Merge pull request #2750 from c-po/configdict-T5894

configdict: T5894: add get_config_dict() flag with_pki
vyos · Jan 4, 2024 · ada6b10 · ada6b10
2 parents c08fea7 + b152b52
commit ada6b10
Show file tree

Hide file tree

Showing 21 changed files with 78 additions and 86 deletions.
diff --git a/interface-definitions/include/accel-ppp/client-ip-pool.xml.i b/interface-definitions/include/accel-ppp/client-ip-pool.xml.i
@@ -7,7 +7,7 @@
       <description>Name of IP pool</description>
     </valueHelp>
     <constraint>
-      <regex>[-_a-zA-Z0-9.]+</regex>
+      #include <include/constraint/alpha-numeric-hyphen-underscore-dot.xml.i>
     </constraint>
   </properties>
   <children>
@@ -37,7 +37,7 @@
           <description>Name of IP pool</description>
         </valueHelp>
         <constraint>
-          <regex>[-_a-zA-Z0-9.]+</regex>
+          #include <include/constraint/alpha-numeric-hyphen-underscore-dot.xml.i>
         </constraint>
       </properties>
     </leafNode>

diff --git a/interface-definitions/include/accel-ppp/default-pool.xml.i b/interface-definitions/include/accel-ppp/default-pool.xml.i
@@ -7,7 +7,7 @@
       <description>Default IP pool</description>
     </valueHelp>
     <constraint>
-      <regex>[-_a-zA-Z0-9.]+</regex>
+      #include <include/constraint/alpha-numeric-hyphen-underscore-dot.xml.i>
     </constraint>
   </properties>
 </leafNode>

diff --git a/interface-definitions/include/bgp/afi-route-map-export-import.xml.i b/interface-definitions/include/bgp/afi-route-map-export-import.xml.i
@@ -10,7 +10,7 @@
       <description>Route map name</description>
     </valueHelp>
     <constraint>
-      <regex>[-_a-zA-Z0-9.]+</regex>
+      #include <include/constraint/alpha-numeric-hyphen-underscore-dot.xml.i>
     </constraint>
     <constraintErrorMessage>Name of route-map can only contain alpha-numeric letters, hyphen and underscores</constraintErrorMessage>
   </properties>
@@ -26,7 +26,7 @@
       <description>Route map name</description>
     </valueHelp>
     <constraint>
-      <regex>[-_a-zA-Z0-9.]+</regex>
+      #include <include/constraint/alpha-numeric-hyphen-underscore-dot.xml.i>
     </constraint>
     <constraintErrorMessage>Name of route-map can only contain alpha-numeric letters, hyphen and underscores</constraintErrorMessage>
   </properties>

diff --git a/interface-definitions/include/bgp/neighbor-afi-ipv4-ipv6-common.xml.i b/interface-definitions/include/bgp/neighbor-afi-ipv4-ipv6-common.xml.i
@@ -28,7 +28,7 @@
           <description>Route map name</description>
         </valueHelp>
         <constraint>
-          <regex>[-_a-zA-Z0-9.]+</regex>
+          #include <include/constraint/alpha-numeric-hyphen-underscore-dot.xml.i>
         </constraint>
         <constraintErrorMessage>Name of route-map can only contain alpha-numeric letters, hyphen and underscores</constraintErrorMessage>
       </properties>
@@ -44,7 +44,7 @@
           <description>Route map name</description>
         </valueHelp>
         <constraint>
-          <regex>[-_a-zA-Z0-9.]+</regex>
+          #include <include/constraint/alpha-numeric-hyphen-underscore-dot.xml.i>
         </constraint>
         <constraintErrorMessage>Name of route-map can only contain alpha-numeric letters, hyphen and underscores</constraintErrorMessage>
       </properties>
@@ -60,7 +60,7 @@
           <description>Route map name</description>
         </valueHelp>
         <constraint>
-          <regex>[-_a-zA-Z0-9.]+</regex>
+          #include <include/constraint/alpha-numeric-hyphen-underscore-dot.xml.i>
         </constraint>
         <constraintErrorMessage>Name of route-map can only contain alpha-numeric letters, hyphen and underscores</constraintErrorMessage>
       </properties>
@@ -185,7 +185,7 @@
       <description>Route map name</description>
     </valueHelp>
     <constraint>
-      <regex>[-_a-zA-Z0-9.]+</regex>
+      #include <include/constraint/alpha-numeric-hyphen-underscore-dot.xml.i>
     </constraint>
     <constraintErrorMessage>Name of route-map can only contain alpha-numeric letters, hyphen and underscores</constraintErrorMessage>
   </properties>

diff --git a/interface-definitions/include/constraint/alpha-numeric-hyphen-underscore-dot.xml.i b/interface-definitions/include/constraint/alpha-numeric-hyphen-underscore-dot.xml.i
@@ -0,0 +1,3 @@
+<!-- include start from constraint/alpha-numeric-hyphen-underscore-dot.xml.i -->
+<regex>[-_a-zA-Z0-9.]+</regex>
+<!-- include end -->
diff --git a/interface-definitions/include/route-map.xml.i b/interface-definitions/include/route-map.xml.i
@@ -10,7 +10,7 @@
       <description>Route map name</description>
     </valueHelp>
     <constraint>
-      <regex>[-_a-zA-Z0-9.]+</regex>
+      #include <include/constraint/alpha-numeric-hyphen-underscore-dot.xml.i>
     </constraint>
     <constraintErrorMessage>Name of route-map can only contain alpha-numeric letters, hyphen and underscores</constraintErrorMessage>
   </properties>

diff --git a/interface-definitions/pki.xml.in b/interface-definitions/pki.xml.in
@@ -9,6 +9,9 @@
       <tagNode name="ca">
         <properties>
           <help>Certificate Authority</help>
+          <constraint>
+            #include <include/constraint/alpha-numeric-hyphen-underscore-dot.xml.i>
+          </constraint>
         </properties>
         <children>
           <leafNode name="certificate">
@@ -64,6 +67,9 @@
       <tagNode name="certificate">
         <properties>
           <help>Certificate</help>
+          <constraint>
+            #include <include/constraint/alpha-numeric-hyphen-underscore-dot.xml.i>
+          </constraint>
         </properties>
         <children>
           <leafNode name="certificate">
@@ -109,6 +115,9 @@
       <tagNode name="dh">
         <properties>
           <help>Diffie-Hellman parameters</help>
+          <constraint>
+            #include <include/constraint/alpha-numeric-hyphen-underscore-dot.xml.i>
+          </constraint>
         </properties>
         <children>
           <leafNode name="parameters">

diff --git a/interface-definitions/policy.xml.in b/interface-definitions/policy.xml.in
@@ -476,7 +476,7 @@
             <description>Route map name</description>
           </valueHelp>
           <constraint>
-            <regex>[-_a-zA-Z0-9.]+</regex>
+            #include <include/constraint/alpha-numeric-hyphen-underscore-dot.xml.i>
           </constraint>
           <constraintErrorMessage>Name of route-map can only contain alpha-numeric letters, hyphen and underscores</constraintErrorMessage>
         </properties>

diff --git a/interface-definitions/service_dhcp-server.xml.in b/interface-definitions/service_dhcp-server.xml.in
@@ -38,7 +38,7 @@
                 <properties>
                   <help>Peer name used to identify connection</help>
                   <constraint>
-                    <regex>[-_a-zA-Z0-9.]+</regex>
+                    #include <include/constraint/alpha-numeric-hyphen-underscore-dot.xml.i>
                   </constraint>
                   <constraintErrorMessage>Invalid failover peer name. May only contain letters, numbers and .-_</constraintErrorMessage>
                 </properties>
@@ -78,7 +78,7 @@
             <properties>
               <help>Name of DHCP shared network</help>
               <constraint>
-                <regex>[-_a-zA-Z0-9.]+</regex>
+                #include <include/constraint/alpha-numeric-hyphen-underscore-dot.xml.i>
               </constraint>
               <constraintErrorMessage>Invalid shared network name. May only contain letters, numbers and .-_</constraintErrorMessage>
             </properties>
@@ -251,7 +251,7 @@
                     <properties>
                       <help>DHCP lease range</help>
                       <constraint>
-                        <regex>[-_a-zA-Z0-9.]+</regex>
+                        #include <include/constraint/alpha-numeric-hyphen-underscore-dot.xml.i>
                       </constraint>
                       <constraintErrorMessage>Invalid range name, may only be alphanumeric, dot and hyphen</constraintErrorMessage>
                     </properties>

diff --git a/interface-definitions/service_dhcpv6-server.xml.in b/interface-definitions/service_dhcpv6-server.xml.in
@@ -34,7 +34,7 @@
             <properties>
               <help>DHCPv6 shared network name</help>
               <constraint>
-                <regex>[-_a-zA-Z0-9.]+</regex>
+                #include <include/constraint/alpha-numeric-hyphen-underscore-dot.xml.i>
               </constraint>
               <constraintErrorMessage>Invalid DHCPv6 shared network name. May only contain letters, numbers and .-_</constraintErrorMessage>
             </properties>
@@ -185,7 +185,7 @@
                     <properties>
                       <help>NIS domain name for client to use</help>
                       <constraint>
-                        <regex>[-_a-zA-Z0-9.]+</regex>
+                        #include <include/constraint/alpha-numeric-hyphen-underscore-dot.xml.i>
                       </constraint>
                       <constraintErrorMessage>Invalid NIS domain name</constraintErrorMessage>
                     </properties>
@@ -207,7 +207,7 @@
                     <properties>
                       <help>NIS+ domain name for client to use</help>
                       <constraint>
-                        <regex>[-_a-zA-Z0-9.]+</regex>
+                        #include <include/constraint/alpha-numeric-hyphen-underscore-dot.xml.i>
                       </constraint>
                       <constraintErrorMessage>Invalid NIS+ domain name. May only contain letters, numbers and .-_</constraintErrorMessage>
                     </properties>

diff --git a/python/vyos/config.py b/python/vyos/config.py
@@ -29,7 +29,7 @@
 its own set of operations.
 
 *Leaf nodes* (such as "address" in interfaces) can have values, but cannot
-have children. 
+have children.
 Leaf nodes can have one value, multiple values, or no values at all.
 
 For example, "system host-name" is a single-value leaf node,
@@ -258,7 +258,9 @@ def verify_mangling(self, key_mangling):
     def get_config_dict(self, path=[], effective=False, key_mangling=None,
                         get_first_key=False, no_multi_convert=False,
                         no_tag_node_value_mangle=False,
-                        with_defaults=False, with_recursive_defaults=False):
+                        with_defaults=False,
+                        with_recursive_defaults=False,
+                        with_pki=False):
         """
         Args:
             path (str list): Configuration tree path, can be empty
@@ -274,6 +276,7 @@ def get_config_dict(self, path=[], effective=False, key_mangling=None,
         del kwargs['no_multi_convert']
         del kwargs['with_defaults']
         del kwargs['with_recursive_defaults']
+        del kwargs['with_pki']
 
         lpath = self._make_path(path)
         root_dict = self.get_cached_root_dict(effective)
@@ -298,6 +301,13 @@ def get_config_dict(self, path=[], effective=False, key_mangling=None,
         else:
             conf_dict = ConfigDict(conf_dict)
 
+        if with_pki and conf_dict:
+            pki_dict = self.get_config_dict(['pki'], key_mangling=('-', '_'),
+                                            no_tag_node_value_mangle=True,
+                                            get_first_key=True)
+            if pki_dict:
+                conf_dict['pki'] = pki_dict
+
         # save optional args for a call to get_config_defaults
         setattr(conf_dict, '_dict_kwargs', kwargs)
 

diff --git a/python/vyos/configdict.py b/python/vyos/configdict.py
@@ -163,6 +163,9 @@ def node_changed(conf, path, key_mangling=None, recursive=False, expand_nodes=No
         output.extend(list(tmp['delete'].keys()))
     if expand_nodes & Diff.ADD:
         output.extend(list(tmp['add'].keys()))
+
+    # remove duplicate keys from list, this happens when a node (e.g. description) is altered
+    output = list(dict.fromkeys(output))
     return output
 
 def get_removed_vlans(conf, path, dict):
@@ -424,7 +427,7 @@ def get_pppoe_interfaces(conf, vrf=None):
 
     return pppoe_interfaces
 
-def get_interface_dict(config, base, ifname='', recursive_defaults=True):
+def get_interface_dict(config, base, ifname='', recursive_defaults=True, with_pki=False):
     """
     Common utility function to retrieve and mangle the interfaces configuration
     from the CLI input nodes. All interfaces have a common base where value
@@ -456,7 +459,8 @@ def get_interface_dict(config, base, ifname='', recursive_defaults=True):
                                       get_first_key=True,
                                       no_tag_node_value_mangle=True,
                                       with_defaults=True,
-                                      with_recursive_defaults=recursive_defaults)
+                                      with_recursive_defaults=recursive_defaults,
+                                      with_pki=with_pki)
 
         # If interface does not request an IPv4 DHCP address there is no need
         # to keep the dhcp-options key
@@ -620,7 +624,7 @@ def get_vlan_ids(interface):
 
     return vlan_ids
 
-def get_accel_dict(config, base, chap_secrets):
+def get_accel_dict(config, base, chap_secrets, with_pki=False):
     """
     Common utility function to retrieve and mangle the Accel-PPP configuration
     from different CLI input nodes. All Accel-PPP services have a common base
@@ -635,7 +639,8 @@ def get_accel_dict(config, base, chap_secrets):
     dict = config.get_config_dict(base, key_mangling=('-', '_'),
                                   get_first_key=True,
                                   no_tag_node_value_mangle=True,
-                                  with_recursive_defaults=True)
+                                  with_recursive_defaults=True,
+                                  with_pki=with_pki)
 
     # set CPUs cores to process requests
     dict.update({'thread_count' : get_half_cpus()})

diff --git a/smoketest/scripts/cli/test_service_https.py b/smoketest/scripts/cli/test_service_https.py
@@ -395,8 +395,7 @@ def test_api_reset(self):
 
     @ignore_warning(InsecureRequestWarning)
     def test_api_config_file_load_http(self):
-        """Test load config from HTTP URL
-        """
+        # Test load config from HTTP URL
         address = '127.0.0.1'
         key = 'VyOS-key'
         url = f'https://{address}/config-file'

diff --git a/src/conf_mode/interfaces_ethernet.py b/src/conf_mode/interfaces_ethernet.py
@@ -1,6 +1,6 @@
 #!/usr/bin/env python3
 #
-# Copyright (C) 2019-2021 VyOS maintainers and contributors
+# Copyright (C) 2019-2024 VyOS maintainers and contributors
 #
 # This program is free software; you can redistribute it and/or modify
 # it under the terms of the GNU General Public License version 2 or later as
@@ -150,19 +150,12 @@ def get_config(config=None):
     else:
         conf = Config()
 
-    # This must be called prior to get_interface_dict(), as this function will
-    # alter the config level (config.set_level())
-    pki = conf.get_config_dict(['pki'], key_mangling=('-', '_'),
-                               get_first_key=True, no_tag_node_value_mangle=True)
-
     base = ['interfaces', 'ethernet']
-    ifname, ethernet = get_interface_dict(conf, base)
+    ifname, ethernet = get_interface_dict(conf, base, with_pki=True)
+
     if 'is_bond_member' in ethernet:
         update_bond_options(conf, ethernet)
 
-    if 'deleted' not in ethernet:
-       if pki: ethernet['pki'] = pki
-
     tmp = is_node_changed(conf, base + [ifname, 'speed'])
     if tmp: ethernet.update({'speed_duplex_changed': {}})
 
@@ -171,8 +164,6 @@ def get_config(config=None):
 
     return ethernet
 
-
-
 def verify_speed_duplex(ethernet: dict, ethtool: Ethtool):
     """
      Verify speed and duplex

diff --git a/src/conf_mode/interfaces_openvpn.py b/src/conf_mode/interfaces_openvpn.py
@@ -1,6 +1,6 @@
 #!/usr/bin/env python3
 #
-# Copyright (C) 2019-2023 VyOS maintainers and contributors
+# Copyright (C) 2019-2024 VyOS maintainers and contributors
 #
 # This program is free software; you can redistribute it and/or modify
 # it under the terms of the GNU General Public License version 2 or later as
@@ -89,16 +89,12 @@ def get_config(config=None):
         conf = Config()
     base = ['interfaces', 'openvpn']
 
-    ifname, openvpn = get_interface_dict(conf, base)
+    ifname, openvpn = get_interface_dict(conf, base, with_pki=True)
     openvpn['auth_user_pass_file'] = '/run/openvpn/{ifname}.pw'.format(**openvpn)
 
     if 'deleted' in openvpn:
         return openvpn
 
-    openvpn['pki'] = conf.get_config_dict(['pki'], key_mangling=('-', '_'),
-                                        get_first_key=True,
-                                        no_tag_node_value_mangle=True)
-
     if is_node_changed(conf, base + [ifname, 'openvpn-option']):
         openvpn.update({'restart_required': {}})
     if is_node_changed(conf, base + [ifname, 'enable-dco']):
@@ -167,9 +163,10 @@ def verify_pki(openvpn):
             raise ConfigError(f'Invalid shared-secret on openvpn interface {interface}')
 
         # If PSK settings are correct, warn about its deprecation
-        DeprecationWarning("OpenVPN shared-secret support will be removed in future VyOS versions.\n\
-        Please migrate your site-to-site tunnels to TLS.\n\
-        You can use self-signed certificates with peer fingerprint verification, consult the documentation for details.")
+        DeprecationWarning('OpenVPN shared-secret support will be removed in future '\
+                           'VyOS versions. Please migrate your site-to-site tunnels to '\
+                           'TLS. You can use self-signed certificates with peer fingerprint '\
+                           'verification, consult the documentation for details.')
 
     if tls:
         if (mode in ['server', 'client']) and ('ca_certificate' not in tls):
@@ -729,4 +726,3 @@ def apply(openvpn):
     except ConfigError as e:
         print(e)
         exit(1)
-
diff --git a/src/conf_mode/interfaces_sstpc.py b/src/conf_mode/interfaces_sstpc.py
@@ -45,7 +45,7 @@ def get_config(config=None):
     else:
         conf = Config()
     base = ['interfaces', 'sstpc']
-    ifname, sstpc = get_interface_dict(conf, base)
+    ifname, sstpc = get_interface_dict(conf, base, with_pki=True)
 
     # We should only terminate the SSTP client session if critical parameters
     # change. All parameters that can be changed on-the-fly (like interface
@@ -57,10 +57,6 @@ def get_config(config=None):
             # bail out early - no need to further process other nodes
             break
 
-    # Load PKI certificates for later processing
-    sstpc['pki'] = conf.get_config_dict(['pki'], key_mangling=('-', '_'),
-                                        get_first_key=True,
-                                        no_tag_node_value_mangle=True)
     return sstpc
 
 def verify(sstpc):