diff options
| author | Christian Poessinger <christian@poessinger.com> | 2021-04-25 18:32:08 +0200 |
|---|---|---|
| committer | Christian Poessinger <christian@poessinger.com> | 2021-04-25 18:32:08 +0200 |
| commit | 9b44fb16ee2af648fa60cab7dfbcc8986e8ad539 (patch) | |
| tree | d803100ed86ae9b4602063a26386d9ef8ee53f75 | |
| parent | 675b473a07f8af7c7c01203ce7ed16f09e3085ba (diff) | |
| download | vyos-1x-9b44fb16ee2af648fa60cab7dfbcc8986e8ad539.tar.gz vyos-1x-9b44fb16ee2af648fa60cab7dfbcc8986e8ad539.zip | |
policy: T3497: add verify() that prefix-lists must carry a defined prefix
| -rw-r--r-- | data/templates/frr/policy.frr.tmpl | 4 | ||||
| -rwxr-xr-x | src/conf_mode/policy.py | 12 |
2 files changed, 12 insertions, 4 deletions
diff --git a/data/templates/frr/policy.frr.tmpl b/data/templates/frr/policy.frr.tmpl index 4f4b8705d..881afa21f 100644 --- a/data/templates/frr/policy.frr.tmpl +++ b/data/templates/frr/policy.frr.tmpl @@ -118,7 +118,9 @@ ip prefix-list {{ prefix_list }} description {{ prefix_list_config.description } {% endif %} {% if prefix_list_config.rule is defined and prefix_list_config.rule is not none %} {% for rule, rule_config in prefix_list_config.rule.items() | natural_sort %} +{% if rule_config.prefix is defined and rule_config.prefix is not none %} ip prefix-list {{ prefix_list }} seq {{ rule }} {{ rule_config.action }} {{ rule_config.prefix }} {{ 'ge ' + rule_config.ge if rule_config.ge is defined }} {{ 'le ' + rule_config.le if rule_config.le is defined }} +{% endif %} {% endfor %} {% endif %} {% endfor %} @@ -131,7 +133,9 @@ ipv6 prefix-list {{ prefix_list }} description {{ prefix_list_config.description {% endif %} {% if prefix_list_config.rule is defined and prefix_list_config.rule is not none %} {% for rule, rule_config in prefix_list_config.rule.items() | natural_sort %} +{% if rule_config.prefix is defined and rule_config.prefix is not none %} ipv6 prefix-list {{ prefix_list }} seq {{ rule }} {{ rule_config.action }} {{ rule_config.prefix }} {{ 'ge ' + rule_config.ge if rule_config.ge is defined }} {{ 'le ' + rule_config.le if rule_config.le is defined }} +{% endif %} {% endfor %} {% endif %} {% endfor %} diff --git a/src/conf_mode/policy.py b/src/conf_mode/policy.py index 74f23948c..fb732dd81 100755 --- a/src/conf_mode/policy.py +++ b/src/conf_mode/policy.py @@ -94,20 +94,24 @@ def verify(policy): if policy_type == 'access_list': if 'source' not in rule_config: - raise ConfigError(f'Source {mandatory_error}') + raise ConfigError(f'A source {mandatory_error}') if int(instance) in range(100, 200) or int(instance) in range(2000, 2700): if 'destination' not in rule_config: - raise ConfigError(f'Destination {mandatory_error}') + raise ConfigError(f'A destination {mandatory_error}') if policy_type == 'access_list6': if 'source' not in rule_config: - raise ConfigError(f'Source {mandatory_error}') + raise ConfigError(f'A source {mandatory_error}') if policy_type in ['as_path_list', 'community_list', 'extcommunity_list', 'large_community_list']: if 'regex' not in rule_config: - raise ConfigError(f'Regex {mandatory_error}') + raise ConfigError(f'A regex {mandatory_error}') + + if policy_type in ['prefix_list', 'prefix_list6']: + if 'prefix' not in rule_config: + raise ConfigError(f'A prefix {mandatory_error}') # route-maps tend to be a bit more complex so they get their own verify() section |