From 714de9764012409921736787e664b030a33907b9 Mon Sep 17 00:00:00 2001 From: Christian Poessinger Date: Mon, 24 May 2021 20:50:03 +0200 Subject: isis: T3417: implement domain-password md5 --- data/templates/frr/isis.frr.tmpl | 12 +++++++++--- .../include/isis/protocol-common-config.xml.i | 2 -- src/conf_mode/protocols_isis.py | 8 +++++--- 3 files changed, 14 insertions(+), 8 deletions(-) diff --git a/data/templates/frr/isis.frr.tmpl b/data/templates/frr/isis.frr.tmpl index 58c44e2d4..540d91e3c 100644 --- a/data/templates/frr/isis.frr.tmpl +++ b/data/templates/frr/isis.frr.tmpl @@ -13,8 +13,12 @@ router isis VyOS {{ 'vrf ' + vrf if vrf is defined and vrf is not none }} {% if set_overload_bit is defined %} set-overload-bit {% endif %} -{% if domain_password is defined and domain_password.plaintext_password is defined and domain_password.plaintext_password is not none %} +{% if domain_password is defined and domain_password is not none %} +{% if domain_password.md5 is defined and domain_password.md5 is not none %} + domain-password md5 {{ domain_password.plaintext_password }} +{% elif domain_password.plaintext_password is defined and domain_password.plaintext_password is not none %} domain-password clear {{ domain_password.plaintext_password }} +{% endif %} {% endif %} {% if lsp_gen_interval is defined and lsp_gen_interval is not none %} lsp-gen-interval {{ lsp_gen_interval }} @@ -95,10 +99,12 @@ router isis VyOS {{ 'vrf ' + vrf if vrf is defined and vrf is not none }} {% if spf_delay_ietf is defined and spf_delay_ietf.init_delay is defined and spf_delay_ietf.init_delay is not none %} spf-delay-ietf init-delay {{ spf_delay_ietf.init_delay }} {% endif %} -{% if area_password is defined and area_password.md5 is defined and area_password.md5 is not none %} +{% if area_password is defined and area_password is not none %} +{% if area_password.md5 is defined and area_password.md5 is not none %} area-password md5 {{ area_password.md5 }} -{% elif area_password is defined and area_password.plaintext_password is defined and area_password.plaintext_password is not none %} +{% elif area_password.plaintext_password is defined and area_password.plaintext_password is not none %} area-password clear {{ area_password.plaintext_password }} +{% endif %} {% endif %} {% if default_information is defined and default_information.originate is defined and default_information.originate is not none %} {% for afi, afi_config in default_information.originate.items() %} diff --git a/interface-definitions/include/isis/protocol-common-config.xml.i b/interface-definitions/include/isis/protocol-common-config.xml.i index 9b8283f40..3ed0b0607 100644 --- a/interface-definitions/include/isis/protocol-common-config.xml.i +++ b/interface-definitions/include/isis/protocol-common-config.xml.i @@ -68,7 +68,6 @@ - diff --git a/src/conf_mode/protocols_isis.py b/src/conf_mode/protocols_isis.py index ef21e0055..c3a444f16 100755 --- a/src/conf_mode/protocols_isis.py +++ b/src/conf_mode/protocols_isis.py @@ -128,9 +128,11 @@ def verify(isis): raise ConfigError(f'Interface {interface} is not a member of VRF {vrf}!') # If md5 and plaintext-password set at the same time - if 'area_password' in isis: - if {'md5', 'plaintext_password'} <= set(isis['encryption']): - raise ConfigError('Can not use both md5 and plaintext-password for ISIS area-password!') + for password in ['area_password', 'domain_password']: + if password in isis: + if {'md5', 'plaintext_password'} <= set(isis[password]): + tmp = password.replace('_', '-') + raise ConfigError(f'Can use either md5 or plaintext-password for {tmp}!') # If one param from delay set, but not set others if 'spf_delay_ietf' in isis: -- cgit v1.2.3