Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Feat(eos_cli_config_gen): add SNMPv3 hashed user passphrases support #1721

Merged
merged 14 commits into from
May 5, 2022
Merged

Feat(eos_cli_config_gen): add SNMPv3 hashed user passphrases support #1721

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
14 commits
Select commit Hold shift + click to select a range
fceda85
feat(eos_cli_config_gen): add SNMPv3 hashed user passphrases support
gmuloc Apr 13, 2022
796f415
Style: fix pre-commmit and j2lint issues
gmuloc Apr 13, 2022
042ec16
Style: fix more j2lint issues
gmuloc Apr 13, 2022
56a5b92
Test: regenerate all documentation for all molecules after changes
gmuloc Apr 14, 2022
47ad071
Docs(eos_cli_config_gen): fix documenation SNMP engineID default value
gmuloc Apr 19, 2022
7a5c01c
Fix(eos_cli_config_gen): reorganize the logic for adding localized ke…
gmuloc Apr 19, 2022
2e4d3c2
fix(eos_cli_config_gen): change engineid to engine_ids
gmuloc Apr 19, 2022
81b3174
Feat(eos_cli_config_gen): add support for remote SNMPv3 users
gmuloc Apr 20, 2022
f219642
Refactor(eos_cli_config_gen): changes as per PR review
gmuloc Apr 21, 2022
81d0d63
Refactor(eos_cli_config_gen): address PR comments
gmuloc Apr 21, 2022
bf59785
Apply suggestions from code review
gmuloc Apr 26, 2022
e801bd4
Refactor(eos_cli_config_gen): update the tests
gmuloc Apr 26, 2022
c61a518
Refactor(eos_cli_config_gen): address PR comments
gmuloc May 5, 2022
82f1c1d
Refactor(eos_cli_config_gen): fix engineID fields description in README
gmuloc May 5, 2022
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
47 changes: 37 additions & 10 deletions ...ollections/arista/avd/molecule/eos_cli_config_gen/documentation/devices/snmp.md
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -57,6 +57,14 @@ interface Management1
| ------- | -------- | ---------- | ----- |
| DC1_OPS | DC1 | All | Enabled |

### SNMP EngineID Configuration

| Type | EngineID (Hex) | IP | Port |
| ---- | -------------- | -- | ---- |
| local | 424242424242424242 | - | - |
| remote | 6172697374615F6970 | 1.1.1.1 | - |
| remote | DEADBEEFCAFE123456 | 2.2.2.2 | 1337 |

### SNMP ACLs
| IP | ACL | VRF |
| -- | --- | --- |
Expand Down Expand Up @@ -87,9 +95,9 @@ interface Management1
| 10.6.75.121 | MGMT | SNMP-COMMUNITY-1 | - | - | 1 |
| 10.6.75.121 | MGMT | SNMP-COMMUNITY-2 | - | - | 2c |
| 10.6.75.122 | MGMT | SNMP-COMMUNITY-2 | - | - | 2c |
| 10.6.75.99 | MGMT | - | USER-READ | auth | 3 |
| 10.6.75.99 | MGMT | - | USER-READ-AUTH-NO-PRIV | auth | 3 |
| 10.6.75.99 | MGMT | - | USER-WRITE | auth | 3 |
| 10.6.75.100 | MGMT | - | USER-READ | priv | 3 |
| 10.6.75.100 | MGMT | - | USER-READ-AUTH-PRIV | priv | 3 |

