From 68d4d0231a3b80a284980b36be1fbee18c1b2b58 Mon Sep 17 00:00:00 2001 From: Claus Holbech Date: Thu, 22 Feb 2024 14:34:56 +0100 Subject: [PATCH 1/5] Feat(eos_designs): Add filter.vrfs and filter.not_vrfs --- .../intended/configs/filter.vrfs.cfg | 76 +++++++++++++++ .../structured_configs/filter.vrfs.yml | 88 ++++++++++++++++++ .../inventory/host_vars/filter.vrfs.yml | 43 +++++++++ .../inventory/hosts.yml | 1 + .../filtered_tenants.py | 15 +++ .../eos_designs_shared_utils/misc.py | 8 ++ .../node-type-evpn-services-configuration.md | 92 +++++++++++++++++-- .../schemas/eos_designs.schema.yml | 31 +++++++ .../defs_node_type.schema.yml | 26 ++++++ 9 files changed, 372 insertions(+), 8 deletions(-) create mode 100644 ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/configs/filter.vrfs.cfg create mode 100644 ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/structured_configs/filter.vrfs.yml create mode 100644 ansible_collections/arista/avd/molecule/eos_designs_unit_tests/inventory/host_vars/filter.vrfs.yml diff --git a/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/configs/filter.vrfs.cfg b/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/configs/filter.vrfs.cfg new file mode 100644 index 00000000000..b00fc7f16d5 --- /dev/null +++ b/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/configs/filter.vrfs.cfg @@ -0,0 +1,76 @@ +!RANCID-CONTENT-TYPE: arista +! +vlan internal order ascending range 1006 1199 +! +transceiver qsfp default-mode 4x10G +! +service routing protocols model multi-agent +! +hostname filter.vrfs +! +no enable password +no aaa root +! +vrf instance MGMT +! +vrf instance VRF2 + description This VRF will be configured because it is permitted by filter.vrfs +! +vrf instance VRF5 + description This VRF will be configured because of always_include_vrfs_in_tenants and it is permitted by filter.vrfs +! +interface Loopback0 + description EVPN_Overlay_Peering + no shutdown + ip address 10.0.0.1/32 +! +interface Loopback2 + no shutdown + vrf VRF2 + ip address 192.168.1.1/32 +! +ip routing +no ip routing vrf MGMT +ip routing vrf VRF2 +ip routing vrf VRF5 +! +ip prefix-list PL-LOOPBACKS-EVPN-OVERLAY + seq 10 permit 10.0.0.0/24 eq 32 +! +route-map RM-CONN-2-BGP permit 10 + match ip address prefix-list PL-LOOPBACKS-EVPN-OVERLAY +! +router bfd + multihop interval 300 min-rx 300 multiplier 3 +! +router bgp 65001 + router-id 10.0.0.1 + maximum-paths 4 ecmp 4 + update wait-install + no bgp default ipv4-unicast + neighbor EVPN-OVERLAY-PEERS peer group + neighbor EVPN-OVERLAY-PEERS update-source Loopback0 + neighbor EVPN-OVERLAY-PEERS bfd + neighbor EVPN-OVERLAY-PEERS ebgp-multihop 3 + neighbor EVPN-OVERLAY-PEERS send-community + neighbor EVPN-OVERLAY-PEERS maximum-routes 0 + neighbor IPv4-UNDERLAY-PEERS peer group + neighbor IPv4-UNDERLAY-PEERS send-community + neighbor IPv4-UNDERLAY-PEERS maximum-routes 12000 + redistribute connected route-map RM-CONN-2-BGP + ! + address-family evpn + neighbor EVPN-OVERLAY-PEERS activate + ! + address-family ipv4 + no neighbor EVPN-OVERLAY-PEERS activate + neighbor IPv4-UNDERLAY-PEERS activate +! +management api http-commands + protocol https + no shutdown + ! + vrf MGMT + no shutdown +! +end diff --git a/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/structured_configs/filter.vrfs.yml b/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/structured_configs/filter.vrfs.yml new file mode 100644 index 00000000000..3fb2c0b969f --- /dev/null +++ b/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/structured_configs/filter.vrfs.yml @@ -0,0 +1,88 @@ +hostname: filter.vrfs +is_deployed: true +router_bgp: + as: '65001' + router_id: 10.0.0.1 + bgp: + default: + ipv4_unicast: false + maximum_paths: + paths: 4 + ecmp: 4 + updates: + wait_install: true + peer_groups: + - name: IPv4-UNDERLAY-PEERS + type: ipv4 + maximum_routes: 12000 + send_community: all + - name: EVPN-OVERLAY-PEERS + type: evpn + update_source: Loopback0 + bfd: true + send_community: all + maximum_routes: 0 + ebgp_multihop: 3 + address_family_ipv4: + peer_groups: + - name: IPv4-UNDERLAY-PEERS + activate: true + - name: EVPN-OVERLAY-PEERS + activate: false + redistribute_routes: + - source_protocol: connected + route_map: RM-CONN-2-BGP + address_family_evpn: + peer_groups: + - name: EVPN-OVERLAY-PEERS + activate: true +service_routing_protocols_model: multi-agent +ip_routing: true +vlan_internal_order: + allocation: ascending + range: + beginning: 1006 + ending: 1199 +vrfs: +- name: MGMT + ip_routing: false +- name: VRF2 + tenant: TENANT1 + ip_routing: true + description: This VRF will be configured because it is permitted by filter.vrfs +- name: VRF5 + tenant: TENANT2 + ip_routing: true + description: This VRF will be configured because of always_include_vrfs_in_tenants and it is permitted by filter.vrfs +management_api_http: + enable_vrfs: + - name: MGMT + enable_https: true +loopback_interfaces: +- name: Loopback0 + description: EVPN_Overlay_Peering + shutdown: false + ip_address: 10.0.0.1/32 +- name: Loopback2 + ip_address: 192.168.1.1/32 + shutdown: false + vrf: VRF2 +prefix_lists: +- name: PL-LOOPBACKS-EVPN-OVERLAY + sequence_numbers: + - sequence: 10 + action: permit 10.0.0.0/24 eq 32 +route_maps: +- name: RM-CONN-2-BGP + sequence_numbers: + - sequence: 10 + type: permit + match: + - ip address prefix-list PL-LOOPBACKS-EVPN-OVERLAY +router_bfd: + multihop: + interval: 300 + min_rx: 300 + multiplier: 3 +ip_igmp_snooping: + globally_enabled: true diff --git a/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/inventory/host_vars/filter.vrfs.yml b/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/inventory/host_vars/filter.vrfs.yml new file mode 100644 index 00000000000..ab6ac796cfc --- /dev/null +++ b/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/inventory/host_vars/filter.vrfs.yml @@ -0,0 +1,43 @@ +type: l3leaf + +l3leaf: + nodes: + - name: filter.vrfs + id: 1 + loopback_ipv4_pool: 10.0.0.0/24 + bgp_as: 65001 + vtep: false + filter: + not_vrfs: [VRF1, VRF4] + vrfs: [VRF1, VRF2, VRF4, VRF5] + always_include_vrfs_in_tenants: [TENANT2] +tenants: + - name: TENANT1 + vrfs: + - name: VRF1 + description: This VRF would have been configured because it is attracted by Loopback0, but it is prevented by filter.not_vrfs + loopbacks: + - loopback: 1 + node: filter.vrfs + ip_address: 192.168.1.1/32 + - name: VRF2 + description: This VRF will be configured because it is permitted by filter.vrfs + loopbacks: + - loopback: 2 + node: filter.vrfs + ip_address: 192.168.1.1/32 + - name: VRF3 + description: This VRF will not be configured because it is not permitted by filter.vrfs + loopbacks: + - loopback: 3 + node: filter.vrfs + ip_address: 192.168.1.1/32 + + - name: TENANT2 + vrfs: + - name: VRF4 + description: This VRF would have been configured because of always_include_vrfs_in_tenants, but it is prevented by filter.not_vrfs + - name: VRF5 + description: This VRF will be configured because of always_include_vrfs_in_tenants and it is permitted by filter.vrfs + - name: VRF6 + description: This VRF will not be configured because it is not permitted by filter.vrfs diff --git a/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/inventory/hosts.yml b/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/inventory/hosts.yml index eff19b32db9..168f6815ecc 100644 --- a/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/inventory/hosts.yml +++ b/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/inventory/hosts.yml @@ -14,6 +14,7 @@ all: evpn-vtep-with-default-vrf-not-evpn: duplicate-vrfs: filter.only_vlans_in_use: + filter.vrfs: generate-cv-tags-1: generate-cv-tags-2: ignore-custom-keys-in-data-models: diff --git a/ansible_collections/arista/avd/plugins/plugin_utils/eos_designs_shared_utils/filtered_tenants.py b/ansible_collections/arista/avd/plugins/plugin_utils/eos_designs_shared_utils/filtered_tenants.py index 7a6b551d523..4c666c36cd9 100644 --- a/ansible_collections/arista/avd/plugins/plugin_utils/eos_designs_shared_utils/filtered_tenants.py +++ b/ansible_collections/arista/avd/plugins/plugin_utils/eos_designs_shared_utils/filtered_tenants.py @@ -157,6 +157,18 @@ def accepted_vlans(self: SharedUtils) -> list[int]: return accepted_vlans + def is_accepted_vrf(self: SharedUtils, vrf: dict) -> bool: + """ + Returns True if + + - filter.vrfs == ["all"] OR VRF is included in filter.vrfs. + + AND + + - filter.not_vrfs == [] OR (filter.not_vrfs != ["all"] AND VRF is NOT in filter.not_vrfs) + """ + return ("all" in self.filter_vrfs or vrf["name"] in self.filter_vrfs) and (not self.filter_not_vrfs or vrf["name"] not in self.filter_not_vrfs) + def filtered_vrfs(self: SharedUtils, tenant: dict) -> list[dict]: """ Return sorted and filtered vrf list from given tenant. @@ -169,6 +181,9 @@ def filtered_vrfs(self: SharedUtils, tenant: dict) -> list[dict]: vrfs: list[dict] = natural_sort(convert_dicts(tenant.get("vrfs", []), "name"), "name") for original_vrf in vrfs: + if not self.is_accepted_vrf(original_vrf): + continue + # Copying original_vrf and setting "tenant" for use by child objects like SVIs vrf = {**original_vrf, "tenant": tenant["name"]} diff --git a/ansible_collections/arista/avd/plugins/plugin_utils/eos_designs_shared_utils/misc.py b/ansible_collections/arista/avd/plugins/plugin_utils/eos_designs_shared_utils/misc.py index 12d50ba3dd5..c1122f76a5c 100644 --- a/ansible_collections/arista/avd/plugins/plugin_utils/eos_designs_shared_utils/misc.py +++ b/ansible_collections/arista/avd/plugins/plugin_utils/eos_designs_shared_utils/misc.py @@ -67,6 +67,14 @@ def filter_tags(self: SharedUtils) -> list: filter_tags.append(self.group) return filter_tags + @cached_property + def filter_vrfs(self: SharedUtils) -> list: + return get(self.switch_data_combined, "filter.vrfs", default=["all"]) + + @cached_property + def filter_not_vrfs(self: SharedUtils) -> list: + return get(self.switch_data_combined, "filter.not_vrfs", default=[]) + @cached_property def filter_tenants(self: SharedUtils) -> list: return get(self.switch_data_combined, "filter.tenants", default=["all"]) diff --git a/ansible_collections/arista/avd/roles/eos_designs/docs/tables/node-type-evpn-services-configuration.md b/ansible_collections/arista/avd/roles/eos_designs/docs/tables/node-type-evpn-services-configuration.md index f6148532803..6c91c4e21e1 100644 --- a/ansible_collections/arista/avd/roles/eos_designs/docs/tables/node-type-evpn-services-configuration.md +++ b/ansible_collections/arista/avd/roles/eos_designs/docs/tables/node-type-evpn-services-configuration.md @@ -11,10 +11,14 @@ | [  defaults](## ".defaults") | Dictionary | | | | Define variables for all nodes of this type. | | [    evpn_services_l2_only](## ".defaults.evpn_services_l2_only") | Boolean | | `False` | | Possibility to prevent configuration of Tenant VRFs and SVIs.
Override node definition "network_services_l3" from node_type_keys.
This allows support for centralized routing.
| | [    filter](## ".defaults.filter") | Dictionary | | | | Filter L3 and L2 network services based on tenant and tags (and operation filter).
If filter is not defined it will default to all.
| - | [      tenants](## ".defaults.filter.tenants") | List, items: String | | `['all']` | | | + | [      tenants](## ".defaults.filter.tenants") | List, items: String | | `['all']` | | Limit configured Network Services to those defined under these Tenants. Set to ['all'] for all Tenants (default).
This list also limits Tenants included by `always_include_vrfs_in_tenants`. | | [        - <str>](## ".defaults.filter.tenants.[]") | String | | | | | - | [      tags](## ".defaults.filter.tags") | List, items: String | | `['all']` | | | + | [      tags](## ".defaults.filter.tags") | List, items: String | | `['all']` | | Limit configured VLANs to those matching the given tags. Set to ['all'] for all VLANs (default). | | [        - <str>](## ".defaults.filter.tags.[]") | String | | | | | + | [      vrfs](## ".defaults.filter.vrfs") | List, items: String | | `['all']` | | Limit configured Network Services to those defined under these VRFs. Set to ['all'] for all VRFs (default).
This list also limits VRFs included by `always_include_vrfs_in_tenants`. | + | [        - <str>](## ".defaults.filter.vrfs.[]") | String | | | | | + | [      not_vrfs](## ".defaults.filter.not_vrfs") | List, items: String | | `['all']` | | Prevent configuration of Network Services defined under these VRFs.
