Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Organize Rules Into Groups Aligned to Model & Add New Rules for VRFs & Networks #163

Merged
merged 5 commits into from
Jul 24, 2024
Merged

Organize Rules Into Groups Aligned to Model & Add New Rules for VRFs & Networks #163

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
5 commits
Select commit Hold shift + click to select a range
4f7e432
organize rules and add new rules for vrfs & networks
mtarking Jul 21, 2024
8fafaf1
fix lint errors
mtarking Jul 21, 2024
ec560e8
fix lint errors
mtarking Jul 21, 2024
2ca9e31
adjust rules to account for another permutation
mtarking Jul 22, 2024
a9cd0a5
fix lint errors
mtarking Jul 22, 2024
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
2 changes: 1 addition & 1 deletion ...ology_switch_interfaces_members_unique.py → ...ology_switch_interfaces_members_unique.py
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -2,7 +2,7 @@


class Rule:
id = "305"
id = "304"
description = "\n1)Verify Interface names are Unique per switch\n2)Verify member interfaces are not repeated within a switch\n"
severity = "HIGH"

Expand Down
2 changes: 1 addition & 1 deletion ...les/306_topology_switch_interfaces_vpc.py → ...les/305_topology_switch_interfaces_vpc.py
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -2,7 +2,7 @@


class Rule:
id = "306"
id = "305"
description = (
"Verify vPC interfaces are compliant with vPC configuration requirements"
)
Expand Down
8 changes: 2 additions & 6 deletions ...s/304_overlay_services_cross_reference.py → ...s/401_overlay_services_cross_reference.py
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,5 +1,5 @@
class Rule:
id = "304"
id = "401"
description = "Cross Reference VRFs and Networks items in the Service Model"
severity = "HIGH"

Expand All @@ -19,11 +19,7 @@ def match(cls, inventory):
if inventory["vxlan"].get("overlay_services", None):
if inventory.get("vxlan").get("overlay_services").get("vrfs", None):
sm_vrfs = inventory.get("vxlan").get("overlay_services").get("vrfs")
# Build list of VRF names from sm_networks
# network_vrf_names = []
# for net in sm_networks:
# if net.get('vrf_name') is not None:
# network_vrf_names.append(net.get('vrf_name'))

# Build list of VRF names from sm_vrfs
if sm_vrfs and sm_networks:
vrf_names = []
Expand Down
45 changes: 45 additions & 0 deletions roles/validate/files/rules/required_rules/402_overlay_services_vrfs.py
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,45 @@
class Rule:
id = "402"
description = "Verify VRF elements are enabled in fabric overlay services"
severity = "HIGH"

@classmethod
def match(cls, inventory):
results = []
fabric_netflow_status = False
fabric_trm_status = False
vrfs = []

if inventory.get("vxlan", None):
if inventory["vxlan"].get("global", None):
if inventory["vxlan"].get("global").get("netflow", None):
fabric_netflow_status = inventory["vxlan"]["global"]["netflow"].get("enable", False)

if inventory.get("vxlan", None):
if inventory["vxlan"].get("underlay", None):
if inventory["vxlan"].get("underlay").get("multicast", None):
fabric_trm_status = inventory["vxlan"]["underlay"]["multicast"].get("trm_enable", False)

if inventory.get("vxlan", None):
if inventory["vxlan"].get("overlay_services", None):
if inventory["vxlan"].get("overlay_services").get("vrfs", None):
vrfs = inventory["vxlan"]["overlay_services"]["vrfs"]

for vrf in vrfs:
current_vrf_netflow_status = vrf.get("netflow_enable", None)
if current_vrf_netflow_status is not None:
if fabric_netflow_status is False and current_vrf_netflow_status is True:
results.append(
f"For vxlan.overlay_services.vrfs.{vrf['name']}.netflow_enable to be enabled, "
f"first vxlan.global.netflow.enable must be enabled (true)."
)

current_vrf_trm_status = vrf.get("trm_enable", None)
if current_vrf_trm_status is not None:
if fabric_trm_status is False and current_vrf_trm_status is True:
results.append(
f"For vxlan.overlay_services.vrfs.{vrf['name']}.trm_enable to be enabled, "
f"first vxlan.underlay.multicast.trm_enable must be enabled (true)."
)

return results
31 changes: 31 additions & 0 deletions roles/validate/files/rules/required_rules/403_overlay_services_networks.py
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,31 @@
class Rule:
id = "403"
description = "Verify Network elements are enabled in fabric overlay services"
severity = "HIGH"

@classmethod
def match(cls, inventory):
results = []
fabric_netflow_status = False
networks = []

if inventory.get("vxlan", None):
if inventory["vxlan"].get("global", None):
if inventory["vxlan"].get("global").get("netflow", None):
fabric_netflow_status = inventory["vxlan"]["global"]["netflow"].get("enable", False)

if inventory.get("vxlan", None):
if inventory["vxlan"].get("overlay_services", None):
if inventory["vxlan"].get("overlay_services").get("networks", None):
networks = inventory["vxlan"]["overlay_services"]["networks"]

for network in networks:
current_network_netflow_status = network.get("netflow_enable", None)
if current_network_netflow_status is not None:
if fabric_netflow_status is False and current_network_netflow_status is True:
results.append(
f"For vxlan.overlay_services.networks.{network['name']}.netflow_enable to be enabled, "
f"first vxlan.global.netflow.enable must be enabled (true)."
)

return results