diff options
68 files changed, 360 insertions, 210 deletions
diff --git a/.github/workflows/unused-imports.yml b/.github/workflows/unused-imports.yml index d6e820ae6..da57bd270 100644 --- a/.github/workflows/unused-imports.yml +++ b/.github/workflows/unused-imports.yml @@ -1,7 +1,9 @@ name: Check for unused imports using Pylint on: pull_request_target: - types: [opened, reopened, ready_for_review, locked] + branches: + - current + - sagitta jobs: Check-Unused-Imports: @@ -7,7 +7,7 @@ LIBS := -lzmq CFLAGS := BUILD_ARCH := $(shell dpkg-architecture -q DEB_BUILD_ARCH) J2LINT := $(shell command -v j2lint 2> /dev/null) -PYLINT_FILES := $(shell git ls-files *.py) +PYLINT_FILES := $(shell git ls-files *.py src/migration-scripts) config_xml_src = $(wildcard interface-definitions/*.xml.in) config_xml_obj = $(config_xml_src:.xml.in=.xml) diff --git a/data/templates/conntrackd/conntrackd.conf.j2 b/data/templates/conntrackd/conntrackd.conf.j2 index 669b20877..30e619daf 100644 --- a/data/templates/conntrackd/conntrackd.conf.j2 +++ b/data/templates/conntrackd/conntrackd.conf.j2 @@ -4,6 +4,7 @@ Sync { Mode FTFW { DisableExternalCache {{ 'on' if disable_external_cache is vyos_defined else 'off' }} + StartupResync {{ 'on' if startup_resync is vyos_defined else 'off' }} } {% for iface, iface_config in interface.items() %} {% if iface_config.peer is vyos_defined %} diff --git a/debian/control b/debian/control index 2f32e7f35..65e580f03 100644 --- a/debian/control +++ b/debian/control @@ -11,6 +11,7 @@ Build-Depends: libvyosconfig0 (>= 0.0.7), libzmq3-dev, python3 (>= 3.10), + pylint, python3-coverage, python3-lxml, python3-netifaces, diff --git a/interface-definitions/service_conntrack-sync.xml.in b/interface-definitions/service_conntrack-sync.xml.in index 397864867..631c830b4 100644 --- a/interface-definitions/service_conntrack-sync.xml.in +++ b/interface-definitions/service_conntrack-sync.xml.in @@ -81,6 +81,12 @@ <multi/> </properties> </leafNode> + <leafNode name="startup-resync"> + <properties> + <help>Order conntrackd to request a complete conntrack table resync against the other node at startup</help> + <valueless/> + </properties> + </leafNode> <node name="failover-mechanism"> <properties> <help>Failover mechanism to use for conntrack-sync</help> diff --git a/op-mode-definitions/firewall.xml.in b/op-mode-definitions/firewall.xml.in index 50d52d6ca..6a254ee11 100644 --- a/op-mode-definitions/firewall.xml.in +++ b/op-mode-definitions/firewall.xml.in @@ -19,14 +19,36 @@ <path>firewall group ipv6-network-group</path> </completionHelp> </properties> + <children> + <leafNode name="detail"> + <properties> + <help>Show list view of firewall groups</help> + <completionHelp> + <path>firewall group detail</path> + </completionHelp> + </properties> + <command>sudo ${vyos_op_scripts_dir}/firewall.py --action show_group --name $4 --detail $5</command> + </leafNode> + </children> <command>sudo ${vyos_op_scripts_dir}/firewall.py --action show_group --name $4</command> </tagNode> - <leafNode name="group"> + <node name="group"> <properties> <help>Show firewall group</help> </properties> + <children> + <leafNode name="detail"> + <properties> + <help>Show list view of firewall group</help> + <completionHelp> + <path>firewall group detail</path> + </completionHelp> + </properties> + <command>sudo ${vyos_op_scripts_dir}/firewall.py --action show_group --detail $4</command> + </leafNode> + </children> <command>sudo ${vyos_op_scripts_dir}/firewall.py --action show_group</command> - </leafNode> + </node> <node name="bridge"> <properties> <help>Show bridge firewall</help> @@ -42,6 +64,15 @@ <help>Show bridge forward filter firewall ruleset</help> </properties> <children> + <leafNode name="detail"> + <properties> + <help>Show list view of bridge forward filter firewall rules</help> + <completionHelp> + <path>firewall bridge forward filter detail</path> + </completionHelp> + </properties> + <command>sudo ${vyos_op_scripts_dir}/firewall.py --action show --family $3 --hook $4 --priority $5 --detail $6</command> + </leafNode> <tagNode name="rule"> <properties> <help>Show summary of bridge forward filter firewall rules</help> @@ -49,6 +80,17 @@ <path>firewall bridge forward filter rule</path> </completionHelp> </properties> + <children> + <leafNode name="detail"> + <properties> + <help>Show list view of specific bridge forward filter firewall rule</help> + <completionHelp> + <path>firewall bridge forward filter detail</path> + </completionHelp> + </properties> + <command>sudo ${vyos_op_scripts_dir}/firewall.py --action show --family $3 --hook $4 --priority $5 --rule $7 --detail $8</command> + </leafNode> + </children> <command>sudo ${vyos_op_scripts_dir}/firewall.py --action show --family $3 --hook $4 --priority $5 --rule $7</command> </tagNode> </children> @@ -64,6 +106,15 @@ </completionHelp> </properties> <children> + <leafNode name="detail"> + <properties> + <help>Show list view of bridge custom firewall chains</help> + <completionHelp> + <path>firewall bridge name detail</path> + </completionHelp> + </properties> + <command>sudo ${vyos_op_scripts_dir}/firewall.py --action show --family $3 --hook $4 --priority $5 --detail $6</command> + </leafNode> <tagNode name="rule"> <properties> <help>Show summary of bridge custom firewall ruleset</help> @@ -71,6 +122,17 @@ <path>firewall bridge name ${COMP_WORDS[5]} rule</path> </completionHelp> </properties> + <children> + <leafNode name="detail"> + <properties> + <help>Show list view of bridge custom firewall rules</help> + <completionHelp> + <path>firewall bridge name ${COMP_WORDS[5]} rule detail</path> + </completionHelp> + </properties> + <command>sudo ${vyos_op_scripts_dir}/firewall.py --action show --family $3 --hook $4 --priority $5 --rule $7 --detail $8</command> + </leafNode> + </children> <command>sudo ${vyos_op_scripts_dir}/firewall.py --action show --family $3 --hook $4 --priority $5 --rule $7</command> </tagNode> </children> @@ -94,6 +156,15 @@ <help>Show IPv6 forward filter firewall ruleset</help> </properties> <children> + <leafNode name="detail"> + <properties> + <help>Show list view of IPv6 forward filter firewall ruleset</help> + <completionHelp> + <path>firewall ipv6 forward filter detail</path> + </completionHelp> + </properties> + <command>sudo ${vyos_op_scripts_dir}/firewall.py --action show --family $3 --hook $4 --priority $5 --detail $6</command> + </leafNode> <tagNode name="rule"> <properties> <help>Show summary of IPv6 forward filter firewall rules</help> @@ -101,6 +172,17 @@ <path>firewall ipv6 forward filter rule</path> </completionHelp> </properties> + <children> + <leafNode name="detail"> + <properties> + <help>Show list view of IPv6 forward filter firewall rules</help> + <completionHelp> + <path>firewall ipv6 forward filter rule detail</path> + </completionHelp> + </properties> + <command>sudo ${vyos_op_scripts_dir}/firewall.py --action show --family $3 --hook $4 --priority $5 --rule $7 --detail $8</command> + </leafNode> + </children> <command>sudo ${vyos_op_scripts_dir}/firewall.py --action show --family $3 --hook $4 --priority $5 --rule $7</command> </tagNode> </children> @@ -118,6 +200,15 @@ <help>Show IPv6 forward input firewall ruleset</help> </properties> <children> + <leafNode name="detail"> + <properties> + <help>Show list view of IPv6 input firewall ruleset</help> + <completionHelp> + <path>firewall ipv6 input filter detail</path> + </completionHelp> + </properties> + <command>sudo ${vyos_op_scripts_dir}/firewall.py --action show --family $3 --hook $4 --priority $5 --detail $6</command> + </leafNode> <tagNode name="rule"> <properties> <help>Show summary of IPv6 input filter firewall rules</help> @@ -125,6 +216,17 @@ <path>firewall ipv6 input filter rule</path> </completionHelp> </properties> + <children> + <leafNode name="detail"> + <properties> + <help>Show list view of IPv6 input filter firewall rules</help> + <completionHelp> + <path>firewall ipv6 input filter rule detail</path> + </completionHelp> + </properties> + <command>sudo ${vyos_op_scripts_dir}/firewall.py --action show --family $3 --hook $4 --priority $5 --rule $7 --detail $8</command> + </leafNode> + </children> <command>sudo ${vyos_op_scripts_dir}/firewall.py --action show --family $3 --hook $4 --priority $5 --rule $7</command> </tagNode> </children> @@ -142,6 +244,15 @@ <help>Show IPv6 output filter firewall ruleset</help> </properties> <children> + <leafNode name="detail"> + <properties> + <help>Show list view of IPv6 output input firewall ruleset</help> + <completionHelp> + <path>firewall ipv6 output filter detail</path> + </completionHelp> + </properties> + <command>sudo ${vyos_op_scripts_dir}/firewall.py --action show --family $3 --hook $4 --priority $5 --detail $6</command> + </leafNode> <tagNode name="rule"> <properties> <help>Show summary of IPv6 output filter firewall rules</help> @@ -149,6 +260,17 @@ <path>firewall ipv6 output filter rule</path> </completionHelp> </properties> + <children> + <leafNode name="detail"> + <properties> + <help>Show list view of IPv6 output filter firewall rules</help> + <completionHelp> + <path>firewall ipv6 output filter rule detail</path> + </completionHelp> + </properties> + <command>sudo ${vyos_op_scripts_dir}/firewall.py --action show --family $3 --hook $4 --priority $5 --rule $7 --detail $8</command> + </leafNode> + </children> <command>sudo ${vyos_op_scripts_dir}/firewall.py --action show --family $3 --hook $4 --priority $5 --rule $7</command> </tagNode> </children> @@ -164,6 +286,15 @@ </completionHelp> </properties> <children> + <leafNode name="detail"> + <properties> + <help>Show list view of IPv6 custom firewall chains</help> + <completionHelp> + <path>firewall ipv6 name detail</path> + </completionHelp> + </properties> + <command>sudo ${vyos_op_scripts_dir}/firewall.py --action show --family $3 --hook $4 --priority $5 --detail $6</command> + </leafNode> <tagNode name="rule"> <properties> <help>Show summary of IPv6 custom firewall ruleset</help> @@ -171,6 +302,17 @@ <path>firewall ipv6 name ${COMP_WORDS[5]} rule</path> </completionHelp> </properties> + <children> + <leafNode name="detail"> + <properties> + <help>Show list view of IPv6 custom firewall rules</help> + <completionHelp> + <path>firewall ipv6 name ${COMP_WORDS[5]} rule detail</path> + </completionHelp> + </properties> + <command>sudo ${vyos_op_scripts_dir}/firewall.py --action show --family $3 --hook $4 --priority $5 --rule $7 --detail $8</command> + </leafNode> + </children> <command>sudo ${vyos_op_scripts_dir}/firewall.py --action show --family $3 --hook $4 --priority $5 --rule $7</command> </tagNode> </children> @@ -194,6 +336,15 @@ <help>Show IPv4 forward filter firewall ruleset</help> </properties> <children> + <leafNode name="detail"> + <properties> + <help>Show list view of IPv4 forward filter firewall ruleset</help> + <completionHelp> + <path>firewall ipv4 forward filter detail</path> + </completionHelp> + </properties> + <command>sudo ${vyos_op_scripts_dir}/firewall.py --action show --family $3 --hook $4 --priority $5 --detail $6</command> + </leafNode> <tagNode name="rule"> <properties> <help>Show summary of IPv4 forward filter firewall rules</help> @@ -201,6 +352,17 @@ <path>firewall ipv4 forward filter rule</path> </completionHelp> </properties> + <children> + <leafNode name="detail"> + <properties> + <help>Show list view of IPv4 forward filter firewall rules</help> + <completionHelp> + <path>firewall ipv4 forward filter rule detail</path> + </completionHelp> + </properties> + <command>sudo ${vyos_op_scripts_dir}/firewall.py --action show --family $3 --hook $4 --priority $5 --rule $7 --detail $8</command> + </leafNode> + </children> <command>sudo ${vyos_op_scripts_dir}/firewall.py --action show --family $3 --hook $4 --priority $5 --rule $7</command> </tagNode> </children> @@ -218,6 +380,15 @@ <help>Show IPv4 forward input firewall ruleset</help> </properties> <children> + <leafNode name="detail"> + <properties> + <help>Show list view of IPv4 input filter firewall ruleset</help> + <completionHelp> + <path>firewall ipv4 input filter detail</path> + </completionHelp> + </properties> + <command>sudo ${vyos_op_scripts_dir}/firewall.py --action show --family $3 --hook $4 --priority $5 --detail $6</command> + </leafNode> <tagNode name="rule"> <properties> <help>Show summary of IPv4 input filter firewall rules</help> @@ -225,6 +396,17 @@ <path>firewall ipv4 input filter rule</path> </completionHelp> </properties> + <children> + <leafNode name="detail"> + <properties> + <help>Show list view of IPv4 input filter firewall rules</help> + <completionHelp> + <path>firewall ipv4 input filter rule detail</path> + </completionHelp> + </properties> + <command>sudo ${vyos_op_scripts_dir}/firewall.py --action show --family $3 --hook $4 --priority $5 --rule $7 --detail $8</command> + </leafNode> + </children> <command>sudo ${vyos_op_scripts_dir}/firewall.py --action show --family $3 --hook $4 --priority $5 --rule $7</command> </tagNode> </children> @@ -242,6 +424,15 @@ <help>Show IPv4 output filter firewall ruleset</help> </properties> <children> + <leafNode name="detail"> + <properties> + <help>Show list view of IPv4 output filter firewall ruleset</help> + <completionHelp> + <path>firewall ipv4 input output detail</path> + </completionHelp> + </properties> + <command>sudo ${vyos_op_scripts_dir}/firewall.py --action show --family $3 --hook $4 --priority $5 --detail $6</command> + </leafNode> <tagNode name="rule"> <properties> <help>Show summary of IPv4 output filter firewall rules</help> @@ -249,6 +440,17 @@ <path>firewall ipv4 output filter rule</path> </completionHelp> </properties> + <children> + <leafNode name="detail"> + <properties> + <help>Show list view of IPv4 output filter firewall rules</help> + <completionHelp> + <path>firewall ipv4 input output rule detail</path> + </completionHelp> + </properties> + <command>sudo ${vyos_op_scripts_dir}/firewall.py --action show --family $3 --hook $4 --priority $5 --rule $7 --detail $8</command> + </leafNode> + </children> <command>sudo ${vyos_op_scripts_dir}/firewall.py --action show --family $3 --hook $4 --priority $5 --rule $7</command> </tagNode> </children> @@ -264,6 +466,15 @@ </completionHelp> </properties> <children> + <leafNode name="detail"> + <properties> + <help>Show list view of IPv4 custom firewall chains</help> + <completionHelp> + <path>firewall ipv4 name detail</path> + </completionHelp> + </properties> + <command>sudo ${vyos_op_scripts_dir}/firewall.py --action show --family $3 --hook $4 --priority $5 --detail $6</command> + </leafNode> <tagNode name="rule"> <properties> <help>Show summary of IPv4 custom firewall ruleset</help> @@ -271,6 +482,17 @@ <path>firewall ipv4 name ${COMP_WORDS[5]} rule</path> </completionHelp> </properties> + <children> + <leafNode name="detail"> + <properties> + <help>Show list view of IPv4 custom firewall ruleset</help> + <completionHelp> + <path>firewall ipv4 name ${COMP_WORDS[5]} rule detail</path> + </completionHelp> + </properties> + <command>sudo ${vyos_op_scripts_dir}/firewall.py --action show --family $3 --hook $4 --priority $5 --rule $7 --detail $8</command> + </leafNode> + </children> <command>sudo ${vyos_op_scripts_dir}/firewall.py --action show --family $3 --hook $4 --priority $5 --rule $7</command> </tagNode> </children> @@ -279,12 +501,23 @@ </children> <command>sudo ${vyos_op_scripts_dir}/firewall.py --action show_family --family $3</command> </node> - <leafNode name="statistics"> + <node name="statistics"> <properties> <help>Show statistics of firewall application</help> </properties> + <children> + <leafNode name="detail"> + <properties> + <help>Show list view of firewall statistics</help> + <completionHelp> + <path>firewall statistics detail</path> + </completionHelp> + </properties> + <command>sudo ${vyos_op_scripts_dir}/firewall.py --action show_statistics --detail $4</command> + </leafNode> + </children> <command>sudo ${vyos_op_scripts_dir}/firewall.py --action show_statistics</command> - </leafNode> + </node> <leafNode name="summary"> <properties> <help>Show summary of firewall application</help> diff --git a/smoketest/scripts/cli/test_interfaces_pppoe.py b/smoketest/scripts/cli/test_interfaces_pppoe.py index e99d8b3d1..2683a3122 100755 --- a/smoketest/scripts/cli/test_interfaces_pppoe.py +++ b/smoketest/scripts/cli/test_interfaces_pppoe.py @@ -1,6 +1,6 @@ #!