This list prevents the given VRFs to be included by any other filtering mechanism. | + | [        - <str>](## ".defaults.filter.not_vrfs.[]") | String | | | | | | [      always_include_vrfs_in_tenants](## ".defaults.filter.always_include_vrfs_in_tenants") | List, items: String | | | | List of tenants where VRFs will be configured even if VLANs are not included in tags.
Useful for L3 "border" leaf.
| | [        - <str>](## ".defaults.filter.always_include_vrfs_in_tenants.[]") | String | | | | | | [      only_vlans_in_use](## ".defaults.filter.only_vlans_in_use") | Boolean | | `False` | | Only configure VLANs, SVIs, VRFs in use by connected endpoints or downstream L2 switches.
Note! This feature only considers configuration managed by eos_designs.
This excludes structured_config, custom_structured_configuration_, raw_eos_cli, eos_cli, custom templates, configlets etc.
| @@ -25,20 +29,28 @@ | [        - name](## ".node_groups.[].nodes.[].name") | String | Required, Unique | | | The Node Name is used as "hostname". | | [          evpn_services_l2_only](## ".node_groups.[].nodes.[].evpn_services_l2_only") | Boolean | | `False` | | Possibility to prevent configuration of Tenant VRFs and SVIs.
Override node definition "network_services_l3" from node_type_keys.
This allows support for centralized routing.
| | [          filter](## ".node_groups.[].nodes.[].filter") | Dictionary | | | | Filter L3 and L2 network services based on tenant and tags (and operation filter).
If filter is not defined it will default to all.
| - | [            tenants](## ".node_groups.[].nodes.[].filter.tenants") | List, items: String | | `['all']` | | | + | [            tenants](## ".node_groups.[].nodes.[].filter.tenants") | List, items: String | | `['all']` | | Limit configured Network Services to those defined under these Tenants. Set to ['all'] for all Tenants (default).
This list also limits Tenants included by `always_include_vrfs_in_tenants`. | | [              - <str>](## ".node_groups.[].nodes.[].filter.tenants.[]") | String | | | | | - | [            tags](## ".node_groups.[].nodes.[].filter.tags") | List, items: String | | `['all']` | | | + | [            tags](## ".node_groups.[].nodes.[].filter.tags") | List, items: String | | `['all']` | | Limit configured VLANs to those matching the given tags. Set to ['all'] for all VLANs (default). | | [              - <str>](## ".node_groups.[].nodes.[].filter.tags.[]") | String | | | | | + | [            vrfs](## ".node_groups.[].nodes.[].filter.vrfs") | List, items: String | | `['all']` | | Limit configured Network Services to those defined under these VRFs. Set to ['all'] for all VRFs (default).
This list also limits VRFs included by `always_include_vrfs_in_tenants`. | + | [              - <str>](## ".node_groups.[].nodes.[].filter.vrfs.[]") | String | | | | | + | [            not_vrfs](## ".node_groups.[].nodes.[].filter.not_vrfs") | List, items: String | | `['all']` | | Prevent configuration of Network Services defined under these VRFs.
This list prevents the given VRFs to be included by any other filtering mechanism. | + | [              - <str>](## ".node_groups.[].nodes.[].filter.not_vrfs.[]") | String | | | | | | [            always_include_vrfs_in_tenants](## ".node_groups.[].nodes.[].filter.always_include_vrfs_in_tenants") | List, items: String | | | | List of tenants where VRFs will be configured even if VLANs are not included in tags.
Useful for L3 "border" leaf.
| | [              - <str>](## ".node_groups.[].nodes.[].filter.always_include_vrfs_in_tenants.[]") | String | | | | | | [            only_vlans_in_use](## ".node_groups.[].nodes.[].filter.only_vlans_in_use") | Boolean | | `False` | | Only configure VLANs, SVIs, VRFs in use by connected endpoints or downstream L2 switches.
Note! This feature only considers configuration managed by eos_designs.
This excludes structured_config, custom_structured_configuration_, raw_eos_cli, eos_cli, custom templates, configlets etc.
| | [          igmp_snooping_enabled](## ".node_groups.[].nodes.[].igmp_snooping_enabled") | Boolean | | `True` | | Activate or deactivate IGMP snooping on device level. | | [      evpn_services_l2_only](## ".node_groups.[].evpn_services_l2_only") | Boolean | | `False` | | Possibility to prevent configuration of Tenant VRFs and SVIs.
Override node definition "network_services_l3" from node_type_keys.
This allows support for centralized routing.
| | [      filter](## ".node_groups.[].filter") | Dictionary | | | | Filter L3 and L2 network services based on tenant and tags (and operation filter).
If filter is not defined it will default to all.
| - | [        tenants](## ".node_groups.[].filter.tenants") | List, items: String | | `['all']` | | | + | [        tenants](## ".node_groups.[].filter.tenants") | List, items: String | | `['all']` | | Limit configured Network Services to those defined under these Tenants. Set to ['all'] for all Tenants (default).
This list also limits Tenants included by `always_include_vrfs_in_tenants`. | | [          - <str>](## ".node_groups.[].filter.tenants.[]") | String | | | | | - | [        tags](## ".node_groups.[].filter.tags") | List, items: String | | `['all']` | | | + | [        tags](## ".node_groups.[].filter.tags") | List, items: String | | `['all']` | | Limit configured VLANs to those matching the given tags. Set to ['all'] for all VLANs (default). | | [          - <str>](## ".node_groups.[].filter.tags.[]") | String | | | | | + | [        vrfs](## ".node_groups.[].filter.vrfs") | List, items: String | | `['all']` | | Limit configured Network Services to those defined under these VRFs. Set to ['all'] for all VRFs (default).
This list also limits VRFs included by `always_include_vrfs_in_tenants`. | + | [          - <str>](## ".node_groups.[].filter.vrfs.[]") | String | | | | | + | [        not_vrfs](## ".node_groups.[].filter.not_vrfs") | List, items: String | | `['all']` | | Prevent configuration of Network Services defined under these VRFs.
This list prevents the given VRFs to be included by any other filtering mechanism. | + | [          - <str>](## ".node_groups.[].filter.not_vrfs.[]") | String | | | | | | [        always_include_vrfs_in_tenants](## ".node_groups.[].filter.always_include_vrfs_in_tenants") | List, items: String | | | | List of tenants where VRFs will be configured even if VLANs are not included in tags.
Useful for L3 "border" leaf.
| | [          - <str>](## ".node_groups.[].filter.always_include_vrfs_in_tenants.[]") | String | | | | | | [        only_vlans_in_use](## ".node_groups.[].filter.only_vlans_in_use") | Boolean | | `False` | | Only configure VLANs, SVIs, VRFs in use by connected endpoints or downstream L2 switches.
Note! This feature only considers configuration managed by eos_designs.
This excludes structured_config, custom_structured_configuration_, raw_eos_cli, eos_cli, custom templates, configlets etc.
| @@ -47,10 +59,14 @@ | [    - name](## ".nodes.[].name") | String | Required, Unique | | | The Node Name is used as "hostname". | | [      evpn_services_l2_only](## ".nodes.[].evpn_services_l2_only") | Boolean | | `False` | | Possibility to prevent configuration of Tenant VRFs and SVIs.
Override node definition "network_services_l3" from node_type_keys.
This allows support for centralized routing.
| | [      filter](## ".nodes.[].filter") | Dictionary | | | | Filter L3 and L2 network services based on tenant and tags (and operation filter).
If filter is not defined it will default to all.
| - | [        tenants](## ".nodes.[].filter.tenants") | List, items: String | | `['all']` | | | + | [        tenants](## ".nodes.[].filter.tenants") | List, items: String | | `['all']` | | Limit configured Network Services to those defined under these Tenants. Set to ['all'] for all Tenants (default).
This list also limits Tenants included by `always_include_vrfs_in_tenants`. | | [          - <str>](## ".nodes.[].filter.tenants.[]") | String | | | | | - | [        tags](## ".nodes.[].filter.tags") | List, items: String | | `['all']` | | | + | [        tags](## ".nodes.[].filter.tags") | List, items: String | | `['all']` | | Limit configured VLANs to those matching the given tags. Set to ['all'] for all VLANs (default). | | [          - <str>](## ".nodes.[].filter.tags.[]") | String | | | | | + | [        vrfs](## ".nodes.[].filter.vrfs") | List, items: String | | `['all']` | | Limit configured Network Services to those defined under these VRFs. Set to ['all'] for all VRFs (default).
This list also limits VRFs included by `always_include_vrfs_in_tenants`. | + | [          - <str>](## ".nodes.[].filter.vrfs.[]") | String | | | | | + | [        not_vrfs](## ".nodes.[].filter.not_vrfs") | List, items: String | | `['all']` | | Prevent configuration of Network Services defined under these VRFs.
This list prevents the given VRFs to be included by any other filtering mechanism. | + | [          - <str>](## ".nodes.[].filter.not_vrfs.[]") | String | | | | | | [        always_include_vrfs_in_tenants](## ".nodes.[].filter.always_include_vrfs_in_tenants") | List, items: String | | | | List of tenants where VRFs will be configured even if VLANs are not included in tags.
Useful for L3 "border" leaf.
| | [          - <str>](## ".nodes.[].filter.always_include_vrfs_in_tenants.[]") | String | | | | | | [        only_vlans_in_use](## ".nodes.[].filter.only_vlans_in_use") | Boolean | | `False` | | Only configure VLANs, SVIs, VRFs in use by connected endpoints or downstream L2 switches.
Note! This feature only considers configuration managed by eos_designs.
This excludes structured_config, custom_structured_configuration_, raw_eos_cli, eos_cli, custom templates, configlets etc.
| @@ -72,11 +88,26 @@ # Filter L3 and L2 network services based on tenant and tags (and operation filter). # If filter is not defined it will default to all. filter: + + # Limit configured Network Services to those defined under these Tenants. Set to ['all'] for all Tenants (default). + # This list also limits Tenants included by `always_include_vrfs_in_tenants`. tenants: # default=['all'] - + + # Limit configured VLANs to those matching the given tags. Set to ['all'] for all VLANs (default). tags: # default=['all'] - + # Limit configured Network Services to those defined under these VRFs. Set to ['all'] for all VRFs (default). + # This list also limits VRFs included by `always_include_vrfs_in_tenants`. + vrfs: # default=['all'] + - + + # Prevent configuration of Network Services defined under these VRFs. + # This list prevents the given VRFs to be included by any other filtering mechanism. + not_vrfs: # default=['all'] + - + # List of tenants where VRFs will be configured even if VLANs are not included in tags. # Useful for L3 "border" leaf. always_include_vrfs_in_tenants: @@ -111,11 +142,26 @@ # Filter L3 and L2 network services based on tenant and tags (and operation filter). # If filter is not defined it will default to all. filter: + + # Limit configured Network Services to those defined under these Tenants. Set to ['all'] for all Tenants (default). + # This list also limits Tenants included by `always_include_vrfs_in_tenants`. tenants: # default=['all'] - + + # Limit configured VLANs to those matching the given tags. Set to ['all'] for all VLANs (default). tags: # default=['all'] - + # Limit configured Network Services to those defined under these VRFs. Set to ['all'] for all VRFs (default). + # This list also limits VRFs included by `always_include_vrfs_in_tenants`. + vrfs: # default=['all'] + - + + # Prevent configuration of Network Services defined under these VRFs. + # This list prevents the given VRFs to be included by any other filtering mechanism. + not_vrfs: # default=['all'] + - + # List of tenants where VRFs will be configured even if VLANs are not included in tags. # Useful for L3 "border" leaf. always_include_vrfs_in_tenants: @@ -137,11 +183,26 @@ # Filter L3 and L2 network services based on tenant and tags (and operation filter). # If filter is not defined it will default to all. filter: + + # Limit configured Network Services to those defined under these Tenants. Set to ['all'] for all Tenants (default). + # This list also limits Tenants included by `always_include_vrfs_in_tenants`. tenants: # default=['all'] - + + # Limit configured VLANs to those matching the given tags. Set to ['all'] for all VLANs (default). tags: # default=['all'] - + # Limit configured Network Services to those defined under these VRFs. Set to ['all'] for all VRFs (default). + # This list also limits VRFs included by `always_include_vrfs_in_tenants`. + vrfs: # default=['all'] + - + + # Prevent configuration of Network Services defined under these VRFs. + # This list prevents the given VRFs to be included by any other filtering mechanism. + not_vrfs: # default=['all'] + - + # List of tenants where VRFs will be configured even if VLANs are not included in tags. # Useful for L3 "border" leaf. always_include_vrfs_in_tenants: @@ -169,11 +230,26 @@ # Filter L3 and L2 network services based on tenant and tags (and operation filter). # If filter is not defined it will default to all. filter: + + # Limit configured Network Services to those defined under these Tenants. Set to ['all'] for all Tenants (default). + # This list also limits Tenants included by `always_include_vrfs_in_tenants`. tenants: # default=['all'] - + + # Limit configured VLANs to those matching the given tags. Set to ['all'] for all VLANs (default). tags: # default=['all'] - + # Limit configured Network Services to those defined under these VRFs. Set to ['all'] for all VRFs (default). + # This list also limits VRFs included by `always_include_vrfs_in_tenants`. + vrfs: # default=['all'] + - + + # Prevent configuration of Network Services defined under these VRFs. + # This list prevents the given VRFs to be included by any other filtering mechanism. + not_vrfs: # default=['all'] + - + # List of tenants where VRFs will be configured even if VLANs are not included in tags. # Useful for L3 "border" leaf. always_include_vrfs_in_tenants: diff --git a/ansible_collections/arista/avd/roles/eos_designs/schemas/eos_designs.schema.yml b/ansible_collections/arista/avd/roles/eos_designs/schemas/eos_designs.schema.yml index 7b91821746a..5bf3466308e 100644 --- a/ansible_collections/arista/avd/roles/eos_designs/schemas/eos_designs.schema.yml +++ b/ansible_collections/arista/avd/roles/eos_designs/schemas/eos_designs.schema.yml @@ -6721,16 +6721,47 @@ $defs: keys: tenants: type: list + description: 'Limit configured Network Services to those defined under + these Tenants. Set to [''all''] for all Tenants (default). + + This list also limits Tenants included by `always_include_vrfs_in_tenants`.' items: type: str default: - all tags: type: list + description: Limit configured VLANs to those matching the given tags. + Set to ['all'] for all VLANs (default). items: type: str default: - all + vrfs: + type: list + description: 'Limit configured Network Services to those defined under + these VRFs. Set to [''all''] for all VRFs (default). + + This list also limits VRFs included by `always_include_vrfs_in_tenants`.' + items: + type: str + convert_types: + - int + default: + - all + not_vrfs: + type: list + description: 'Prevent configuration of Network Services defined under + these VRFs. + + This list prevents the given VRFs to be included by any other filtering + mechanism.' + items: + type: str + convert_types: + - int + default: + - all always_include_vrfs_in_tenants: description: 'List of tenants where VRFs will be configured even if VLANs are not included in tags. diff --git a/ansible_collections/arista/avd/roles/eos_designs/schemas/schema_fragments/defs_node_type.schema.yml b/ansible_collections/arista/avd/roles/eos_designs/schemas/schema_fragments/defs_node_type.schema.yml index 377a0ec5a89..47693b24568 100644 --- a/ansible_collections/arista/avd/roles/eos_designs/schemas/schema_fragments/defs_node_type.schema.yml +++ b/ansible_collections/arista/avd/roles/eos_designs/schemas/schema_fragments/defs_node_type.schema.yml @@ -507,14 +507,40 @@ $defs: keys: tenants: type: list + description: |- + Limit configured Network Services to those defined under these Tenants. Set to ['all'] for all Tenants (default). + This list also limits Tenants included by `always_include_vrfs_in_tenants`. items: type: str default: - all tags: type: list + description: Limit configured VLANs to those matching the given tags. Set to ['all'] for all VLANs (default). + items: + type: str + default: + - all + vrfs: + type: list + description: |- + Limit configured Network Services to those defined under these VRFs. Set to ['all'] for all VRFs (default). + This list also limits VRFs included by `always_include_vrfs_in_tenants`. + items: + type: str + convert_types: + - int + default: + - all + not_vrfs: + type: list + description: |- + Prevent configuration of Network Services defined under these VRFs. + This list prevents the given VRFs to be included by any other filtering mechanism. items: type: str + convert_types: + - int default: - all always_include_vrfs_in_tenants: From d3ac7be777be618ae9b416e6c88370c6375ce5e9 Mon Sep 17 00:00:00 2001 From: Claus Holbech Date: Thu, 22 Feb 2024 15:10:14 +0100 Subject: [PATCH 2/5] Update docstring --- .../plugin_utils/eos_designs_shared_utils/filtered_tenants.py | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/ansible_collections/arista/avd/plugins/plugin_utils/eos_designs_shared_utils/filtered_tenants.py b/ansible_collections/arista/avd/plugins/plugin_utils/eos_designs_shared_utils/filtered_tenants.py index addaa2fe65c..fedfaa6c71e 100644 --- a/ansible_collections/arista/avd/plugins/plugin_utils/eos_designs_shared_utils/filtered_tenants.py +++ b/ansible_collections/arista/avd/plugins/plugin_utils/eos_designs_shared_utils/filtered_tenants.py @@ -165,7 +165,7 @@ def is_accepted_vrf(self: SharedUtils, vrf: dict) -> bool: AND - - filter.not_vrfs == [] OR (filter.not_vrfs != ["all"] AND VRF is NOT in filter.not_vrfs) + - filter.not_vrfs == [] OR VRF is NOT in filter.not_vrfs """ return ("all" in self.filter_vrfs or vrf["name"] in self.filter_vrfs) and (not self.filter_not_vrfs or vrf["name"] not in self.filter_not_vrfs) From f30e9f248a4790fb619a5eb2554ffbae68ed7502 Mon Sep 17 00:00:00 2001 From: Claus Holbech Date: Fri, 23 Feb 2024 08:00:44 +0100 Subject: [PATCH 3/5] Update data model --- .../inventory/host_vars/filter.vrfs.yml | 18 +++---- .../filtered_tenants.py | 8 ++-- .../eos_designs_shared_utils/misc.py | 8 ++-- .../node-type-evpn-services-configuration.md | 48 +++++++++---------- .../schemas/eos_designs.schema.yml | 4 +- .../defs_node_type.schema.yml | 4 +- 6 files changed, 47 insertions(+), 43 deletions(-) diff --git a/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/inventory/host_vars/filter.vrfs.yml b/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/inventory/host_vars/filter.vrfs.yml index ab6ac796cfc..886853c3f4f 100644 --- a/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/inventory/host_vars/filter.vrfs.yml +++ b/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/inventory/host_vars/filter.vrfs.yml @@ -8,26 +8,28 @@ l3leaf: bgp_as: 65001 vtep: false filter: - not_vrfs: [VRF1, VRF4] - vrfs: [VRF1, VRF2, VRF4, VRF5] + deny_vrfs: [VRF1, VRF4] + allow_vrfs: [VRF1, VRF2, VRF4, VRF5] always_include_vrfs_in_tenants: [TENANT2] tenants: - name: TENANT1 vrfs: - name: VRF1 - description: This VRF would have been configured because it is attracted by Loopback0, but it is prevented by filter.not_vrfs + description: This VRF would have been configured because it is attracted by Loopback, but it is prevented by filter.deny_vrfs loopbacks: - loopback: 1 node: filter.vrfs ip_address: 192.168.1.1/32 - name: VRF2 - description: This VRF will be configured because it is permitted by filter.vrfs + description: This VRF is attracted by Loopback and will be configured because it is permitted by filter.allow_vrfs loopbacks: - loopback: 2 node: filter.vrfs ip_address: 192.168.1.1/32 - name: VRF3 - description: This VRF will not be configured because it is not permitted by filter.vrfs + description: >- + This VRF would have been configured because it is attracted by Loopback, + but it is prevented because it is not permitted by filter.allow_vrfs loopbacks: - loopback: 3 node: filter.vrfs @@ -36,8 +38,8 @@ tenants: - name: TENANT2 vrfs: - name: VRF4 - description: This VRF would have been configured because of always_include_vrfs_in_tenants, but it is prevented by filter.not_vrfs + description: This VRF would have