From 743ecd29fc3e848d2a41d3f252a931d9998c5f91 Mon Sep 17 00:00:00 2001
From: Indrajit Raychaudhuri <irc@indrajit.com>
Date: Mon, 11 Dec 2023 17:34:04 -0400
Subject: ddclient: T5144: Fix migration to avoid config name conflict
When migrating from `service dns dynamic interface <interface> ...` to
`service dns dynamic address <address> ...`, the config name can
potentially have a conflict when `address == 'web'`.
Although the `/run/ddclient/ddclient.conf` that was generated earlier
was incorrect, one could still potentially have misconfigured VyOS
config without realizing it.
We now append the old <interface> name to the config name to avoid
conflict.
---
src/migration-scripts/dns-dynamic/0-to-1 | 29 +++++++++++++++++++++--------
1 file changed, 21 insertions(+), 8 deletions(-)
diff --git a/src/migration-scripts/dns-dynamic/0-to-1 b/src/migration-scripts/dns-dynamic/0-to-1
index d80e8d44a..4f6083eab 100755
--- a/src/migration-scripts/dns-dynamic/0-to-1
+++ b/src/migration-scripts/dns-dynamic/0-to-1
@@ -81,20 +81,33 @@ for address in config.list_nodes(new_base_path):
config.rename(new_base_path + [address, 'service', svc_cfg, 'login'], 'username')
# Apply global 'ipv6-enable' to per <config> 'ip-version: ipv6'
if config.exists(new_base_path + [address, 'ipv6-enable']):
- config.set(new_base_path + [address, 'service', svc_cfg, 'ip-version'],
- value='ipv6', replace=False)
+ config.set(new_base_path + [address, 'service', svc_cfg, 'ip-version'], 'ipv6')
config.delete(new_base_path + [address, 'ipv6-enable'])
# Apply service protocol mapping upfront, they are not 'auto-detected' anymore
if svc_cfg in service_protocol_mapping:
config.set(new_base_path + [address, 'service', svc_cfg, 'protocol'],
- value=service_protocol_mapping.get(svc_cfg), replace=False)
+ service_protocol_mapping.get(svc_cfg))
- # Migrate "service dns dynamic interface <interface> use-web"
- # to "service dns dynamic address <address> web-options"
- # Also, rename <address> to 'web' literal for backward compatibility
+ # If use-web is set, then:
+ # Move "service dns dynamic address <address> <service|rfc2136> <service> ..."
+ # to "service dns dynamic address web <service|rfc2136> <service>-<address> ..."
+ # Move "service dns dynamic address web use-web ..."
+ # to "service dns dynamic address web web-options ..."
+ # Note: The config is named <service>-<address> to avoid name conflict with old entries
if config.exists(new_base_path + [address, 'use-web']):
- config.rename(new_base_path + [address], 'web')
- config.rename(new_base_path + ['web', 'use-web'], 'web-options')
+ for svc_type in ['rfc2136', 'service']:
+ if config.exists(new_base_path + [address, svc_type]):
+ config.set(new_base_path + ['web', svc_type])
+ config.set_tag(new_base_path + ['web', svc_type])
+ for svc_cfg in config.list_nodes(new_base_path + [address, svc_type]):
+ config.copy(new_base_path + [address, svc_type, svc_cfg],
+ new_base_path + ['web', svc_type, f'{svc_cfg}-{address}'])
+
+ # Multiple web-options were not supported, so copy only the first one
+ if not config.exists(new_base_path + ['web', 'web-options']):
+ config.copy(new_base_path + [address, 'use-web'], new_base_path + ['web', 'web-options'])
+
+ config.delete(new_base_path + [address])
try:
with open(file_name, 'w') as f:
--
cgit v1.2.3
From b0beb1cb732cdf950917f1eb419f66cc4f007f29 Mon Sep 17 00:00:00 2001
From: Indrajit Raychaudhuri <irc@indrajit.com>
Date: Wed, 13 Dec 2023 16:32:32 -0600
Subject: ddclient: T5791: Enforce alphanumeric constraint on service name
Enforce constraint on Dynamic DNS service name to be alphanumeric
(including hyphens and underscores).
