From ebece7a4cdb942ea1ff7582ceda0f8765c329c9b Mon Sep 17 00:00:00 2001
From: Christian Poessinger <christian@poessinger.com>
Date: Thu, 15 Apr 2021 09:02:23 +0200
Subject: policy: T2425: re-implement "policy" tree from vyatta-cfg-quagga in
 XML/Python

---
 .../include/policy-list-action.xml.i               |  21 ---
 .../include/policy-list-description.xml.i          |  11 --
 .../include/policy-list-rule-description.xml.i     |  11 --
 interface-definitions/include/policy/action.xml.i  |  21 +++
 .../include/policy/description.xml.i               |  11 ++
 interface-definitions/include/policy/host.xml.i    |  14 ++
 .../include/policy/inverse-mask.xml.i              |  14 ++
 interface-definitions/include/policy/network.xml.i |  14 ++
 interface-definitions/policy.xml.in                | 162 ++++++---------------
 9 files changed, 121 insertions(+), 158 deletions(-)
 delete mode 100644 interface-definitions/include/policy-list-action.xml.i
 delete mode 100644 interface-definitions/include/policy-list-description.xml.i
 delete mode 100644 interface-definitions/include/policy-list-rule-description.xml.i
 create mode 100644 interface-definitions/include/policy/action.xml.i
 create mode 100644 interface-definitions/include/policy/description.xml.i
 create mode 100644 interface-definitions/include/policy/host.xml.i
 create mode 100644 interface-definitions/include/policy/inverse-mask.xml.i
 create mode 100644 interface-definitions/include/policy/network.xml.i

(limited to 'interface-definitions')

diff --git a/interface-definitions/include/policy-list-action.xml.i b/interface-definitions/include/policy-list-action.xml.i
deleted file mode 100644
index fddbd5a98..000000000
--- a/interface-definitions/include/policy-list-action.xml.i
+++ /dev/null
@@ -1,21 +0,0 @@
-<!-- included start from policy-list-action.xml.i -->
-<leafNode name="action">
-  <properties>
-    <help>Action to take on entries matching this rule [REQUIRED]</help>
-    <completionHelp>
-      <list>permit deny</list>
-    </completionHelp>
-    <valueHelp>
-      <format>permit</format>
-      <description>Permit matching entries</description>
-    </valueHelp>
-    <valueHelp>
-      <format>deny</format>
-      <description>Deny matching entries</description>
-    </valueHelp>
-    <constraint>
-      <regex>^(permit|deny)$</regex>
-    </constraint>
-  </properties>
-</leafNode>
-<!-- included end -->
diff --git a/interface-definitions/include/policy-list-description.xml.i b/interface-definitions/include/policy-list-description.xml.i
deleted file mode 100644
index a50278729..000000000
--- a/interface-definitions/include/policy-list-description.xml.i
+++ /dev/null
@@ -1,11 +0,0 @@
-<!-- included start from policy-list-description.xml.i -->
-<leafNode name="description">
-  <properties>
-    <help>Description for this policy</help>
-    <valueHelp>
-      <format>txt</format>
-      <description>Description for this policy</description>
-    </valueHelp>
-  </properties>
-</leafNode>
-<!-- included end -->
diff --git a/interface-definitions/include/policy-list-rule-description.xml.i b/interface-definitions/include/policy-list-rule-description.xml.i
deleted file mode 100644
index e22fb7c28..000000000
--- a/interface-definitions/include/policy-list-rule-description.xml.i
+++ /dev/null
@@ -1,11 +0,0 @@
-<!-- included start from policy-list-rule-description.xml.i -->
-<leafNode name="description">
-  <properties>
-    <help>Description for this rule</help>
-    <valueHelp>
-      <format>txt</format>
-      <description>Description for this rule</description>
-    </valueHelp>
-  </properties>
-</leafNode>
-<!-- included end -->
diff --git a/interface-definitions/include/policy/action.xml.i b/interface-definitions/include/policy/action.xml.i
new file mode 100644
index 000000000..fddbd5a98
--- /dev/null
+++ b/interface-definitions/include/policy/action.xml.i
@@ -0,0 +1,21 @@
+<!-- included start from policy-list-action.xml.i -->
+<leafNode name="action">
+  <properties>
+    <help>Action to take on entries matching this rule [REQUIRED]</help>
+    <completionHelp>
+      <list>permit deny</list>
+    </completionHelp>
+    <valueHelp>
+      <format>permit</format>
+      <description>Permit matching entries</description>
+    </valueHelp>
+    <valueHelp>
+      <format>deny</format>
+      <description>Deny matching entries</description>
+    </valueHelp>
+    <constraint>
+      <regex>^(permit|deny)$</regex>
+    </constraint>
+  </properties>
+</leafNode>
+<!-- included end -->
diff --git a/interface-definitions/include/policy/description.xml.i b/interface-definitions/include/policy/description.xml.i
new file mode 100644
index 000000000..15a77cd66
--- /dev/null
+++ b/interface-definitions/include/policy/description.xml.i
@@ -0,0 +1,11 @@
+<!-- included start from policy/description.xml.i -->
+<leafNode name="description">
+  <properties>
+    <help>Description</help>
+    <valueHelp>
+      <format>txt</format>
+      <description>Description</description>
+    </valueHelp>
+  </properties>
+</leafNode>
+<!-- included end -->
diff --git a/interface-definitions/include/policy/host.xml.i b/interface-definitions/include/policy/host.xml.i
new file mode 100644
index 000000000..ac017c630
--- /dev/null
+++ b/interface-definitions/include/policy/host.xml.i
@@ -0,0 +1,14 @@
+<!-- include start from policy/host.xml.i -->
+<leafNode name="host">
+  <properties>
+    <help>Single host IP address to match</help>
+    <valueHelp>
+      <format>ipv4</format>
+      <description>Host address to match</description>
+    </valueHelp>
+    <constraint>
+      <validator name="ipv4-address"/>
+    </constraint>
+  </properties>
+</leafNode>
+<!-- include end -->
diff --git a/interface-definitions/include/policy/inverse-mask.xml.i b/interface-definitions/include/policy/inverse-mask.xml.i
new file mode 100644
index 000000000..cec69a81b
--- /dev/null
+++ b/interface-definitions/include/policy/inverse-mask.xml.i
@@ -0,0 +1,14 @@
+<!-- include start from policy/inverse-mask.xml.i -->
+<leafNode name="inverse-mask">
+  <properties>
+    <help>Network/netmask to match (requires network be defined)</help>
+    <valueHelp>
+      <format>ipv4</format>
+      <description>Inverse-mask to match</description>
+    </valueHelp>
+    <constraint>
+      <validator name="ipv4-address"/>
+    </constraint>
+  </properties>
+</leafNode>
+<!-- include end -->
diff --git a/interface-definitions/include/policy/network.xml.i b/interface-definitions/include/policy/network.xml.i
new file mode 100644
index 000000000..f2aea6be8
--- /dev/null
+++ b/interface-definitions/include/policy/network.xml.i
@@ -0,0 +1,14 @@
+<!-- include start from policy/network.xml.i -->
+<leafNode name="network">
+  <properties>
+    <help>Network/netmask to match (requires inverse-mask be defined)</help>
+    <valueHelp>
+      <format>ipv4net</format>
+      <description>Inverse-mask to match</description>
+    </valueHelp>
+    <constraint>
+      <validator name="ipv4-address"/>
+    </constraint>
+  </properties>
+</leafNode>
+<!-- include end -->
diff --git a/interface-definitions/policy.xml.in b/interface-definitions/policy.xml.in
index 7cf20d3de..3a769dea1 100644
--- a/interface-definitions/policy.xml.in
+++ b/interface-definitions/policy.xml.in
@@ -1,15 +1,15 @@
 <?xml version="1.0"?>
-<!-- Policy access|prefix|route-map lists -->
 <interfaceDefinition>
-  <node name="npolicy" owner="${vyos_conf_scripts_dir}/policy.py">
+  <node name="policy" owner="${vyos_conf_scripts_dir}/policy.py">
     <properties>
+      <priority>470</priority>
       <help>Routing policy</help>
     </properties>
     <children>
       <tagNode name="access-list">
         <properties>
           <help>IP access-list filter</help>
-          <priority>470</priority>
+
           <valueHelp>
             <format>u32:1-99</format>
             <description>IP standard access list</description>
@@ -28,7 +28,7 @@
           </valueHelp>
         </properties>
         <children>
-          #include <include/policy-list-description.xml.i>
+          #include <include/policy/description.xml.i>
           <tagNode name="rule">
             <properties>
               <help>Rule for this access-list</help>
@@ -41,8 +41,8 @@
               </constraint>
             </properties>
             <children>
-              #include <include/policy-list-action.xml.i>
-              #include <include/policy-list-rule-description.xml.i>
+              #include <include/policy/action.xml.i>
+              #include <include/policy/description.xml.i>
               <node name="destination">
                 <properties>
                   <help>Destination network or address</help>
@@ -54,42 +54,9 @@
                       <valueless/>
                     </properties>
                   </leafNode>
-                  <leafNode name="host">
-                    <properties>
-                      <help>Single host IP address to match</help>
-                      <valueHelp>
-                        <format>ipv4</format>
-                        <description>Host address to match</description>
-                      </valueHelp>
-                      <constraint>
-                        <validator name="ipv4-host"/>
-                      </constraint>
-                    </properties>
-                  </leafNode>
-                  <leafNode name="inverse-mask">
-                    <properties>
