Skip to content
This repository has been archived by the owner on Nov 21, 2024. It is now read-only.

Certificate data class requires rework #59

Open
JimOverholt opened this issue Apr 25, 2024 · 1 comment
Open

Certificate data class requires rework #59

JimOverholt opened this issue Apr 25, 2024 · 1 comment
Labels
enhancement New feature or request

Comments

@JimOverholt
Copy link
Contributor

Summary

I'm trying to set vManage controller certificate to enterprise and upload root ca. In the old python-viptela library all I needed to do it:

Settings(vmanage_session, vmanage_ip).set_vmanage_ca_type('enterprise')
Settings(vmanage_session, vmanage_ip).set_vmanage_root_cert(ca_chain, 240)

The catalyst wan libarary certificate class requires a lot of parameters that are not mandatory when using enterprise CA option:

class Certificate(DataclassBase):
    controller_certificate: str = field(metadata={FIELD_NAME: "certificateSigning"})
    first_name: str = field(metadata={FIELD_NAME: "firstName"})
    last_name: str = field(metadata={FIELD_NAME: "lastName"})
    email: str = field(metadata={FIELD_NAME: "email"})
    validity_period: ValidityPeriod = field(metadata={FIELD_NAME: "validityPeriod"})
    retrieve_interval: int = field(converter=str, metadata={FIELD_NAME: "retrieveInterval"})

    @retrieve_interval.validator  # type: ignore
    def retrieve_interval_is_valid(self, attribute, value):
        RETRIEVE_INTERVAL_MAX = 60
        RETRIEVE_INTERVAL_MIN = 1
        if not RETRIEVE_INTERVAL_MIN <= int(value) <= RETRIEVE_INTERVAL_MAX:
            raise RetrieveIntervalOutOfRange("Retrieve interval must be value between 1 and 60 minutes")

There are two problems here:

  1. When configuring the 'enterprise' as controller certificate authorization, the vManage API required only "controller_certificate" field set to enterprise and all other fields shouldn't be there. But the current code doesn't allow for it.
  2. The code doesn't allow to upload enterprise root CA in any way.

Logs and external information

No response

Reproduction script

vmanage_settings = AdministrationSettingsAPI(vmanage_session)
vmanage_settings.update(Certificate('enterprise'))

On what platform(s) does it occur?

Not Applicable

Issue Severity

High: Blocking everything
@JimOverholt JimOverholt added the enhancement New feature or request label Apr 25, 2024
@JimOverholt
Copy link
Contributor Author

This issue was migrated from an old repository: CiscoDevNet/catalystwan#460

jpkrajewski added a commit that referenced this issue Jul 9, 2024
@jpkrajewski
KeyError: 'aggregate_only' during Cisco VPN feature template migration
7e8f624 
…#59
@jpkrajewski jpkrajewski mentioned this issue Jul 9, 2024
Merged
5 tasks
sbasan pushed a commit that referenced this issue Jul 11, 2024
@jpkrajewski @sbasan
KeyError: 'aggregate_only' during Cisco VPN feature template migration
24e4a85 
…#59
sbasan added a commit that referenced this issue Jul 11, 2024
@jpkrajewski @sbasan
dev-uxmt: Fix discovered migration flow issues (#756)
121ba1d 
* Static IP address with device specific value converted to dynamic IP address #67

* Migration Feature Template with IPSec route fails #60

* KeyError: 'aggregate_only' during Cisco VPN feature template migration #59

* Constant value convernted to variable value for integrity-type from Cisco Secuirty feature template #58

* Incorrect value for static IPv4 address after migration to ux2 #57

* Fix imports

* Fix: entire lan ethernet interface. fix attribute error when checking for vpn id value

* Fix whitespace

* Minor fixes

* Support banner and snmp

* fix: asPath parameter and conversion for Route Policy

* bump version

---------

Co-authored-by: Szymon Basan <[email protected]>
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Assignees
No one assigned
Labels
enhancement New feature or request
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@JimOverholt