Feat(eos_designs): stun ssl profile support

ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/configs/autovpn-edge-no-default-policy.cfg

@@ -195,9 +195,15 @@ management api http-commands
    vrf MGMT
       no shutdown
 !
+management security
+   ssl profile SSL-STUN
+      trust certificate aristaDeviceCertProvisionerDefaultRootCA.crt
+      certificate SSL-STUN.crt key SSL-STUN.key
+!
 stun
    client
       server-profile INET-autovpn-rr3-Ethernet1
          ip address 10.7.7.7
+         ssl profile SSL-STUN
 !
 end

ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/configs/cv-pathfinder-edge-custom-default-policy.cfg

@@ -287,13 +287,21 @@ management api http-commands
    vrf MGMT
       no shutdown
 !
+management security
+   ssl profile SSL-STUN
+      trust certificate aristaDeviceCertProvisionerDefaultRootCA.crt
+      certificate SSL-STUN.crt key SSL-STUN.key
+!
 stun
    client
       server-profile INET-cv-pathfinder-pathfinder-Ethernet1
          ip address 10.7.7.7
+         ssl profile SSL-STUN
       server-profile INET-cv-pathfinder-pathfinder-Ethernet3
          ip address 10.9.9.9
+         ssl profile SSL-STUN
       server-profile MPLS-cv-pathfinder-pathfinder-Ethernet2
          ip address 172.16.0.1
+         ssl profile SSL-STUN
 !
 end

ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/configs/cv-pathfinder-edge-no-default-policy.cfg

@@ -284,13 +284,21 @@ management api http-commands
    vrf MGMT
       no shutdown
 !
+management security
+   ssl profile SSL-STUN
+      trust certificate aristaDeviceCertProvisionerDefaultRootCA.crt
+      certificate SSL-STUN.crt key SSL-STUN.key
+!
 stun
    client
       server-profile INET-cv-pathfinder-pathfinder-Ethernet1
          ip address 10.7.7.7
+         ssl profile SSL-STUN
       server-profile INET-cv-pathfinder-pathfinder-Ethernet3
          ip address 10.9.9.9
+         ssl profile SSL-STUN
       server-profile MPLS-cv-pathfinder-pathfinder-Ethernet2
          ip address 172.16.0.1
+         ssl profile SSL-STUN
 !
 end

ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/configs/cv-pathfinder-edge.cfg

@@ -471,13 +471,21 @@ management api http-commands
    vrf MGMT
       no shutdown
 !
+management security
+   ssl profile profileA
+      trust certificate aristaDeviceCertProvisionerDefaultRootCA.crt
+      certificate profileA.crt key profileA.key
+!
 stun
    client
       server-profile INET-cv-pathfinder-pathfinder-Ethernet1
          ip address 10.7.7.7
+         ssl profile profileA
       server-profile INET-cv-pathfinder-pathfinder-Ethernet3
          ip address 10.9.9.9
+         ssl profile profileA
       server-profile MPLS-cv-pathfinder-pathfinder-Ethernet2
          ip address 172.16.0.1
+         ssl profile profileA
 !
 end

ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/configs/cv-pathfinder-edge2A.cfg

@@ -517,11 +517,18 @@ management api http-commands
    vrf MGMT
       no shutdown
 !
+management security
+   ssl profile profileA
+      trust certificate aristaDeviceCertProvisionerDefaultRootCA.crt
+      certificate profileA.crt key profileA.key
+!
 stun
    client
       server-profile INET-cv-pathfinder-pathfinder-Ethernet1
          ip address 10.7.7.7
+         ssl profile profileA
       server-profile INET-cv-pathfinder-pathfinder-Ethernet3
          ip address 10.9.9.9
+         ssl profile profileA
 !
 end

ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/configs/cv-pathfinder-edge2B.cfg

@@ -514,9 +514,15 @@ management api http-commands
    vrf MGMT
       no shutdown
 !
+management security
+   ssl profile profileA
+      trust certificate aristaDeviceCertProvisionerDefaultRootCA.crt
+      certificate profileA.crt key profileA.key
+!
 stun
    client
       server-profile MPLS-cv-pathfinder-pathfinder-Ethernet2
          ip address 172.16.0.1
+         ssl profile profileA
 !
 end

ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/configs/cv-pathfinder-pathfinder.cfg

@@ -375,10 +375,16 @@ management api http-commands
    vrf MGMT
       no shutdown
 !
+management security
+   ssl profile profileA
+      trust certificate aristaDeviceCertProvisionerDefaultRootCA.crt
+      certificate profileA.crt key profileA.key
+!
 stun
    server
       local-interface Ethernet1
       local-interface Ethernet2
       local-interface Ethernet3
+      ssl profile profileA
 !
 end

ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/configs/cv-pathfinder-pathfinder1.cfg

@@ -378,8 +378,14 @@ management api http-commands
    vrf MGMT
       no shutdown
 !
+management security
+   ssl profile profileB
+      trust certificate aristaDeviceCertProvisionerDefaultRootCA.crt
+      certificate profileB.crt key profileB.key
+!
 stun
    server
       local-interface Ethernet1
+      ssl profile profileB
 !
 end

ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/configs/cv-pathfinder-pathfinder2.cfg

@@ -393,9 +393,15 @@ management api http-commands
    vrf MGMT
       no shutdown
 !
+management security
+   ssl profile profileC
+      trust certificate aristaDeviceCertProvisionerDefaultRootCA.crt
+      certificate profileC.crt key profileC.key
+!
 stun
    server
       local-interface Ethernet1
       local-interface Ethernet2
+      ssl profile profileC
 !
 end

ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/configs/cv-pathfinder-transit1A.cfg

@@ -547,13 +547,21 @@ management api http-commands
    vrf MGMT
       no shutdown
 !
+management security
+   ssl profile profileA
+      trust certificate aristaDeviceCertProvisionerDefaultRootCA.crt
+      certificate profileA.crt key profileA.key
+!
 stun
    client
       server-profile INET-cv-pathfinder-pathfinder-Ethernet1
          ip address 10.7.7.7
+         ssl profile profileA
       server-profile INET-cv-pathfinder-pathfinder-Ethernet3
          ip address 10.9.9.9
+         ssl profile profileA
       server-profile MPLS-cv-pathfinder-pathfinder-Ethernet2
          ip address 172.16.0.1
+         ssl profile profileA
 !
 end

ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/configs/cv-pathfinder-transit1B.cfg

@@ -547,13 +547,21 @@ management api http-commands
    vrf MGMT
       no shutdown
 !
+management security
+   ssl profile profileA
+      trust certificate aristaDeviceCertProvisionerDefaultRootCA.crt
+      certificate profileA.crt key profileA.key
+!
 stun
    client
       server-profile INET-cv-pathfinder-pathfinder-Ethernet1
          ip address 10.7.7.7
+         ssl profile profileA
       server-profile INET-cv-pathfinder-pathfinder-Ethernet3
          ip address 10.9.9.9
+         ssl profile profileA
       server-profile MPLS-cv-pathfinder-pathfinder-Ethernet2
          ip address 172.16.0.1
+         ssl profile profileA
 !
 end

ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/structured_configs/autovpn-edge-no-default-policy.yml

@@ -181,6 +181,15 @@ ip_security:
     mode: transport
   key_controller:
     profile: AUTOVPN
+management_security:
+  ssl_profiles:
+  - name: SSL-STUN
+    certificate:
+      file: SSL-STUN.crt
+      key: SSL-STUN.key
+    trust_certificate:
+      certificates:
+      - aristaDeviceCertProvisionerDefaultRootCA.crt
 router_bfd:
   multihop:
     interval: 300
@@ -235,6 +244,7 @@ stun:
     server_profiles:
     - name: INET-autovpn-rr3-Ethernet1
       ip_address: 10.7.7.7
+      ssl_profile: SSL-STUN
 application_traffic_recognition:
   application_profiles:
   - name: CONTROL-PLANE-APPLICATION-PROFILE

ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/structured_configs/cv-pathfinder-edge-custom-default-policy.yml

@@ -223,6 +223,15 @@ ip_security:
     mode: transport
   key_controller:
     profile: DP-PROFILE
+management_security:
+  ssl_profiles:
+  - name: SSL-STUN
+    certificate:
+      file: SSL-STUN.crt
+      key: SSL-STUN.key
+    trust_certificate:
+      certificates:
+      - aristaDeviceCertProvisionerDefaultRootCA.crt
 router_adaptive_virtual_topology:
   topology_role: edge
   region:
@@ -341,10 +350,13 @@ stun:
     server_profiles:
     - name: INET-cv-pathfinder-pathfinder-Ethernet1
       ip_address: 10.7.7.7
+      ssl_profile: SSL-STUN
     - name: INET-cv-pathfinder-pathfinder-Ethernet3
       ip_address: 10.9.9.9
+      ssl_profile: SSL-STUN
     - name: MPLS-cv-pathfinder-pathfinder-Ethernet2
       ip_address: 172.16.0.1
+      ssl_profile: SSL-STUN
 application_traffic_recognition:
   application_profiles:
   - name: VIDEO

ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/structured_configs/cv-pathfinder-edge-no-default-policy.yml

