository t/venom with /usr/local/pf/t/venom
-      ansible.posix.synchronize:
-        # src is provided through test-wrapper.sh
-        # as $PWD/venom (no leading slash)
-        src: "{{ lookup('env', 'VENOM_ROOT_DIR') }}"
-        dest: '/usr/local/pf/t/'
-        archive: yes
-        delete: yes
-        # exclude files dynamically generated by Ansible
-        rsync_opts:
-          - "--exclude=vars/local.yml"
-
diff --git a/t/venom/scenarios/external_integrations/site.yml b/t/venom/scenarios/external_integrations/site.yml
index 28f8ee96b7af..f8a7db5cec2b 100644
--- a/t/venom/scenarios/external_integrations/site.yml
+++ b/t/venom/scenarios/external_integrations/site.yml
@@ -1,10 +1,12 @@
 ---
-# - import_playbook: provision.yml
-
-# rsync before tests when doing local development
-- import_playbook: playbooks/rsync.yml
+# Development environnement
+## rsync before tests when doing local development
+## preinstall vim
+## fix term
+- import_playbook: ../common/dev.yml
   when: lookup("env", "CI") != 'true'
 
+# Add extra configuration before running venom tests
 #- import_playbook: playbooks/configure.yml
 
 - import_playbook: playbooks/run_tests.yml
diff --git a/t/venom/scenarios/fingerbank_invalid_db/playbooks/rsync.yml b/t/venom/scenarios/fingerbank_invalid_db/playbooks/rsync.yml
deleted file mode 100644
index a592f83c0c79..000000000000
--- a/t/venom/scenarios/fingerbank_invalid_db/playbooks/rsync.yml
+++ /dev/null
@@ -1,18 +0,0 @@
----
-- hosts: pfservers, service_venom, nodes
-  name: Rsync Git repository t/venom with /usr/local/pf/t/venom (localdev only)
-  become: True
-
-  tasks:
-    - name: Synchronize Git repository t/venom with /usr/local/pf/t/venom
-      ansible.posix.synchronize:
-        # src is provided through test-wrapper.sh
-        # as $PWD/venom (no leading slash)
-        src: "{{ lookup('env', 'VENOM_ROOT_DIR') }}"
-        dest: '/usr/local/pf/t/'
-        archive: yes
-        delete: yes
-        # exclude files dynamically generated by Ansible
-        rsync_opts:
-          - "--exclude=vars/local.yml"
-
diff --git a/t/venom/scenarios/fingerbank_invalid_db/site.yml b/t/venom/scenarios/fingerbank_invalid_db/site.yml
index 28f8ee96b7af..f8a7db5cec2b 100644
--- a/t/venom/scenarios/fingerbank_invalid_db/site.yml
+++ b/t/venom/scenarios/fingerbank_invalid_db/site.yml
@@ -1,10 +1,12 @@
 ---
-# - import_playbook: provision.yml
-
-# rsync before tests when doing local development
-- import_playbook: playbooks/rsync.yml
+# Development environnement
+## rsync before tests when doing local development
+## preinstall vim
+## fix term
+- import_playbook: ../common/dev.yml
   when: lookup("env", "CI") != 'true'
 
+# Add extra configuration before running venom tests
 #- import_playbook: playbooks/configure.yml
 
 - import_playbook: playbooks/run_tests.yml
diff --git a/t/venom/scenarios/inline/playbooks/rsync.yml b/t/venom/scenarios/inline/playbooks/rsync.yml
deleted file mode 100644
index a592f83c0c79..000000000000
--- a/t/venom/scenarios/inline/playbooks/rsync.yml
+++ /dev/null
@@ -1,18 +0,0 @@
----
-- hosts: pfservers, service_venom, nodes
-  name: Rsync Git repository t/venom with /usr/local/pf/t/venom (localdev only)
-  become: True
-
-  tasks:
-    - name: Synchronize Git repository t/venom with /usr/local/pf/t/venom
-      ansible.posix.synchronize:
-        # src is provided through test-wrapper.sh
-        # as $PWD/venom (no leading slash)
-        src: "{{ lookup('env', 'VENOM_ROOT_DIR') }}"
-        dest: '/usr/local/pf/t/'
-        archive: yes
-        delete: yes
-        # exclude files dynamically generated by Ansible
-        rsync_opts:
-          - "--exclude=vars/local.yml"
-
diff --git a/t/venom/scenarios/inline/site.yml b/t/venom/scenarios/inline/site.yml
index a9f7278308fe..8e99c97f135e 100644
--- a/t/venom/scenarios/inline/site.yml
+++ b/t/venom/scenarios/inline/site.yml
@@ -1,10 +1,12 @@
 ---
-# - import_playbook: playbooks/provision.yml
-
-# rsync before tests when doing local development
-- import_playbook: playbooks/rsync.yml
+# Development environnement
+## rsync before tests when doing local development
+## preinstall vim
+## fix term
+- import_playbook: ../common/dev.yml
   when: lookup("env", "CI") != 'true'
 
+# Add extra configuration before running venom tests
 - import_playbook: playbooks/configure.yml
 
 - import_playbook: playbooks/run_tests.yml
diff --git a/t/venom/scenarios/inline_l2_and_radius/playbooks/rsync.yml b/t/venom/scenarios/inline_l2_and_radius/playbooks/rsync.yml
deleted file mode 100644
index a592f83c0c79..000000000000
--- a/t/venom/scenarios/inline_l2_and_radius/playbooks/rsync.yml
+++ /dev/null
@@ -1,18 +0,0 @@
----
-- hosts: pfservers, service_venom, nodes
-  name: Rsync Git repository t/venom with /usr/local/pf/t/venom (localdev only)
-  become: True
-
-  tasks:
-    - name: Synchronize Git repository t/venom with /usr/local/pf/t/venom
-      ansible.posix.synchronize:
-        # src is provided through test-wrapper.sh
-        # as $PWD/venom (no leading slash)
-        src: "{{ lookup('env', 'VENOM_ROOT_DIR') }}"
-        dest: '/usr/local/pf/t/'
-        archive: yes
-        delete: yes
-        # exclude files dynamically generated by Ansible
-        rsync_opts:
-          - "--exclude=vars/local.yml"
-
diff --git a/t/venom/scenarios/inline_l2_and_radius/site.yml b/t/venom/scenarios/inline_l2_and_radius/site.yml
index 7442a70f6840..f8a7db5cec2b 100644
--- a/t/venom/scenarios/inline_l2_and_radius/site.yml
+++ b/t/venom/scenarios/inline_l2_and_radius/site.yml
@@ -1,10 +1,12 @@
 ---
-# - import_playbook: playbooks/provision.yml
-
-# rsync before tests when doing local development
-- import_playbook: playbooks/rsync.yml
+# Development environnement
+## rsync before tests when doing local development
+## preinstall vim
+## fix term
+- import_playbook: ../common/dev.yml
   when: lookup("env", "CI") != 'true'
 
