Merge branch 'devel' into single_uplink_to_mlag_pair

ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/configs/cv-pathfinder-pathfinder.cfg

@@ -176,28 +176,13 @@ vrf instance MGMT
 !
 ip security
    !
-   ike policy DP-IKE-POLICY
-      local-id 192.168.144.1
-   !
    ike policy CP-IKE-POLICY
       local-id 192.168.144.1
    !
-   sa policy DP-SA-POLICY
-      esp encryption aes128
-      pfs dh-group 14
-   !
    sa policy CP-SA-POLICY
       esp encryption aes128
       pfs dh-group 14
    !
-   profile DP-PROFILE
-      ike-policy DP-IKE-POLICY
-      sa-policy DP-SA-POLICY
-      connection start
-      shared-key 7 ABCDEF1234567890666
-      dpd 10 50 clear
-      mode transport
-   !
    profile CP-PROFILE
       ike-policy CP-IKE-POLICY
       sa-policy CP-SA-POLICY

ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/configs/cv-pathfinder-pathfinder1.cfg

@@ -179,28 +179,13 @@ vrf instance MGMT
 !
 ip security
    !
-   ike policy DP-IKE-POLICY
-      local-id 192.168.144.2
-   !
    ike policy CP-IKE-POLICY
       local-id 192.168.144.2
    !
-   sa policy DP-SA-POLICY
-      esp encryption aes128
-      pfs dh-group 14
-   !
    sa policy CP-SA-POLICY
       esp encryption aes128
       pfs dh-group 14
    !
-   profile DP-PROFILE
-      ike-policy DP-IKE-POLICY
-      sa-policy DP-SA-POLICY
-      connection start
-      shared-key 7 ABCDEF1234567890666
-      dpd 10 50 clear
-      mode transport
-   !
    profile CP-PROFILE
       ike-policy CP-IKE-POLICY
       sa-policy CP-SA-POLICY

ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/configs/cv-pathfinder-pathfinder2.cfg

@@ -186,28 +186,13 @@ vrf instance MGMT
 !
 ip security
    !
-   ike policy DP-IKE-POLICY
-      local-id 192.168.144.3
-   !
    ike policy CP-IKE-POLICY
       local-id 192.168.144.3
    !
-   sa policy DP-SA-POLICY
-      esp encryption aes128
-      pfs dh-group 14
-   !
    sa policy CP-SA-POLICY
       esp encryption aes128
       pfs dh-group 14
    !
-   profile DP-PROFILE
-      ike-policy DP-IKE-POLICY
-      sa-policy DP-SA-POLICY
-      connection start
-      shared-key 7 ABCDEF1234567890666
-      dpd 10 50 clear
-      mode transport
-   !
    profile CP-PROFILE
       ike-policy CP-IKE-POLICY
       sa-policy CP-SA-POLICY

ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/structured_configs/cv-pathfinder-pathfinder.yml

@@ -160,30 +160,14 @@ flow_tracking:
     shutdown: false
 ip_security:
   ike_policies:
-  - name: DP-IKE-POLICY
-    local_id: 192.168.144.1
   - name: CP-IKE-POLICY
     local_id: 192.168.144.1
   sa_policies:
-  - name: DP-SA-POLICY
-    esp:
-      encryption: aes128
-    pfs_dh_group: 14
   - name: CP-SA-POLICY
     esp:
       encryption: aes128
     pfs_dh_group: 14
   profiles:
-  - name: DP-PROFILE
-    ike_policy: DP-IKE-POLICY
-    sa_policy: DP-SA-POLICY
-    connection: start
-    shared_key: ABCDEF1234567890666
-    dpd:
-      interval: 10
-      time: 50
-      action: clear
-    mode: transport
   - name: CP-PROFILE
     ike_policy: CP-IKE-POLICY
     sa_policy: CP-SA-POLICY

ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/structured_configs/cv-pathfinder-pathfinder1.yml

@@ -169,30 +169,14 @@ flow_tracking:
     shutdown: false
 ip_security:
   ike_policies:
-  - name: DP-IKE-POLICY
-    local_id: 192.168.144.2
   - name: CP-IKE-POLICY
     local_id: 192.168.144.2
   sa_policies:
-  - name: DP-SA-POLICY
-    esp:
-      encryption: aes128
-    pfs_dh_group: 14
   - name: CP-SA-POLICY
     esp:
       encryption: aes128
     pfs_dh_group: 14
   profiles:
-  - name: DP-PROFILE
-    ike_policy: DP-IKE-POLICY
-    sa_policy: DP-SA-POLICY
-    connection: start
-    shared_key: ABCDEF1234567890666
-    dpd:
-      interval: 10
-      time: 50
-      action: clear
-    mode: transport
   - name: CP-PROFILE
     ike_policy: CP-IKE-POLICY
     sa_policy: CP-SA-POLICY

ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/structured_configs/cv-pathfinder-pathfinder2.yml

@@ -176,30 +176,14 @@ flow_tracking:
     shutdown: false
 ip_security:
   ike_policies:
-  - name: DP-IKE-POLICY
-    local_id: 192.168.144.3
   - name: CP-IKE-POLICY
     local_id: 192.168.144.3
   sa_policies:
-  - name: DP-SA-POLICY
-    esp:
-      encryption: aes128
-    pfs_dh_group: 14
   - name: CP-SA-POLICY
     esp:
       encryption: aes128
     pfs_dh_group: 14
   profiles:
-  - name: DP-PROFILE
-    ike_policy: DP-IKE-POLICY
-    sa_policy: DP-SA-POLICY
-    connection: start
-    shared_key: ABCDEF1234567890666
-    dpd:
-      interval: 10
-      time: 50
-      action: clear
-    mode: transport
   - name: CP-PROFILE
     ike_policy: CP-IKE-POLICY
     sa_policy: CP-SA-POLICY

ansible_collections/arista/avd/roles/eos_designs/python_modules/overlay/ip_security.py

@@ -35,7 +35,7 @@ def ip_security(self) -> dict | None:
         # Structure initialization
         ip_security = {"ike_policies": [], "sa_policies": [], "profiles": []}
 
-        if (data_plane := get(wan_ipsec_profiles, "data_plane")) is not None:
+        if self.shared_utils.wan_role == "client" and (data_plane := get(wan_ipsec_profiles, "data_plane")) is not None:
             self._append_data_plane(ip_security, data_plane)
         control_plane = get(wan_ipsec_profiles, "control_plane", required=True)
         self._append_control_plane(ip_security, control_plane)