/usr/bin/env python3 # -# Copyright (C) 2019-2023 VyOS maintainers and contributors +# Copyright (C) 2019-2024 VyOS maintainers and contributors # # This program is free software; you can redistribute it and/or modify # it under the terms of the GNU General Public License version 2 or later as @@ -20,6 +20,7 @@ from psutil import process_iter from base_vyostest_shim import VyOSUnitTestSHIM from vyos.configsession import ConfigSessionError +from vyos.xml_ref import default_value config_file = '/etc/ppp/peers/{}' base_path = ['interfaces', 'pppoe'] @@ -169,10 +170,10 @@ class PPPoEInterfaceTest(VyOSUnitTestSHIM.TestCase): for interface in self._interfaces: user = f'VyOS-user-{interface}' passwd = f'VyOS-passwd-{interface}' + mtu_default = default_value(base_path + [interface, 'mtu']) - # verify "normal" PPPoE value - 1492 is default MTU tmp = get_config_value(interface, 'mtu')[1] - self.assertEqual(tmp, '1492') + self.assertEqual(tmp, mtu_default) tmp = get_config_value(interface, 'user')[1].replace('"', '') self.assertEqual(tmp, user) tmp = get_config_value(interface, 'password')[1].replace('"', '') diff --git a/smoketest/scripts/cli/test_interfaces_wireless.py b/smoketest/scripts/cli/test_interfaces_wireless.py index 95246a7b9..83b00ac0c 100755 --- a/smoketest/scripts/cli/test_interfaces_wireless.py +++ b/smoketest/scripts/cli/test_interfaces_wireless.py @@ -25,6 +25,7 @@ from vyos.configsession import ConfigSessionError from vyos.utils.process import process_named_running from vyos.utils.kernel import check_kmod from vyos.utils.file import read_file +from vyos.xml_ref import default_value def get_config_value(interface, key): tmp = read_file(f'/run/hostapd/{interface}.conf') @@ -127,7 +128,8 @@ class WirelessInterfaceTest(BasicInterfaceTest.TestCase): # channel tmp = get_config_value(interface, 'channel') - self.assertEqual('0', tmp) # default is channel 0 + cli_default = default_value(self._base_path + [interface, 'channel']) + self.assertEqual(cli_default, tmp) # auto-powersave is special tmp = get_config_value(interface, 'uapsd_advertisement_enabled') diff --git a/smoketest/scripts/cli/test_netns.py b/smoketest/scripts/cli/test_netns.py index 55ad7c83b..d11a5d8f1 100755 --- a/smoketest/scripts/cli/test_netns.py +++ b/smoketest/scripts/cli/test_netns.py @@ -16,7 +16,6 @@ import unittest -from netifaces import interfaces from base_vyostest_shim import VyOSUnitTestSHIM from vyos.utils.process import cmd diff --git a/smoketest/scripts/cli/test_service_dhcpv6-server.py b/smoketest/scripts/cli/test_service_dhcpv6-server.py index 4d9dabc3f..cb6206632 100755 --- a/smoketest/scripts/cli/test_service_dhcpv6-server.py +++ b/smoketest/scripts/cli/test_service_dhcpv6-server.py @@ -1,6 +1,6 @@ #!/usr/bin/env python3 # -# Copyright (C) 2020-2022 VyOS maintainers and contributors +# Copyright (C) 2020-2024 VyOS maintainers and contributors # # This program is free software; you can redistribute it and/or modify # it under the terms of the GNU General Public License version 2 or later as @@ -18,7 +18,6 @@ import unittest from base_vyostest_shim import VyOSUnitTestSHIM -from vyos.configsession import ConfigSessionError from vyos.template import inc_ip from vyos.utils.process import process_named_running from vyos.utils.file import read_file diff --git a/smoketest/scripts/cli/test_service_https.py b/smoketest/scripts/cli/test_service_https.py index 94eade2d7..f2a64627f 100755 --- a/smoketest/scripts/cli/test_service_https.py +++ b/smoketest/scripts/cli/test_service_https.py @@ -27,6 +27,7 @@ from vyos.utils.file import read_file from vyos.utils.file import write_file from vyos.utils.process import call from vyos.utils.process import process_named_running +from vyos.xml_ref import default_value from vyos.configsession import ConfigSessionError @@ -147,10 +148,8 @@ class TestHTTPSService(VyOSUnitTestSHIM.TestCase): @ignore_warning(InsecureRequestWarning) def test_api_auth(self): - vhost_id = 'example' address = '127.0.0.1' - port = '443' # default value - name = 'localhost' + port = default_value(base_path + ['port']) key = 'MySuperSecretVyOS' self.cli_set(base_path + ['api', 'keys', 'id', 'key-01', 'key', key]) @@ -420,7 +419,6 @@ class TestHTTPSService(VyOSUnitTestSHIM.TestCase): url = f'https://{address}/config-file' url_config = f'https://{address}/configure' headers = {} - tmp_file = 'tmp-config.boot' self.cli_set(base_path + ['api', 'keys', 'id', 'key-01', 'key', key]) self.cli_commit() diff --git a/smoketest/scripts/cli/test_service_ssh.py b/smoketest/scripts/cli/test_service_ssh.py index 031897c26..b09990c92 100755 --- a/smoketest/scripts/cli/test_service_ssh.py +++ b/smoketest/scripts/cli/test_service_ssh.py @@ -1,6 +1,6 @@ #!/usr/bin/env python3 # -# Copyright (C) 2019-2022 VyOS maintainers and contributors +# Copyright (C) 2019-2024 VyOS maintainers and contributors # # This program is free software; you can redistribute it and/or modify # it under the terms of the GNU General Public License version 2 or later as @@ -28,6 +28,7 @@ from vyos.utils.process import cmd from vyos.utils.process import is_systemd_service_running from vyos.utils.process import process_named_running from vyos.utils.file import read_file +from vyos.xml_ref import default_value PROCESS_NAME = 'sshd' SSHD_CONF = '/run/sshd/sshd_config' @@ -78,9 +79,10 @@ class TestServiceSSH(VyOSUnitTestSHIM.TestCase): # commit changes self.cli_commit() - # Check configured port - port = get_config_value('Port')[0] - self.assertEqual('22', port) # default value + # Check configured port agains CLI default value + port = get_config_value('Port') + cli_default = default_value(base_path + ['port']) + self.assertEqual(port, cli_default) def test_ssh_single_listen_address(self): # Check if SSH service can be configured and runs diff --git a/src/conf_mode/protocols_ospf.py b/src/conf_mode/protocols_ospf.py index ee29f8198..6fffe7e0d 100755 --- a/src/conf_mode/protocols_ospf.py +++ b/src/conf_mode/protocols_ospf.py @@ -14,8 +14,6 @@ # You should have received a copy of the GNU General Public License # along with this program. If not, see <http://www.gnu.org/licenses/>. -import os - from sys import exit from sys import argv diff --git a/src/conf_mode/service_dhcp-server.py b/src/conf_mode/service_dhcp-server.py index 3cfd74a19..544b759ac 100755 --- a/src/conf_mode/service_dhcp-server.py +++ b/src/conf_mode/service_dhcp-server.py @@ -18,7 +18,6 @@ import os from ipaddress import ip_address from ipaddress import ip_network -from netaddr import IPAddress from netaddr import IPRange from sys import exit diff --git a/src/conf_mode/service_dhcpv6-server.py b/src/conf_mode/service_dhcpv6-server.py index 427001609..5489a744e 100755 --- a/src/conf_mode/service_dhcpv6-server.py +++ b/src/conf_mode/service_dhcpv6-server.py @@ -1,6 +1,6 @@ #!/usr/bin/env python3 # -# Copyright (C) 2018-2022 VyOS maintainers and contributors +# Copyright (C) 2018-2024 VyOS maintainers and contributors # # This program is free software; you can redistribute it and/or modify # it under the terms of the GNU General Public License version 2 or later as @@ -22,7 +22,6 @@ from sys import exit from vyos.config import Config from vyos.template import render -from vyos.template import is_ipv6 from vyos.utils.process import call from vyos.utils.dict import dict_search from vyos.utils.network import is_subnet_connected diff --git a/src/helpers/vyos_config_sync.py b/src/helpers/vyos_config_sync.py index 77f7cd810..7eec3f4f3 100755 --- a/src/helpers/vyos_config_sync.py +++ b/src/helpers/vyos_config_sync.py @@ -21,7 +21,7 @@ import json import requests import urllib3 import logging -from typing import Optional, List, Union, Dict, Any +from typing import Optional, List, Dict, Any from vyos.config import Config from vyos.template import bracketize_ipv6 diff --git a/src/migration-scripts/conntrack/2-to-3 b/src/migration-scripts/conntrack/2-to-3 index 6fb457b7f..6bb42be1e 100755 --- a/src/migration-scripts/conntrack/2-to-3 +++ b/src/migration-scripts/conntrack/2-to-3 @@ -6,7 +6,6 @@ import sys from vyos.configtree import ConfigTree -from vyos.version import get_version if len(sys.argv) < 2: print('Must specify file name!') diff --git a/src/migration-scripts/firewall/10-to-11 b/src/migration-scripts/firewall/10-to-11 index abb804a28..854d5a558 100755 --- a/src/migration-scripts/firewall/10-to-11 +++ b/src/migration-scripts/firewall/10-to-11 @@ -1,6 +1,6 @@ #!/usr/bin/env python3 # -# Copyright (C) 2023 VyOS maintainers and contributors +# Copyright (C) 2023-2024 VyOS maintainers and contributors # # This program is free software; you can redistribute it and/or modify # it under the terms of the GNU General Public License version 2 or later as @@ -16,12 +16,12 @@ # T5160: Firewall re-writing -# cli changes from: +# cli changes from: # set firewall name <name> ... # set firewall ipv6-name <name> ... # To -# set firewall ipv4 name <name> -# set firewall ipv6 name <name> +# set firewall ipv4 name <name> +# set firewall ipv6 name <name> ## Also from 'firewall interface' removed. ## in and out: @@ -37,13 +37,10 @@ # set firewall [ipv4 | ipv6] input filter rule <5,10,15,...> action jump # set firewall [ipv4 | ipv6] input filter rule <5,10,15,...> jump-target <name> -import re - from sys import argv from sys import exit from vyos.configtree import ConfigTree -from vyos.ifconfig import Section if len(argv) < 2: print("Must specify file name!") @@ -207,4 +204,4 @@ try: f.write(config.to_string()) except OSError as e: print("Failed to save the modified config: {}".format(e)) - exit(1)
