summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorJohn Estabrook <jestabro@vyos.io>2024-08-08 14:24:00 -0500
committerMergify <37929162+mergify[bot]@users.noreply.github.com>2024-08-12 19:15:10 +0000
commit7e7196de61d9500b01a9e65582127cb80c249ae2 (patch)
tree45ae273a23c93d4254ab0322d1667686e7baa92a
parent33273bcc224e82b42fa3db06e9fe2168abdc6205 (diff)
downloadvyos-1x-7e7196de61d9500b01a9e65582127cb80c249ae2.tar.gz
vyos-1x-7e7196de61d9500b01a9e65582127cb80c249ae2.zip
configverify: T6642: verify_interface_exists requires config_dict arg
The function verify_interface_exists requires a reference to the ambient config_dict rather than creating an instance. As access is required to the 'interfaces' path, provide as attribute of class ConfigDict, so as not to confuse path searches of script-specific config_dict instances. (cherry picked from commit 5f23b7275564cfaa7c178d320868b5f5e86ae606)
-rw-r--r--python/vyos/config.py3
-rw-r--r--python/vyos/configverify.py6
-rwxr-xr-xsrc/conf_mode/firewall.py2
-rwxr-xr-xsrc/conf_mode/interfaces_ethernet.py4
-rwxr-xr-xsrc/conf_mode/interfaces_wwan.py2
-rwxr-xr-xsrc/conf_mode/policy_local-route.py2
-rwxr-xr-xsrc/conf_mode/protocols_igmp-proxy.py2
-rwxr-xr-xsrc/conf_mode/protocols_isis.py2
-rwxr-xr-xsrc/conf_mode/protocols_mpls.py2
-rwxr-xr-xsrc/conf_mode/protocols_ospf.py2
-rwxr-xr-xsrc/conf_mode/protocols_ospfv3.py2
-rwxr-xr-xsrc/conf_mode/protocols_pim.py2
-rwxr-xr-xsrc/conf_mode/protocols_pim6.py2
-rwxr-xr-xsrc/conf_mode/qos.py2
-rwxr-xr-xsrc/conf_mode/service_broadcast-relay.py2
-rwxr-xr-xsrc/conf_mode/service_conntrack-sync.py2
-rwxr-xr-xsrc/conf_mode/service_dns_dynamic.py2
-rwxr-xr-xsrc/conf_mode/service_ipoe-server.py2
-rwxr-xr-xsrc/conf_mode/service_mdns_repeater.py2
-rwxr-xr-xsrc/conf_mode/service_ndp-proxy.py2
-rwxr-xr-xsrc/conf_mode/service_ntp.py2
-rwxr-xr-xsrc/conf_mode/service_pppoe-server.py2
-rwxr-xr-xsrc/conf_mode/service_salt-minion.py2
-rwxr-xr-xsrc/conf_mode/system_flow-accounting.py2
-rwxr-xr-xsrc/conf_mode/system_option.py2
-rwxr-xr-xsrc/conf_mode/vpn_ipsec.py8
26 files changed, 33 insertions, 32 deletions
diff --git a/python/vyos/config.py b/python/vyos/config.py
index b7ee606a9..1fab46761 100644
--- a/python/vyos/config.py
+++ b/python/vyos/config.py
@@ -344,6 +344,9 @@ class Config(object):
conf_dict['pki'] = pki_dict
+ interfaces_root = root_dict.get('interfaces', {})
+ setattr(conf_dict, 'interfaces_root', interfaces_root)
+
# save optional args for a call to get_config_defaults
setattr(conf_dict, '_dict_kwargs', kwargs)
diff --git a/python/vyos/configverify.py b/python/vyos/configverify.py
index b49d66c36..59b67300d 100644
--- a/python/vyos/configverify.py
+++ b/python/vyos/configverify.py
@@ -237,7 +237,7 @@ def verify_bridge_delete(config):
raise ConfigError(f'Interface "{interface}" cannot be deleted as it '
f'is a member of bridge "{bridge_name}"!')
-def verify_interface_exists(ifname, state_required=False, warning_only=False):
+def verify_interface_exists(config, ifname, state_required=False, warning_only=False):
"""
Common helper function used by interface implementations to perform
recurring validation if an interface actually exists. We first probe
@@ -245,14 +245,12 @@ def verify_interface_exists(ifname, state_required=False, warning_only=False):
it exists at the OS level.
