IP Address validator

Returns True if there is at most one occurence of the ip_interface (an IPv4/IPv6 prefix+len) in the entire config. That said, we need the 'iface_addresses' because VPP is a bit fickle in this regard. IP addresses from the same prefix/len can be added to a given interface (ie 192.0.2.1/24 and 192.0.2.2/24), but other than that, any prefix can not occur as a more-specific or less-specific of any other interface. So, we will allow: - any ip_interface that is of equal network/len of existing one(s) _on the same interface_ And, we will reject - any ip_interface that is a more specific of any existing one - any ip_interface that is a less specific of any existing one Update unit tests to ensure ip_interfaces are allowed in all cases.
2022-03-13 23:45:40 +00:00
parent 3f2b80172c
commit bb57ed8e52
9 changed files with 244 additions and 3 deletions
--- a/validator/interface.py
+++ b/validator/interface.py
@ -14,6 +14,7 @@
 import logging
 import validator.bondethernet as bondethernet
 import validator.lcp as lcp
+import validator.address as address

 class NullHandler(logging.Handler):
    def emit(self, record):
@ -283,6 +284,12 @@ def validate_interfaces(yaml):
            msgs.append("interface %s does not have a unique LCP name %s" % (ifname, iface_lcp))
            result = False

+        if 'addresses' in iface:
+            for a in iface['addresses']:
+                if not address.is_allowed(yaml, ifname, iface['addresses'], a):
+                    msgs.append("interface %s IP address %s is not allowed" % (ifname, a))
+                    result = False
+
        if has_sub(yaml, ifname):
            for sub_id, sub_iface in yaml['interfaces'][ifname]['sub-interfaces'].items():
                logger.debug("sub-interface %s" % sub_iface)
@ -312,6 +319,10 @@ def validate_interfaces(yaml):
                    if not iface_lcp:
                        msgs.append("sub-interface %s has an address but %s does not have LCP" % (sub_ifname, ifname))
                        result = False
+                    for a in sub_iface['addresses']:
+                        if not address.is_allowed(yaml, sub_ifname, sub_iface['addresses'], a):
+                            msgs.append("sub-interface %s IP address %s is not allowed" % (sub_ifname, a))
+                            result = False
                if not valid_encapsulation(yaml, sub_ifname):
                    msgs.append("sub-interface %s has invalid encapsulation" % (sub_ifname))
                    result = False