Amendments from reviews

aristanetworks · Jul 26, 2024 · 44abba2 · 44abba2
1 parent 5a62f35
commit 44abba2
Show file tree

Hide file tree

Showing 5 changed files with 44 additions and 18 deletions.
diff --git a/ansible_collections/arista/avd/roles/eos_designs/docs/tables/ospf-settings.md b/ansible_collections/arista/avd/roles/eos_designs/docs/tables/ospf-settings.md
diff --git a/python-avd/pyavd/_eos_designs/schema/eos_designs.jsonschema.json b/python-avd/pyavd/_eos_designs/schema/eos_designs.jsonschema.json
@@ -60764,6 +60764,8 @@
         },
         "message_digest_keys": {
           "type": "array",
+          "minItems": 1,
+          "maxItems": 2,
           "items": {
             "type": "object",
             "properties": {
@@ -60785,10 +60787,14 @@
               },
               "key": {
                 "type": "string",
-                "description": "Key password.\nOnly plaintext passwords are supported here as the password will need to be encrypted for every underlay interface.\nTo protect the password at rest it is recommended to make use of Ansible Vault or similar.\n",
+                "description": "Key password.\nOnly plaintext passwords are supported here as `eos_designs` will encrypt the password for each individual underlay interface.\nTo protect the password at rest it is strongly recommended to make use of Ansible Vault or similar.\n",
                 "title": "Key"
               }
             },
+            "required": [
+              "key",
+              "id"
+            ],
             "additionalProperties": false,
             "patternProperties": {
               "^_.+$": {}
@@ -60797,6 +60803,10 @@
           "title": "Message Digest Keys"
         }
       },
+      "required": [
+        "enabled",
+        "message_digest_keys"
+      ],
       "additionalProperties": false,
       "patternProperties": {
         "^_.+$": {}

diff --git a/python-avd/pyavd/_eos_designs/schema/eos_designs.schema.yml b/python-avd/pyavd/_eos_designs/schema/eos_designs.schema.yml
@@ -4063,9 +4063,14 @@ keys:
     keys:
       enabled:
         type: bool
+        required: true
         default: false
       message_digest_keys:
         type: list
+        required: true
+        primary_key: id
+        min_length: 1
+        max_length: 2
         items:
           type: dict
           keys:
@@ -4084,13 +4089,16 @@ keys:
               default: sha512
             key:
               type: str
+              required: true
+              convert_types:
+              - int
               description: 'Key password.
 
-                Only plaintext passwords are supported here as the password will need
-                to be encrypted for every underlay interface.
+                Only plaintext passwords are supported here as `eos_designs` will
+                encrypt the password for each individual underlay interface.
 
-                To protect the password at rest it is recommended to make use of Ansible
-                Vault or similar.
+                To protect the password at rest it is strongly recommended to make
+                use of Ansible Vault or similar.
 
                 '
   underlay_ospf_bfd_enable:

diff --git a/...on-avd/pyavd/_eos_designs/schema/schema_fragments/underlay_ospf_authentication_schema.yml b/...on-avd/pyavd/_eos_designs/schema/schema_fragments/underlay_ospf_authentication_schema.yml
@@ -13,9 +13,14 @@ keys:
     keys:
       enabled:
         type: bool
+        required: true
         default: false
       message_digest_keys:
         type: list
+        required: true
+        primary_key: id
+        min_length: 1
+        max_length: 2
         items:
           type: dict
           keys:
@@ -34,7 +39,10 @@ keys:
               default: sha512
             key:
               type: str
+              required: true
+              convert_types:
+              - int
               description: |
                 Key password.
-                Only plaintext passwords are supported here as the password will need to be encrypted for every underlay interface.
-                To protect the password at rest it is recommended to make use of Ansible Vault or similar.
+                Only plaintext passwords are supported here as `eos_designs` will encrypt the password for each individual underlay interface.
+                To protect the password at rest it is strongly recommended to make use of Ansible Vault or similar.
diff --git a/python-avd/pyavd/_eos_designs/structured_config/underlay/ethernet_interfaces.py b/python-avd/pyavd/_eos_designs/structured_config/underlay/ethernet_interfaces.py
@@ -114,7 +114,7 @@ def ethernet_interfaces(self: AvdStructuredConfigUnderlay) -> list | None:
                                     "hash_algorithm": ospf_key.get("hash_algorithm", "sha512"),
                                     "key": encrypt(
                                         ospf_key["key"],
-                                        passwd_type="ospf_message_digest",
+                                        passwd_type="ospf_message_digest",  # NOSONAR
                                         key=ethernet_interface["name"],
                                         hash_algorithm=ospf_key.get("hash_algorithm", "sha512"),
                                         key_id=ospf_key["id"],