\ No newline at end of file + exit(1) diff --git a/src/migration-scripts/firewall/11-to-12 b/src/migration-scripts/firewall/11-to-12 index ba8374d66..f9122e74c 100755 --- a/src/migration-scripts/firewall/11-to-12 +++ b/src/migration-scripts/firewall/11-to-12 @@ -1,6 +1,6 @@ #!/usr/bin/env python3 # -# Copyright (C) 2023 VyOS maintainers and contributors +# Copyright (C) 2023-2024 VyOS maintainers and contributors # # This program is free software; you can redistribute it and/or modify # it under the terms of the GNU General Public License version 2 or later as @@ -22,13 +22,10 @@ # set firewall ... rule <rule> [inbound-interface | outboubd-interface] name <iface> # set firewall ... rule <rule> [inbound-interface | outboubd-interface] group <iface_group> -import re - from sys import argv from sys import exit from vyos.configtree import ConfigTree -from vyos.ifconfig import Section if len(argv) < 2: print("Must specify file name!") @@ -71,4 +68,4 @@ try: f.write(config.to_string()) except OSError as e: print("Failed to save the modified config: {}".format(e)) - exit(1)
\ No newline at end of file + exit(1) diff --git a/src/migration-scripts/firewall/12-to-13 b/src/migration-scripts/firewall/12-to-13 index 8396dd9d1..d72ba834d 100755 --- a/src/migration-scripts/firewall/12-to-13 +++ b/src/migration-scripts/firewall/12-to-13 @@ -1,6 +1,6 @@ #!/usr/bin/env python3 # -# Copyright (C) 2023 VyOS maintainers and contributors +# Copyright (C) 2023-2024 VyOS maintainers and contributors # # This program is free software; you can redistribute it and/or modify # it under the terms of the GNU General Public License version 2 or later as @@ -25,13 +25,10 @@ # set firewall ... rule <rule> state <state> # Remove command if log=disable or <state>=disable -import re - from sys import argv from sys import exit from vyos.configtree import ConfigTree -from vyos.ifconfig import Section if len(argv) < 2: print("Must specify file name!") @@ -89,4 +86,4 @@ try: f.write(config.to_string()) except OSError as e: print("Failed to save the modified config: {}".format(e)) - exit(1)
\ No newline at end of file + exit(1) diff --git a/src/migration-scripts/firewall/7-to-8 b/src/migration-scripts/firewall/7-to-8 index d06c3150a..bbaba113a 100755 --- a/src/migration-scripts/firewall/7-to-8 +++ b/src/migration-scripts/firewall/7-to-8 @@ -1,6 +1,6 @@ #!/usr/bin/env python3 # -# Copyright (C) 2022 VyOS maintainers and contributors +# Copyright (C) 2022-2024 VyOS maintainers and contributors # # This program is free software; you can redistribute it and/or modify # it under the terms of the GNU General Public License version 2 or later as @@ -17,13 +17,10 @@ # T2199: Migrate interface firewall nodes to firewall interfaces <ifname> <direction> name/ipv6-name <name> # T2199: Migrate zone-policy to firewall node -import re - from sys import argv from sys import exit from vyos.configtree import ConfigTree -from vyos.ifconfig import Section if len(argv) < 2: print("Must specify file name!") diff --git a/src/migration-scripts/firewall/8-to-9 b/src/migration-scripts/firewall/8-to-9 index d7647354a..6e019beb2 100755 --- a/src/migration-scripts/firewall/8-to-9 +++ b/src/migration-scripts/firewall/8-to-9 @@ -1,6 +1,6 @@ #!/usr/bin/env python3 # -# Copyright (C) 2022 VyOS maintainers and contributors +# Copyright (C) 2022-2024 VyOS maintainers and contributors # # This program is free software; you can redistribute it and/or modify # it under the terms of the GNU General Public License version 2 or later as @@ -15,18 +15,15 @@ # along with this program. If not, see <http://www.gnu.org/licenses/>. # T4780: Add firewall interface group -# cli changes from: +# cli changes from: # set firewall [name | ipv6-name] <name> rule <number> [inbound-interface | outbound-interface] <interface_name> # To # set firewall [name | ipv6-name] <name> rule <number> [inbound-interface | outbound-interface] [interface-name | interface-group] <interface_name | interface_group> -import re - from sys import argv from sys import exit from vyos.configtree import ConfigTree -from vyos.ifconfig import Section if len(argv) < 2: print("Must specify file name!") @@ -88,4 +85,4 @@ try: f.write(config.to_string()) except OSError as e: print("Failed to save the modified config: {}".format(e)) - exit(1)
\ No newline at end of file + exit(1) diff --git a/src/migration-scripts/firewall/9-to-10 b/src/migration-scripts/firewall/9-to-10 index a70460718..ce509a731 100755 --- a/src/migration-scripts/firewall/9-to-10 +++ b/src/migration-scripts/firewall/9-to-10 @@ -1,6 +1,6 @@ #!/usr/bin/env python3 # -# Copyright (C) 2023 VyOS maintainers and contributors +# Copyright (C) 2023-2024 VyOS maintainers and contributors # # This program is free software; you can redistribute it and/or modify # it under the terms of the GNU General Public License version 2 or later as @@ -15,18 +15,15 @@ # along with this program. If not, see <http://www.gnu.org/licenses/>. # T5050: Log options -# cli changes from: +# cli changes from: # set firewall [name | ipv6-name] <name> rule <number> log-level <log_level> # To # set firewall [name | ipv6-name] <name> rule <number> log-options level <log_level> -import re - from sys import argv from sys import exit from vyos.configtree import ConfigTree -from vyos.ifconfig import Section if len(argv) < 2: print("Must specify file name!") @@ -50,7 +47,7 @@ if config.exists(base + ['name']): continue for rule in config.list_nodes(base + ['name', name, 'rule']): - log_options_base = base + ['name', name, 'rule', rule, 'log-options'] + log_options_base = base + ['name', name, 'rule', rule, 'log-options'] rule_log_level = base + ['name', name, 'rule', rule, 'log-level'] if config.exists(rule_log_level): @@ -64,7 +61,7 @@ if config.exists(base + ['ipv6-name']): continue for rule in config.list_nodes(base + ['ipv6-name', name, 'rule']): - log_options_base = base + ['ipv6-name', name, 'rule', rule, 'log-options'] + log_options_base = base + ['ipv6-name', name, 'rule', rule, 'log-options'] rule_log_level = base + ['ipv6-name', name, 'rule', rule, 'log-level'] if config.exists(rule_log_level): @@ -77,4 +74,4 @@ try: f.write(config.to_string()) except OSError as e: print("Failed to save the modified config: {}".format(e)) - exit(1)
\ No newline at end of file + exit(1) diff --git a/src/migration-scripts/interfaces/26-to-27 b/src/migration-scripts/interfaces/26-to-27 index 4967a29fa..429ab650f 100755 --- a/src/migration-scripts/interfaces/26-to-27 +++ b/src/migration-scripts/interfaces/26-to-27 @@ -1,6 +1,6 @@ #!/usr/bin/env python3 # -# Copyright (C) 2022 VyOS maintainers and contributors +# Copyright (C) 2022-2024 VyOS maintainers and contributors # # This program is free software; you can redistribute it and/or modify # it under the terms of the GNU General Public License version 2 or later as @@ -18,8 +18,6 @@ # present for DHCP from sys import argv - -from vyos.ethtool import Ethtool from vyos.configtree import ConfigTree if len(argv) < 2: diff --git a/src/migration-scripts/interfaces/27-to-28 b/src/migration-scripts/interfaces/27-to-28 index a0d043d11..9f5e93b5f 100755 --- a/src/migration-scripts/interfaces/27-to-28 +++ b/src/migration-scripts/interfaces/27-to-28 @@ -1,6 +1,6 @@ #!/usr/bin/env python3 # -# Copyright (C) 2023 VyOS maintainers and contributors +# Copyright (C) 2023-2024 VyOS maintainers and contributors # # This program is free software; you can redistribute it and/or modify # it under the terms of the GNU General Public License version 2 or later as @@ -19,7 +19,6 @@ from sys import argv -from vyos.ethtool import Ethtool from vyos.configtree import ConfigTree if len(argv) < 2: diff --git a/src/migration-scripts/interfaces/28-to-29 b/src/migration-scripts/interfaces/28-to-29 index ad5bfa653..0437977dc 100755 --- a/src/migration-scripts/interfaces/28-to-29 +++ b/src/migration-scripts/interfaces/28-to-29 @@ -1,6 +1,6 @@ #!