Adding profiles and disconnect commands

ansible_collections/arista/avd/molecule/eos_cli_config_gen/documentation/devices/dot1x.md

@@ -57,16 +57,24 @@ interface Management1
 | ------------ | ---------- |
 | True | 1500 |
 
-#### 802.1X Captive-portal Authentication
+#### 802.1X Captive-portal authentication
 
 | Authentication Attribute | Value |
 | ------------------------ | ----- |
 | URL | http://portal-nacm08/captiveredirect/ |
 | SSL profile | Profile1 |
 | Access-list IPv4 | ACL |
 
-#### 802.1X Dot1x supplicant commands
+#### 802.1X Dot1x supplicant
 
 | Attribute | Value |
 | --------- | ----- |
 | Logging | True |
+| Disconnect cached_results timeout | 79 seconds |
+
+##### 802.1X Dot1x supplicant profiles
+
+| Profile | EAP Method | Identity | SSL Profile |
+| ------- | ---------- | -------- | ----------- |
+| Profile1 | tls | <user_id> | - |
+| Profile2 | - | <user_id> | - |

ansible_collections/arista/avd/molecule/eos_cli_config_gen/intended/configs/dot1x.cfg

@@ -16,6 +16,16 @@ dot1x system-auth-control
 dot1x protocol lldp bypass
 dot1x dynamic-authorization
 dot1x
+   !
+   supplicant profile Profile1
+      identity <user_id>
+      eap-method tls
+      passphrase 0 <password>
+      ssl profile PF1
+   !
+   supplicant profile Profile2
+      identity <user_id>
+      passphrase 7 <password>
    aaa unresponsive phone action apply cached-results timeout 10 hours else traffic allow
    aaa unresponsive action traffic allow vlan 10
    aaa unresponsive eap response success
@@ -25,6 +35,7 @@ dot1x
    mac based authentication hold period 300 seconds
    radius av-pair service-type
    radius av-pair framed-mtu 1500
+   supplicant disconnect cached-results timeout 79 seconds
    captive-portal url http://portal-nacm08/captiveredirect/ ssl profile Profile1
    captive-portal access-list ipv4 ACL
    supplicant logging

ansible_collections/arista/avd/molecule/eos_cli_config_gen/inventory/host_vars/dot1x.yml

@@ -29,4 +29,15 @@ dot1x:
     ssl_profile: Profile1
     access_list_ipv4: ACL
   supplicant:
+    profiles:
+      - name: Profile1
+        eap_method: tls
+        identity: <user_id>
+        passphrase_type: 0
+        passphrase: <password>
+        ssl_profile: PF1
+      - name: Profile2
+        identity: <user_id>
+        passphrase: <password>
     logging: true
+    disconnect_cached_results_timeout: 79

ansible_collections/arista/avd/roles/eos_cli_config_gen/docs/tables/dot1x.md

@@ -38,12 +38,20 @@
     | [<samp>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;traffic_allow</samp>](## "dot1x.aaa.unresponsive.phone_action.traffic_allow") | Boolean |  |  |  | Set action for supplicant traffic when AAA times out. |
     | [<samp>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;recovery_action_reauthenticate</samp>](## "dot1x.aaa.unresponsive.recovery_action_reauthenticate") | Boolean |  |  |  |  |
     | [<samp>&nbsp;&nbsp;&nbsp;&nbsp;accounting_update_interval</samp>](## "dot1x.aaa.accounting_update_interval") | Integer |  |  | Min: 5<br>Max: 65535 | Interval period in seconds. |
-    | [<samp>&nbsp;&nbsp;captive_portal</samp>](## "dot1x.captive_portal") | Dictionary |  |  |  | Web authentication feature that authenticates a supplicant through a web page, referred to as a captive portal. |
-    | [<samp>&nbsp;&nbsp;&nbsp;&nbsp;url</samp>](## "dot1x.captive_portal.url") | String |  |  |  | Supported URL type -<br>  http: http[s]://<hostname>[:<port>]<br>  https: http[s]://<hostname>[:<port>] |
+    | [<samp>&nbsp;&nbsp;captive_portal</samp>](## "dot1x.captive_portal") | Dictionary |  |  |  | Web authentication feature authenticates a supplicant through a web page, referred to as a captive portal. |
+    | [<samp>&nbsp;&nbsp;&nbsp;&nbsp;url</samp>](## "dot1x.captive_portal.url") | String |  |  |  | Supported URL type:<br>  - http: http[s]://<hostname>[:<port>]<br>  - https: http[s]://<hostname>[:<port>] |
     | [<samp>&nbsp;&nbsp;&nbsp;&nbsp;ssl_profile</samp>](## "dot1x.captive_portal.ssl_profile") | String |  |  |  | SSL profile name. |
     | [<samp>&nbsp;&nbsp;&nbsp;&nbsp;access_list_ipv4</samp>](## "dot1x.captive_portal.access_list_ipv4") | String |  |  |  | Standard access-list name. |
     | [<samp>&nbsp;&nbsp;supplicant</samp>](## "dot1x.supplicant") | Dictionary |  |  |  |  |
+    | [<samp>&nbsp;&nbsp;&nbsp;&nbsp;profiles</samp>](## "dot1x.supplicant.profiles") | List, items: Dictionary |  |  |  | Dot1x supplicant profiles. |
+    | [<samp>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;-&nbsp;name</samp>](## "dot1x.supplicant.profiles.[].name") | String | Required, Unique |  |  |  |
+    | [<samp>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;eap_method</samp>](## "dot1x.supplicant.profiles.[].eap_method") | String |  |  | Valid Values:<br>- <code>fast</code><br>- <code>tls</code> | Extensible Authentication Protocol method:<br>  - EAP Flexible Authentication via Secure Tunneling.<br>  - EAP with Transport Layer Security. |
+    | [<samp>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;identity</samp>](## "dot1x.supplicant.profiles.[].identity") | String |  |  |  | User identity. |
+    | [<samp>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;passphrase_type</samp>](## "dot1x.supplicant.profiles.[].passphrase_type") | String |  | `7` | Valid Values:<br>- <code>0</code><br>- <code>7</code><br>- <code>8a</code> |  |
+    | [<samp>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;passphrase</samp>](## "dot1x.supplicant.profiles.[].passphrase") | String |  |  |  | Extensible Authentication Protocol password. |
+    | [<samp>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;ssl_profile</samp>](## "dot1x.supplicant.profiles.[].ssl_profile") | String |  |  |  | SSL profile name. |
     | [<samp>&nbsp;&nbsp;&nbsp;&nbsp;logging</samp>](## "dot1x.supplicant.logging") | Boolean |  |  |  | Enable supplicant logging. |
+    | [<samp>&nbsp;&nbsp;&nbsp;&nbsp;disconnect_cached_results_timeout</samp>](## "dot1x.supplicant.disconnect_cached_results_timeout") | Integer |  |  | Min: 60<br>Max: 65535 | Timeout period in seconds. |
 
 === "YAML"
 
@@ -118,12 +126,12 @@
         # Interval period in seconds.
         accounting_update_interval: <int; 5-65535>
 
-      # Web authentication feature that authenticates a supplicant through a web page, referred to as a captive portal.
+      # Web authentication feature authenticates a supplicant through a web page, referred to as a captive portal.
       captive_portal:
 
-        # Supported URL type -
-        #   http: http[s]://<hostname>[:<port>]
-        #   https: http[s]://<hostname>[:<port>]
+        # Supported URL type:
+        #   - http: http[s]://<hostname>[:<port>]
+        #   - https: http[s]://<hostname>[:<port>]
         url: <str>
 
         # SSL profile name.
@@ -133,6 +141,28 @@
         access_list_ipv4: <str>
       supplicant:
 
+        # Dot1x supplicant profiles.
+        profiles:
+          - name: <str; required; unique>
+
+            # Extensible Authentication Protocol method:
+            #   - EAP Flexible Authentication via Secure Tunneling.
+            #   - EAP with Transport Layer Security.
+            eap_method: <str; "fast" | "tls">
+
+            # User identity.
+            identity: <str>
+            passphrase_type: <str; "0" | "7" | "8a"; default="7">
+
+            # Extensible Authentication Protocol password.
+            passphrase: <str>
+
+            # SSL profile name.
+            ssl_profile: <str>
+
         # Enable supplicant logging.
         logging: <bool>
+
+        # Timeout period in seconds.
+        disconnect_cached_results_timeout: <int; 60-65535>
     ```

ansible_collections/arista/avd/roles/eos_cli_config_gen/schemas/schema_fragments/dot1x.schema.yml

@@ -149,14 +149,14 @@ keys:
             description: Interval period in seconds.
       captive_portal:
         type: dict
-        description: Web authentication feature that authenticates a supplicant through a web page, referred to as a captive portal.
+        description: Web authentication feature authenticates a supplicant through a web page, referred to as a captive portal.
         keys:
           url:
             type: str
             description: |-
-              Supported URL type -
-                http: http[s]://<hostname>[:<port>]
-                https: http[s]://<hostname>[:<port>]
+              Supported URL type:
+                - http: http[s]://<hostname>[:<port>]
+                - https: http[s]://<hostname>[:<port>]
           ssl_profile:
             type: str
             description: SSL profile name.
@@ -166,6 +166,49 @@ keys:
       supplicant:
         type: dict
         keys:
+          profiles:
+            description: Dot1x supplicant profiles.
+            type: list
+            primary_key: name
+            items:
+              type: dict
+              keys:
+                name:
+                  type: str
+                eap_method:
+                  type: str
+                  description: |-
+                    Extensible Authentication Protocol method:
+                      - EAP Flexible Authentication via Secure Tunneling.
+                      - EAP with Transport Layer Security.
+                  valid_values:
+                    - "fast"
+                    - "tls"
+                identity:
+                  type: str
+                  description: User identity.
+                passphrase_type:
+                  type: str
+                  convert_types:
+                    - int
+                  valid_values:
+                    - "0"
+                    - "7"
+                    - "8a"
+                  default: "7"
+                passphrase:
+                  type: str
+                  description: Extensible Authentication Protocol password.
+                ssl_profile:
+                  type: str
+                  description: SSL profile name.
           logging:
             type: bool
             description: Enable supplicant logging.
+          disconnect_cached_results_timeout:
+            type: int
+            convert_types:
+              - "str"
+            min: 60
+            max: 65535
+            description: Timeout period in seconds.