Merge pull request vyos#3856 from c-po/verify-vrf

vrf: T6602: verify supplied VRF name on all interface types
jestabro · Jul 24, 2024 · dea5d45 · dea5d45
2 parents 565277a + dd0ebff
commit dea5d45
Show file tree

Hide file tree

Showing 5 changed files with 26 additions and 0 deletions.
diff --git a/smoketest/scripts/cli/base_interfaces_test.py b/smoketest/scripts/cli/base_interfaces_test.py
@@ -303,6 +303,24 @@ def test_move_interface_between_vrf_instances(self):
             self.cli_delete(['vrf', 'name', vrf1_name])
             self.cli_delete(['vrf', 'name', vrf2_name])
 
+        def test_add_to_invalid_vrf(self):
+            if not self._test_vrf:
+                self.skipTest('not supported')
+
+            # move interface into first VRF
+            for interface in self._interfaces:
+                for option in self._options.get(interface, []):
+                    self.cli_set(self._base_path + [interface] + option.split())
+                self.cli_set(self._base_path + [interface, 'vrf', 'invalid'])
+
+            # check validate() - can not use a non-existing VRF
+            with self.assertRaises(ConfigSessionError):
+                self.cli_commit()
+
+            for interface in self._interfaces:
+                self.cli_delete(self._base_path + [interface, 'vrf', 'invalid'])
+                self.cli_set(self._base_path + [interface, 'description', 'test_add_to_invalid_vrf'])
+
         def test_span_mirror(self):
             if not self._mirror_interfaces:
                 self.skipTest('not supported')

diff --git a/src/conf_mode/interfaces_geneve.py b/src/conf_mode/interfaces_geneve.py
@@ -24,6 +24,7 @@
 from vyos.configverify import verify_bridge_delete
 from vyos.configverify import verify_mirror_redirect
 from vyos.configverify import verify_bond_bridge_member
+from vyos.configverify import verify_vrf
 from vyos.ifconfig import GeneveIf
 from vyos.utils.network import interface_exists
 from vyos import ConfigError
@@ -59,6 +60,7 @@ def verify(geneve):
 
     verify_mtu_ipv6(geneve)
     verify_address(geneve)
+    verify_vrf(geneve)
     verify_bond_bridge_member(geneve)
     verify_mirror_redirect(geneve)
 

diff --git a/src/conf_mode/interfaces_l2tpv3.py b/src/conf_mode/interfaces_l2tpv3.py
@@ -24,6 +24,7 @@
 from vyos.configverify import verify_mtu_ipv6
 from vyos.configverify import verify_mirror_redirect
 from vyos.configverify import verify_bond_bridge_member
+from vyos.configverify import verify_vrf
 from vyos.ifconfig import L2TPv3If
 from vyos.utils.kernel import check_kmod
 from vyos.utils.network import is_addr_assigned
@@ -76,6 +77,7 @@ def verify(l2tpv3):
 
     verify_mtu_ipv6(l2tpv3)
     verify_address(l2tpv3)
+    verify_vrf(l2tpv3)
     verify_bond_bridge_member(l2tpv3)
     verify_mirror_redirect(l2tpv3)
     return None

diff --git a/src/conf_mode/interfaces_vti.py b/src/conf_mode/interfaces_vti.py
@@ -19,6 +19,7 @@
 from vyos.config import Config
 from vyos.configdict import get_interface_dict
 from vyos.configverify import verify_mirror_redirect
+from vyos.configverify import verify_vrf
 from vyos.ifconfig import VTIIf
 from vyos import ConfigError
 from vyos import airbag
@@ -38,6 +39,7 @@ def get_config(config=None):
     return vti
 
 def verify(vti):
+    verify_vrf(vti)
     verify_mirror_redirect(vti)
     return None
 

diff --git a/src/conf_mode/interfaces_vxlan.py b/src/conf_mode/interfaces_vxlan.py
@@ -28,6 +28,7 @@
 from vyos.configverify import verify_mirror_redirect
 from vyos.configverify import verify_source_interface
 from vyos.configverify import verify_bond_bridge_member
+from vyos.configverify import verify_vrf
 from vyos.ifconfig import Interface
 from vyos.ifconfig import VXLANIf
 from vyos.template import is_ipv6
@@ -216,6 +217,7 @@ def verify(vxlan):
 
     verify_mtu_ipv6(vxlan)
     verify_address(vxlan)
+    verify_vrf(vxlan)
     verify_bond_bridge_member(vxlan)
     verify_mirror_redirect(vxlan)