---
interface-definitions/dns-dynamic.xml.in | 4 ++++
1 file changed, 4 insertions(+)
diff --git a/interface-definitions/dns-dynamic.xml.in b/interface-definitions/dns-dynamic.xml.in
index f089f0e52..388e7c5d2 100644
--- a/interface-definitions/dns-dynamic.xml.in
+++ b/interface-definitions/dns-dynamic.xml.in
@@ -19,6 +19,10 @@
<format>txt</format>
<description>Dynamic DNS service name</description>
</valueHelp>
+ <constraint>
+ #include <include/constraint/alpha-numeric-hyphen-underscore.xml.i>
+ </constraint>
+ <constraintErrorMessage>Dynamic DNS service name must be alphanumeric and can contain hyphens and underscores</constraintErrorMessage>
</properties>
<children>
#include <include/generic-description.xml.i>
--
cgit v1.2.3
From 2b96bc8532b61be96cea92cc1c5468bd5fc3d968 Mon Sep 17 00:00:00 2001
From: Indrajit Raychaudhuri <irc@indrajit.com>
Date: Mon, 11 Dec 2023 18:02:02 -0400
Subject: ddclient: T5791: Fix migration to normalize config name and avoid
config
Since `service dns dynamic address <address> service <service> ...`
changed to `service dns dynamic name <service> address <address> ...`,
the resulting service and address config flip can result in conflicting
`service` name.
Additionally, since dynamic DNS service name now have name constraint,
we need to normalize the service name to conform with the constraint.
We now migrate the service name to (service|rfc2136)-<service>-<address>
to avoid the conflict and optionally append an index if there is still a
name conflict after normalization.
---
src/migration-scripts/dns-dynamic/2-to-3 | 45 +++++++++++++++++++++++++++-----
1 file changed, 38 insertions(+), 7 deletions(-)
diff --git a/src/migration-scripts/dns-dynamic/2-to-3 b/src/migration-scripts/dns-dynamic/2-to-3
index 187c2a895..e5910f7b4 100755
--- a/src/migration-scripts/dns-dynamic/2-to-3
+++ b/src/migration-scripts/dns-dynamic/2-to-3
@@ -21,10 +21,27 @@
# to "service dns dynamic name <service> address <interface> protocol 'nsupdate'"
# - migrate "service dns dynamic address <interface> service <service> ..."
# to "service dns dynamic name <service> address <interface> ..."
+# - normalize the all service names to conform with name constraints
import sys
+import re
+from unicodedata import normalize
from vyos.configtree import ConfigTree
+def normalize_name(name):
+ """Normalize service names to conform with name constraints.
+
+ This is necessary as part of migration because there were no constraints in
+ the old name format.
+ """
+ # Normalize unicode characters to ASCII (NFKD)
+ # Replace all separators with hypens, strip leading and trailing hyphens
+ name = normalize('NFKD', name).encode('ascii', 'ignore').decode()
+ name = re.sub(r'(\s|\W)+', '-', name).strip('-')
+
+ return name
+
+
if len(sys.argv) < 2:
print("Must specify file name!")
sys.exit(1)
@@ -64,22 +81,36 @@ for address in config.list_nodes(address_path):
for svc_type in ['service', 'rfc2136']:
if config.exists(address_path_tag + [svc_type]):
- # Move RFC2136 as service configuration, rename to avoid name conflict and set protocol to 'nsupdate'
+ # Set protocol to 'nsupdate' for RFC2136 configuration
if svc_type == 'rfc2136':
- for rfc_cfg_old in config.list_nodes(address_path_tag + ['rfc2136']):
- rfc_cfg_new = f'{rfc_cfg_old}-rfc2136'
- config.rename(address_path_tag + ['rfc2136', rfc_cfg_old], rfc_cfg_new)
- config.set(address_path_tag + ['rfc2136', rfc_cfg_new, 'protocol'], 'nsupdate')
+ for rfc_cfg in config.list_nodes(address_path_tag + ['rfc2136']):
+ config.set(address_path_tag + ['rfc2136', rfc_cfg, 'protocol'], 'nsupdate')
# Add address as config value in each service before moving the service path
- # And then copy the services from 'address <interface> service <service>' to 'name <service>'
+ # And then copy the services from 'address <interface> service <service>'
+ # to 'name (service|rfc2136)-<service>-<address>'
+ # Note: The new service is named (service|rfc2136)-<service>-<address>
+ # to avoid name conflict with old entries
for svc_cfg in config.list_nodes(address_path_tag + [svc_type]):
config.set(address_path_tag + [svc_type, svc_cfg, 'address'], address)
- config.copy(address_path_tag + [svc_type, svc_cfg], name_path + [svc_cfg])
+ config.copy(address_path_tag + [svc_type, svc_cfg],
+ name_path + ['-'.join([svc_type, svc_cfg, address])])
# Finally cleanup the old address path
config.delete(address_path)
+# Normalize the all service names to conform with name constraints
+index = 1
+for name in config.list_nodes(name_path):
+ new_name = normalize_name(name)
+ if new_name != name:
+ # Append index if there is still a name conflicts after normalization
+ # For example, "foo-?(" and "foo-!)" both normalize to "foo-"
+ if config.exists(name_path + [new_name]):
+ new_name = f'{new_name}-{index}'
+ index += 1
+ config.rename(name_path + [name], new_name)
+
try:
with open(file_name, 'w') as f:
f.write(config.to_string())
--
cgit v1.2.3