From 582b718221c67ddb71e39fbad0a72241761304a9 Mon Sep 17 00:00:00 2001
From: Christian Poessinger <christian@poessinger.com>
Date: Sat, 27 Feb 2021 21:37:15 +0100
Subject: tunnel: T3366: rename local-ip to source-address

Streamline the CLI configuration where we try to use source-address when
creating connections which are especially sourced from a discrete address.
---
 .../include/radius-server-ipv4-ipv6.xml.i          | 22 ++++++++++++++-
 .../include/source-address-ipv4-ipv6.xml.i         |  1 -
 .../include/tunnel-local-remote-ip.xml.i           | 20 +-------------
 python/vyos/configverify.py                        | 18 ++++++------
 python/vyos/ifconfig/tunnel.py                     |  4 +--
 smoketest/scripts/cli/test_interfaces_tunnel.py    | 32 +++++++++++-----------
 src/migration-scripts/interfaces/19-to-20          | 13 ++++++---
 7 files changed, 58 insertions(+), 52 deletions(-)

diff --git a/interface-definitions/include/radius-server-ipv4-ipv6.xml.i b/interface-definitions/include/radius-server-ipv4-ipv6.xml.i
index ab3c6d72a..c57d39b6b 100644
--- a/interface-definitions/include/radius-server-ipv4-ipv6.xml.i
+++ b/interface-definitions/include/radius-server-ipv4-ipv6.xml.i
@@ -26,7 +26,27 @@
         #include <include/radius-server-port.xml.i>
       </children>
     </tagNode>
-    #include <include/source-address-ipv4-ipv6.xml.i>
+    <leafNode name="source-address">
+      <properties>
+        <help>Source IP address used to initiate connection</help>
+        <completionHelp>
+          <script>${vyos_completion_dir}/list_local_ips.sh --both</script>
+        </completionHelp>
+        <valueHelp>
+          <format>ipv4</format>
+          <description>IPv4 source address</description>
+        </valueHelp>
+        <valueHelp>
+          <format>ipv6</format>
+          <description>IPv6 source address</description>
+        </valueHelp>
+        <constraint>
+          <validator name="ipv4-address"/>
+          <validator name="ipv6-address"/>
+        </constraint>
+        <multi/>
+      </properties>
+    </leafNode>
   </children>
 </node>
 <!-- included end -->
diff --git a/interface-definitions/include/source-address-ipv4-ipv6.xml.i b/interface-definitions/include/source-address-ipv4-ipv6.xml.i
index 4da4698c2..004e04f7b 100644
--- a/interface-definitions/include/source-address-ipv4-ipv6.xml.i
+++ b/interface-definitions/include/source-address-ipv4-ipv6.xml.i
@@ -17,7 +17,6 @@
       <validator name="ipv4-address"/>
       <validator name="ipv6-address"/>
     </constraint>
-    <multi/>
   </properties>
 </leafNode>
 <!-- included end -->
diff --git a/interface-definitions/include/tunnel-local-remote-ip.xml.i b/interface-definitions/include/tunnel-local-remote-ip.xml.i
index 85c20f482..f86e1dd8c 100644
--- a/interface-definitions/include/tunnel-local-remote-ip.xml.i
+++ b/interface-definitions/include/tunnel-local-remote-ip.xml.i
@@ -1,23 +1,5 @@
 <!-- included start from tunnel-local-remote-ip.xml.i -->
-<leafNode name="local-ip">
-  <properties>
-    <help>Local IP address for this tunnel</help>
-    <valueHelp>
-      <format>ipv4</format>
-      <description>Local IPv4 address for this tunnel</description>
-    </valueHelp>
-    <valueHelp>
-      <format>ipv6</format>
-      <description>Local IPv6 address for this tunnel</description>
-    </valueHelp>
-    <completionHelp>
-      <script>${vyos_completion_dir}/list_local_ips.sh --both</script>
-    </completionHelp>
-    <constraint>
-      <validator name="ip-address"/>
-    </constraint>
-  </properties>
-</leafNode>
+#include <include/source-address-ipv4-ipv6.xml.i>
 <leafNode name="remote-ip">
   <properties>
     <help>Remote IP address for this tunnel</help>
diff --git a/python/vyos/configverify.py b/python/vyos/configverify.py
index 8286a735c..c901ccbc5 100644
--- a/python/vyos/configverify.py
+++ b/python/vyos/configverify.py
@@ -100,26 +100,26 @@ def verify_tunnel(config):
         raise ConfigError('Must configure the tunnel encapsulation for '\
                           '{ifname}!'.format(**config))
 
-    if 'local_ip' not in config and 'dhcp_interface' not in config:
-        raise ConfigError('local-ip is mandatory for tunnel')
+    if 'source_address' not in config and 'dhcp_interface' not in config:
+        raise ConfigError('source-address is mandatory for tunnel')
 
     if 'remote_ip' not in config and config['encapsulation'] != 'gre':
         raise ConfigError('remote-ip is mandatory for tunnel')
 
-    if {'local_ip', 'dhcp_interface'} <= set(config):
-        raise ConfigError('Can not use both local-ip and dhcp-interface')
+    if {'source_address', 'dhcp_interface'} <= set(config):
+        raise ConfigError('Can not use both source-address and dhcp-interface')
 
     if config['encapsulation'] in ['ipip6', 'ip6ip6', 'ip6gre', 'ip6erspan']:
         error_ipv6 = 'Encapsulation mode requires IPv6'
-        if 'local_ip' in config and not is_ipv6(config['local_ip']):
-            raise ConfigError(f'{error_ipv6} local-ip')
+        if 'source_address' in config and not is_ipv6(config['source_address']):
+            raise ConfigError(f'{error_ipv6} source-address')
 
         if 'remote_ip' in config and not is_ipv6(config['remote_ip']):
             raise ConfigError(f'{error_ipv6} remote-ip')
     else:
         error_ipv4 = 'Encapsulation mode requires IPv4'
-        if 'local_ip' in config and not is_ipv4(config['local_ip']):
-            raise ConfigError(f'{error_ipv4} local-ip')
+        if 'source_address' in config and not is_ipv4(config['source_address']):
+            raise ConfigError(f'{error_ipv4} source-address')
 
         if 'remote_ip' in config and not is_ipv4(config['remote_ip']):
             raise ConfigError(f'{error_ipv4} remote-ip')
@@ -130,7 +130,7 @@ def verify_tunnel(config):
             raise ConfigError(f'Option source-interface can not be used with ' \
                               f'encapsulation "{encapsulation}"!')
     elif config['encapsulation'] == 'gre':
-        if 'local_ip' in config and is_ipv6(config['local_ip']):
+        if 'source_address' in config and is_ipv6(config['source_address']):
             raise ConfigError('Can not use local IPv6 address is for mGRE tunnels')
 
 def verify_eapol(config):
diff --git a/python/vyos/ifconfig/tunnel.py b/python/vyos/ifconfig/tunnel.py
index a74d50646..2820e2563 100644
--- a/python/vyos/ifconfig/tunnel.py
+++ b/python/vyos/ifconfig/tunnel.py
@@ -51,9 +51,9 @@ class TunnelIf(Interface):
     # - https://man7.org/linux/man-pages/man8/ip-link.8.html
     # - https://man7.org/linux/man-pages/man8/ip-tunnel.8.html
     mapping = {
-        'local_ip'                        : 'local',
-        'remote_ip'                       : 'remote',
+        'source_address'                  : 'local',
         'source_interface'                : 'dev',
+        'remote_ip'                       : 'remote',
         'parameters.ip.key'               : 'key',
         'parameters.ip.tos'               : 'tos',
         'parameters.ip.ttl'               : 'ttl',
diff --git a/smoketest/scripts/cli/test_interfaces_tunnel.py b/smoketest/scripts/cli/test_interfaces_tunnel.py
index 0bbc807db..cf7e7aac9 100755
--- a/smoketest/scripts/cli/test_interfaces_tunnel.py
+++ b/smoketest/scripts/cli/test_interfaces_tunnel.py
@@ -71,8 +71,8 @@ class TunnelInterfaceTest(BasicInterfaceTest.BaseTest):
         cls.local_v4 = '192.0.2.1'
         cls.local_v6 = '2001:db8::1'
         cls._options = {
-            'tun10': ['encapsulation ipip', 'remote-ip 192.0.2.10', 'local-ip ' + cls.local_v4],
-            'tun20': ['encapsulation gre',  'remote-ip 192.0.2.20', 'local-ip ' + cls.local_v4],
+            'tun10': ['encapsulation ipip', 'remote-ip 192.0.2.10', 'source-address ' + cls.local_v4],
+            'tun20': ['encapsulation gre',  'remote-ip 192.0.2.20', 'source-address ' + cls.local_v4],
         }
         cls._interfaces = list(cls._options)
 
@@ -94,15 +94,15 @@ class TunnelInterfaceTest(BasicInterfaceTest.BaseTest):
         for encapsulation in ['ipip', 'sit', 'gre', 'gretap']:
             self.session.set(self._base_path + [interface, 'address', local_if_addr])
             self.session.set(self._base_path + [interface, 'encapsulation', encapsulation])
-            self.session.set(self._base_path + [interface, 'local-ip', self.local_v6])
+            self.session.set(self._base_path + [interface, 'source-address', self.local_v6])
             self.session.set(self._base_path + [interface, 'remote-ip', remote_ip6])
 
-            # Encapsulation mode requires IPv4 local-ip
+            # Encapsulation mode requires IPv4 source-address
             with self.assertRaises(ConfigSessionError):
                 self.session.commit()
-            self.session.set(self._base_path + [interface, 'local-ip', self.local_v4])
+            self.session.set(self._base_path + [interface, 'source-address', self.local_v4])
 
