Fix(eos_cli_config_gen): Fixing the wrong CLI generated for radius-se…

…rver dynamic-authorizaton (#4224) Co-authored-by: Guillaume Mulocher <[email protected]>
aristanetworks · Jul 22, 2024 · 1b64d2e · 1b64d2e
1 parent 2050930
commit 1b64d2e
Show file tree

Hide file tree

Showing 4 changed files with 18 additions and 21 deletions.
diff --git a/...s/arista/avd/molecule/eos_cli_config_gen/documentation/devices/radius-server.md b/...s/arista/avd/molecule/eos_cli_config_gen/documentation/devices/radius-server.md
@@ -43,7 +43,9 @@ interface Management1
 
 - Global RADIUS TLS SSL profile is GLOBAL_RADIUS_SSL_PROFILE
 
-- Dynamic Authorization is enabled on port 1700 with SSL profile SSL_PROFILE
+- Dynamic Authorization is enabled on port 1700
+
+- Dynamic Authorization for TLS connections uses SSL profile SSL_PROFILE
 
 #### RADIUS Server Hosts
 
@@ -63,8 +65,9 @@ interface Management1
 ```eos
 !
 radius-server attribute 32 include-in-access-req hostname
+radius-server dynamic-authorization port 1700
 radius-server tls ssl-profile GLOBAL_RADIUS_SSL_PROFILE
-radius-server dynamic-authorization port 1700 tls ssl-profile SSL_PROFILE
+radius-server dynamic-authorization tls ssl-profile SSL_PROFILE
 radius-server host 10.10.11.157 vrf mgt timeout 1 retransmit 1 key 7 <removed>
 radius-server host 10.10.11.159 vrf mgt retransmit 1 key 7 <removed>
 radius-server host 10.10.11.160 vrf mgt timeout 1 key 7 <removed>

diff --git a/...ble_collections/arista/avd/molecule/eos_cli_config_gen/intended/configs/radius-server.cfg b/...ble_collections/arista/avd/molecule/eos_cli_config_gen/intended/configs/radius-server.cfg
@@ -5,8 +5,9 @@ transceiver qsfp default-mode 4x10G
 hostname radius-server
 !
 radius-server attribute 32 include-in-access-req hostname
+radius-server dynamic-authorization port 1700
 radius-server tls ssl-profile GLOBAL_RADIUS_SSL_PROFILE
-radius-server dynamic-authorization port 1700 tls ssl-profile SSL_PROFILE
+radius-server dynamic-authorization tls ssl-profile SSL_PROFILE
 radius-server host 10.10.11.157 vrf mgt timeout 1 retransmit 1 key 7 071B245F5A
 radius-server host 10.10.11.159 vrf mgt retransmit 1 key 7 071B245F5A
 radius-server host 10.10.11.160 vrf mgt timeout 1 key 7 071B245F5A

diff --git a/python-avd/pyavd/_eos_cli_config_gen/j2templates/documentation/radius-server.j2 b/python-avd/pyavd/_eos_cli_config_gen/j2templates/documentation/radius-server.j2
@@ -21,16 +21,13 @@
 
 - Global RADIUS TLS SSL profile is {{ radius_server.tls_ssl_profile }}
 {%     endif %}
-{%     if radius_server.dynamic_authorization is arista.avd.defined %}
-{%         set doc_line = "- Dynamic Authorization is enabled" %}
-{%         if radius_server.dynamic_authorization.port is arista.avd.defined %}
-{%             set doc_line = doc_line ~ " on port "~ radius_server.dynamic_authorization.port %}
-{%         endif %}
-{%         if radius_server.dynamic_authorization.tls_ssl_profile is arista.avd.defined %}
-{%             set doc_line = doc_line ~ " with SSL profile " ~ radius_server.dynamic_authorization.tls_ssl_profile %}
-{%         endif %}
+{%     if radius_server.dynamic_authorization.port is arista.avd.defined %}
 
-{{ doc_line }}
+- Dynamic Authorization is enabled on port {{ radius_server.dynamic_authorization.port }}
+{%     endif %}
+{%     if radius_server.dynamic_authorization.tls_ssl_profile is arista.avd.defined %}
+
+- Dynamic Authorization for TLS connections uses SSL profile {{ radius_server.dynamic_authorization.tls_ssl_profile }}
 {%     endif %}
 
 #### RADIUS Server Hosts

diff --git a/python-avd/pyavd/_eos_cli_config_gen/j2templates/eos/radius-server.j2 b/python-avd/pyavd/_eos_cli_config_gen/j2templates/eos/radius-server.j2
@@ -16,18 +16,14 @@
 {%         endif %}
 {{ attribute_32_include_in_access_cli }}
 {%     endif %}
+{%     if radius_server.dynamic_authorization.port is arista.avd.defined %}
+radius-server dynamic-authorization port {{ radius_server.dynamic_authorization.port }}
+{%     endif %}
 {%     if radius_server.tls_ssl_profile is arista.avd.defined %}
 radius-server tls ssl-profile {{ radius_server.tls_ssl_profile }}
 {%     endif %}
-{%     if radius_server.dynamic_authorization is arista.avd.defined %}
-{%         set dynamic_authorization_cli = "radius-server dynamic-authorization" %}
-{%         if radius_server.dynamic_authorization.port is arista.avd.defined %}
-{%             set dynamic_authorization_cli = dynamic_authorization_cli ~ " port " ~ radius_server.dynamic_authorization.port %}
-{%         endif %}
-{%         if radius_server.dynamic_authorization.tls_ssl_profile is arista.avd.defined %}
-{%             set dynamic_authorization_cli = dynamic_authorization_cli ~ " tls ssl-profile " ~ radius_server.dynamic_authorization.tls_ssl_profile %}
-{%         endif %}
-{{ dynamic_authorization_cli }}
+{%     if radius_server.dynamic_authorization.tls_ssl_profile is arista.avd.defined %}
+radius-server dynamic-authorization tls ssl-profile {{ radius_server.dynamic_authorization.tls_ssl_profile }}
 {%     endif %}
 {%     for radius_host in radius_server.hosts | arista.avd.default([]) %}
 {%         set radius_cli = "radius-server host " ~ radius_host.host %}