"""
from vyos.base import Warning
- from vyos.configquery import ConfigTreeQuery
from vyos.utils.dict import dict_search_recursive
from vyos.utils.network import interface_exists
if not state_required:
# Check if interface is present in CLI config
- config = ConfigTreeQuery()
- tmp = config.get_config_dict(['interfaces'], get_first_key=True)
+ tmp = getattr(config, 'interfaces_root', {})
if bool(list(dict_search_recursive(tmp, ifname))):
return True
diff --git a/src/conf_mode/firewall.py b/src/conf_mode/firewall.py
index ec6b86ef2..9974a1466 100755
--- a/src/conf_mode/firewall.py
+++ b/src/conf_mode/firewall.py
@@ -322,7 +322,7 @@ def verify(firewall):
raise ConfigError(f'Flowtable "{flowtable}" requires at least one interface')
for ifname in flowtable_conf['interface']:
- verify_interface_exists(ifname)
+ verify_interface_exists(firewall, ifname)
if dict_search_args(flowtable_conf, 'offload') == 'hardware':
interfaces = flowtable_conf['interface']
diff --git a/src/conf_mode/interfaces_ethernet.py b/src/conf_mode/interfaces_ethernet.py
index 54d0669cb..afc48ead8 100755
--- a/src/conf_mode/interfaces_ethernet.py
+++ b/src/conf_mode/interfaces_ethernet.py
@@ -310,7 +310,7 @@ def verify_bond_member(ethernet):
:type ethernet: dict
"""
ifname = ethernet['ifname']
- verify_interface_exists(ifname)
+ verify_interface_exists(ethernet, ifname)
verify_eapol(ethernet)
verify_mirror_redirect(ethernet)
ethtool = Ethtool(ifname)
@@ -327,7 +327,7 @@ def verify_ethernet(ethernet):
:type ethernet: dict
"""
ifname = ethernet['ifname']
- verify_interface_exists(ifname)
+ verify_interface_exists(ethernet, ifname)
verify_mtu(ethernet)
verify_mtu_ipv6(ethernet)
verify_dhcpv6(ethernet)
diff --git a/src/conf_mode/interfaces_wwan.py b/src/conf_mode/interfaces_wwan.py
index 2515dc838..230eb14d6 100755
--- a/src/conf_mode/interfaces_wwan.py
+++ b/src/conf_mode/interfaces_wwan.py
@@ -95,7 +95,7 @@ def verify(wwan):
if not 'apn' in wwan:
raise ConfigError(f'No APN configured for "{ifname}"!')
- verify_interface_exists(ifname)
+ verify_interface_exists(wwan, ifname)
verify_authentication(wwan)
verify_vrf(wwan)
verify_mirror_redirect(wwan)
diff --git a/src/conf_mode/policy_local-route.py b/src/conf_mode/policy_local-route.py
index f458f4e82..331fd972d 100755
--- a/src/conf_mode/policy_local-route.py
+++ b/src/conf_mode/policy_local-route.py
@@ -223,7 +223,7 @@ def verify(pbr):
if 'inbound_interface' in pbr_route['rule'][rule]:
interface = pbr_route['rule'][rule]['inbound_interface']
- verify_interface_exists(interface)
+ verify_interface_exists(pbr, interface)
return None
diff --git a/src/conf_mode/protocols_igmp-proxy.py b/src/conf_mode/protocols_igmp-proxy.py
index afcef0985..9a07adf05 100755
--- a/src/conf_mode/protocols_igmp-proxy.py
+++ b/src/conf_mode/protocols_igmp-proxy.py
@@ -65,7 +65,7 @@ def verify(igmp_proxy):
upstream = 0
for interface, config in igmp_proxy['interface'].items():
- verify_interface_exists(interface)
+ verify_interface_exists(igmp_proxy, interface)
if dict_search('role', config) == 'upstream':
upstream += 1
diff --git a/src/conf_mode/protocols_isis.py b/src/conf_mode/protocols_isis.py
index 9cadfd081..ba2f3cf0d 100755
--- a/src/conf_mode/protocols_isis.py
+++ b/src/conf_mode/protocols_isis.py
@@ -102,7 +102,7 @@ def verify(isis):
raise ConfigError('Interface used for routing updates is mandatory!')
