summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorJohn Estabrook <jestabro@vyos.io>2022-11-18 16:08:47 -0600
committerJohn Estabrook <jestabro@vyos.io>2022-11-18 16:08:47 -0600
commit58057480e22712dc6d04396f8805d3db338bddfa (patch)
tree5f5ee1753edb918b42fc57ebdc2e04e5bf56dd8d
parent95abda42a4ef4a949b897a4aa5eaf52e6c2842a8 (diff)
downloadvyos-1x-58057480e22712dc6d04396f8805d3db338bddfa.tar.gz
vyos-1x-58057480e22712dc6d04396f8805d3db338bddfa.zip
IPsec: T4828: raise op-mode error on incorrect value
-rw-r--r--python/vyos/opmode.py6
-rwxr-xr-xsrc/op_mode/ipsec.py17
-rw-r--r--src/services/api/graphql/session/errors/op_mode_errors.py6
3 files changed, 16 insertions, 13 deletions
diff --git a/python/vyos/opmode.py b/python/vyos/opmode.py
index 2e896c8e6..9dba8d30f 100644
--- a/python/vyos/opmode.py
+++ b/python/vyos/opmode.py
@@ -45,6 +45,12 @@ class PermissionDenied(Error):
"""
pass
+class IncorrectValue(Error):
+ """ Requested operation is valid, but an argument provided has an
+ incorrect value, preventing successful completion.
+ """
+ pass
+
class InternalError(Error):
""" Any situation when VyOS detects that it could not perform
an operation correctly due to logic errors in its own code
diff --git a/src/op_mode/ipsec.py b/src/op_mode/ipsec.py
index aaa0cec5a..83e4241d7 100755
--- a/src/op_mode/ipsec.py
+++ b/src/op_mode/ipsec.py
@@ -14,6 +14,7 @@
# You should have received a copy of the GNU General Public License
# along with this program. If not, see <http://www.gnu.org/licenses/>.
+import os
import re
import sys
@@ -138,6 +139,8 @@ def _get_formatted_output_sas(sas):
def get_peer_connections(peer, tunnel, return_all = False):
search = rf'^[\s]*({peer}-(tunnel-[\d]+|vti)).*'
matches = []
+ if not os.path.exists(SWANCTL_CONF):
+ raise vyos.opmode.UnconfiguredSubsystem("IPsec not initialized")
with open(SWANCTL_CONF, 'r') as f:
for line in f.readlines():
result = re.match(search, line)
@@ -149,27 +152,19 @@ def get_peer_connections(peer, tunnel, return_all = False):
def reset_peer(peer: str, tunnel:str):
- if not peer:
- print('Invalid peer, aborting')
- return
-
conns = get_peer_connections(peer, tunnel, return_all = (not tunnel or tunnel == 'all'))
if not conns:
- print('Tunnel(s) not found, aborting')
- return
+ raise vyos.opmode.IncorrectValue('Peer or tunnel(s) not found, aborting')
- result = True
for conn in conns:
try:
call(f'sudo /usr/sbin/ipsec down {conn}{{*}}', timeout = 10)
call(f'sudo /usr/sbin/ipsec up {conn}', timeout = 10)
except TimeoutExpired as e:
- print(f'Timed out while resetting {conn}')
- result = False
-
+ raise vyos.opmode.InternalError(f'Timed out while resetting {conn}')
- print('Peer reset result: ' + ('success' if result else 'failed'))
+ print('Peer reset result: success')
def show_sa(raw: bool):
diff --git a/src/services/api/graphql/session/errors/op_mode_errors.py b/src/services/api/graphql/session/errors/op_mode_errors.py
index 7ba75455d..7bc1d1d81 100644
--- a/src/services/api/graphql/session/errors/op_mode_errors.py
+++ b/src/services/api/graphql/session/errors/op_mode_errors.py
@@ -3,11 +3,13 @@
op_mode_err_msg = {
"UnconfiguredSubsystem": "subsystem is not configured or not running",
"DataUnavailable": "data currently unavailable",
- "PermissionDenied": "client does not have permission"
+ "PermissionDenied": "client does not have permission",
+ "IncorrectValue": "argument value is incorrect"
}
op_mode_err_code = {
"UnconfiguredSubsystem": 2000,
"DataUnavailable": 2001,
- "PermissionDenied": 1003
+ "PermissionDenied": 1003,
+ "IncorrectValue": 1002
}