bond: T6709: add EAPoL support

4 files changed, 23 insertions, 17 deletions

diff --git a/interface-definitions/interfaces_bonding.xml.in b/interface-definitions/interfaces_bonding.xml.in
index cc0327f3d..b17cad478 100644
--- a/interface-definitions/interfaces_bonding.xml.in
+++ b/interface-definitions/interfaces_bonding.xml.in
@@ -56,6 +56,7 @@
           #include <include/interface/disable.xml.i>
           #include <include/interface/vrf.xml.i>
           #include <include/interface/mirror.xml.i>
+          #include <include/interface/eapol.xml.i>
           <node name="evpn">
             <properties>
               <help>EVPN Multihoming</help>
diff --git a/smoketest/scripts/cli/base_interfaces_test.py b/smoketest/scripts/cli/base_interfaces_test.py
index 5708393e1..593b4b415 100644
--- a/smoketest/scripts/cli/base_interfaces_test.py
+++ b/smoketest/scripts/cli/base_interfaces_test.py
@@ -1240,6 +1240,8 @@ class BasicInterfaceTest:
             if not self._test_eapol:
                 self.skipTest('not supported')
 
+            cfg_dir = '/run/wpa_supplicant'
+
             ca_certs = {
                 'eapol-server-ca-root': server_ca_root_cert_data,
                 'eapol-server-ca-intermediate': server_ca_intermediate_cert_data,
@@ -1274,9 +1276,6 @@ class BasicInterfaceTest:
 
             self.cli_commit()
 
-            # Check for running process
-            self.assertTrue(process_named_running('wpa_supplicant'))
-
             # Validate interface config
             for interface in self._interfaces:
                 tmp = get_wpa_supplicant_value(interface, 'key_mgmt')
@@ -1289,29 +1288,33 @@ class BasicInterfaceTest:
                 self.assertEqual('0', tmp)
 
                 tmp = get_wpa_supplicant_value(interface, 'ca_cert')
-                self.assertEqual(f'"/run/wpa_supplicant/{interface}_ca.pem"', tmp)
+                self.assertEqual(f'"{cfg_dir}/{interface}_ca.pem"', tmp)
 
                 tmp = get_wpa_supplicant_value(interface, 'client_cert')
-                self.assertEqual(f'"/run/wpa_supplicant/{interface}_cert.pem"', tmp)
+                self.assertEqual(f'"{cfg_dir}/{interface}_cert.pem"', tmp)
 
                 tmp = get_wpa_supplicant_value(interface, 'private_key')
-                self.assertEqual(f'"/run/wpa_supplicant/{interface}_cert.key"', tmp)
+                self.assertEqual(f'"{cfg_dir}/{interface}_cert.key"', tmp)
 
                 mac = read_file(f'/sys/class/net/{interface}/address')
                 tmp = get_wpa_supplicant_value(interface, 'identity')
                 self.assertEqual(f'"{mac}"', tmp)
 
-            # Check certificate files have the full chain
-            self.assertEqual(get_certificate_count(interface, 'ca'), 2)
-            self.assertEqual(get_certificate_count(interface, 'cert'), 3)
+                # Check certificate files have the full chain
+                self.assertEqual(get_certificate_count(interface, 'ca'), 2)
+                self.assertEqual(get_certificate_count(interface, 'cert'), 3)
 
-            for name in ca_certs:
-                self.cli_delete(['pki', 'ca', name])
-            self.cli_delete(['pki', 'certificate', cert_name])
+                # Check for running process
+                self.assertTrue(process_named_running('wpa_supplicant', cmdline=f'-i{interface}'))
 
             # Remove EAPoL configuration
-            self.cli_delete(self._base_path + [interface, 'eapol'])
-            # Commit
+            for interface in self._interfaces:
+                self.cli_delete(self._base_path + [interface, 'eapol'])
+
+            # Commit and check that process is no longer running
             self.cli_commit()
-            # Daemon must no longer be running
             self.assertFalse(process_named_running('wpa_supplicant'))
+
+            for name in ca_certs:
+                self.cli_delete(['pki', 'ca', name])
+            self.cli_delete(['pki', 'certificate', cert_name])
diff --git a/smoketest/scripts/cli/test_interfaces_ethernet.py b/smoketest/scripts/cli/test_interfaces_ethernet.py
index 3c8a9b663..3d12364f7 100755
--- a/smoketest/scripts/cli/test_interfaces_ethernet.py
+++ b/smoketest/scripts/cli/test_interfaces_ethernet.py
@@ -223,4 +223,4 @@ class EthernetInterfaceTest(BasicInterfaceTest.TestCase):
             self.assertIn(f' evpn mh uplink', frrconfig)
 
 if __name__ == '__main__':
-    unittest.main(verbosity=2, failfast=True)
+    unittest.main(verbosity=2)
diff --git a/src/conf_mode/interfaces_bonding.py b/src/conf_mode/interfaces_bonding.py
index 5e5d5fba1..bbbfb0385 100755
--- a/src/conf_mode/interfaces_bonding.py
+++ b/src/conf_mode/interfaces_bonding.py
@@ -25,6 +25,7 @@ from vyos.configdict import is_source_interface
 from vyos.configverify import verify_address
 from vyos.configverify import verify_bridge_delete
 from vyos.configverify import verify_dhcpv6
+from vyos.configverify import verify_eapol
 from vyos.configverify import verify_mirror_redirect
 from vyos.configverify import verify_mtu_ipv6
 from vyos.configverify import verify_vlan_config
@@ -73,7 +74,7 @@ def get_config(config=None):
     else:
         conf = Config()
     base = ['interfaces', 'bonding']
-    ifname, bond = get_interface_dict(conf, base)
+    ifname, bond = get_interface_dict(conf, base, with_pki=True)
 
     # To make our own life easier transfor the list of member interfaces
     # into a dictionary - we will use this to add additional information
@@ -196,6 +197,7 @@ def verify(bond):
     verify_dhcpv6(bond)
     verify_vrf(bond)
     verify_mirror_redirect(bond)
+    verify_eapol(bond)
 
     # use common function to verify VLAN configuration
     verify_vlan_config(bond)