Fix VRFs Template Bug and Update Rules for VRFs and Networks (#165)

* update network rules

* fix bug in vrf template and update rules

* fix lint errors

* add additional trm rules to vrf

* fix lint errors

* add additional trm rules to vrf

* refactor

* updates to use break when rule match encountered

.gitignore

@@ -131,6 +131,9 @@ dmypy.json
 # VSCode
 .vscode/
 
+# Mac OSX
+*.DS_Store
+
 # Ignore Roles Files Directories
 roles/prepare_model/files
 roles/dtc/common/files/*

roles/validate/files/rules/required_rules/402_overlay_services_vrfs.py

@@ -15,12 +15,10 @@ def match(cls, inventory):
                 if inventory["vxlan"].get("global").get("netflow", None):
                     fabric_netflow_status = inventory["vxlan"]["global"]["netflow"].get("enable", False)
 
-        if inventory.get("vxlan", None):
             if inventory["vxlan"].get("underlay", None):
                 if inventory["vxlan"].get("underlay").get("multicast", None):
                     fabric_trm_status = inventory["vxlan"]["underlay"]["multicast"].get("trm_enable", False)
 
-        if inventory.get("vxlan", None):
             if inventory["vxlan"].get("overlay_services", None):
                 if inventory["vxlan"].get("overlay_services").get("vrfs", None):
                     vrfs = inventory["vxlan"]["overlay_services"]["vrfs"]
@@ -33,6 +31,17 @@ def match(cls, inventory):
                         f"For vxlan.overlay_services.vrfs.{vrf['name']}.netflow_enable to be enabled, "
                         f"first vxlan.global.netflow.enable must be enabled (true)."
                     )
+                    break
+
+                if fabric_netflow_status and current_vrf_netflow_status:
+                    current_vrf_netflow_monitor = vrf.get("netflow_monitor", None)
+                    if current_vrf_netflow_monitor is None:
+                        results.append(
+                            f"When vxlan.overlay_services.vrfs.{vrf['name']}.netflow_enable is enabled, "
+                            f"then vxlan.overlay_services.vrfs.{vrf['name']}.netflow_monitor must be set "
+                            "to a valid value from vxlan.global.netflow."
+                        )
+                        break
 
             current_vrf_trm_status = vrf.get("trm_enable", None)
             if current_vrf_trm_status is not None:
@@ -41,5 +50,50 @@ def match(cls, inventory):
                         f"For vxlan.overlay_services.vrfs.{vrf['name']}.trm_enable to be enabled, "
                         f"first vxlan.underlay.multicast.trm_enable must be enabled (true)."
                     )
+                    break
+
+                current_vrf_trm_no_rp = vrf.get("no_rp", None)
+                current_vrf_trm_rp_external = vrf.get("rp_external", None)
+                current_vrf_trm_rp_address = vrf.get("rp_address", None)
+                current_vrf_trm_rp_loopback_id = vrf.get("rp_loopback_id", None)
+                current_vrf_trm_underlay_mcast_ip = vrf.get("underlay_mcast_ip", None)
+                current_vrf_trm_overlay_multicast_group = vrf.get("overlay_multicast_group", None)
+
+                if fabric_trm_status:
+                    if current_vrf_trm_no_rp and current_vrf_trm_underlay_mcast_ip is None:
+                        results.append(
+                            f"When vxlan.overlay_services.vrfs.{vrf['name']}.no_rp is enabled (true), "
+                            f"then vxlan.overlay_services.vrfs.{vrf['name']}.underlay_mcast_ip must be set."
+                        )
+                        break
+
+                    if (current_vrf_trm_no_rp and current_vrf_trm_rp_external or
+                            current_vrf_trm_no_rp and current_vrf_trm_rp_address or
+                            current_vrf_trm_no_rp and current_vrf_trm_rp_loopback_id or
+                            current_vrf_trm_no_rp and current_vrf_trm_overlay_multicast_group):
+                        results.append(
+                            f"When vxlan.overlay_services.vrfs.{vrf['name']}.no_rp is enabled (true), "
+                            f"then vxlan.overlay_services.vrfs.{vrf['name']}.rp_external, "
+                            f"vxlan.overlay_services.vrfs.{vrf['name']}.rp_address, "
+                            f"vxlan.overlay_services.vrfs.{vrf['name']}.rp_loopback_id, "
+                            f"vxlan.overlay_services.vrfs.{vrf['name']}.overlay_multicast_group must be disabled (false)."
+                        )
+                        break
+
+                    if current_vrf_trm_rp_external and current_vrf_trm_rp_loopback_id:
+                        results.append(
+                            f"When vxlan.overlay_services.vrfs.{vrf['name']}.rp_external is enabled (true), "
+                            f"then vxlan.overlay_services.vrfs.{vrf['name']}.rp_loopback_id must be disabled (false)."
+                        )
+                        break
+
+                    if (current_vrf_trm_rp_external and current_vrf_trm_rp_address is None or
+                            current_vrf_trm_rp_external and current_vrf_trm_underlay_mcast_ip is None):
+                        results.append(
+                            f"When vxlan.overlay_services.vrfs.{vrf['name']}.rp_external is enabled (true), "
+                            f"then vxlan.overlay_services.vrfs.{vrf['name']}.rp_address and "
+                            f"vxlan.overlay_services.vrfs.{vrf['name']}.underlay_mcast_ip must be set."
+                        )
+                        break
 
         return results

roles/validate/files/rules/required_rules/403_overlay_services_networks.py

@@ -7,13 +7,19 @@ class Rule:
     def match(cls, inventory):
         results = []
         fabric_netflow_status = False
+        fabric_trm_status = False
         networks = []
 
         if inventory.get("vxlan", None):
             if inventory["vxlan"].get("global", None):
                 if inventory["vxlan"].get("global").get("netflow", None):
                     fabric_netflow_status = inventory["vxlan"]["global"]["netflow"].get("enable", False)
 
+        if inventory.get("vxlan", None):
+            if inventory["vxlan"].get("underlay", None):
+                if inventory["vxlan"].get("underlay").get("multicast", None):
+                    fabric_trm_status = inventory["vxlan"]["underlay"]["multicast"].get("trm_enable", False)
+
         if inventory.get("vxlan", None):
             if inventory["vxlan"].get("overlay_services", None):
                 if inventory["vxlan"].get("overlay_services").get("networks", None):
@@ -27,5 +33,25 @@ def match(cls, inventory):
                         f"For vxlan.overlay_services.networks.{network['name']}.netflow_enable to be enabled, "
                         f"first vxlan.global.netflow.enable must be enabled (true)."
                     )
+                    break
+
+            if fabric_netflow_status and current_network_netflow_status:
+                current_network_netflow_monitor = network.get("vlan_netflow_monitor", None)
+                if current_network_netflow_monitor is None:
+                    results.append(
+                        f"When vxlan.overlay_services.networks.{network['name']}.netflow_enable is enabled, "
+                        f"then vxlan.overlay_services.networks.{network['name']}.vlan_netflow_monitor must be set "
+                        "to a valid value from vxlan.global.netflow."
+                    )
+                    break
+
+            current_network_trm_status = network.get("trm_enable", None)
+            if current_network_trm_status is not None:
+                if fabric_trm_status is False and current_network_trm_status is True:
+                    results.append(
+                        f"For vxlan.overlay_services.networks.{network['name']}.trm_enable to be enabled, "
+                        f"first vxlan.underlay.multicast.trm_enable must be enabled (true)."
+                    )
+                    break
 
         return results