Bump(eos_validate_state): ANTA Update eos_validate_state code to supp…

…ort ANTA v0.14.0 (#3871)
aristanetworks · Apr 17, 2024 · 7457504 · 7457504
1 parent 6436854
commit 7457504
Show file tree

Hide file tree

Showing 48 changed files with 11,725 additions and 3,635 deletions.
diff --git a/...le_collections/arista/avd/molecule/eos_validate_state/custom_anta_catalogs/DC1_SPINES.yml b/...le_collections/arista/avd/molecule/eos_validate_state/custom_anta_catalogs/DC1_SPINES.yml
@@ -2,6 +2,7 @@
 # These tests will be added to devices part of the DC1_SPINES group
 anta.tests.interfaces:
   - VerifyInterfaceUtilization:
+      threshold: 70.0
   - VerifyInterfaceErrors:
   - VerifyInterfaceDiscards:
   - VerifyInterfaceErrDisabled:
@@ -112,7 +113,65 @@ anta.tests.routing:
               - 10.1.255.0
               - 10.1.255.2
               - 10.1.255.4
+    - VerifyBGPExchangedRoutes:
+        bgp_peers:
+          - peer_address: 172.30.255.5
+            vrf: default
+            advertised_routes:
+              - 192.0.254.5/32
+            received_routes:
+              - 192.0.255.4/32
+          - peer_address: 172.30.255.1
+            vrf: default
+            advertised_routes:
+              - 192.0.255.1/32
+              - 192.0.254.5/32
+            received_routes:
+              - 192.0.254.3/32
+    - VerifyBGPPeerMPCaps:
+        bgp_peers:
+          - peer_address: 172.30.11.1
+            vrf: default
+            capabilities:
+              - ipv4Unicast
+    - VerifyBGPPeerASNCap:
+        bgp_peers:
+          - peer_address: 172.30.11.1
+            vrf: default
+    - VerifyBGPPeerRouteRefreshCap:
+        bgp_peers:
+          - peer_address: 172.30.11.1
+            vrf: default
+    - VerifyBGPPeerMD5Auth:
+        bgp_peers:
+          - peer_address: 172.30.11.1
+            vrf: default
+          - peer_address: 172.30.11.5
+            vrf: default
+    - VerifyEVPNType2Route:
+        vxlan_endpoints:
+          - address: 192.168.20.102
+            vni: 10020
+          - address: aac1.ab5d.b41e
+            vni: 10010
+    - VerifyBGPAdvCommunities:
+        bgp_peers:
+          - peer_address: 172.30.11.17
+            vrf: default
+          - peer_address: 172.30.11.21
+            vrf: default
+    - VerifyBGPTimers:
+        bgp_peers:
+          - peer_address: 172.30.11.1
+            vrf: default
+            hold_time: 180
+            keep_alive_time: 60
+          - peer_address: 172.30.11.5
+            vrf: default
+            hold_time: 180
+            keep_alive_time: 60
   ospf:
     - VerifyOSPFNeighborState:
     - VerifyOSPFNeighborCount:
         number: 3
+    - VerifyOSPFMaxLSA:
diff --git a/ansible_collections/arista/avd/molecule/eos_validate_state/custom_anta_catalogs/all.yml b/ansible_collections/arista/avd/molecule/eos_validate_state/custom_anta_catalogs/all.yml
@@ -59,6 +59,130 @@ anta.tests.field_notices:
   - VerifyFieldNotice44Resolution:
   - VerifyFieldNotice72Resolution:
 
