diff options
10 files changed, 96 insertions, 91 deletions
diff --git a/data/templates/frr/bgpd.frr.j2 b/data/templates/frr/bgpd.frr.j2 index 23f81348b..ed55db3f2 100644 --- a/data/templates/frr/bgpd.frr.j2 +++ b/data/templates/frr/bgpd.frr.j2 @@ -76,7 +76,7 @@ neighbor {{ neighbor }} password {{ config.password }} {% endif %} {% if config.path_attribute.discard is vyos_defined %} - neighbor {{ neighbor }} path-attribute discard {{ config.path_attribute.discard }} + neighbor {{ neighbor }} path-attribute discard {{ config.path_attribute.discard | join(' ') }} {% endif %} {% if config.path_attribute.treat_as_withdraw is vyos_defined %} neighbor {{ neighbor }} path-attribute treat-as-withdraw {{ config.path_attribute.treat_as_withdraw }} diff --git a/interface-definitions/include/bgp/neighbor-path-attribute.xml.i b/interface-definitions/include/bgp/neighbor-path-attribute.xml.i index 30568d8c6..399a6bcdd 100644 --- a/interface-definitions/include/bgp/neighbor-path-attribute.xml.i +++ b/interface-definitions/include/bgp/neighbor-path-attribute.xml.i @@ -14,6 +14,7 @@ <constraint> <validator name="numeric" argument="--range 1-255"/> </constraint> + <multi/> </properties> </leafNode> <leafNode name="treat-as-withdraw"> diff --git a/interface-definitions/include/pki/cli-certificate-base64.xml.i b/interface-definitions/include/pki/cli-certificate-base64.xml.i new file mode 100644 index 000000000..a3eff79e8 --- /dev/null +++ b/interface-definitions/include/pki/cli-certificate-base64.xml.i @@ -0,0 +1,11 @@ +<!-- include start from pki/cli-certificate-base64.xml.i --> +<leafNode name="certificate"> + <properties> + <help>Certificate in PEM format</help> + <constraint> + <validator name="base64"/> + </constraint> + <constraintErrorMessage>Certificate is not base64-encoded</constraintErrorMessage> + </properties> +</leafNode> +<!-- include end --> diff --git a/interface-definitions/include/pki/cli-private-key-base64.xml.i b/interface-definitions/include/pki/cli-private-key-base64.xml.i new file mode 100644 index 000000000..3a7ee0ce9 --- /dev/null +++ b/interface-definitions/include/pki/cli-private-key-base64.xml.i @@ -0,0 +1,11 @@ +<!-- include start from pki/pki-cli-private-key.xml.i --> +<leafNode name="key"> + <properties> + <help>Private key in PEM format</help> + <constraint> + <validator name="base64"/> + </constraint> + <constraintErrorMessage>Private key is not base64-encoded</constraintErrorMessage> + </properties> +</leafNode> +<!-- include end --> diff --git a/interface-definitions/include/pki/cli-public-key-base64.xml.i b/interface-definitions/include/pki/cli-public-key-base64.xml.i new file mode 100644 index 000000000..3a7ee0ce9 --- /dev/null +++ b/interface-definitions/include/pki/cli-public-key-base64.xml.i @@ -0,0 +1,11 @@ +<!-- include start from pki/pki-cli-private-key.xml.i --> +<leafNode name="key"> + <properties> + <help>Private key in PEM format</help> + <constraint> + <validator name="base64"/> + </constraint> + <constraintErrorMessage>Private key is not base64-encoded</constraintErrorMessage> + </properties> +</leafNode> +<!-- include end --> diff --git a/interface-definitions/include/pki/cli-revoke.xml.i b/interface-definitions/include/pki/cli-revoke.xml.i new file mode 100644 index 000000000..61cd978bb --- /dev/null +++ b/interface-definitions/include/pki/cli-revoke.xml.i @@ -0,0 +1,8 @@ +<!-- include start from pki/cli-revoke.xml.i --> +<leafNode name="revoke"> + <properties> + <help>Include certificate in parent CRL</help> + <valueless/> + </properties> +</leafNode> +<!-- include end --> diff --git a/interface-definitions/include/pki/password-protected.xml.i b/interface-definitions/include/pki/password-protected.xml.i new file mode 100644 index 000000000..b72e4ecec --- /dev/null +++ b/interface-definitions/include/pki/password-protected.xml.i @@ -0,0 +1,8 @@ +<!