/usr/bin/env python3 # -# Copyright (C) 2023 VyOS maintainers and contributors +# Copyright (C) 2023-2024 VyOS maintainers and contributors # # This program is free software; you can redistribute it and/or modify # it under the terms of the GNU General Public License version 2 or later as @@ -18,8 +18,6 @@ # valueless node. from sys import argv - -from vyos.ethtool import Ethtool from vyos.configtree import ConfigTree if len(argv) < 2: diff --git a/src/migration-scripts/interfaces/29-to-30 b/src/migration-scripts/interfaces/29-to-30 index acb6ee1fb..80aad1d44 100755 --- a/src/migration-scripts/interfaces/29-to-30 +++ b/src/migration-scripts/interfaces/29-to-30 @@ -1,6 +1,6 @@ #!/usr/bin/env python3 # -# Copyright (C) 2023 VyOS maintainers and contributors +# Copyright (C) 2023-2024 VyOS maintainers and contributors # # This program is free software; you can redistribute it and/or modify # it under the terms of the GNU General Public License version 2 or later as @@ -17,8 +17,6 @@ # T5286: remove XDP support in favour of VPP from sys import argv - -from vyos.ethtool import Ethtool from vyos.configtree import ConfigTree if len(argv) < 2: diff --git a/src/migration-scripts/ipoe-server/0-to-1 b/src/migration-scripts/ipoe-server/0-to-1 index ac9d13abc..a6dd46ac1 100755 --- a/src/migration-scripts/ipoe-server/0-to-1 +++ b/src/migration-scripts/ipoe-server/0-to-1 @@ -1,6 +1,6 @@ #!/usr/bin/env python3 # -# Copyright (C) 2022 VyOS maintainers and contributors +# Copyright (C) 2022-2024 VyOS maintainers and contributors # # This program is free software; you can redistribute it and/or modify # it under the terms of the GNU General Public License version 2 or later as @@ -20,9 +20,6 @@ # mac-address -> mac # network-mode -> mode -import os -import sys - from sys import argv, exit from vyos.configtree import ConfigTree diff --git a/src/migration-scripts/ipoe-server/1-to-2 b/src/migration-scripts/ipoe-server/1-to-2 index 11d7911e9..378702693 100755 --- a/src/migration-scripts/ipoe-server/1-to-2 +++ b/src/migration-scripts/ipoe-server/1-to-2 @@ -23,8 +23,6 @@ # 1. The first pool that contains next-poll. # 2. Else, the first pool in the list -import os - from sys import argv from sys import exit from vyos.configtree import ConfigTree diff --git a/src/migration-scripts/ipoe-server/2-to-3 b/src/migration-scripts/ipoe-server/2-to-3 index d4ae0a7ba..0909315a8 100755 --- a/src/migration-scripts/ipoe-server/2-to-3 +++ b/src/migration-scripts/ipoe-server/2-to-3 @@ -16,13 +16,10 @@ # Migrating to named ipv6 pools -import os - from sys import argv from sys import exit from vyos.configtree import ConfigTree - if len(argv) < 2: print("Must specify file name!") exit(1) diff --git a/src/migration-scripts/ipsec/11-to-12 b/src/migration-scripts/ipsec/11-to-12 index e34882c23..4833d0876 100755 --- a/src/migration-scripts/ipsec/11-to-12 +++ b/src/migration-scripts/ipsec/11-to-12 @@ -1,6 +1,6 @@ #!/usr/bin/env python3 # -# Copyright (C) 2023 VyOS maintainers and contributors +# Copyright (C) 2023-2024 VyOS maintainers and contributors # # This program is free software; you can redistribute it and/or modify # it under the terms of the GNU General Public License version 2 or later as @@ -16,8 +16,6 @@ # Remove legacy ipsec.conf and ipsec.secrets - Not supported with swanctl -import re - from sys import argv from sys import exit diff --git a/src/migration-scripts/ipsec/12-to-13 b/src/migration-scripts/ipsec/12-to-13 index c11f708bd..d90c70314 100755 --- a/src/migration-scripts/ipsec/12-to-13 +++ b/src/migration-scripts/ipsec/12-to-13 @@ -17,8 +17,6 @@ # Changed value of dead-peer-detection.action from hold to trap # Changed value of close-action from hold to trap and from restart to start -import re - from sys import argv from sys import exit diff --git a/src/migration-scripts/ipsec/7-to-8 b/src/migration-scripts/ipsec/7-to-8 index e002db0b1..9acc737d5 100755 --- a/src/migration-scripts/ipsec/7-to-8 +++ b/src/migration-scripts/ipsec/7-to-8 @@ -1,6 +1,6 @@ #!/usr/bin/env python3 # -# Copyright (C) 2021 VyOS maintainers and contributors +# Copyright (C) 2021-2024 VyOS maintainers and contributors # # This program is free software; you can redistribute it and/or modify # it under the terms of the GNU General Public License version 2 or later as @@ -26,7 +26,6 @@ from sys import argv from sys import exit from vyos.configtree import ConfigTree -from vyos.pki import load_public_key from vyos.pki import load_private_key from vyos.pki import encode_public_key from vyos.pki import encode_private_key diff --git a/src/migration-scripts/ipsec/9-to-10 b/src/migration-scripts/ipsec/9-to-10 index a4a71d38e..bc10e1997 100755 --- a/src/migration-scripts/ipsec/9-to-10 +++ b/src/migration-scripts/ipsec/9-to-10 @@ -1,6 +1,6 @@ #!/usr/bin/env python3 # -# Copyright (C) 2022 VyOS maintainers and contributors +# Copyright (C) 2022-2024 VyOS maintainers and contributors # # This program is free software; you can redistribute it and/or modify # it under the terms of the GNU General Public License version 2 or later as @@ -20,9 +20,6 @@ from sys import argv from sys import exit from vyos.configtree import ConfigTree -from vyos.template import is_ipv4 -from vyos.template import is_ipv6 - if len(argv) < 2: print("Must specify file name!") diff --git a/src/migration-scripts/l2tp/2-to-3 b/src/migration-scripts/l2tp/2-to-3 index b46b0f22e..8527c2d4a 100755 --- a/src/migration-scripts/l2tp/2-to-3 +++ b/src/migration-scripts/l2tp/2-to-3 @@ -1,6 +1,6 @@ #!/usr/bin/env python3 # -# Copyright (C) 2020 VyOS maintainers and contributors +# Copyright (C) 2020-2024 VyOS maintainers and contributors # # This program is free software; you can redistribute it and/or modify # it under the terms of the GNU General Public License version 2 or later as @@ -17,9 +17,6 @@ # - remove primary/secondary identifier from nameserver # - TODO: remove radius server req-limit -import os -import sys - from sys import argv, exit from vyos.configtree import ConfigTree @@ -38,7 +35,6 @@ if not config.exists(base): # Nothing to do exit(0) else: - # Migrate IPv4 DNS servers dns_base = base + ['dns-servers'] if config.exists(dns_base): diff --git a/src/migration-scripts/l2tp/3-to-4 b/src/migration-scripts/l2tp/3-to-4 index 8c2b909b7..14b86ff04 100755 --- a/src/migration-scripts/l2tp/3-to-4 +++ b/src/migration-scripts/l2tp/3-to-4 @@ -1,6 +1,6 @@ #!/usr/bin/env python3 # -# Copyright (C) 2021-2023 VyOS maintainers and contributors +# Copyright (C) 2021-2024 VyOS maintainers and contributors # # This program is free software; you can redistribute it and/or modify # it under the terms of the GNU General Public License version 2 or later as @@ -23,7 +23,6 @@ from sys import argv from sys import exit from vyos.configtree import ConfigTree from vyos.pki import load_certificate -from vyos.pki import load_crl from vyos.pki import load_private_key from vyos.pki import encode_certificate from vyos.pki import encode_private_key diff --git a/src/migration-scripts/l2tp/4-to-5 b/src/migration-scripts/l2tp/4-to-5 index 3176f895a..b7f4d2677 100755 --- a/src/migration-scripts/l2tp/4-to-5 +++ b/src/migration-scripts/l2tp/4-to-5 @@ -1,6 +1,6 @@ #!/usr/bin/env python3 # -# Copyright (C) 2023 VyOS maintainers and contributors +# Copyright (C) 2023-2024 VyOS maintainers and contributors # # This program is free software; you can redistribute it and/or modify # it under the terms of the GNU General Public License version 2 or later as @@ -19,8 +19,6 @@ # 'subnet' migrate to namedpool 'default-subnet-pool' # 'default-subnet-pool' is the next pool for 'default-range-pool' -import os - from sys import argv from sys import exit from vyos.configtree import ConfigTree diff --git a/src/migration-scripts/l2tp/5-to-6 b/src/migration-scripts/l2tp/5-to-6 index ca0b13dcc..ac40b89c8 100755 --- a/src/migration-scripts/l2tp/5-to-6 +++ b/src/migration-scripts/l2tp/5-to-6 @@ -1,6 +1,6 @@ #!