-
Notifications
You must be signed in to change notification settings - Fork 197
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Feat(eos_cli_config_gen): Add support for additional dot1x commands. #4191
base: devel
Are you sure you want to change the base?
Feat(eos_cli_config_gen): Add support for additional dot1x commands. #4191
Conversation
Review docs on Read the Docs To test this pull request: # Create virtual environment for this testing below the current directory
python -m venv test-avd-pr-4191
# Activate the virtual environment
source test-avd-pr-4191/bin/activate
# Install all requirements including PyAVD
pip install "pyavd[ansible] @ git+https://github.com/laxmikantchintakindi/avd.git@additional_dot1x#subdirectory=python-avd" --force
# Install Ansible collection
ansible-galaxy collection install git+https://github.com/laxmikantchintakindi/avd.git#/ansible_collections/arista/avd/,additional_dot1x --force
# Optional: Install AVD examples
cd test-avd-pr-4191
ansible-playbook arista.avd.install_examples |
python-avd/pyavd/_eos_cli_config_gen/schema/schema_fragments/dot1x.schema.yml
Outdated
Show resolved
Hide resolved
python-avd/pyavd/_eos_cli_config_gen/schema/schema_fragments/ethernet_interfaces.schema.yml
Show resolved
Hide resolved
python-avd/pyavd/_eos_cli_config_gen/schema/schema_fragments/ethernet_interfaces.schema.yml
Show resolved
Hide resolved
ansible_collections/arista/avd/roles/eos_cli_config_gen/docs/tables/dot1x.md
Outdated
Show resolved
Hide resolved
ansible_collections/arista/avd/roles/eos_cli_config_gen/docs/tables/ethernet-interfaces.md
Show resolved
Hide resolved
...llections/arista/avd/molecule/eos_cli_config_gen/inventory/host_vars/ethernet-interfaces.yml
Show resolved
Hide resolved
9556189
to
b04741f
Compare
python-avd/pyavd/_eos_cli_config_gen/schema/schema_fragments/ethernet_interfaces.schema.yml
Show resolved
Hide resolved
python-avd/pyavd/_eos_cli_config_gen/schema/schema_fragments/ethernet_interfaces.schema.yml
Outdated
Show resolved
Hide resolved
python-avd/pyavd/_eos_cli_config_gen/schema/schema_fragments/dot1x.schema.yml
Show resolved
Hide resolved
python-avd/pyavd/_eos_cli_config_gen/schema/schema_fragments/dot1x.schema.yml
Show resolved
Hide resolved
python-avd/pyavd/_eos_cli_config_gen/j2templates/eos/ethernet-interfaces.j2
Outdated
Show resolved
Hide resolved
19b4587
to
3ba8917
Compare
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Please check for coverage improvement for ethernet_interfaces.dot1x
in this PR
1a67696
to
a71b650
Compare
15552b7
to
38a4a1e
Compare
e874322
to
af9bdb3
Compare
This pull request has conflicts, please resolve those before we can evaluate the pull request. |
af9bdb3
to
4978972
Compare
Conflicts have been resolved. A maintainer will review the pull request shortly. |
9a8f3b9
to
72aaa8b
Compare
...llections/arista/avd/molecule/eos_cli_config_gen/inventory/host_vars/ethernet-interfaces.yml
Show resolved
Hide resolved
0f31dae
to
bf2e0de
Compare
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
LGTM!
@@ -620,7 +633,6 @@ ethernet_interfaces: | |||
pae: | |||
mode: authenticator | |||
authentication_failure: | |||
action: allow |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
why is this removed?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
The test for this already exists at other place in this file and there was a warning in coverage report for it being always true.
That's why changed it to reduce the warnings in report.
same for the below 2 reauth_period
and tx_period
@@ -630,9 +642,7 @@ ethernet_interfaces: | |||
timeout: | |||
idle_host: 10 | |||
quiet_period: 10 | |||
reauth_period: server |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
why is this removed?
reauth_timeout_ignore: true | ||
tx_period: 10 |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
why is this removed?
{% if ethernet_interface.dot1x.aaa.unresponsive is arista.avd.defined %} | ||
{% set aaa_config = "dot1x aaa unresponsive" %} | ||
{% if ethernet_interface.dot1x.aaa.unresponsive.phone_action is arista.avd.defined or ethernet_interface.dot1x.aaa.unresponsive.action is arista.avd.defined %} | ||
{% set actions = [{'name': 'phone_action', 'config': aaa_config ~ ' phone action'}, {'name': 'action', 'config': aaa_config ~ ' action'}] %} |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
This logic make the rest pretty hard to follow. Can we simplify this somehow?
Maybe you could set a tmp variable with action_settings and parse those below - making everything shorter and more readable below.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Simplified the template.
{% set action_apply_config = action_apply_config ~ " timeout " ~ ethernet_interface.dot1x.aaa.unresponsive[action.name].cached_results_timeout.time_duration ~ " " ~ ethernet_interface.dot1x.aaa.unresponsive[action.name].cached_results_timeout.time_duration_unit %} | ||
{% endif %} | ||
{% endif %} | ||
{% if ethernet_interface.dot1x.aaa.unresponsive[action.name].traffic_allow is arista.avd.defined(true) or |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I think this if
just contributes to cluttering the template. Please look into simplifying the nesting. It is ok if we have to give the traffic allow
part of the string in multiple places.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Fixed.
@@ -99,6 +99,9 @@ dot1x | |||
radius av-pair framed-mtu {{ dot1x.radius_av_pair.framed_mtu }} | |||
{% endif %} | |||
{% endif %} | |||
{% if dot1x.mac_based_auth_radius.delimiter is arista.avd.defined and dot1x.mac_based_auth_radius.mac_string_letter_case is arista.avd.defined %} |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
The CLI is very different than the variable. I think you should change the model to be av_pair_user_name_delimiter
since there could be other options coming later.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
same for case. Maybe find a better variable name there too. av_pair_user_name_case
maybe? (please check wording on EOS)
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I updated the schema as below:
radius_av_pair_username_format:
delimiter:
mac_string_case:
EOS shows below description for lowercase/uppercase setting.
s1-leaf2(config-dot1x)#mac-based-auth radius av-pair user-name delimiter colon ?
lowercase MAC address string in lowercase
uppercase MAC address string in uppercase
11fdc4f
to
96b3505
Compare
python-avd/pyavd/_eos_cli_config_gen/j2templates/eos/ethernet-interfaces.j2
Show resolved
Hide resolved
for more information, see https://pre-commit.ci
fa6d0b6
to
27ba7b8
Compare
Quality Gate passedIssues Measures |
This pull request has conflicts, please resolve those before we can evaluate the pull request. |
Change Summary
Add support for additional dot1x commands.
Related Issue(s)
Fixes #4118
Component(s) name
arista.avd.eos_cli_config_gen
Proposed changes
Need to support the following CLI commands.
Switch-level:
Interface-level:
How to test
Checklist
User Checklist
Repository Checklist