-- include start from pki/password-protected.xml.i --> +<leafNode name="password-protected"> + <properties> + <help>Private key portion is password protected</help> + <valueless/> + </properties> +</leafNode> +<!-- include end --> diff --git a/interface-definitions/pki.xml.in b/interface-definitions/pki.xml.in index 0ed199539..617bdd584 100644 --- a/interface-definitions/pki.xml.in +++ b/interface-definitions/pki.xml.in @@ -14,36 +14,15 @@ </constraint> </properties> <children> - <leafNode name="certificate"> - <properties> - <help>CA certificate in PEM format</help> - <constraint> - <validator name="base64"/> - </constraint> - <constraintErrorMessage>CA certificate is not base64-encoded</constraintErrorMessage> - </properties> - </leafNode> + #include <include/pki/cli-certificate-base64.xml.i> #include <include/generic-description.xml.i> <node name="private"> <properties> <help>CA private key in PEM format</help> </properties> <children> - <leafNode name="key"> - <properties> - <help>CA private key in PEM format</help> - <constraint> - <validator name="base64"/> - </constraint> - <constraintErrorMessage>CA private key is not base64-encoded</constraintErrorMessage> - </properties> - </leafNode> - <leafNode name="password-protected"> - <properties> - <help>CA private key is password protected</help> - <valueless/> - </properties> - </leafNode> + #include <include/pki/cli-private-key-base64.xml.i> + #include <include/pki/password-protected.xml.i> </children> </node> <leafNode name="crl"> @@ -56,12 +35,7 @@ <multi/> </properties> </leafNode> - <leafNode name="revoke"> - <properties> - <help>If parent CA is present, this CA certificate will be included in generated CRLs</help> - <valueless/> - </properties> - </leafNode> + #include <include/pki/cli-revoke.xml.i> </children> </tagNode> <tagNode name="certificate"> @@ -72,15 +46,7 @@ </constraint> </properties> <children> - <leafNode name="certificate"> - <properties> - <help>Certificate in PEM format</help> - <constraint> - <validator name="base64"/> - </constraint> - <constraintErrorMessage>Certificate is not base64-encoded</constraintErrorMessage> - </properties> - </leafNode> + #include <include/pki/cli-certificate-base64.xml.i> <node name="acme"> <properties> <help>Automatic Certificate Management Environment (ACME) request</help> @@ -141,29 +107,11 @@ <help>Certificate private key</help> </properties> <children> - <leafNode name="key"> - <properties> - <help>Certificate private key in PEM format</help> - <constraint> - <validator name="base64"/> - </constraint> - <constraintErrorMessage>Certificate private key is not base64-encoded</constraintErrorMessage> - </properties> - </leafNode> - <leafNode name="password-protected"> - <properties> - <help>Certificate private key is password protected</help> - <valueless/> - </properties> - </leafNode> + #include <include/pki/cli-private-key-base64.xml.i> + #include <include/pki/password-protected.xml.i> </children> </node> - <leafNode name="revoke"> - <properties> - <help>If CA is present, this certificate will be included in generated CRLs</help> - <valueless/> - </properties> - </leafNode> + #include <include/pki/cli-revoke.xml.i> </children> </tagNode> <tagNode name="dh"> @@ -195,15 +143,7 @@ <help>Public key</help> </properties> <children> - <leafNode name="key"> - <properties> - <help>Public key in PEM format</help> - <constraint> - <validator name="base64"/> - </constraint> - <constraintErrorMessage>Public key is not base64-encoded</constraintErrorMessage> - </properties> - </leafNode> + #include <include/pki/cli-public-key-base64.xml.i> </children> </node> <node name="private"> @@ -211,21 +151,32 @@ <help>Private key</help> </properties> <children> - <leafNode name="key"> - <properties> - <help>Private key in PEM format</help> - <constraint> - <validator name="base64"/> - </constraint> - <constraintErrorMessage>Private key is not base64-encoded</constraintErrorMessage> - </properties> - </leafNode> - <leafNode