bridge: T2232: prevent deletion of enslaved interfaces

Interfaces enslaved to a bridge are not allowed to be deleted. If an interface
is deleted from the config but it is still enslaved to a bridge will cause a
configuration error on the subsequent boot.

1 files changed, 11 insertions, 1 deletions

diff --git a/src/conf_mode/interfaces-wireguard.py b/src/conf_mode/interfaces-wireguard.py
index 4fa0dd8c0..54121a6c1 100755
--- a/src/conf_mode/interfaces-wireguard.py
+++ b/src/conf_mode/interfaces-wireguard.py
@@ -24,7 +24,7 @@ from netifaces import interfaces
 from vyos import ConfigError
 from vyos.config import Config
 from vyos.configdict import list_diff
-from vyos.util import run
+from vyos.util import run, is_bridge_member
 from vyos.ifconfig import WireGuardIf
 
 kdir = r'/config/auth/wireguard'
@@ -179,6 +179,16 @@ def verify(c):
     if not c:
         return None
 
+    if c['delete']:
+        interface = c['intfc']
+        is_member, bridge = is_bridge_member(interface)
+        if is_member:
+            # can not use a f'' formatted-string here as bridge would not get
+            # expanded in the print statement
+            raise ConfigError('Can not delete interface "{0}" as it ' \
+                              'is a member of bridge "{1}"!'.format(interface, bridge))
+        return None
+
     if not os.path.exists(c['pk']):
         raise ConfigError(
             "No keys found, generate them by executing: \'run generate wireguard [keypair|named-keypairs]\'")