Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Documentation enhancement for ip-extended-access-lists schema #4642

Closed
1 task done
rewati-arista opened this issue Oct 24, 2024 · 2 comments · Fixed by #4660
Closed
1 task done

Documentation enhancement for ip-extended-access-lists schema #4642

rewati-arista opened this issue Oct 24, 2024 · 2 comments · Fixed by #4660
Assignees
@gmuloc
Labels
type: bug Something isn't working

Comments

@rewati-arista
Copy link

Enhancement summary

The documentation for ip-extended-access-lists, specifically the source_ports_match and destination_ports_match fields should mention the dependency on source_ports and destination ports field respectively.

Which component of AVD is impacted

eos_cli_config_gen

Use case example

In my use case I am generating these input variable schema from my model data. I then supply the input schema to pyavd utility that helps me generate eos cli.

While I was implementing the mapping from my data to these structured configs I was providing all the fields that i had in my data model, eg: sequence number, action, protocol, source, destination and so forth. In this I was also providing source_ports/destination ports which were sometimes empty lists. But because I included the "source_ports" key and a respective empty value, avd while generating eos config added the source_ports_match with a default value of "eq" which is incorrect cause that results to a config like

80 permit udp any eq

where eq is followed by no source ports.

I then corrected my logic to add "source_ports" key only when source ports exist so that source_ports_match does not get added by default.

Describe the solution you would like

The documentation could explicitly mention that source_ports_match key gets added with a default value when source_ports key is found, and if you do not want that then do not add the source_ports key itself when source_ports are empty (cause technically adding empty source ports is not incorrect so users could do that and run into this issue).

Alternatively in the logic over here where avd adds the source_port_match by default when source_port key is found, change it to add the source_port_match when actual non none value of source port is found (instead of just depending on presence/absence of source port key).

Describe alternatives you have considered

No response

Additional context

No response

Contributing Guide

  • I agree to follow this project's Code of Conduct
@rewati-arista rewati-arista added the type: enhancement New feature or request label Oct 24, 2024
@ClausHolbechArista
Copy link
Contributor

I think this can be addressed easily by adding min_length: 1 to the schema for the ports. So if set, it must be a list with at least one item.

@ClausHolbechArista ClausHolbechArista added type: bug Something isn't working and removed type: enhancement New feature or request labels Oct 25, 2024
@rewati-arista
Copy link
Author

yep agreed, just being cautious and mentioning again that this does not mean making it a required argument but instead just that if the field is set it should be non empty.

@gmuloc gmuloc self-assigned this Oct 28, 2024
@gmuloc gmuloc added this to the v5.1.0-dev1 milestone Oct 28, 2024
@gmuloc gmuloc mentioned this issue Oct 28, 2024
Merged
4 tasks
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@gmuloc gmuloc

Labels
type: bug Something isn't working
Projects
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

Fix(eos_cli_config_gen): Prevent empty source and dest ports list for ip access lists gmuloc/avd
3 participants
@gmuloc @ClausHolbechArista @rewati-arista