/usr/bin/env python3 # -# Copyright (C) 2023 VyOS maintainers and contributors +# Copyright (C) 2024 VyOS maintainers and contributors # # This program is free software; you can redistribute it and/or modify # it under the terms of the GNU General Public License version 2 or later as @@ -14,14 +14,10 @@ # You should have received a copy of the GNU General Public License # along with this program. If not, see <http://www.gnu.org/licenses/>. - -import os - from sys import argv from sys import exit from vyos.configtree import ConfigTree - if len(argv) < 2: print("Must specify file name!") exit(1) diff --git a/src/migration-scripts/l2tp/6-to-7 b/src/migration-scripts/l2tp/6-to-7 index f49c4ab08..1c536585c 100755 --- a/src/migration-scripts/l2tp/6-to-7 +++ b/src/migration-scripts/l2tp/6-to-7 @@ -16,13 +16,10 @@ # Migrating to named ipv6 pools -import os - from sys import argv from sys import exit from vyos.configtree import ConfigTree - if len(argv) < 2: print("Must specify file name!") exit(1) diff --git a/src/migration-scripts/l2tp/7-to-8 b/src/migration-scripts/l2tp/7-to-8 index 4956e1155..e429ed057 100755 --- a/src/migration-scripts/l2tp/7-to-8 +++ b/src/migration-scripts/l2tp/7-to-8 @@ -17,13 +17,10 @@ # Migrate from 'ccp-disable' to 'ppp-options.disable-ccp' # Migration ipv6 options -import os - from sys import argv from sys import exit from vyos.configtree import ConfigTree - if len(argv) < 2: print("Must specify file name!") exit(1) diff --git a/src/migration-scripts/l2tp/8-to-9 b/src/migration-scripts/l2tp/8-to-9 index e85a3892b..672180e25 100755 --- a/src/migration-scripts/l2tp/8-to-9 +++ b/src/migration-scripts/l2tp/8-to-9 @@ -16,13 +16,10 @@ # Deleted 'dhcp-interface' from l2tp -import os - from sys import argv from sys import exit from vyos.configtree import ConfigTree - if len(argv) < 2: print("Must specify file name!") exit(1) @@ -37,7 +34,7 @@ base = ['vpn', 'l2tp', 'remote-access'] if not config.exists(base): exit(0) -#deleting unused dhcp-interface +# deleting unused dhcp-interface if config.exists(base + ['dhcp-interface']): config.delete(base + ['dhcp-interface']) diff --git a/src/migration-scripts/openconnect/0-to-1 b/src/migration-scripts/openconnect/0-to-1 index 8be15fad1..c64b16cb2 100755 --- a/src/migration-scripts/openconnect/0-to-1 +++ b/src/migration-scripts/openconnect/0-to-1 @@ -1,6 +1,6 @@ #!/usr/bin/env python3 # -# Copyright (C) 2021-2023 VyOS maintainers and contributors +# Copyright (C) 2021-2024 VyOS maintainers and contributors # # This program is free software; you can redistribute it and/or modify # it under the terms of the GNU General Public License version 2 or later as @@ -22,7 +22,6 @@ from sys import argv from sys import exit from vyos.configtree import ConfigTree from vyos.pki import load_certificate -from vyos.pki import load_crl from vyos.pki import load_private_key from vyos.pki import encode_certificate from vyos.pki import encode_private_key diff --git a/src/migration-scripts/policy/4-to-5 b/src/migration-scripts/policy/4-to-5 index 5b8fee17e..738850f67 100755 --- a/src/migration-scripts/policy/4-to-5 +++ b/src/migration-scripts/policy/4-to-5 @@ -16,13 +16,10 @@ # T2199: Migrate interface policy nodes to policy route <name> interface <ifname> -import re - from sys import argv from sys import exit from vyos.configtree import ConfigTree -from vyos.ifconfig import Section if len(argv) < 2: print("Must specify file name!") diff --git a/src/migration-scripts/policy/5-to-6 b/src/migration-scripts/policy/5-to-6 index f1545cddb..86287d578 100755 --- a/src/migration-scripts/policy/5-to-6 +++ b/src/migration-scripts/policy/5-to-6 @@ -16,13 +16,10 @@ # T5165: Migrate policy local-route rule <tag> destination|source -import re - from sys import argv from sys import exit from vyos.configtree import ConfigTree -from vyos.ifconfig import Section if len(argv) < 2: print("Must specify file name!") diff --git a/src/migration-scripts/policy/6-to-7 b/src/migration-scripts/policy/6-to-7 index e07822ffd..cdefc6837 100755 --- a/src/migration-scripts/policy/6-to-7 +++ b/src/migration-scripts/policy/6-to-7 @@ -1,6 +1,6 @@ #!/usr/bin/env python3 # -# Copyright (C) 2023 VyOS maintainers and contributors +# Copyright (C) 2023-2024 VyOS maintainers and contributors # # This program is free software; you can redistribute it and/or modify # it under the terms of the GNU General Public License version 2 or later as @@ -22,13 +22,10 @@ # set policy [route | route6] ... rule <rule> log # Remove command if log=disable -import re - from sys import argv from sys import exit from vyos.configtree import ConfigTree -from vyos.ifconfig import Section if len(argv) < 2: print("Must specify file name!") @@ -76,4 +73,4 @@ try: f.write(config.to_string()) except OSError as e: print("Failed to save the modified config: {}".format(e)) - exit(1)
\ No newline at end of file + exit(1) diff --git a/src/migration-scripts/pppoe-server/1-to-2 b/src/migration-scripts/pppoe-server/1-to-2 index c73899ca1..b266893c0 100755 --- a/src/migration-scripts/pppoe-server/1-to-2 +++ b/src/migration-scripts/pppoe-server/1-to-2 @@ -1,6 +1,6 @@ #!/usr/bin/env python3 # -# Copyright (C) 2020 VyOS maintainers and contributors +# Copyright (C) 2020-2024 VyOS maintainers and contributors # # This program is free software; you can redistribute it and/or modify # it under the terms of the GNU General Public License version 2 or later as @@ -16,8 +16,6 @@ # change mppe node to a leaf node with value prefer -import os - from sys import argv, exit from vyos.configtree import ConfigTree @@ -58,4 +56,3 @@ else: except OSError as e: print("Failed to save the modified config: {}".format(e)) exit(1) - diff --git a/src/migration-scripts/pppoe-server/3-to-4 b/src/migration-scripts/pppoe-server/3-to-4 index c07bbb1df..477ed6f22 100755 --- a/src/migration-scripts/pppoe-server/3-to-4 +++ b/src/migration-scripts/pppoe-server/3-to-4 @@ -1,6 +1,6 @@ #!/usr/bin/env python3 # -# Copyright (C) 2020 VyOS maintainers and contributors +# Copyright (C) 2020-2024 VyOS maintainers and contributors # # This program is free software; you can redistribute it and/or modify # it under the terms of the GNU General Public License version 2 or later as @@ -16,8 +16,6 @@ # - remove primary/secondary identifier from nameserver -import os - from sys import argv, exit from vyos.configtree import ConfigTree diff --git a/src/migration-scripts/pppoe-server/6-to-7 b/src/migration-scripts/pppoe-server/6-to-7 index b94ce57f9..d51c1c9d8 100755 --- a/src/migration-scripts/pppoe-server/6-to-7 +++ b/src/migration-scripts/pppoe-server/6-to-7 @@ -1,6 +1,6 @@ #!/usr/bin/env python3 # -# Copyright (C) 2023 VyOS maintainers and contributors +# Copyright (C) 2023-2024 VyOS maintainers and contributors # # This program is free software; you can redistribute it and/or modify # it under the terms of the GNU General Public License version 2 or later as @@ -24,8 +24,6 @@ # If there are not named pools, namedless pool will be default. # 2. If authentication mode = 'radius' then namedless pool will be default -import os - from sys import argv from sys import exit from vyos.configtree import ConfigTree diff --git a/src/migration-scripts/pppoe-server/7-to-8 b/src/migration-scripts/pppoe-server/7-to-8 index b0d9bb464..0381f0bf9 100755 --- a/src/migration-scripts/pppoe-server/7-to-8 +++ b/src/migration-scripts/pppoe-server/7-to-8 @@ -1,6 +1,6 @@ #!/usr/bin/env python3 # -# Copyright (C) 2023 VyOS maintainers and contributors +# Copyright (C) 2023-2024 VyOS maintainers and contributors # # This program is free software; you can redistribute it and/or modify # it under the terms of the GNU General Public License version 2 or later as @@ -16,13 +16,10 @@ # Migrating to named ipv6 pools -import os - from sys import argv from sys import exit from vyos.configtree import ConfigTree - if len(argv) < 2: print("Must specify file name!") exit(1) diff --git a/src/migration-scripts/pppoe-server/8-to-9 b/src/migration-scripts/pppoe-server/8-to-9 index ad75c28a1..4932a766f 100755 --- a/src/migration-scripts/pppoe-server/8-to-9 +++ b/src/migration-scripts/pppoe-server/8-to-9 @@ -17,13 +17,10 @@ # Change from 'ccp' to 'disable-ccp' in ppp-option section # Migration ipv6 options -import os - from sys import argv from sys import exit from vyos.configtree import ConfigTree - if len(argv) < 2: print("Must specify file name!") exit(1) diff --git a/src/migration-scripts/pptp/2-to-3 b/src/migration-scripts/pptp/2-to-3 index 091cb68ec..42c4dedf4 100755 --- a/src/migration-scripts/pptp/2-to-3 +++ b/src/migration-scripts/pptp/2-to-3 @@ -1,6 +1,6 @@ #!