summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorChristian Poessinger <christian@poessinger.com>2020-09-30 20:45:10 +0200
committerChristian Poessinger <christian@poessinger.com>2020-09-30 20:46:04 +0200
commit5b640551fdff979275b49965801ad438938fb067 (patch)
tree0be12e9b91cacc5236b7c89980b3367da773a7df
parent458f195c1a57e1eadb0d0eb26310025850a65593 (diff)
downloadvyos-1x-5b640551fdff979275b49965801ad438938fb067.tar.gz
vyos-1x-5b640551fdff979275b49965801ad438938fb067.zip
wireguard: T2939: bugfix when removing individual peers
When individual peers that have been removed got determined they have been added to the config dict as list instead of string - which broke the system plumbing commands as they can not handle a Python list.
-rwxr-xr-xsmoketest/scripts/cli/test_interfaces_wireguard.py38
-rwxr-xr-xsrc/conf_mode/interfaces-wireguard.py18
2 files changed, 43 insertions, 13 deletions
diff --git a/smoketest/scripts/cli/test_interfaces_wireguard.py b/smoketest/scripts/cli/test_interfaces_wireguard.py
index 0c32a4696..726405780 100755
--- a/smoketest/scripts/cli/test_interfaces_wireguard.py
+++ b/smoketest/scripts/cli/test_interfaces_wireguard.py
@@ -38,10 +38,8 @@ class WireGuardInterfaceTest(unittest.TestCase):
self.session.commit()
del self.session
- def test_peer_setup(self):
- """
- Create WireGuard interfaces with associated peers
- """
+ def test_peer(self):
+ """ Create WireGuard interfaces with associated peers """
for intf in self._interfaces:
peer = 'foo-' + intf
psk = 'u2xdA70hkz0S1CG0dZlOh0aq2orwFXRIVrKo4DCvHgM='
@@ -64,5 +62,37 @@ class WireGuardInterfaceTest(unittest.TestCase):
self.assertTrue(os.path.isdir(f'/sys/class/net/{intf}'))
+
+ def test_add_remove_peer(self):
+ """ Create WireGuard interfaces with associated peers. Remove one of
+ the configured peers. Bug reported as T2939 """
+ interface = 'wg0'
+ port = '12345'
+ pubkey_1 = 'n1CUsmR0M2LUUsyicBd6blZICwUqqWWHbu4ifZ2/9gk='
+ pubkey_2 = 'ebFx/1G0ti8tvuZd94sEIosAZZIznX+dBAKG/8DFm0I='
+
+ self.session.set(base_path + [interface, 'address', '172.16.0.1/24'])
+
+ self.session.set(base_path + [interface, 'peer', 'PEER01', 'pubkey', pubkey_1])
+ self.session.set(base_path + [interface, 'peer', 'PEER01', 'port', port])
+ self.session.set(base_path + [interface, 'peer', 'PEER01', 'allowed-ips', '10.205.212.10/32'])
+ self.session.set(base_path + [interface, 'peer', 'PEER01', 'address', '192.0.2.1'])
+
+ self.session.set(base_path + [interface, 'peer', 'PEER02', 'pubkey', pubkey_2])
+ self.session.set(base_path + [interface, 'peer', 'PEER02', 'port', port])
+ self.session.set(base_path + [interface, 'peer', 'PEER02', 'allowed-ips', '10.205.212.11/32'])
+ self.session.set(base_path + [interface, 'peer', 'PEER02', 'address', '192.0.2.2'])
+
+ # Commit peers
+ self.session.commit()
+
+ self.assertTrue(os.path.isdir(f'/sys/class/net/{interface}'))
+
+ # Delete second peer
+ self.session.delete(base_path + [interface, 'peer', 'PEER01'])
+ self.session.commit()
+
+
+
if __name__ == '__main__':
unittest.main()
diff --git a/src/conf_mode/interfaces-wireguard.py b/src/conf_mode/interfaces-wireguard.py
index d5800264f..9bda35d0a 100755
--- a/src/conf_mode/interfaces-wireguard.py
+++ b/src/conf_mode/interfaces-wireguard.py
@@ -57,13 +57,13 @@ def get_config(config=None):
# Determine which Wireguard peer has been removed.
# Peers can only be removed with their public key!
+ dict = {}
tmp = node_changed(conf, ['peer'])
- if tmp:
- dict = {}
- for peer in tmp:
- peer_config = leaf_node_changed(conf, ['peer', peer, 'pubkey'])
- dict = dict_merge({'peer_remove' : {peer : {'pubkey' : peer_config}}}, dict)
- wireguard.update(dict)
+ for peer in (tmp or []):
+ pubkey = leaf_node_changed(conf, ['peer', peer, 'pubkey'])
+ if pubkey:
+ dict = dict_merge({'peer_remove' : {peer : {'pubkey' : pubkey[0]}}}, dict)
+ wireguard.update(dict)
return wireguard
@@ -101,12 +101,12 @@ def verify(wireguard):
f'for peer "{tmp}" if either one of them is set!')
def apply(wireguard):
+ tmp = WireGuardIf(wireguard['ifname'])
if 'deleted' in wireguard:
- WireGuardIf(wireguard['ifname']).remove()
+ tmp.remove()
return None
- w = WireGuardIf(wireguard['ifname'])
- w.update(wireguard)
+ tmp.update(wireguard)
return None
if __name__ == '__main__':