-                      <help>Network/netmask to match (requires network be defined)</help>
-                      <valueHelp>
-                        <format>ipv4</format>
-                        <description>Inverse-mask to match</description>
-                      </valueHelp>
-                      <constraint>
-                        <validator name="ipv4-address"/>
-                      </constraint>
-                    </properties>
-                  </leafNode>
-                  <leafNode name="network">
-                    <properties>
-                      <help>Network/netmask to match (requires inverse-mask be defined)</help>
-                      <valueHelp>
-                        <format>ipv4net</format>
-                        <description>Inverse-mask to match</description>
-                      </valueHelp>
-                      <constraint>
-                        <validator name="ip-prefix"/>
-                      </constraint>
-                    </properties>
-                  </leafNode>
+                  #include <include/policy/host.xml.i>
+                  #include <include/policy/inverse-mask.xml.i>
+                  #include <include/policy/network.xml.i>
                 </children>
               </node>
               <node name="source">
@@ -103,42 +70,9 @@
                       <valueless/>
                     </properties>
                   </leafNode>
-                  <leafNode name="host">
-                    <properties>
-                      <help>Single host IP address to match</help>
-                      <valueHelp>
-                        <format>ipv4</format>
-                        <description>Host address to match</description>
-                      </valueHelp>
-                      <constraint>
-                        <validator name="ipv4-host"/>
-                      </constraint>
-                    </properties>
-                  </leafNode>
-                  <leafNode name="inverse-mask">
-                    <properties>
-                      <help>Network/netmask to match (requires network be defined)</help>
-                      <valueHelp>
-                        <format>ipv4</format>
-                        <description>Inverse-mask to match</description>
-                      </valueHelp>
-                      <constraint>
-                        <validator name="ipv4-address"/>
-                      </constraint>
-                    </properties>
-                  </leafNode>
-                  <leafNode name="network">
-                    <properties>
-                      <help>Network/netmask to match (requires inverse-mask be defined)</help>
-                      <valueHelp>
-                        <format>ipv4net</format>
-                        <description>Inverse-mask to match</description>
-                      </valueHelp>
-                      <constraint>
-                        <validator name="ip-prefix"/>
-                      </constraint>
-                    </properties>
-                  </leafNode>
+                  #include <include/policy/host.xml.i>
+                  #include <include/policy/inverse-mask.xml.i>
+                  #include <include/policy/network.xml.i>
                 </children>
               </node>
             </children>
@@ -148,14 +82,13 @@
       <tagNode name="access-list6">
         <properties>
           <help>IPv6 access-list filter</help>
-          <priority>470</priority>
           <valueHelp>
             <format>txt</format>
             <description>Name of IPv6 access-list</description>
           </valueHelp>
         </properties>
         <children>
-          #include <include/policy-list-description.xml.i>
+          #include <include/policy/description.xml.i>
           <tagNode name="rule">
             <properties>
               <help>Rule for this access-list6</help>
@@ -168,8 +101,8 @@
               </constraint>
             </properties>
             <children>
-              #include <include/policy-list-action.xml.i>
-              #include <include/policy-list-rule-description.xml.i>
+              #include <include/policy/action.xml.i>
+              #include <include/policy/description.xml.i>
               <node name="source">
                 <properties>
                   <help>Source IPv6 network to match</help>
@@ -208,14 +141,13 @@
       <tagNode name="as-path-list">
         <properties>
           <help>Border Gateway Protocol (BGP) autonomous system path filter</help>
-          <priority>470</priority>
           <valueHelp>
             <format>txt</format>
             <description>AS path list name</description>
           </valueHelp>
         </properties>
         <children>
