Fixes #14847: Relax requirement for IKE policy (#14878)

* Fixes #14847: Relax requirement for IKE policy

* Docs tweak

---------

Co-authored-by: Jeremy Stretch <jstretch@netboxlabs.com>

docs/models/vpn/ikepolicy.md

@@ -14,7 +14,7 @@ The IKE version employed (v1 or v2).
 
 ### Mode
 
-The IKE mode employed (main or aggressive).
+The mode employed (main or aggressive) when IKEv1 is in use. This setting is not supported for IKEv2.
 
 ### Proposals
 

netbox/vpn/forms/bulk_edit.py

@@ -164,7 +164,7 @@ class IKEPolicyBulkEditForm(NetBoxModelBulkEditForm):
         )),
     )
     nullable_fields = (
-        'preshared_key', 'description', 'comments',
+        'mode', 'preshared_key', 'description', 'comments',
     )
 
 

netbox/vpn/forms/bulk_import.py

@@ -174,7 +174,8 @@ class IKEPolicyImportForm(NetBoxModelImportForm):
     )
     mode = CSVChoiceField(
         label=_('Mode'),
-        choices=IKEModeChoices
+        choices=IKEModeChoices,
+        required=False
     )
     proposals = CSVModelMultipleChoiceField(
         queryset=IKEProposal.objects.all(),

netbox/vpn/migrations/0004_alter_ikepolicy_mode.py

@@ -0,0 +1,18 @@
+# Generated by Django 4.2.9 on 2024-01-20 09:37
+
+from django.db import migrations, models
+
+
+class Migration(migrations.Migration):
+
+    dependencies = [
+        ('vpn', '0003_ipaddress_multiple_tunnel_terminations'),
+    ]
+
+    operations = [
+        migrations.AlterField(
+            model_name='ikepolicy',
+            name='mode',
+            field=models.CharField(blank=True),
+        ),
+    ]

netbox/vpn/models/crypto.py

@@ -79,7 +79,8 @@ class IKEPolicy(PrimaryModel):
     )
     mode = models.CharField(
         verbose_name=_('mode'),
-        choices=IKEModeChoices
+        choices=IKEModeChoices,
+        blank=True
     )
     proposals = models.ManyToManyField(
         to='vpn.IKEProposal',
@@ -109,6 +110,17 @@ class IKEPolicy(PrimaryModel):
     def get_absolute_url(self):
         return reverse('vpn:ikepolicy', args=[self.pk])
 
+    def clean(self):
+        super().clean()
+
+        # Mode is required
+        if self.version == IKEVersionChoices.VERSION_1 and not self.mode:
+            raise ValidationError(_("Mode is required for selected IKE version"))
+
+        # Mode cannot be used
+        if self.version == IKEVersionChoices.VERSION_2 and self.mode:
+            raise ValidationError(_("Mode cannot be used for selected IKE version"))
+
 
 #
 # IPSec

netbox/vpn/tests/test_views.py

@@ -305,7 +305,6 @@ class IKEPolicyTestCase(ViewTestCases.PrimaryObjectViewTestCase):
         cls.form_data = {
             'name': 'IKE Policy X',
             'version': IKEVersionChoices.VERSION_2,
-            'mode': IKEModeChoices.AGGRESSIVE,
             'proposals': [p.pk for p in ike_proposals],
             'tags': [t.pk for t in tags],
         }
@@ -313,9 +312,9 @@ class IKEPolicyTestCase(ViewTestCases.PrimaryObjectViewTestCase):
         ike_proposal_names = ','.join([p.name for p in ike_proposals])
         cls.csv_data = (
             "name,version,mode,proposals",
-            f"IKE Proposal 4,2,aggressive,\"{ike_proposal_names}\"",
-            f"IKE Proposal 5,2,aggressive,\"{ike_proposal_names}\"",
-            f"IKE Proposal 6,2,aggressive,\"{ike_proposal_names}\"",
+            f"IKE Proposal 4,1,main,\"{ike_proposal_names}\"",
+            f"IKE Proposal 5,1,aggressive,\"{ike_proposal_names}\"",
+            f"IKE Proposal 6,2,,\"{ike_proposal_names}\"",
         )
 
         cls.csv_update_data = (
@@ -327,7 +326,7 @@ class IKEPolicyTestCase(ViewTestCases.PrimaryObjectViewTestCase):
 
         cls.bulk_edit_data = {
             'description': 'New description',
-            'version': IKEVersionChoices.VERSION_2,
+            'version': IKEVersionChoices.VERSION_1,
             'mode': IKEModeChoices.AGGRESSIVE,
         }