Feat(eos_cli_config_gen): Support custom User Roles

ansible_collections/arista/avd/molecule/eos_cli_config_gen/documentation/devices/roles.md

@@ -0,0 +1,115 @@
+# roles
+# Table of Contents
+<!-- toc -->
+
+- [Management](#management)
+  - [Management Interfaces](#management-interfaces)
+- [Authentication](#authentication)
+  - [Roles](#roles)
+- [Monitoring](#monitoring)
+- [Internal VLAN Allocation Policy](#internal-vlan-allocation-policy)
+  - [Internal VLAN Allocation Policy Summary](#internal-vlan-allocation-policy-summary)
+- [Interfaces](#interfaces)
+- [Routing](#routing)
+  - [IP Routing](#ip-routing)
+  - [IPv6 Routing](#ipv6-routing)
+- [Multicast](#multicast)
+- [Filters](#filters)
+- [ACL](#acl)
+- [Quality Of Service](#quality-of-service)
+
+<!-- toc -->
+# Management
+
+## Management Interfaces
+
+### Management Interfaces Summary
+
+#### IPv4
+
+| Management Interface | description | Type | VRF | IP Address | Gateway |
+| -------------------- | ----------- | ---- | --- | ---------- | ------- |
+| Management1 | oob_management | oob | MGMT | 10.73.255.122/24 | 10.73.255.2 |
+
+#### IPv6
+
+| Management Interface | description | Type | VRF | IPv6 Address | IPv6 Gateway |
+| -------------------- | ----------- | ---- | --- | ------------ | ------------ |
+| Management1 | oob_management | oob | MGMT | -  | - |
+
+### Management Interfaces Device Configuration
+
+```eos
+!
+interface Management1
+   description oob_management
+   vrf MGMT
+   ip address 10.73.255.122/24
+```
+
+# Authentication
+
+## Roles
+
+### Roles Summary
+
+#### Role network-limited
+
+| Sequence | Action | Mode | Command |
+| -------- | ------ | ---- | ------- |
+| 10 | permit | exec | ssh |
+| 20 | deny | - | telnet |
+| 30 | permit | exec | traceroute |
+
+### Roles Device Configuration
+
+```eos
+!
+role network-limited
+   10 permit mode exec command ssh
+   20 deny command telnet
+   30 permit mode exec command traceroute
+```
+
+# Monitoring
+
+# Internal VLAN Allocation Policy
+
+## Internal VLAN Allocation Policy Summary
+
+**Default Allocation Policy**
+
+| Policy Allocation | Range Beginning | Range Ending |
+| ------------------| --------------- | ------------ |
+| ascending | 1006 | 4094 |
+
+# Interfaces
+
+# Routing
+
+## IP Routing
+
+### IP Routing Summary
+
+| VRF | Routing Enabled |
+| --- | --------------- |
+| default | false|
+### IP Routing Device Configuration
+
+```eos
+```
+## IPv6 Routing
+
+### IPv6 Routing Summary
+
+| VRF | Routing Enabled |
+| --- | --------------- |
+| default | false |
+
+# Multicast
+
+# Filters
+
+# ACL
+
+# Quality Of Service

ansible_collections/arista/avd/molecule/eos_cli_config_gen/intended/configs/roles.cfg

@@ -0,0 +1,20 @@
+!RANCID-CONTENT-TYPE: arista
+!
+transceiver qsfp default-mode 4x10G
+!
+hostname roles
+!
+no aaa root
+no enable password
+!
+role network-limited
+   10 permit mode exec command ssh
+   20 deny command telnet
+   30 permit mode exec command traceroute
+!
+interface Management1
+   description oob_management
+   vrf MGMT
+   ip address 10.73.255.122/24
+!
+end

ansible_collections/arista/avd/molecule/eos_cli_config_gen/inventory/host_vars/roles.yml