been configured because of always_include_vrfs_in_tenants, but it is prevented by filter.deny_vrfs - name: VRF5 - description: This VRF will be configured because of always_include_vrfs_in_tenants and it is permitted by filter.vrfs + description: This VRF will be configured because of always_include_vrfs_in_tenants and it is permitted by filter.allow_vrfs - name: VRF6 - description: This VRF will not be configured because it is not permitted by filter.vrfs + description: This VRF will not be configured because it is not permitted by filter.allow_vrfs diff --git a/ansible_collections/arista/avd/plugins/plugin_utils/eos_designs_shared_utils/filtered_tenants.py b/ansible_collections/arista/avd/plugins/plugin_utils/eos_designs_shared_utils/filtered_tenants.py index fedfaa6c71e..03497d2e6df 100644 --- a/ansible_collections/arista/avd/plugins/plugin_utils/eos_designs_shared_utils/filtered_tenants.py +++ b/ansible_collections/arista/avd/plugins/plugin_utils/eos_designs_shared_utils/filtered_tenants.py @@ -161,13 +161,15 @@ def is_accepted_vrf(self: SharedUtils, vrf: dict) -> bool: """ Returns True if - - filter.vrfs == ["all"] OR VRF is included in filter.vrfs. + - filter.allow_vrfs == ["all"] OR VRF is included in filter.allow_vrfs. AND - - filter.not_vrfs == [] OR VRF is NOT in filter.not_vrfs + - filter.not_vrfs == [] OR VRF is NOT in filter.deny_vrfs """ - return ("all" in self.filter_vrfs or vrf["name"] in self.filter_vrfs) and (not self.filter_not_vrfs or vrf["name"] not in self.filter_not_vrfs) + return ("all" in self.filter_allow_vrfs or vrf["name"] in self.filter_allow_vrfs) and ( + not self.filter_deny_vrfs or vrf["name"] not in self.filter_deny_vrfs + ) def filtered_vrfs(self: SharedUtils, tenant: dict) -> list[dict]: """ diff --git a/ansible_collections/arista/avd/plugins/plugin_utils/eos_designs_shared_utils/misc.py b/ansible_collections/arista/avd/plugins/plugin_utils/eos_designs_shared_utils/misc.py index c1122f76a5c..7a0e8186995 100644 --- a/ansible_collections/arista/avd/plugins/plugin_utils/eos_designs_shared_utils/misc.py +++ b/ansible_collections/arista/avd/plugins/plugin_utils/eos_designs_shared_utils/misc.py @@ -68,12 +68,12 @@ def filter_tags(self: SharedUtils) -> list: return filter_tags @cached_property - def filter_vrfs(self: SharedUtils) -> list: - return get(self.switch_data_combined, "filter.vrfs", default=["all"]) + def filter_allow_vrfs(self: SharedUtils) -> list: + return get(self.switch_data_combined, "filter.allow_vrfs", default=["all"]) @cached_property - def filter_not_vrfs(self: SharedUtils) -> list: - return get(self.switch_data_combined, "filter.not_vrfs", default=[]) + def filter_deny_vrfs(self: SharedUtils) -> list: + return get(self.switch_data_combined, "filter.deny_vrfs", default=[]) @cached_property def filter_tenants(self: SharedUtils) -> list: diff --git a/ansible_collections/arista/avd/roles/eos_designs/docs/tables/node-type-evpn-services-configuration.md b/ansible_collections/arista/avd/roles/eos_designs/docs/tables/node-type-evpn-services-configuration.md index 6c91c4e21e1..e6b32aee472 100644 --- a/ansible_collections/arista/avd/roles/eos_designs/docs/tables/node-type-evpn-services-configuration.md +++ b/ansible_collections/arista/avd/roles/eos_designs/docs/tables/node-type-evpn-services-configuration.md @@ -15,10 +15,10 @@ | [        - <str>](## ".defaults.filter.tenants.[]") | String | | | | | | [      tags](## ".defaults.filter.tags") | List, items: String | | `['all']` | | Limit configured VLANs to those matching the given tags. Set to ['all'] for all VLANs (default). | | [        - <str>](## ".defaults.filter.tags.[]") | String | | | | | - | [      vrfs](## ".defaults.filter.vrfs") | List, items: String | | `['all']` | | Limit configured Network Services to those defined under these VRFs. Set to ['all'] for all VRFs (default).
This list also limits VRFs included by `always_include_vrfs_in_tenants`. | - | [        - <str>](## ".defaults.filter.vrfs.[]") | String | | | | | - | [      not_vrfs](## ".defaults.filter.not_vrfs") | List, items: String | | `['all']` | | Prevent configuration of Network Services defined under these VRFs.
This list prevents the given VRFs to be included by any other filtering mechanism. | - | [        - <str>](## ".defaults.filter.not_vrfs.[]") | String | | | | | + | [      allow_vrfs](## ".defaults.filter.allow_vrfs") | List, items: String | | `['all']` | | Limit configured Network Services to those defined under these VRFs. Set to ['all'] for all VRFs (default).
This list also limits VRFs included by `always_include_vrfs_in_tenants`. | + | [        - <str>](## ".defaults.filter.allow_vrfs.[]") | String | | | | | + | [      deny_vrfs](## ".defaults.filter.deny_vrfs") | List, items: String | | `['all']` | | Prevent configuration of Network Services defined under these VRFs.
This list prevents the given VRFs to be included by any other filtering mechanism. | + | [        - <str>](## ".defaults.filter.deny_vrfs.[]") | String | | | | | | [      always_include_vrfs_in_tenants](## ".defaults.filter.always_include_vrfs_in_tenants") | List, items: String | | | | List of tenants where VRFs will be configured even if VLANs are not included in tags.
Useful for L3 "border" leaf.
| | [        - <str>](## ".defaults.filter.always_include_vrfs_in_tenants.[]") | String | | | | | | [      only_vlans_in_use](## ".defaults.filter.only_vlans_in_use") | Boolean | | `False` | | Only configure VLANs, SVIs, VRFs in use by connected endpoints or downstream L2 switches.
Note! This feature only considers configuration managed by eos_designs.
This excludes structured_config, custom_structured_configuration_, raw_eos_cli, eos_cli, custom templates, configlets etc.
| @@ -33,10 +33,10 @@ | [              - <str>](## ".node_groups.[].nodes.[].filter.tenants.[]") | String | | | | | | [            tags](## ".node_groups.[].nodes.[].filter.tags") | List, items: String | | `['all']` | | Limit configured VLANs to those matching the given tags. Set to ['all'] for all VLANs (default). | | [              - <str>](## ".node_groups.[].nodes.[].filter.tags.[]") | String | | | | | - | [            vrfs](## ".node_groups.[].nodes.[].filter.vrfs") | List, items: String | | `['all']` | | Limit configured Network Services to those defined under these VRFs. Set to ['all'] for all VRFs (default).
This list also limits VRFs included by `always_include_vrfs_in_tenants`. | - | [              - <str>](## ".node_groups.[].nodes.[].filter.vrfs.[]") | String | | | | | - | [            not_vrfs](## ".node_groups.[].nodes.[].filter.not_vrfs") | List, items: String | | `['all']` | | Prevent configuration of Network Services defined under these VRFs.
