isis: T3417: implement domain-password md5

3 files changed, 14 insertions, 8 deletions

diff --git a/data/templates/frr/isis.frr.tmpl b/data/templates/frr/isis.frr.tmpl
index 58c44e2d4..540d91e3c 100644
--- a/data/templates/frr/isis.frr.tmpl
+++ b/data/templates/frr/isis.frr.tmpl
@@ -13,8 +13,12 @@ router isis VyOS {{ 'vrf ' + vrf if vrf is defined and vrf is not none }}
 {% if set_overload_bit is defined %}
  set-overload-bit
 {% endif %}
-{% if domain_password is defined and domain_password.plaintext_password is defined and domain_password.plaintext_password is not none %}
+{% if domain_password is defined and domain_password is not none %}
+{%   if domain_password.md5 is defined and domain_password.md5 is not none %}
+ domain-password md5 {{ domain_password.plaintext_password }}
+{%   elif domain_password.plaintext_password is defined and domain_password.plaintext_password is not none %}
  domain-password clear {{ domain_password.plaintext_password }}
+{%   endif %}
 {% endif %}
 {% if lsp_gen_interval is defined and lsp_gen_interval is not none %}
  lsp-gen-interval {{ lsp_gen_interval }}
@@ -95,10 +99,12 @@ router isis VyOS {{ 'vrf ' + vrf if vrf is defined and vrf is not none }}
 {% if spf_delay_ietf is defined and spf_delay_ietf.init_delay is defined and spf_delay_ietf.init_delay is not none %}
  spf-delay-ietf init-delay {{ spf_delay_ietf.init_delay }}
 {% endif %}
-{% if area_password is defined and area_password.md5 is defined and area_password.md5 is not none %}
+{% if area_password is defined and area_password is not none %}
+{%   if area_password.md5 is defined and area_password.md5 is not none %}
  area-password md5 {{ area_password.md5 }}
-{% elif area_password is defined and area_password.plaintext_password is defined and area_password.plaintext_password is not none %}
+{%   elif area_password.plaintext_password is defined and area_password.plaintext_password is not none %}
  area-password clear {{ area_password.plaintext_password }}
+{%   endif %}
 {% endif %}
 {% if default_information is defined and default_information.originate is defined and default_information.originate is not none %}
 {%   for afi, afi_config in default_information.originate.items() %}
diff --git a/interface-definitions/include/isis/protocol-common-config.xml.i b/interface-definitions/include/isis/protocol-common-config.xml.i
index 9b8283f40..3ed0b0607 100644
--- a/interface-definitions/include/isis/protocol-common-config.xml.i
+++ b/interface-definitions/include/isis/protocol-common-config.xml.i
@@ -68,7 +68,6 @@
         </valueHelp>
       </properties>
     </leafNode>
-<!--
     <leafNode name="md5">
       <properties>
         <help>MD5 authentication type</help>
@@ -78,7 +77,6 @@
         </valueHelp>
       </properties>
     </leafNode>
--->
   </children>
 </node>
 <leafNode name="dynamic-hostname">
diff --git a/src/conf_mode/protocols_isis.py b/src/conf_mode/protocols_isis.py
index ef21e0055..c3a444f16 100755
--- a/src/conf_mode/protocols_isis.py
+++ b/src/conf_mode/protocols_isis.py
@@ -128,9 +128,11 @@ def verify(isis):
                 raise ConfigError(f'Interface {interface} is not a member of VRF {vrf}!')
 
     # If md5 and plaintext-password set at the same time
-    if 'area_password' in isis:
-        if {'md5', 'plaintext_password'} <= set(isis['encryption']):
-            raise ConfigError('Can not use both md5 and plaintext-password for ISIS area-password!')
+    for password in ['area_password', 'domain_password']:
+        if password in isis:
+            if {'md5', 'plaintext_password'} <= set(isis[password]):
+                tmp = password.replace('_', '-')
+                raise ConfigError(f'Can use either md5 or plaintext-password for {tmp}!')
 
     # If one param from delay set, but not set others
     if 'spf_delay_ietf' in isis: