From 982cb6768f8bc9255d68ebb7669421c7410ec080 Mon Sep 17 00:00:00 2001 From: Christian Poessinger Date: Sun, 3 Apr 2022 12:11:29 +0200 Subject: isis: T4336: add support for MD5 authentication password on a circuit (cherry picked from commit a6c936997611de85dc73152297679d0b53095713) --- data/templates/frr/isisd.frr.tmpl | 4 +- interface-definitions/include/isis/password.xml.i | 20 ++++++++ .../include/isis/protocol-common-config.xml.i | 54 +++------------------- 3 files changed, 29 insertions(+), 49 deletions(-) create mode 100644 interface-definitions/include/isis/password.xml.i diff --git a/data/templates/frr/isisd.frr.tmpl b/data/templates/frr/isisd.frr.tmpl index 40c7f8aa1..324419456 100644 --- a/data/templates/frr/isisd.frr.tmpl +++ b/data/templates/frr/isisd.frr.tmpl @@ -181,7 +181,9 @@ interface {{ iface }} {{ 'vrf ' + vrf if vrf is defined and vrf is not none }} {% if iface_config.passive is defined %} isis passive {% endif %} -{% if iface_config.password is defined and iface_config.password.plaintext_password is defined and iface_config.password.plaintext_password is not none %} +{% if iface_config.password is defined and iface_config.password.md5 is defined and iface_config.password.md5 is not none %} + isis password md5 {{ iface_config.password.md5 }} +{% elif iface_config.password is defined and iface_config.password.plaintext_password is defined and iface_config.password.plaintext_password is not none %} isis password clear {{ iface_config.password.plaintext_password }} {% endif %} {% if iface_config.priority is defined and iface_config.priority is not none %} diff --git a/interface-definitions/include/isis/password.xml.i b/interface-definitions/include/isis/password.xml.i new file mode 100644 index 000000000..27c3b0fa0 --- /dev/null +++ b/interface-definitions/include/isis/password.xml.i @@ -0,0 +1,20 @@ + + + + Plain-text authentication type + + txt + Circuit password + + + + + + MD5 authentication type + + txt + Level-wide password + + + + diff --git a/interface-definitions/include/isis/protocol-common-config.xml.i b/interface-definitions/include/isis/protocol-common-config.xml.i index 84e2f7bb2..190fa6149 100644 --- a/interface-definitions/include/isis/protocol-common-config.xml.i +++ b/interface-definitions/include/isis/protocol-common-config.xml.i @@ -4,24 +4,7 @@ Configure the authentication password for an area - - - Plain-text authentication type - - txt - Level-wide password - - - - - - MD5 authentication type - - txt - Level-wide password - - - + #include @@ -59,24 +42,7 @@ Set the authentication password for a routing domain - - - Plain-text authentication type - - txt - Level-wide password - - - - - - MD5 authentication type - - txt - Level-wide password - - - + #include @@ -104,7 +70,7 @@ Act as an area router - ^(level-1|level-1-2|level-2)$ + (level-1|level-1-2|level-2) @@ -182,7 +148,7 @@ Use new style of TLVs to carry wider metric - ^(narrow|transition|wide)$ + (narrow|transition|wide) @@ -668,7 +634,7 @@ Level-2 only adjacencies are formed - ^(level-1|level-1-2|level-2-only)$ + (level-1|level-1-2|level-2-only) @@ -722,15 +688,7 @@ Configure the authentication password for a circuit - - - Plain-text authentication type - - txt - Circuit password - - - + #include -- cgit v1.2.3 From b8b336aeaafffb9980c2690aeb2b524c40eebeb9 Mon Sep 17 00:00:00 2001 From: Christian Poessinger Date: Sun, 3 Apr 2022 12:12:21 +0200 Subject: smoketest: isis: extend testcase to verify 'is-type