This list prevents the given VRFs to be included by any other filtering mechanism. | - | [              - <str>](## ".node_groups.[].nodes.[].filter.not_vrfs.[]") | String | | | | | + | [            allow_vrfs](## ".node_groups.[].nodes.[].filter.allow_vrfs") | List, items: String | | `['all']` | | Limit configured Network Services to those defined under these VRFs. Set to ['all'] for all VRFs (default).
This list also limits VRFs included by `always_include_vrfs_in_tenants`. | + | [              - <str>](## ".node_groups.[].nodes.[].filter.allow_vrfs.[]") | String | | | | | + | [            deny_vrfs](## ".node_groups.[].nodes.[].filter.deny_vrfs") | List, items: String | | `['all']` | | Prevent configuration of Network Services defined under these VRFs.
This list prevents the given VRFs to be included by any other filtering mechanism. | + | [              - <str>](## ".node_groups.[].nodes.[].filter.deny_vrfs.[]") | String | | | | | | [            always_include_vrfs_in_tenants](## ".node_groups.[].nodes.[].filter.always_include_vrfs_in_tenants") | List, items: String | | | | List of tenants where VRFs will be configured even if VLANs are not included in tags.
Useful for L3 "border" leaf.
| | [              - <str>](## ".node_groups.[].nodes.[].filter.always_include_vrfs_in_tenants.[]") | String | | | | | | [            only_vlans_in_use](## ".node_groups.[].nodes.[].filter.only_vlans_in_use") | Boolean | | `False` | | Only configure VLANs, SVIs, VRFs in use by connected endpoints or downstream L2 switches.
Note! This feature only considers configuration managed by eos_designs.
This excludes structured_config, custom_structured_configuration_, raw_eos_cli, eos_cli, custom templates, configlets etc.
| @@ -47,10 +47,10 @@ | [          - <str>](## ".node_groups.[].filter.tenants.[]") | String | | | | | | [        tags](## ".node_groups.[].filter.tags") | List, items: String | | `['all']` | | Limit configured VLANs to those matching the given tags. Set to ['all'] for all VLANs (default). | | [          - <str>](## ".node_groups.[].filter.tags.[]") | String | | | | | - | [        vrfs](## ".node_groups.[].filter.vrfs") | List, items: String | | `['all']` | | Limit configured Network Services to those defined under these VRFs. Set to ['all'] for all VRFs (default).
This list also limits VRFs included by `always_include_vrfs_in_tenants`. | - | [          - <str>](## ".node_groups.[].filter.vrfs.[]") | String | | | | | - | [        not_vrfs](## ".node_groups.[].filter.not_vrfs") | List, items: String | | `['all']` | | Prevent configuration of Network Services defined under these VRFs.
This list prevents the given VRFs to be included by any other filtering mechanism. | - | [          - <str>](## ".node_groups.[].filter.not_vrfs.[]") | String | | | | | + | [        allow_vrfs](## ".node_groups.[].filter.allow_vrfs") | List, items: String | | `['all']` | | Limit configured Network Services to those defined under these VRFs. Set to ['all'] for all VRFs (default).
This list also limits VRFs included by `always_include_vrfs_in_tenants`. | + | [          - <str>](## ".node_groups.[].filter.allow_vrfs.[]") | String | | | | | + | [        deny_vrfs](## ".node_groups.[].filter.deny_vrfs") | List, items: String | | `['all']` | | Prevent configuration of Network Services defined under these VRFs.
This list prevents the given VRFs to be included by any other filtering mechanism. | + | [          - <str>](## ".node_groups.[].filter.deny_vrfs.[]") | String | | | | | | [        always_include_vrfs_in_tenants](## ".node_groups.[].filter.always_include_vrfs_in_tenants") | List, items: String | | | | List of tenants where VRFs will be configured even if VLANs are not included in tags.
Useful for L3 "border" leaf.
| | [          - <str>](## ".node_groups.[].filter.always_include_vrfs_in_tenants.[]") | String | | | | | | [        only_vlans_in_use](## ".node_groups.[].filter.only_vlans_in_use") | Boolean | | `False` | | Only configure VLANs, SVIs, VRFs in use by connected endpoints or downstream L2 switches.
Note! This feature only considers configuration managed by eos_designs.
This excludes structured_config, custom_structured_configuration_, raw_eos_cli, eos_cli, custom templates, configlets etc.
| @@ -63,10 +63,10 @@ | [          - <str>](## ".nodes.[].filter.tenants.[]") | String | | | | | | [        tags](## ".nodes.[].filter.tags") | List, items: String | | `['all']` | | Limit configured VLANs to those matching the given tags. Set to ['all'] for all VLANs (default). | | [          - <str>](## ".nodes.[].filter.tags.[]") | String | | | | | - | [        vrfs](## ".nodes.[].filter.vrfs") | List, items: String | | `['all']` | | Limit configured Network Services to those defined under these VRFs. Set to ['all'] for all VRFs (default).
This list also limits VRFs included by `always_include_vrfs_in_tenants`. | - | [          - <str>](## ".nodes.[].filter.vrfs.[]") | String | | | | | - | [        not_vrfs](## ".nodes.[].filter.not_vrfs") | List, items: String | | `['all']` | | Prevent configuration of Network Services defined under these VRFs.
This list prevents the given VRFs to be included by any other filtering mechanism. | - | [          - <str>](## ".nodes.[].filter.not_vrfs.[]") | String | | | | | + | [        allow_vrfs](## ".nodes.[].filter.allow_vrfs") | List, items: String | | `['all']` | | Limit configured Network Services to those defined under these VRFs. Set to ['all'] for all VRFs (default).
This list also limits VRFs included by `always_include_vrfs_in_tenants`. | + | [          - <str>](## ".nodes.[].filter.allow_vrfs.[]") | String | | | | | + | [        deny_vrfs](## ".nodes.[].filter.deny_vrfs") | List, items: String | | `['all']` | | Prevent configuration of Network Services defined under these VRFs.
This list prevents the given VRFs to be included by any other filtering mechanism. | + | [          - <str>](## ".nodes.[].filter.deny_vrfs.[]") | String | | | | | | [        always_include_vrfs_in_tenants](## ".nodes.[].filter.always_include_vrfs_in_tenants") | List, items: String | | | | List of tenants where VRFs will be configured even if VLANs are not included in tags.
Useful for L3 "border" leaf.
| | [          - <str>](## ".nodes.[].filter.always_include_vrfs_in_tenants.[]") | String | | | | | | [        only_vlans_in_use](## ".nodes.[].filter.only_vlans_in_use") | Boolean | | `False` | | Only configure VLANs, SVIs, VRFs in use by connected endpoints or downstream L2 switches.
Note! This feature only considers configuration managed by eos_designs.
