Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

feat(anta.tests): Added testcase to verify IPv4 ACL sequence entries #544

Merged
merged 5 commits into from
Feb 23, 2024
Merged

feat(anta.tests): Added testcase to verify IPv4 ACL sequence entries #544

merged 5 commits into from
Feb 23, 2024

Conversation

MaheshGSLAB
Copy link
Collaborator

@MaheshGSLAB MaheshGSLAB commented Jan 24, 2024
edited
Loading

Description

Added testcase to verify IPv4 ACL sequence entries.

Note: This test only check if a acl is configured and input entries sequence are same in actual output. It will not fail if we have 2 entries of a acl in input but in actual output there are more then 2 entries. If input two entries sequence is match with actual output then testcase will pass. @carl-baillargeon

Expected results:
        * success: The test will pass if an IPv4 ACL is configured with the correct sequence entries.
        * failure: The test will fail if an IPv4 ACL is not configured or entries are not in sequence.

Fixes #543

Checklist:

  • My code follows the style guidelines of this project
  • I have performed a self-review of my code
  • I have run pre-commit for code linting and typing (pre-commit run)
  • I have made corresponding changes to the documentation
  • I have added tests that prove my fix is effective or that my feature works
  • New and existing unit tests pass locally with my changes (tox -e testenv)

@MaheshGSLAB MaheshGSLAB marked this pull request as ready for review January 25, 2024 09:26
carl-baillargeon
carl-baillargeon requested changes Jan 29, 2024
View reviewed changes
anta/tests/security.py Outdated
@@ -377,3 +378,73 @@ def test(self) -> None:
failed_log = f"SSL certificate `{certificate.certificate_name}` is not configured properly:"
failed_log += get_failed_logs(expected_certificate_details, actual_certificate_details)
self.result.is_failure(f"{failed_log}\n")


class VerifyIpv4ACL(AntaTest):
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Suggested change
class VerifyIpv4ACL(AntaTest):
class VerifyIPv4ACL(AntaTest):

anta/tests/security.py Outdated
"""List of IPv4 ACL to verify"""

class Ipv4Acl(BaseModel):
"""Detail of IPv4 ACl"""
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Suggested change
"""Detail of IPv4 ACl"""
"""Detail of IPv4 ACL"""

anta/tests/security.py Outdated
* failure: The test will fail if an IPv4 ACL is not configured or entries are not in sequence.
"""

name = "VerifyIpv4ACL"
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Suggested change
name = "VerifyIpv4ACL"
name = "VerifyIPv4ACL"

anta/tests/security.py Outdated
commands = [AntaTemplate(template="show ip access-lists {acl}")]

class Input(AntaTest.Input):
"""Inputs for the VerifyIpv4ACL test."""
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Suggested change
"""Inputs for the VerifyIpv4ACL test."""
"""Inputs for the VerifyIPv4ACL test."""

anta/tests/security.py Outdated
ipv4_access_list: List[Ipv4Acl]
"""List of IPv4 ACL to verify"""

class Ipv4Acl(BaseModel):
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Suggested change
class Ipv4Acl(BaseModel):
class IPv4ACL(BaseModel):

anta/tests/security.py Outdated
name: str
"""Name of IPv4 ACL"""

entries: List[Ipv4AclEntries]
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Suggested change
entries: List[Ipv4AclEntries]
entries: List[IPv4ACLEntries]

anta/tests/security.py Outdated
entries: List[Ipv4AclEntries]
"""List of IPv4 ACL entries"""

class Ipv4AclEntries(BaseModel):
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Suggested change
class Ipv4AclEntries(BaseModel):
class IPv4ACLEntries(BaseModel):

anta/tests/security.py Outdated
class Input(AntaTest.Input):
"""Inputs for the VerifyIpv4ACL test."""

ipv4_access_list: List[Ipv4Acl]
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Suggested change
ipv4_access_list: List[Ipv4Acl]
ipv4_access_lists: List[IPv4ACL]

anta/tests/security.py Outdated
"""Action of an ACL entry"""

def render(self, template: AntaTemplate) -> list[AntaCommand]:
return [template.render(acl=acl.name, entries=acl.entries) for acl in self.inputs.ipv4_access_list]
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Suggested change
return [template.render(acl=acl.name, entries=acl.entries) for acl in self.inputs.ipv4_access_list]
return [template.render(acl=acl.name, entries=acl.entries) for acl in self.inputs.ipv4_access_lists]

examples/tests.yaml Outdated
@@ -205,6 +205,22 @@ anta.tests.security:
common_name: Arista Networks Internal IT Root Cert Authority
encryption_algorithm: RSA
key_size: 4096
- VerifyIpv4ACL:
ipv4_access_list:
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Suggested change
ipv4_access_list:
ipv4_access_lists:

@github-actions GitHub Actions
Copy link
Contributor

This pull request has conflicts, please resolve those before we can evaluate the pull request.

@github-actions GitHub Actions
Copy link
Contributor

Conflicts have been resolved. A maintainer will review the pull request shortly.

@github-actions GitHub Actions
Copy link
Contributor

github-actions bot commented Feb 7, 2024

This pull request has conflicts, please resolve those before we can evaluate the pull request.

@github-actions GitHub Actions
Copy link
Contributor

Conflicts have been resolved. A maintainer will review the pull request shortly.

@github-actions GitHub Actions
Copy link
Contributor

This pull request has conflicts, please resolve those before we can evaluate the pull request.

carl-baillargeon
carl-baillargeon approved these changes Feb 23, 2024
View reviewed changes
Copy link
Contributor

@carl-baillargeon carl-baillargeon left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM

@github-actions GitHub Actions
Copy link
Contributor

Conflicts have been resolved. A maintainer will review the pull request shortly.

@carl-baillargeon carl-baillargeon merged commit 7d2a3c7 into aristanetworks:main Feb 23, 2024
19 checks passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@carl-baillargeon carl-baillargeon carl-baillargeon approved these changes

@gmuloc gmuloc Awaiting requested review from gmuloc

Assignees

@MaheshGSLAB MaheshGSLAB

Labels
rn: feat(anta.tests)
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

Add the testcase to verify access list
2 participants
@MaheshGSLAB @carl-baillargeon