From c1b10f2b227f441552f729c721cfb2038fdeb58a Mon Sep 17 00:00:00 2001 From: laxmikantchintakindi <159624484+laxmikantchintakindi@users.noreply.github.com> Date: Fri, 15 Nov 2024 20:11:58 +0530 Subject: [PATCH] Feat(eos_cli_config_gen): Add support for additional modes and feature in isis authentication under `port-channel-interfaces` (#4353) --- .../documentation/devices/host1.md | 66 ++++++- .../documentation/devices/router-isis.md | 4 +- .../intended/configs/host1.cfg | 41 +++- .../host1/port-channel-interfaces.yml | 165 +++++++++++++++- .../intended/configs/host1.cfg | 3 + .../host1/port-channel-interfaces.yml | 3 + .../inventory/hosts.yml | 2 +- .../documentation/devices/SITE2-LER1.md | 4 +- .../documentation/devices/SITE2-LSR2.md | 4 +- .../docs/tables/port-channel-interfaces.md | 176 +++++++++++++++++- .../documentation/port-channel-interfaces.j2 | 19 +- .../eos/port-channel-interfaces.j2 | 94 +++++++++- .../schema/eos_cli_config_gen.schema.yml | 15 ++ .../port_channel_interfaces.schema.yml | 13 ++ 14 files changed, 581 insertions(+), 28 deletions(-) diff --git a/ansible_collections/arista/avd/molecule/eos_cli_config_gen/documentation/devices/host1.md b/ansible_collections/arista/avd/molecule/eos_cli_config_gen/documentation/devices/host1.md index 77f2b52eb09..a9979dd5970 100644 --- a/ansible_collections/arista/avd/molecule/eos_cli_config_gen/documentation/devices/host1.md +++ b/ansible_collections/arista/avd/molecule/eos_cli_config_gen/documentation/devices/host1.md @@ -2542,7 +2542,12 @@ interface Dps1 | Ethernet21 | - | - | - | - | - | - | - | Level-1: md5 | | Ethernet22 | - | - | - | - | - | - | - | Level-2: sha | | Ethernet23 | - | - | - | - | - | - | - | Level-2: shared-secret | -| Ethernet81/10 | 110 | *ISIS_TEST | True | *99 | *point-to-point | *level-2 | *True | *text | +| Ethernet74 | 3 | *EVPN_UNDERLAY | - | *- | *- | *- | *- | *sha | +| Ethernet75 | 3 | *EVPN_UNDERLAY | - | *- | *- | *- | *- | *sha | +| Ethernet77 | 8 | *EVPN_UNDERLAY | - | *- | *- | *- | *- | *Level-1: md5<br>Level-2: md5 | +| Ethernet78 | 15 | *- | - | *- | *- | *- | *- | *md5 | +| Ethernet79 | 16 | *EVPN_UNDERLAY | - | *- | *- | *- | *- | *md5 | +| Ethernet81/10 | 110 | *ISIS_TEST | True | *99 | *point-to-point | *level-2 | *True | *- | *Inherited from Port-Channel Interface @@ -3667,9 +3672,21 @@ interface Ethernet81/10 ##### ISIS -| Interface | ISIS Instance | ISIS BFD | ISIS Metric | Mode | ISIS Circuit Type | Hello Padding | Authentication Mode | -| --------- | ------------- | -------- | ----------- | ---- | ----------------- | ------------- | ------------------- | -| Port-Channel110 | ISIS_TEST | True | 99 | point-to-point | level-2 | True | text | +| Interface | ISIS Instance | ISIS BFD | ISIS Metric | Mode | ISIS Circuit Type | Hello Padding | ISIS Authentication Mode | +| --------- | ------------- | -------- | ----------- | ---- | ----------------- | ------------- | ------------------------ | +| Port-Channel3 | EVPN_UNDERLAY | - | - | - | - | - | sha | +| Port-Channel8 | EVPN_UNDERLAY | - | - | - | - | - | Level-1: md5<br>Level-2: md5 | +| Port-Channel9 | - | - | - | - | - | - | Level-2: text | +| Port-Channel10 | EVPN_UNDERLAY | - | - | - | - | - | sha | +| Port-Channel12 | EVPN_UNDERLAY | - | - | - | - | - | Level-1: sha | +| Port-Channel13 | - | - | - | - | - | - | - | +| Port-Channel15 | - | - | - | - | - | - | md5 | +| Port-Channel16 | EVPN_UNDERLAY | - | - | - | - | - | md5 | +| Port-Channel20 | EVPN_UNDERLAY | - | - | - | - | - | Level-1: shared-secret<br>Level-2: shared-secret | +| Port-Channel50 | EVPN_UNDERLAY | - | - | - | - | - | shared-secret | +| Port-Channel51 | EVPN_UNDERLAY | - | - | - | - | - | shared-secret | +| Port-Channel100 | EVPN_UNDERLAY | - | - | - | - | - | Level-1: md5<br>Level-2: text | +| Port-Channel110 | ISIS_TEST | True | 99 | point-to-point | level-2 | True | - | #### Port-Channel Interfaces Device Configuration @@ -3684,6 +3701,9 @@ interface Port-Channel3 switchport no snmp trap link-change shape rate 200000 kbps + isis enable EVPN_UNDERLAY + isis authentication mode sha key-id 2 rx-disabled + isis authentication key 0 <removed> ! interface Port-Channel5 description DC1_L2LEAF1_Po1 @@ -3722,6 +3742,11 @@ interface Port-Channel8 description to Dev02 Port-channel 8 no switchport switchport port-security violation protect + isis enable EVPN_UNDERLAY + isis authentication mode md5 level-1 + isis authentication mode md5 level-2 + isis authentication key 0 <removed> level-1 + isis authentication key 0 <removed> level-2 ! interface Port-Channel8.101 description to Dev02 Port-Channel8.101 - VRF-C1 @@ -3735,6 +3760,8 @@ interface Port-Channel9 bfd echo bfd neighbor 10.1.2.4 bfd per-link rfc-7130 + isis authentication mode text rx-disabled level-2 + isis authentication key 0 <removed> level-2 spanning-tree guard root ! interface Port-Channel10 @@ -3747,6 +3774,9 @@ interface Port-Channel10 identifier 0000:0000:0404:0404:0303 route-target import 04:04:03:03:02:02 shape rate 50 percent + isis enable EVPN_UNDERLAY + isis authentication mode sha key-id 2 + isis authentication key 0 <removed> ! interface Port-Channel12 description interface_in_mode_access_with_voice @@ -3755,6 +3785,8 @@ interface Port-Channel12 switchport phone trunk untagged switchport mode trunk phone switchport + isis enable EVPN_UNDERLAY + isis authentication mode sha key-id 5 level-1 ! interface Port-Channel13 description EVPN-Vxlan single-active redundancy @@ -3767,6 +3799,13 @@ interface Port-Channel13 designated-forwarder election hold-time 10 designated-forwarder election candidate reachability required route-target import 00:00:01:02:03:04 + isis authentication key-id 2 algorithm sha-512 key 0 <removed> + isis authentication key-id 3 algorithm sha-512 rfc-5310 key 0 <removed> + isis authentication key-id 1 algorithm sha-1 key 0 <removed> level-1 + isis authentication key-id 4 algorithm sha-1 rfc-5310 key 0 <removed> level-1 + isis authentication key-id 5 algorithm sha-1 key 0 <removed> level-1 + isis authentication key-id 1 algorithm sha-1 key 0 <removed> level-2 + isis authentication key-id 5 algorithm sha-1 rfc-5310 key 0 <removed> level-2 ! interface Port-Channel14 description EVPN-MPLS multihoming @@ -3784,6 +3823,8 @@ interface Port-Channel15 switchport mode trunk switchport mlag 15 + isis authentication mode md5 rx-disabled + isis authentication key 0 <removed> spanning-tree guard loop link tracking group EVPN_MH_ES2 upstream ! @@ -3799,6 +3840,9 @@ interface Port-Channel16 mlag 16 switchport port-security violation protect log switchport port-security mac-address maximum 100 + isis enable EVPN_UNDERLAY + isis authentication mode md5 + isis authentication key 0 <removed> spanning-tree guard none switchport backup-link Port-Channel100.102 prefer vlan 20 ! @@ -3814,6 +3858,9 @@ interface Port-Channel20 switchport mode access switchport l2-protocol encapsulation dot1q vlan 200 + isis enable EVPN_UNDERLAY + isis authentication mode shared-secret profile profile1 algorithm sha-256 rx-disabled