Feat(eos_validate_state): Added the validation for STUN client configurations #3898
Conversation
github-actions
bot
added
role: eos_validate_state
state: CI Updated
|
This pull request has conflicts, please resolve those before we can evaluate the pull request. |
github-actions
bot
added
state: Documentation role Updated
and removed
state: conflict
|
Conflicts have been resolved. A maintainer will review the pull request shortly. |
| @@ -151,6 +151,9 @@ title: Ansible Collection Role eos_validate_state - Preview Integration with ANT | |||
| - (New) AvdTestAPIHttpsSSL (No Ansible tags, use the new `skipped_tests` variable instead) | |||
| - VerifyAPIHttpsSSL: Validate eAPI HTTPS SSL profile status. | |||
|
|
|||
| - (New) AvdTestStun (No Ansible tags, use the new `skipped_tests` variable instead) | |||
| - AvdTestStun: Validate STUN clients source address and port. | |||
There was a problem hiding this comment.
| - AvdTestStun: Validate STUN clients source address and port. | |
| - VerifyStunClient: Validate STUN clients source address and port. |
| @@ -151,6 +151,9 @@ title: Ansible Collection Role eos_validate_state - Preview Integration with ANT | |||
| - (New) AvdTestAPIHttpsSSL (No Ansible tags, use the new `skipped_tests` variable instead) | |||
| - VerifyAPIHttpsSSL: Validate eAPI HTTPS SSL profile status. | |||
|
|
|||
| - (New) AvdTestStun (No Ansible tags, use the new `skipped_tests` variable instead) | |||
| - AvdTestStun: Validate STUN clients source address and port. | |||
There was a problem hiding this comment.
Can we add more details about the test here? Since it's related to WAN devices, we should mention it somehow.
|
|
||
| class AvdTestStun(AvdTestBase): | ||
| """ | ||
| AvdTestStun class for STUN tests. |
There was a problem hiding this comment.
I know this follows the other test classes, but I think we should give more details here, especially since it's related to WAN devices.
|
|
||
| # Check if there are any path groups with STUN configuration | ||
| if (path_groups := get(self.structured_config, "router_path_selection.path_groups")) is None: | ||
| LOGGER.info("No local interface found with STUN configuration. %s is skipped.", self.__class__.__name__) |
There was a problem hiding this comment.
We are checking for path_groups but the log says local interface? Shouldn't we loop over the path_groups for local interfaces instead? If not the log message is misleading.
| stun_interfaces = [ | ||
| local_interfaces.get("name") | ||
| for path_group in path_groups | ||
| for local_interfaces in path_group.get("local_interfaces") | ||
| if get(local_interfaces, "stun.server_profiles") is not None | ||
| ] |
There was a problem hiding this comment.
Might be helpful to take a look at the mixin classes under plugin_utils/eos_validate_state_utils. There are validations methods you can use to make sure the data is present and logs accordingly.
| interfaces_data = get(self.structured_config, "ethernet_interfaces") | ||
| interface_address = get_item(interfaces_data, "name", source_interface) | ||
| ip_address = interface_address.get("ip_address") |
There was a problem hiding this comment.
Same thing here. I think you could leverage the get_interface_ip method of the mixin class.
| LOGGER.info("No IP address found for interface %s. Skipping this interface.", source_interface) | ||
| continue | ||
| source_address = ip_address.split("/")[0] | ||
| source_port = 4500 # TODO: Keeping source port as default 4500. We might need to change it later. |
There was a problem hiding this comment.
Is there a source_port key in the structured config?
There was a problem hiding this comment.
no not right now hence keeping it 4500 which we will change once it is supported in structured config
| { | ||
| "VerifyStunClient": { | ||
| "stun_clients": [{"source_address": source_address, "source_port": source_port}], | ||
| "result_overwrite": {"custom_field": f"source address: {source_address} source port: {source_port}"}, |
There was a problem hiding this comment.
| "result_overwrite": {"custom_field": f"source address: {source_address} source port: {source_port}"}, | |
| "result_overwrite": {"custom_field": f"Source IPv4 Address: {source_address} Source Port: {source_port}"}, |
There was a problem hiding this comment.
Could this be IPv6? If so you can adjust my suggestion.
| ) | ||
|
|
||
| # Return the ANTA tests as a dictionary | ||
| return {self.anta_module: anta_tests} |
There was a problem hiding this comment.
Could anta_tests be an empty list? If so we need to return None instead like the other tests.
Change Summary
Added the validation for STUN client configuration.
Related Issue(s)
Fixes #3889
Component(s) name
arista.avd.eos_validate_stateProposed changes
We have the ANTA testcase ready for validate the STUN client configuration hence added the support in AVD. Right now it will collect the all the local interfaces from path group where stun server profiles are attached. Source port is 4500(default) for now.
How to test
Run the molecule or test it on lab with eos_validate_state in playbook.
Note: Need ANTA==0.14.0 to test this.
Checklist
User Checklist
Repository Checklist