for interface in isis['interface']:
- verify_interface_exists(interface)
+ verify_interface_exists(isis, interface)
# Interface MTU must be >= configured lsp-mtu
mtu = Interface(interface).get_mtu()
area_mtu = isis['lsp_mtu']
diff --git a/src/conf_mode/protocols_mpls.py b/src/conf_mode/protocols_mpls.py
index 177a43444..ad164db9f 100755
--- a/src/conf_mode/protocols_mpls.py
+++ b/src/conf_mode/protocols_mpls.py
@@ -49,7 +49,7 @@ def verify(mpls):
if 'interface' in mpls:
for interface in mpls['interface']:
- verify_interface_exists(interface)
+ verify_interface_exists(mpls, interface)
# Checks to see if LDP is properly configured
if 'ldp' in mpls:
diff --git a/src/conf_mode/protocols_ospf.py b/src/conf_mode/protocols_ospf.py
index 6fffe7e0d..7347c4faa 100755
--- a/src/conf_mode/protocols_ospf.py
+++ b/src/conf_mode/protocols_ospf.py
@@ -144,7 +144,7 @@ def verify(ospf):
if 'interface' in ospf:
for interface, interface_config in ospf['interface'].items():
- verify_interface_exists(interface)
+ verify_interface_exists(ospf, interface)
# One can not use dead-interval and hello-multiplier at the same
# time. FRR will only activate the last option set via CLI.
if {'hello_multiplier', 'dead_interval'} <= set(interface_config):
diff --git a/src/conf_mode/protocols_ospfv3.py b/src/conf_mode/protocols_ospfv3.py
index 1bb172293..60c2a9b16 100755
--- a/src/conf_mode/protocols_ospfv3.py
+++ b/src/conf_mode/protocols_ospfv3.py
@@ -127,7 +127,7 @@ def verify(ospfv3):
if 'interface' in ospfv3:
for interface, interface_config in ospfv3['interface'].items():
- verify_interface_exists(interface)
+ verify_interface_exists(ospfv3, interface)
if 'ifmtu' in interface_config:
mtu = Interface(interface).get_mtu()
if int(interface_config['ifmtu']) > int(mtu):
diff --git a/src/conf_mode/protocols_pim.py b/src/conf_mode/protocols_pim.py
index d450d11ca..79294a1f0 100755
--- a/src/conf_mode/protocols_pim.py
+++ b/src/conf_mode/protocols_pim.py
@@ -97,7 +97,7 @@ def verify(pim):
raise ConfigError('PIM require defined interfaces!')
for interface, interface_config in pim['interface'].items():
- verify_interface_exists(interface)
+ verify_interface_exists(pim, interface)
# Check join group in reserved net
if 'igmp' in interface_config and 'join' in interface_config['igmp']:
diff --git a/src/conf_mode/protocols_pim6.py b/src/conf_mode/protocols_pim6.py
index 2003a1014..581ffe238 100755
--- a/src/conf_mode/protocols_pim6.py
+++ b/src/conf_mode/protocols_pim6.py
@@ -63,7 +63,7 @@ def verify(pim6):
return
for interface, interface_config in pim6.get('interface', {}).items():
- verify_interface_exists(interface)
+ verify_interface_exists(pim6, interface)
if 'mld' in interface_config:
mld = interface_config['mld']
for group in mld.get('join', {}).keys():
diff --git a/src/conf_mode/qos.py b/src/conf_mode/qos.py
index 464d7c192..7dfad3180 100755
--- a/src/conf_mode/qos.py
+++ b/src/conf_mode/qos.py
@@ -303,7 +303,7 @@ def apply(qos):
return None
for interface, interface_config in qos['interface'].items():
- if not verify_interface_exists(interface, state_required=True, warning_only=True):
+ if not verify_interface_exists(qos, interface, state_required=True, warning_only=True):
# When shaper is bound to a dialup (e.g. PPPoE) interface it is
# possible that it is yet not availbale when to QoS code runs.
# Skip the configuration and inform the user via warning_only=True
diff --git a/src/conf_mode/service_broadcast-relay.py b/src/conf_mode/service_broadcast-relay.py
index 31c552f5a..d35954718 100755
--- a/src/conf_mode/service_broadcast-relay.py
+++ b/src/conf_mode/service_broadcast-relay.py
@@ -59,7 +59,7 @@ def verify(relay):
raise ConfigError('At least two interfaces are required for UDP broadcast relay "{instance}"')
for interface in config.get('interface', []):
- verify_interface_exists(interface)
+ verify_interface_exists(relay, interface)
if not is_afi_configured(interface, AF_INET):
raise ConfigError(f'Interface "{interface}" has no IPv4 address configured!')