@@ -0,0 +1,16 @@
+### Roles ###
+roles:
+  - name: network-limited
+    sequence_numbers:
+      - sequence: 10
+        action: permit
+        mode: exec
+        command: ssh
+      - sequence: 20
+        action: deny
+        command: telnet
+      - sequence: 30
+        action: permit
+        mode: exec
+        command: traceroute
+

ansible_collections/arista/avd/molecule/eos_cli_config_gen/inventory/hosts.ini

@@ -66,6 +66,7 @@ ptp
 qos
 queue_monitor_streaming
 redundancy
+roles
 route-maps
 router-bfd
 router-bgp-base

ansible_collections/arista/avd/roles/eos_cli_config_gen/README.md

@@ -23,6 +23,7 @@
       - [IP RADIUS Source Interfaces](#ip-radius-source-interfaces)
       - [IP TACACS+ Source Interfaces](#ip-tacacs-source-interfaces)
       - [Local Users](#local-users)
+      - [Roles](#roles)
       - [Radius Servers](#radius-servers)
       - [Tacacs+ Servers](#tacacs-servers)
     - [Banners](#banners)
@@ -396,6 +397,22 @@ local_users:
     ssh_key: "< ssh_key_string >"
 ```
 
+#### Roles
+
+```yaml
+roles:
+  - name: < role_name >
+    sequence_numbers:
+      - sequence: < sequence_number_1 >
+        action: < permit | deny >
+        mode: < "config" | "config-all" | "exec" | "<mode>" >
+        command: < command as string >
+      - sequence: < sequence_number_2 >
+        action: < permit | deny >
+        mode: < "config" | "config-all" | "exec" | "<mode>" >
+        command: < command as string >
+```
+
 #### Radius Servers
 
 ```yaml

ansible_collections/arista/avd/roles/eos_cli_config_gen/templates/documentation/roles.j2

@@ -0,0 +1,24 @@
+{% if roles is arista.avd.defined %}
+
+## Roles
+
+### Roles Summary
+{%     for role in roles | arista.avd.natural_sort %}
+
+#### Role {{ role.name }}
+
+| Sequence | Action | Mode | Command |
+| -------- | ------ | ---- | ------- |
+{%         for sequence in role.sequence_numbers | arista.avd.default([]) %}
+{%             if sequence.action is arista.avd.defined and sequence.command is arista.avd.defined %}
+| {{ sequence.sequence | arista.avd.default('-') }} | {{ sequence.action }} | {{ sequence.mode | arista.avd.default('-') }} | {{ sequence.command }} |
+{%             endif %}
+{%         endfor %}
+{%     endfor %}
+
+### Roles Device Configuration
+
+```eos
+{%     include 'eos/roles.j2' %}
+```
+{% endif %}

ansible_collections/arista/avd/roles/eos_cli_config_gen/templates/eos-device-documentation.j2

@@ -37,6 +37,8 @@
 # Authentication
 {## Local Users #}
 {% include 'documentation/local-users.j2' %}
+{## Roles #}
+{% include 'documentation/roles.j2' %}
 {## Enable Password #}
 {% include 'documentation/enable-password.j2' %}
 {## TACACS Servers #}

ansible_collections/arista/avd/roles/eos_cli_config_gen/templates/eos-intended-config.j2

@@ -98,6 +98,8 @@
 {% include 'eos/enable-password.j2' %}
 {# users #}
 {% include 'eos/local-users.j2' %}
+{# roles #}
+{% include 'eos/roles.j2' %}
 {# clock #}
 {% include 'eos/clock.j2' %}
 {# VLANs #}

ansible_collections/arista/avd/roles/eos_cli_config_gen/templates/eos/roles.j2

@@ -0,0 +1,25 @@
+{# eos - roles #}
+{% if roles is arista.avd.defined %}
+!
+{%     for role in roles %}
+{%         if role.name is arista.avd.defined %}
+role {{ role.name }}
+{%             if role.sequence_numbers is arista.avd.defined %}
+{%                 for sequence in role.sequence_numbers %}
+{%                     if sequence.action is arista.avd.defined and sequence.command is arista.avd.defined %}
+{%                         set sequence_cli = "" %}
+{%                         if sequence.sequence is arista.avd.defined %}
+{%                             set sequence_cli = sequence.sequence ~ " " %}
+{%                         endif %}
+{%                         set sequence_cli = sequence_cli ~ sequence.action %}
+{%                         if sequence.mode is arista.avd.defined %}
+{%                             set sequence_cli = sequence_cli ~ " mode " ~ sequence.mode %}
+{%                         endif %}
+{%                         set sequence_cli = sequence_cli ~ " command " ~ sequence.command %}
+   {{ sequence_cli }}
+{%                     endif %}
+{%                 endfor %}
+{%             endif %}
+{%         endif %}
+{%     endfor %}
+{% endif %}