@@ -240,6 +240,15 @@ ip_security:
     mode: transport
   key_controller:
     profile: DP-PROFILE
+management_security:
+  ssl_profiles:
+  - name: SSL-STUN
+    certificate:
+      file: SSL-STUN.crt
+      key: SSL-STUN.key
+    trust_certificate:
+      certificates:
+      - aristaDeviceCertProvisionerDefaultRootCA.crt
 router_adaptive_virtual_topology:
   topology_role: edge
   region:
@@ -349,10 +358,13 @@ stun:
     server_profiles:
     - name: INET-cv-pathfinder-pathfinder-Ethernet1
       ip_address: 10.7.7.7
+      ssl_profile: SSL-STUN
     - name: INET-cv-pathfinder-pathfinder-Ethernet3
       ip_address: 10.9.9.9
+      ssl_profile: SSL-STUN
     - name: MPLS-cv-pathfinder-pathfinder-Ethernet2
       ip_address: 172.16.0.1
+      ssl_profile: SSL-STUN
 application_traffic_recognition:
   application_profiles:
   - name: CONTROL-PLANE-APPLICATION-PROFILE

ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/structured_configs/cv-pathfinder-edge.yml

@@ -376,6 +376,15 @@ ip_security:
     mode: transport
   key_controller:
     profile: DP-PROFILE
+management_security:
+  ssl_profiles:
+  - name: profileA
+    certificate:
+      file: profileA.crt
+      key: profileA.key
+    trust_certificate:
+      certificates:
+      - aristaDeviceCertProvisionerDefaultRootCA.crt
 router_adaptive_virtual_topology:
   topology_role: edge
   region:
@@ -552,10 +561,13 @@ stun:
     server_profiles:
     - name: INET-cv-pathfinder-pathfinder-Ethernet1
       ip_address: 10.7.7.7
+      ssl_profile: profileA
     - name: INET-cv-pathfinder-pathfinder-Ethernet3
       ip_address: 10.9.9.9
+      ssl_profile: profileA
     - name: MPLS-cv-pathfinder-pathfinder-Ethernet2
       ip_address: 172.16.0.1
+      ssl_profile: profileA
 application_traffic_recognition:
   application_profiles:
   - name: VIDEO

ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/structured_configs/cv-pathfinder-edge2A.yml

@@ -445,6 +445,15 @@ ip_security:
     mode: transport
   key_controller:
     profile: DP-PROFILE
+management_security:
+  ssl_profiles:
+  - name: profileA
+    certificate:
+      file: profileA.crt
+      key: profileA.key
+    trust_certificate:
+      certificates:
+      - aristaDeviceCertProvisionerDefaultRootCA.crt
 router_adaptive_virtual_topology:
   topology_role: edge
   region:
@@ -609,8 +618,10 @@ stun:
     server_profiles:
     - name: INET-cv-pathfinder-pathfinder-Ethernet1
       ip_address: 10.7.7.7
+      ssl_profile: profileA
     - name: INET-cv-pathfinder-pathfinder-Ethernet3
       ip_address: 10.9.9.9
+      ssl_profile: profileA
 application_traffic_recognition:
   application_profiles:
   - name: VIDEO

ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/structured_configs/cv-pathfinder-edge2B.yml

@@ -444,6 +444,15 @@ ip_security:
     mode: transport
   key_controller:
     profile: DP-PROFILE
+management_security:
+  ssl_profiles:
+  - name: profileA
+    certificate:
+      file: profileA.crt
+      key: profileA.key
+    trust_certificate:
+      certificates:
+      - aristaDeviceCertProvisionerDefaultRootCA.crt
 router_adaptive_virtual_topology:
   topology_role: edge
   region:
@@ -605,6 +614,7 @@ stun:
     server_profiles:
     - name: MPLS-cv-pathfinder-pathfinder-Ethernet2
       ip_address: 172.16.0.1
+      ssl_profile: profileA
 application_traffic_recognition:
   application_profiles:
   - name: VIDEO

ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/structured_configs/cv-pathfinder-pathfinder.yml

@@ -197,6 +197,15 @@ ip_security:
       time: 50
       action: clear
     mode: transport
+management_security:
+  ssl_profiles:
+  - name: profileA
+    certificate:
+      file: profileA.crt
+      key: profileA.key
+    trust_certificate:
+      certificates:
+      - aristaDeviceCertProvisionerDefaultRootCA.crt
 router_adaptive_virtual_topology:
   topology_role: pathfinder
   profiles:
@@ -383,6 +392,7 @@ stun:
     - Ethernet1
     - Ethernet2
     - Ethernet3
+    ssl_profile: profileA
 application_traffic_recognition:
   application_profiles:
   - name: VIDEO