name="password-protected"> - <properties> - <help>Private key is password protected</help> - <valueless/> - </properties> - </leafNode> + #include <include/pki/cli-private-key-base64.xml.i> + #include <include/pki/password-protected.xml.i> + </children> + </node> + </children> + </tagNode> + <tagNode name="openssh"> + <properties> + <help>OpenSSH public and private keys</help> + </properties> + <children> + <node name="public"> + <properties> + <help>Public key</help> + </properties> + <children> + #include <include/pki/cli-public-key-base64.xml.i> + </children> + </node> + <node name="private"> + <properties> + <help>Private key</help> + </properties> + <children> + #include <include/pki/cli-private-key-base64.xml.i> + #include <include/pki/password-protected.xml.i> </children> </node> </children> diff --git a/interface-definitions/protocols_rpki.xml.in b/interface-definitions/protocols_rpki.xml.in index a2a0a2799..6c71f69f3 100644 --- a/interface-definitions/protocols_rpki.xml.in +++ b/interface-definitions/protocols_rpki.xml.in @@ -4,7 +4,8 @@ <children> <node name="rpki" owner="${vyos_conf_scripts_dir}/protocols_rpki.py"> <properties> - <help>BGP prefix origin validation</help> + <help>Resource Public Key Infrastructure (RPKI)</help> + <priority>819</priority> </properties> <children> <tagNode name="cache"> diff --git a/smoketest/scripts/cli/test_protocols_bgp.py b/smoketest/scripts/cli/test_protocols_bgp.py index 08a6e1696..eadd8a004 100755 --- a/smoketest/scripts/cli/test_protocols_bgp.py +++ b/smoketest/scripts/cli/test_protocols_bgp.py @@ -60,7 +60,7 @@ neighbor_config = { 'route_map_out' : route_map_out, 'no_send_comm_ext' : '', 'addpath_all' : '', - 'p_attr_discard' : '123', + 'p_attr_discard' : ['10', '20', '30', '40', '50'], }, '192.0.2.2' : { 'bfd_profile' : bfd_profile, @@ -137,7 +137,7 @@ peer_group_config = { 'cap_over' : '', 'ttl_security' : '5', 'disable_conn_chk' : '', - 'p_attr_discard' : '250', + 'p_attr_discard' : ['100', '150', '200'], }, 'bar' : { 'remote_as' : '111', @@ -284,7 +284,8 @@ class TestProtocolsBGP(VyOSUnitTestSHIM.TestCase): if 'addpath_all' in peer_config: self.assertIn(f' neighbor {peer} addpath-tx-all-paths', frrconfig) if 'p_attr_discard' in peer_config: - self.assertIn(f' neighbor {peer} path-attribute discard {peer_config["p_attr_discard"]}', frrconfig) + tmp = ' '.join(peer_config["p_attr_discard"]) + self.assertIn(f' neighbor {peer} path-attribute discard {tmp}', frrconfig) if 'p_attr_taw' in peer_config: self.assertIn(f' neighbor {peer} path-attribute treat-as-withdraw {peer_config["p_attr_taw"]}', frrconfig) if 'addpath_per_as' in peer_config: @@ -460,7 +461,8 @@ class TestProtocolsBGP(VyOSUnitTestSHIM.TestCase): if 'update_src' in peer_config: self.cli_set(base_path + ['neighbor', peer, 'update-source', peer_config["update_src"]]) if 'p_attr_discard' in peer_config: - self.cli_set(base_path + ['neighbor', peer, 'path-attribute', 'discard', peer_config["p_attr_discard"]]) + for attribute in peer_config['p_attr_discard']: + self.cli_set(base_path + ['neighbor', peer, 'path-attribute', 'discard', attribute]) if 'p_attr_taw' in peer_config: self.cli_set(base_path + ['neighbor', peer, 'path-attribute', 'treat-as-withdraw', peer_config["p_attr_taw"]]) if 'route_map_in' in peer_config: @@ -584,7 +586,8 @@ class TestProtocolsBGP(VyOSUnitTestSHIM.TestCase): if 'disable_conn_chk' in config: self.cli_set(base_path + ['peer-group', peer_group, 'disable-connected-check']) if 'p_attr_discard' in config: - self.cli_set(base_path + ['peer-group', peer_group, 'path-attribute', 'discard', config["p_attr_discard"]]) + for attribute in config['p_attr_discard']: + self.cli_set(base_path + ['peer-group', peer_group, 'path-attribute', 'discard', attribute]) if 'p_attr_taw' in config: self.cli_set(base_path + ['peer-group', peer_group, 'path-attribute', 'treat-as-withdraw', config["p_attr_taw"]]) |