### SNMP Views Configuration

Expand All @@ -115,17 +123,28 @@ interface Management1

### SNMP Users Configuration

| User | Group | Version | Authentication | Privacy |
| ---- | ----- | ------- | -------------- | ------- |
| USER-READ | GRP-READ-ONLY | v3 | sha | aes |
| USER-WRITE | GRP-READ-WRITE | v3 | sha | aes |
| User | Group | Version | Authentication | Privacy | Remote Address | Remote Port | Engine ID |
| ---- | ----- | ------- | -------------- | ------- | -------------- | ----------- | --------- |
| USER-READ-NO-AUTH-NO-PRIV | GRP-READ-ONLY | v3 | - | - | - | - | - |
| USER-READ-AUTH-NO-PRIV | GRP-READ-ONLY | v3 | sha | - | - | - | - |
| USER-READ-AUTH-PRIV | GRP-READ-ONLY | v3 | sha | aes | - | - | - |
| USER-READ-NO-AUTH-NO-PRIV-LOC | GRP-READ-ONLY | v3 | - | - | - | - | 424242424242424242 |
| USER-READ-AUTH-NO-PRIV-LOC | GRP-READ-ONLY | v3 | sha | - | - | - | 424242424242424242 |
| USER-READ-AUTH-PRIV-LOC | GRP-READ-ONLY | v3 | sha | aes | - | - | 424242424242424242 |
| USER-WRITE | GRP-READ-WRITE | v3 | sha | aes | - | - | - |
| REMOTE-USER-IP-ONLY | GRP-REMOTE | v3 | - | - | 42.42.42.42 | - | - |
| REMOTE-USER-IP-PORT | GRP-REMOTE | v3 | - | - | 42.42.42.42 | 666 | - |
| REMOTE-USER-IP-LOCALIZED | GRP-REMOTE | v3 | sha | - | 42.42.42.42 | - | DEADBEEFCAFE123456 |

