summaryrefslogtreecommitdiff
path: root/python/vyos
diff options
context:
space:
mode:
Diffstat (limited to 'python/vyos')
-rw-r--r--python/vyos/configverify.py61
1 files changed, 44 insertions, 17 deletions
diff --git a/python/vyos/configverify.py b/python/vyos/configverify.py
index 718b7445d..99c472582 100644
--- a/python/vyos/configverify.py
+++ b/python/vyos/configverify.py
@@ -337,18 +337,16 @@ def verify_accel_ppp_base_service(config):
def verify_diffie_hellman_length(file, min_keysize):
""" Verify Diffie-Hellamn keypair length given via file. It must be greater
then or equal to min_keysize """
+ import os
+ import re
+ from vyos.util import cmd
try:
keysize = str(min_keysize)
except:
return False
- import os
- import re
- from vyos.util import cmd
-
if os.path.exists(file):
-
out = cmd(f'openssl dhparam -inform PEM -in {file} -text')
prog = re.compile('\d+\s+bit')
if prog.search(out):
@@ -358,26 +356,55 @@ def verify_diffie_hellman_length(file, min_keysize):
return False
-def verify_route_maps(config):
+def verify_common_route_maps(config):
"""
Common helper function used by routing protocol implementations to perform
recurring validation if the specified route-map for either zebra to kernel
installation exists (this is the top-level route_map key) or when a route
is redistributed with a route-map that it exists!
"""
- if 'route_map' in config:
- route_map = config['route_map']
+ # XXX: This function is called in combination with a previous call to:
+ # tmp = conf.get_config_dict(['policy']) - see protocols_ospf.py as example.
+ # We should NOT call this with the key_mangling option as this would rename
+ # route-map hypens '-' to underscores '_' and one could no longer distinguish
+ # what should have been the "proper" route-map name, as foo-bar and foo_bar
+ # are two entire different route-map instances!
+ for route_map in ['route-map', 'route_map']:
+ if route_map not in config:
+ continue
+ tmp = config[route_map]
# Check if the specified route-map exists, if not error out
- if dict_search(f'policy.route_map.{route_map}', config) == None:
- raise ConfigError(f'Specified route-map "{route_map}" does not exist!')
+ if dict_search(f'policy.route-map.{tmp}', config) == None:
+ raise ConfigError(f'Specified route-map "{tmp}" does not exist!')
if 'redistribute' in config:
for protocol, protocol_config in config['redistribute'].items():
if 'route_map' in protocol_config:
- # A hyphen in a route-map name will be converted to _, take care
- # about this effect during validation
- route_map = protocol_config['route_map'].replace('-','_')
- # Check if the specified route-map exists, if not error out
- if dict_search(f'policy.route_map.{route_map}', config) == None:
- raise ConfigError(f'Redistribution route-map "{route_map}" ' \
- f'for "{protocol}" does not exist!')
+ verify_route_map(protocol_config['route_map'], config)
+
+def verify_route_map(route_map_name, config):
+ """
+ Common helper function used by routing protocol implementations to perform
+ recurring validation if a specified route-map exists!
+ """
+ # Check if the specified route-map exists, if not error out
+ if dict_search(f'policy.route-map.{route_map_name}', config) == None:
+ raise ConfigError(f'Specified route-map "{route_map_name}" does not exist!')
+
+def verify_prefix_list(prefix_list, config, version=''):
+ """
+ Common helper function used by routing protocol implementations to perform
+ recurring validation if a specified prefix-list exists!
+ """
+ # Check if the specified prefix-list exists, if not error out
+ if dict_search(f'policy.prefix-list{version}.{prefix_list}', config) == None:
+ raise ConfigError(f'Specified prefix-list{version} "{prefix_list}" does not exist!')
+
+def verify_access_list(access_list, config, version=''):
+ """
+ Common helper function used by routing protocol implementations to perform
+ recurring validation if a specified prefix-list exists!
+ """
+ # Check if the specified ACL exists, if not error out
+ if dict_search(f'policy.access-list{version}.{access_list}', config) == None:
+ raise ConfigError(f'Specified access-list{version} "{access_list}" does not exist!')