+# Add extra configuration before running venom tests
 #- import_playbook: playbooks/configure.yml
 
 - import_playbook: playbooks/run_tests.yml
diff --git a/t/venom/scenarios/mac_auth/playbooks/rsync.yml b/t/venom/scenarios/mac_auth/playbooks/rsync.yml
deleted file mode 100644
index a592f83c0c79..000000000000
--- a/t/venom/scenarios/mac_auth/playbooks/rsync.yml
+++ /dev/null
@@ -1,18 +0,0 @@
----
-- hosts: pfservers, service_venom, nodes
-  name: Rsync Git repository t/venom with /usr/local/pf/t/venom (localdev only)
-  become: True
-
-  tasks:
-    - name: Synchronize Git repository t/venom with /usr/local/pf/t/venom
-      ansible.posix.synchronize:
-        # src is provided through test-wrapper.sh
-        # as $PWD/venom (no leading slash)
-        src: "{{ lookup('env', 'VENOM_ROOT_DIR') }}"
-        dest: '/usr/local/pf/t/'
-        archive: yes
-        delete: yes
-        # exclude files dynamically generated by Ansible
-        rsync_opts:
-          - "--exclude=vars/local.yml"
-
diff --git a/t/venom/scenarios/mac_auth/site.yml b/t/venom/scenarios/mac_auth/site.yml
index 7442a70f6840..f8a7db5cec2b 100644
--- a/t/venom/scenarios/mac_auth/site.yml
+++ b/t/venom/scenarios/mac_auth/site.yml
@@ -1,10 +1,12 @@
 ---
-# - import_playbook: playbooks/provision.yml
-
-# rsync before tests when doing local development
-- import_playbook: playbooks/rsync.yml
+# Development environnement
+## rsync before tests when doing local development
+## preinstall vim
+## fix term
+- import_playbook: ../common/dev.yml
   when: lookup("env", "CI") != 'true'
 
+# Add extra configuration before running venom tests
 #- import_playbook: playbooks/configure.yml
 
 - import_playbook: playbooks/run_tests.yml
diff --git a/t/venom/scenarios/security_events/playbooks/rsync.yml b/t/venom/scenarios/security_events/playbooks/rsync.yml
deleted file mode 100644
index a592f83c0c79..000000000000
--- a/t/venom/scenarios/security_events/playbooks/rsync.yml
+++ /dev/null
@@ -1,18 +0,0 @@
----
-- hosts: pfservers, service_venom, nodes
-  name: Rsync Git repository t/venom with /usr/local/pf/t/venom (localdev only)
-  become: True
-
-  tasks:
-    - name: Synchronize Git repository t/venom with /usr/local/pf/t/venom
-      ansible.posix.synchronize:
-        # src is provided through test-wrapper.sh
-        # as $PWD/venom (no leading slash)
-        src: "{{ lookup('env', 'VENOM_ROOT_DIR') }}"
-        dest: '/usr/local/pf/t/'
-        archive: yes
-        delete: yes
-        # exclude files dynamically generated by Ansible
-        rsync_opts:
-          - "--exclude=vars/local.yml"
-
diff --git a/t/venom/scenarios/security_events/site.yml b/t/venom/scenarios/security_events/site.yml
index 28f8ee96b7af..f8a7db5cec2b 100644
--- a/t/venom/scenarios/security_events/site.yml
+++ b/t/venom/scenarios/security_events/site.yml
@@ -1,10 +1,12 @@
 ---
-# - import_playbook: provision.yml
-
-# rsync before tests when doing local development
-- import_playbook: playbooks/rsync.yml
+# Development environnement
+## rsync before tests when doing local development
+## preinstall vim
+## fix term
+- import_playbook: ../common/dev.yml
   when: lookup("env", "CI") != 'true'
 
+# Add extra configuration before running venom tests
 #- import_playbook: playbooks/configure.yml
 
 - import_playbook: playbooks/run_tests.yml
diff --git a/t/venom/scenarios/template/playbooks/rsync.yml b/t/venom/scenarios/template/playbooks/rsync.yml
deleted file mode 100644
index a592f83c0c79..000000000000
--- a/t/venom/scenarios/template/playbooks/rsync.yml
+++ /dev/null
@@ -1,18 +0,0 @@
----
-- hosts: pfservers, service_venom, nodes
-  name: Rsync Git repository t/venom with /usr/local/pf/t/venom (localdev only)
-  become: True
-
-  tasks:
-    - name: Synchronize Git repository t/venom with /usr/local/pf/t/venom
-      ansible.posix.synchronize:
-        # src is provided through test-wrapper.sh
-        # as $PWD/venom (no leading slash)
-        src: "{{ lookup('env', 'VENOM_ROOT_DIR') }}"
-        dest: '/usr/local/pf/t/'
-        archive: yes
-        delete: yes
-        # exclude files dynamically generated by Ansible
-        rsync_opts:
-          - "--exclude=vars/local.yml"
-
diff --git a/t/venom/scenarios/template/site.yml b/t/venom/scenarios/template/site.yml
index 7442a70f6840..f8a7db5cec2b 100644
--- a/t/venom/scenarios/template/site.yml
+++ b/t/venom/scenarios/template/site.yml
@@ -1,10 +1,12 @@
 ---
-# - import_playbook: playbooks/provision.yml
-
-# rsync before tests when doing local development
-- import_playbook: playbooks/rsync.yml
+# Development environnement
+## rsync before tests when doing local development
+## preinstall vim
+## fix term
+- import_playbook: ../common/dev.yml
   when: lookup("env", "CI") != 'true'
 
+# Add extra configuration before running venom tests
 #- import_playbook: playbooks/configure.yml
 
 - import_playbook: playbooks/run_tests.yml
diff --git a/t/venom/scenarios/test_venom/playbooks/rsync.yml b/t/venom/scenarios/test_venom/playbooks/rsync.yml
deleted file mode 100644
index a592f83c0c79..000000000000
--- a/t/venom/scenarios/test_venom/playbooks/rsync.yml
+++ /dev/null
@@ -1,18 +0,0 @@
----
-- hosts: pfservers, service_venom, nodes
-  name: Rsync Git repository t/venom with /usr/local/pf/t/venom (localdev only)
-  become: True
-
-  tasks:
-    - name: Synchronize Git repository t/venom with /usr/local/pf/t/venom
-      ansible.posix.synchronize:
-        # src is provided through test-wrapper.sh
-        # as $PWD/venom (no leading slash)
-        src: "{{ lookup('env', 'VENOM_ROOT_DIR') }}"
-        dest: '/usr/local/pf/t/'
-        archive: yes
-        delete: yes
-        # exclude files dynamically generated by Ansible
-        rsync_opts:
-          - "--exclude=vars/local.yml"
-
diff --git a/t/venom/scenarios/test_venom/site.yml b/t/venom/scenarios/test_venom/site.yml
index 7442a70f6840..f8a7db5cec2b 100644
--- a/t/venom/scenarios/test_venom/site.yml
+++ b/t/venom/scenarios/test_venom/site.yml
@@ -1,10 +1,12 @@
 ---
-# - import_playbook: playbooks/provision.yml
-
-# rsync before tests when doing local development
-- import_playbook: playbooks/rsync.yml
+# Development environnement
+## rsync before tests when doing local development
+## preinstall vim
+## fix term
+- import_playbook: ../common/dev.yml
   when: lookup("env", "CI") != 'true'
 