level-1 + isis authentication mode shared-secret profile profile2 algorithm sha-1 rx-disabled level-2 ! interface Port-Channel50 description SRV-POD03_PortChanne1 @@ -3825,6 +3872,8 @@ interface Port-Channel50 identifier 0000:0000:0303:0202:0101 route-target import 03:03:02:02:01:01 lacp system-id 0303.0202.0101 + isis enable EVPN_UNDERLAY + isis authentication mode shared-secret profile profile1 algorithm sha-1 rx-disabled ! interface Port-Channel51 description ipv6_prefix @@ -3838,6 +3887,8 @@ interface Port-Channel51 switchport port-security vlan 2 mac-address maximum 3 switchport port-security vlan 3 mac-address maximum 3 switchport port-security vlan default mac-address maximum 2 + isis enable EVPN_UNDERLAY + isis authentication mode shared-secret profile profile1 algorithm sha-1 ! interface Port-Channel99 description MCAST @@ -3880,6 +3931,11 @@ interface Port-Channel100 switchport pvlan mapping 20-30 switchport port-security switchport port-security mac-address maximum disabled + isis enable EVPN_UNDERLAY + isis authentication mode md5 rx-disabled level-1 + isis authentication mode text rx-disabled level-2 + isis authentication key 0 <removed> level-1 + isis authentication key 0 <removed> level-2 switchport backup-link Port-channel51 switchport backup preemption-delay 35 switchport backup mac-move-burst 20 @@ -3977,8 +4033,6 @@ interface Port-Channel110 isis metric 99 isis hello padding isis network point-to-point - isis authentication mode text - isis authentication key 7 <removed> ! interface Port-Channel111 description Flexencap Port-Channel diff --git a/ansible_collections/arista/avd/molecule/eos_cli_config_gen/documentation/devices/router-isis.md b/ansible_collections/arista/avd/molecule/eos_cli_config_gen/documentation/devices/router-isis.md index b39fd4d3726..1f1f5157045 100644 --- a/ansible_collections/arista/avd/molecule/eos_cli_config_gen/documentation/devices/router-isis.md +++ b/ansible_collections/arista/avd/molecule/eos_cli_config_gen/documentation/devices/router-isis.md @@ -133,8 +133,8 @@ interface Ethernet6 ##### ISIS -| Interface | ISIS Instance | ISIS BFD | ISIS Metric | Mode | ISIS Circuit Type | Hello Padding | Authentication Mode | -| --------- | ------------- | -------- | ----------- | ---- | ----------------- | ------------- | ------------------- | +| Interface | ISIS Instance | ISIS BFD | ISIS Metric | Mode | ISIS Circuit Type | Hello Padding | ISIS Authentication Mode | +| --------- | ------------- | -------- | ----------- | ---- | ----------------- | ------------- | ------------------------ | | Port-Channel4 | EVPN_UNDERLAY | - | 50 | point-to-point | level-2 | - | - | | Port-Channel5 | EVPN_UNDERLAY | - | 50 | passive | - | - | - | | Port-Channel6 | EVPN_UNDERLAY | - | 100 | - | level-1-2 | - | - | diff --git a/ansible_collections/arista/avd/molecule/eos_cli_config_gen/intended/configs/host1.cfg b/ansible_collections/arista/avd/molecule/eos_cli_config_gen/intended/configs/host1.cfg index 3ee63a78e29..3ff39986fad 100644 --- a/ansible_collections/arista/avd/molecule/eos_cli_config_gen/intended/configs/host1.cfg +++ b/ansible_collections/arista/avd/molecule/eos_cli_config_gen/intended/configs/host1.cfg @@ -916,6 +916,9 @@ interface Port-Channel3 switchport no snmp trap link-change shape rate 200000 kbps + isis enable EVPN_UNDERLAY + isis authentication mode sha key-id 2 rx-disabled + isis authentication key 0 password ! interface Port-Channel5 description DC1_L2LEAF1_Po1 @@ -954,6 +957,11 @@ interface Port-Channel8 description to Dev02 Port-channel 8 no switchport switchport port-security violation protect + isis enable EVPN_UNDERLAY + isis authentication mode md5 level-1 + isis authentication mode md5 level-2 + isis authentication key 0 password level-1 + isis authentication key 0 password1 level-2 ! interface Port-Channel8.101 description to Dev02 Port-Channel8.101 - VRF-C1 @@ -967,6 +975,8 @@ interface Port-Channel9 bfd echo bfd neighbor 10.1.2.4 bfd per-link rfc-7130 + isis authentication mode text rx-disabled level-2 + isis authentication key 0 password level-2 spanning-tree guard root ! interface Port-Channel10 @@ -979,6 +989,9 @@ interface Port-Channel10 identifier 0000:0000:0404:0404:0303 route-target import 04:04:03:03:02:02 shape rate 50 percent + isis enable EVPN_UNDERLAY + isis authentication mode sha key-id 2 + isis authentication key 0 password ! interface Port-Channel12 description interface_in_mode_access_with_voice @@ -987,6 +1000,8 @@ interface Port-Channel12 switchport phone trunk untagged switchport mode trunk phone switchport + isis enable EVPN_UNDERLAY + isis authentication mode sha key-id 5 level-1 ! interface Port-Channel13 description EVPN-Vxlan single-active redundancy @@ -999,6 +1014,13 @@ interface Port-Channel13 designated-forwarder election hold-time 10 designated-forwarder election candidate reachability required route-target import 00:00:01:02:03:04 + isis authentication key-id 2 algorithm sha-512 key 0 password + isis authentication key-id 3 algorithm sha-512 rfc-5310 key 0 password1 + isis authentication key-id 1 algorithm sha-1 key 0 password level-1 + isis authentication key-id 4 algorithm sha-1 rfc-5310 key 0 password level-1 + isis authentication key-id 5 algorithm sha-1 key 0 password3 level-1 + isis authentication key-id 1 algorithm sha-1 key 0 password level-2 + isis authentication key-id 5 algorithm sha-1 rfc-5310 key 0 password level-2 ! interface Port-Channel14 description EVPN-MPLS multihoming @@ -1016,6 +1038,8 @@ interface Port-Channel15 switchport mode trunk switchport mlag 15 + isis authentication mode md5 rx-disabled + isis authentication key 0 password spanning-tree guard loop link tracking group EVPN_MH_ES2 upstream ! @@ -1031,6 +1055,9 @@ interface Port-Channel16 mlag 16 switchport port-security violation protect log switchport port-security mac-address maximum 100 + isis enable EVPN_UNDERLAY + isis authentication mode md5 + isis authentication key 0 password spanning-tree guard none switchport backup-link Port-Channel100.102 prefer vlan 20 ! @@ -1046,6 +1073,9 @@ interface Port-Channel20 switchport mode access switchport l2-protocol encapsulation dot1q vlan 200 + isis enable EVPN_UNDERLAY + isis authentication mode shared-secret profile profile1 algorithm sha-256 rx-disabled level-1 + isis authentication mode shared-secret profile profile2 algorithm sha-1 rx-disabled level-2 ! interface Port-Channel50 description SRV-POD03_PortChanne1 @@ -1057,6 +1087,8 @@ interface Port-Channel50 identifier 0000:0000:0303:0202:0101 route-target import 03:03:02:02:01:01 lacp system-id 0303.0202.0101 + isis enable EVPN_UNDERLAY + isis authentication mode shared-secret profile profile1 algorithm sha-1 rx-disabled ! interface Port-Channel51 description ipv6_prefix @@ -1070,6 +1102,8 @@ interface Port-Channel51 switchport port-security vlan 2 mac-address maximum 3 switchport port-security vlan 3 mac-address maximum 3 switchport port-security vlan default mac-address maximum 2 + isis enable EVPN_UNDERLAY + isis authentication mode