diff options
| author | Christian Poessinger <christian@poessinger.com> | 2021-04-19 19:55:08 +0200 |
|---|---|---|
| committer | Christian Poessinger <christian@poessinger.com> | 2021-04-19 19:55:08 +0200 |
| commit | df6f7fdf461b929dd3df12d5904a2b33c2a04ea1 (patch) | |
| tree | 7b26089a39cf8231c3162e66c033d2d3e7a828cb | |
| parent | ac01b026ab2d84d9a5df48cc75e8cc7e4092bd97 (diff) | |
| download | vyos-1x-df6f7fdf461b929dd3df12d5904a2b33c2a04ea1.tar.gz vyos-1x-df6f7fdf461b929dd3df12d5904a2b33c2a04ea1.zip | |
policy: T2425: verify() route-map match criterias
When we match on a community-list, extended community-list or even a large
community-list ensure that the referenced list exists on the CLI.
| -rwxr-xr-x | src/conf_mode/policy.py | 22 |
1 files changed, 22 insertions, 0 deletions
diff --git a/src/conf_mode/policy.py b/src/conf_mode/policy.py index d461511f8..f0348fe06 100755 --- a/src/conf_mode/policy.py +++ b/src/conf_mode/policy.py @@ -80,6 +80,28 @@ def verify(policy): raise ConfigError(f'Regex {mandatory_error}') + # route-maps tend to be a bit more complex so they get their own verify() section + if 'route_map' in policy: + for route_map, route_map_config in policy['route_map'].items(): + if 'rule' not in route_map_config: + continue + + for rule, rule_config in route_map_config['rule'].items(): + # Specified community-list must exist + tmp = dict_search('match.community.community_list', rule_config) + if tmp and tmp not in policy.get('community_list', []): + raise ConfigError(f'community-list {tmp} does not exist!') + + # Specified extended community-list must exist + tmp = dict_search('match.extcommunity', rule_config) + if tmp and tmp not in policy.get('extcommunity_list', []): + raise ConfigError(f'extcommunity-list {tmp} does not exist!') + + # Specified large-community-list must exist + tmp = dict_search('match.large_community.large_community_list', rule_config) + if tmp and tmp not in policy.get('large_community_list', []): + raise ConfigError(f'large-community-list {tmp} does not exist!') + return None def generate(policy): |