+# Add extra configuration before running venom tests
 #- import_playbook: playbooks/configure.yml
 
 - import_playbook: playbooks/run_tests.yml
diff --git a/t/venom/scenarios/unit_tests/playbooks/rsync.yml b/t/venom/scenarios/unit_tests/playbooks/rsync.yml
deleted file mode 100644
index a592f83c0c79..000000000000
--- a/t/venom/scenarios/unit_tests/playbooks/rsync.yml
+++ /dev/null
@@ -1,18 +0,0 @@
----
-- hosts: pfservers, service_venom, nodes
-  name: Rsync Git repository t/venom with /usr/local/pf/t/venom (localdev only)
-  become: True
-
-  tasks:
-    - name: Synchronize Git repository t/venom with /usr/local/pf/t/venom
-      ansible.posix.synchronize:
-        # src is provided through test-wrapper.sh
-        # as $PWD/venom (no leading slash)
-        src: "{{ lookup('env', 'VENOM_ROOT_DIR') }}"
-        dest: '/usr/local/pf/t/'
-        archive: yes
-        delete: yes
-        # exclude files dynamically generated by Ansible
-        rsync_opts:
-          - "--exclude=vars/local.yml"
-
diff --git a/t/venom/scenarios/unit_tests/site.yml b/t/venom/scenarios/unit_tests/site.yml
index a9f7278308fe..8e99c97f135e 100644
--- a/t/venom/scenarios/unit_tests/site.yml
+++ b/t/venom/scenarios/unit_tests/site.yml
@@ -1,10 +1,12 @@
 ---
-# - import_playbook: playbooks/provision.yml
-
-# rsync before tests when doing local development
-- import_playbook: playbooks/rsync.yml
+# Development environnement
+## rsync before tests when doing local development
+## preinstall vim
+## fix term
+- import_playbook: ../common/dev.yml
   when: lookup("env", "CI") != 'true'
 
+# Add extra configuration before running venom tests
 - import_playbook: playbooks/configure.yml
 
 - import_playbook: playbooks/run_tests.yml

From 4e39468ca7f5815f8ba2d0bb9c14b8a24ad53990 Mon Sep 17 00:00:00 2001
From: Durand Fabrice <oeufdure@gmail.com>
Date: Mon, 12 Dec 2022 13:48:25 -0500
Subject: [PATCH 094/103] NEWS.asciidoc entry for PR #7406

---
 NEWS.asciidoc | 1 +
 1 file changed, 1 insertion(+)

diff --git a/NEWS.asciidoc b/NEWS.asciidoc
index 357dd3a1f494..968fd4cb525d 100644
--- a/NEWS.asciidoc
+++ b/NEWS.asciidoc
@@ -32,6 +32,7 @@ For a list of compatibility related changes see the <<PacketFence_Upgrade_Guide.
 === Bug Fixes
 
  * Force the destination IP for UDP packets going through the pfconnector (#7323)
+ * Clear the active dynamic reverses that exist when a pfconnector reconnects
 
 == Version 12.1.0 released on 2022-11-22
 

From c514bf52bdca06f1f2c92d7858e5570cf18bec4c Mon Sep 17 00:00:00 2001
From: James Rouzier <jrouzier@inverse.ca>
Date: Mon, 12 Dec 2022 18:53:58 +0000
Subject: [PATCH 095/103] Revert "If database_proxysql.status is enabled then
 configure a single server"

This reverts commit c9bb28db272de41f06704e2c4a863a36f2c1f48d.
---
 conf/proxysql.conf.example          |  2 --
 lib/pf/services/manager/proxysql.pm | 24 ++----------------------
 sbin/proxysql-docker-wrapper        |  1 -
 t/db/smoke_test.sql                 | 10 ++++------
 4 files changed, 6 insertions(+), 31 deletions(-)

diff --git a/conf/proxysql.conf.example b/conf/proxysql.conf.example
index 47475fc27be1..2aabd302c465 100644
--- a/conf/proxysql.conf.example
+++ b/conf/proxysql.conf.example
@@ -66,8 +66,6 @@ mysql_variables=
     commands_stats=true
     sessions_sort=true
 
-[% mysql_ssl_p2s_capath %]
-
 [% monitor %]
 
     monitor_galera_healthcheck_interval=2000
diff --git a/lib/pf/services/manager/proxysql.pm b/lib/pf/services/manager/proxysql.pm
index 88848d119316..2687d6dce921 100644
--- a/lib/pf/services/manager/proxysql.pm
+++ b/lib/pf/services/manager/proxysql.pm
@@ -58,7 +58,6 @@ sub generateConfig {
     my ($package, $filename, $line) = caller();
 
     my %tags;
-    my $single_server = 0;
     $tags{'template'} = $self->proxysql_config_template;
     $tags{'geoDB'} = $FALSE;
     $tags{'mysql_servers'} = "";
@@ -73,23 +72,7 @@ EOT
 EOT
 
     my $i = 100;
-    my $database_proxysql = $pf::config::Config{database_proxysql};
-
-    if (isenabled($database_proxysql->{status})) {
-        my $cacert = $database_proxysql->{cacert};
-        if ($cacert) {
-            $tags{'mysql_ssl_p2s_capath'} = << "EOT";
-    mysql-ssl_p2s_capath = "$cacert";
-EOT
-        }
-
-        $single_server = 1;
-        my $backend = $database_proxysql->{backend};
-        my $ssl = $cacert ? 1 : 0;
-        $tags{mysql_servers} .= << "EOT";
-    { address="$backend" , port=3306 , hostgroup=10, max_connections=1000, weight=$i, use_ssl=$ssl },
-EOT
-    } elsif (pf::cluster::getWriteDB()) {
+    if (pf::cluster::getWriteDB()) {
         $tags{'geoDB'} = $TRUE;
         my @mysql_write_backend = pf::cluster::getWriteDB();
         my @mysql_read_backend = pf::cluster::getReadDB();
@@ -122,11 +105,8 @@ EOT
         }
     }
 
