Feat(eos_cli_config_gen): Add CRL support for management security

ansible_collections/arista/avd/molecule/eos_cli_config_gen/documentation/devices/mac-security-eth-po-entropy.md

@@ -54,9 +54,9 @@ interface Management1
 
 ### Management Security SSL Profiles
 
-| SSL Profile Name | TLS protocol accepted | Certificate filename | Key filename | Cipher List |
-| ---------------- | --------------------- | -------------------- | ------------ | ----------- |
-| SSL_PROFILE | 1.1 1.2 | SSL_CERT | SSL_KEY | - |
+| SSL Profile Name | TLS protocol accepted | Certificate filename | Key filename | Cipher List | CRLs |
+| ---------------- | --------------------- | -------------------- | ------------ | ----------- | ---- |
+| SSL_PROFILE | 1.1 1.2 | SSL_CERT | SSL_KEY | - | - |
 
 ### Management Security Device Configuration
 

ansible_collections/arista/avd/molecule/eos_cli_config_gen/documentation/devices/management-security.md

@@ -55,17 +55,17 @@ interface Management1
 
 ### Management Security SSL Profiles
 
-| SSL Profile Name | TLS protocol accepted | Certificate filename | Key filename | Cipher List |
-| ---------------- | --------------------- | -------------------- | ------------ | ----------- |
-| certificate-profile | - | eAPI.crt | eAPI.key | - |
-| cipher-list-profile | - | - | - | ECDHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-SHA384 |
-| test1-chain-cert | - | - | - | - |
-| test1-trust-cert | - | - | - | - |
-| test2-chain-cert | - | - | - | - |
-| test2-trust-cert | - | - | - | - |
-| tls-single-version-profile-as-float | 1.0 | - | - | - |
-| tls-single-version-profile-as-string | 1.1 | - | - | - |
-| tls-versions-profile | 1.0 1.1 | - | - | - |
+| SSL Profile Name | TLS protocol accepted | Certificate filename | Key filename | Cipher List | CRLs |
+| ---------------- | --------------------- | -------------------- | ------------ | ----------- | ---- |
+| certificate-profile | - | eAPI.crt | eAPI.key | - | ca.crl<br>intermediate.crl |
+| cipher-list-profile | - | - | - | ECDHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-SHA384 | - |
+| test1-chain-cert | - | - | - | - | - |
+| test1-trust-cert | - | - | - | - | - |
+| test2-chain-cert | - | - | - | - | - |
+| test2-trust-cert | - | - | - | - | - |
+| tls-single-version-profile-as-float | 1.0 | - | - | - | - |
+| tls-single-version-profile-as-string | 1.1 | - | - | - | - |
+| tls-versions-profile | 1.0 1.1 | - | - | - | - |
 
 ### SSL profile test1-chain-cert Certificates Summary
 
@@ -116,6 +116,8 @@ management security
       maximum sequential 7
    ssl profile certificate-profile
       certificate eAPI.crt key eAPI.key
+      crl ca.crl
+      crl intermediate.crl
    ssl profile cipher-list-profile
       cipher-list ECDHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-SHA384
    ssl profile test1-chain-cert

ansible_collections/arista/avd/molecule/eos_cli_config_gen/intended/configs/management-security.cfg

@@ -27,6 +27,8 @@ management security
       maximum sequential 7
    ssl profile certificate-profile
       certificate eAPI.crt key eAPI.key
+      crl ca.crl
+      crl intermediate.crl
    ssl profile cipher-list-profile
       cipher-list ECDHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-SHA384
    ssl profile test1-chain-cert

ansible_collections/arista/avd/molecule/eos_cli_config_gen/inventory/host_vars/management-security.yml

@@ -25,6 +25,9 @@ management_security:
       certificate:
         file: eAPI.crt
         key: eAPI.key
+      certificate_revocation_lists:
+        - intermediate.crl
+        - ca.crl
     - name: tls-single-version-profile-as-string
       tls_versions: "1.1"
     - name: tls-single-version-profile-as-float

ansible_collections/arista/avd/roles/eos_cli_config_gen/docs/tables/management-security.md