### SNMP Device Configuration

```eos
!
snmp-server engineID local 424242424242424242
snmp-server contact DC1_OPS
snmp-server location DC1
snmp-server engineID remote 1.1.1.1 6172697374615F6970
snmp-server engineID remote 2.2.2.2 udp-port 1337 DEADBEEFCAFE123456
snmp-server ipv4 access-list SNMP-MGMT vrf MGMT
snmp-server ipv4 access-list onur
snmp-server ipv6 access-list SNMP-MGMT vrf MGMT
Expand All @@ -140,14 +159,22 @@ snmp-server community SNMP-COMMUNITY-2 view VW-READ rw ipv6 SNMP-MGMT SNMP-MGMT
snmp-server community SNMP-COMMUNITY-3 ro
snmp-server group GRP-READ-ONLY v3 priv read v3read
snmp-server group GRP-READ-WRITE v3 auth read v3read write v3write
snmp-server user USER-READ GRP-READ-ONLY v3 auth sha 7a07246a6e3467909098d01619e076adb4e2fe08 priv aes 7a07246a6e3467909098d01619e076ad
snmp-server user USER-WRITE GRP-READ-WRITE v3 auth sha 7a07246a6e3467909098d01619e076adb4e2fe08 priv aes 7a07246a6e3467909098d01619e076ad
snmp-server user USER-READ-NO-AUTH-NO-PRIV GRP-READ-ONLY v3
snmp-server user USER-READ-AUTH-NO-PRIV GRP-READ-ONLY v3 auth sha clearPassword
snmp-server user USER-READ-AUTH-PRIV GRP-READ-ONLY v3 auth sha clearPassword priv aes clearPassword
snmp-server user USER-READ-NO-AUTH-NO-PRIV-LOC GRP-READ-ONLY v3
snmp-server user USER-READ-AUTH-NO-PRIV-LOC GRP-READ-ONLY v3 localized 424242424242424242 auth sha 8da526cd35b9ea9b42d819036f7fad058576ea0a
snmp-server user USER-READ-AUTH-PRIV-LOC GRP-READ-ONLY v3 localized 424242424242424242 auth sha 8da526cd35b9ea9b42d819036f7fad058576ea0a priv aes 8da526cd35b9ea9b42d819036f7fad05
snmp-server user USER-WRITE GRP-READ-WRITE v3 auth sha clearPassword priv aes clearPassword
snmp-server user REMOTE-USER-IP-ONLY GRP-REMOTE remote 42.42.42.42 v3
snmp-server user REMOTE-USER-IP-PORT GRP-REMOTE remote 42.42.42.42 udp-port 666 v3
snmp-server user REMOTE-USER-IP-LOCALIZED GRP-REMOTE remote 42.42.42.42 v3 localized DEADBEEFCAFE123456 auth sha ShouldBeEncryptedPassword
snmp-server host 10.6.75.121 vrf MGMT version 1 SNMP-COMMUNITY-1
snmp-server host 10.6.75.121 vrf MGMT version 2c SNMP-COMMUNITY-2
snmp-server host 10.6.75.122 vrf MGMT version 2c SNMP-COMMUNITY-2
snmp-server host 10.6.75.99 vrf MGMT version 3 auth USER-READ
snmp-server host 10.6.75.99 vrf MGMT version 3 auth USER-READ-AUTH-NO-PRIV
snmp-server host 10.6.75.99 vrf MGMT version 3 auth USER-WRITE
snmp-server host 10.6.75.100 vrf MGMT version 3 priv USER-READ
snmp-server host 10.6.75.100 vrf MGMT version 3 priv USER-READ-AUTH-PRIV
snmp-server enable traps
no snmp-server vrf default
snmp-server vrf MGMT
Expand Down
19 changes: 15 additions & 4 deletions ansible_collections/arista/avd/molecule/eos_cli_config_gen/intended/configs/snmp.cfg
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -4,8 +4,11 @@ transceiver qsfp default-mode 4x10G
!
hostname snmp
!
snmp-server engineID local 424242424242424242
snmp-server contact DC1_OPS
snmp-server location DC1
snmp-server engineID remote 1.1.1.1 6172697374615F6970
snmp-server engineID remote 2.2.2.2 udp-port 1337 DEADBEEFCAFE123456
snmp-server ipv4 access-list SNMP-MGMT vrf MGMT
snmp-server ipv4 access-list onur
snmp-server ipv6 access-list SNMP-MGMT vrf MGMT
Expand All @@ -20,14 +23,22 @@ snmp-server community SNMP-COMMUNITY-2 view VW-READ rw ipv6 SNMP-MGMT SNMP-MGMT
snmp-server community SNMP-COMMUNITY-3 ro
snmp-server group GRP-READ-ONLY v3 priv read v3read
snmp-server group GRP-READ-WRITE v3 auth read v3read write v3write
snmp-server user USER-READ GRP-READ-ONLY v3 auth sha 7a07246a6e3467909098d01619e076adb4e2fe08 priv aes 7a07246a6e3467909098d01619e076ad
snmp-server user USER-WRITE GRP-READ-WRITE v3 auth sha 7a07246a6e3467909098d01619e076adb4e2fe08 priv aes 7a07246a6e3467909098d01619e076ad
snmp-server user USER-READ-NO-AUTH-NO-PRIV GRP-READ-ONLY v3
snmp-server user USER-READ-AUTH-NO-PRIV GRP-READ-ONLY v3 auth sha clearPassword
snmp-server user USER-READ-AUTH-PRIV GRP-READ-ONLY v3 auth sha clearPassword priv aes clearPassword
snmp-server user USER-READ-NO-AUTH-NO-PRIV-LOC GRP-READ-ONLY v3
snmp-server user USER-READ-AUTH-NO-PRIV-LOC GRP-READ-ONLY v3 localized 424242424242424242 auth sha 8da526cd35b9ea9b42d819036f7fad058576ea0a
snmp-server user USER-READ-AUTH-PRIV-LOC GRP-READ-ONLY v3 localized 424242424242424242 auth sha 8da526cd35b9ea9b42d819036f7fad058576ea0a priv aes 8da526cd35b9ea9b42d819036f7fad05
snmp-server user USER-WRITE GRP-READ-WRITE v3 auth sha clearPassword priv aes clearPassword
snmp-server user REMOTE-USER-IP-ONLY GRP-REMOTE remote 42.42.42.42 v3
snmp-server user REMOTE-USER-IP-PORT GRP-REMOTE remote 42.42.42.42 udp-port 666 v3
snmp-server user REMOTE-USER-IP-LOCALIZED GRP-REMOTE remote 42.42.42.42 v3 localized DEADBEEFCAFE123456 auth sha ShouldBeEncryptedPassword
snmp-server host 10.6.75.121 vrf MGMT version 1 SNMP-COMMUNITY-1
snmp-server host 10.6.75.121 vrf MGMT version 2c SNMP-COMMUNITY-2
snmp-server host 10.6.75.122 vrf MGMT version 2c SNMP-COMMUNITY-2
snmp-server host 10.6.75.99 vrf MGMT version 3 auth USER-READ
snmp-server host 10.6.75.99 vrf MGMT version 3 auth USER-READ-AUTH-NO-PRIV
snmp-server host 10.6.75.99 vrf MGMT version 3 auth USER-WRITE
snmp-server host 10.6.75.100 vrf MGMT version 3 priv USER-READ
snmp-server host 10.6.75.100 vrf MGMT version 3 priv USER-READ-AUTH-PRIV
snmp-server enable traps
no snmp-server vrf default
snmp-server vrf MGMT
Expand Down
66 changes: 59 additions & 7 deletions ansible_collections/arista/avd/molecule/eos_cli_config_gen/inventory/host_vars/snmp.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,5 +1,15 @@
### Snmp Settings ####
snmp_server:
engine_ids:
local: 424242424242424242
remotes:
# First one without IP should not be rendered
- id: 1234567890ABCDEF12
- id: 6172697374615F6970
address: 1.1.1.1
- id: DEADBEEFCAFE123456
address: 2.2.2.2
udp_port: 1337
contact: DC1_OPS
location: DC1
communities:
Expand Down Expand Up @@ -47,20 +57,62 @@ snmp_server:
read: v3read
write: v3write
users:
- name: USER-READ
- name: USER-READ-NO-AUTH-NO-PRIV
group: GRP-READ-ONLY
version: v3
- name: USER-READ-AUTH-NO-PRIV
group: GRP-READ-ONLY
version: v3
auth: sha
auth_passphrase: clearPassword
- name: USER-READ-AUTH-PRIV
group: GRP-READ-ONLY
version: v3
auth: sha
auth_passphrase: clearPassword
priv: aes
priv_passphrase: clearPassword
- name: USER-READ-NO-AUTH-NO-PRIV-LOC
group: GRP-READ-ONLY
version: v3
localized: 424242424242424242
- name: USER-READ-AUTH-NO-PRIV-LOC
group: GRP-READ-ONLY
version: v3
auth: sha
auth_passphrase: 8da526cd35b9ea9b42d819036f7fad058576ea0a
localized: 424242424242424242
- name: USER-READ-AUTH-PRIV-LOC
group: GRP-READ-ONLY
version: v3
auth: sha
auth_passphrase: 7a07246a6e3467909098d01619e076adb4e2fe08
auth_passphrase: 8da526cd35b9ea9b42d819036f7fad058576ea0a
priv: aes
priv_passphrase: 7a07246a6e3467909098d01619e076ad
priv_passphrase: 8da526cd35b9ea9b42d819036f7fad05
localized: 424242424242424242
- name: USER-WRITE
group: GRP-READ-WRITE
version: v3
auth: sha
auth_passphrase: 7a07246a6e3467909098d01619e076adb4e2fe08
auth_passphrase: clearPassword
priv: aes
priv_passphrase: 7a07246a6e3467909098d01619e076ad
priv_passphrase: clearPassword
- name: REMOTE-USER-IP-ONLY
group: GRP-REMOTE
version: v3
remote_address: 42.42.42.42
- name: REMOTE-USER-IP-PORT
group: GRP-REMOTE
version: v3
remote_address: 42.42.42.42
udp_port: 666
- name: REMOTE-USER-IP-LOCALIZED
group: GRP-REMOTE
version: v3
remote_address: 42.42.42.42
localized: DEADBEEFCAFE123456
auth: sha
auth_passphrase: ShouldBeEncryptedPassword
hosts:
- host: 10.6.75.121
vrf: MGMT
Expand All @@ -78,15 +130,15 @@ snmp_server:
vrf: MGMT
version: 3
users:
- username: USER-READ
- username: USER-READ-AUTH-NO-PRIV
authentication_level: auth
- username: USER-WRITE
authentication_level: auth
- host: 10.6.75.100
vrf: MGMT
#version: 3 should be autodetected based on users key.
users:
- username: USER-READ
- username: USER-READ-AUTH-PRIV
authentication_level: priv
traps:
enable: true
Expand Down
8 changes: 4 additions & 4 deletions ...tions/arista/avd/molecule/eos_cli_config_gen_v4.0/documentation/devices/snmp.md
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -115,10 +115,10 @@ interface Management1

### SNMP Users Configuration

| User | Group | Version | Authentication | Privacy |
| ---- | ----- | ------- | -------------- | ------- |
| USER-READ | GRP-READ-ONLY | v3 | sha | aes |
| USER-WRITE | GRP-READ-WRITE | v3 | sha | aes |
| User | Group | Version | Authentication | Privacy | Remote Address | Remote Port | Engine ID |
| ---- | ----- | ------- | -------------- | ------- | -------------- | ----------- | --------- |
| USER-READ | GRP-READ-ONLY | v3 | sha | aes | - | - | - |
| USER-WRITE | GRP-READ-WRITE | v3 | sha | aes | - | - | - |

### SNMP Device Configuration

Expand Down
17 changes: 15 additions & 2 deletions ansible_collections/arista/avd/roles/eos_cli_config_gen/README.md
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -2318,6 +2318,12 @@ sflow:

