summaryrefslogtreecommitdiff
path: root/src/conf_mode
diff options
context:
space:
mode:
Diffstat (limited to 'src/conf_mode')
-rwxr-xr-xsrc/conf_mode/policy.py41
1 files changed, 27 insertions, 14 deletions
diff --git a/src/conf_mode/policy.py b/src/conf_mode/policy.py
index fec9a206e..a8244ca26 100755
--- a/src/conf_mode/policy.py
+++ b/src/conf_mode/policy.py
@@ -36,29 +36,42 @@ def get_config(config=None):
base = ['policy']
policy = conf.get_config_dict(base, key_mangling=('-', '_'), get_first_key=True,
no_tag_node_value_mangle=True)
+
return policy
def verify(policy):
if not policy:
return None
- if 'access-list' in policy:
- for acl, acl_config in policy['access-list'].items():
- if 'rule' not in acl_config:
+ def verify_access_list(acl, rule, rule_config):
+ error_append = f'must be specified for rule {rule} in access-list {acl}!'
+ if 'source' not in rule_config:
+ raise ConfigError(f'Source {error_append}')
+
+ if int(acl) in range(100, 200) or int(acl) in range(2000, 2700):
+ if 'destination' not in rule_config:
+ raise ConfigError(f'Destination {error_append}')
+
+ for type in ['access_list', 'access_list6', 'as_path_list', 'community_list',
+ 'extcommunity_list', 'large_community_list', 'prefix_list',
+ 'prefix_list6', 'route_map']:
+ # Bail out early and continue with next policy type
+ if type not in policy:
+ continue
+ # instance can be an ACL name/number, prefix-list name or route-map name
+ for instance, instance_config in policy[type].items():
+ # If no rule was found within the instance ... sad, but we can leave
+ # early as nothing needs to be verified
+ if 'rule' not in instance_config:
continue
-
- for rule, rule_config in acl_config['rule'].items():
- if 'source' not in rule_config:
- raise ConfigError(f'Source must be specified for rule {rule} '\
- f'for access-list {acl}!')
+ for rule, rule_config in instance_config['rule'].items():
if 'action' not in rule_config:
- raise ConfigError(f'Action must be specified for rule {rule} '\
- f'for access-list {acl}!')
+ error_msg = 'Action must be specified for ' + type.replace('_','-')
+ raise ConfigError(f'{error_msg} {instance}, rule {rule}!')
+
+ if type == 'access_list':
+ verify_access_list(instance, rule, rule_config)
- if int(acl) not in range(100, 200) or int(acl) not in range(2000, 2700):
- if 'destination' not in rule_config:
- raise ConfigError(f'Destination must be specified for rule {rule} '\
- f'for access-list {acl}!')
return None