T6351: CGNAT add verification if the pool exists

Add verification if the external/internal pools are exists before we can use them in the source and translation rules
vyos · May 16, 2024 · c4cee2b · c4cee2b
1 parent 2a07aae
commit c4cee2b
Showing 1 changed file with 13 additions and 0 deletions.
diff --git a/src/conf_mode/nat_cgnat.py b/src/conf_mode/nat_cgnat.py
@@ -203,6 +203,11 @@ def verify(config):
                     f'Range for "{pool} pool {pool_name}" must be defined!'
                 )
 
+    external_pools_query = "keys(pool.external)"
+    external_pools: list = jmespath.search(external_pools_query, config)
+    internal_pools_query = "keys(pool.internal)"
+    internal_pools: list = jmespath.search(internal_pools_query, config)
+
     for rule, rule_config in config['rule'].items():
         if 'source' not in rule_config:
             raise ConfigError(f'Rule "{rule}" source pool must be defined!')
@@ -212,6 +217,14 @@ def verify(config):
         if 'translation' not in rule_config:
             raise ConfigError(f'Rule "{rule}" translation pool must be defined!')
 
+        internal_pool = rule_config['source']['pool']
+        if internal_pool not in internal_pools:
+            raise ConfigError(f'Internal pool "{internal_pool}" does not exist!')
+
+        external_pool = rule_config['translation']['pool']
+        if external_pool not in external_pools:
+            raise ConfigError(f'External pool "{external_pool}" does not exist!')
+
 
 def generate(config):
     if not config: