Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Refactor(eos_designs): Refactor eos_designs structured_config code for ip_security(overlay) #5046

Open
wants to merge 6 commits into
base: devel
Choose a base branch
from
Open

Refactor(eos_designs): Refactor eos_designs structured_config code for ip_security(overlay) #5046

wants to merge 6 commits into from
+56 −68

Conversation

MaheshGSLAB
Copy link
Contributor

Change Summary

Refactor eos_designs structured_config code for ip_security(overlay)

Related Issue(s)

Fixes #

Component(s) name

arista.avd.eos_designs

Proposed changes

Refactor eos_designs structured_config code for ip_security(overlay)

How to test

Run Molecule

Checklist

User Checklist

  • N/A

Repository Checklist

  • My code has been rebased from devel before I start
  • I have read the CONTRIBUTING document.
  • My change requires a change to the documentation and documentation have been updated accordingly.
  • I have updated molecule CI testing accordingly. (check the box if not applicable)

@MaheshGSLAB MaheshGSLAB self-assigned this Feb 14, 2025
@github-actions GitHub Actions
Copy link

Review docs on Read the Docs

To test this pull request:

# Create virtual environment for this testing below the current directory
python -m venv test-avd-pr-5046
# Activate the virtual environment
source test-avd-pr-5046/bin/activate
# Install all requirements including PyAVD
pip install "pyavd[ansible] @ git+https://github.com/MaheshGSLAB/ansible-avd.git@ip-sec-refactor#subdirectory=python-avd" --force
# Point Ansible collections path to the Python virtual environment
export ANSIBLE_COLLECTIONS_PATH=$VIRTUAL_ENV/ansible_collections
# Install Ansible collection
ansible-galaxy collection install git+https://github.com/MaheshGSLAB/ansible-avd.git#/ansible_collections/arista/avd/,ip-sec-refactor --force
# Optional: Install AVD examples
cd test-avd-pr-5046
ansible-playbook arista.avd.install_examples

@Vibhu-gslab Vibhu-gslab marked this pull request as ready for review February 14, 2025 11:48
@Vibhu-gslab Vibhu-gslab requested review from a team as code owners February 14, 2025 11:48
@ClausHolbechArista
Copy link
Contributor

Moving to draft to keep track of reviews. Set it ready again once you have addressed comments. Thanks.

@ClausHolbechArista ClausHolbechArista marked this pull request as draft February 19, 2025 09:32
@MaheshGSLAB MaheshGSLAB marked this pull request as ready for review February 21, 2025 13:16
ClausHolbechArista
ClausHolbechArista reviewed Feb 24, 2025
View reviewed changes
python-avd/pyavd/_eos_designs/structured_config/overlay/ip_security.py Outdated
Comment on lines 45 to 47
if self.shared_utils.is_wan_client and self.inputs.wan_ipsec_profiles.data_plane:
self._append_data_plane(self.inputs.wan_ipsec_profiles.data_plane)
self._append_control_plane(self.inputs.wan_ipsec_profiles.control_plane)
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Suggested change
if self.shared_utils.is_wan_client and self.inputs.wan_ipsec_profiles.data_plane:
self._append_data_plane(self.inputs.wan_ipsec_profiles.data_plane)
self._append_control_plane(self.inputs.wan_ipsec_profiles.control_plane)
if self.shared_utils.is_wan_client and self.inputs.wan_ipsec_profiles.data_plane:
self._set_data_plane()
self._set_control_plane()

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

updated the method and doc string for all places

python-avd/pyavd/_eos_designs/structured_config/overlay/ip_security.py Outdated
return strip_null_from_data(ip_security)

def _append_data_plane(self: AvdStructuredConfigOverlayProtocol, ip_security: dict, data_plane_config: dict) -> None:
def _append_data_plane(self: AvdStructuredConfigOverlayProtocol, data_plane_config: EosDesigns.WanIpsecProfiles.DataPlane) -> None:
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Suggested change
def _append_data_plane(self: AvdStructuredConfigOverlayProtocol, data_plane_config: EosDesigns.WanIpsecProfiles.DataPlane) -> None:
def _set_data_plane(self: AvdStructuredConfigOverlayProtocol) -> None:

python-avd/pyavd/_eos_designs/structured_config/overlay/ip_security.py Outdated
return strip_null_from_data(ip_security)

def _append_data_plane(self: AvdStructuredConfigOverlayProtocol, ip_security: dict, data_plane_config: dict) -> None:
def _append_data_plane(self: AvdStructuredConfigOverlayProtocol, data_plane_config: EosDesigns.WanIpsecProfiles.DataPlane) -> None:
"""In place update of ip_security for DataPlane."""
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Suggested change
"""In place update of ip_security for DataPlane."""
"""Set ip_security structured config for DataPlane."""