@@ -45,6 +45,8 @@
     | [<samp>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;certificate</samp>](## "management_security.ssl_profiles.[].certificate") | Dictionary |  |  |  |  |
     | [<samp>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;file</samp>](## "management_security.ssl_profiles.[].certificate.file") | String |  |  |  |  |
     | [<samp>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;key</samp>](## "management_security.ssl_profiles.[].certificate.key") | String |  |  |  |  |
+    | [<samp>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;certificate_revocation_lists</samp>](## "management_security.ssl_profiles.[].certificate_revocation_lists") | List, items: String |  |  |  | List of CRLs (Certificate Revocation List).<br>If specified, one CRL needs to be provided for every certificate in the chain, even if the revocation list in the CRL is empty.<br> |
+    | [<samp>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;-&nbsp;&lt;str&gt;</samp>](## "management_security.ssl_profiles.[].certificate_revocation_lists.[]") | String |  |  |  |  |
 
 === "YAML"
 
@@ -109,4 +111,9 @@
           certificate:
             file: <str>
             key: <str>
+
+          # List of CRLs (Certificate Revocation List).
+          # If specified, one CRL needs to be provided for every certificate in the chain, even if the revocation list in the CRL is empty.
+          certificate_revocation_lists:
+            - <str>
     ```

ansible_collections/arista/avd/roles/eos_cli_config_gen/schemas/schema_fragments/management_security.schema.yml

@@ -154,3 +154,10 @@ keys:
                   type: str
                 key:
                   type: str
+            certificate_revocation_lists:
+              type: list
+              description: |
+                List of CRLs (Certificate Revocation List).
+                If specified, one CRL needs to be provided for every certificate in the chain, even if the revocation list in the CRL is empty.
+              items:
+                type: str

ansible_collections/arista/avd/roles/eos_cli_config_gen/templates/documentation/management-security.j2

@@ -28,11 +28,15 @@
 
 ### Management Security SSL Profiles
 
-| SSL Profile Name | TLS protocol accepted | Certificate filename | Key filename | Cipher List |
-| ---------------- | --------------------- | -------------------- | ------------ | ----------- |
+| SSL Profile Name | TLS protocol accepted | Certificate filename | Key filename | Cipher List | CRLs |
+| ---------------- | --------------------- | -------------------- | ------------ | ----------- | ---- |
 {%         set ssl_profiles_certs = [] %}
 {%         for ssl_profile in management_security.ssl_profiles | arista.avd.natural_sort %}
-| {{ ssl_profile.name | arista.avd.default('-') }} | {{ ssl_profile.tls_versions | arista.avd.default('-') }} | {{ ssl_profile.certificate.file | arista.avd.default('-') }} | {{ ssl_profile.certificate.key | arista.avd.default('-') }} | {{ ssl_profile.cipher_list | arista.avd.default('-') }} |
+{%             set crls = "-" %}
+{%             if ssl_profile.certificate_revocation_lists is arista.avd.defined %}
+{%                 set crls = ssl_profile.certificate_revocation_lists | arista.avd.natural_sort | join("<br>") %}
+{%             endif %}
+| {{ ssl_profile.name | arista.avd.default('-') }} | {{ ssl_profile.tls_versions | arista.avd.default('-') }} | {{ ssl_profile.certificate.file | arista.avd.default('-') }} | {{ ssl_profile.certificate.key | arista.avd.default('-') }} | {{ ssl_profile.cipher_list | arista.avd.default('-') }} | {{ crls }} |
 {%             set tmp_cert = {} %}
 {%             if ssl_profile.trust_certificate is arista.avd.defined %}
 {%                 set tmp_cert = {'trust_certificate': ssl_profile.trust_certificate} %}

ansible_collections/arista/avd/roles/eos_cli_config_gen/templates/eos/management-security.j2

@@ -92,5 +92,8 @@ management security
 {%         if ssl_profile.certificate is arista.avd.defined %}
       certificate {{ ssl_profile.certificate.file }} key {{ ssl_profile.certificate.key }}
 {%         endif %}
+{%         for crl in ssl_profile.certificate_revocation_lists | arista.avd.natural_sort %}
+      crl {{ crl }}
+{%         endfor %}
 {%     endfor %}
 {% endif %}