-          #include <include/policy-list-description.xml.i>
+          #include <include/policy/description.xml.i>
           <tagNode name="rule">
             <properties>
               <help>Rule for this as-path-list</help>
@@ -228,8 +160,8 @@
               </constraint>
             </properties>
             <children>
-              #include <include/policy-list-action.xml.i>
-              #include <include/policy-list-rule-description.xml.i>
+              #include <include/policy/action.xml.i>
+              #include <include/policy/description.xml.i>
               <leafNode name="regex">
                 <properties>
                   <help>Regular expression to match against an AS path</help>
@@ -246,14 +178,13 @@
       <tagNode name="community-list">
         <properties>
           <help>Border Gateway Protocol (BGP) autonomous system path filter</help>
-          <priority>470</priority>
           <valueHelp>
             <format>txt</format>
             <description>Border Gateway Protocol (BGP) community-list filter</description>
           </valueHelp>
         </properties>
         <children>
-          #include <include/policy-list-description.xml.i>
+          #include <include/policy/description.xml.i>
           <tagNode name="rule">
             <properties>
               <help>Rule for this BGP community list</help>
@@ -266,8 +197,8 @@
               </constraint>
             </properties>
             <children>
-              #include <include/policy-list-action.xml.i>
-              #include <include/policy-list-rule-description.xml.i>
+              #include <include/policy/action.xml.i>
+              #include <include/policy/description.xml.i>
               <leafNode name="regex">
                 <properties>
                   <help>Regular expression to match against a community list</help>
@@ -291,7 +222,7 @@
           </valueHelp>
         </properties>
         <children>
-          #include <include/policy-list-description.xml.i>
+          #include <include/policy/description.xml.i>
           <tagNode name="rule">
             <properties>
               <help>Rule for this BGP extended community list</help>
@@ -304,8 +235,8 @@
               </constraint>
             </properties>
             <children>
-              #include <include/policy-list-action.xml.i>
-              #include <include/policy-list-rule-description.xml.i>
+              #include <include/policy/action.xml.i>
+              #include <include/policy/description.xml.i>
               <leafNode name="regex">
                 <properties>
                   <help>Regular expression to match against an extended community list</help>
@@ -330,14 +261,13 @@
       <tagNode name="large-community-list">
         <properties>
           <help>Border Gateway Protocol (BGP) large-community-list filter</help>
-          <priority>470</priority>
           <valueHelp>
             <format>txt</format>
             <description>Border Gateway Protocol (BGP) large-community-list filter</description>
           </valueHelp>
         </properties>
         <children>
-          #include <include/policy-list-description.xml.i>
+          #include <include/policy/description.xml.i>
           <tagNode name="rule">
             <properties>
               <help>Rule for this BGP extended community list</help>
@@ -350,8 +280,8 @@
               </constraint>
             </properties>
             <children>
-              #include <include/policy-list-action.xml.i>
-              #include <include/policy-list-rule-description.xml.i>
+              #include <include/policy/action.xml.i>
+              #include <include/policy/description.xml.i>
               <leafNode name="regex">
                 <properties>
                   <help>Regular expression to match against a large community list</help>
@@ -368,14 +298,13 @@
       <tagNode name="prefix-list">
         <properties>
           <help>IP prefix-list filter</help>
-          <priority>470</priority>
           <valueHelp>
             <format>txt</format>
             <description>Prefix list name</description>
           </valueHelp>
         </properties>
         <children>
-          #include <include/policy-list-description.xml.i>
+          #include <include/policy/description.xml.i>
           <tagNode name="rule">
             <properties>
               <help>Rule for this prefix-list</help>
@@ -388,8 +317,8 @@
               </constraint>
             </properties>
             <children>
-              #include <include/policy-list-action.xml.i>
-              #include <include/policy-list-rule-description.xml.i>
+              #include <include/policy/action.xml.i>