```yaml
snmp_server:
engine_ids:
local: < engine_id_in_hex >
remotes:
- id: < engine_id_in_hex >
address: < hostname_or_ip_of_remote_engine >
gmuloc marked this conversation as resolved.
Show resolved Hide resolved
udp_port: < udp_port >
contact: < contact_name >
location: < location >
communities:
Expand Down Expand Up @@ -2370,11 +2376,18 @@ snmp_server:
users:
- name: < username >
group: < group_name >
# remote_address and udp_port are used for remote users
remote_address: < hostname_or_ip_of_remote_engine >
gmuloc marked this conversation as resolved.
Show resolved Hide resolved
# udp_port will not be used if no remote_address is configured
udp_port: < udp_port >
gmuloc marked this conversation as resolved.
Show resolved Hide resolved
version: < v1 | v2c | v3 >
# For a local user (i.e. no remote_ip), use the local engine_id
# For a remote user, use the remote engine_id
localized: < engine_id_in_hex >
auth: < hash_algorithm >
auth_passphrase: < encrypted_auth_passphrase >
auth_passphrase: < hashed_auth_passphrase if localized is used else cleartext auth_passphrase >
priv: < encryption_algorithm >
priv_passphrase: < encrypted_priv_passphrase >
priv_passphrase: < hashed_priv_passphrase if localized is used else cleartext priv_passphrase >
- name: < username >
group: < group_name >
version: < v1 | v2c | v3 >
Expand Down
25 changes: 22 additions & 3 deletions ..._collections/arista/avd/roles/eos_cli_config_gen/templates/documentation/snmp-settings.j2
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -24,6 +24,22 @@
| {{ row_contact }} | {{ row_location }} | {{ row_traps_disabled }} | Disabled |
{% endif %}
{% endif %}
{% if snmp_server.engine_ids is arista.avd.defined %}

