summaryrefslogtreecommitdiff
path: root/src
diff options
context:
space:
mode:
Diffstat (limited to 'src')
-rwxr-xr-xsrc/conf_mode/nat.py2
-rwxr-xr-xsrc/conf_mode/protocols_bgp.py46
-rwxr-xr-xsrc/conf_mode/ssh.py5
-rwxr-xr-xsrc/conf_mode/system-login.py9
4 files changed, 27 insertions, 35 deletions
diff --git a/src/conf_mode/nat.py b/src/conf_mode/nat.py
index 1ccec3d2e..2d98cb11b 100755
--- a/src/conf_mode/nat.py
+++ b/src/conf_mode/nat.py
@@ -88,7 +88,7 @@ def get_config(config=None):
for direction in ['source', 'destination']:
if direction in nat:
default_values = defaults(base + [direction, 'rule'])
- for rule in nat[direction]['rule']:
+ for rule in dict_search(f'{direction}.rule', nat) or []:
nat[direction]['rule'][rule] = dict_merge(default_values,
nat[direction]['rule'][rule])
diff --git a/src/conf_mode/protocols_bgp.py b/src/conf_mode/protocols_bgp.py
index 678be5066..de0148b2f 100755
--- a/src/conf_mode/protocols_bgp.py
+++ b/src/conf_mode/protocols_bgp.py
@@ -1,6 +1,6 @@
#!/usr/bin/env python3
#
-# Copyright (C) 2020 VyOS maintainers and contributors
+# Copyright (C) 2020-2021 VyOS maintainers and contributors
#
# This program is free software; you can redistribute it and/or modify
# it under the terms of the GNU General Public License version 2 or later as
@@ -31,22 +31,16 @@ config_file = r'/tmp/bgp.frr'
def get_config():
conf = Config()
- base = ['protocols', 'nbgp']
+ base = ['protocols', 'bgp']
bgp = conf.get_config_dict(base, key_mangling=('-', '_'), get_first_key=True)
- # XXX: any reason we can not move this into the FRR template?
- # we shall not call vtysh directly, especially not in get_config()
if not conf.exists(base):
- bgp = {}
- call('vtysh -c \"conf t\" -c \"no ip protocol bgp\" ')
-
- if not conf.exists(base + ['route-map']):
- call('vtysh -c \"conf t\" -c \"no ip protocol bgp\" ')
+ return bgp
# We also need some additional information from the config,
# prefix-lists and route-maps for instance.
base = ['policy']
- tmp = conf.get_config_dict(base, key_mangling=('-', '_'), get_first_key=True)
+ tmp = conf.get_config_dict(base, key_mangling=('-', '_'))
# As we only support one ASN (later checked in begin of verify()) we add the
# new information only to the first AS number
asn = next(iter(bgp))
@@ -64,15 +58,11 @@ def verify(bgp):
raise ConfigError('Only one BGP AS number can be defined!')
for asn, asn_config in bgp.items():
- import pprint
- pprint.pprint(asn_config)
-
# Common verification for both peer-group and neighbor statements
for neighbor in ['neighbor', 'peer_group']:
# bail out early if there is no neighbor or peer-group statement
# this also saves one indention level
if neighbor not in asn_config:
- print(f'no {neighbor} found in config')
continue
for peer, peer_config in asn_config[neighbor].items():
@@ -101,22 +91,26 @@ def verify(bgp):
# Validate if configured Prefix list exists
if 'prefix_list' in afi_config:
for tmp in ['import', 'export']:
- if tmp in afi_config['prefix_list']:
- if afi == 'ipv4_unicast':
- prefix_list = afi_config['prefix_list'][tmp]
- if 'prefix_list' not in asn_config or prefix_list not in asn_config['prefix_list']:
- raise ConfigError(f'prefix-list "{prefix_list}" used for "{tmp}" does not exist!')
- if afi == 'ipv6_unicast':
- prefix_list = afi_config['prefix_list6'][tmp]
- if 'prefix_list6' not in asn_config or prefix_list not in asn_config['prefix_list6']:
- raise ConfigError(f'prefix-list "{prefix_list}" used for "{tmp}" does not exist!')
-
+ if tmp not in afi_config['prefix_list']:
+ # bail out early
+ continue
+ # get_config_dict() mangles all '-' characters to '_' this is legitim, thus all our
+ # compares will run on '_' as also '_' is a valid name for a prefix-list
+ prefix_list = afi_config['prefix_list'][tmp].replace('-', '_')
+ if afi == 'ipv4_unicast':
+ if dict_search(f'policy.prefix_list.{prefix_list}', asn_config) == None:
+ raise ConfigError(f'prefix-list "{prefix_list}" used for "{tmp}" does not exist!')
+ elif afi == 'ipv6_unicast':
+ if dict_search(f'policy.prefix_list6.{prefix_list}', asn_config) == None:
+ raise ConfigError(f'prefix-list6 "{prefix_list}" used for "{tmp}" does not exist!')
if 'route_map' in afi_config:
for tmp in ['import', 'export']:
if tmp in afi_config['route_map']:
- route_map = afi_config['route_map'][tmp]
- if 'route_map' not in asn_config or route_map not in asn_config['route_map']:
+ # get_config_dict() mangles all '-' characters to '_' this is legitim, thus all our
+ # compares will run on '_' as also '_' is a valid name for a route-map
+ route_map = afi_config['route_map'][tmp].replace('-', '_')
+ if dict_search(f'policy.route_map.{route_map}', asn_config) == None:
raise ConfigError(f'route-map "{route_map}" used for "{tmp}" does not exist!')
diff --git a/src/conf_mode/ssh.py b/src/conf_mode/ssh.py
index 28e606663..8eeb0a7c1 100755
--- a/src/conf_mode/ssh.py
+++ b/src/conf_mode/ssh.py
@@ -77,10 +77,9 @@ def apply(ssh):
if not ssh:
# SSH access is removed in the commit
call('systemctl stop ssh.service')
+ return None
- if ssh:
- call('systemctl restart ssh.service')
-
+ call('systemctl restart ssh.service')
return None
if __name__ == '__main__':
diff --git a/src/conf_mode/system-login.py b/src/conf_mode/system-login.py
index 10d297aff..99af5c757 100755
--- a/src/conf_mode/system-login.py
+++ b/src/conf_mode/system-login.py
@@ -158,11 +158,11 @@ def generate(login):
env = os.environ.copy()
env['vyos_libexec_dir'] = '/usr/libexec/vyos'
- call(f"/opt/vyatta/sbin/my_delete system login user '{user}' "
- "authentication plaintext-password", env=env)
+ call(f"/opt/vyatta/sbin/my_delete system login user '{user}' " \
+ f"authentication plaintext-password", env=env)
- call(f"/opt/vyatta/sbin/my_set system login user '{user}' "
- "authentication encrypted-password '{encrypted_password}'", env=env)
+ call(f"/opt/vyatta/sbin/my_set system login user '{user}' " \
+ f"authentication encrypted-password '{encrypted_password}'", env=env)
else:
try:
if getspnam(user).sp_pwdp == dict_search('authentication.encrypted_password', user_config):
@@ -212,7 +212,6 @@ def apply(login):
else: command += f" -d '/home/{user}'"
command += f' -G frrvty,vyattacfg,sudo,adm,dip,disk {user}'
-
try:
cmd(command)