sstp: T2960: migrate to get_config_dict() and reusable templates

2 files changed, 131 insertions, 9 deletions

diff --git a/python/vyos/configdict.py b/python/vyos/configdict.py
index ce6d58693..99072a1b9 100644
--- a/python/vyos/configdict.py
+++ b/python/vyos/configdict.py
@@ -18,12 +18,8 @@ A library for retrieving value dicts from VyOS configs in a declarative fashion.
 """
 import os
 
-from copy import deepcopy
-
 from vyos.util import vyos_dict_search
 from vyos.xml import defaults
-from vyos.xml import is_tag
-from vyos.xml import is_leaf
 from vyos import ConfigError
 
 def retrieve_config(path_hash, base_path, config):
@@ -198,6 +194,9 @@ def is_member(conf, interface, intftype=None):
     interface name -> Interface is a member of this interface
     False -> interface type cannot have members
     """
+    from vyos.xml import is_tag
+    from vyos.xml import is_leaf
+
     ret_val = None
     intftypes = ['bonding', 'bridge']
     if intftype not in intftypes + [None]:
@@ -265,11 +264,12 @@ def is_source_interface(conf, interface, intftype=None):
 
 def get_interface_dict(config, base, ifname=''):
     """
-    Common utility function to retrieve and mandgle the interfaces available
-    in CLI configuration. All interfaces have a common base ground where the
-    value retrival is identical - so it can and should be reused
+    Common utility function to retrieve and mangle the interfaces configuration
+    from the CLI input nodes. All interfaces have a common base where value
+    retrival is identical. This function must be used whenever possible when
+    working on the interfaces node!
 
-    Will return a dictionary with the necessary interface configuration
+    Return a dictionary with the necessary interface config keys.
     """
     if not ifname:
         # determine tagNode instance
@@ -405,3 +405,70 @@ def get_interface_dict(config, base, ifname=''):
     # Check vif, vif-s/vif-c VLAN interfaces for removal
     dict = get_removed_vlans(config, dict)
     return dict
+
+
+def get_accel_dict(config, base, chap_secrets):
+    """
+    Common utility function to retrieve and mangle the Accel-PPP configuration
+    from different CLI input nodes. All Accel-PPP services have a common base
+    where value retrival is identical. This function must be used whenever
+    possible when working with Accel-PPP services!
+
+    Return a dictionary with the necessary interface config keys.
+    """
+    from vyos.util import get_half_cpus
+    from vyos.validate import is_ipv4
+
+    dict = config.get_config_dict(base, key_mangling=('-', '_'), get_first_key=True)
+
+    # We have gathered the dict representation of the CLI, but there are default
+    # options which we need to update into the dictionary retrived.
+    default_values = defaults(base)
+
+    # defaults include RADIUS server specifics per TAG node which need to be
+    # added to individual RADIUS servers instead - so we can simply delete them
+    if vyos_dict_search('authentication.radius.server', default_values):
+        del default_values['authentication']['radius']['server']
+
+    # defaults include static-ip address per TAG node which need to be added to
+    # individual local users instead - so we can simply delete them
+    if vyos_dict_search('authentication.local_users.username', default_values):
+        del default_values['authentication']['local_users']['username']
+
+    dict = dict_merge(default_values, dict)
+
+    # set CPUs cores to process requests
+    dict.update({'thread_count' : get_half_cpus()})
+    # we need to store the path to the secrets file
+    dict.update({'chap_secrets_file' : chap_secrets})
+
+    # We can only have two IPv4 and three IPv6 nameservers - also they are
+    # configured in a different way in the configuration, this is why we split
+    # the configuration
+    if 'name_server' in dict:
+        ns_v4 = []
+        ns_v6 = []
+        for ns in dict['name_server']:
+            if is_ipv4(ns): ns_v4.append(ns)
+            else: ns_v6.append(ns)
+
+        dict.update({'name_server_ipv4' : ns_v4, 'name_server_ipv6' : ns_v6})
+        del dict['name_server']
+
+    # Add individual RADIUS server default values
+    if vyos_dict_search('authentication.radius.server', dict):
+        default_values = defaults(base + ['authentication', 'radius', 'server'])
+
+        for server in vyos_dict_search('authentication.radius.server', dict):
+            dict['authentication']['radius']['server'][server] = dict_merge(
+                default_values, dict['authentication']['radius']['server'][server])
+
+    # Add individual local-user default values
+    if vyos_dict_search('authentication.local_users.username', dict):
+        default_values = defaults(base + ['authentication', 'local_users', 'username'])
+
+        for username in vyos_dict_search('authentication.local_users.username', dict):
+            dict['authentication']['local_users']['username'][username] = dict_merge(
+                default_values, dict['authentication']['local_users']['username'][username])
+
+    return dict
diff --git a/python/vyos/configverify.py b/python/vyos/configverify.py
index 944fc4294..f970ca6de 100644
--- a/python/vyos/configverify.py
+++ b/python/vyos/configverify.py
@@ -22,6 +22,7 @@
 # makes use of it!
 
