Rules for 0.5.0 (#611)

* initial update rules for 0.5.0

* avoid ref before assignment issue

* update readme

* fix problem in rule 208. This fix ignore fabric_link with no ipv4 key, which is the case when used for fabric_link and not underlay_ip

Signed-off-by: ccoueffe <ccoueffe@cisco.com>

* update rules

* normalize input data name from shuffling

* address lint errors

* address lint errors

* update stp rule

* update vni and vlan range rule

* update stp rule

* update bootstrap rule

* update vni and vlan range rule

* update stp rule

* update ibgp underlay ipv6 rule

* address lint errors

* update readme

* remove meta end play

* address lint errors

* update external 502 as in ibgp to support old and new bgp_asn

Signed-off-by: ccoueffe <ccoueffe@cisco.com>

* Add check for ebgp key

---------

Signed-off-by: ccoueffe <ccoueffe@cisco.com>
Co-authored-by: ccoueffe <ccoueffe@cisco.com>
Co-authored-by: mwiebe <mwiebe@cisco.com>

Author: 3 people

README.md

@@ -323,6 +323,7 @@ This collection is intended for use with the following release versions:
 * `Cisco Nexus Dashboard Fabric Controller (NDFC) Release 12.2.1`
 * `Cisco Nexus Dashboard Fabric Controller (NDFC) Release 12.2.2`
 * `Cisco Nexus Dashboard Fabric Controller (NDFC) Release 12.2.3`
+* `Cisco Nexus Dashboard Release 4.1.1g` - Unified Nexus Dashboard Tech Preview
 
 <!--start requires_ansible-->
 ## Ansible Version Compatibility

plugins/action/common/nac_dc_validate.py

@@ -103,16 +103,17 @@ def run(self, tmp=None, task_vars=None):
                         rules_list.append(f'{rules}common')
                         rules_list.append(f'{rules}ibgp_vxlan/')
                         rules_list.append(f'{rules}common_vxlan')
+                    elif results['data']['vxlan']['fabric']['type'] in ('eBGP_VXLAN'):
+                        rules_list.append(f'{rules}common')
+                        rules_list.append(f'{rules}ebgp_vxlan/')
+                        rules_list.append(f'{rules}common_vxlan')
                     elif results['data']['vxlan']['fabric']['type'] in ('MSD', 'MCF'):
                         rules_list.append(f'{rules}multisite/')
                     elif results['data']['vxlan']['fabric']['type'] in ('ISN'):
                         rules_list.append(f'{rules}isn/')
                     elif results['data']['vxlan']['fabric']['type'] in ('External'):
                         rules_list.append(f'{rules}common')
                         rules_list.append(f'{rules}external/')
-                    elif results['data']['vxlan']['fabric']['type'] in ('eBGP_VXLAN'):
-                        rules_list.append(f'{rules}ebgp_vxlan/')
-                        rules_list.append(f'{rules}common_vxlan')
                     else:
                         results['failed'] = True
                         results['msg'] = f"vxlan.fabric.type {results['data']['vxlan']['fabric']['type']} is not a supported fabric type."

plugins/action/common/prepare_plugins/prep_002_global.py

@@ -51,6 +51,8 @@
     "bootstrap"
 ]
 
+ISN_PARENT_KEYS = ['vxlan', 'multisite']
+
 # Deprecated global keys that are still supported for backwards compatibility
 ISN_BACKWARD_COMPATIBLE_KEYS = [
     "auth_proto",
@@ -85,7 +87,7 @@ def prepare(self):
         elif model_data['vxlan']['fabric']['type'] == 'ISN':
             # new_global_key is set to 'isn' here only for the conditional check that follows and is not a new key
             new_global_key = 'isn'
-            ISN_PARENT_KEYS = ['vxlan', 'multisite', new_global_key]
+            ISN_PARENT_KEYS.append(new_global_key)
 
         if new_global_key in ['ibgp', 'external']:
             dm_check = data_model_key_check(model_data, PARENT_KEYS)

roles/validate/files/rules/common/200_global_bgp_asn.py

@@ -4,30 +4,65 @@ class Rule:
     severity = "HIGH"
 
     @classmethod
-    def match(cls, data):
+    def match(cls, data_model):
         results = []
 
