From faa490ad122eeb1de02947bb4593539f0f476bd3 Mon Sep 17 00:00:00 2001
From: Jernej Jakob <jernej.jakob@gmail.com>
Date: Sun, 3 May 2020 22:56:30 +0200
Subject: vlan: T2241: make address and bridge membership mutually exclusive

Bridge members should not have addresses assigned.
---
 python/vyos/ifconfig_vlan.py | 24 ++++++++++++++++++++++++
 1 file changed, 24 insertions(+)

(limited to 'python/vyos')

diff --git a/python/vyos/ifconfig_vlan.py b/python/vyos/ifconfig_vlan.py
index bc43ff6db..eb7a369ec 100644
--- a/python/vyos/ifconfig_vlan.py
+++ b/python/vyos/ifconfig_vlan.py
@@ -109,6 +109,14 @@ def verify_vlan_config(config):
         if vif['dhcpv6_prm_only'] and vif['dhcpv6_temporary']:
             raise ConfigError('DHCPv6 temporary and parameters-only options are mutually exclusive!')
 
+        if ( vif['is_bridge_member']
+                and ( vif['address']
+                    or vif['ipv6_eui64_prefix']
+                    or vif['ipv6_autoconf'] ) ):
+            raise ConfigError((
+                    f'Cannot assign address to vif interface {vif["intf"]} '
+                    f'which is a member of bridge {vif["is_bridge_member"]}'))
+
         if vif['vrf']:
             if vif['vrf'] not in interfaces():
                 raise ConfigError(f'VRF "{vif["vrf"]}" does not exist')
@@ -132,6 +140,14 @@ def verify_vlan_config(config):
         if vif_s['dhcpv6_prm_only'] and vif_s['dhcpv6_temporary']:
             raise ConfigError('DHCPv6 temporary and parameters-only options are mutually exclusive!')
 
+        if ( vif_s['is_bridge_member']
+                and ( vif_s['address']
+                    or vif_s['ipv6_eui64_prefix']
+                    or vif_s['ipv6_autoconf'] ) ):
+            raise ConfigError((
+                    f'Cannot assign address to vif-s interface {vif_s["intf"]} '
+                    f'which is a member of bridge {vif_s["is_bridge_member"]}'))
+
         if vif_s['vrf']:
             if vif_s['vrf'] not in interfaces():
                 raise ConfigError(f'VRF "{vif_s["vrf"]}" does not exist')
@@ -146,6 +162,14 @@ def verify_vlan_config(config):
             if vif_c['dhcpv6_prm_only'] and vif_c['dhcpv6_temporary']:
                 raise ConfigError('DHCPv6 temporary and parameters-only options are mutually exclusive!')
 
+            if ( vif_c['is_bridge_member']
+                    and ( vif_c['address']
+                        or vif_c['ipv6_eui64_prefix']
+                        or vif_c['ipv6_autoconf'] ) ):
+                raise ConfigError((
+                    f'Cannot assign address to vif-c interface {vif_c["intf"]} '
+                    f'which is a member of bridge {vif_c["is_bridge_member"]}'))
+
             if vif_c['vrf']:
                 if vif_c['vrf'] not in interfaces():
                     raise ConfigError(f'VRF "{vif_c["vrf"]}" does not exist')
-- 
cgit v1.2.3