python-avd/pyavd/_eos_designs/structured_config/overlay/ip_security.py
sa_policy_name = get(data_plane_config, "sa_policy_name", default="DP-SA-POLICY")
profile_name = get(data_plane_config, "profile_name", default="DP-PROFILE")
key = get(data_plane_config, "shared_key", required=True)
ike_policy_name = data_plane_config.ike_policy_name if self.shared_utils.wan_ha_ipsec else None
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Suggested change
ike_policy_name = data_plane_config.ike_policy_name if self.shared_utils.wan_ha_ipsec else None
data_plane_config = self.inputs.wan_ipsec_profiles.data_plane
ike_policy_name = data_plane_config.ike_policy_name if self.shared_utils.wan_ha_ipsec else None

python-avd/pyavd/_eos_designs/structured_config/overlay/ip_security.py Outdated

def _append_control_plane(self: AvdStructuredConfigOverlayProtocol, ip_security: dict, control_plane_config: dict) -> None:
def _append_control_plane(self: AvdStructuredConfigOverlayProtocol, control_plane_config: EosDesigns.WanIpsecProfiles.ControlPlane) -> None:
"""
In place update of ip_security for control plane data.

expected to be called AFTER _append_data_plane as CP is used for data-plane as well if not configured.
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Suggested change
expected to be called AFTER _append_data_plane as CP is used for data-plane as well if not configured.
expected to be called AFTER _set_data_plane as CP is used for data-plane as well if not configured.

python-avd/pyavd/_eos_designs/structured_config/overlay/ip_security.py Outdated
Comment on lines 101 to 102
The expectation is that potential None values are stripped later.

Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Suggested change
The expectation is that potential None values are stripped later.

python-avd/pyavd/_eos_designs/structured_config/overlay/ip_security.py Outdated
dpd=EosCliConfigGen.IpSecurity.ProfilesItem.Dpd(interval=10, time=50, action="clear"),
)

def _key_controller(self: AvdStructuredConfigOverlayProtocol, profile_name: str) -> None:
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Suggested change
def _key_controller(self: AvdStructuredConfigOverlayProtocol, profile_name: str) -> None:
def _set_key_controller(self: AvdStructuredConfigOverlayProtocol, profile_name: str) -> None:

python-avd/pyavd/_eos_designs/structured_config/overlay/ip_security.py Outdated
"""
Return an SA policy.
Set the SA policy.
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Suggested change
Set the SA policy.
Set structured_config for one SA policy.

python-avd/pyavd/_eos_designs/structured_config/overlay/ip_security.py Outdated

# For data plane, adding key_controller by default
ip_security["key_controller"] = self._key_controller(profile_name)
self._key_controller(profile_name)
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Suggested change
self._key_controller(profile_name)
self._set_key_controller(profile_name)

python-avd/pyavd/_eos_designs/structured_config/overlay/ip_security.py Outdated
"name": name,
"local_id": self.shared_utils.vtep_ip,
}
self._key_controller(profile_name)
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Suggested change
self._key_controller(profile_name)
self._set_key_controller(profile_name)

@sonarqubecloud SonarQubeCloud
Copy link

Quality Gate Passed Quality Gate passed

Issues
0 New issues
0 Accepted issues

Measures
0 Security Hotspots
98.0% Coverage on New Code
0.0% Duplication on New Code

See analysis details on SonarQube Cloud

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@Vibhu-gslab Vibhu-gslab Awaiting requested review from Vibhu-gslab

@ClausHolbechArista ClausHolbechArista Awaiting requested review from ClausHolbechArista

Requested changes must be addressed to merge this pull request.

Assignees

@MaheshGSLAB MaheshGSLAB

Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@MaheshGSLAB @ClausHolbechArista @Vibhu-gslab