vrf: T6602: verify supplied VRF name on all interface typesmergify/bp/sagitta/pr-3856

Only some (e.g. ethernet or wireguard) interfaces validate if the supplied VRF
actually exists. If this is not validated, one can pass an invalid VRF to the
system which generates an OSError exception.

To reproduce

set interfaces vxlan vxlan1 vni 1000
set interfaces vxlan vxlan1 remote 1.2.3.4
set interfaces vxlan vxlan1 vrf smoketest

results in

OSError: [Errno 255] failed to run command: ip link set dev vxlan1 master smoketest_mgmt

This commit adds the missing verify_vrf() call to the missing interface types
and an appropriate smoketest for all interfaces supporting VRF assignment.

(cherry picked from commit dd0ebffa33728e452ac6e11737c2283f0e390359)

1 files changed, 2 insertions, 0 deletions

diff --git a/src/conf_mode/interfaces_l2tpv3.py b/src/conf_mode/interfaces_l2tpv3.py
index e25793543..b9f827bee 100755
--- a/src/conf_mode/interfaces_l2tpv3.py
+++ b/src/conf_mode/interfaces_l2tpv3.py
@@ -24,6 +24,7 @@ from vyos.configverify import verify_bridge_delete
 from vyos.configverify import verify_mtu_ipv6
 from vyos.configverify import verify_mirror_redirect
 from vyos.configverify import verify_bond_bridge_member
+from vyos.configverify import verify_vrf
 from vyos.ifconfig import L2TPv3If
 from vyos.utils.kernel import check_kmod
 from vyos.utils.network import is_addr_assigned
@@ -76,6 +77,7 @@ def verify(l2tpv3):
 
     verify_mtu_ipv6(l2tpv3)
     verify_address(l2tpv3)
+    verify_vrf(l2tpv3)
     verify_bond_bridge_member(l2tpv3)
     verify_mirror_redirect(l2tpv3)
     return None