1 files changed, 38 insertions, 17 deletions

diff --git a/python/vyos/configverify.py b/python/vyos/configverify.py
index 438485d98..8e0ce701e 100644
--- a/python/vyos/configverify.py
+++ b/python/vyos/configverify.py
@@ -99,6 +99,18 @@ def verify_vrf(config):
                 'Interface "{ifname}" cannot be both a member of VRF "{vrf}" '
                 'and bridge "{is_bridge_member}"!'.format(**config))
 
+def verify_bond_bridge_member(config):
+    """
+    Checks if interface has a VRF configured and is also part of a bond or
+    bridge, which is not allowed!
+    """
+    if 'vrf' in config:
+        ifname = config['ifname']
+        if 'is_bond_member' in config:
+            raise ConfigError(f'Can not add interface "{ifname}" to bond, it has a VRF assigned!')
+        if 'is_bridge_member' in config:
+            raise ConfigError(f'Can not add interface "{ifname}" to bridge, it has a VRF assigned!')
+
 def verify_tunnel(config):
     """
     This helper is used to verify the common part of the tunnel
@@ -231,10 +243,10 @@ def verify_address(config):
     of a bridge or bond.
     """
     if {'is_bridge_member', 'address'} <= set(config):
-        raise ConfigError(
-            'Cannot assign address to interface "{ifname}" as it is a '
-            'member of bridge "{is_bridge_member}"!'.format(**config))
-
+        interface = config['ifname']
+        bridge_name = next(iter(config['is_bridge_member']))
+        raise ConfigError(f'Cannot assign address to interface "{interface}" '
+                          f'as it is a member of bridge "{bridge_name}"!')
 
 def verify_bridge_delete(config):
     """
@@ -244,9 +256,9 @@ def verify_bridge_delete(config):
     """
     if 'is_bridge_member' in config:
         interface = config['ifname']
-        for bridge in config['is_bridge_member']:
-            raise ConfigError(f'Interface "{interface}" cannot be deleted as it '
-                              f'is a member of bridge "{bridge}"!')
+        bridge_name = next(iter(config['is_bridge_member']))
+        raise ConfigError(f'Interface "{interface}" cannot be deleted as it '
+                          f'is a member of bridge "{bridge_name}"!')
 
 def verify_interface_exists(ifname):
     """
@@ -272,15 +284,22 @@ def verify_source_interface(config):
         raise ConfigError('Specified source-interface {source_interface} does '
                           'not exist'.format(**config))
 
+    src_ifname = config['source_interface']
     if 'source_interface_is_bridge_member' in config:
-        raise ConfigError('Invalid source-interface {source_interface}. Interface '
-                          'is already a member of bridge '
-                          '{source_interface_is_bridge_member}'.format(**config))
+        bridge_name = next(iter(config['source_interface_is_bridge_member']))
+        raise ConfigError(f'Invalid source-interface "{src_ifname}". Interface '
+                          f'is already a member of bridge "{bridge_name}"!')
 
     if 'source_interface_is_bond_member' in config:
-        raise ConfigError('Invalid source-interface {source_interface}. Interface '
-                          'is already a member of bond '
-                          '{source_interface_is_bond_member}'.format(**config))
+        bond_name = next(iter(config['source_interface_is_bond_member']))
+        raise ConfigError(f'Invalid source-interface "{src_ifname}". Interface '
+                          f'is already a member of bond "{bond_name}"!')
+
+    if 'is_source_interface' in config:
+        tmp = config['is_source_interface']
+        src_ifname = config['source_interface']
+        raise ConfigError(f'Can not use source-interface "{src_ifname}", it already ' \
+                          f'belongs to interface "{tmp}"!')
 
 def verify_dhcpv6(config):
     """
@@ -362,15 +381,17 @@ def verify_vlan_config(config):
             verify_mtu_parent(c_vlan, config)
             verify_mtu_parent(c_vlan, s_vlan)
 
-def verify_accel_ppp_base_service(config):
+def verify_accel_ppp_base_service(config, local_users=True):
     """
     Common helper function which must be used by all Accel-PPP services based
     on get_config_dict()
     """
     # vertify auth settings
-    if dict_search('authentication.mode', config) == 'local':
-        if not dict_search('authentication.local_users', config):
-            raise ConfigError('Authentication mode local requires local users to be configured!')
+    if local_users and dict_search('authentication.mode', config) == 'local':
+        if (dict_search(f'authentication.local_users', config) is None or
+                dict_search(f'authentication.local_users', config) == {}):
+            raise ConfigError(
+                'Authentication mode local requires local users to be configured!')
 
         for user in dict_search('authentication.local_users.username', config):
             user_config = config['authentication']['local_users']['username'][user]