From f89b309f3fe4f056657e7e2a6690c54ecfd3ef6f Mon Sep 17 00:00:00 2001
From: checktheroads <matt@allroads.io>
Date: Sun, 22 Mar 2020 17:46:08 -0700
Subject: [PATCH] add force_cidr option for vrfs

---
 docs/docs/devices.mdx                   | 9 +++++----
 hyperglass/api/models/validators.py     | 8 ++++----
 hyperglass/configuration/models/vrfs.py | 2 ++
 3 files changed, 11 insertions(+), 8 deletions(-)

diff --git a/docs/docs/devices.mdx b/docs/docs/devices.mdx
index 6000db7..9b565dd 100644
--- a/docs/docs/devices.mdx
+++ b/docs/docs/devices.mdx
@@ -89,10 +89,11 @@ May be set to `null` to disable IPv4 for this VRF, on the parent device.
 
 May be set to `null` to disable IPv6 for this VRF, on the parent device.
 
-| Parameter             |  Type  | Description                                                           |
-| :-------------------- | :----: | :-------------------------------------------------------------------- |
-| <R/> `source_address` | String | Device's source IPv6 address for directed queries (ping, traceroute). |
-| `access_list`         |        | <Link to="#access_list">IPv6 Access List Configuration</Link>         |
+| Parameter             |  Type   | Default | Description                                                                                                                     |
+| :-------------------- | :-----: | :------ | :------------------------------------------------------------------------------------------------------------------------------ |
+| <R/> `source_address` | String  |         | Device's source IPv6 address for directed queries (ping, traceroute).                                                           |
+| `force_cidr`          | Boolean | `false` | Convert host queries to the highest allowed prefix-length (defined in the <Link to="#access-list"><Code>le</Code></Link> field) |
+| `access_list`         |         |         | <Link to="#access_list">IPv6 Access List Configuration</Link>                                                                   |
 
 #### `access_list`
 
diff --git a/hyperglass/api/models/validators.py b/hyperglass/api/models/validators.py
index 52f5d19..9a170ce 100644
--- a/hyperglass/api/models/validators.py
+++ b/hyperglass/api/models/validators.py
@@ -2,7 +2,6 @@
 
 # Standard Library
 import re
-import operator
 from ipaddress import ip_network
 
 # Project
@@ -97,9 +96,9 @@ def validate_ip(value, query_type, query_vrf):  # noqa: C901
             device_name=f"VRF {query_vrf.display_name}",
         )
 
-    vrf_acl = operator.attrgetter(f"ipv{ip_version}.access_list")(query_vrf)
+    vrf_afi = getattr(query_vrf, f"ipv{ip_version}")
 
-    for ace in [a for a in vrf_acl if a.network.version == ip_version]:
+    for ace in [a for a in vrf_afi.access_list if a.network.version == ip_version]:
         if _member_of(valid_ip, ace.network):
             if query_type == "bgp_route" and _prefix_range(valid_ip, ace.ge, ace.le):
                 pass
@@ -129,7 +128,7 @@ def validate_ip(value, query_type, query_vrf):  # noqa: C901
 
             valid_ip = new_ip
 
-        elif query_type in ("bgp_route",):
+        elif query_type in ("bgp_route",) and vrf_afi.force_cidr:
             max_le = max(
                 ace.le
                 for ace in query_vrf[ip_version].access_list
@@ -145,6 +144,7 @@ def validate_ip(value, query_type, query_vrf):  # noqa: C901
             )
 
             valid_ip = new_ip
+
     log.debug("Validation passed for {ip}", ip=value)
     return valid_ip
 
diff --git a/hyperglass/configuration/models/vrfs.py b/hyperglass/configuration/models/vrfs.py
index 431b836..bef2c9d 100644
--- a/hyperglass/configuration/models/vrfs.py
+++ b/hyperglass/configuration/models/vrfs.py
@@ -179,6 +179,7 @@ class DeviceVrf4(HyperglassModelExtra):
 
     source_address: IPv4Address
     access_list: List[AccessList4] = [AccessList4()]
+    force_cidr: StrictBool = False
 
 
 class DeviceVrf6(HyperglassModelExtra):
@@ -186,6 +187,7 @@ class DeviceVrf6(HyperglassModelExtra):
 
     source_address: IPv6Address
     access_list: List[AccessList6] = [AccessList6()]
+    force_cidr: StrictBool = False
 
 
 class Vrf(HyperglassModel):