Merge pull request #1356 from sarthurdev/nested_groups

firewall: T478: Add support for nesting groups

1 files changed, 33 insertions, 0 deletions

diff --git a/python/vyos/template.py b/python/vyos/template.py
index ee82f8f8f..3feda47c8 100644
--- a/python/vyos/template.py
+++ b/python/vyos/template.py
@@ -591,6 +591,39 @@ def nft_intra_zone_action(zone_conf, ipv6=False):
             return f'jump {name_prefix}{name}'
     return 'return'
 
+@register_filter('nft_nested_group')
+def nft_nested_group(out_list, includes, prefix):
+    if not vyos_defined(out_list):
+        out_list = []
+    for name in includes:
+        out_list.append(f'${prefix}{name}')
+    return out_list
+
+@register_filter('sort_nested_groups')
+def sort_nested_groups(groups):
+    seen = []
+    out = {}
+
+    def include_iterate(group_name):
+        group = groups[group_name]
+        if 'include' not in group:
+            if group_name not in out:
+                out[group_name] = groups[group_name]
+            return
+
+        for inc_group_name in group['include']:
+            if inc_group_name not in seen:
+                seen.append(inc_group_name)
+                include_iterate(inc_group_name)
+
+        if group_name not in out:
+            out[group_name] = groups[group_name]
+
+    for group_name in groups:
+        include_iterate(group_name)
+
+    return out.items()
+
 @register_test('vyos_defined')
 def vyos_defined(value, test_value=None, var_type=None):
     """