diff --git a/src/conf_mode/service_conntrack-sync.py b/src/conf_mode/service_conntrack-sync.py
index 4fb2ce27f..3a233a172 100755
--- a/src/conf_mode/service_conntrack-sync.py
+++ b/src/conf_mode/service_conntrack-sync.py
@@ -67,7 +67,7 @@ def verify(conntrack):
has_peer = False
for interface, interface_config in conntrack['interface'].items():
- verify_interface_exists(interface)
+ verify_interface_exists(conntrack, interface)
# Interface must not only exist, it must also carry an IP address
if len(get_ipv4(interface)) < 1:
raise ConfigError(f'Interface {interface} requires an IP address!')
diff --git a/src/conf_mode/service_dns_dynamic.py b/src/conf_mode/service_dns_dynamic.py
index a551a9891..5f5303856 100755
--- a/src/conf_mode/service_dns_dynamic.py
+++ b/src/conf_mode/service_dns_dynamic.py
@@ -104,7 +104,7 @@ def verify(dyndns):
Warning(f'Interface "{config["address"]["interface"]}" does not exist yet and '
f'cannot be used for Dynamic DNS service "{service}" until it is up!')
else:
- verify_interface_exists(config['address']['interface'])
+ verify_interface_exists(dyndns, config['address']['interface'])
if 'web' in config['address']:
# If 'skip' is specified, 'url' is required as well
diff --git a/src/conf_mode/service_ipoe-server.py b/src/conf_mode/service_ipoe-server.py
index 28b7fb03c..16c82e591 100755
--- a/src/conf_mode/service_ipoe-server.py
+++ b/src/conf_mode/service_ipoe-server.py
@@ -66,7 +66,7 @@ def verify(ipoe):
raise ConfigError('No IPoE interface configured')
for interface, iface_config in ipoe['interface'].items():
- verify_interface_exists(interface, warning_only=True)
+ verify_interface_exists(ipoe, interface, warning_only=True)
if 'client_subnet' in iface_config and 'vlan' in iface_config:
raise ConfigError('Option "client-subnet" and "vlan" are mutually exclusive, '
'use "client-ip-pool" instead!')
diff --git a/src/conf_mode/service_mdns_repeater.py b/src/conf_mode/service_mdns_repeater.py
index 207da5e03..b0ece031c 100755
--- a/src/conf_mode/service_mdns_repeater.py
+++ b/src/conf_mode/service_mdns_repeater.py
@@ -65,7 +65,7 @@ def verify(mdns):
# For mdns-repeater to work it is essential that the interfaces has
# an IPv4 address assigned
for interface in mdns['interface']:
- verify_interface_exists(interface)
+ verify_interface_exists(mdns, interface)
if mdns['ip_version'] in ['ipv4', 'both'] and AF_INET not in ifaddresses(interface):
raise ConfigError('mDNS repeater requires an IPv4 address to be '
diff --git a/src/conf_mode/service_ndp-proxy.py b/src/conf_mode/service_ndp-proxy.py
index aa2374f4c..024ad79f2 100755
--- a/src/conf_mode/service_ndp-proxy.py
+++ b/src/conf_mode/service_ndp-proxy.py
@@ -50,7 +50,7 @@ def verify(ndpp):
if 'interface' in ndpp:
for interface, interface_config in ndpp['interface'].items():
- verify_interface_exists(interface)
+ verify_interface_exists(ndpp, interface)
if 'rule' in interface_config:
for rule, rule_config in interface_config['rule'].items():
diff --git a/src/conf_mode/service_ntp.py b/src/conf_mode/service_ntp.py
index f11690ee6..83880fd72 100755
--- a/src/conf_mode/service_ntp.py
+++ b/src/conf_mode/service_ntp.py
@@ -64,7 +64,7 @@ def verify(ntp):
if 'interface' in ntp:
# If ntpd should listen on a given interface, ensure it exists
interface = ntp['interface']
- verify_interface_exists(interface)
+ verify_interface_exists(ntp, interface)