-
-
     my @mysql_servers = pf::cluster::mysql_servers();
-
-    $tags{'single_server'} = $single_server || (scalar(@mysql_servers) == 1);
+    $tags{'single_server'} = (scalar(@mysql_servers) == 1);
 
     $tags{'mysql_pf_user'} = $DB_Config->{user};
     $tags{'mysql_pf_user'} =~ s/"/\\"/g;
diff --git a/sbin/proxysql-docker-wrapper b/sbin/proxysql-docker-wrapper
index 5c38982f0cc6..294acd49e037 100755
--- a/sbin/proxysql-docker-wrapper
+++ b/sbin/proxysql-docker-wrapper
@@ -5,7 +5,6 @@ source /usr/local/pf/containers/systemd-service
 name=proxysql
 
 args=`base_args $name`
-args="$args -v/usr/local/pf/conf/:/usr/local/pf/conf/"
 args="$args -v/usr/local/pf/var/conf/:/usr/local/pf/var/conf/"
 args="$args -v /usr/local/pf/var/proxysql/:/usr/local/pf/var/proxysql/"
 args+=" -p 127.0.0.1:6032:6032 -p 6033:6033 -p 6080:6080"
diff --git a/t/db/smoke_test.sql b/t/db/smoke_test.sql
index 2ac330e96da6..69a3527d7c0c 100644
--- a/t/db/smoke_test.sql
+++ b/t/db/smoke_test.sql
@@ -1,9 +1,7 @@
 DROP USER IF EXISTS pf_smoke_tester@'%';
 DROP USER IF EXISTS pf_smoke_tester@'localhost';
-CREATE USER 'pf_smoke_tester'@'localhost' IDENTIFIED BY 'Packet^1';
-CREATE USER 'pf_smoke_tester'@'%' IDENTIFIED BY 'Packet^1';
-GRANT ALL PRIVILEGES ON `pf_smoke_test%`.* TO pf_smoke_tester@'%';
-GRANT ALL PRIVILEGES ON `pf_smoke_test%`.* TO pf_smoke_tester@'localhost';
-GRANT INSERT, ALTER ROUTINE, CREATE ROUTINE ON mysql.* TO pf_smoke_tester@'localhost';
-GRANT INSERT, ALTER ROUTINE, CREATE ROUTINE ON mysql.* TO pf_smoke_tester@'%';
+GRANT ALL PRIVILEGES ON `pf_smoke_test%`.* TO pf_smoke_tester@'%' IDENTIFIED BY 'packet';
+GRANT ALL PRIVILEGES ON `pf_smoke_test%`.* TO pf_smoke_tester@'localhost' IDENTIFIED BY 'packet';
+GRANT INSERT, ALTER ROUTINE, CREATE ROUTINE ON mysql.* TO pf_smoke_tester@'localhost' IDENTIFIED BY 'packet';
+GRANT INSERT, ALTER ROUTINE, CREATE ROUTINE ON mysql.* TO pf_smoke_tester@'%' IDENTIFIED BY 'packet';
 FLUSH PRIVILEGES;

From ab03a516436813c33fd434be445fb9e40a5296c1 Mon Sep 17 00:00:00 2001
From: James Rouzier <jrouzier@inverse.ca>
Date: Fri, 9 Dec 2022 18:02:13 +0000
Subject: [PATCH 096/103] Add section 'database_proxysql' to pf.conf

---
 conf/documentation.conf                         | 12 ++++++++++++
 conf/pf.conf.defaults                           | 17 +++++++++++++++++
 .../lib/pfappserver/Form/Config/Pf.pm           | 15 ++++++++++++++-
 3 files changed, 43 insertions(+), 1 deletion(-)

diff --git a/conf/documentation.conf b/conf/documentation.conf
index a7e6cdfb721f..cfa405d30bb1 100644
--- a/conf/documentation.conf
+++ b/conf/documentation.conf
@@ -1012,6 +1012,18 @@ Comma delimited IPv4 address of other member mysql members - note that this is o
 the database.
 EOT
 
+[database_proxysql.status]
+type=toggle
+options=enabled|disabled
+
+[database_proxysql.cacert]
+type=path
+ext=crt
+
+[database_proxysql.backend]
+type=text
+options=enabled|disabled
+
 [database.unix_socket]
 type=text
 description=<<EOT
diff --git a/conf/pf.conf.defaults b/conf/pf.conf.defaults
index 7a6bc53f9879..34b285eb6a38 100644
--- a/conf/pf.conf.defaults
+++ b/conf/pf.conf.defaults
@@ -302,6 +302,23 @@ pass=[% ENV.env_or_default("PF_MYSQL_PASS", "packet") %]
 # Path to the database UNIX socket
 unix_socket=[% ENV.env_or_default("PF_MYSQL_UNIX_SOCKET", "/var/lib/mysql/mysql.sock") %]
 
+[database_proxysql]
+#
+# database_proxysql.status
+#
+#
+status=disabled
+#
+# database_proxysql.cacert
+#
+#
+cacert=
+#
+# database_proxysql.backend
+#
+#
+backend=
+
 [database_advanced]
 #
 # database_advanced.key_buffer_size
diff --git a/html/pfappserver/lib/pfappserver/Form/Config/Pf.pm b/html/pfappserver/lib/pfappserver/Form/Config/Pf.pm
index 0d5541aa0b07..767663bffb25 100644
--- a/html/pfappserver/lib/pfappserver/Form/Config/Pf.pm
+++ b/html/pfappserver/lib/pfappserver/Form/Config/Pf.pm
@@ -249,7 +249,20 @@ sub field_list {
                 $field->{element_attr} = {'data-placeholder' => 'No selection'};
                 my @options = ({value => '', label => 'None' }, map { { value => $_, label => $_ } } get_sms_source_ids());
                 $field->{options} = \@options;
-            }
+            };
+            $type eq 'path' && do {
+                my $old_name = $name;
+                $field->{type} = 'Path';
+                push(@$list, $name => $field);
+                $name .= "_upload";
+                $field = {
+                    id => $name,
+                    type => 'PathUpload',
+                    accessor => $old_name,
+                    config_prefix => $doc_section->{ext},
+                    upload_namespace => $name,
+                };
+            };
         }
         if ($field->{type} eq 'Text') {
             if (exists $doc_section->{minimum_length}) {

From 7449801b056a8141b32e17af0f6ad0f1c658ae30 Mon Sep 17 00:00:00 2001
From: James Rouzier <jrouzier@inverse.ca>
Date: Mon, 12 Dec 2022 17:02:24 +0000
Subject: [PATCH 097/103] Add database_proxy option

