Merge pull request #4526 from jestabro/config-mgmt-context

T7365: add commit hooks and cli integration

8 files changed, 91 insertions, 1 deletions

diff --git a/debian/vyos-1x.links b/debian/vyos-1x.links
index 402c91306..aef22555c 100644
--- a/debian/vyos-1x.links
+++ b/debian/vyos-1x.links
@@ -1,2 +1,4 @@
 /etc/netplug/linkup.d/vyos-python-helper /etc/netplug/linkdown.d/vyos-python-helper
 /usr/libexec/vyos/system/standalone_root_pw_reset /opt/vyatta/sbin/standalone_root_pw_reset
+/usr/libexec/vyos/vyconf_cli.py /usr/libexec/vyos/vyconf/bin/vy_commit
+/usr/libexec/vyos/vyconf_cli.py /usr/libexec/vyos/vyconf/bin/vy_in_session
diff --git a/libvyosconfig b/libvyosconfig
-Subproject 3e295c0c0256746f0811a9cb90d2489fd76a465
+Subproject f632edbc947fbcda1916ababacc5f2659cf6cfb
diff --git a/python/vyos/defaults.py b/python/vyos/defaults.py
index b57dcac89..f84b14040 100644
--- a/python/vyos/defaults.py
+++ b/python/vyos/defaults.py
@@ -84,3 +84,7 @@ rt_global_table = rt_symbolic_names['main']
 vyconfd_conf = '/etc/vyos/vyconfd.conf'
 
 DEFAULT_COMMIT_CONFIRM_MINUTES = 10
+
+commit_hooks = {'pre': '/etc/commit/pre-hooks.d',
+                'post': '/etc/commit/post-hooks.d'
+               }
diff --git a/python/vyos/utils/commit.py b/python/vyos/utils/commit.py
index 9167c78d2..fc259dadb 100644
--- a/python/vyos/utils/commit.py
+++ b/python/vyos/utils/commit.py
@@ -101,3 +101,30 @@ def release_commit_lock_file(file_descr):
         return
     fcntl.lockf(file_descr, fcntl.LOCK_UN)
     file_descr.close()
+
+
+def call_commit_hooks(which: str):
+    import re
+    import os
+    from pathlib import Path
+    from vyos.defaults import commit_hooks
+    from vyos.utils.process import rc_cmd
+
+    if which not in list(commit_hooks):
+        raise ValueError(f'no entry {which} in commit_hooks')
+
+    hook_dir = commit_hooks[which]
+    file_list = list(Path(hook_dir).glob('*'))
+    regex = re.compile('^[a-zA-Z0-9._-]+$')
+    hook_list = sorted([str(f) for f in file_list if regex.match(f.name)])
+    err = False
+    out = ''
+    for runf in hook_list:
+        try:
+            e, o = rc_cmd(runf)
+        except FileNotFoundError:
+            continue
+        err = err | bool(e)
+        out = out + o
+
+    return out, int(err)
diff --git a/python/vyos/vyconf_session.py b/python/vyos/vyconf_session.py
index 4250f0cfb..3cf847b6c 100644
--- a/python/vyos/vyconf_session.py
+++ b/python/vyos/vyconf_session.py
@@ -29,6 +29,7 @@ from vyos.utils.session import in_config_session
 from vyos.proto.vyconf_proto import Errnum
 from vyos.utils.commit import acquire_commit_lock_file
 from vyos.utils.commit import release_commit_lock_file
+from vyos.utils.commit import call_commit_hooks
 
 
 class VyconfSessionError(Exception):
@@ -145,10 +146,14 @@ class VyconfSession:
         if lock_fd is None:
             return out, Errnum.COMMIT_IN_PROGRESS
 
+        pre_out, _ = call_commit_hooks('pre')
         out = vyconf_client.send_request('commit', token=self.__token)
+        os.environ['COMMIT_STATUS'] = 'FAILURE' if out.status else 'SUCCESS'
+        post_out, _ = call_commit_hooks('post')
+
         release_commit_lock_file(lock_fd)
 
-        return self.output(out), out.status
+        return pre_out + self.output(out) + post_out, out.status
 
     @raise_exception
     @config_mode
diff --git a/src/etc/default/vyatta b/src/etc/default/vyatta
index e5fa3bb30..0a5129e8b 100644
--- a/src/etc/default/vyatta
+++ b/src/etc/default/vyatta
@@ -173,6 +173,7 @@ unset _vyatta_extglob
     declare -x -r vyos_bin_dir=/usr/bin
     declare -x -r vyos_sbin_dir=/usr/sbin
     declare -x -r vyos_share_dir=/usr/share
+    declare -x -r vyconf_bin_dir=/usr/libexec/vyos/vyconf/bin
 
     if test -z "$vyos_conf_scripts_dir" ; then
         declare -x -r vyos_conf_scripts_dir=$vyos_libexec_dir/conf_mode
diff --git a/src/helpers/set_vyconf_backend.py b/src/helpers/set_vyconf_backend.py
index 6747e51c3..816452f3b 100755
--- a/src/helpers/set_vyconf_backend.py
+++ b/src/helpers/set_vyconf_backend.py
@@ -19,10 +19,14 @@
 # N.B. only for use within testing framework; explicit invocation will leave
 # system in inconsistent state.
 
+import os
+import sys
 from argparse import ArgumentParser
 
 from vyos.utils.backend import set_vyconf_backend
 
+if os.getuid() != 0:
+    sys.exit('Requires root privileges')
 
 parser = ArgumentParser()
 parser.add_argument('--disable', action='store_true',
diff --git a/src/helpers/vyconf_cli.py b/src/helpers/vyconf_cli.py
new file mode 100755
index 000000000..a159a2678
--- /dev/null
+++ b/src/helpers/vyconf_cli.py
@@ -0,0 +1,47 @@
+#!/usr/bin/env python3
+#
+# Copyright (C) 2025 VyOS maintainers and contributors
+#
+# This program is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License version 2 or later as
+# published by the Free Software Foundation.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program.  If not, see <http://www.gnu.org/licenses/>.
+#
+#
+
+import os
+import sys
+
+from vyos.vyconf_session import VyconfSession
+
+
+pid = os.getppid()
+
+vs = VyconfSession(pid=pid)
+
+script_path = sys.argv[0]
+script_name = os.path.basename(script_path)
+# drop prefix 'vy_' if present
+if script_name.startswith('vy_'):
+    func_name = script_name[3:]
+else:
+    func_name = script_name
+
+if hasattr(vs, func_name):
+    func = getattr(vs, func_name)
+else:
+    sys.exit(f'Call unimplemented: {func_name}')
+
+out = func()
+if isinstance(out, bool):
+    # for use in shell scripts
+    sys.exit(int(not out))
+
+print(out)