 from vyos import ConfigError
+from vyos.util import vyos_dict_search
 
 def verify_mtu(config):
     """
@@ -51,7 +52,6 @@ def verify_mtu_ipv6(config):
     configured on the interface. IPv6 requires a 1280 bytes MTU.
     """
     from vyos.validate import is_ipv6
-    from vyos.util import vyos_dict_search
     # IPv6 minimum required link mtu
     min_mtu = 1280
 
@@ -204,3 +204,58 @@ def verify_vlan_config(config):
             verify_dhcpv6(vlan)
             verify_address(vlan)
             verify_vrf(vlan)
+
+def verify_accel_ppp_base_service(config):
+    """
+    Common helper function which must be used by all Accel-PPP services based
+    on get_config_dict()
+    """
+    # vertify auth settings
+    if vyos_dict_search('authentication.mode', config) == 'local':
+        if not vyos_dict_search('authentication.local_users', config):
+            raise ConfigError('PPPoE local auth mode requires local users to be configured!')
+
+        for user in vyos_dict_search('authentication.local_users.username', config):
+            user_config = config['authentication']['local_users']['username'][user]
+
+            if 'password' not in user_config:
+                raise ConfigError(f'Password required for local user "{user}"')
+
+            if 'rate_limit' in user_config:
+                # if up/download is set, check that both have a value
+                if not {'upload', 'download'} <= set(user_config['rate_limit']):
+                    raise ConfigError(f'User "{user}" has rate-limit configured for only one ' \
+                                      'direction but both upload and download must be given!')
+
+    elif vyos_dict_search('authentication.mode', config) == 'radius':
+        if not vyos_dict_search('authentication.radius.server', config):
+            raise ConfigError('RADIUS authentication requires at least one server')
+
+        for server in vyos_dict_search('authentication.radius.server', config):
+            radius_config = config['authentication']['radius']['server'][server]
+            if 'key' not in radius_config:
+                raise ConfigError(f'Missing RADIUS secret key for server "{server}"')
+
+    if 'gateway_address' not in config:
+        raise ConfigError('PPPoE server requires gateway-address to be configured!')
+
+    if 'name_server_ipv4' in config:
+        if len(config['name_server_ipv4']) > 2:
+            raise ConfigError('Not more then two IPv4 DNS name-servers ' \
+                              'can be configured')
+
+    if 'name_server_ipv6' in config:
+        if len(config['name_server_ipv6']) > 3:
+            raise ConfigError('Not more then three IPv6 DNS name-servers ' \
+                              'can be configured')
+
+    if 'client_ipv6_pool' in config:
+        ipv6_pool = config['client_ipv6_pool']
+        if 'delegate' in ipv6_pool:
+            if 'prefix' not in ipv6_pool:
+                raise ConfigError('IPv6 "delegate" also requires "prefix" to be defined!')
+
+            for delegate in ipv6_pool['delegate']:
+                if 'delegation_prefix' not in ipv6_pool['delegate'][delegate]:
+                    raise ConfigError('delegation-prefix length required!')
+