/usr/bin/env python3 # -# Copyright (C) 2023 VyOS maintainers and contributors +# Copyright (C) 2023-2024 VyOS maintainers and contributors # # This program is free software; you can redistribute it and/or modify # it under the terms of the GNU General Public License version 2 or later as @@ -18,8 +18,6 @@ # 'start-stop' migrate to namedpool 'default-range-pool' # 'default-subnet-pool' is the next pool for 'default-range-pool' -import os - from sys import argv from sys import exit from vyos.configtree import ConfigTree diff --git a/src/migration-scripts/pptp/3-to-4 b/src/migration-scripts/pptp/3-to-4 index 0a8dad2f4..ebd343028 100755 --- a/src/migration-scripts/pptp/3-to-4 +++ b/src/migration-scripts/pptp/3-to-4 @@ -16,13 +16,10 @@ # - Move 'mppe' from 'authentication' node to 'ppp-options' -import os - from sys import argv from sys import exit from vyos.configtree import ConfigTree - if len(argv) < 2: print("Must specify file name!") exit(1) diff --git a/src/migration-scripts/pptp/4-to-5 b/src/migration-scripts/pptp/4-to-5 index d4b3f9a14..83632b6d8 100755 --- a/src/migration-scripts/pptp/4-to-5 +++ b/src/migration-scripts/pptp/4-to-5 @@ -17,13 +17,10 @@ # - Move 'require' from 'protocols' in 'authentication' node # - Migrate to new default values in radius timeout and acct-timeout -import os - from sys import argv from sys import exit from vyos.configtree import ConfigTree - if len(argv) < 2: print("Must specify file name!") exit(1) diff --git a/src/migration-scripts/snmp/2-to-3 b/src/migration-scripts/snmp/2-to-3 index 30911aa27..ab9b5dcba 100755 --- a/src/migration-scripts/snmp/2-to-3 +++ b/src/migration-scripts/snmp/2-to-3 @@ -1,6 +1,6 @@ #!/usr/bin/env python3 # -# Copyright (C) 2022 VyOS maintainers and contributors +# Copyright (C) 2022-2024 VyOS maintainers and contributors # # This program is free software; you can redistribute it and/or modify # it under the terms of the GNU General Public License version 2 or later as @@ -20,13 +20,10 @@ # To # set service snmp oid-enable ip-forward -import re - from sys import argv from sys import exit from vyos.configtree import ConfigTree -from vyos.ifconfig import Section if len(argv) < 2: print("Must specify file name!") diff --git a/src/migration-scripts/sstp/0-to-1 b/src/migration-scripts/sstp/0-to-1 index e2fe1ea8f..150127aaf 100755 --- a/src/migration-scripts/sstp/0-to-1 +++ b/src/migration-scripts/sstp/0-to-1 @@ -1,6 +1,6 @@ #!/usr/bin/env python3 # -# Copyright (C) 2020 VyOS maintainers and contributors +# Copyright (C) 2020-2024 VyOS maintainers and contributors # # This program is free software; you can redistribute it and/or modify # it under the terms of the GNU General Public License version 2 or later as @@ -23,7 +23,6 @@ # - do not migrate radius server req-limit, use default of unlimited # - migrate SSL certificate path -import os import sys from vyos.configtree import ConfigTree diff --git a/src/migration-scripts/sstp/3-to-4 b/src/migration-scripts/sstp/3-to-4 index 00ca7a52d..5b7757e60 100755 --- a/src/migration-scripts/sstp/3-to-4 +++ b/src/migration-scripts/sstp/3-to-4 @@ -1,6 +1,6 @@ #!/usr/bin/env python3 # -# Copyright (C) 2021-2023 VyOS maintainers and contributors +# Copyright (C) 2021-2024 VyOS maintainers and contributors # # This program is free software; you can redistribute it and/or modify # it under the terms of the GNU General Public License version 2 or later as @@ -22,7 +22,6 @@ from sys import argv from sys import exit from vyos.configtree import ConfigTree from vyos.pki import load_certificate -from vyos.pki import load_crl from vyos.pki import load_private_key from vyos.pki import encode_certificate from vyos.pki import encode_private_key diff --git a/src/migration-scripts/sstp/4-to-5 b/src/migration-scripts/sstp/4-to-5 index 95e482713..6907240a0 100755 --- a/src/migration-scripts/sstp/4-to-5 +++ b/src/migration-scripts/sstp/4-to-5 @@ -1,6 +1,6 @@ #!/usr/bin/env python3 # -# Copyright (C) 2023 VyOS maintainers and contributors +# Copyright (C) 2023-2024 VyOS maintainers and contributors # # This program is free software; you can redistribute it and/or modify # it under the terms of the GNU General Public License version 2 or later as @@ -18,13 +18,10 @@ # 'subnet' migrate to namedpool 'default-subnet-pool' # 'default-subnet-pool' is the next pool for 'default-range-pool' -import os - from sys import argv from sys import exit from vyos.configtree import ConfigTree - if len(argv) < 2: print("Must specify file name!") exit(1) diff --git a/src/migration-scripts/sstp/5-to-6 b/src/migration-scripts/sstp/5-to-6 index bac9975b2..43b99044d 100755 --- a/src/migration-scripts/sstp/5-to-6 +++ b/src/migration-scripts/sstp/5-to-6 @@ -16,14 +16,10 @@ # Migrating to named ipv6 pools -import os -import pprint - from sys import argv from sys import exit from vyos.configtree import ConfigTree - if len(argv) < 2: print("Must specify file name!") exit(1) diff --git a/src/migration-scripts/system/15-to-16 b/src/migration-scripts/system/15-to-16 index aa1c34032..2944cdb1e 100755 --- a/src/migration-scripts/system/15-to-16 +++ b/src/migration-scripts/system/15-to-16 @@ -2,7 +2,6 @@ # # Make 'system options reboot-on-panic' valueless -import os import sys from vyos.configtree import ConfigTree diff --git a/src/migration-scripts/system/16-to-17 b/src/migration-scripts/system/16-to-17 index 37e02611d..afa171a9b 100755 --- a/src/migration-scripts/system/16-to-17 +++ b/src/migration-scripts/system/16-to-17 @@ -1,6 +1,6 @@ #!/usr/bin/env python3 # -# Copyright (C) 2020 VyOS maintainers and contributors +# Copyright (C) 2020-2024 VyOS maintainers and contributors # # This program is free software; you can redistribute it and/or modify # it under the terms of the GNU General Public License version 2 or later as @@ -20,7 +20,6 @@ # This is the only privilege level left and also the default, what is the # sense in keeping this orphaned node? -import os import sys from vyos.configtree import ConfigTree diff --git a/src/migration-scripts/system/19-to-20 b/src/migration-scripts/system/19-to-20 index c04e6a5a6..177173c50 100755 --- a/src/migration-scripts/system/19-to-20 +++ b/src/migration-scripts/system/19-to-20 @@ -1,6 +1,6 @@ #!/usr/bin/env python3 # -# Copyright (C) 2020 VyOS maintainers and contributors +# Copyright (C) 2020-2024 VyOS maintainers and contributors # # This program is free software; you can redistribute it and/or modify # it under the terms of the GNU General Public License version 2 or later as @@ -16,8 +16,6 @@ # T3048: remove smp-affinity node from ethernet and use tuned instead -import os - from sys import exit, argv from vyos.configtree import ConfigTree diff --git a/src/migration-scripts/system/20-to-21 b/src/migration-scripts/system/20-to-21 index 4bcf4edab..24e042ce2 100755 --- a/src/migration-scripts/system/20-to-21 +++ b/src/migration-scripts/system/20-to-21 @@ -1,6 +1,6 @@ #!/usr/bin/env python3 # -# Copyright (C) 2021 VyOS maintainers and contributors +# Copyright (C) 2021-2024 VyOS maintainers and contributors # # This program is free software; you can redistribute it and/or modify # it under the terms of the GNU General Public License version 2 or later as @@ -16,8 +16,6 @@ # T3795: merge "system name-servers-dhcp" into "system name-server" -import os - from sys import argv from vyos.configtree import ConfigTree diff --git a/src/migration-scripts/system/21-to-22 b/src/migration-scripts/system/21-to-22 index 810b634ab..2a1b603c6 100755 --- a/src/migration-scripts/system/21-to-22 +++ b/src/migration-scripts/system/21-to-22 @@ -1,6 +1,6 @@ #!/usr/bin/env python3 # -# Copyright (C) 2021 VyOS maintainers and contributors +# Copyright (C) 2021-2024 VyOS maintainers and contributors # # This program is free software; you can redistribute it and/or modify # it under the terms of the GNU General Public License version 2 or later as @@ -14,8 +14,6 @@ # You should have received a copy of the GNU General Public License # along with this program. If not, see <http://www.gnu.org/licenses/>. -import os - from sys import exit, argv from vyos.configtree import ConfigTree diff --git a/src/migration-scripts/system/22-to-23 b/src/migration-scripts/system/22-to-23 index 8ed198383..f83279b88 100755 --- a/src/migration-scripts/system/22-to-23 +++ b/src/migration-scripts/system/22-to-23 @@ -1,6 +1,6 @@ #!