---
 .../_components/TheTabsDatabase.vue           |  5 ++
 .../src/views/Configuration/bases/_store.js   | 34 +++++++++
 .../views/Configuration/database/_router.js   |  7 ++
 .../database/proxysql/_components/TheForm.vue | 76 +++++++++++++++++++
 .../database/proxysql/_components/TheView.js  | 26 +++++++
 .../database/proxysql/_components/index.js    | 20 +++++
 .../proxysql/_composables/useResource.js      | 13 ++++
 .../Configuration/database/proxysql/schema.js | 11 +++
 .../root/src/views/Configuration/index.vue    |  3 +-
 9 files changed, 194 insertions(+), 1 deletion(-)
 create mode 100644 html/pfappserver/root/src/views/Configuration/database/proxysql/_components/TheForm.vue
 create mode 100644 html/pfappserver/root/src/views/Configuration/database/proxysql/_components/TheView.js
 create mode 100644 html/pfappserver/root/src/views/Configuration/database/proxysql/_components/index.js
 create mode 100644 html/pfappserver/root/src/views/Configuration/database/proxysql/_composables/useResource.js
 create mode 100644 html/pfappserver/root/src/views/Configuration/database/proxysql/schema.js

diff --git a/html/pfappserver/root/src/views/Configuration/_components/TheTabsDatabase.vue b/html/pfappserver/root/src/views/Configuration/_components/TheTabsDatabase.vue
index a6c57821612b..6c6cacb520d1 100644
--- a/html/pfappserver/root/src/views/Configuration/_components/TheTabsDatabase.vue
+++ b/html/pfappserver/root/src/views/Configuration/_components/TheTabsDatabase.vue
@@ -15,6 +15,7 @@
 <script>
 import DatabaseGeneralView from '../database/general/_components/TheView'
 import DatabaseAdvancedView from '../database/advanced/_components/TheView'
+import DatabaseProxySQLView from '../database/proxysql/_components/TheView'
 
 const tabs = {
   database_general: {
@@ -24,6 +25,10 @@ const tabs = {
   database_advanced: {
     title: 'Advanced Configuration', // i18n defer
     component: DatabaseAdvancedView
+  },
+  database_proxysql: {
+    title: 'ProxySQL Configuration', // i18n defer
+    component: DatabaseProxySQLView
   }
 }
 