-        fabric_type_map = {
-            "VXLAN_EVPN": "ibgp",
-            "External": "external"
-        }
-
-        fabric_type = None
-        fabric_type = fabric_type_map.get(data["vxlan"]["fabric"].get("type"))
-
-        # If we check keys vxlan.global.{fabric_type}.bgp_asn then this natively checks for this path
-        # as well as the legacy vxlan.global path. Examples:
-        # {'keys_found': ['vxlan', 'global', 'bgp_asn'], 'keys_not_found': ['ibgp'], 'keys_data': ['vxlan', 'global'], 'keys_no_data': ['bgp_asn']}
-        # {'keys_found': ['vxlan', 'global', 'ibgp', 'bgp_asn'], 'keys_not_found': [], 'keys_data': ['vxlan', 'global', 'ibgp'], 'keys_no_data': ['bgp_asn']}
-        check = cls.data_model_key_check(data, ['vxlan', 'global', fabric_type, 'bgp_asn'])
-        if 'bgp_asn' in check['keys_not_found']:
-            check = cls.data_model_key_check(data, ['vxlan', 'global', 'bgp_asn'])
-            if 'bgp_asn' in check['keys_not_found']:
-                results.append(f"vxlan.global.{fabric_type}.bgp_asn must be defined in the data model.")
-                return results
-
-        if 'bgp_asn' in check['keys_found'] and 'bgp_asn' in check['keys_no_data']:
-            results.append(f"vxlan.global.{fabric_type}.bgp_asn must have a value defined in the data model.")
+        dm_fabric_type = None
+        fabric_type_keys = ['vxlan', 'fabric', 'type']
+        check_fabric_type_key = cls.data_model_key_check(data_model, fabric_type_keys)
+        if 'type' in check_fabric_type_key['keys_found'] and 'type' in check_fabric_type_key['keys_data']:
+            dm_fabric_type = data_model['vxlan']['fabric']['type']
+
+        if dm_fabric_type:
+            # Map fabric types to the keys used in the data model based on controller fabric types
+            fabric_type_map = {
+                "VXLAN_EVPN": "ibgp",
+                "eBGP_VXLAN": "ebgp",
+                "External": "external"
+            }
+
+            fabric_type = fabric_type_map.get(dm_fabric_type)
+
+            if fabric_type in ["ibgp", "external"]:
+                # If we check keys vxlan.global.{fabric_type}.bgp_asn then this natively checks for this path
+                # as well as the legacy vxlan.global path. Examples:
+                # {'keys_found': ['vxlan', 'global'], 'keys_not_found': ['ibgp'], 'keys_data': ['vxlan', 'global'], 'keys_no_data': ['bgp_asn']} # noqa: E501
+                # {'keys_found': ['vxlan', 'global', 'ibgp'], 'keys_not_found': ['bgp_asn'], 'keys_data': ['vxlan', 'global', 'ibgp'], 'keys_no_data': ['bgp_asn']} # noqa: E501
+                check = cls.data_model_key_check(data_model, ['vxlan', 'global', fabric_type, 'bgp_asn'])
+                if 'bgp_asn' in check['keys_not_found']:
+                    check = cls.data_model_key_check(data_model, ['vxlan', 'global', 'bgp_asn'])
+                    if 'bgp_asn' in check['keys_not_found']:
+                        results.append(f"vxlan.global.{fabric_type}.bgp_asn must be defined in the data model.")
+                        return results
+
+                # {'keys_found': ['vxlan', 'global', 'bgp_asn'], 'keys_not_found': [], 'keys_data': ['vxlan', 'global'], 'keys_no_data': ['bgp_asn']} # noqa: E501
+                # {'keys_found': ['vxlan', 'global', 'ibgp', 'bgp_asn'], 'keys_not_found': [], 'keys_data': ['vxlan', 'global', 'ibgp'], 'keys_no_data': ['bgp_asn']} # noqa: E501
+                if 'bgp_asn' in check['keys_found'] and 'bgp_asn' in check['keys_no_data']:
+                    results.append(f"vxlan.global.{fabric_type}.bgp_asn must have a value defined in the data model.")
+                    return results
+
+            if fabric_type in ["ebgp"]:
+                # Since ebgp keys are only supported under vxlan.global.ebgp we need to ensure the ebgp key exists
+                check = cls.data_model_key_check(data_model, ['vxlan', 'global', fabric_type])
+                if 'ebgp' in check['keys_not_found']:
+                    results.append(f"Fabric type is 'ebgp'.  Key vxlan.global.{fabric_type} must be defined in the data model.")
+                    return results
+
+                # Examples:
+                # {'keys_found': ['vxlan', 'global', 'ebgp'], 'keys_not_found': ['spine_bgp_asn'], 'keys_data': ['vxlan', 'global', 'ebgp'], 'keys_no_data': []} # noqa: E501
+                check = cls.data_model_key_check(data_model, ['vxlan', 'global', fabric_type, 'spine_bgp_asn'])
+                if 'spine_bgp_asn' in check['keys_not_found']:
+                    results.append(f"vxlan.global.{fabric_type}.spine_bgp_asn must be defined in the data model.")
+                    return results
+
+                # Examples:
+                # {'keys_found': ['vxlan', 'global', 'ebgp', 'spine_bgp_asn'], 'keys_not_found': [], 'keys_data': ['vxlan', 'global', 'ebgp'], 'keys_no_data': ['spine_bgp_asn']} # noqa: E501
+                if 'spine_bgp_asn' in check['keys_found'] and 'spine_bgp_asn' in check['keys_no_data']:
+                    results.append(f"vxlan.global.{fabric_type}.spine_bgp_asn must have a value defined in the data model.")
+                    return results
+
+        else:
+            results.append("vxlan.fabric.type must be defined in the data model.")
             return results
 