### SNMP EngineID Configuration

| Type | EngineID (Hex) | IP | Port |
| ---- | -------------- | -- | ---- |
{% if snmp_server.engine_ids.local is arista.avd.defined %}
| local | {{ snmp_server.engine_ids.local }} | - | - |
{% endif %}
{% for engine_id in snmp_server.engine_ids.remotes | arista.avd.default([]) %}
{% if engine_id.id is arista.avd.defined and engine_id.address is arista.avd.defined %}
{% set row_udp_port = engine_id.udp_port | arista.avd.default('-') %}
| remote | {{ engine_id.id }} | {{ engine_id.address }} | {{ row_udp_port }} |
{% endif %}
{% endfor %}
{% endif %}
{% if snmp_server.ipv4_acls is arista.avd.defined %}

### SNMP ACLs
Expand Down Expand Up @@ -139,15 +155,18 @@

### SNMP Users Configuration

| User | Group | Version | Authentication | Privacy |
| ---- | ----- | ------- | -------------- | ------- |
| User | Group | Version | Authentication | Privacy | Remote Address | Remote Port | Engine ID |
| ---- | ----- | ------- | -------------- | ------- | -------------- | ----------- | --------- |
{% for user in snmp_server.users %}
{% set row_user = user.name | arista.avd.default('default') %}
{% set row_group = user.group | arista.avd.default('-') %}
{% set row_version = user.version | arista.avd.default('-') %}
{% set row_auth = user.auth | arista.avd.default('-') %}
{% set row_policy = user.priv | arista.avd.default('-') %}
| {{ row_user }} | {{ row_group }} | {{ row_version }} | {{ row_auth }} | {{ row_policy }} |
{% set row_remote_address = user.remote_address | arista.avd.default('-') %}
{% set row_udp_port = user.udp_port | arista.avd.default('-') %}
{% set row_engine_id = user.localized | arista.avd.default('-') %}
| {{ row_user }} | {{ row_group }} | {{ row_version }} | {{ row_auth }} | {{ row_policy }} | {{ row_remote_address }} | {{ row_udp_port }} | {{ row_engine_id }} |
{% endfor %}
{% endif %}