diff --git a/html/pfappserver/root/src/views/Configuration/bases/_store.js b/html/pfappserver/root/src/views/Configuration/bases/_store.js
index f14c2e321944..42f383f893d8 100644
--- a/html/pfappserver/root/src/views/Configuration/bases/_store.js
+++ b/html/pfappserver/root/src/views/Configuration/bases/_store.js
@@ -286,6 +286,40 @@ const actions = {
       throw err
     })
   },
+  getDatabaseProxySQL: ({ state, commit }) => {
+    if (state.cache['database_proxysql']) {
+      return Promise.resolve(state.cache['database_proxysql']).then(cache => JSON.parse(JSON.stringify(cache)))
+    }
+    commit('ITEM_REQUEST')
+    return api.base('database_proxysql').then(item => {
+      commit('ITEM_REPLACED', item)
+      return JSON.parse(JSON.stringify(item))
+    }).catch((err) => {
+      commit('ITEM_ERROR', err.response)
+      throw err
+    })
+  },
+  optionsDatabaseProxySQL: ({ commit }) => {
+    commit('ITEM_REQUEST')
+    return api.baseOptions('database_proxysql').then(response => {
+      commit('ITEM_SUCCESS')
+      return response
+    }).catch((err) => {
+      commit('ITEM_ERROR', err.response)
+      throw err
+    })
+  },
+  updateDatabaseProxySQL: ({ commit }, data) => {
+    commit('ITEM_REQUEST')
+    data.id = 'database_proxysql'
+    return api.updateBase(data).then(response => {
+      commit('ITEM_REPLACED', data)
+      return response
+    }).catch(err => {
+      commit('ITEM_ERROR', err.response)
+      throw err
+    })
+  },
   getDatabaseEncryption: ({ state, commit }) => {
     if (state.cache['database_encryption']) {
       return Promise.resolve(state.cache['database_encryption']).then(cache => JSON.parse(JSON.stringify(cache)))
diff --git a/html/pfappserver/root/src/views/Configuration/database/_router.js b/html/pfappserver/root/src/views/Configuration/database/_router.js
index 85d8fbd8108c..77d27eb52de2 100644
--- a/html/pfappserver/root/src/views/Configuration/database/_router.js
+++ b/html/pfappserver/root/src/views/Configuration/database/_router.js
@@ -24,5 +24,12 @@ export default [
     component: TheTabs,
     props: () => ({ tab: 'database_advanced' }),
     beforeEnter
+  },
+  {
+    path: 'database_proxysql',
+    name: 'database_proxysql',
+    component: TheTabs,
+    props: () => ({ tab: 'database_proxysql' }),
+    beforeEnter
   }
 ]
diff --git a/html/pfappserver/root/src/views/Configuration/database/proxysql/_components/TheForm.vue b/html/pfappserver/root/src/views/Configuration/database/proxysql/_components/TheForm.vue
new file mode 100644
index 000000000000..fc8669824cbc
--- /dev/null
+++ b/html/pfappserver/root/src/views/Configuration/database/proxysql/_components/TheForm.vue
@@ -0,0 +1,76 @@
+<template>
+  <base-form
+    :form="form"
+    :meta="meta"
+    :schema="schema"
+    :isLoading="isLoading"
+  >
+    <form-group-status namespace="status"
+      :column-label="$i18n.t('Enable')"
+      :text="$i18n.t('Enable an external server for proxysql.')"
+    />
+
+    <form-group-cacert namespace="cacert"
+      :column-label="$i18n.t('CA Certificate')"
+      :text="$i18n.t('CA Certificate')"
+    />
+
+    <form-group-backend namespace="backend"
+      :column-label="$i18n.t('Backend')"
+      :text="$i18n.t('Backend Host')"
+    />
+
+  </base-form>
+</template>
+<script>
+import { computed } from '@vue/composition-api'
+import {
+  BaseForm
+} from '@/components/new/'
+import schemaFn from '../schema'
+import {
+  FormGroupCacert,
+  FormGroupBackend,
+  FormGroupStatus
+} from './'
+
+const components = {
+  BaseForm,
+
+  FormGroupCacert,
+  FormGroupBackend,
+  FormGroupStatus,
+}
+
+export const props = {
+  form: {
+    type: Object
+  },
+  meta: {
+    type: Object
+  },
+  isLoading: {
+    type: Boolean,
+    default: false
+  }
+}
+
+export const setup = (props) => {
+
+  const schema = computed(() => schemaFn(props))
+
+  return {
+    schema
+  }
+}
+
+// @vue/component
+export default {
+  name: 'the-form',
+  inheritAttrs: false,
+  components,
+  props,
+  setup
+}
+</script>
+
diff --git a/html/pfappserver/root/src/views/Configuration/database/proxysql/_components/TheView.js b/html/pfappserver/root/src/views/Configuration/database/proxysql/_components/TheView.js
new file mode 100644
index 000000000000..e6080896ae92
--- /dev/null
+++ b/html/pfappserver/root/src/views/Configuration/database/proxysql/_components/TheView.js
@@ -0,0 +1,26 @@
+import {
+  BaseView,
+
+  FormButtonBar,
+  TheForm
+} from './'
+
+const components = {
+  FormButtonBar,
+  TheForm
+}
+
+import { useViewResource, useViewResourceProps as props } from '../../../_composables/useViewResource'
+
+import * as resource from '../_composables/useResource'
+const setup = (props, context) => useViewResource(resource, props, context)
+
+// @vue/component
+export default {
+  name: 'the-view',
+  extends: BaseView,
+  inheritAttrs: false,
+  components,
+  props,
+  setup
+}
diff --git a/html/pfappserver/root/src/views/Configuration/database/proxysql/_components/index.js b/html/pfappserver/root/src/views/Configuration/database/proxysql/_components/index.js
new file mode 100644
index 000000000000..2b5b90518063
--- /dev/null
+++ b/html/pfappserver/root/src/views/Configuration/database/proxysql/_components/index.js
@@ -0,0 +1,20 @@
+import { BaseViewResource } from '../../../_components/new/'
+import {
+  BaseFormButtonBar,
+  BaseFormGroupInput,
+  BaseFormGroupToggleDisabledEnabled,
+  BaseFormGroupFileUpload
+} from '@/components/new/'
+import TheForm from './TheForm'
+import TheView from './TheView'
+
+export {
+  BaseFormButtonBar                   as FormButtonBar,
+
+  BaseFormGroupToggleDisabledEnabled  as FormGroupStatus,
+  BaseFormGroupFileUpload             as FormGroupCacert,
+  BaseFormGroupInput                  as FormGroupBackend,
+  BaseViewResource                    as BaseView,
+  TheForm,
+  TheView
+}
diff --git a/html/pfappserver/root/src/views/Configuration/database/proxysql/_composables/useResource.js b/html/pfappserver/root/src/views/Configuration/database/proxysql/_composables/useResource.js
new file mode 100644
index 000000000000..19ee011ba064
--- /dev/null
+++ b/html/pfappserver/root/src/views/Configuration/database/proxysql/_composables/useResource.js
@@ -0,0 +1,13 @@
+import { computed } from '@vue/composition-api'
+import i18n from '@/utils/locale'
+
+export const useTitle = () => i18n.t('Database ProxySQL')
+
+export const useStore = $store => {
+  return {
+    isLoading: computed(() => $store.getters['$_bases/isLoading']),
+    getItem: () => $store.dispatch('$_bases/getDatabaseProxySQL'),
+    getItemOptions: () => $store.dispatch('$_bases/optionsDatabaseProxySQL'),
+    updateItem: params => $store.dispatch('$_bases/updateDatabaseProxySQL', params)
+  }
+}
diff --git a/html/pfappserver/root/src/views/Configuration/database/proxysql/schema.js b/html/pfappserver/root/src/views/Configuration/database/proxysql/schema.js
new file mode 100644
index 000000000000..b564de1be255
--- /dev/null
+++ b/html/pfappserver/root/src/views/Configuration/database/proxysql/schema.js
@@ -0,0 +1,11 @@
+import i18n from '@/utils/locale'
+import yup from '@/utils/yup'
+
+export const schema = () => yup.object({
+  status: yup.string().nullable().label(i18n.t('Enable')),
+  cacert: yup.string().nullable().label(i18n.t('CA Certificate')),
+  backend: yup.string().nullable().label(i18n.t('Backend host')),
+})
+
+export default schema
+
diff --git a/html/pfappserver/root/src/views/Configuration/index.vue b/html/pfappserver/root/src/views/Configuration/index.vue
index 89c7610b62e9..10a341c490fd 100644
--- a/html/pfappserver/root/src/views/Configuration/index.vue
+++ b/html/pfappserver/root/src/views/Configuration/index.vue
@@ -147,7 +147,8 @@ const setup = () => {
         { name: i18n.t('Database'),
           items: [
             { name: i18n.t('General'), path: '/configuration/database_general' },
-            { name: i18n.t('Advanced'), path: '/configuration/database_advanced' }
+            { name: i18n.t('Advanced'), path: '/configuration/database_advanced' },
+            { name: i18n.t('ProxySQL'), path: '/configuration/database_proxysql' }
           ]
         },
         { name: i18n.t('Cluster'), path: '/configuration/active_active' },

From 2dc90c1be68767311640c1eecec86bd0b3227c07 Mon Sep 17 00:00:00 2001
From: James Rouzier <jrouzier@inverse.ca>
Date: Mon, 12 Dec 2022 18:58:52 +0000
Subject: [PATCH 098/103] If database_proxysql.status is enabled then configure
 a single server

---
 conf/proxysql.conf.example          |  2 ++
 lib/pf/services/manager/proxysql.pm | 24 ++++++++++++++++++++++--
 sbin/proxysql-docker-wrapper        |  1 +
 3 files changed, 25 insertions(+), 2 deletions(-)

diff --git a/conf/proxysql.conf.example b/conf/proxysql.conf.example
index 2aabd302c465..47475fc27be1 100644
--- a/conf/proxysql.conf.example
+++ b/conf/proxysql.conf.example
@@ -66,6 +66,8 @@ mysql_variables=
     commands_stats=true
     sessions_sort=true
 
+[% mysql_ssl_p2s_capath %]
+
 [% monitor %]
 
     monitor_galera_healthcheck_interval=2000
diff --git a/lib/pf/services/manager/proxysql.pm b/lib/pf/services/manager/proxysql.pm
index 2687d6dce921..88848d119316 100644
--- a/lib/pf/services/manager/proxysql.pm
+++ b/lib/pf/services/manager/proxysql.pm
@@ -58,6 +58,7 @@ sub generateConfig {
     my ($package, $filename, $line) = caller();
 
     my %tags;
+    my $single_server = 0;
     $tags{'template'} = $self->proxysql_config_template;
     $tags{'geoDB'} = $FALSE;
     $tags{'mysql_servers'} = "";
@@ -72,7 +73,23 @@ EOT
 EOT
 
     my $i = 100;
-    if (pf::cluster::getWriteDB()) {
+    my $database_proxysql = $pf::config::Config{database_proxysql};
+
+    if (isenabled($database_proxysql->{status})) {
+        my $cacert = $database_proxysql->{cacert};
+        if ($cacert) {
+            $tags{'mysql_ssl_p2s_capath'} = << "EOT";
+    mysql-ssl_p2s_capath = "$cacert";
+EOT
+        }
+
+        $single_server = 1;
+        my $backend = $database_proxysql->{backend};
+        my $ssl = $cacert ? 1 : 0;
+        $tags{mysql_servers} .= << "EOT";
+    { address="$backend" , port=3306 , hostgroup=10, max_connections=1000, weight=$i, use_ssl=$ssl },
+EOT
+    } elsif (pf::cluster::getWriteDB()) {
         $tags{'geoDB'} = $TRUE;
         my @mysql_write_backend = pf::cluster::getWriteDB();
         my @mysql_read_backend = pf::cluster::getReadDB();
@@ -105,8 +122,11 @@ EOT
         }
     }
 