level-2-only' can be set (cherry picked from commit 16a88f6b86e4ab920178701f6b3c02e893f337e8) --- smoketest/scripts/cli/test_protocols_isis.py | 22 ++++++++++++++++------ 1 file changed, 16 insertions(+), 6 deletions(-) diff --git a/smoketest/scripts/cli/test_protocols_isis.py b/smoketest/scripts/cli/test_protocols_isis.py index ede217065..167cd05f8 100755 --- a/smoketest/scripts/cli/test_protocols_isis.py +++ b/smoketest/scripts/cli/test_protocols_isis.py @@ -71,13 +71,13 @@ class TestProtocolsISIS(VyOSUnitTestSHIM.TestCase): self.cli_commit() # Verify all changes - tmp = self.getFRRconfig(f'router isis {domain}') + tmp = self.getFRRconfig(f'router isis {domain}', daemon='isisd') self.assertIn(f' net {net}', tmp) self.assertIn(f' log-adjacency-changes', tmp) self.assertIn(f' redistribute ipv4 connected level-2 route-map {route_map}', tmp) for interface in self._interfaces: - tmp = self.getFRRconfig(f'interface {interface}') + tmp = self.getFRRconfig(f'interface {interface}', daemon='isisd') self.assertIn(f' ip router isis {domain}', tmp) self.assertIn(f' ipv6 router isis {domain}', tmp) @@ -93,22 +93,26 @@ class TestProtocolsISIS(VyOSUnitTestSHIM.TestCase): self.isis_base_config() self.cli_set(base_path + ['redistribute', 'ipv4', 'connected', 'level-2', 'route-map', route_map]) self.cli_set(base_path + ['route-map', route_map]) + self.cli_set(base_path + ['level', 'level-2']) # commit changes self.cli_commit() # Verify FRR configuration zebra_route_map = f'ip protocol isis route-map {route_map}' - frrconfig = self.getFRRconfig(zebra_route_map) + frrconfig = self.getFRRconfig(zebra_route_map, daemon='zebra') self.assertIn(zebra_route_map, frrconfig) + tmp = self.getFRRconfig(f'router isis {domain}', daemon='isisd') + self.assertIn(' is-type level-2-only', tmp) + # Remove the route-map again self.cli_delete(base_path + ['route-map']) # commit changes self.cli_commit() # Verify FRR configuration - frrconfig = self.getFRRconfig(zebra_route_map) + frrconfig = self.getFRRconfig(zebra_route_map, daemon='zebra') self.assertNotIn(zebra_route_map, frrconfig) self.cli_delete(['policy', 'route-map', route_map]) @@ -128,7 +132,7 @@ class TestProtocolsISIS(VyOSUnitTestSHIM.TestCase): self.cli_commit() # Verify all changes - tmp = self.getFRRconfig(f'router isis {domain}') + tmp = self.getFRRconfig(f'router isis {domain}', daemon='isisd') self.assertIn(f' net {net}', tmp) for afi in ['ipv4', 'ipv6']: @@ -140,6 +144,8 @@ class TestProtocolsISIS(VyOSUnitTestSHIM.TestCase): password = 'foo' self.isis_base_config() + for interface in self._interfaces: + self.cli_set(base_path + ['interface', interface, 'password', 'plaintext-password', f'{password}-{interface}']) self.cli_set(base_path + ['area-password', 'plaintext-password', password]) self.cli_set(base_path + ['area-password', 'md5', password]) @@ -160,11 +166,15 @@ class TestProtocolsISIS(VyOSUnitTestSHIM.TestCase): self.cli_commit() # Verify all changes - tmp = self.getFRRconfig(f'router isis {domain}') + tmp = self.getFRRconfig(f'router isis {domain}', daemon='isisd') self.assertIn(f' net {net}', tmp) self.assertIn(f' domain-password clear {password}', tmp) self.assertIn(f' area-password clear {password}', tmp) + for interface in self._interfaces: + tmp = self.getFRRconfig(f'interface {interface}', daemon='isisd') + self.assertIn(f' isis password clear {password}-{interface}', tmp) + def test_isis_06_spf_delay(self): network = 'point-to-point' holddown = '10' -- cgit v1.2.3