diff options
Diffstat (limited to 'python/vyos/configverify.py')
-rw-r--r-- | python/vyos/configverify.py | 87 |
1 files changed, 71 insertions, 16 deletions
diff --git a/python/vyos/configverify.py b/python/vyos/configverify.py index 944fc4294..422483663 100644 --- a/python/vyos/configverify.py +++ b/python/vyos/configverify.py @@ -22,6 +22,7 @@ # makes use of it! from vyos import ConfigError +from vyos.util import vyos_dict_search def verify_mtu(config): """ @@ -51,27 +52,26 @@ def verify_mtu_ipv6(config): configured on the interface. IPv6 requires a 1280 bytes MTU. """ from vyos.validate import is_ipv6 - from vyos.util import vyos_dict_search - # IPv6 minimum required link mtu - min_mtu = 1280 + if 'mtu' in config: + # IPv6 minimum required link mtu + min_mtu = 1280 + if int(config['mtu']) < min_mtu: + interface = config['ifname'] + error_msg = f'IPv6 address will be configured on interface "{interface}" ' \ + f'thus the minimum MTU requirement is {min_mtu}!' - if int(config['mtu']) < min_mtu: - interface = config['ifname'] - error_msg = f'IPv6 address will be configured on interface "{interface}" ' \ - f'thus the minimum MTU requirement is {min_mtu}!' + if not vyos_dict_search('ipv6.address.no_default_link_local', config): + raise ConfigError('link-local ' + error_msg) - if not vyos_dict_search('ipv6.address.no_default_link_local', config): - raise ConfigError('link-local ' + error_msg) + for address in (vyos_dict_search('address', config) or []): + if address in ['dhcpv6'] or is_ipv6(address): + raise ConfigError(error_msg) - for address in (vyos_dict_search('address', config) or []): - if address in ['dhcpv6'] or is_ipv6(address): + if vyos_dict_search('ipv6.address.autoconf', config): raise ConfigError(error_msg) - if vyos_dict_search('ipv6.address.autoconf', config): - raise ConfigError(error_msg) - - if vyos_dict_search('ipv6.address.eui64', config): - raise ConfigError(error_msg) + if vyos_dict_search('ipv6.address.eui64', config): + raise ConfigError(error_msg) def verify_vrf(config): @@ -204,3 +204,58 @@ def verify_vlan_config(config): verify_dhcpv6(vlan) verify_address(vlan) verify_vrf(vlan) + +def verify_accel_ppp_base_service(config): + """ + Common helper function which must be used by all Accel-PPP services based + on get_config_dict() + """ + # vertify auth settings + if vyos_dict_search('authentication.mode', config) == 'local': + if not vyos_dict_search('authentication.local_users', config): + raise ConfigError('PPPoE local auth mode requires local users to be configured!') + + for user in vyos_dict_search('authentication.local_users.username', config): + user_config = config['authentication']['local_users']['username'][user] + + if 'password' not in user_config: + raise ConfigError(f'Password required for local user "{user}"') + + if 'rate_limit' in user_config: + # if up/download is set, check that both have a value + if not {'upload', 'download'} <= set(user_config['rate_limit']): + raise ConfigError(f'User "{user}" has rate-limit configured for only one ' \ + 'direction but both upload and download must be given!') + + elif vyos_dict_search('authentication.mode', config) == 'radius': + if not vyos_dict_search('authentication.radius.server', config): + raise ConfigError('RADIUS authentication requires at least one server') + + for server in vyos_dict_search('authentication.radius.server', config): + radius_config = config['authentication']['radius']['server'][server] + if 'key' not in radius_config: + raise ConfigError(f'Missing RADIUS secret key for server "{server}"') + + if 'gateway_address' not in config: + raise ConfigError('PPPoE server requires gateway-address to be configured!') + + if 'name_server_ipv4' in config: + if len(config['name_server_ipv4']) > 2: + raise ConfigError('Not more then two IPv4 DNS name-servers ' \ + 'can be configured') + + if 'name_server_ipv6' in config: + if len(config['name_server_ipv6']) > 3: + raise ConfigError('Not more then three IPv6 DNS name-servers ' \ + 'can be configured') + + if 'client_ipv6_pool' in config: + ipv6_pool = config['client_ipv6_pool'] + if 'delegate' in ipv6_pool: + if 'prefix' not in ipv6_pool: + raise ConfigError('IPv6 "delegate" also requires "prefix" to be defined!') + + for delegate in ipv6_pool['delegate']: + if 'delegation_prefix' not in ipv6_pool['delegate'][delegate]: + raise ConfigError('delegation-prefix length required!') + |