+anta.tests.greent:
+  - VerifyGreenT:
+  - VerifyGreenTCounters:
+
+anta.tests.lanz:
+  - VerifyLANZ:
+
+anta.tests.ptp:
+  - VerifyPtpModeStatus:
+  - VerifyPtpGMStatus:
+      gmid: 0xec:46:70:ff:fe:00:ff:a9
+  - VerifyPtpLockStatus:
+  - VerifyPtpOffset:
+  - VerifyPtpPortModeStatus:
+
+anta.tests.security:
+  - VerifySSHStatus:
+  - VerifySSHIPv4Acl:
+      number: 3
+      vrf: default
+  - VerifySSHIPv6Acl:
+      number: 3
+      vrf: default
+  - VerifyTelnetStatus:
+  - VerifyAPIHttpStatus:
+  - VerifyAPIHttpsSSL:
+      profile: default
+  - VerifyAPIIPv4Acl:
+      number: 3
+      vrf: default
+  - VerifyAPIIPv6Acl:
+      number: 3
+      vrf: default
+  - VerifyAPISSLCertificate:
+      certificates:
+        - certificate_name: ARISTA_SIGNING_CA.crt
+          expiry_threshold: 30
+          common_name: AristaIT-ICA ECDSA Issuing Cert Authority
+          encryption_algorithm: ECDSA
+          key_size: 256
+        - certificate_name: ARISTA_ROOT_CA.crt
+          expiry_threshold: 30
+          common_name: Arista Networks Internal IT Root Cert Authority
+          encryption_algorithm: RSA
+          key_size: 4096
+  - VerifyBannerLogin:
+      login_banner: |
+          # Copyright (c) 2023-2024 Arista Networks, Inc.
+          # Use of this source code is governed by the Apache License 2.0
+          # that can be found in the LICENSE file.
+  - VerifyBannerMotd:
+      motd_banner: |
+          # Copyright (c) 2023-2024 Arista Networks, Inc.
+          # Use of this source code is governed by the Apache License 2.0
+          # that can be found in the LICENSE file.
+  - VerifyIPv4ACL:
+      ipv4_access_lists:
+        - name: default-control-plane-acl
+          entries:
+            - sequence: 10
+              action: permit icmp any any
+            - sequence: 20
+              action: permit ip any any tracked
+            - sequence: 30
+              action: permit udp any any eq bfd ttl eq 255
+        - name: LabTest
+          entries:
+            - sequence: 10
+              action: permit icmp any any
+            - sequence: 20
+              action: permit tcp any any range 5900 5910
+  - VerifyIPSecConnHealth:
+  - VerifySpecificIPSecConn:
+      ip_security_connections:
+        - peer: 10.255.0.1
+        - peer: 10.255.0.2
+          vrf: default
+          connections:
+            - source_address: 100.64.3.2
+              destination_address: 100.64.2.2
+            - source_address: 172.18.3.2
+              destination_address: 172.18.2.2
+
+anta.tests.services:
+  - VerifyHostname:
+      hostname: s1-spine1
+  - VerifyDNSLookup:
+      domain_names:
+        - arista.com
+        - www.google.com
+        - arista.ca
+  - VerifyDNSServers:
+      dns_servers:
+        - server_address: 10.14.0.1
+          vrf: default
+          priority: 1
+        - server_address: 10.14.0.11
+          vrf: MGMT
+          priority: 0
+  - VerifyErrdisableRecovery:
+      reasons:
+        - reason: acl
+          interval: 30
+        - reason: bpduguard
+          interval: 30
+
+anta.tests.stun:
+  - VerifyStunClient:
+      stun_clients:
+        - source_address: 172.18.3.2
+          public_address: 172.18.3.21
+          source_port: 4500
+          public_port: 6006
+        - source_address: 100.64.3.2
+          public_address: 100.64.3.21
+          source_port: 4500
+          public_port: 6006
+
+anta.tests.vlan:
+  - VerifyVlanInternalPolicy:
+      policy: ascending
+      start_vlan_id: 1006
+      end_vlan_id: 4094
+
 # Some of these hardware tests will be duplicated in the catalog, but ANTA will only run them once
 anta.tests.hardware:
   - VerifyTransceiversManufacturers:

diff --git a/...le_collections/arista/avd/molecule/eos_validate_state/custom_anta_catalogs/dc1-leaf1a.yml b/...le_collections/arista/avd/molecule/eos_validate_state/custom_anta_catalogs/dc1-leaf1a.yml
@@ -20,3 +20,6 @@ anta.tests.vxlan:
       vteps:
         - 10.1.1.5
         - 10.1.1.6
+  - VerifyVxlan1ConnSettings:
+      source_interface: Loopback1
+      udp_port: 4789
diff --git a/...ions/arista/avd/molecule/eos_validate_state/intended/test_catalogs/dc1-leaf1a-catalog.yml b/...ions/arista/avd/molecule/eos_validate_state/intended/test_catalogs/dc1-leaf1a-catalog.yml
@@ -275,6 +275,9 @@ anta.tests.connectivity:
 anta.tests.field_notices:
 - VerifyFieldNotice44Resolution: null
 - VerifyFieldNotice72Resolution: null
+anta.tests.greent:
+- VerifyGreenT: null
+- VerifyGreenTCounters: null
 anta.tests.hardware:
 - VerifyEnvironmentPower:
     result_overwrite:
@@ -462,13 +465,22 @@ anta.tests.interfaces:
       status: up
     result_overwrite:
       custom_field: Interface Vxlan1 = 'up'
+anta.tests.lanz:
+- VerifyLANZ: null
 anta.tests.mlag:
 - VerifyMlagStatus: null
 anta.tests.profiles:
 - VerifyUnifiedForwardingTableMode:
     mode: 3
 - VerifyTcamProfile:
     profile: vxlan-routing
+anta.tests.ptp:
+- VerifyPtpModeStatus: null
+- VerifyPtpGMStatus:
+    gmid: 0xec:46:70:ff:fe:00:ff:a9
+- VerifyPtpLockStatus: null
+- VerifyPtpOffset: null
+- VerifyPtpPortModeStatus: null
 anta.tests.routing.bgp:
 - VerifyBGPSpecificPeers:
     address_families:
@@ -634,6 +646,100 @@ anta.tests.security:
     profile: eAPI_SSL_Profile
     result_overwrite:
       custom_field: 'eAPI HTTPS SSL Profile: eAPI_SSL_Profile'
+- VerifySSHStatus: null
+- VerifySSHIPv4Acl:
+    number: 3
+    vrf: default
+- VerifySSHIPv6Acl:
+    number: 3
+    vrf: default
+- VerifyTelnetStatus: null
+- VerifyAPIHttpStatus: null
+- VerifyAPIHttpsSSL:
+    profile: default
+- VerifyAPIIPv4Acl:
+    number: 3
+    vrf: default
+- VerifyAPIIPv6Acl:
+    number: 3
+    vrf: default
+- VerifyAPISSLCertificate:
+    certificates:
+    - certificate_name: ARISTA_SIGNING_CA.crt
+      common_name: AristaIT-ICA ECDSA Issuing Cert Authority
+      encryption_algorithm: ECDSA
+      expiry_threshold: 30
+      key_size: 256
+    - certificate_name: ARISTA_ROOT_CA.crt
+      common_name: Arista Networks Internal IT Root Cert Authority
+      encryption_algorithm: RSA
+      expiry_threshold: 30
+      key_size: 4096
+- VerifyBannerLogin:
+    login_banner: '# Copyright (c) 2023-2024 Arista Networks, Inc.
+
+      # Use of this source code is governed by the Apache License 2.0
+
+      # that can be found in the LICENSE file.
+
+      '
+- VerifyBannerMotd:
+    motd_banner: '# Copyright (c) 2023-2024 Arista Networks, Inc.
+
+      # Use of this source code is governed by the Apache License 2.0
+
+      # that can be found in the LICENSE file.
+
+      '
+- VerifyIPv4ACL:
+    ipv4_access_lists:
+    - entries:
+      - action: permit icmp any any
+        sequence: 10
+      - action: permit ip any any tracked
+        sequence: 20
+      - action: permit udp any any eq bfd ttl eq 255
+        sequence: 30
+      name: default-control-plane-acl
+    - entries:
+      - action: permit icmp any any
+        sequence: 10
+      - action: permit tcp any any range 5900 5910
+        sequence: 20
+      name: LabTest
+- VerifyIPSecConnHealth: null
+- VerifySpecificIPSecConn:
+    ip_security_connections:
+    - peer: 10.255.0.1
+    - connections:
+      - destination_address: 100.64.2.2
+        source_address: 100.64.3.2
+      - destination_address: 172.18.2.2
+        source_address: 172.18.3.2
+      peer: 10.255.0.2
+      vrf: default
+anta.tests.services:
+- VerifyHostname:
+    hostname: s1-spine1
+- VerifyDNSLookup:
+    domain_names:
+    - arista.com
+    - www.google.com
+    - arista.ca
+- VerifyDNSServers:
+    dns_servers:
+    - priority: 1
+      server_address: 10.14.0.1
+      vrf: default
+    - priority: 0
+      server_address: 10.14.0.11
+      vrf: MGMT
+- VerifyErrdisableRecovery:
+    reasons:
+    - interval: 30
+      reason: acl
+    - interval: 30
+      reason: bpduguard
 anta.tests.snmp:
 - VerifySnmpStatus:
     vrf: default
@@ -653,6 +759,17 @@ anta.tests.software:
     - v1.13.6
     - v1.8.0
 - VerifyEOSExtensions: null
+anta.tests.stun:
+- VerifyStunClient:
+    stun_clients:
+    - public_address: 172.18.3.21
+      public_port: 6006
+      source_address: 172.18.3.2
+      source_port: 4500
+    - public_address: 100.64.3.21
+      public_port: 6006
+      source_address: 100.64.3.2
+      source_port: 4500
 anta.tests.system:
 - VerifyNTP: null
 - VerifyUptime:
@@ -664,6 +781,11 @@ anta.tests.system:
 - VerifyMemoryUtilization: null
 - VerifyFileSystemUtilization: null
 - VerifyNTP: null
+anta.tests.vlan:
+- VerifyVlanInternalPolicy:
+    end_vlan_id: 4094
+    policy: ascending
+    start_vlan_id: 1006
 anta.tests.vxlan:
 - VerifyVxlan1Interface: null
 - VerifyVxlanConfigSanity: null
@@ -675,3 +797,6 @@ anta.tests.vxlan:
     vteps:
     - 10.1.1.5
     - 10.1.1.6
+- VerifyVxlan1ConnSettings:
+    source_interface: Loopback1
+    udp_port: 4789