# If we run in a VRF, our interface must belong to this VRF, too
if 'vrf' in ntp:
diff --git a/src/conf_mode/service_pppoe-server.py b/src/conf_mode/service_pppoe-server.py
index c95f976d3..566a7b149 100755
--- a/src/conf_mode/service_pppoe-server.py
+++ b/src/conf_mode/service_pppoe-server.py
@@ -122,7 +122,7 @@ def verify(pppoe):
# Check is interface exists in the system
for interface in pppoe['interface']:
- verify_interface_exists(interface, warning_only=True)
+ verify_interface_exists(pppoe, interface, warning_only=True)
return None
diff --git a/src/conf_mode/service_salt-minion.py b/src/conf_mode/service_salt-minion.py
index a8fce8e01..edf74b0c0 100755
--- a/src/conf_mode/service_salt-minion.py
+++ b/src/conf_mode/service_salt-minion.py
@@ -70,7 +70,7 @@ def verify(salt):
Warning('Do not use sha1 hashing algorithm, upgrade to sha256 or later!')
if 'source_interface' in salt:
- verify_interface_exists(salt['source_interface'])
+ verify_interface_exists(salt, salt['source_interface'])
return None
diff --git a/src/conf_mode/system_flow-accounting.py b/src/conf_mode/system_flow-accounting.py
index 2dacd92da..a12ee363d 100755
--- a/src/conf_mode/system_flow-accounting.py
+++ b/src/conf_mode/system_flow-accounting.py
@@ -183,7 +183,7 @@ def verify(flow_config):
# check that all configured interfaces exists in the system
for interface in flow_config['interface']:
- verify_interface_exists(interface, warning_only=True)
+ verify_interface_exists(flow_config, interface, warning_only=True)
# check sFlow configuration
if 'sflow' in flow_config:
diff --git a/src/conf_mode/system_option.py b/src/conf_mode/system_option.py
index ecc5bc045..6eb47e552 100755
--- a/src/conf_mode/system_option.py
+++ b/src/conf_mode/system_option.py
@@ -68,7 +68,7 @@ def verify(options):
if 'http_client' in options:
config = options['http_client']
if 'source_interface' in config:
- verify_interface_exists(config['source_interface'])
+ verify_interface_exists(options, config['source_interface'])
if {'source_address', 'source_interface'} <= set(config):
raise ConfigError('Can not define both HTTP source-interface and source-address')
diff --git a/src/conf_mode/vpn_ipsec.py b/src/conf_mode/vpn_ipsec.py
index cf82b767f..65dd458ec 100755
--- a/src/conf_mode/vpn_ipsec.py
+++ b/src/conf_mode/vpn_ipsec.py
@@ -180,9 +180,9 @@ def verify(ipsec):
for interface in ipsec['interface']:
# exclude check interface for dynamic interfaces
if tmp.match(interface):
- verify_interface_exists(interface, warning_only=True)
+ verify_interface_exists(ipsec, interface, warning_only=True)
else:
- verify_interface_exists(interface)
+ verify_interface_exists(ipsec, interface)
if 'l2tp' in ipsec:
if 'esp_group' in ipsec['l2tp']:
@@ -243,7 +243,7 @@ def verify(ipsec):
if 'dhcp_interface' in ra_conf:
dhcp_interface = ra_conf['dhcp_interface']
- verify_interface_exists(dhcp_interface)
+ verify_interface_exists(ipsec, dhcp_interface)
dhcp_base = directories['isc_dhclient_dir']
if not os.path.exists(f'{dhcp_base}/dhclient_{dhcp_interface}.conf'):
@@ -414,7 +414,7 @@ def verify(ipsec):
if 'dhcp_interface' in peer_conf:
dhcp_interface = peer_conf['dhcp_interface']
- verify_interface_exists(dhcp_interface)
+ verify_interface_exists(ipsec, dhcp_interface)
dhcp_base = directories['isc_dhclient_dir']
if not os.path.exists(f'{dhcp_base}/dhclient_{dhcp_interface}.conf'):