From d40dd615f9ea46b28b2e968c2ba4fff18866cf5f Mon Sep 17 00:00:00 2001 From: Christian Poessinger Date: Sun, 18 Apr 2021 13:22:47 +0200 Subject: policy: T2425: verify other policy types and probe for mandatory options --- src/conf_mode/policy.py | 47 +++++++++++++++++++++++++++-------------------- 1 file changed, 27 insertions(+), 20 deletions(-) diff --git a/src/conf_mode/policy.py b/src/conf_mode/policy.py index a8244ca26..d461511f8 100755 --- a/src/conf_mode/policy.py +++ b/src/conf_mode/policy.py @@ -14,8 +14,6 @@ # You should have received a copy of the GNU General Public License # along with this program. If not, see . -import os - from sys import exit from vyos.config import Config @@ -43,34 +41,43 @@ def verify(policy): if not policy: return None - def verify_access_list(acl, rule, rule_config): - error_append = f'must be specified for rule {rule} in access-list {acl}!' - if 'source' not in rule_config: - raise ConfigError(f'Source {error_append}') - - if int(acl) in range(100, 200) or int(acl) in range(2000, 2700): - if 'destination' not in rule_config: - raise ConfigError(f'Destination {error_append}') - - for type in ['access_list', 'access_list6', 'as_path_list', 'community_list', - 'extcommunity_list', 'large_community_list', 'prefix_list', - 'prefix_list6', 'route_map']: + for policy_type in ['access_list', 'access_list6', 'as_path_list', + 'community_list', 'extcommunity_list', 'large_community_list', + 'prefix_list', 'prefix_list6', 'route_map']: # Bail out early and continue with next policy type - if type not in policy: + if policy_type not in policy: continue + # instance can be an ACL name/number, prefix-list name or route-map name - for instance, instance_config in policy[type].items(): + for instance, instance_config in policy[policy_type].items(): # If no rule was found within the instance ... sad, but we can leave # early as nothing needs to be verified if 'rule' not in instance_config: continue + + # human readable instance name (hypen instead of underscore) + policy_hr = policy_type.replace('_', '-') for rule, rule_config in instance_config['rule'].items(): + mandatory_error = f'must be specified for "{policy_hr} {instance} rule {rule}"!' if 'action' not in rule_config: - error_msg = 'Action must be specified for ' + type.replace('_','-') - raise ConfigError(f'{error_msg} {instance}, rule {rule}!') + raise ConfigError(f'Action {mandatory_error}') + + if policy_type == 'access_list': + if 'source' not in rule_config: + raise ConfigError(f'Source {mandatory_error}') + + if int(instance) in range(100, 200) or int(instance) in range(2000, 2700): + if 'destination' not in rule_config: + raise ConfigError(f'Destination {mandatory_error}') + + if policy_type == 'access_list6': + if 'source' not in rule_config: + raise ConfigError(f'Source {mandatory_error}') - if type == 'access_list': - verify_access_list(instance, rule, rule_config) + if policy_type in ['as_path_list', 'community_list', 'extcommunity_list', + 'large_community_list']: + if 'regex' not in rule_config: + raise ConfigError(f'Regex {mandatory_error}') return None -- cgit v1.2.3