4 files changed, 27 insertions, 35 deletions

diff --git a/src/conf_mode/nat.py b/src/conf_mode/nat.py
index 1ccec3d2e..2d98cb11b 100755
--- a/src/conf_mode/nat.py
+++ b/src/conf_mode/nat.py
@@ -88,7 +88,7 @@ def get_config(config=None):
     for direction in ['source', 'destination']:
         if direction in nat:
             default_values = defaults(base + [direction, 'rule'])
-            for rule in nat[direction]['rule']:
+            for rule in dict_search(f'{direction}.rule', nat) or []:
                 nat[direction]['rule'][rule] = dict_merge(default_values,
                     nat[direction]['rule'][rule])
 
diff --git a/src/conf_mode/protocols_bgp.py b/src/conf_mode/protocols_bgp.py
index 678be5066..de0148b2f 100755
--- a/src/conf_mode/protocols_bgp.py
+++ b/src/conf_mode/protocols_bgp.py
@@ -1,6 +1,6 @@
 #!/usr/bin/env python3
 #
-# Copyright (C) 2020 VyOS maintainers and contributors
+# Copyright (C) 2020-2021 VyOS maintainers and contributors
 #
 # This program is free software; you can redistribute it and/or modify
 # it under the terms of the GNU General Public License version 2 or later as
@@ -31,22 +31,16 @@ config_file = r'/tmp/bgp.frr'
 
 def get_config():
     conf = Config()
-    base = ['protocols', 'nbgp']
+    base = ['protocols', 'bgp']
     bgp = conf.get_config_dict(base, key_mangling=('-', '_'), get_first_key=True)
 
-    # XXX: any reason we can not move this into the FRR template?
-    # we shall not call vtysh directly, especially not in get_config()
     if not conf.exists(base):
-        bgp = {}
-        call('vtysh -c \"conf t\" -c \"no ip protocol bgp\" ')
-
-    if not conf.exists(base + ['route-map']):
-        call('vtysh -c \"conf t\" -c \"no ip protocol bgp\" ')
+        return bgp
 
     # We also need some additional information from the config,
     # prefix-lists and route-maps for instance.
     base = ['policy']
-    tmp = conf.get_config_dict(base, key_mangling=('-', '_'), get_first_key=True)
+    tmp = conf.get_config_dict(base, key_mangling=('-', '_'))
     # As we only support one ASN (later checked in begin of verify()) we add the
     # new information only to the first AS number
     asn = next(iter(bgp))
@@ -64,15 +58,11 @@ def verify(bgp):
         raise ConfigError('Only one BGP AS number can be defined!')
 
     for asn, asn_config in bgp.items():
-        import pprint
-        pprint.pprint(asn_config)
-
         # Common verification for both peer-group and neighbor statements
         for neighbor in ['neighbor', 'peer_group']:
             # bail out early if there is no neighbor or peer-group statement
             # this also saves one indention level
             if neighbor not in asn_config:
-                print(f'no {neighbor} found in config')
                 continue
 
             for peer, peer_config in asn_config[neighbor].items():
@@ -101,22 +91,26 @@ def verify(bgp):
                     # Validate if configured Prefix list exists
                     if 'prefix_list' in afi_config:
                         for tmp in ['import', 'export']:
-                            if tmp in afi_config['prefix_list']:
-                                if afi == 'ipv4_unicast':
-                                    prefix_list = afi_config['prefix_list'][tmp]
-                                    if 'prefix_list' not in asn_config or prefix_list not in asn_config['prefix_list']:
-                                        raise ConfigError(f'prefix-list "{prefix_list}" used for "{tmp}" does not exist!')
-                                if afi == 'ipv6_unicast':
-                                    prefix_list = afi_config['prefix_list6'][tmp]
-                                    if 'prefix_list6' not in asn_config or prefix_list not in asn_config['prefix_list6']:
-                                        raise ConfigError(f'prefix-list "{prefix_list}" used for "{tmp}" does not exist!')
-
+                            if tmp not in afi_config['prefix_list']:
+                                # bail out early
+                                continue
+                            # get_config_dict() mangles all '-' characters to '_' this is legitim, thus all our
+                            # compares will run on '_' as also '_' is a valid name for a prefix-list
+                            prefix_list = afi_config['prefix_list'][tmp].replace('-', '_')
+                            if afi == 'ipv4_unicast':
+                                if dict_search(f'policy.prefix_list.{prefix_list}', asn_config) == None:
+                                    raise ConfigError(f'prefix-list "{prefix_list}" used for "{tmp}" does not exist!')
+                            elif afi == 'ipv6_unicast':
+                                if dict_search(f'policy.prefix_list6.{prefix_list}', asn_config) == None:
+                                    raise ConfigError(f'prefix-list6 "{prefix_list}" used for "{tmp}" does not exist!')
 
                     if 'route_map' in afi_config:
                         for tmp in ['import', 'export']:
                             if tmp in afi_config['route_map']:
-                                route_map = afi_config['route_map'][tmp]
-                                if 'route_map' not in asn_config or route_map not in asn_config['route_map']:
+                                # get_config_dict() mangles all '-' characters to '_' this is legitim, thus all our
+                                # compares will run on '_' as also '_' is a valid name for a route-map
+                                route_map = afi_config['route_map'][tmp].replace('-', '_')
+                                if dict_search(f'policy.route_map.{route_map}', asn_config) == None:
                                     raise ConfigError(f'route-map "{route_map}" used for "{tmp}" does not exist!')
 
 
diff --git a/src/conf_mode/ssh.py b/src/conf_mode/ssh.py
index 28e606663..8eeb0a7c1 100755
--- a/src/conf_mode/ssh.py
+++ b/src/conf_mode/ssh.py
@@ -77,10 +77,9 @@ def apply(ssh):
     if not ssh:
         # SSH access is removed in the commit
         call('systemctl stop ssh.service')
+        return None
 
-    if ssh:
-        call('systemctl restart ssh.service')
-
+    call('systemctl restart ssh.service')
     return None
 
 if __name__ == '__main__':
diff --git a/src/conf_mode/system-login.py b/src/conf_mode/system-login.py
index 10d297aff..99af5c757 100755
--- a/src/conf_mode/system-login.py
+++ b/src/conf_mode/system-login.py
@@ -158,11 +158,11 @@ def generate(login):
                 env = os.environ.copy()
                 env['vyos_libexec_dir'] = '/usr/libexec/vyos'
 
-                call(f"/opt/vyatta/sbin/my_delete system login user '{user}' "
-                     "authentication plaintext-password", env=env)
+                call(f"/opt/vyatta/sbin/my_delete system login user '{user}' " \
+                     f"authentication plaintext-password", env=env)
 
-                call(f"/opt/vyatta/sbin/my_set system login user '{user}' "
-                     "authentication encrypted-password '{encrypted_password}'", env=env)
+                call(f"/opt/vyatta/sbin/my_set system login user '{user}' " \
+                     f"authentication encrypted-password '{encrypted_password}'", env=env)
             else:
                 try:
                     if getspnam(user).sp_pwdp == dict_search('authentication.encrypted_password', user_config):
@@ -212,7 +212,6 @@ def apply(login):
             else: command += f" -d '/home/{user}'"
 
             command += f' -G frrvty,vyattacfg,sudo,adm,dip,disk {user}'
-
             try:
                 cmd(command)