From df6f7fdf461b929dd3df12d5904a2b33c2a04ea1 Mon Sep 17 00:00:00 2001 From: Christian Poessinger Date: Mon, 19 Apr 2021 19:55:08 +0200 Subject: policy: T2425: verify() route-map match criterias When we match on a community-list, extended community-list or even a large community-list ensure that the referenced list exists on the CLI. --- src/conf_mode/policy.py | 22 ++++++++++++++++++++++ 1 file changed, 22 insertions(+) (limited to 'src') diff --git a/src/conf_mode/policy.py b/src/conf_mode/policy.py index d461511f8..f0348fe06 100755 --- a/src/conf_mode/policy.py +++ b/src/conf_mode/policy.py @@ -80,6 +80,28 @@ def verify(policy): raise ConfigError(f'Regex {mandatory_error}') + # route-maps tend to be a bit more complex so they get their own verify() section + if 'route_map' in policy: + for route_map, route_map_config in policy['route_map'].items(): + if 'rule' not in route_map_config: + continue + + for rule, rule_config in route_map_config['rule'].items(): + # Specified community-list must exist + tmp = dict_search('match.community.community_list', rule_config) + if tmp and tmp not in policy.get('community_list', []): + raise ConfigError(f'community-list {tmp} does not exist!') + + # Specified extended community-list must exist + tmp = dict_search('match.extcommunity', rule_config) + if tmp and tmp not in policy.get('extcommunity_list', []): + raise ConfigError(f'extcommunity-list {tmp} does not exist!') + + # Specified large-community-list must exist + tmp = dict_search('match.large_community.large_community_list', rule_config) + if tmp and tmp not in policy.get('large_community_list', []): + raise ConfigError(f'large-community-list {tmp} does not exist!') + return None def generate(policy): -- cgit v1.2.3