+              #include <include/policy/description.xml.i>
               <leafNode name="ge">
                 <properties>
                   <help>Prefix length to match a netmask greater than or equal to it</help>
@@ -433,14 +362,13 @@
       <tagNode name="prefix-list6">
         <properties>
           <help>IPv6 prefix-list filter</help>
-          <priority>470</priority>
           <valueHelp>
             <format>txt</format>
             <description>Prefix list name</description>
           </valueHelp>
         </properties>
         <children>
-          #include <include/policy-list-description.xml.i>
+          #include <include/policy/description.xml.i>
           <tagNode name="rule">
             <properties>
               <help>Rule for this prefix-list6</help>
@@ -453,8 +381,8 @@
               </constraint>
             </properties>
             <children>
-              #include <include/policy-list-action.xml.i>
-              #include <include/policy-list-rule-description.xml.i>
+              #include <include/policy/action.xml.i>
+              #include <include/policy/description.xml.i>
               <leafNode name="ge">
                 <properties>
                   <help>Prefix length to match a netmask greater than or equal to it</help>
@@ -498,14 +426,17 @@
       <tagNode name="route-map">
         <properties>
           <help>IP route-map</help>
-          <priority>470</priority>
           <valueHelp>
             <format>txt</format>
             <description>Route map name</description>
           </valueHelp>
+          <constraint>
+            <regex>^[-a-zA-Z0-9.]+$</regex>
+          </constraint>
+          <constraintErrorMessage>Route-map name can only contain alpha-numeric letters and a hyphen</constraintErrorMessage>
         </properties>
         <children>
-          #include <include/policy-list-description.xml.i>
+          #include <include/policy/description.xml.i>
           <tagNode name="rule">
             <properties>
               <help>Rule for this route-map</help>
@@ -518,7 +449,7 @@
               </constraint>
             </properties>
             <children>
-              #include <include/policy-list-action.xml.i>
+              #include <include/policy/action.xml.i>
               <leafNode name="call">
                 <properties>
                   <help>Call another route-map on match</help>
@@ -540,7 +471,7 @@
                   </valueHelp>
                 </properties>
               </leafNode>
-              #include <include/policy-list-rule-description.xml.i>
+              #include <include/policy/description.xml.i>
               <node name="match">
                 <properties>
                   <help>Route parameters to match</help>
@@ -759,11 +690,11 @@
                         <properties>
                           <help>IPv6 next-hop of route to match</help>
                           <valueHelp>
-                            <format>ipv4</format>
-                            <description>Peer IP address</description>
+                            <format>ipv6</format>
+                            <description>Nexthop IPv6 address</description>
                           </valueHelp>
                           <constraint>
-                            <validator name="ipv4-address"/>
+                            <validator name="ipv6-address"/>
                           </constraint>
                         </properties>
                       </leafNode>
@@ -962,6 +893,7 @@
                   <leafNode name="atomic-aggregate">
                     <properties>
                       <help>Border Gateway Protocol (BGP) atomic aggregate attribute</help>
+                      <valueless/>
                     </properties>
                   </leafNode>
                   <leafNode name="bgp-extcommunity-rt">
@@ -1198,7 +1130,7 @@
                         <description>Orignator IP address</description>
                       </valueHelp>
                       <constraint>
-                        <validator name="ipv4-host"/>
+                        <validator name="ipv4-address"/>
                       </constraint>
                     </properties>
                   </leafNode>
@@ -1214,8 +1146,8 @@
                         <description>IPv6 address</description>
                       </valueHelp>
                       <constraint>
-                        <validator name="ipv4-host"/>
-                        <validator name="ipv6-host"/>
+                        <validator name="ipv4-address"/>
+                        <validator name="ipv6-address"/>
                       </constraint>
                     </properties>
                   </leafNode>
-- 
cgit v1.2.3