summaryrefslogtreecommitdiff
path: root/python/vyos/configverify.py
diff options
context:
space:
mode:
Diffstat (limited to 'python/vyos/configverify.py')
-rw-r--r--python/vyos/configverify.py87
1 files changed, 71 insertions, 16 deletions
diff --git a/python/vyos/configverify.py b/python/vyos/configverify.py
index 944fc4294..422483663 100644
--- a/python/vyos/configverify.py
+++ b/python/vyos/configverify.py
@@ -22,6 +22,7 @@
# makes use of it!
from vyos import ConfigError
+from vyos.util import vyos_dict_search
def verify_mtu(config):
"""
@@ -51,27 +52,26 @@ def verify_mtu_ipv6(config):
configured on the interface. IPv6 requires a 1280 bytes MTU.
"""
from vyos.validate import is_ipv6
- from vyos.util import vyos_dict_search
- # IPv6 minimum required link mtu
- min_mtu = 1280
+ if 'mtu' in config:
+ # IPv6 minimum required link mtu
+ min_mtu = 1280
+ if int(config['mtu']) < min_mtu:
+ interface = config['ifname']
+ error_msg = f'IPv6 address will be configured on interface "{interface}" ' \
+ f'thus the minimum MTU requirement is {min_mtu}!'
- if int(config['mtu']) < min_mtu:
- interface = config['ifname']
- error_msg = f'IPv6 address will be configured on interface "{interface}" ' \
- f'thus the minimum MTU requirement is {min_mtu}!'
+ if not vyos_dict_search('ipv6.address.no_default_link_local', config):
+ raise ConfigError('link-local ' + error_msg)
- if not vyos_dict_search('ipv6.address.no_default_link_local', config):
- raise ConfigError('link-local ' + error_msg)
+ for address in (vyos_dict_search('address', config) or []):
+ if address in ['dhcpv6'] or is_ipv6(address):
+ raise ConfigError(error_msg)
- for address in (vyos_dict_search('address', config) or []):
- if address in ['dhcpv6'] or is_ipv6(address):
+ if vyos_dict_search('ipv6.address.autoconf', config):
raise ConfigError(error_msg)
- if vyos_dict_search('ipv6.address.autoconf', config):
- raise ConfigError(error_msg)
-
- if vyos_dict_search('ipv6.address.eui64', config):
- raise ConfigError(error_msg)
+ if vyos_dict_search('ipv6.address.eui64', config):
+ raise ConfigError(error_msg)
def verify_vrf(config):
@@ -204,3 +204,58 @@ def verify_vlan_config(config):
verify_dhcpv6(vlan)
verify_address(vlan)
verify_vrf(vlan)
+
+def verify_accel_ppp_base_service(config):
+ """
+ Common helper function which must be used by all Accel-PPP services based
+ on get_config_dict()
+ """
+ # vertify auth settings
+ if vyos_dict_search('authentication.mode', config) == 'local':
+ if not vyos_dict_search('authentication.local_users', config):
+ raise ConfigError('PPPoE local auth mode requires local users to be configured!')
+
+ for user in vyos_dict_search('authentication.local_users.username', config):
+ user_config = config['authentication']['local_users']['username'][user]
+
+ if 'password' not in user_config:
+ raise ConfigError(f'Password required for local user "{user}"')
+
+ if 'rate_limit' in user_config:
+ # if up/download is set, check that both have a value
+ if not {'upload', 'download'} <= set(user_config['rate_limit']):
+ raise ConfigError(f'User "{user}" has rate-limit configured for only one ' \
+ 'direction but both upload and download must be given!')
+
+ elif vyos_dict_search('authentication.mode', config) == 'radius':
+ if not vyos_dict_search('authentication.radius.server', config):
+ raise ConfigError('RADIUS authentication requires at least one server')
+
+ for server in vyos_dict_search('authentication.radius.server', config):
+ radius_config = config['authentication']['radius']['server'][server]
+ if 'key' not in radius_config:
+ raise ConfigError(f'Missing RADIUS secret key for server "{server}"')
+
+ if 'gateway_address' not in config:
+ raise ConfigError('PPPoE server requires gateway-address to be configured!')
+
+ if 'name_server_ipv4' in config:
+ if len(config['name_server_ipv4']) > 2:
+ raise ConfigError('Not more then two IPv4 DNS name-servers ' \
+ 'can be configured')
+
+ if 'name_server_ipv6' in config:
+ if len(config['name_server_ipv6']) > 3:
+ raise ConfigError('Not more then three IPv6 DNS name-servers ' \
+ 'can be configured')
+
+ if 'client_ipv6_pool' in config:
+ ipv6_pool = config['client_ipv6_pool']
+ if 'delegate' in ipv6_pool:
+ if 'prefix' not in ipv6_pool:
+ raise ConfigError('IPv6 "delegate" also requires "prefix" to be defined!')
+
+ for delegate in ipv6_pool['delegate']:
+ if 'delegation_prefix' not in ipv6_pool['delegate'][delegate]:
+ raise ConfigError('delegation-prefix length required!')
+