diff options
author | John Estabrook <jestabro@vyos.io> | 2022-11-18 16:08:47 -0600 |
---|---|---|
committer | John Estabrook <jestabro@vyos.io> | 2022-11-18 16:08:47 -0600 |
commit | 58057480e22712dc6d04396f8805d3db338bddfa (patch) | |
tree | 5f5ee1753edb918b42fc57ebdc2e04e5bf56dd8d | |
parent | 95abda42a4ef4a949b897a4aa5eaf52e6c2842a8 (diff) | |
download | vyos-1x-58057480e22712dc6d04396f8805d3db338bddfa.tar.gz vyos-1x-58057480e22712dc6d04396f8805d3db338bddfa.zip |
IPsec: T4828: raise op-mode error on incorrect value
-rw-r--r-- | python/vyos/opmode.py | 6 | ||||
-rwxr-xr-x | src/op_mode/ipsec.py | 17 | ||||
-rw-r--r-- | src/services/api/graphql/session/errors/op_mode_errors.py | 6 |
3 files changed, 16 insertions, 13 deletions
diff --git a/python/vyos/opmode.py b/python/vyos/opmode.py index 2e896c8e6..9dba8d30f 100644 --- a/python/vyos/opmode.py +++ b/python/vyos/opmode.py @@ -45,6 +45,12 @@ class PermissionDenied(Error): """ pass +class IncorrectValue(Error): + """ Requested operation is valid, but an argument provided has an + incorrect value, preventing successful completion. + """ + pass + class InternalError(Error): """ Any situation when VyOS detects that it could not perform an operation correctly due to logic errors in its own code diff --git a/src/op_mode/ipsec.py b/src/op_mode/ipsec.py index aaa0cec5a..83e4241d7 100755 --- a/src/op_mode/ipsec.py +++ b/src/op_mode/ipsec.py @@ -14,6 +14,7 @@ # You should have received a copy of the GNU General Public License # along with this program. If not, see <http://www.gnu.org/licenses/>. +import os import re import sys @@ -138,6 +139,8 @@ def _get_formatted_output_sas(sas): def get_peer_connections(peer, tunnel, return_all = False): search = rf'^[\s]*({peer}-(tunnel-[\d]+|vti)).*' matches = [] + if not os.path.exists(SWANCTL_CONF): + raise vyos.opmode.UnconfiguredSubsystem("IPsec not initialized") with open(SWANCTL_CONF, 'r') as f: for line in f.readlines(): result = re.match(search, line) @@ -149,27 +152,19 @@ def get_peer_connections(peer, tunnel, return_all = False): def reset_peer(peer: str, tunnel:str): - if not peer: - print('Invalid peer, aborting') - return - conns = get_peer_connections(peer, tunnel, return_all = (not tunnel or tunnel == 'all')) if not conns: - print('Tunnel(s) not found, aborting') - return + raise vyos.opmode.IncorrectValue('Peer or tunnel(s) not found, aborting') - result = True for conn in conns: try: call(f'sudo /usr/sbin/ipsec down {conn}{{*}}', timeout = 10) call(f'sudo /usr/sbin/ipsec up {conn}', timeout = 10) except TimeoutExpired as e: - print(f'Timed out while resetting {conn}') - result = False - + raise vyos.opmode.InternalError(f'Timed out while resetting {conn}') - print('Peer reset result: ' + ('success' if result else 'failed')) + print('Peer reset result: success') def show_sa(raw: bool): diff --git a/src/services/api/graphql/session/errors/op_mode_errors.py b/src/services/api/graphql/session/errors/op_mode_errors.py index 7ba75455d..7bc1d1d81 100644 --- a/src/services/api/graphql/session/errors/op_mode_errors.py +++ b/src/services/api/graphql/session/errors/op_mode_errors.py @@ -3,11 +3,13 @@ op_mode_err_msg = { "UnconfiguredSubsystem": "subsystem is not configured or not running", "DataUnavailable": "data currently unavailable", - "PermissionDenied": "client does not have permission" + "PermissionDenied": "client does not have permission", + "IncorrectValue": "argument value is incorrect" } op_mode_err_code = { "UnconfiguredSubsystem": 2000, "DataUnavailable": 2001, - "PermissionDenied": 1003 + "PermissionDenied": 1003, + "IncorrectValue": 1002 } |