+
+
     my @mysql_servers = pf::cluster::mysql_servers();
-    $tags{'single_server'} = (scalar(@mysql_servers) == 1);
+
+    $tags{'single_server'} = $single_server || (scalar(@mysql_servers) == 1);
 
     $tags{'mysql_pf_user'} = $DB_Config->{user};
     $tags{'mysql_pf_user'} =~ s/"/\\"/g;
diff --git a/sbin/proxysql-docker-wrapper b/sbin/proxysql-docker-wrapper
index 294acd49e037..5c38982f0cc6 100755
--- a/sbin/proxysql-docker-wrapper
+++ b/sbin/proxysql-docker-wrapper
@@ -5,6 +5,7 @@ source /usr/local/pf/containers/systemd-service
 name=proxysql
 
 args=`base_args $name`
+args="$args -v/usr/local/pf/conf/:/usr/local/pf/conf/"
 args="$args -v/usr/local/pf/var/conf/:/usr/local/pf/var/conf/"
 args="$args -v /usr/local/pf/var/proxysql/:/usr/local/pf/var/proxysql/"
 args+=" -p 127.0.0.1:6032:6032 -p 6033:6033 -p 6080:6080"

From 829d02a1cd3dddd3d2bdaacacd8e360fcb1ce37c Mon Sep 17 00:00:00 2001
From: James Rouzier <jrouzier@inverse.ca>
Date: Mon, 12 Dec 2022 21:02:31 +0000
Subject: [PATCH 099/103] Always add an id for the section

---
 html/pfappserver/lib/pfappserver/Form/Config/Pf.pm | 1 +
 1 file changed, 1 insertion(+)

diff --git a/html/pfappserver/lib/pfappserver/Form/Config/Pf.pm b/html/pfappserver/lib/pfappserver/Form/Config/Pf.pm
index 767663bffb25..c0d76b315d7b 100644
--- a/html/pfappserver/lib/pfappserver/Form/Config/Pf.pm
+++ b/html/pfappserver/lib/pfappserver/Form/Config/Pf.pm
@@ -43,6 +43,7 @@ sub field_list {
     my $list = [];
     my $section = $self->section;
     return [] if !defined $section;
+    push @$list, id => { id => 'id', type => 'Text'};
     my $default_pf_config = pf::IniFiles->new(-file => $pf_default_file, -allowempty => 1);
     my @section_fields = $default_pf_config->Parameters($section);
     foreach my $name (@section_fields) {

From c543c33713f7ccc15748b8d6d183137760c6d97b Mon Sep 17 00:00:00 2001
From: James Rouzier <jrouzier@inverse.ca>
Date: Mon, 12 Dec 2022 21:37:10 +0000
Subject: [PATCH 100/103] Remove options

---
 conf/documentation.conf | 1 -
 1 file changed, 1 deletion(-)

diff --git a/conf/documentation.conf b/conf/documentation.conf
index cfa405d30bb1..18346b9b38e3 100644
--- a/conf/documentation.conf
+++ b/conf/documentation.conf
@@ -1022,7 +1022,6 @@ ext=crt
 
 [database_proxysql.backend]
 type=text
-options=enabled|disabled
 
 [database.unix_socket]
 type=text

From 5f17c7ced608d68f577ad8c109b6d9c72d4d06b5 Mon Sep 17 00:00:00 2001
From: nqb <nquiniou@akamai.com>
Date: Tue, 13 Dec 2022 13:05:29 +0100
Subject: [PATCH 101/103] fix(tests): use two different timeouts

---
 .gitlab-ci.yml         | 30 +++++++++++++++---------------
 ci/packer/zen/Makefile |  3 +++
 2 files changed, 18 insertions(+), 15 deletions(-)

diff --git a/.gitlab-ci.yml b/.gitlab-ci.yml
index 675e8499d17b..adcbf13d0976 100644
--- a/.gitlab-ci.yml
+++ b/.gitlab-ci.yml
@@ -25,7 +25,8 @@ stages:
 ################################################################################
 variables:
   # synced with Pipeline timeout in GitLab UI
-  PIPELINE_TIMEOUT: 170m
+  PIPELINE_TIMEOUT_SCRIPT: 160m
+  PIPELINE_TIMEOUT_AFTER_SCRIPT: 10m
   BUILD_PFAPPSERVER_VUE: "yes"
   PFBUILD_CENTOS_8_IMG: ghcr.io/inverse-inc/packetfence/pfbuild-centos-8
   PFBUILD_DEB_BULLSEYE_IMG: ghcr.io/inverse-inc/packetfence/pfbuild-debian-bullseye
@@ -274,7 +275,7 @@ variables:
 .build_img_docker_job:
   stage: build_img
   script:
-    - timeout ${PIPELINE_TIMEOUT} make -e -C ${PACKERDIR} build_img_docker_pfbuild
+    - timeout ${PIPELINE_TIMEOUT_SCRIPT} make -e -C ${PACKERDIR} build_img_docker_pfbuild
   tags:
     - shell
 
