Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Feat(eos_cli_config_gen): Improve data model for extended IP ACLs #1411 #1424

Merged
merged 42 commits into from
Jan 18, 2022
Merged

Feat(eos_cli_config_gen): Improve data model for extended IP ACLs #1411 #1424

merged 42 commits into from
Jan 18, 2022

Conversation

ankudinov
Copy link
Contributor

Change Summary

Improve data model for extended IP ACLs

Related Issue(s)

Fixes #1411

Component(s) name

arista.avd.eos_cli_config_gen

Proposed changes

Improve data model for extended IP ACLs

Data model:

ip_access_lists:
  - name: "< access list name as string >"
    counters_per_entry: < true | false >
    entries:
      # remark entry
      - sequence: < acl entry sequence number >  # optional
        # NOTE: if remark is defined, other keys in acl entry will be ignored
        remark: "< Comment, up to 100 characters >"
      # normal entry
      - sequence: < acl entry sequence number >  # optional
        action: "< permit | deny >"  # required
        protocol: "< ip | tcp | udp | icmp | other protocol name or number >"  # required
        # NOTE: A.B.C.D without a mask means host
        source: "< any | A.B.C.D/E | A.B.C.D >"  # required
        source_ports_match: "< eq | gt | lt | neq | range >"  # eq is default
        source_ports: ["< tcp/udp port name or number >",]  # optional
        # NOTE: A.B.C.D without a mask means host
        destination: "< any | A.B.C.D/E | A.B.C.D >"  # required
        destination_ports_match: "< eq | gt | lt | neq | range >"  # eq is default
        destination_ports: ["< tcp/udp port name or number >",]  # optional
        tcp_flags: ["< tcp flag name >",]  # optional
        fragments: < true | false >  # optional, match non-head fragment packets
        log: < true | false >  # optional, log matches against this rule
        ttl: < <0-254> TTL value >  # optional
        ttl_match: "< eq | gt | lt | neq >"  # optional
        icmp_type: "< Message type name/number for ICMP packets >"  # optional
        icmp_code: "< Message code for ICMP packets >"  # optional
        nexthop_group: "< nexthop-group name >"  # optional
        tracked: < true | false > # optional, match packets in existing ICMP/UDP/TCP connections
        dscp: "< DSCP value or name >"  # optional
        vlan_number: < vlan number >  # optional
        vlan_inner: < true | false >  # optional, default - false
        vlan_mask: "< 0x000-0xFFF  Vlan mask >"  # optional

How to test

Checklist

Repository Checklist

  • My code has been rebased from devel before I start
  • I have read the CONTRIBUTING document.
  • My change requires a change to the documentation and documentation have been updated accordingly.
  • I have updated molecule CI testing accordingly. (check the box if not applicable)

ankudinov and others added 15 commits September 22, 2020 15:13
@ankudinov
Merge pull request #1 from aristanetworks/devel
62b1359 
sync with original devel branch
@ankudinov
Merge pull request #3 from aristanetworks/devel
680e359 
sync
@ankudinov
Merge pull request #6 from aristanetworks/devel
656f3a5 
sync with parent branch
@ankudinov
Merge pull request #7 from aristanetworks/devel
ade2324 
sync with parent
@ankudinov
Merge pull request #8 from aristanetworks/devel
e4ce857 
sync with parent
@ankudinov
add proposed data model to readme
a4a0d8e
@ankudinov
Revert "add proposed data model to readme"
59a39a1 
This reverts commit a4a0d8e.
@ankudinov
Merge branch 'aristanetworks:devel' into devel
b6ccc95
@ankudinov
Merge branch 'aristanetworks:devel' into devel
8bfbf72
@ankudinov
Merge branch 'aristanetworks:devel' into devel
9c0abcb
@ankudinov
add ip_access_lists sequence number
094a5dc
@ankudinov
add template to eos-intended-config.j2
9e6e853
@ankudinov
implemented initial data model for ext ip ACLs
62a253f
@ankudinov
add documentation
9155042
@ankudinov
add data model documentation
f09cbac
@github-actions github-actions bot added role: eos_cli_config_gen issue related to eos_cli_config_gen role state: CI Updated CI scenario have been updated in the PR state: Documentation role Updated labels Dec 30, 2021
@ankudinov
Copy link
Contributor Author

Implemented initial draft of the data model, but still work in progress. OK to review the data model, but do not merge.

@ankudinov ankudinov changed the title Improve data model for extended IP ACLs #1411 Feat(eos_cli_config_gen): Improve data model for extended IP ACLs #1411 Dec 30, 2021
ClausHolbechArista
ClausHolbechArista reviewed Jan 13, 2022
View reviewed changes
Copy link
Contributor

@ClausHolbechArista ClausHolbechArista left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

almost there

...e_collections/arista/avd/roles/eos_cli_config_gen/templates/documentation/ip-access-lists.j2 Outdated Show resolved Hide resolved
ansible_collections/arista/avd/roles/eos_cli_config_gen/README.md Outdated Show resolved Hide resolved
ansible_collections/arista/avd/roles/eos_cli_config_gen/README.md Outdated Show resolved Hide resolved
ansible_collections/arista/avd/roles/eos_cli_config_gen/README.md Outdated Show resolved Hide resolved
ansible_collections/arista/avd/roles/eos_cli_config_gen/README.md Outdated Show resolved Hide resolved
ClausHolbechArista
ClausHolbechArista approved these changes Jan 13, 2022
View reviewed changes
Copy link
Contributor

@ClausHolbechArista ClausHolbechArista left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM

tgodaA
tgodaA approved these changes Jan 17, 2022
View reviewed changes
Copy link
Contributor

@tgodaA tgodaA left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM!

@ClausHolbechArista ClausHolbechArista merged commit 48ecb70 into aristanetworks:devel Jan 18, 2022
@ClausHolbechArista ClausHolbechArista added this to the v3.3.0 milestone Feb 18, 2022
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@ClausHolbechArista ClausHolbechArista ClausHolbechArista approved these changes

@tgodaA tgodaA tgodaA approved these changes

@onurgashi onurgashi Awaiting requested review from onurgashi

@titom73 titom73 Awaiting requested review from titom73

@aphillipps aphillipps Awaiting requested review from aphillipps

@carlbuchmann carlbuchmann Awaiting requested review from carlbuchmann

Assignees

@ankudinov ankudinov

Labels
role: eos_cli_config_gen issue related to eos_cli_config_gen role state: CI Updated CI scenario have been updated in the PR state: Documentation role Updated
Projects
None yet
Milestone
v3.3.0
Development

Successfully merging this pull request may close these issues.

Improve data model for extended IP ACLs
3 participants
@ankudinov @ClausHolbechArista @tgodaA