         return results

…rules/ibgp_vxlan/204_global_bootstrap.py …les/rules/common/204_global_bootstrap.pyroles/validate/files/rules/ibgp_vxlan/204_global_bootstrap.py renamed to roles/validate/files/rules/common/204_global_bootstrap.py roles/validate/files/rules/ibgp_vxlan/204_global_bootstrap.py renamed to roles/validate/files/rules/common/204_global_bootstrap.py

@@ -4,31 +4,56 @@ class Rule:
     severity = "HIGH"
 
     @classmethod
-    def match(cls, inventory):
+    def match(cls, data_model):
         results = []
         dhcp = None
 
-        bootstrap_keys = ['vxlan', 'global', 'bootstrap', 'enable_bootstrap']
-        check = cls.data_model_key_check(inventory, bootstrap_keys)
+        # Map fabric types to the keys used in the data model based on controller fabric types
+        fabric_type_map = {
+            "VXLAN_EVPN": "ibgp",
+            "eBGP_VXLAN": "ebgp",
+        }
+
+        fabric_type = fabric_type_map.get(data_model['vxlan']['fabric']['type'])
+
+        bootstrap_keys = ['vxlan', 'global', fabric_type]
+        check = cls.data_model_key_check(data_model, bootstrap_keys)
+        if fabric_type in check['keys_found']:
+            bootstrap_keys = ['vxlan', 'global', fabric_type, 'bootstrap', 'enable_bootstrap']
+            check = cls.data_model_key_check(data_model, bootstrap_keys)
+
+        if fabric_type in check['keys_not_found'] or 'enable_bootstrap' in check['keys_not_found']:
+            bootstrap_keys = ['vxlan', 'global', 'bootstrap', 'enable_bootstrap']
+            check = cls.data_model_key_check(data_model, bootstrap_keys)
+
         if 'enable_bootstrap' in check['keys_found']:
-            bootstrap_keys = ['vxlan', 'global', 'bootstrap', 'enable_local_dhcp_server']
-            check = cls.data_model_key_check(inventory, bootstrap_keys)
-            enable_local_dhcp_server = cls.safeget(inventory, ['vxlan', 'global', 'bootstrap', 'enable_local_dhcp_server'])
+            if fabric_type in bootstrap_keys:
+                bootstrap_keys = ['vxlan', 'global', fabric_type, 'bootstrap', 'enable_local_dhcp_server']
+            else:
+                bootstrap_keys = ['vxlan', 'global', 'bootstrap', 'enable_local_dhcp_server']
+            check = cls.data_model_key_check(data_model, bootstrap_keys)
+            enable_local_dhcp_server = cls.safeget(data_model, bootstrap_keys)
             if 'enable_local_dhcp_server' in check['keys_found'] and enable_local_dhcp_server:
-                bootstrap_keys = ['vxlan', 'global', 'bootstrap', 'dhcp_version']
-                check = cls.data_model_key_check(inventory, bootstrap_keys)
+                if fabric_type in bootstrap_keys:
+                    bootstrap_keys = ['vxlan', 'global', fabric_type, 'bootstrap', 'dhcp_version']
+                else:
+                    bootstrap_keys = ['vxlan', 'global', 'bootstrap', 'dhcp_version']
+                check = cls.data_model_key_check(data_model, bootstrap_keys)
                 if 'dhcp_version' in check['keys_found']:
-                    if inventory['vxlan']['global']['bootstrap']['dhcp_version'] == 'DHCPv4':
+                    if cls.safeget(data_model, bootstrap_keys) == 'DHCPv4':
                         dhcp = 'dhcp_v4'
-                    elif inventory['vxlan']['global']['bootstrap']['dhcp_version'] == 'DHCPv6':
+                    elif cls.safeget(data_model, bootstrap_keys) == 'DHCPv6':
                         dhcp = 'dhcp_v6'
                 else:
-                    results.append("A vxlan.global.bootstrap.dhcp_version is required for bootstrap in a VXLAN type fabric.")
+                    results.append(f"A vxlan.global.{fabric_type}.bootstrap.dhcp_version is required for bootstrap in a VXLAN type fabric.")
                     return results
 
         if dhcp:
-            bootstrap_keys = ['vxlan', 'global', 'bootstrap', dhcp, 'domain_name']
-            check = cls.data_model_key_check(inventory, bootstrap_keys)
+            if fabric_type in bootstrap_keys:
+                bootstrap_keys = ['vxlan', 'global', fabric_type, 'bootstrap', dhcp, 'domain_name']
+            else:
+                bootstrap_keys = ['vxlan', 'global', 'bootstrap', dhcp, 'domain_name']
+            check = cls.data_model_key_check(data_model, bootstrap_keys)
             if dhcp in check['keys_not_found']:
                 results.append(
                     "When vxlan.global.bootstrap.dhcp_version is defined, either "

…s/external/301_topology_switch_serial.py …les/common/301_topology_switch_serial.pyroles/validate/files/rules/external/301_topology_switch_serial.py renamed to roles/validate/files/rules/common/301_topology_switch_serial.py roles/validate/files/rules/external/301_topology_switch_serial.py renamed to roles/validate/files/rules/common/301_topology_switch_serial.py

@@ -4,13 +4,13 @@ class Rule:
     severity = "HIGH"
 
     @classmethod
-    def match(cls, inventory):
+    def match(cls, data_model):
         results = []
         switches = []
 
-        check = cls.data_model_key_check(inventory, ['vxlan', 'topology', 'switches'])
+        check = cls.data_model_key_check(data_model, ['vxlan', 'topology', 'switches'])
         if 'switches' in check['keys_data']:
-            switches = inventory.get("vxlan").get("topology").get("switches")
+            switches = data_model.get("vxlan").get("topology").get("switches")
         else:
             return results
 

…_vxlan/302_topology_switch_management.py …common/302_topology_switch_management.pyroles/validate/files/rules/ibgp_vxlan/302_topology_switch_management.py renamed to roles/validate/files/rules/common/302_topology_switch_management.py roles/validate/files/rules/ibgp_vxlan/302_topology_switch_management.py renamed to roles/validate/files/rules/common/302_topology_switch_management.py

@@ -4,14 +4,14 @@ class Rule:
     severity = "HIGH"
 
     @classmethod
-    def match(cls, inventory):
+    def match(cls, data_model):
         results = []
         management_defined = []
         switches = []
-        if inventory.get("vxlan", None):
-            if inventory["vxlan"].get("topology", None):
-                if inventory.get("vxlan").get("topology").get("switches", None):
-                    switches = inventory.get("vxlan").get("topology").get("switches")
+        if data_model.get("vxlan", None):
+            if data_model["vxlan"].get("topology", None):
+                if data_model.get("vxlan").get("topology").get("switches", None):
+                    switches = data_model.get("vxlan").get("topology").get("switches")
         for switch in switches:
             if not switch.get("management", False):
                 results.append(

…les/external/303_topology_switch_role.py …rules/common/303_topology_switch_role.pyroles/validate/files/rules/external/303_topology_switch_role.py renamed to roles/validate/files/rules/common/303_topology_switch_role.py roles/validate/files/rules/external/303_topology_switch_role.py renamed to roles/validate/files/rules/common/303_topology_switch_role.py

@@ -4,13 +4,13 @@ class Rule:
     severity = "HIGH"
 
     @classmethod
-    def match(cls, inventory):
+    def match(cls, data_model):
         results = []
         switches = []
-        if inventory.get("vxlan", None):
-            if inventory["vxlan"].get("topology", None):
-                if inventory.get("vxlan").get("topology").get("switches", None):
-                    switches = inventory.get("vxlan").get("topology").get("switches")
+        if data_model.get("vxlan", None):
+            if data_model["vxlan"].get("topology", None):
+                if data_model.get("vxlan").get("topology").get("switches", None):
+                    switches = data_model.get("vxlan").get("topology").get("switches")
         for switch in switches:
             if not switch.get("role", False):
                 results.append(

