Fix(eos_cli_config_gen): MAC Security key fallback configured even if…

… set to false (#3437) Co-authored-by: Claus Holbech <[email protected]>
aristanetworks · Dec 15, 2023 · 718a99d · 718a99d
1 parent c44d663
commit 718a99d
Show file tree

Hide file tree

Showing 6 changed files with 31 additions and 5 deletions.
diff --git a/...olecule/eos_cli_config_gen/documentation/devices/mac-security-eth-po-entropy.md b/...olecule/eos_cli_config_gen/documentation/devices/mac-security-eth-po-entropy.md
@@ -147,7 +147,7 @@ FIPS restrictions enabled.
 ###### Keys
 
 | Key ID | Fallback |
-| ------ |  -------- |
+| ------ | -------- |
 | 1234a | - |
 | 1234c | True |
 
@@ -168,9 +168,23 @@ FIPS restrictions enabled.
 ###### Keys
 
 | Key ID | Fallback |
-| ------ |  -------- |
+| ------ | -------- |
 | 1234b | - |
 
+##### Profile A3
+
+###### Settings
+
+| Cipher | Key-Server Priority | Rekey-Period | SCI |
+| ------ | ------------------- | ------------ | --- |
+| aes256-gcm-xpn | - | - | - |
+
+###### Keys
+
+| Key ID | Fallback |
+| ------ | -------- |
+| ab | False |
+
 ### MACsec Device Configuration
 
 ```eos
@@ -189,4 +203,7 @@ mac security
       l2-protocol lldp bypass unauthorized
    profile A2
       key 1234b 7 <removed>
+   profile A3
+      cipher aes256-gcm-xpn
+      key ab 7 <removed>
 ```
diff --git a/...s/arista/avd/molecule/eos_cli_config_gen/intended/configs/mac-security-eth-po-entropy.cfg b/...s/arista/avd/molecule/eos_cli_config_gen/intended/configs/mac-security-eth-po-entropy.cfg
@@ -16,6 +16,9 @@ mac security
       l2-protocol lldp bypass unauthorized
    profile A2
       key 1234b 7 12485744465E5A53
+   profile A3
+      cipher aes256-gcm-xpn
+      key ab 7 10195F4C5144405A
 !
 hostname mac-security-eth-po-entropy
 !

diff --git a/...rista/avd/molecule/eos_cli_config_gen/inventory/host_vars/mac-security-eth-po-entropy.yml b/...rista/avd/molecule/eos_cli_config_gen/inventory/host_vars/mac-security-eth-po-entropy.yml
@@ -24,6 +24,12 @@ mac_security:
       connection_keys:
         - id: 1234b
           encrypted_key: 12485744465E5A53
+    - name: A3
+      cipher: aes256-gcm-xpn
+      connection_keys:
+        - id: ab
+          encrypted_key: 10195F4C5144405A
+          fallback: false
 
 ### Mgmt sec
 management_security:

diff --git a/.../avd/molecule/eos_cli_config_gen_deprecated_vars/documentation/devices/host1.md b/.../avd/molecule/eos_cli_config_gen_deprecated_vars/documentation/devices/host1.md
@@ -1640,7 +1640,7 @@ FIPS restrictions enabled.
 ###### Keys
 
 | Key ID | Fallback |
-| ------ |  -------- |
+| ------ | -------- |
 | 1234b | - |
 
 ### MACsec Device Configuration

diff --git a/...e_collections/arista/avd/roles/eos_cli_config_gen/templates/documentation/mac-security.j2 b/...e_collections/arista/avd/roles/eos_cli_config_gen/templates/documentation/mac-security.j2
@@ -40,7 +40,7 @@ FIPS restrictions enabled.
 ###### Keys
 
 | Key ID | Fallback |
-| ------ |  -------- |
+| ------ | -------- |
 {%                 for connection_key in profile.connection_keys | arista.avd.natural_sort('id') %}
 {%                     if connection_key.encrypted_key is arista.avd.defined %}
 {%                         set fallback = connection_key.fallback | arista.avd.default('-') %}

diff --git a/ansible_collections/arista/avd/roles/eos_cli_config_gen/templates/eos/mac-security.j2 b/ansible_collections/arista/avd/roles/eos_cli_config_gen/templates/eos/mac-security.j2
@@ -22,7 +22,7 @@ mac security
 {%         for connection_key in profile.connection_keys | arista.avd.natural_sort('id') %}
 {%             if connection_key.encrypted_key is arista.avd.defined %}
 {%                 set key_cli = "key " ~ connection_key.id ~ " 7 " ~ connection_key.encrypted_key | arista.avd.hide_passwords(hide_passwords) %}
-{%                 if connection_key.fallback is arista.avd.defined %}
+{%                 if connection_key.fallback is arista.avd.defined(true) %}
 {%                     set key_cli = key_cli ~ " fallback" %}
 {%                 endif %}
       {{ key_cli }}