/usr/bin/env python3 # -# Copyright (C) 2022 VyOS maintainers and contributors +# Copyright (C) 2022-2024 VyOS maintainers and contributors # # This program is free software; you can redistribute it and/or modify # it under the terms of the GNU General Public License version 2 or later as @@ -14,8 +14,6 @@ # You should have received a copy of the GNU General Public License # along with this program. If not, see <http://www.gnu.org/licenses/>. -import os - from sys import exit, argv from vyos.configtree import ConfigTree diff --git a/src/migration-scripts/system/23-to-24 b/src/migration-scripts/system/23-to-24 index fd68dbf22..1fd61d83b 100755 --- a/src/migration-scripts/system/23-to-24 +++ b/src/migration-scripts/system/23-to-24 @@ -1,6 +1,6 @@ #!/usr/bin/env python3 # -# Copyright (C) 2022 VyOS maintainers and contributors +# Copyright (C) 2022-2024 VyOS maintainers and contributors # # This program is free software; you can redistribute it and/or modify # it under the terms of the GNU General Public License version 2 or later as @@ -14,8 +14,6 @@ # You should have received a copy of the GNU General Public License # along with this program. If not, see <http://www.gnu.org/licenses/>. -import os - from ipaddress import ip_interface from ipaddress import ip_address from sys import exit, argv diff --git a/src/op_mode/clear_dhcp_lease.py b/src/op_mode/clear_dhcp_lease.py index f372d3af0..b37b62bca 100755 --- a/src/op_mode/clear_dhcp_lease.py +++ b/src/op_mode/clear_dhcp_lease.py @@ -3,7 +3,6 @@ import argparse import re -from isc_dhcp_leases import Lease from isc_dhcp_leases import IscDhcpLeases from vyos.configquery import ConfigTreeQuery diff --git a/src/op_mode/dhcp.py b/src/op_mode/dhcp.py index 2f90865fd..a7143d664 100755 --- a/src/op_mode/dhcp.py +++ b/src/op_mode/dhcp.py @@ -29,9 +29,6 @@ import vyos.opmode from vyos.base import Warning from vyos.configquery import ConfigTreeQuery -from vyos.utils.dict import dict_search -from vyos.utils.file import read_file -from vyos.utils.process import cmd from vyos.utils.process import is_systemd_service_running from vyos.utils.process import call diff --git a/src/op_mode/firewall.py b/src/op_mode/firewall.py index cae8ace8c..25554b781 100755 --- a/src/op_mode/firewall.py +++ b/src/op_mode/firewall.py @@ -18,6 +18,7 @@ import argparse import ipaddress import re import tabulate +import textwrap from vyos.config import Config from vyos.utils.process import cmd @@ -88,6 +89,14 @@ def get_nftables_details(family, hook, priority): out[rule_id] = rule return out +def output_firewall_vertical(rules, headers): + for rule in rules: + adjusted_rule = rule + [""] * (len(headers) - len(rule)) # account for different header length, like default-action + transformed_rule = [[header, textwrap.fill(adjusted_rule[i].replace('\n', ' '), 65)] for i, header in enumerate(headers)] # create key-pair list from headers and rules lists; wrap at 100 char + + print(tabulate.tabulate(transformed_rule, tablefmt="presto")) + print() + def output_firewall_name(family, hook, priority, firewall_conf, single_rule_id=None): print(f'\n---------------------------------\n{family} Firewall "{hook} {priority}"\n') @@ -102,7 +111,7 @@ def output_firewall_name(family, hook, priority, firewall_conf, single_rule_id=N if 'disable' in rule_conf: continue - row = [rule_id, rule_conf['action'], rule_conf['protocol'] if 'protocol' in rule_conf else 'all'] + row = [rule_id, textwrap.fill(rule_conf.get('description') or '', 50), rule_conf['action'], rule_conf['protocol'] if 'protocol' in rule_conf else 'all'] if rule_id in details: rule_details = details[rule_id] row.append(rule_details.get('packets', 0)) @@ -114,7 +123,7 @@ def output_firewall_name(family, hook, priority, firewall_conf, single_rule_id=N def_action = firewall_conf['default_action'] if 'default_action' in firewall_conf else 'accept' else: def_action = firewall_conf['default_action'] if 'default_action' in firewall_conf else 'drop' - row = ['default', def_action, 'all'] + row = ['default', '', def_action, 'all'] rule_details = details['default-action'] row.append(rule_details.get('packets', 0)) row.append(rule_details.get('bytes', 0)) @@ -122,8 +131,17 @@ def output_firewall_name(family, hook, priority, firewall_conf, single_rule_id=N rows.append(row) if rows: - header = ['Rule', 'Action', 'Protocol', 'Packets', 'Bytes', 'Conditions'] - print(tabulate.tabulate(rows, header) + '\n') + if args.rule: + rows.pop() + + if args.detail: + header = ['Rule', 'Description', 'Action', 'Protocol', 'Packets', 'Bytes', 'Conditions'] + output_firewall_vertical(rows, header) + else: + header = ['Rule', 'Action', 'Protocol', 'Packets', 'Bytes', 'Conditions'] + for i in rows: + rows[rows.index(i)].pop(1) + print(tabulate.tabulate(rows, header) + '\n') def output_firewall_name_statistics(family, hook, prior, prior_conf, single_rule_id=None): print(f'\n---------------------------------\n{family} Firewall "{hook} {prior}"\n') @@ -191,7 +209,7 @@ def output_firewall_name_statistics(family, hook, prior, prior_conf, single_rule if not oiface: oiface = 'any' - row = [rule_id] + row = [rule_id, textwrap.fill(rule_conf.get('description') or '', 50)] if rule_id in details: rule_details = details[rule_id] row.append(rule_details.get('packets', 0)) @@ -208,7 +226,7 @@ def output_firewall_name_statistics(family, hook, prior, prior_conf, single_rule if hook in ['input', 'forward', 'output']: - row = ['default'] + row = ['default', ''] rule_details = details['default-action'] row.append(rule_details.get('packets', 0)) row.append(rule_details.get('bytes', 0)) @@ -223,7 +241,7 @@ def output_firewall_name_statistics(family, hook, prior, prior_conf, single_rule rows.append(row) elif 'default_action' in prior_conf and not single_rule_id: - row = ['default'] + row = ['default', ''] if 'default-action' in details: rule_details = details['default-action'] row.append(rule_details.get('packets', 0)) @@ -239,8 +257,14 @@ def output_firewall_name_statistics(family, hook, prior, prior_conf, single_rule rows.append(row) if rows: - header = ['Rule', 'Packets', 'Bytes', 'Action', 'Source', 'Destination', 'Inbound-Interface', 'Outbound-interface'] - print(tabulate.tabulate(rows, header) + '\n') + if args.detail: + header = ['Rule', 'Description', 'Packets', 'Bytes', 'Action', 'Source', 'Destination', 'Inbound-Interface', 'Outbound-interface'] + output_firewall_vertical(rows, header) + else: + header = ['Rule', 'Packets', 'Bytes', 'Action', 'Source', 'Destination', 'Inbound-Interface', 'Outbound-interface'] + for i in rows: + rows[rows.index(i)].pop(1) + print(tabulate.tabulate(rows, header) + '\n') def show_firewall(): print('Rulesets Information') @@ -428,7 +452,6 @@ def show_firewall_group(name=None): return out - header = ['Name', 'Type', 'References', 'Members'] rows = [] for group_type, group_type_conf in firewall['group'].items(): @@ -440,7 +463,7 @@ def show_firewall_group(name=None): continue references = find_references(group_type, group_name) - row = [group_name, group_type, '\n'.join(references) or 'N/D'] + row = [group_name, textwrap.fill(group_conf.get('description') or '', 50), group_type, '\n'.join(references) or 'N/D'] if 'address' in group_conf: row.append("\n".join(sorted(group_conf['address']))) elif 'network' in group_conf: @@ -460,13 +483,20 @@ def show_firewall_group(name=None): if dynamic_type in firewall['group']['dynamic_group']: for dynamic_name, dynamic_conf in firewall['group']['dynamic_group'][dynamic_type].items(): references = find_references(dynamic_type, dynamic_name) - row = [dynamic_name, dynamic_type + '(dynamic)', '\n'.join(references) or 'N/D'] + row = [dynamic_name, textwrap.fill(dynamic_conf.get('description') or '', 50), dynamic_type + '(dynamic)', '\n'.join(references) or 'N/D'] row.append('N/D') rows.append(row) if rows: print('Firewall Groups\n') - print(tabulate.tabulate(rows, header)) + if args.detail: + header = ['Name', 'Description','Type', 'References', 'Members'] + output_firewall_vertical(rows, header) + else: + header = ['Name', 'Type', 'References', 'Members'] + for i in rows: + rows[rows.index(i)].pop(1) + print(tabulate.tabulate(rows, header)) def show_summary(): print('Ruleset Summary') @@ -538,6 +568,7 @@ if __name__ == '__main__': parser.add_argument('--priority', help='Firewall priority', required=False, action='store', nargs='?', default='') parser.add_argument('--rule', help='Firewall Rule ID', required=False) parser.add_argument('--ipv6', help='IPv6 toggle', action='store_true') + parser.add_argument('--detail', help='Firewall view select', required=False) args = parser.parse_args() |