From c20e577f7c8c3f29d8325c970515608f1900c11a Mon Sep 17 00:00:00 2001
From: Ezri Brimhall <ezri.brimhall@usu.edu>
Date: Wed, 25 Jun 2025 12:59:49 -0600
Subject: [PATCH] Added config spec

---
 src/vpn_manager_globalprotect/backend.py | 58 +++++++++++++++++++++++-
 1 file changed, 56 insertions(+), 2 deletions(-)

diff --git a/src/vpn_manager_globalprotect/backend.py b/src/vpn_manager_globalprotect/backend.py
index 0173b73..1667501 100644
--- a/src/vpn_manager_globalprotect/backend.py
+++ b/src/vpn_manager_globalprotect/backend.py
@@ -1,6 +1,6 @@
 """Connection backend implementation file."""
 
-from vpn_manager.service.connections.base import ConnectionBase
+from vpn_manager.service.connections.base import ConnectionBase, ConfigSpec
 from typing import TypedDict, Required
 from enum import IntEnum, StrEnum
 from asyncio import (
@@ -26,11 +26,19 @@ import psutil
 
 
 class LoginTarget(StrEnum):
-    """Login target enum."""
+    """
+    Login target enum.
+
+    Has two methods for selecting the target, using the GlobalProtect
+    client's names, and the more technical names that specify
+    """
 
     GATEWAY = "gateway"
     PORTAL = "portal"
 
+    SSL = "ssl"
+    IPSEC = "ipsec"
+
 
 class Options(TypedDict, total=False):
     """Options type definition for GlobalProtect VPNs."""
@@ -392,3 +400,49 @@ class GlobalProtectConnection(
         cls.put_value(result, "b", options, "use_default_browser")
         cls.put_value(result, "s", options, "firefox_browser_container")
         return result
+
+    @classmethod
+    def get_config_spec(cls):
+        """See parent."""
+        return cls._build_config_spec(
+            ConfigSpec(
+                name="hostname",
+                signature="s",
+                description="Hostname of the VPN server",
+                required=True,
+            ),
+            ConfigSpec(
+                name="login_target",
+                signature="s",
+                description="What kind of connection to create (IPSec or SSL)",
+                choices=[ConnectionType.PORTAL, ConnectionType.GATEWAY],
+            ),
+            ConfigSpec(
+                name="spoof_clientos",
+                signature="s",
+                description="Custom OS identifier to use instead of autodetected OS",
+            ),
+            ConfigSpec(
+                name="verify_certificate",
+                signature="b",
+                description="Whether to verify the certificate provided by the server. DISABLING THIS IS DANGEROUS!!!",
+                default=True,
+            ),
+            ConfigSpec(
+                name="allow_insecure_crypto",
+                signature="b",
+                description="Whether to allow older, insecure TLS versions when connecting to the server. ENABLING THIS IS DANGEROUS!!!",
+                default=False,
+            ),
+            ConfigSpec(
+                name="use_default_browser",
+                signature="b",
+                description="Whether to request use of the default browser when authenticating. The server may not allow this.",
+                default=True,
+            ),
+            ConfigSpec(
+                name="firefox_browser_container",
+                signature="s",
+                description="Specify a browser container to open the authentication page in. Requires Firefox and the 'Open external links in container' plugin",
+            ),
+        )