This excludes structured_config, custom_structured_configuration_, raw_eos_cli, eos_cli, custom templates, configlets etc.
| @@ -100,12 +100,12 @@ # Limit configured Network Services to those defined under these VRFs. Set to ['all'] for all VRFs (default). # This list also limits VRFs included by `always_include_vrfs_in_tenants`. - vrfs: # default=['all'] + allow_vrfs: # default=['all'] - # Prevent configuration of Network Services defined under these VRFs. # This list prevents the given VRFs to be included by any other filtering mechanism. - not_vrfs: # default=['all'] + deny_vrfs: # default=['all'] - # List of tenants where VRFs will be configured even if VLANs are not included in tags. @@ -154,12 +154,12 @@ # Limit configured Network Services to those defined under these VRFs. Set to ['all'] for all VRFs (default). # This list also limits VRFs included by `always_include_vrfs_in_tenants`. - vrfs: # default=['all'] + allow_vrfs: # default=['all'] - # Prevent configuration of Network Services defined under these VRFs. # This list prevents the given VRFs to be included by any other filtering mechanism. - not_vrfs: # default=['all'] + deny_vrfs: # default=['all'] - # List of tenants where VRFs will be configured even if VLANs are not included in tags. @@ -195,12 +195,12 @@ # Limit configured Network Services to those defined under these VRFs. Set to ['all'] for all VRFs (default). # This list also limits VRFs included by `always_include_vrfs_in_tenants`. - vrfs: # default=['all'] + allow_vrfs: # default=['all'] - # Prevent configuration of Network Services defined under these VRFs. # This list prevents the given VRFs to be included by any other filtering mechanism. - not_vrfs: # default=['all'] + deny_vrfs: # default=['all'] - # List of tenants where VRFs will be configured even if VLANs are not included in tags. @@ -242,12 +242,12 @@ # Limit configured Network Services to those defined under these VRFs. Set to ['all'] for all VRFs (default). # This list also limits VRFs included by `always_include_vrfs_in_tenants`. - vrfs: # default=['all'] + allow_vrfs: # default=['all'] - # Prevent configuration of Network Services defined under these VRFs. # This list prevents the given VRFs to be included by any other filtering mechanism. - not_vrfs: # default=['all'] + deny_vrfs: # default=['all'] - # List of tenants where VRFs will be configured even if VLANs are not included in tags. diff --git a/ansible_collections/arista/avd/roles/eos_designs/schemas/eos_designs.schema.yml b/ansible_collections/arista/avd/roles/eos_designs/schemas/eos_designs.schema.yml index d88af25077c..584dde92707 100644 --- a/ansible_collections/arista/avd/roles/eos_designs/schemas/eos_designs.schema.yml +++ b/ansible_collections/arista/avd/roles/eos_designs/schemas/eos_designs.schema.yml @@ -6777,7 +6777,7 @@ $defs: type: str default: - all - vrfs: + allow_vrfs: type: list description: 'Limit configured Network Services to those defined under these VRFs. Set to [''all''] for all VRFs (default). @@ -6789,7 +6789,7 @@ $defs: - int default: - all - not_vrfs: + deny_vrfs: type: list description: 'Prevent configuration of Network Services defined under these VRFs. diff --git a/ansible_collections/arista/avd/roles/eos_designs/schemas/schema_fragments/defs_node_type.schema.yml b/ansible_collections/arista/avd/roles/eos_designs/schemas/schema_fragments/defs_node_type.schema.yml index 47693b24568..f993a425339 100644 --- a/ansible_collections/arista/avd/roles/eos_designs/schemas/schema_fragments/defs_node_type.schema.yml +++ b/ansible_collections/arista/avd/roles/eos_designs/schemas/schema_fragments/defs_node_type.schema.yml @@ -521,7 +521,7 @@ $defs: type: str default: - all - vrfs: + allow_vrfs: type: list description: |- Limit configured Network Services to those defined under these VRFs. Set to ['all'] for all VRFs (default). @@ -532,7 +532,7 @@ $defs: - int default: - all - not_vrfs: + deny_vrfs: type: list description: |- Prevent configuration of Network Services defined under these VRFs. From 994c82ce25766c0ed05d26b14ba79eb980658105 Mon Sep 17 00:00:00 2001 From: Claus Holbech Date: Fri, 23 Feb 2024 10:02:15 +0100 Subject: [PATCH 4/5] Update CI artifacts --- .../eos_designs_unit_tests/intended/configs/filter.vrfs.cfg | 4 ++-- .../intended/structured_configs/filter.vrfs.yml | 4 ++-- 2 files changed, 4 insertions(+), 4 deletions(-) diff --git a/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/configs/filter.vrfs.cfg b/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/configs/filter.vrfs.cfg index b00fc7f16d5..51794858b7b 100644 --- a/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/configs/filter.vrfs.cfg +++ b/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/configs/filter.vrfs.cfg @@ -14,10 +14,10 @@ no aaa root vrf instance MGMT ! vrf instance VRF2 - description This VRF will be configured because it is permitted by filter.vrfs + description This VRF is attracted by Loopback and will be configured because it is permitted by filter.allow_vrfs ! vrf instance VRF5 - description This VRF will be configured because of always_include_vrfs_in_tenants and it is permitted by filter.vrfs + description This VRF will be configured because of always_include_vrfs_in_tenants and it is permitted by filter.allow_vrfs ! interface Loopback0 description EVPN_Overlay_Peering diff --git a/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/structured_configs/filter.vrfs.yml b/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/structured_configs/filter.vrfs.yml index 3fb2c0b969f..38bde303a91 100644 --- a/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/structured_configs/filter.vrfs.yml +++ b/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/structured_configs/filter.vrfs.yml @@ -49,11 +49,11 @@ vrfs: - name: VRF2 tenant: TENANT1 ip_routing: true - description: This VRF will be configured because it is permitted by filter.vrfs + description: This VRF is attracted by Loopback and will be configured because it is permitted by filter.allow_vrfs - name: VRF5 tenant: TENANT2 ip_routing: true - description: This VRF will be configured because of always_include_vrfs_in_tenants and it is permitted by filter.vrfs + description: This VRF will be configured because of always_include_vrfs_in_tenants and it is permitted by filter.allow_vrfs management_api_http: enable_vrfs: - name: MGMT From 3f72c67bbd1ca3a70176ccaa7e8107b34f0da9c6 Mon Sep 17 00:00:00 2001 From: Claus Holbech Date: Mon, 26 Feb 2024 08:45:55 +0100 Subject: [PATCH 5/5] Add comment on tests --- .../eos_designs_unit_tests/inventory/host_vars/filter.vrfs.yml | 1 + 1 file changed, 1 insertion(+) diff --git a/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/inventory/host_vars/filter.vrfs.yml b/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/inventory/host_vars/filter.vrfs.yml index 886853c3f4f..0afd8e64566 100644 --- a/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/inventory/host_vars/filter.vrfs.yml +++ b/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/inventory/host_vars/filter.vrfs.yml @@ -8,6 +8,7 @@ l3leaf: bgp_as: 65001 vtep: false filter: + # deny_vrfs takes precedence over allow_vrfs, so VRF1 & VRF4 will be denied even when listed under allow_vrfs. deny_vrfs: [VRF1, VRF4] allow_vrfs: [VRF1, VRF2, VRF4, VRF5] always_include_vrfs_in_tenants: [TENANT2]