@@ -322,9 +323,9 @@ variables:
     RESULT_DIR: /var/local/gitlab-runner/vagrant_img
     BOX_DESC: ${CI_PIPELINE_URL}
   script:
-    - timeout ${PIPELINE_TIMEOUT} make -e -C ${VAGRANT_IMG_DIR} ${BOX_NAME}
+    - timeout ${PIPELINE_TIMEOUT_SCRIPT} make -e -C ${VAGRANT_IMG_DIR} ${BOX_NAME}
   after_script:
-    - timeout ${PIPELINE_TIMEOUT} make -e -C ${VAGRANT_IMG_DIR} clean
+    - timeout ${PIPELINE_TIMEOUT_AFTER_SCRIPT} make -e -C ${VAGRANT_IMG_DIR} clean
   tags:
     - shell
     - inverse.ca
@@ -493,8 +494,7 @@ variables:
     name: sourceforge
     url: ${SF_ZEN_REPO_URL}/${CI_COMMIT_REF_NAME}
   after_script:
-    - timeout ${PIPELINE_TIMEOUT} make -e -C ${ZENDIR} clean
-    - timeout ${PIPELINE_TIMEOUT} make -e -C ${ZENDIR} clean_cache
+    - timeout ${PIPELINE_TIMEOUT_AFTER_SCRIPT} make -e -C ${ZENDIR} clean_all
   dependencies: []
   tags:
     - shell
@@ -504,7 +504,7 @@ variables:
   environment:
     name: sourceforge
   after_script:
-    - timeout ${PIPELINE_TIMEOUT} make -e -C ${ISODIR} clean
+    - timeout ${PIPELINE_TIMEOUT_AFTER_SCRIPT} make -e -C ${ISODIR} clean
   dependencies: []
   tags:
     - shell
@@ -515,9 +515,9 @@ variables:
     RESULT_DIR: /var/local/gitlab-runner/vagrant_img
     BOX_DESC: ${CI_PIPELINE_URL}
   script:
-    - timeout ${PIPELINE_TIMEOUT} make -e -C ${VAGRANT_IMG_DIR} ${BOX_NAME}
+    - timeout ${PIPELINE_TIMEOUT_SCRIPT} make -e -C ${VAGRANT_IMG_DIR} ${BOX_NAME}
   after_script:
-    - timeout ${PIPELINE_TIMEOUT} make -e -C ${VAGRANT_IMG_DIR} clean
+    - timeout ${PIPELINE_TIMEOUT_AFTER_SCRIPT} make -e -C ${VAGRANT_IMG_DIR} clean
   dependencies: []
   tags:
     - inverse.ca
@@ -535,9 +535,9 @@ variables:
   variables:
     VAGRANT_COMMON_DOTFILE_PATH: /var/local/gitlab-runner/vagrant/vagrant-common-${CI_COMMIT_REF_SLUG}
   script:
-    - timeout ${PIPELINE_TIMEOUT} make -e -C ${TESTDIR} MAKE_TARGET=run ${CI_JOB_NAME}
+    - timeout ${PIPELINE_TIMEOUT_SCRIPT} make -e -C ${TESTDIR} MAKE_TARGET=run ${CI_JOB_NAME}
   after_script:
-    - timeout ${PIPELINE_TIMEOUT} ${TESTCIDIR}/clean-test-environment.sh
+    - timeout ${PIPELINE_TIMEOUT_AFTER_SCRIPT} ${TESTCIDIR}/clean-test-environment.sh
 
 ################################################################################
 # JOBS
@@ -1475,13 +1475,13 @@ build_pf_img_zen_devel_branches_and_maintenance:
     - .build_pf_img_zen_job
     - .build_pf_img_zen_devel_branches_and_maintenance_rules
   script:
-    - timeout ${PIPELINE_TIMEOUT} make -e -C ${ZENDIR} zen-deb11
+    - timeout ${PIPELINE_TIMEOUT_SCRIPT} make -e -C ${ZENDIR} zen-deb11
 
 build_pf_img_zen_release:
   extends:
     - .build_pf_img_zen_job
   script:
-    - timeout ${PIPELINE_TIMEOUT} make -e -C ${ZENDIR} zen-deb11
+    - timeout ${PIPELINE_TIMEOUT_SCRIPT} make -e -C ${ZENDIR} zen-deb11
   # workaround for https://forum.gitlab.com/t/specify-when-at-job-level-with-a-job-that-has-rules/4769
   rules:
     - if: '$CI_COMMIT_TAG'
@@ -1496,7 +1496,7 @@ build_pf_img_iso_devel_branches_and_maintenance:
   environment:
     url: ${SF_ISO_REPO_URL}/${CI_COMMIT_REF_SLUG}
   script:
-    - timeout ${PIPELINE_TIMEOUT} make -e -C ${ISODIR} iso
+    - timeout ${PIPELINE_TIMEOUT_SCRIPT} make -e -C ${ISODIR} iso
 
 build_pf_img_iso_release:
   extends:
@@ -1506,7 +1506,7 @@ build_pf_img_iso_release:
   environment:
     url: ${SF_ISO_REPO_URL}/${CI_COMMIT_TAG}
   script:
-    - timeout ${PIPELINE_TIMEOUT} make -e -C ${ISODIR} iso
+    - timeout ${PIPELINE_TIMEOUT_SCRIPT} make -e -C ${ISODIR} iso
   # workaround for https://forum.gitlab.com/t/specify-when-at-job-level-with-a-job-that-has-rules/4769
   rules:
     - if: '$CI_COMMIT_TAG'
diff --git a/ci/packer/zen/Makefile b/ci/packer/zen/Makefile
index b288fe1c2889..80b3da8c9381 100644
--- a/ci/packer/zen/Makefile
+++ b/ci/packer/zen/Makefile
@@ -32,6 +32,9 @@ zen:
 	VM_NAME=$(VM_NAME) \
 	./build-and-upload.sh
 
+.PHONY: clean_all
+clean_all: clean clean_cache
+
 .PHONY: clean
 clean:
 	rm -rf $(RESULT_DIR)

From 0ff8cb1128670636d82ff8f97fd40acd2d09dc09 Mon Sep 17 00:00:00 2001
From: Julien Semaan <jul.semaan@gmail.com>
Date: Tue, 13 Dec 2022 10:21:17 -0500
Subject: [PATCH 102/103] Update NEWS.asciidoc

---
 NEWS.asciidoc | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/NEWS.asciidoc b/NEWS.asciidoc
index 968fd4cb525d..fd24e0632b00 100644
--- a/NEWS.asciidoc
+++ b/NEWS.asciidoc
@@ -29,6 +29,8 @@ For a list of compatibility related changes see the <<PacketFence_Upgrade_Guide.
 
 === Enhancements
 
+ * Allow proxysql to be configure to connect to a single external database.
+
 === Bug Fixes
 
  * Force the destination IP for UDP packets going through the pfconnector (#7323)

From 13ba0e1caf1d657be88d616161b498d17b745967 Mon Sep 17 00:00:00 2001
From: Julien Semaan <jul.semaan@gmail.com>
Date: Tue, 13 Dec 2022 10:22:52 -0500
Subject: [PATCH 103/103] Update NEWS.asciidoc

---
 NEWS.asciidoc | 1 +
 1 file changed, 1 insertion(+)

diff --git a/NEWS.asciidoc b/NEWS.asciidoc
index fd24e0632b00..c29b3b9b7a0c 100644
--- a/NEWS.asciidoc
+++ b/NEWS.asciidoc
@@ -30,6 +30,7 @@ For a list of compatibility related changes see the <<PacketFence_Upgrade_Guide.
 === Enhancements
 
  * Allow proxysql to be configure to connect to a single external database.
+ * Allow image files to be uploaded in a connection profile.
 
 === Bug Fixes