diff options
Diffstat (limited to 'src')
-rwxr-xr-x | src/conf_mode/nat.py | 2 | ||||
-rwxr-xr-x | src/conf_mode/protocols_bgp.py | 46 | ||||
-rwxr-xr-x | src/conf_mode/ssh.py | 5 | ||||
-rwxr-xr-x | src/conf_mode/system-login.py | 9 |
4 files changed, 27 insertions, 35 deletions
diff --git a/src/conf_mode/nat.py b/src/conf_mode/nat.py index 1ccec3d2e..2d98cb11b 100755 --- a/src/conf_mode/nat.py +++ b/src/conf_mode/nat.py @@ -88,7 +88,7 @@ def get_config(config=None): for direction in ['source', 'destination']: if direction in nat: default_values = defaults(base + [direction, 'rule']) - for rule in nat[direction]['rule']: + for rule in dict_search(f'{direction}.rule', nat) or []: nat[direction]['rule'][rule] = dict_merge(default_values, nat[direction]['rule'][rule]) diff --git a/src/conf_mode/protocols_bgp.py b/src/conf_mode/protocols_bgp.py index 678be5066..de0148b2f 100755 --- a/src/conf_mode/protocols_bgp.py +++ b/src/conf_mode/protocols_bgp.py @@ -1,6 +1,6 @@ #!/usr/bin/env python3 # -# Copyright (C) 2020 VyOS maintainers and contributors +# Copyright (C) 2020-2021 VyOS maintainers and contributors # # This program is free software; you can redistribute it and/or modify # it under the terms of the GNU General Public License version 2 or later as @@ -31,22 +31,16 @@ config_file = r'/tmp/bgp.frr' def get_config(): conf = Config() - base = ['protocols', 'nbgp'] + base = ['protocols', 'bgp'] bgp = conf.get_config_dict(base, key_mangling=('-', '_'), get_first_key=True) - # XXX: any reason we can not move this into the FRR template? - # we shall not call vtysh directly, especially not in get_config() if not conf.exists(base): - bgp = {} - call('vtysh -c \"conf t\" -c \"no ip protocol bgp\" ') - - if not conf.exists(base + ['route-map']): - call('vtysh -c \"conf t\" -c \"no ip protocol bgp\" ') + return bgp # We also need some additional information from the config, # prefix-lists and route-maps for instance. base = ['policy'] - tmp = conf.get_config_dict(base, key_mangling=('-', '_'), get_first_key=True) + tmp = conf.get_config_dict(base, key_mangling=('-', '_')) # As we only support one ASN (later checked in begin of verify()) we add the # new information only to the first AS number asn = next(iter(bgp)) @@ -64,15 +58,11 @@ def verify(bgp): raise ConfigError('Only one BGP AS number can be defined!') for asn, asn_config in bgp.items(): - import pprint - pprint.pprint(asn_config) - # Common verification for both peer-group and neighbor statements for neighbor in ['neighbor', 'peer_group']: # bail out early if there is no neighbor or peer-group statement # this also saves one indention level if neighbor not in asn_config: - print(f'no {neighbor} found in config') continue for peer, peer_config in asn_config[neighbor].items(): @@ -101,22 +91,26 @@ def verify(bgp): # Validate if configured Prefix list exists if 'prefix_list' in afi_config: for tmp in ['import', 'export']: - if tmp in afi_config['prefix_list']: - if afi == 'ipv4_unicast': - prefix_list = afi_config['prefix_list'][tmp] - if 'prefix_list' not in asn_config or prefix_list not in asn_config['prefix_list']: - raise ConfigError(f'prefix-list "{prefix_list}" used for "{tmp}" does not exist!') - if afi == 'ipv6_unicast': - prefix_list = afi_config['prefix_list6'][tmp] - if 'prefix_list6' not in asn_config or prefix_list not in asn_config['prefix_list6']: - raise ConfigError(f'prefix-list "{prefix_list}" used for "{tmp}" does not exist!') - + if tmp not in afi_config['prefix_list']: + # bail out early + continue + # get_config_dict() mangles all '-' characters to '_' this is legitim, thus all our + # compares will run on '_' as also '_' is a valid name for a prefix-list + prefix_list = afi_config['prefix_list'][tmp].replace('-', '_') + if afi == 'ipv4_unicast': + if dict_search(f'policy.prefix_list.{prefix_list}', asn_config) == None: + raise ConfigError(f'prefix-list "{prefix_list}" used for "{tmp}" does not exist!') + elif afi == 'ipv6_unicast': + if dict_search(f'policy.prefix_list6.{prefix_list}', asn_config) == None: + raise ConfigError(f'prefix-list6 "{prefix_list}" used for "{tmp}" does not exist!') if 'route_map' in afi_config: for tmp in ['import', 'export']: if tmp in afi_config['route_map']: - route_map = afi_config['route_map'][tmp] - if 'route_map' not in asn_config or route_map not in asn_config['route_map']: + # get_config_dict() mangles all '-' characters to '_' this is legitim, thus all our + # compares will run on '_' as also '_' is a valid name for a route-map + route_map = afi_config['route_map'][tmp].replace('-', '_') + if dict_search(f'policy.route_map.{route_map}', asn_config) == None: raise ConfigError(f'route-map "{route_map}" used for "{tmp}" does not exist!') diff --git a/src/conf_mode/ssh.py b/src/conf_mode/ssh.py index 28e606663..8eeb0a7c1 100755 --- a/src/conf_mode/ssh.py +++ b/src/conf_mode/ssh.py @@ -77,10 +77,9 @@ def apply(ssh): if not ssh: # SSH access is removed in the commit call('systemctl stop ssh.service') + return None - if ssh: - call('systemctl restart ssh.service') - + call('systemctl restart ssh.service') return None if __name__ == '__main__': diff --git a/src/conf_mode/system-login.py b/src/conf_mode/system-login.py index 10d297aff..99af5c757 100755 --- a/src/conf_mode/system-login.py +++ b/src/conf_mode/system-login.py @@ -158,11 +158,11 @@ def generate(login): env = os.environ.copy() env['vyos_libexec_dir'] = '/usr/libexec/vyos' - call(f"/opt/vyatta/sbin/my_delete system login user '{user}' " - "authentication plaintext-password", env=env) + call(f"/opt/vyatta/sbin/my_delete system login user '{user}' " \ + f"authentication plaintext-password", env=env) - call(f"/opt/vyatta/sbin/my_set system login user '{user}' " - "authentication encrypted-password '{encrypted_password}'", env=env) + call(f"/opt/vyatta/sbin/my_set system login user '{user}' " \ + f"authentication encrypted-password '{encrypted_password}'", env=env) else: try: if getspnam(user).sp_pwdp == dict_search('authentication.encrypted_password', user_config): @@ -212,7 +212,6 @@ def apply(login): else: command += f" -d '/home/{user}'" command += f' -G frrvty,vyattacfg,sudo,adm,dip,disk {user}' - try: cmd(command) |