-            # Encapsulation mode requires IPv4 local-ip
+            # Encapsulation mode requires IPv4 remote-ip
             with self.assertRaises(ConfigSessionError):
                 self.session.commit()
             self.session.set(self._base_path + [interface, 'remote-ip', remote_ip4])
@@ -141,15 +141,15 @@ class TunnelInterfaceTest(BasicInterfaceTest.BaseTest):
         for encapsulation in ['ipip6', 'ip6ip6', 'ip6gre']:
             self.session.set(self._base_path + [interface, 'address', local_if_addr])
             self.session.set(self._base_path + [interface, 'encapsulation', encapsulation])
-            self.session.set(self._base_path + [interface, 'local-ip', self.local_v4])
+            self.session.set(self._base_path + [interface, 'source-address', self.local_v4])
             self.session.set(self._base_path + [interface, 'remote-ip', remote_ip4])
 
-            # Encapsulation mode requires IPv6 local-ip
+            # Encapsulation mode requires IPv6 source-address
             with self.assertRaises(ConfigSessionError):
                 self.session.commit()
-            self.session.set(self._base_path + [interface, 'local-ip', self.local_v6])
+            self.session.set(self._base_path + [interface, 'source-address', self.local_v6])
 
-            # Encapsulation mode requires IPv6 local-ip
+            # Encapsulation mode requires IPv6 remote-ip
             with self.assertRaises(ConfigSessionError):
                 self.session.commit()
             self.session.set(self._base_path + [interface, 'remote-ip', remote_ip6])
@@ -182,18 +182,18 @@ class TunnelInterfaceTest(BasicInterfaceTest.BaseTest):
             self.session.commit()
 
     def test_tunnel_verify_local_dhcp(self):
-        # We can not use local-ip and dhcp-interface at the same time
+        # We can not use source-address and dhcp-interface at the same time
 
         interface = f'tun1020'
         local_if_addr = f'10.0.0.1/24'
 
         self.session.set(self._base_path + [interface, 'address', local_if_addr])
         self.session.set(self._base_path + [interface, 'encapsulation', 'gre'])
-        self.session.set(self._base_path + [interface, 'local-ip', self.local_v4])
+        self.session.set(self._base_path + [interface, 'source-address', self.local_v4])
         self.session.set(self._base_path + [interface, 'remote-ip', remote_ip4])
         self.session.set(self._base_path + [interface, 'dhcp-interface', 'eth0'])
 
-        # local-ip and dhcp-interface can not be used at the same time
+        # source-address and dhcp-interface can not be used at the same time
         with self.assertRaises(ConfigSessionError):
             self.session.commit()
         self.session.delete(self._base_path + [interface, 'dhcp-interface'])
@@ -208,7 +208,7 @@ class TunnelInterfaceTest(BasicInterfaceTest.BaseTest):
         tos = '20'
 
         self.session.set(self._base_path + [interface, 'encapsulation', encapsulation])
-        self.session.set(self._base_path + [interface, 'local-ip', self.local_v4])
+        self.session.set(self._base_path + [interface, 'source-address', self.local_v4])
         self.session.set(self._base_path + [interface, 'remote-ip', remote_ip4])
 
         self.session.set(self._base_path + [interface, 'parameters', 'ip', 'no-pmtu-discovery'])
@@ -234,7 +234,7 @@ class TunnelInterfaceTest(BasicInterfaceTest.BaseTest):
         tos = '20'
 
         self.session.set(self._base_path + [interface, 'encapsulation', encapsulation])
-        self.session.set(self._base_path + [interface, 'local-ip', self.local_v4])
+        self.session.set(self._base_path + [interface, 'source-address', self.local_v4])
         self.session.set(self._base_path + [interface, 'remote-ip', remote_ip4])
 
         # Check if commit is ok
@@ -258,4 +258,4 @@ class TunnelInterfaceTest(BasicInterfaceTest.BaseTest):
         self.assertEqual(new_remote,    conf['linkinfo']['info_data']['remote'])
 
 if __name__ == '__main__':
-    unittest.main(verbosity=2)
+    unittest.main(verbosity=2, failfast=True)
diff --git a/src/migration-scripts/interfaces/19-to-20 b/src/migration-scripts/interfaces/19-to-20
index be42cdd61..1727ac4dc 100755
--- a/src/migration-scripts/interfaces/19-to-20
+++ b/src/migration-scripts/interfaces/19-to-20
@@ -36,12 +36,17 @@ if __name__ == '__main__':
 
     #
     # Migrate "interface tunnel <tunX> encapsulation gre-bridge" to gretap
+    # Migrate "interface tunnel <tunX> local-ip" to source-address
     for interface in config.list_nodes(base):
-        path = base + [interface, 'encapsulation']
-        if config.exists(path):
-            tmp = config.return_value(path)
+        encap_path = base + [interface, 'encapsulation']
+        if config.exists(encap_path):
+            tmp = config.return_value(encap_path)
             if tmp == 'gre-bridge':
-                config.set(path, value='gretap')
+                config.set(encap_path, value='gretap')
+
+        local_ip_path = base + [interface, 'local-ip']
+        if config.exists(local_ip_path):
+            config.rename(local_ip_path, 'source-address')
 
     try:
         with open(file_name, 'w') as f:
-- 
cgit v1.2.3