Expand Down
33 changes: 28 additions & 5 deletions ansible_collections/arista/avd/roles/eos_cli_config_gen/templates/eos/snmp-settings.j2
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,12 +1,27 @@
{# eos - SNMP Settings#}
{% if snmp_server is arista.avd.defined %}
!
{% if snmp_server.engine_ids.local is arista.avd.defined %}
snmp-server engineID local {{ snmp_server.engine_ids.local }}
{% endif %}
{% if snmp_server.contact is arista.avd.defined %}
snmp-server contact {{ snmp_server.contact }}
{% endif %}
{% if snmp_server.location is arista.avd.defined %}
snmp-server location {{ snmp_server.location }}
{% endif %}
{% if snmp_server.engine_ids.remotes is arista.avd.defined %}
{% for engine_id in snmp_server.engine_ids.remotes %}
gmuloc marked this conversation as resolved.
Show resolved Hide resolved
{% if engine_id.id is arista.avd.defined and engine_id.address is arista.avd.defined %}
{% set remote_engine_ids_cli = "snmp-server engineID remote " ~ engine_id.address %}
{% if engine_id.udp_port is arista.avd.defined %}
{% set remote_engine_ids_cli = remote_engine_ids_cli ~ " udp-port " ~ engine_id.udp_port %}
{% endif %}
{% set remote_engine_ids_cli = remote_engine_ids_cli ~ " " ~ engine_id.id %}
{{ remote_engine_ids_cli }}
{% endif %}
{% endfor %}
{% endif %}
tgodaA marked this conversation as resolved.
Show resolved Hide resolved
{% if snmp_server.ipv4_acls is arista.avd.defined %}
{% for acl in snmp_server.ipv4_acls %}
{% set acl_cli = "snmp-server ipv4 access-list " ~ acl.name %}
Expand Down Expand Up @@ -102,18 +117,26 @@ snmp-server location {{ snmp_server.location }}
{% if user.group is arista.avd.defined %}
{% set user_cli = user_cli ~ " " ~ user.group %}
{% endif %}
{% if user.remote_address is arista.avd.defined and user.version is arista.avd.defined('v3') %}
{% set user_cli = user_cli ~ " remote " ~ user.remote_address %}
{% if user.udp_port is arista.avd.defined %}
{% set user_cli = user_cli ~ " udp-port " ~ user.udp_port %}
{% endif %}
{% endif %}
{% if user.version is arista.avd.defined %}
{% set user_cli = user_cli ~ " " ~ user.version %}
{% endif %}
{% if user.auth is arista.avd.defined
and user.version is arista.avd.defined('v3')
and user.auth_passphrase is arista.avd.defined %}
ClausHolbechArista marked this conversation as resolved.
Show resolved Hide resolved
{% if user.localized is arista.avd.defined %}
{% set user_cli = user_cli ~ " localized " ~ user.localized %}
{% endif %}
{% set user_cli = user_cli ~ " auth " ~ user.auth ~ " " ~ user.auth_passphrase %}
{% endif %}
{% if user.priv is arista.avd.defined
and user.version is arista.avd.defined('v3')
and user.priv_passphrase is arista.avd.defined %}
{% set user_cli = user_cli ~ " priv " ~ user.priv ~ " " ~ user.priv_passphrase %}
{% if user.priv is arista.avd.defined
and user.priv_passphrase is arista.avd.defined %}
{% set user_cli = user_cli ~ " priv " ~ user.priv ~ " " ~ user.priv_passphrase %}
{% endif %}
{% endif %}
{{ user_cli }}
{% endfor %}
Expand Down