ipoe_server: T6872: Add the ability to configure LUA scripts and username

data/templates/accel-ppp/ipoe.config.j2

@@ -38,6 +38,9 @@ level={{ log.level }}
 
 [ipoe]
 verbose=1
+{% if lua_file is vyos_defined %}
+lua-file={{ lua_file }}
+{% endif %}
 {% if interface is vyos_defined %}
 {%     for iface, iface_config in interface.items() %}
 {%         set tmp = 'interface=' %}
@@ -55,7 +58,8 @@ verbose=1
 {%         set range = 'range=' ~ iface_config.client_subnet ~ ',' if iface_config.client_subnet is vyos_defined else '' %}
 {%         set relay = ',' ~ 'relay=' ~ iface_config.external_dhcp.dhcp_relay  if iface_config.external_dhcp.dhcp_relay is vyos_defined else '' %}
 {%         set giaddr = ',' ~ 'giaddr=' ~ iface_config.external_dhcp.giaddr if iface_config.external_dhcp.giaddr is vyos_defined else '' %}
-{{ tmp }},{{ shared }}mode={{ iface_config.mode | upper }},ifcfg=1,{{ range }}start=dhcpv4,ipv6=1{{ relay }}{{ giaddr }}
+{%         set username = ',' ~ 'username=lua:' ~ iface_config.lua_username if iface_config.lua_username is vyos_defined else '' %}
+{{ tmp }},{{ shared }}mode={{ iface_config.mode | upper }},ifcfg=1,{{ range }}start=dhcpv4,ipv6=1{{ relay }}{{ giaddr }}{{ username }}
 {%         if iface_config.vlan_mon is vyos_defined %}
 vlan-mon={{ iface }},{{ iface_config.vlan | join(',') }}
 {%         endif %}

interface-definitions/service_ipoe-server.xml.in

@@ -174,10 +174,34 @@
                   </leafNode>
                 </children>
               </node>
+              <leafNode name="lua-username">
+                <properties>
+                  <help>Username function</help>
+                  <valueHelp>
+                    <format>txt</format>
+                    <description>Name of the function in the Lua file to construct usernames with</description>
+                  </valueHelp>
+                  <constraint>
+                      #include <include/constraint/alpha-numeric-hyphen-underscore.xml.i>
+                  </constraint>
+                </properties>
+              </leafNode>
               #include <include/accel-ppp/vlan.xml.i>
               #include <include/accel-ppp/vlan-mon.xml.i>
             </children>
           </tagNode>
+          <leafNode name="lua-file">
+            <properties>
+              <help>Lua script file for constructing user names</help>
+              <valueHelp>
+                <format>filename</format>
+                <description>File with Lua script in /config/scripts directory</description>
+              </valueHelp>
+              <constraint>
+                <validator name="file-path" argument="--strict --parent-dir /config/scripts"/>
+              </constraint>
+            </properties>
+          </leafNode>
           #include <include/accel-ppp/client-ip-pool.xml.i>
           #include <include/accel-ppp/client-ipv6-pool.xml.i>
           #include <include/accel-ppp/default-pool.xml.i>

src/conf_mode/service_ipoe-server.py

@@ -31,6 +31,7 @@
 from vyos.accel_ppp_util import verify_accel_ppp_authentication
 from vyos import ConfigError
 from vyos import airbag
+
 airbag.enable()
 
 
@@ -52,7 +53,9 @@ def get_config(config=None):
 
     if dict_search('client_ip_pool', ipoe):
         # Multiple named pools require ordered values T5099
-        ipoe['ordered_named_pools'] = get_pools_in_order(dict_search('client_ip_pool', ipoe))
+        ipoe['ordered_named_pools'] = get_pools_in_order(
+            dict_search('client_ip_pool', ipoe)
+        )
 
     ipoe['server_type'] = 'ipoe'
     return ipoe
@@ -68,11 +71,23 @@ def verify(ipoe):
     for interface, iface_config in ipoe['interface'].items():
         verify_interface_exists(ipoe, interface, warning_only=True)
         if 'client_subnet' in iface_config and 'vlan' in iface_config:
-            raise ConfigError('Option "client-subnet" and "vlan" are mutually exclusive, '
-                              'use "client-ip-pool" instead!')
-        if 'vlan_mon' in iface_config and not 'vlan' in iface_config:
+            raise ConfigError(
+                'Options "client-subnet" and "vlan" are mutually exclusive, '
+                'use "client-ip-pool" instead!'
+            )
+        if 'vlan_mon' in iface_config and 'vlan' not in iface_config:
             raise ConfigError('Option "vlan-mon" requires "vlan" to be set!')
 
+        if 'lua_username' in iface_config:
+            if 'lua_file' not in ipoe:
+                raise ConfigError(
+                    'Option "lua-username" requires "lua-file" to be set!'
+                )
+            if dict_search('authentication.mode', ipoe) != 'radius':
+                raise ConfigError(
+                    'Can configure username with Lua script only for RADIUS authentication'
+                )
+
     verify_accel_ppp_authentication(ipoe, local_users=False)
     verify_accel_ppp_ip_pool(ipoe)
     verify_accel_ppp_name_servers(ipoe)
@@ -88,22 +103,26 @@ def generate(ipoe):
     render(ipoe_conf, 'accel-ppp/ipoe.config.j2', ipoe)
 
     if dict_search('authentication.mode', ipoe) == 'local':
-        render(ipoe_chap_secrets, 'accel-ppp/chap-secrets.ipoe.j2',
-               ipoe, permission=0o640)
+        render(
+            ipoe_chap_secrets, 'accel-ppp/chap-secrets.ipoe.j2', ipoe, permission=0o640
+        )
     return None
 
 
 def apply(ipoe):
     systemd_service = '[email protected]'
-    if ipoe == None:
+    if ipoe is None:
         call(f'systemctl stop {systemd_service}')
         for file in [ipoe_conf, ipoe_chap_secrets]:
             if os.path.exists(file):
                 os.unlink(file)
 
         return None
 
-    call(f'systemctl reload-or-restart {systemd_service}')
+    # Accel-pppd does not do soft-reload correctly.
+    # Most of the changes require restarting the service
+    call(f'systemctl restart {systemd_service}')
+
 
 if __name__ == '__main__':
     try: