summaryrefslogtreecommitdiff
path: root/src/conf_mode
diff options
context:
space:
mode:
authorChristian Poessinger <christian@poessinger.com>2021-04-18 13:22:47 +0200
committerChristian Poessinger <christian@poessinger.com>2021-04-18 13:22:47 +0200
commitd40dd615f9ea46b28b2e968c2ba4fff18866cf5f (patch)
tree1c697ea35c9a82782b4af790a15b5156a06ffd52 /src/conf_mode
parent2e0fd99318a8fd3c6c42a04ea5be8f2494db23ca (diff)
downloadvyos-1x-d40dd615f9ea46b28b2e968c2ba4fff18866cf5f.tar.gz
vyos-1x-d40dd615f9ea46b28b2e968c2ba4fff18866cf5f.zip
policy: T2425: verify other policy types and probe for mandatory options
Diffstat (limited to 'src/conf_mode')
-rwxr-xr-xsrc/conf_mode/policy.py47
1 files changed, 27 insertions, 20 deletions
diff --git a/src/conf_mode/policy.py b/src/conf_mode/policy.py
index a8244ca26..d461511f8 100755
--- a/src/conf_mode/policy.py
+++ b/src/conf_mode/policy.py
@@ -14,8 +14,6 @@
# You should have received a copy of the GNU General Public License
# along with this program. If not, see <http://www.gnu.org/licenses/>.
-import os
-
from sys import exit
from vyos.config import Config
@@ -43,34 +41,43 @@ def verify(policy):
if not policy:
return None
- def verify_access_list(acl, rule, rule_config):
- error_append = f'must be specified for rule {rule} in access-list {acl}!'
- if 'source' not in rule_config:
- raise ConfigError(f'Source {error_append}')
-
- if int(acl) in range(100, 200) or int(acl) in range(2000, 2700):
- if 'destination' not in rule_config:
- raise ConfigError(f'Destination {error_append}')
-
- for type in ['access_list', 'access_list6', 'as_path_list', 'community_list',
- 'extcommunity_list', 'large_community_list', 'prefix_list',
- 'prefix_list6', 'route_map']:
+ for policy_type in ['access_list', 'access_list6', 'as_path_list',
+ 'community_list', 'extcommunity_list', 'large_community_list',
+ 'prefix_list', 'prefix_list6', 'route_map']:
# Bail out early and continue with next policy type
- if type not in policy:
+ if policy_type not in policy:
continue
+
# instance can be an ACL name/number, prefix-list name or route-map name
- for instance, instance_config in policy[type].items():
+ for instance, instance_config in policy[policy_type].items():
# If no rule was found within the instance ... sad, but we can leave
# early as nothing needs to be verified
if 'rule' not in instance_config:
continue
+
+ # human readable instance name (hypen instead of underscore)
+ policy_hr = policy_type.replace('_', '-')
for rule, rule_config in instance_config['rule'].items():
+ mandatory_error = f'must be specified for "{policy_hr} {instance} rule {rule}"!'
if 'action' not in rule_config:
- error_msg = 'Action must be specified for ' + type.replace('_','-')
- raise ConfigError(f'{error_msg} {instance}, rule {rule}!')
+ raise ConfigError(f'Action {mandatory_error}')
+
+ if policy_type == 'access_list':
+ if 'source' not in rule_config:
+ raise ConfigError(f'Source {mandatory_error}')
+
+ if int(instance) in range(100, 200) or int(instance) in range(2000, 2700):
+ if 'destination' not in rule_config:
+ raise ConfigError(f'Destination {mandatory_error}')
+
+ if policy_type == 'access_list6':
+ if 'source' not in rule_config:
+ raise ConfigError(f'Source {mandatory_error}')
- if type == 'access_list':
- verify_access_list(instance, rule, rule_config)
+ if policy_type in ['as_path_list', 'community_list', 'extcommunity_list',
+ 'large_community_list']:
+ if 'regex' not in rule_config:
+ raise ConfigError(f'Regex {mandatory_error}')
return None