From abf7650ad4e2b6ee94aa74dbbd48772a3e3e820e Mon Sep 17 00:00:00 2001 From: Vibhu-gslab <109593615+Vibhu-gslab@users.noreply.github.com> Date: Thu, 20 Jun 2024 18:49:35 +0530 Subject: [PATCH] Feat(eos_cli_config_gen): Add support for permit response traffic nat under ip acls (#4128) Co-authored-by: Claus Holbech --- .../eos_cli_config_gen/documentation/devices/acl.md | 2 ++ .../molecule/eos_cli_config_gen/intended/configs/acl.cfg | 1 + .../eos_cli_config_gen/inventory/host_vars/acl.yml | 1 + .../roles/eos_cli_config_gen/docs/tables/access-lists.md | 5 +++++ .../j2templates/documentation/access-lists.j2 | 3 +++ .../_eos_cli_config_gen/j2templates/eos/access-lists.j2 | 3 +++ .../schema/eos_cli_config_gen.jsonschema.json | 8 ++++++++ .../schema/eos_cli_config_gen.schema.yml | 7 +++++++ .../schema/schema_fragments/access_lists.schema.yml | 7 +++++++ .../pyavd/_eos_designs/schema/eos_designs.jsonschema.json | 8 ++++++++ 10 files changed, 45 insertions(+) diff --git a/ansible_collections/arista/avd/molecule/eos_cli_config_gen/documentation/devices/acl.md b/ansible_collections/arista/avd/molecule/eos_cli_config_gen/documentation/devices/acl.md index 12b93f5d3da..b4bad296b90 100644 --- a/ansible_collections/arista/avd/molecule/eos_cli_config_gen/documentation/devices/acl.md +++ b/ansible_collections/arista/avd/molecule/eos_cli_config_gen/documentation/devices/acl.md @@ -139,6 +139,7 @@ ACL has counting mode `counters per-entry` enabled! | 10 | remark ACL to restrict access RFC1918 addresses | | 20 | permit ip 10.0.0.0/8 any | | 30 | permit ip 192.0.2.0/24 any | +| - | permit response traffic nat | ##### ACL-03 @@ -167,6 +168,7 @@ ip access-list ACL-02 10 remark ACL to restrict access RFC1918 addresses 20 permit ip 10.0.0.0/8 any 30 permit ip 192.0.2.0/24 any + permit response traffic nat ! ip access-list ACL-03 10 remark ACL to restrict access RFC1918 addresses diff --git a/ansible_collections/arista/avd/molecule/eos_cli_config_gen/intended/configs/acl.cfg b/ansible_collections/arista/avd/molecule/eos_cli_config_gen/intended/configs/acl.cfg index c687efd7e75..842086c8759 100644 --- a/ansible_collections/arista/avd/molecule/eos_cli_config_gen/intended/configs/acl.cfg +++ b/ansible_collections/arista/avd/molecule/eos_cli_config_gen/intended/configs/acl.cfg @@ -27,6 +27,7 @@ ip access-list ACL-02 10 remark ACL to restrict access RFC1918 addresses 20 permit ip 10.0.0.0/8 any 30 permit ip 192.0.2.0/24 any + permit response traffic nat ! ip access-list ACL-03 10 remark ACL to restrict access RFC1918 addresses diff --git a/ansible_collections/arista/avd/molecule/eos_cli_config_gen/inventory/host_vars/acl.yml b/ansible_collections/arista/avd/molecule/eos_cli_config_gen/inventory/host_vars/acl.yml index 57a77106c5e..5a53f83189e 100644 --- a/ansible_collections/arista/avd/molecule/eos_cli_config_gen/inventory/host_vars/acl.yml +++ b/ansible_collections/arista/avd/molecule/eos_cli_config_gen/inventory/host_vars/acl.yml @@ -10,6 +10,7 @@ access_lists: action: "permit ip 192.0.2.0/24 any" - name: ACL-02 counters_per_entry: true + permit_response_traffic: nat sequence_numbers: - sequence: 10 action: "remark ACL to restrict access RFC1918 addresses" diff --git a/ansible_collections/arista/avd/roles/eos_cli_config_gen/docs/tables/access-lists.md b/ansible_collections/arista/avd/roles/eos_cli_config_gen/docs/tables/access-lists.md index 9ae60b719cf..a054ae53c5a 100644 --- a/ansible_collections/arista/avd/roles/eos_cli_config_gen/docs/tables/access-lists.md +++ b/ansible_collections/arista/avd/roles/eos_cli_config_gen/docs/tables/access-lists.md @@ -10,6 +10,7 @@ | [access_lists](## "access_lists") | List, items: Dictionary | | | | | | [  - name](## "access_lists.[].name") | String | Required, Unique | | | Access-list Name. | | [    counters_per_entry](## "access_lists.[].counters_per_entry") | Boolean | | | | | + | [    permit_response_traffic](## "access_lists.[].permit_response_traffic") | String | | | Valid Values:
- nat | Permit response traffic automatically based on NAT translations.
Minimum EOS version requirement 4.32.2F. | | [    sequence_numbers](## "access_lists.[].sequence_numbers") | List, items: Dictionary | Required | | | | | [      - sequence](## "access_lists.[].sequence_numbers.[].sequence") | Integer | Required, Unique | | | Sequence ID. | | [        action](## "access_lists.[].sequence_numbers.[].action") | String | Required | | | Action as string.
Example: "deny ip any any"
| @@ -22,6 +23,10 @@ # Access-list Name. - name: counters_per_entry: + + # Permit response traffic automatically based on NAT translations. + # Minimum EOS version requirement 4.32.2F. + permit_response_traffic: sequence_numbers: # required # Sequence ID. diff --git a/python-avd/pyavd/_eos_cli_config_gen/j2templates/documentation/access-lists.j2 b/python-avd/pyavd/_eos_cli_config_gen/j2templates/documentation/access-lists.j2 index c7f511c545c..98acf791f58 100644 --- a/python-avd/pyavd/_eos_cli_config_gen/j2templates/documentation/access-lists.j2 +++ b/python-avd/pyavd/_eos_cli_config_gen/j2templates/documentation/access-lists.j2 @@ -22,6 +22,9 @@ ACL has counting mode `counters per-entry` enabled! {% for sequence in access_list.sequence_numbers | arista.avd.natural_sort('sequence') %} | {{ sequence.sequence }} | {{ sequence.action }} | {% endfor %} +{% if access_list.permit_response_traffic is arista.avd.defined %} +| - | permit response traffic {{ access_list.permit_response_traffic }} | +{% endif %} {% endfor %} #### Extended Access-lists Device Configuration diff --git a/python-avd/pyavd/_eos_cli_config_gen/j2templates/eos/access-lists.j2 b/python-avd/pyavd/_eos_cli_config_gen/j2templates/eos/access-lists.j2 index e1834822bf0..1e09187beaa 100644 --- a/python-avd/pyavd/_eos_cli_config_gen/j2templates/eos/access-lists.j2 +++ b/python-avd/pyavd/_eos_cli_config_gen/j2templates/eos/access-lists.j2 @@ -15,4 +15,7 @@ ip access-list {{ access_list.name }} {{ sequence.sequence }} {{ sequence.action }} {% endif %} {% endfor %} +{% if access_list.permit_response_traffic is arista.avd.defined %} + permit response traffic {{ access_list.permit_response_traffic }} +{% endif %} {% endfor %} diff --git a/python-avd/pyavd/_eos_cli_config_gen/schema/eos_cli_config_gen.jsonschema.json b/python-avd/pyavd/_eos_cli_config_gen/schema/eos_cli_config_gen.jsonschema.json index 5583e6bfb9e..6a880c63802 100644 --- a/python-avd/pyavd/_eos_cli_config_gen/schema/eos_cli_config_gen.jsonschema.json +++ b/python-avd/pyavd/_eos_cli_config_gen/schema/eos_cli_config_gen.jsonschema.json @@ -538,6 +538,14 @@ "type": "boolean", "title": "Counters Per Entry" }, + "permit_response_traffic": { + "type": "string", + "enum": [ + "nat" + ], + "description": "Permit response traffic automatically based on NAT translations.\nMinimum EOS version requirement 4.32.2F.", + "title": "Permit Response Traffic" + }, "sequence_numbers": { "type": "array", "items": { diff --git a/python-avd/pyavd/_eos_cli_config_gen/schema/eos_cli_config_gen.schema.yml b/python-avd/pyavd/_eos_cli_config_gen/schema/eos_cli_config_gen.schema.yml index 0b31ee1f4ca..1253ccf9a91 100644 --- a/python-avd/pyavd/_eos_cli_config_gen/schema/eos_cli_config_gen.schema.yml +++ b/python-avd/pyavd/_eos_cli_config_gen/schema/eos_cli_config_gen.schema.yml @@ -338,6 +338,13 @@ keys: - int counters_per_entry: type: bool + permit_response_traffic: + type: str + valid_values: + - nat + description: 'Permit response traffic automatically based on NAT translations. + + Minimum EOS version requirement 4.32.2F.' sequence_numbers: type: list required: true diff --git a/python-avd/pyavd/_eos_cli_config_gen/schema/schema_fragments/access_lists.schema.yml b/python-avd/pyavd/_eos_cli_config_gen/schema/schema_fragments/access_lists.schema.yml index 2a1c6af1f0a..1066d76d8fe 100644 --- a/python-avd/pyavd/_eos_cli_config_gen/schema/schema_fragments/access_lists.schema.yml +++ b/python-avd/pyavd/_eos_cli_config_gen/schema/schema_fragments/access_lists.schema.yml @@ -21,6 +21,13 @@ keys: convert_types: [ int ] counters_per_entry: type: bool + permit_response_traffic: + type: str + valid_values: + - nat + description: |- + Permit response traffic automatically based on NAT translations. + Minimum EOS version requirement 4.32.2F. sequence_numbers: type: list required: true diff --git a/python-avd/pyavd/_eos_designs/schema/eos_designs.jsonschema.json b/python-avd/pyavd/_eos_designs/schema/eos_designs.jsonschema.json index b8eb00784b4..1d9e467b22d 100644 --- a/python-avd/pyavd/_eos_designs/schema/eos_designs.jsonschema.json +++ b/python-avd/pyavd/_eos_designs/schema/eos_designs.jsonschema.json @@ -18397,6 +18397,14 @@ "type": "boolean", "title": "Counters Per Entry" }, + "permit_response_traffic": { + "type": "string", + "enum": [ + "nat" + ], + "description": "Permit response traffic automatically based on NAT translations.\nMinimum EOS version requirement 4.32.2F.", + "title": "Permit Response Traffic" + }, "sequence_numbers": { "type": "array", "items": {