…logy_switch_interfaces_members_unique.py …logy_switch_interfaces_members_unique.pyroles/validate/files/rules/external/304_topology_switch_interfaces_members_unique.py renamed to roles/validate/files/rules/common/304_topology_switch_interfaces_members_unique.py roles/validate/files/rules/external/304_topology_switch_interfaces_members_unique.py renamed to roles/validate/files/rules/common/304_topology_switch_interfaces_members_unique.py

@@ -8,14 +8,14 @@ class Rule:
 
     # Check if interface names are unique per switch and member interfaces are not repeated within a switch
     @classmethod
-    def match(cls, inventory):
+    def match(cls, data_model):
         results = []
         # Check if fabric topology switches are defined
         switches = []
-        if inventory.get("vxlan", None):
-            if inventory["vxlan"].get("topology", None):
-                if inventory.get("vxlan").get("topology").get("switches", None):
-                    switches = inventory.get("vxlan").get("topology").get("switches")
+        if data_model.get("vxlan", None):
+            if data_model["vxlan"].get("topology", None):
+                if data_model.get("vxlan").get("topology").get("switches", None):
+                    switches = data_model.get("vxlan").get("topology").get("switches")
         for switch in switches:
             # Check if interfaces are defined
             if switch.get("interfaces"):

…al/305_topology_switch_interfaces_vpc.py …on/305_topology_switch_interfaces_vpc.pyroles/validate/files/rules/external/305_topology_switch_interfaces_vpc.py renamed to roles/validate/files/rules/common/305_topology_switch_interfaces_vpc.py roles/validate/files/rules/external/305_topology_switch_interfaces_vpc.py renamed to roles/validate/files/rules/common/305_topology_switch_interfaces_vpc.py

@@ -3,14 +3,12 @@
 
 class Rule:
     id = "305"
-    description = (
-        "Verify vPC interfaces are compliant with vPC configuration requirements"
-    )
+    description = "Verify vPC interfaces are compliant with vPC configuration requirements"
     severity = "HIGH"
 
     # Check if vPC interfaces are compliant with vPC configuration requirements
     @classmethod
-    def match(cls, inventory):
+    def match(cls, data_model):
         # initialize results list, vpc_interfaces_dict and vpc_interfaces_dict_parameters dictionaries, vpc_params_to_match list and vpc_peers_list
         results = []
         vpc_interfaces_dict = {}
@@ -22,13 +20,13 @@ def match(cls, inventory):
             "spanning_tree_portfast",
             "pc_mode",
         ]
-        vpc_peers_list = cls.get_vpc_peers(inventory)
+        vpc_peers_list = cls.get_vpc_peers(data_model)
         # Check if fabric topology switches are defined
         switches = []
-        if inventory.get("vxlan", None):
-            if inventory["vxlan"].get("topology", None):
-                if inventory.get("vxlan").get("topology").get("switches", None):
-                    switches = inventory.get("vxlan").get("topology").get("switches")
+        if data_model.get("vxlan", None):
+            if data_model["vxlan"].get("topology", None):
+                if data_model.get("vxlan").get("topology").get("switches", None):
+                    switches = data_model.get("vxlan").get("topology").get("switches")
         for switch in switches:
             switch_name = switch["name"]
             # Check if interfaces are defined
@@ -190,13 +188,13 @@ def normalize_interface_name(cls, interface_name):
 
     # Get vpc pairs from fabric topology vpc_peers
     @classmethod
-    def get_vpc_peers(cls, inventory):
+    def get_vpc_peers(cls, data_model):
         vpc_peers_list = []
-        if inventory.get("vxlan", None):
-            if inventory["vxlan"].get("topology", None):
-                if inventory.get("vxlan").get("topology").get("vpc_peers", None):
+        if data_model.get("vxlan", None):
+            if data_model["vxlan"].get("topology", None):
+                if data_model.get("vxlan").get("topology").get("vpc_peers", None):
                     for vpc_peers in (
-                        inventory.get("vxlan").get("topology").get("vpc_peers")
+                        data_model.get("vxlan").get("topology").get("vpc_peers")
                     ):
                         vpc_peers_list.append(
                             sorted([vpc_peers.get("peer1"), vpc_peers.get("peer2")])