peers: validate peers query result

dd-ix · Feb 25, 2024 · 0d1ec22 · 0d1ec22
1 parent 37fd51f
commit 0d1ec22
Show file tree

Hide file tree

Showing 4 changed files with 46 additions and 9 deletions.
diff --git a/roles/bird_build/tasks/main.yml b/roles/bird_build/tasks/main.yml
@@ -12,7 +12,7 @@
 
 - name: prepare clients in address families
   include_tasks: family.yml
-  loop: "{{ (ixp_manager_peers.query_result[0])|sort(attribute='asn') }}"
+  loop: "{{ ixp_manager_peers|sort(attribute='asn') }}"
   loop_control:
     loop_var: peer
 

diff --git a/roles/com_peers/tasks/main.yml b/roles/com_peers/tasks/main.yml
@@ -7,3 +7,43 @@
     query: SELECT * FROM __DDIX__peers
   check_mode: false
   register: ixp_manager_peers
+
+- name: check number of result sets
+  ansible.builtin.assert:
+    that:
+      - ixp_manager_peers.query_result|count == 1
+    msg: "unexpected number of result sets ({{ ixp_manager_peers.query_result|count }})"
+
+- name: extract result set
+  ansible.builtin.set_fact:
+    ixp_manager_peers: "{{ ixp_manager_peers.query_result|first }}"
+
+- name: validate peer configs
+  ansible.builtin.assert:
+    that:
+      - peer.asn|type_debug == 'int'
+      - peer.asn > 0 and peer.asn < 64512
+      - peer.maxprefixes|type_debug == 'int'
+      - peer.maxprefixes > 0
+      - peer.custname is match('^[a-zA-Z0-9_. -]+$')
+      - peer.slug is match('^[A-Za-z0-9_.-]+$')
+      - peer.l2address == None or peer.l2address is match('^[0-9a-f]{12}$')
+      - peer.ipv4address|ansible.utils.ipv4('address') == peer.ipv4address
+      - peer.ipv4bgpmd5secret is match('^[a-zA-Z0-9]*$')
+      - peer.ipv4hostname is match('^(((?!-))(xn--|_)?[a-z0-9-]{0,61}[a-z0-9]{1,1}\.)*(xn--)?([a-z0-9][a-z0-9\-]{0,60}|[a-z0-9-]{1,30}\.[a-z]{2,})$')
+      - peer.ipv4peeringmacro == None or peer.ipv4peeringmacro is match('^[A-Z0-9-]+$')
+      - peer.ipv6address|ansible.utils.ipv6('address') == peer.ipv6address
+      - peer.ipv6bgpmd5secret is match('^[a-zA-Z0-9]*$')
+      - peer.ipv6hostname is match('^(((?!-))(xn--|_)?[a-z0-9-]{0,61}[a-z0-9]{1,1}\.)*(xn--)?([a-z0-9][a-z0-9\-]{0,60}|[a-z0-9-]{1,30}\.[a-z]{2,})$')
+      - peer.ipv6peeringmacro == None or peer.ipv6peeringmacro is match('^[A-Z0-9-]+$')
+      - peer.switchport is match('^Ethernet\d{1,2}$')
+      - peer.switchname in ['ixp-cc-sw01', 'ixp-c2-sw01']
+      - peer.vlanid|type_debug == 'int'
+      - peer.vlanid == 600
+    msg: "failed validation for peer AS{{ peer.asn }}"
+    quiet: true
+  loop: "{{ ixp_manager_peers }}"
+  loop_control:
+    loop_var: peer
+    label: "{{ peer.switchname }} {{ peer.switchport }} AS{{ peer.asn }}"
+
diff --git a/roles/sflow_build/tasks/main.yml b/roles/sflow_build/tasks/main.yml
@@ -5,7 +5,7 @@
       mac: "{{ peer.l2address|ansible.utils.hwaddr('linux') }}"
       agent: "{{ peer.switchname }}"
       label: "{{ peer.asn }}"
-  loop: "{{ (ixp_manager_peers.query_result[0])|sort(attribute='asn') }}"
+  loop: "{{ ixp_manager_peers|sort(attribute='asn') }}"
   loop_control:
     loop_var: peer
 

diff --git a/templates/eos/DCS-MACROS.j2 b/templates/eos/DCS-MACROS.j2
@@ -16,7 +16,7 @@
 {%- endmacro -%}
 
 {% macro iface_cfg_ethernet_peer(iface, ifnum) -%}
-{% set peers = ixp_manager_peers.query_result|first|selectattr('switchport', 'equalto', iface)|selectattr('switchname', 'equalto', switch_vars.inventory_hostname_short) %}
+{% set peers = ixp_manager_peers|selectattr('switchport', 'equalto', iface)|selectattr('switchname', 'equalto', switch_vars.inventory_hostname_short) %}
 interface {{ iface }}
 {% set len = peers|count %}
 {% if len == 0 %}
@@ -30,9 +30,6 @@ interface {{ iface }}
    no lldp receive
 {% elif len == 1 %}
 {% set peer = peers|first %}
-{% if peer.vlanid != 600 %}
-{{ undef(hint='ASSERTION: peering iface %s has unexpected vid %d'|format(iface, peer.vlanid)) }}
-{% endif %}
    description IXP AS{{ peer.asn }} {{ peer.slug }}
    switchport access vlan 600
    ip verify source
@@ -86,7 +83,7 @@ interface {{ iface }}
 
 {% macro mac_acl_peer(ifnum) -%}
 {% set iface = "Ethernet%d"|format(ifnum) %}
-{% set peers = ixp_manager_peers.query_result|first|selectattr('switchport', 'equalto', iface)|selectattr('switchname', 'equalto', switch_vars.inventory_hostname_short) %}
+{% set peers = ixp_manager_peers|selectattr('switchport', 'equalto', iface)|selectattr('switchname', 'equalto', switch_vars.inventory_hostname_short) %}
 {% set len = peers|count %}
 {% if len == 1 %}
 {% set peer = peers|first %}
@@ -123,7 +120,7 @@ mac access-list peer-eth{{ ifnum }}
 
 
 {% macro ip_source_binding() -%}
-{% for peer in ixp_manager_peers.query_result|first|selectattr('switchname', 'equalto', switch_vars.inventory_hostname_short)|sort(attribute='l2address') %}
+{% for peer in ixp_manager_peers|selectattr('switchname', 'equalto', switch_vars.inventory_hostname_short)|sort(attribute='l2address') %}
 {% if peer.l2address %}
 ip source binding {{ peer.ipv4address }} {{ peer.l2address|ansible.utils.hwaddr('linux') }} vlan 600 interface {{ peer.switchport }}
 {% endif %}
@@ -133,7 +130,7 @@ ip source binding {{ peer.ipv4address }} {{ peer.l2address|ansible.utils.hwaddr(
 
 
 {% macro mac_address_table() -%}
-{% for peer in ixp_manager_peers.query_result|first|selectattr('switchname', 'equalto', switch_vars.inventory_hostname_short)|sort(attribute='l2address') %}
+{% for peer in ixp_manager_peers|selectattr('switchname', 'equalto', switch_vars.inventory_hostname_short)|sort(attribute='l2address') %}
 {% if peer.l2address %}
 mac address-table static {{ peer.l2address|ansible.utils.hwaddr('cisco') }} vlan 600 interface {{ peer.switchport }}
 {% endif %}