shared-secret profile profile1 algorithm sha-1 ! interface Port-Channel99 description MCAST @@ -1112,6 +1146,11 @@ interface Port-Channel100 switchport pvlan mapping 20-30 switchport port-security switchport port-security mac-address maximum disabled + isis enable EVPN_UNDERLAY + isis authentication mode md5 rx-disabled level-1 + isis authentication mode text rx-disabled level-2 + isis authentication key 0 password level-1 + isis authentication key 0 password level-2 switchport backup-link Port-channel51 switchport backup preemption-delay 35 switchport backup mac-move-burst 20 @@ -1209,8 +1248,6 @@ interface Port-Channel110 isis metric 99 isis hello padding isis network point-to-point - isis authentication mode text - isis authentication key 7 asfddja23452 ! interface Port-Channel111 description Flexencap Port-Channel diff --git a/ansible_collections/arista/avd/molecule/eos_cli_config_gen/inventory/host_vars/host1/port-channel-interfaces.yml b/ansible_collections/arista/avd/molecule/eos_cli_config_gen/inventory/host_vars/host1/port-channel-interfaces.yml index 928a4e8405a..8c4d4e37f40 100644 --- a/ansible_collections/arista/avd/molecule/eos_cli_config_gen/inventory/host_vars/host1/port-channel-interfaces.yml +++ b/ansible_collections/arista/avd/molecule/eos_cli_config_gen/inventory/host_vars/host1/port-channel-interfaces.yml @@ -69,12 +69,36 @@ port_channel_interfaces: private_vlan_secondary: false mlag: 15 spanning_tree_guard: loop + # Test isis authentication both md5 rx + isis_authentication: + both: + key_type: 0 + key: password + mode: md5 + rx_disabled: true + level_1: + key_type: 0 + key: password + mode: md5 + rx_disabled: true + level_2: + key_type: 0 + key: password + mode: text + rx_disabled: true - name: Port-Channel16 description: DC1_L2LEAF4_Po1 snmp_trap_link_change: true mlag: 16 spanning_tree_guard: disabled + # Test isis auth both md5 + isis_enable: "EVPN_UNDERLAY" + isis_authentication: + both: + key_type: 0 + key: password + mode: md5 switchport: mode: trunk port_security: @@ -110,6 +134,16 @@ port_channel_interfaces: groups: - LEAF_PEER_L3 - MLAG + isis_enable: "EVPN_UNDERLAY" + # Test isis auth both sha rx + isis_authentication: + both: + key_type: 0 + key: password + mode: sha + sha: + key_id: 2 + rx_disabled: true - name: Port-Channel10 description: SRV01_bond0 @@ -123,6 +157,15 @@ port_channel_interfaces: route_target: "04:04:03:03:02:02" shape: rate: 50 percent + # Test isis auth both sha + isis_enable: "EVPN_UNDERLAY" + isis_authentication: + both: + key_type: 0 + key: password + mode: sha + sha: + key_id: 2 - name: Port-Channel50 description: SRV-POD03_PortChanne1 @@ -135,6 +178,15 @@ port_channel_interfaces: identifier: "0000:0000:0303:0202:0101" route_target: "03:03:02:02:01:01" lacp_id: 0303.0202.0101 + # Test isis auth both shared secret rx + isis_enable: "EVPN_UNDERLAY" + isis_authentication: + both: + mode: shared-secret + shared_secret: + profile: profile1 + algorithm: sha-1 + rx_disabled: true - name: Port-Channel51 description: ipv6_prefix @@ -158,11 +210,33 @@ port_channel_interfaces: valid_lifetime: infinite preferred_lifetime: infinite no_autoconfig_flag: true + # Test isis auth both shared secret + isis_enable: "EVPN_UNDERLAY" + isis_authentication: + both: + mode: shared-secret + shared_secret: + profile: profile1 + algorithm: sha-1 - name: Port-Channel100 logging: event: link_status: true + # Test isis auth both l1l2 md5 rx + isis_enable: "EVPN_UNDERLAY" + isis_authentication: + level_1: + key_type: 0 + key: password + mode: md5 + rx_disabled: true + level_2: + key_type: 0 + key: password + mode: text + rx_disabled: true + switchport: enabled: false port_security: @@ -262,6 +336,17 @@ port_channel_interfaces: port_security: violation: mode: protect + # Test isis auth l1l2 md5 + isis_enable: "EVPN_UNDERLAY" + isis_authentication: + level_1: + key_type: 0 + key: password + mode: md5 + level_2: + key_type: 0 + key: password1 + mode: md5 - name: Port-Channel8.101 description: to Dev02 Port-Channel8.101 - VRF-C1 @@ -283,7 +368,12 @@ port_channel_interfaces: enabled: true rfc_7130: true spanning_tree_guard: root - + isis_authentication: + level_2: + key_type: 0 + key: password + mode: text + rx_disabled: true - name: Port-Channel20 description: Po_in_mode_access_accepting_tagged_LACP_frames switchport: @@ -292,6 +382,21 @@ port_channel_interfaces: access_vlan: 200 l2_protocol: encapsulation_dot1q_vlan: 200 + # Test isis auth l1l2 shared secret rx + isis_enable: "EVPN_UNDERLAY" + isis_authentication: + level_1: + mode: shared-secret + shared_secret: + profile: profile1 + algorithm: sha-256 + rx_disabled: true + level_2: + mode: shared-secret + shared_secret: + profile: profile2 + algorithm: sha-1 + rx_disabled: true - name: Port-Channel12 description: interface_in_mode_access_with_voice @@ -303,6 +408,13 @@ port_channel_interfaces: phone: trunk: untagged vlan: 70 + # Test isis auth l1l2 sha + isis_enable: "EVPN_UNDERLAY" + isis_authentication: + level_1: + mode: sha + sha: + key_id: 5 - name: Port-Channel13 description: EVPN-Vxlan single-active redundancy @@ -318,6 +430,55 @@ port_channel_interfaces: hold_time: 10 candidate_reachability_required: true route_target: "00:00:01:02:03:04" + isis_authentication: + both: + key_ids: + - id: 2 + algorithm: sha-512 + key_type: 0 + key: password + rfc_5310: false + - id: 3 + algorithm: sha-512 + key_type: 0 + key: password1 + rfc_5310: true + level_1: + key_ids: + - id: 1 + algorithm: sha-1 + key_type: 0 + key: password + rfc_5310: false + - id: 4 + algorithm: sha-1 + key_type: 0 + key: password + rfc_5310: true + - id: 3 + algorithm: sha-1 + key_type: 0 + key: password3 + - id: 5 + algorithm: sha-1 + key_type: 0 + key: password3 + level_2: + key_ids: + - id: 1 + algorithm: sha-1 + key_type: 0 + key: password + rfc_5310: false + - id: 5 + algorithm: sha-1 + key_type: 0 + key: password + rfc_5310: true + - id: 3 + algorithm: sha-1 + key_type: 0 + key: password2 - name: Port-Channel14 switchport: @@ -448,8 +609,6 @@ port_channel_interfaces: isis_network_point_to_point: true isis_circuit_type: level-2 isis_hello_padding: true - isis_authentication_mode: text - isis_authentication_key: "asfddja23452" - name: Port-Channel111 description: Flexencap Port-Channel diff --git a/ansible_collections/arista/avd/molecule/eos_cli_config_gen_deprecated_vars/intended/configs/host1.cfg b/ansible_collections/arista/avd/molecule/eos_cli_config_gen_deprecated_vars/intended/configs/host1.cfg index c77bbd73d11..a8cc4f87808 100644 --- a/ansible_collections/arista/avd/molecule/eos_cli_config_gen_deprecated_vars/intended/configs/host1.cfg +++ b/ansible_collections/arista/avd/molecule/eos_cli_config_gen_deprecated_vars/intended/configs/host1.cfg @@ -20,6 +20,9 @@ interface Port-Channel3 switchport trunk group group1 switchport trunk group group2 switchport + isis enable ISIS_TEST + isis authentication mode md5 + isis authentication key 7 asfddja23452 ! interface Port-Channel4 description Test_native_vlan_tag_and_phone diff --git a/ansible_collections/arista/avd/molecule/eos_cli_config_gen_deprecated_vars/inventory/host_vars/host1/port-channel-interfaces.yml b/ansible_collections/arista/avd/molecule/eos_cli_config_gen_deprecated_vars/inventory/host_vars/host1/port-channel-interfaces.yml index 89927dfdcbb..850719480d3 100644 --- a/ansible_collections/arista/avd/molecule/eos_cli_config_gen_deprecated_vars/inventory/host_vars/host1/port-channel-interfaces.yml +++ b/ansible_collections/arista/avd/molecule/eos_cli_config_gen_deprecated_vars/inventory/host_vars/host1/port-channel-interfaces.yml @@ -20,6 +20,9 @@ port_channel_interfaces: trunk_groups: - group1 - group2 + isis_enable: ISIS_TEST + isis_authentication_mode: md5 + isis_authentication_key: "asfddja23452" - name: Port-Channel4 description: Test_native_vlan_tag_and_phone diff --git a/ansible_collections/arista/avd/molecule/eos_cli_config_gen_deprecated_vars/inventory/hosts.yml b/ansible_collections/arista/avd/molecule/eos_cli_config_gen_deprecated_vars/inventory/hosts.yml index 70f3887fd4f..d046ea8abcb 100644 --- a/ansible_collections/arista/avd/molecule/eos_cli_config_gen_deprecated_vars/inventory/hosts.yml +++ b/ansible_collections/arista/avd/molecule/eos_cli_config_gen_deprecated_vars/inventory/hosts.yml @@ -1,5 +1,5 @@ --- -all: +test_hosts: groups: IGNORE_IN_PYTEST: hosts: # TODO: Remove inline jinja diff --git a/ansible_collections/arista/avd/molecule/eos_designs-mpls-isis-sr-ldp/documentation/devices/SITE2-LER1.md b/ansible_collections/arista/avd/molecule/eos_designs-mpls-isis-sr-ldp/documentation/devices/SITE2-LER1.md index 6159f6f7cf2..f927542bff6 100644 --- a/ansible_collections/arista/avd/molecule/eos_designs-mpls-isis-sr-ldp/documentation/devices/SITE2-LER1.md +++ b/ansible_collections/arista/avd/molecule/eos_designs-mpls-isis-sr-ldp/documentation/devices/SITE2-LER1.md @@ -358,8 +358,8 @@ interface Ethernet14 ##### ISIS -| Interface | ISIS Instance | ISIS BFD | ISIS Metric | Mode | ISIS Circuit Type | Hello Padding | Authentication Mode | -| --------- | ------------- | -------- | ----------- | ---- | ----------------- | ------------- | ------------------- | +| Interface | ISIS Instance | ISIS BFD | ISIS Metric | Mode | ISIS Circuit Type | Hello Padding | ISIS Authentication Mode | +| --------- | ------------- | -------- | ----------- | ---- | ----------------- | ------------- | ------------------------ | | Port-Channel11 | CORE | - | 60 | point-to-point | level-2 | False | md5 | | Port-Channel220 | CORE | - | 60 | point-to-point | level-2 | False | md5 | diff --git a/ansible_collections/arista/avd/molecule/eos_designs-mpls-isis-sr-ldp/documentation/devices/SITE2-LSR2.md b/ansible_collections/arista/avd/molecule/eos_designs-mpls-isis-sr-ldp/documentation/devices/SITE2-LSR2.md index 2b45c47566c..c8d33865e97 100644 --- a/ansible_collections/arista/avd/molecule/eos_designs-mpls-isis-sr-ldp/documentation/devices/SITE2-LSR2.md +++ b/ansible_collections/arista/avd/molecule/eos_designs-mpls-isis-sr-ldp/documentation/devices/SITE2-LSR2.md @@ -237,8 +237,8 @@ interface Ethernet15 ##### ISIS -| Interface | ISIS Instance | ISIS BFD | ISIS Metric | Mode | ISIS Circuit Type | Hello Padding | Authentication Mode | -| --------- | ------------- | -------- | ----------- | ---- | ----------------- | ------------- | ------------------- | +| Interface | ISIS Instance | ISIS BFD | ISIS Metric | Mode | ISIS Circuit Type | Hello Padding | ISIS Authentication Mode | +| --------- | ------------- | -------- | ----------- | ---- | ----------------- | ------------- | ------------------------ | | Port-Channel12 | CUSTOM_NAME | - | 60 | point-to-point | level-2 | False | md5 | | Port-Channel110 | CUSTOM_NAME | - | 60 | point-to-point | level-2 | False | md5 | diff --git a/ansible_collections/arista/avd/roles/eos_cli_config_gen/docs/tables/port-channel-interfaces.md b/ansible_collections/arista/avd/roles/eos_cli_config_gen/docs/tables/port-channel-interfaces.md index f4395449d40..1f9046c64f0 100644 --- a/ansible_collections/arista/avd/roles/eos_cli_config_gen/docs/tables/port-channel-interfaces.md +++ b/ansible_collections/arista/avd/roles/eos_cli_config_gen/docs/tables/port-channel-interfaces.md @@ -124,8 +124,57 @@ | [<samp> isis_network_point_to_point</samp>](## "port_channel_interfaces.[].isis_network_point_to_point") | Boolean | | | | | | [<samp> isis_circuit_type</samp>](## "port_channel_interfaces.[].isis_circuit_type") | String | | | Valid Values:<br>- <code>level-1-2</code><br>- <code>level-1</code><br>- <code>level-2</code> | | | [<samp> isis_hello_padding</samp>](## "port_channel_interfaces.[].isis_hello_padding") | Boolean | | | | | - | [<samp> isis_authentication_mode</samp>](## "port_channel_interfaces.[].isis_authentication_mode") | String | | | Valid Values:<br>- <code>text</code><br>- <code>md5</code> | | - | [<samp> isis_authentication_key</samp>](## "port_channel_interfaces.[].isis_authentication_key") | String | | | | Type-7 encrypted password. | + | [<samp> isis_authentication_mode</samp>](## "port_channel_interfaces.[].isis_authentication_mode") <span style="color:red">deprecated</span> | String | | | Valid Values:<br>- <code>text</code><br>- <code>md5</code> | <span style="color:red">This key is deprecated. Support will be removed in AVD version v6.0.0. Use <samp>port_channel_interfaces[].isis_authentication.both.mode or port_channel_interfaces[].isis_authentication.level_1.mode or port_channel_interfaces[].isis_authentication.level_2.mode</samp> instead.</span> | + | [<samp> isis_authentication_key</samp>](## "port_channel_interfaces.[].isis_authentication_key") <span style="color:red">deprecated</span> | String | | | | Type-7 encrypted password.<span style="color:red">This key is deprecated. Support will be removed in AVD version v6.0.0. Use <samp>port_channel_interfaces[].isis_authentication.both.key or port_channel_interfaces[].isis_authentication.level_1.key or port_channel_interfaces[].isis_authentication.level_2.key</samp> instead.</span> | + | [<samp> isis_authentication</samp>](## "port_channel_interfaces.[].isis_authentication") | Dictionary | | | | This key should not be mixed with port_channel_interfaces[].isis_authentication_mode or ethernet_interfaces[].isis_authentication_key. | + | [<samp> both</samp>](## "port_channel_interfaces.[].isis_authentication.both") | Dictionary | | | | Authentication settings for level-1 and level-2. 'both' takes precedence over 'level_1' and 'level_2' settings. | + | [<samp> key_type</samp>](## "port_channel_interfaces.[].isis_authentication.both.key_type") | String | | | Valid Values:<br>- <code>0</code><br>- <code>7</code><br>- <code>8a</code> | Configure authentication key type. | + | [<samp> key</samp>](## "port_channel_interfaces.[].isis_authentication.both.key") | String | | | | Password string. `key_type` is required for this setting. | + | [<samp> key_ids</samp>](## "port_channel_interfaces.[].isis_authentication.both.key_ids") | List, items: Dictionary | | | | | + | [<samp> - id</samp>](## "port_channel_interfaces.[].isis_authentication.both.key_ids.[].id") | Integer | Required, Unique | | Min: 1<br>Max: 65535 | Configure authentication key-id. | + | [<samp> algorithm</samp>](## "port_channel_interfaces.[].isis_authentication.both.key_ids.[].algorithm") | String | Required | | Valid Values:<br>- <code>sha-1</code><br>- <code>sha-224</code><br>- <code>sha-256</code><br>- <code>sha-384</code><br>- <code>sha-512</code> | | + | [<samp> key_type</samp>](## "port_channel_interfaces.[].isis_authentication.both.key_ids.[].key_type") | String | Required | | Valid Values:<br>- <code>0</code><br>- <code>7</code><br>- <code>8a</code> | Configure authentication key type. | + | [<samp> key</samp>](## "port_channel_interfaces.[].isis_authentication.both.key_ids.[].key") | String | Required | | | Password string. | + | [<samp> rfc_5310</samp>](## "port_channel_interfaces.[].isis_authentication.both.key_ids.[].rfc_5310") | Boolean | | | | SHA digest computation according to rfc5310. | + | [<samp> mode</samp>](## "port_channel_interfaces.[].isis_authentication.both.mode") | String | | | Valid Values:<br>- <code>md5</code><br>- <code>sha</code><br>- <code>text</code><br>- <code>shared-secret</code> | Authentication mode. | + | [<samp> sha</samp>](## "port_channel_interfaces.[].isis_authentication.both.sha") | Dictionary | | | | Required settings for authentication mode 'sha'. | + | [<samp> key_id</samp>](## "port_channel_interfaces.[].isis_authentication.both.sha.key_id") | Integer | Required | | Min: 1<br>Max: 65535 | | + | [<samp> shared_secret</samp>](## "port_channel_interfaces.[].isis_authentication.both.shared_secret") | Dictionary | | | | Required settings for authentication mode 'shared_secret'. | + | [<samp> profile</samp>](## "port_channel_interfaces.[].isis_authentication.both.shared_secret.profile") | String | Required | | | | + | [<samp> algorithm</samp>](## "port_channel_interfaces.[].isis_authentication.both.shared_secret.algorithm") | String | Required | | Valid Values:<br>- <code>md5</code><br>- <code>sha-1</code><br>- <code>sha-224</code><br>- <code>sha-256</code><br>- <code>sha-384</code><br>- <code>sha-512</code> | | + | [<samp> rx_disabled</samp>](## "port_channel_interfaces.[].isis_authentication.both.rx_disabled") | Boolean | | | | Disable authentication check on the receive side. | + | [<samp> level_1</samp>](## "port_channel_interfaces.[].isis_authentication.level_1") | Dictionary | | | | Authentication settings for level-1. 'both' takes precedence over 'level_1' and 'level_2' settings. | + | [<samp> key_type</samp>](## "port_channel_interfaces.[].isis_authentication.level_1.key_type") | String | | | Valid Values:<br>- <code>0</code><br>- <code>7</code><br>- <code>8a</code> | Configure authentication key type. | + | [<samp> key</samp>](## "port_channel_interfaces.[].isis_authentication.level_1.key") | String | | | | Password string. `key_type` is required for this setting. | + | [<samp> key_ids</samp>](## "port_channel_interfaces.[].isis_authentication.level_1.key_ids") | List, items: Dictionary | | | | | + | [<samp> - id</samp>](## "port_channel_interfaces.[].isis_authentication.level_1.key_ids.[].id") | Integer | Required, Unique | | Min: 1<br>Max: 65535 | Configure authentication key-id. | + | [<samp> algorithm</samp>](## "port_channel_interfaces.[].isis_authentication.level_1.key_ids.[].algorithm") | String | Required | | Valid Values:<br>- <code>sha-1</code><br>- <code>sha-224</code><br>- <code>sha-256</code><br>- <code>sha-384</code><br>- <code>sha-512</code> | | + | [<samp> key_type</samp>](## "port_channel_interfaces.[].isis_authentication.level_1.key_ids.[].key_type") | String | Required | | Valid Values:<br>- <code>0</code><br>- <code>7</code><br>- <code>8a</code> | Configure authentication key type. | + | [<samp> key</samp>](## "port_channel_interfaces.[].isis_authentication.level_1.key_ids.[].key") | String | Required | | | Password string. | + | [<samp> rfc_5310</samp>](## "port_channel_interfaces.[].isis_authentication.level_1.key_ids.[].rfc_5310") | Boolean | | | | SHA digest computation according to rfc5310. | + | [<samp> mode</samp>](## "port_channel_interfaces.[].isis_authentication.level_1.mode") | String | | | Valid Values:<br>- <code>md5</code><br>- <code>sha</code><br>- <code>text</code><br>- <code>shared-secret</code> | Authentication mode. | + | [<samp> sha</samp>](## "port_channel_interfaces.[].isis_authentication.level_1.sha") | Dictionary | | | | Required settings for authentication mode 'sha'. | + | [<samp> key_id</samp>](## "port_channel_interfaces.[].isis_authentication.level_1.sha.key_id") | Integer | Required | | Min: 1<br>Max: 65535 | | + | [<samp> shared_secret</samp>](## "port_channel_interfaces.[].isis_authentication.level_1.shared_secret") | Dictionary | | | | Required settings for authentication mode 'shared_secret'. | + | [<samp> profile</samp>](## "port_channel_interfaces.[].isis_authentication.level_1.shared_secret.profile") | String | Required | | | | + | [<samp> algorithm</samp>](## "port_channel_interfaces.[].isis_authentication.level_1.shared_secret.algorithm") | String | Required | | Valid Values:<br>- <code>md5</code><br>- <code>sha-1</code><br>- <code>sha-224</code><br>- <code>sha-256</code><br>- <code>sha-384</code><br>- <code>sha-512</code> | | + | [<samp> rx_disabled</samp>](## "port_channel_interfaces.[].isis_authentication.level_1.rx_disabled") | Boolean | | | | Disable authentication check on the receive side. | + | [<samp> level_2</samp>](## "port_channel_interfaces.[].isis_authentication.level_2") | Dictionary | | | | Authentication settings for level-2. 'both' takes precedence over 'level_1' and 'level_2' settings. | + | [<samp> key_type</samp>](## "port_channel_interfaces.[].isis_authentication.level_2.key_type") | String | | | Valid Values:<br>- <code>0</code><br>- <code>7</code><br>- <code>8a</code> | Configure authentication key type. | + | [<samp> key</samp>](## "port_channel_interfaces.[].isis_authentication.level_2.key") | String | | | | Password string. `key_type` is required for this setting. | + | [<samp> key_ids</samp>](## "port_channel_interfaces.[].isis_authentication.level_2.key_ids") | List, items: Dictionary | | | | | + | [<samp> - id</samp>](## "port_channel_interfaces.[].isis_authentication.level_2.key_ids.[].id") | Integer | Required, Unique | | Min: 1<br>Max: 65535 | Configure authentication key-id. | + | [<samp> algorithm</samp>](## "port_channel_interfaces.[].isis_authentication.level_2.key_ids.[].algorithm") | String | Required | | Valid Values:<br>- <code>sha-1</code><br>- <code>sha-224</code><br>- <code>sha-256</code><br>- <code>sha-384</code><br>- <code>sha-512</code> | | + | [<samp> key_type</samp>](## "port_channel_interfaces.[].isis_authentication.level_2.key_ids.[].key_type") | String | Required | | Valid Values:<br>- <code>0</code><br>- <code>7</code><br>- <code>8a</code> | Configure authentication key type. | + | [<samp> key</samp>](## "port_channel_interfaces.[].isis_authentication.level_2.key_ids.[].key") | String | Required | | | Password string. | + | [<samp> rfc_5310</samp>](## "port_channel_interfaces.[].isis_authentication.level_2.key_ids.[].rfc_5310") | Boolean | | | | SHA digest computation according to rfc5310. | + | [<samp> mode</samp>](## "port_channel_interfaces.[].isis_authentication.level_2.mode") | String | | | Valid Values:<br>- <code>md5</code><br>- <code>sha</code><br>- <code>text</code><br>- <code>shared-secret</code> | Authentication mode. | + | [<samp> sha</samp>](## "port_channel_interfaces.[].isis_authentication.level_2.sha") | Dictionary | | | | Required settings for authentication mode 'sha'. | + | [<samp> key_id</samp>](## "port_channel_interfaces.[].isis_authentication.level_2.sha.key_id") | Integer | Required | | Min: 1<br>Max: 65535 | | + | [<samp> shared_secret</samp>](## "port_channel_interfaces.[].isis_authentication.level_2.shared_secret") | Dictionary | | | | Required settings for authentication mode 'shared_secret'. | + | [<samp> profile</samp>](## "port_channel_interfaces.[].isis_authentication.level_2.shared_secret.profile") | String | Required | | | | + | [<samp> algorithm</samp>](## "port_channel_interfaces.[].isis_authentication.level_2.shared_secret.algorithm") | String | Required | | Valid Values:<br>- <code>md5</code><br>- <code>sha-1</code><br>- <code>sha-224</code><br>- <code>sha-256</code><br>- <code>sha-384</code><br>- <code>sha-512</code> | | + | [<samp> rx_disabled</samp>](## "port_channel_interfaces.[].isis_authentication.level_2.rx_disabled") | Boolean | | | | Disable authentication check on the receive side. | | [<samp> traffic_policy</samp>](## "port_channel_interfaces.[].traffic_policy") | Dictionary | | | | | | [<samp> input</samp>](## "port_channel_interfaces.[].traffic_policy.input") | String | | | | Ingress traffic policy. | | [<samp> output</samp>](## "port_channel_interfaces.[].traffic_policy.output") | String | | | | Egress traffic policy. | @@ -616,10 +665,133 @@ isis_network_point_to_point: <bool> isis_circuit_type: <str; "level-1-2" | "level-1" | "level-2"> isis_hello_padding: <bool> + # This key is deprecated. + # Support will be removed in AVD version v6.0.0. + # Use <samp>port_channel_interfaces[].isis_authentication.both.mode or port_channel_interfaces[].isis_authentication.level_1.mode or port_channel_interfaces[].isis_authentication.level_2.mode</samp> instead. isis_authentication_mode: <str; "text" | "md5"> # Type-7 encrypted password. + # This key is deprecated. + # Support will be removed in AVD version v6.0.0. + # Use <samp>port_channel_interfaces[].isis_authentication.both.key or port_channel_interfaces[].isis_authentication.level_1.key or port_channel_interfaces[].isis_authentication.level_2.key</samp> instead. isis_authentication_key: <str> + + # This key should not be mixed with port_channel_interfaces[].isis_authentication_mode or ethernet_interfaces[].isis_authentication_key. + isis_authentication: + + # Authentication settings for level-1 and level-2. 'both' takes precedence over 'level_1' and 'level_2' settings. + both: + + # Configure authentication key type. + key_type: <str; "0" | "7" | "8a"> + + # Password string. `key_type` is required for this setting. + key: <str> + key_ids: + + # Configure authentication key-id. + - id: <int; 1-65535; required; unique> + algorithm: <str; "sha-1" | "sha-224" | "sha-256" | "sha-384" | "sha-512"; required> + + # Configure authentication key type. + key_type: <str; "0" | "7" | "8a"; required> + + # Password string. + key: <str; required> + + # SHA digest computation according to rfc5310. + rfc_5310: <bool> + + # Authentication mode. + mode: <str; "md5" | "sha" | "text" | "shared-secret"> + + # Required settings for authentication mode 'sha'. + sha: + key_id: <int; 1-65535; required> + + # Required settings for authentication mode 'shared_secret'. + shared_secret: + profile: <str; required> + algorithm: <str; "md5" | "sha-1" | "sha-224" | "sha-256" | "sha-384" | "sha-512"; required> + + # Disable authentication check on the receive side. + rx_disabled: <bool> + + # Authentication settings for level-1. 'both' takes precedence over 'level_1' and 'level_2' settings. + level_1: + + # Configure authentication key type. + key_type: <str; "0" | "7" | "8a"> + + # Password string. `key_type` is required for this setting. + key: <str> + key_ids: + + # Configure authentication key-id. + - id: <int; 1-65535; required; unique> + algorithm: <str; "sha-1" | "sha-224" | "sha-256" | "sha-384" | "sha-512"; required> + + # Configure authentication key type. + key_type: <str; "0" | "7" | "8a"; required> + + # Password string. + key: <str; required> + + # SHA digest computation according to rfc5310. + rfc_5310: <bool> + + # Authentication mode. + mode: <str; "md5" | "sha" | "text" | "shared-secret"> + + # Required settings for authentication mode 'sha'. + sha: + key_id: <int; 1-65535; required> + + # Required settings for authentication mode 'shared_secret'. + shared_secret: + profile: <str; required> + algorithm: <str; "md5" | "sha-1" | "sha-224" | "sha-256" | "sha-384" | "sha-512"; required> + + # Disable authentication check on the receive side. + rx_disabled: <bool> + + # Authentication settings for level-2. 'both' takes precedence over 'level_1' and 'level_2' settings. + level_2: + + # Configure authentication key type. + key_type: <str; "0" | "7" | "8a"> + + # Password string. `key_type` is required for this setting. + key: <str> + key_ids: + + # Configure authentication key-id. + - id: <int; 1-65535; required; unique> + algorithm: <str; "sha-1" | "sha-224" | "sha-256" | "sha-384" | "sha-512"; required> + + # Configure authentication key type. + key_type: <str; "0" | "7" | "8a"; required> + + # Password string. + key: <str; required> + + # SHA digest computation according to rfc5310. + rfc_5310: <bool> + + # Authentication mode. + mode: <str; "md5" | "sha" | "text" | "shared-secret"> + + # Required settings for authentication mode 'sha'. + sha: + key_id: <int; 1-65535; required> + + # Required settings for authentication mode 'shared_secret'. + shared_secret: + profile: <str; required> + algorithm: <str; "md5" | "sha-1" | "sha-224" | "sha-256" | "sha-384" | "sha-512"; required> + + # Disable authentication check on the receive side. + rx_disabled: <bool> traffic_policy: # Ingress traffic policy. diff --git a/python-avd/pyavd/_eos_cli_config_gen/j2templates/documentation/port-channel-interfaces.j2 b/python-avd/pyavd/_eos_cli_config_gen/j2templates/documentation/port-channel-interfaces.j2 index a12627fd244..b916790f1eb 100644 --- a/python-avd/pyavd/_eos_cli_config_gen/j2templates/documentation/port-channel-interfaces.j2 +++ b/python-avd/pyavd/_eos_cli_config_gen/j2templates/documentation/port-channel-interfaces.j2 @@ -373,7 +373,8 @@ port_channel_interface.isis_network_point_to_point is arista.avd.defined or port_channel_interface.isis_passive is arista.avd.defined or port_channel_interface.isis_hello_padding is arista.avd.defined or - port_channel_interface.isis_authentication_mode is arista.avd.defined %} + port_channel_interface.isis_authentication_mode is arista.avd.defined or + port_channel_interface.isis_authentication is arista.avd.defined %} {% do port_channel_interfaces_isis.append(port_channel_interface) %} {% endif %} {% endfor %} @@ -381,15 +382,25 @@ ##### ISIS -| Interface | ISIS Instance | ISIS BFD | ISIS Metric | Mode | ISIS Circuit Type | Hello Padding | Authentication Mode | -| --------- | ------------- | -------- | ----------- | ---- | ----------------- | ------------- | ------------------- | +| Interface | ISIS Instance | ISIS BFD | ISIS Metric | Mode | ISIS Circuit Type | Hello Padding | ISIS Authentication Mode | +| --------- | ------------- | -------- | ----------- | ---- | ----------------- | ------------- | ------------------------ | {% for port_channel_interface in port_channel_interfaces_isis | arista.avd.natural_sort('name') %} {% set isis_instance = port_channel_interface.isis_enable | arista.avd.default("-") %} {% set isis_bfd = port_channel_interface.isis_bfd | arista.avd.default("-") %} {% set isis_metric = port_channel_interface.isis_metric | arista.avd.default("-") %} {% set isis_circuit_type = port_channel_interface.isis_circuit_type | arista.avd.default("-") %} {% set isis_hello_padding = port_channel_interface.isis_hello_padding | arista.avd.default("-") %} -{% set isis_authentication_mode = port_channel_interface.isis_authentication_mode | arista.avd.default("-") %} +{% if port_channel_interface.isis_authentication.both.mode is arista.avd.defined %} +{% set isis_authentication_mode = port_channel_interface.isis_authentication.both.mode %} +{% elif port_channel_interface.isis_authentication.level_1.mode is arista.avd.defined and port_channel_interface.isis_authentication.level_2.mode is arista.avd.defined %} +{% set isis_authentication_mode = "Level-1: " ~ port_channel_interface.isis_authentication.level_1.mode ~ "<br>" ~ "Level-2: " ~ port_channel_interface.isis_authentication.level_2.mode %} +{% elif port_channel_interface.isis_authentication.level_1.mode is arista.avd.defined %} +{% set isis_authentication_mode = "Level-1: " ~ port_channel_interface.isis_authentication.level_1.mode %} +{% elif port_channel_interface.isis_authentication.level_2.mode is arista.avd.defined %} +{% set isis_authentication_mode = "Level-2: " ~ port_channel_interface.isis_authentication.level_2.mode %} +{% else %} +{% set isis_authentication_mode = port_channel_interface.isis_authentication_mode | arista.avd.default("-") %} +{% endif %} {% if port_channel_interface.isis_network_point_to_point is arista.avd.defined(true) %} {% set mode = "point-to-point" %} {% elif port_channel_interface.isis_passive is arista.avd.defined(true) %} diff --git a/python-avd/pyavd/_eos_cli_config_gen/j2templates/eos/port-channel-interfaces.j2 b/python-avd/pyavd/_eos_cli_config_gen/j2templates/eos/port-channel-interfaces.j2 index 10cedbd0636..66e0b9ea97c 100644 --- a/python-avd/pyavd/_eos_cli_config_gen/j2templates/eos/port-channel-interfaces.j2 +++ b/python-avd/pyavd/_eos_cli_config_gen/j2templates/eos/port-channel-interfaces.j2 @@ -645,12 +645,98 @@ interface {{ port_channel_interface.name }} {% if port_channel_interface.isis_network_point_to_point is arista.avd.defined(true) %} isis network point-to-point {% endif %} -{% if port_channel_interface.isis_authentication_mode is arista.avd.defined and - port_channel_interface.isis_authentication_mode in ["text", "md5"] %} +{% if port_channel_interface.isis_authentication is arista.avd.defined %} +{% if port_channel_interface.isis_authentication.both.mode is arista.avd.defined + and (port_channel_interface.isis_authentication.both.mode in ["md5", "text"] + or (port_channel_interface.isis_authentication.both.mode == "sha" and port_channel_interface.isis_authentication.both.sha.key_id is arista.avd.defined) + or (port_channel_interface.isis_authentication.both.mode == "shared-secret" and port_channel_interface.isis_authentication.both.shared_secret is arista.avd.defined)) %} +{% set isis_auth_cli = "isis authentication mode " ~ port_channel_interface.isis_authentication.both.mode %} +{% if port_channel_interface.isis_authentication.both.mode == "sha" %} +{% set isis_auth_cli = isis_auth_cli ~ " key-id " ~ port_channel_interface.isis_authentication.both.sha.key_id %} +{% elif port_channel_interface.isis_authentication.both.mode == "shared-secret" %} +{% set isis_auth_cli = isis_auth_cli ~ " profile " ~ port_channel_interface.isis_authentication.both.shared_secret.profile ~ " algorithm " ~ port_channel_interface.isis_authentication.both.shared_secret.algorithm %} +{% endif %} +{% if port_channel_interface.isis_authentication.both.rx_disabled is arista.avd.defined(true) %} +{% set isis_auth_cli = isis_auth_cli ~ " rx-disabled" %} +{% endif %} + {{ isis_auth_cli }} +{% else %} +{% if port_channel_interface.isis_authentication.level_1.mode is arista.avd.defined + and (port_channel_interface.isis_authentication.level_1.mode in ["md5", "text"] + or (port_channel_interface.isis_authentication.level_1.mode == "sha" and port_channel_interface.isis_authentication.level_1.sha.key_id is arista.avd.defined) + or (port_channel_interface.isis_authentication.level_1.mode == "shared-secret" and port_channel_interface.isis_authentication.level_1.shared_secret is arista.avd.defined)) %} +{% set isis_auth_cli = "isis authentication mode " ~ port_channel_interface.isis_authentication.level_1.mode %} +{% if port_channel_interface.isis_authentication.level_1.mode == "sha" %} +{% set isis_auth_cli = isis_auth_cli ~ " key-id " ~ port_channel_interface.isis_authentication.level_1.sha.key_id %} +{% elif port_channel_interface.isis_authentication.level_1.mode == "shared-secret" %} +{% set isis_auth_cli = isis_auth_cli ~ " profile " ~ port_channel_interface.isis_authentication.level_1.shared_secret.profile ~ " algorithm " ~ port_channel_interface.isis_authentication.level_1.shared_secret.algorithm %} +{% endif %} +{% if port_channel_interface.isis_authentication.level_1.rx_disabled is arista.avd.defined(true) %} +{% set isis_auth_cli = isis_auth_cli ~ " rx-disabled" %} +{% endif %} + {{ isis_auth_cli }} level-1 +{% endif %} +{% if port_channel_interface.isis_authentication.level_2.mode is arista.avd.defined + and (port_channel_interface.isis_authentication.level_2.mode in ["md5", "text"] + or (port_channel_interface.isis_authentication.level_2.mode == "sha" and port_channel_interface.isis_authentication.level_2.sha.key_id is arista.avd.defined) + or (port_channel_interface.isis_authentication.level_2.mode == "shared-secret" and port_channel_interface.isis_authentication.level_2.shared_secret is arista.avd.defined)) %} +{% set isis_auth_cli = "isis authentication mode " ~ port_channel_interface.isis_authentication.level_2.mode %} +{% if port_channel_interface.isis_authentication.level_2.mode == "sha" %} +{% set isis_auth_cli = isis_auth_cli ~ " key-id " ~ port_channel_interface.isis_authentication.level_2.sha.key_id %} +{% elif port_channel_interface.isis_authentication.level_2.mode == "shared-secret" %} +{% set isis_auth_cli = isis_auth_cli ~ " profile " ~ port_channel_interface.isis_authentication.level_2.shared_secret.profile ~ " algorithm " ~ port_channel_interface.isis_authentication.level_2.shared_secret.algorithm %} +{% endif %} +{% if port_channel_interface.isis_authentication.level_2.rx_disabled is arista.avd.defined(true) %} +{% set isis_auth_cli = isis_auth_cli ~ " rx-disabled" %} +{% endif %} + {{ isis_auth_cli }} level-2 +{% endif %} +{% endif %} +{% set both_key_ids = [] %} +{% for auth_key in port_channel_interface.isis_authentication.both.key_ids | arista.avd.natural_sort("id") %} +{% do both_key_ids.append(auth_key.id) %} +{% if auth_key.rfc_5310 is arista.avd.defined(true) %} + isis authentication key-id {{ auth_key.id }} algorithm {{ auth_key.algorithm }} rfc-5310 key {{ auth_key.key_type }} {{ auth_key.key | arista.avd.hide_passwords(hide_passwords) }} +{% else %} + isis authentication key-id {{ auth_key.id }} algorithm {{ auth_key.algorithm }} key {{ auth_key.key_type }} {{ auth_key.key | arista.avd.hide_passwords(hide_passwords) }} +{% endif %} +{% endfor %} +{% for auth_key in port_channel_interface.isis_authentication.level_1.key_ids | arista.avd.natural_sort("id") %} +{% if auth_key.id not in both_key_ids %} +{% if auth_key.rfc_5310 is arista.avd.defined(true) %} + isis authentication key-id {{ auth_key.id }} algorithm {{ auth_key.algorithm }} rfc-5310 key {{ auth_key.key_type }} {{ auth_key.key | arista.avd.hide_passwords(hide_passwords) }} level-1 +{% else %} + isis authentication key-id {{ auth_key.id }} algorithm {{ auth_key.algorithm }} key {{ auth_key.key_type }} {{ auth_key.key | arista.avd.hide_passwords(hide_passwords) }} level-1 +{% endif %} +{% endif %} +{% endfor %} +{% for auth_key in port_channel_interface.isis_authentication.level_2.key_ids | arista.avd.natural_sort("id") %} +{% if auth_key.id not in both_key_ids %} +{% if auth_key.rfc_5310 is arista.avd.defined(true) %} + isis authentication key-id {{ auth_key.id }} algorithm {{ auth_key.algorithm }} rfc-5310 key {{ auth_key.key_type }} {{ auth_key.key | arista.avd.hide_passwords(hide_passwords) }} level-2 +{% else %} + isis authentication key-id {{ auth_key.id }} algorithm {{ auth_key.algorithm }} key {{ auth_key.key_type }} {{ auth_key.key | arista.avd.hide_passwords(hide_passwords) }} level-2 +{% endif %} +{% endif %} +{% endfor %} +{% if port_channel_interface.isis_authentication.both.key_type is arista.avd.defined and port_channel_interface.isis_authentication.both.key is arista.avd.defined %} + isis authentication key {{ port_channel_interface.isis_authentication.both.key_type }} {{ port_channel_interface.isis_authentication.both.key | arista.avd.hide_passwords(hide_passwords) }} +{% else %} +{% if port_channel_interface.isis_authentication.level_1.key_type is arista.avd.defined and port_channel_interface.isis_authentication.level_1.key is arista.avd.defined %} + isis authentication key {{ port_channel_interface.isis_authentication.level_1.key_type }} {{ port_channel_interface.isis_authentication.level_1.key | arista.avd.hide_passwords(hide_passwords) }} level-1 +{% endif %} +{% if port_channel_interface.isis_authentication.level_2.key_type is arista.avd.defined and port_channel_interface.isis_authentication.level_2.key is arista.avd.defined %} + isis authentication key {{ port_channel_interface.isis_authentication.level_2.key_type }} {{ port_channel_interface.isis_authentication.level_2.key | arista.avd.hide_passwords(hide_passwords) }} level-2 +{% endif %} +{% endif %} +{% else %} +{% if port_channel_interface.isis_authentication_mode is arista.avd.defined and + port_channel_interface.isis_authentication_mode in ["text", "md5"] %} isis authentication mode {{ port_channel_interface.isis_authentication_mode }} -{% endif %} -{% if port_channel_interface.isis_authentication_key is arista.avd.defined %} +{% endif %} +{% if port_channel_interface.isis_authentication_key is arista.avd.defined %} isis authentication key 7 {{ port_channel_interface.isis_authentication_key | arista.avd.hide_passwords(hide_passwords) }} +{% endif %} {% endif %} {% for section in port_channel_interface.storm_control | arista.avd.natural_sort %} {% if section != "all" %} diff --git a/python-avd/pyavd/_eos_cli_config_gen/schema/eos_cli_config_gen.schema.yml b/python-avd/pyavd/_eos_cli_config_gen/schema/eos_cli_config_gen.schema.yml index 38149a11a59..30ded4736ae 100644 --- a/python-avd/pyavd/_eos_cli_config_gen/schema/eos_cli_config_gen.schema.yml +++ b/python-avd/pyavd/_eos_cli_config_gen/schema/eos_cli_config_gen.schema.yml @@ -9892,12 +9892,27 @@ keys: type: bool isis_authentication_mode: type: str + deprecation: + warning: true + remove_in_version: v6.0.0 + new_key: port_channel_interfaces[].isis_authentication.both.mode or port_channel_interfaces[].isis_authentication.level_1.mode + or port_channel_interfaces[].isis_authentication.level_2.mode valid_values: - text - md5 isis_authentication_key: type: str description: Type-7 encrypted password. + deprecation: + warning: true + remove_in_version: v6.0.0 + new_key: port_channel_interfaces[].isis_authentication.both.key or port_channel_interfaces[].isis_authentication.level_1.key + or port_channel_interfaces[].isis_authentication.level_2.key + isis_authentication: + type: dict + description: This key should not be mixed with port_channel_interfaces[].isis_authentication_mode + or ethernet_interfaces[].isis_authentication_key. + $ref: eos_cli_config_gen#/keys/router_isis/keys/authentication traffic_policy: type: dict keys: diff --git a/python-avd/pyavd/_eos_cli_config_gen/schema/schema_fragments/port_channel_interfaces.schema.yml b/python-avd/pyavd/_eos_cli_config_gen/schema/schema_fragments/port_channel_interfaces.schema.yml index fe8b923caab..9a19fb76471 100644 --- a/python-avd/pyavd/_eos_cli_config_gen/schema/schema_fragments/port_channel_interfaces.schema.yml +++ b/python-avd/pyavd/_eos_cli_config_gen/schema/schema_fragments/port_channel_interfaces.schema.yml @@ -624,12 +624,25 @@ keys: type: bool isis_authentication_mode: type: str + deprecation: + warning: true + remove_in_version: v6.0.0 + new_key: port_channel_interfaces[].isis_authentication.both.mode or port_channel_interfaces[].isis_authentication.level_1.mode or port_channel_interfaces[].isis_authentication.level_2.mode valid_values: - text - md5 isis_authentication_key: type: str description: Type-7 encrypted password. + deprecation: + warning: true + remove_in_version: v6.0.0 + new_key: port_channel_interfaces[].isis_authentication.both.key or port_channel_interfaces[].isis_authentication.level_1.key or port_channel_interfaces[].isis_authentication.level_2.key + isis_authentication: + type: dict + description: This key should not be mixed with port_channel_interfaces[].isis_authentication_mode or ethernet_interfaces[].isis_authentication_key. + # TODO: AVD 6.0 Update the description + $ref: "eos_cli_config_gen#/keys/router_isis/keys/authentication" traffic_policy: type: dict keys: