-
Notifications
You must be signed in to change notification settings - Fork 1
/
checker.py
77 lines (60 loc) · 2.43 KB
/
checker.py
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
""" Script for checking DN42 peers before adding them to production """
import os
import sys
import yaml
import validators
import requests
KNOWN_ROUTER_FILES = ["de1.yml", "se1.yml", "uk1.yml"]
# Check if an ASN exists
def asn_exists(asn):
r = requests.get(f"https://explorer.burble.com/api/registry/aut-num/AS{asn}", timeout=10)
return r.status_code == 200
# Validates used keys of a peer config
def validate_peer_config(config):
if not "name" in config or not config["name"]:
raise Exception("Missing name")
if not config["name"].startswith("dn42_"):
raise Exception("Invalid name")
if not config["name"].startswith("dn42_"):
raise Exception("Invalid name")
try:
if not "remote" in config or not config["remote"]:
raise Exception("Missing remote")
except:
1
try:
remote = config["remote"].partition(":")[0]
if not validators.domain(remote) or validators.ipv4(remote) or validators.ipv6(remote):
raise Exception("Invalid remote")
except:
1
if not "local_v6" in config and not "local_v4" in config:
raise Exception("Missing one of local_v4, local_v6")
if "local_v6" in config and not validators.ipv6(config["local_v6"]):
raise Exception("Invalid local_v6")
if "local_v4" in config and not validators.ipv4(config["local_v4"]):
raise Exception("Invalid local_v4")
if not "peer_v6" in config and not "peer_v4" in config:
raise Exception("Missing peer_v4 or peer_v6")
if "peer_v6" in config and not validators.ipv6(config["peer_v6"]):
raise Exception("Invalid peer_v6")
if "peer_v4" in config and not validators.ipv4(config["peer_v4"]):
raise Exception("Invalid peer_v4")
if "asn" in config and not asn_exists(config["asn"]):
raise Exception("Invalid asn")
if __name__ == "__main__":
for file in os.listdir("conf"):
if file not in KNOWN_ROUTER_FILES:
print(f"Unknown file '{file}', skipping")
continue
print(file)
with open(f"conf/router/{file}", 'r', encoding="utf-8") as config:
peers = yaml.safe_load(config)
for peer in peers["wg_peers"]:
try:
validate_peer_config(peer)
except Exception as e:
print("Peer config validation:", e)
sys.exit(1)
print("Valid configuration")
sys.exit(0)