diff --git a/plugins/module_utils/endpoints/v1/manage/manage_fabrics.py b/plugins/module_utils/endpoints/v1/manage/manage_fabrics.py new file mode 100644 index 00000000..8a9b1c2b --- /dev/null +++ b/plugins/module_utils/endpoints/v1/manage/manage_fabrics.py @@ -0,0 +1,496 @@ +# -*- coding: utf-8 -*- + +# Copyright: (c) 2026, Mike Wiebe (@mwiebe) + +# GNU General Public License v3.0+ (see LICENSE or https://www.gnu.org/licenses/gpl-3.0.txt) +""" +ND Manage Fabrics endpoint models. + +This module contains endpoint definitions for fabric-related operations +in the ND Manage API. + +## Endpoints + +- `EpApiV1ManageFabricsGet` - Get a specific fabric by name + (GET /api/v1/manage/fabrics/{fabric_name}) +- `EpApiV1ManageFabricsListGet` - List all fabrics with optional filtering + (GET /api/v1/manage/fabrics) +- `EpApiV1ManageFabricsPost` - Create a new fabric + (POST /api/v1/manage/fabrics) +- `EpApiV1ManageFabricsPut` - Update a specific fabric + (PUT /api/v1/manage/fabrics/{fabric_name}) +- `EpApiV1ManageFabricsDelete` - Delete a specific fabric + (DELETE /api/v1/manage/fabrics/{fabric_name}) +- `EpApiV1ManageFabricsSummaryGet` - Get summary for a specific fabric + (GET /api/v1/manage/fabrics/{fabric_name}/summary) +""" + +from __future__ import annotations + +__metaclass__ = type + +from typing import ClassVar, Literal, Optional + +from ansible_collections.cisco.nd.plugins.module_utils.enums import HttpVerbEnum +from ansible_collections.cisco.nd.plugins.module_utils.endpoints.v1.manage.base_path import BasePath +from ansible_collections.cisco.nd.plugins.module_utils.endpoints.mixins import FabricNameMixin +from ansible_collections.cisco.nd.plugins.module_utils.endpoints.base import NDEndpointBaseModel +from ansible_collections.cisco.nd.plugins.module_utils.endpoints.query_params import EndpointQueryParams +from ansible_collections.cisco.nd.plugins.module_utils.common.pydantic_compat import Field +from ansible_collections.cisco.nd.plugins.module_utils.types import IdentifierKey + + +class FabricsEndpointParams(EndpointQueryParams): + """ + # Summary + + Endpoint-specific query parameters for the fabrics endpoint. + + ## Parameters + + - cluster_name: Name of the target Nexus Dashboard cluster to execute this API, + in a multi-cluster deployment (optional) + + ## Usage + + ```python + params = FabricsEndpointParams(cluster_name="cluster1") + query_string = params.to_query_string() + # Returns: "clusterName=cluster1" + ``` + """ + + cluster_name: Optional[str] = Field( + default=None, + min_length=1, + description="Name of the target Nexus Dashboard cluster to execute this API, in a multi-cluster deployment", + ) + + +class _EpManageFabricsBase(FabricNameMixin, NDEndpointBaseModel): + """ + Base class for ND Manage Fabrics endpoints. + + Provides common functionality for all HTTP methods on the + /api/v1/manage/fabrics endpoint. + + Subclasses may override: + - ``_require_fabric_name``: set to ``False`` for collection-level endpoints + (list, create) that do not include a fabric name in the path. + - ``_path_suffix``: set to a non-empty string to append an extra segment + after the fabric name (e.g. ``"summary"``). Only used when + ``_require_fabric_name`` is ``True``. + """ + + _require_fabric_name: ClassVar[bool] = True + _path_suffix: ClassVar[Optional[str]] = None + + endpoint_params: EndpointQueryParams = Field(default_factory=EndpointQueryParams, description="Endpoint-specific query parameters") + + def set_identifiers(self, identifier: IdentifierKey = None): + self.fabric_name = identifier + + @property + def path(self) -> str: + """ + # Summary + + Build the endpoint path with optional fabric name, path suffix, and + query string. + + ## Returns + + - Complete endpoint path string + + ## Raises + + - `ValueError` if `fabric_name` is required but not set + """ + if self._require_fabric_name and self.fabric_name is None: + raise ValueError(f"{type(self).__name__}.path: fabric_name must be set before accessing path.") + segments = ["fabrics"] + if self.fabric_name is not None: + segments.append(self.fabric_name) + if self._path_suffix: + segments.append(self._path_suffix) + base_path = BasePath.path(*segments) + query_string = self.endpoint_params.to_query_string() + if query_string: + return f"{base_path}?{query_string}" + return base_path + + +class EpManageFabricsGet(_EpManageFabricsBase): + """ + # Summary + + ND Manage Fabrics GET Endpoint + + ## Description + + Endpoint to retrieve details for a specific named fabric from the ND Manage service. + The fabric name is a required path parameter. Optionally filter by cluster name + using the clusterName query parameter in multi-cluster deployments. + + ## Path + + - /api/v1/manage/fabrics/{fabric_name} + - /api/v1/manage/fabrics/{fabric_name}?clusterName=cluster1 + + ## Verb + + - GET + + ## Raises + + - `ValueError` if `fabric_name` is not set when accessing `path` + + ## Usage + + ```python + # Get details for a specific fabric + request = EpApiV1ManageFabricsGet() + request.fabric_name = "my-fabric" + path = request.path + verb = request.verb + # Path will be: /api/v1/manage/fabrics/my-fabric + + # Get fabric details targeting a specific cluster in a multi-cluster deployment + request = EpApiV1ManageFabricsGet() + request.fabric_name = "my-fabric" + request.endpoint_params.cluster_name = "cluster1" + path = request.path + verb = request.verb + # Path will be: /api/v1/manage/fabrics/my-fabric?clusterName=cluster1 + ``` + """ + + class_name: Literal["EpApiV1ManageFabricsGet"] = Field(default="EpApiV1ManageFabricsGet", description="Class name for backward compatibility") + + endpoint_params: FabricsEndpointParams = Field(default_factory=FabricsEndpointParams, description="Endpoint-specific query parameters") + + @property + def verb(self) -> HttpVerbEnum: + """Return the HTTP verb for this endpoint.""" + return HttpVerbEnum.GET + + +class FabricsListEndpointParams(EndpointQueryParams): + """ + # Summary + + Query parameters for the ``GET /api/v1/manage/fabrics`` list endpoint. + + ## Parameters + + - cluster_name: Name of the target Nexus Dashboard cluster (multi-cluster deployments) + - category: Filter by fabric category (``"fabric"`` or ``"fabricGroup"``) + - filter: Lucene-format filter string + - max: Maximum number of records to return + - offset: Number of records to skip for pagination + - sort: Sort field with optional ``:desc`` suffix + + ## Usage + + ```python + params = FabricsListEndpointParams(category="fabric", max=10, offset=0) + query_string = params.to_query_string() + # Returns: "category=fabric&max=10&offset=0" + ``` + """ + + cluster_name: Optional[str] = Field( + default=None, + min_length=1, + description="Name of the target Nexus Dashboard cluster to execute this API, in a multi-cluster deployment", + ) + + category: Optional[str] = Field( + default=None, + description="Filter by category of fabric (fabric or fabricGroup)", + ) + + filter: Optional[str] = Field( + default=None, + description="Lucene format filter - Filter the response based on this filter field", + ) + + max: Optional[int] = Field( + default=None, + ge=1, + description="Number of records to return", + ) + + offset: Optional[int] = Field( + default=None, + ge=0, + description="Number of records to skip for pagination", + ) + + sort: Optional[str] = Field( + default=None, + description="Sort the records by the declared fields in either ascending (default) or descending (:desc) order", + ) + + +class EpManageFabricsListGet(_EpManageFabricsBase): + """ + # Summary + + ND Manage Fabrics List GET Endpoint + + ## Description + + Endpoint to list all fabrics from the ND Manage service. + Supports optional query parameters for filtering, pagination, and sorting. + + ## Path + + - ``/api/v1/manage/fabrics`` + - ``/api/v1/manage/fabrics?category=fabric&max=10`` + + ## Verb + + - GET + + ## Raises + + - None + + ## Usage + + ```python + # List all fabrics + ep = EpApiV1ManageFabricsListGet() + path = ep.path + verb = ep.verb + # Path: /api/v1/manage/fabrics + + # List fabrics with filtering and pagination + ep = EpApiV1ManageFabricsListGet() + ep.endpoint_params.category = "fabric" + ep.endpoint_params.max = 10 + path = ep.path + # Path: /api/v1/manage/fabrics?category=fabric&max=10 + ``` + """ + + _require_fabric_name: ClassVar[bool] = False + + class_name: Literal["EpApiV1ManageFabricsListGet"] = Field(default="EpApiV1ManageFabricsListGet", description="Class name for backward compatibility") + + endpoint_params: FabricsListEndpointParams = Field(default_factory=FabricsListEndpointParams, description="Endpoint-specific query parameters") + + @property + def verb(self) -> HttpVerbEnum: + """Return the HTTP verb for this endpoint.""" + return HttpVerbEnum.GET + + +class EpManageFabricsPost(_EpManageFabricsBase): + """ + # Summary + + ND Manage Fabrics POST Endpoint + + ## Description + + Endpoint to create a new fabric via the ND Manage service. + The request body must conform to the ``baseFabric`` schema (discriminated + by ``category``). For standard fabrics the category is ``"fabric"`` and + the body includes ``name`` plus fabric-specific properties such as + ``location``, ``licenseTier``, ``telemetryCollection``, etc. + + ## Path + + - ``/api/v1/manage/fabrics`` + - ``/api/v1/manage/fabrics?clusterName=cluster1`` + + ## Verb + + - POST + + ## Request Body (application/json) + + ``baseFabric`` schema — for a standard fabric use ``category: "fabric"`` + with at minimum: + + - ``name`` (str, required): Name of the fabric + - ``category`` (str, required): ``"fabric"`` + + ## Raises + + - None + + ## Usage + + ```python + ep = EpApiV1ManageFabricsPost() + rest_send.path = ep.path + rest_send.verb = ep.verb + rest_send.payload = { + "name": "my-fabric", + "category": "fabric", + "telemetryCollection": True, + "telemetryCollectionType": "inBand", + } + ``` + """ + + _require_fabric_name: ClassVar[bool] = False + + class_name: Literal["EpApiV1ManageFabricsPost"] = Field(default="EpApiV1ManageFabricsPost", description="Class name for backward compatibility") + + endpoint_params: FabricsEndpointParams = Field(default_factory=FabricsEndpointParams, description="Endpoint-specific query parameters") + + @property + def verb(self) -> HttpVerbEnum: + """Return the HTTP verb for this endpoint.""" + return HttpVerbEnum.POST + + +class EpManageFabricsPut(_EpManageFabricsBase): + """ + # Summary + + ND Manage Fabrics PUT Endpoint + + ## Description + + Endpoint to update an existing fabric via the ND Manage service. + The fabric name is a required path parameter. The request body must + conform to the ``baseFabric`` schema (same shape as POST/create). + + ## Path + + - ``/api/v1/manage/fabrics/{fabric_name}`` + - ``/api/v1/manage/fabrics/{fabric_name}?clusterName=cluster1`` + + ## Verb + + - PUT + + ## Request Body (application/json) + + ``baseFabric`` schema — same as create (POST). + + ## Raises + + - `ValueError` if `fabric_name` is not set when accessing `path` + + ## Usage + + ```python + ep = EpApiV1ManageFabricsPut() + ep.fabric_name = "my-fabric" + rest_send.path = ep.path + rest_send.verb = ep.verb + rest_send.payload = { + "name": "my-fabric", + "category": "fabric", + "telemetryCollection": False, + } + ``` + """ + + class_name: Literal["EpApiV1ManageFabricsPut"] = Field(default="EpApiV1ManageFabricsPut", description="Class name for backward compatibility") + + endpoint_params: FabricsEndpointParams = Field(default_factory=FabricsEndpointParams, description="Endpoint-specific query parameters") + + @property + def verb(self) -> HttpVerbEnum: + """Return the HTTP verb for this endpoint.""" + return HttpVerbEnum.PUT + + +class EpManageFabricsDelete(_EpManageFabricsBase): + """ + # Summary + + ND Manage Fabrics DELETE Endpoint + + ## Description + + Endpoint to delete a specific fabric from the ND Manage service. + The fabric name is a required path parameter. + + ## Path + + - ``/api/v1/manage/fabrics/{fabric_name}`` + - ``/api/v1/manage/fabrics/{fabric_name}?clusterName=cluster1`` + + ## Verb + + - DELETE + + ## Raises + + - `ValueError` if `fabric_name` is not set when accessing `path` + + ## Usage + + ```python + ep = EpApiV1ManageFabricsDelete() + ep.fabric_name = "my-fabric" + rest_send.path = ep.path + rest_send.verb = ep.verb + ``` + """ + + class_name: Literal["EpApiV1ManageFabricsDelete"] = Field(default="EpApiV1ManageFabricsDelete", description="Class name for backward compatibility") + + endpoint_params: FabricsEndpointParams = Field(default_factory=FabricsEndpointParams, description="Endpoint-specific query parameters") + + @property + def verb(self) -> HttpVerbEnum: + """Return the HTTP verb for this endpoint.""" + return HttpVerbEnum.DELETE + + +class EpManageFabricsSummaryGet(_EpManageFabricsBase): + """ + # Summary + + ND Manage Fabrics Summary GET Endpoint + + ## Description + + Endpoint to retrieve summary information for a specific fabric from + the ND Manage service. The fabric name is a required path parameter. + + ## Path + + - ``/api/v1/manage/fabrics/{fabric_name}/summary`` + - ``/api/v1/manage/fabrics/{fabric_name}/summary?clusterName=cluster1`` + + ## Verb + + - GET + + ## Raises + + - `ValueError` if `fabric_name` is not set when accessing `path` + + ## Usage + + ```python + ep = EpApiV1ManageFabricsSummaryGet() + ep.fabric_name = "my-fabric" + path = ep.path + verb = ep.verb + # Path: /api/v1/manage/fabrics/my-fabric/summary + ``` + """ + + class_name: Literal["EpApiV1ManageFabricsSummaryGet"] = Field( + default="EpApiV1ManageFabricsSummaryGet", description="Class name for backward compatibility" + ) + + _path_suffix: ClassVar[Optional[str]] = "summary" + + endpoint_params: FabricsEndpointParams = Field(default_factory=FabricsEndpointParams, description="Endpoint-specific query parameters") + + @property + def verb(self) -> HttpVerbEnum: + """Return the HTTP verb for this endpoint.""" + return HttpVerbEnum.GET diff --git a/plugins/module_utils/models/base.py b/plugins/module_utils/models/base.py index a62a12b1..57689c3a 100644 --- a/plugins/module_utils/models/base.py +++ b/plugins/module_utils/models/base.py @@ -196,16 +196,26 @@ def to_diff_dict(self, **kwargs) -> Dict[str, Any]: **kwargs, ) - def get_diff(self, other: "NDBaseModel") -> bool: - """Diff comparison.""" + def get_diff(self, other: "NDBaseModel", exclude_unset: bool = False) -> bool: + """Diff comparison. + + Args: + other: The model to compare against. + exclude_unset: When True, only compare fields explicitly set in + ``other`` (via Pydantic's ``exclude_unset``). This prevents + default values from triggering false diffs during merge + operations. + """ self_data = self.to_diff_dict() - other_data = other.to_diff_dict() + other_data = other.to_diff_dict(exclude_unset=exclude_unset) return issubset(other_data, self_data) def merge(self, other: "NDBaseModel") -> "NDBaseModel": """ - Merge another model's non-None values into this instance. + Merge another model's explicitly set, non-None values into this instance. Recursively merges nested NDBaseModel fields. + Only fields present in ``other.model_fields_set`` are applied so that + Pydantic default values do not overwrite existing configuration. Returns self for chaining. """ @@ -216,6 +226,10 @@ def merge(self, other: "NDBaseModel") -> "NDBaseModel": if value is None: continue + # Only merge fields that were explicitly provided, not defaults + if field_name not in other.model_fields_set: + continue + current = getattr(self, field_name) if isinstance(current, NDBaseModel) and isinstance(value, NDBaseModel): current.merge(value) diff --git a/plugins/module_utils/models/manage_fabric/enums.py b/plugins/module_utils/models/manage_fabric/enums.py new file mode 100644 index 00000000..8bb17076 --- /dev/null +++ b/plugins/module_utils/models/manage_fabric/enums.py @@ -0,0 +1,416 @@ +# -*- coding: utf-8 -*- +# pylint: disable=wrong-import-position +# pylint: disable=missing-module-docstring +# Copyright: (c) 2026, Mike Wiebe (@mwiebe) +# GNU General Public License v3.0+ (see LICENSE or https://www.gnu.org/licenses/gpl-3.0.txt) +""" +# Summary + +Enum definitions for Nexus Dashboard Ansible modules. + +## Enums + +- HttpVerbEnum: Enum for HTTP verb values used in endpoints. +- OperationType: Enum for operation types used by Results to determine if changes have occurred. +""" + +from __future__ import annotations + +__metaclass__ = type + +from enum import Enum + + +class FabricTypeEnum(str, Enum): + """ + # Summary + + Enumeration of supported fabric types for discriminated union. + + ## Values + + - `VXLAN_IBGP` - VXLAN fabric with iBGP overlay + - `VXLAN_EBGP` - VXLAN fabric with eBGP overlay + """ + + VXLAN_IBGP = "vxlanIbgp" + VXLAN_EBGP = "vxlanEbgp" + EXTERNAL_CONNECTIVITY = "externalConnectivity" + + +class AlertSuspendEnum(str, Enum): + """ + # Summary + + Enumeration for alert suspension states. + + ## Values + + - `ENABLED` - Alerts are enabled + - `DISABLED` - Alerts are disabled + """ + + ENABLED = "enabled" + DISABLED = "disabled" + + +class LicenseTierEnum(str, Enum): + """ + # Summary + + Enumeration for license tier options. + + ## Values + + - `ESSENTIALS` - Essentials license tier + - `ADVANTAGE` - Advantage license tier + - `PREMIER` - Premier license tier + """ + + ESSENTIALS = "essentials" + ADVANTAGE = "advantage" + PREMIER = "premier" + + +class ReplicationModeEnum(str, Enum): + """ + # Summary + + Enumeration for replication modes. + + ## Values + + - `MULTICAST` - Multicast replication + - `INGRESS` - Ingress replication + """ + + MULTICAST = "multicast" + INGRESS = "ingress" + + +class OverlayModeEnum(str, Enum): + """ + # Summary + + Enumeration for overlay modes. + + ## Values + + - `CLI` - CLI based configuration + - `CONFIG_PROFILE` - Configuration profile based + """ + + CLI = "cli" + CONFIG_PROFILE = "config-profile" + + +class LinkStateRoutingProtocolEnum(str, Enum): + """ + # Summary + + Enumeration for underlay routing protocols. + + ## Values + + - `OSPF` - Open Shortest Path First + - `ISIS` - Intermediate System to Intermediate System + """ + + OSPF = "ospf" + ISIS = "isis" + + +class CoppPolicyEnum(str, Enum): + """ + # Summary + + Enumeration for CoPP policy options. + """ + + DENSE = "dense" + LENIENT = "lenient" + MODERATE = "moderate" + STRICT = "strict" + MANUAL = "manual" + + +class FabricInterfaceTypeEnum(str, Enum): + """ + # Summary + + Enumeration for fabric interface types. + """ + + P2P = "p2p" + UNNUMBERED = "unNumbered" + + +class GreenfieldDebugFlagEnum(str, Enum): + """ + # Summary + + Enumeration for greenfield debug flag. + """ + + ENABLE = "enable" + DISABLE = "disable" + + +class IsisLevelEnum(str, Enum): + """ + # Summary + + Enumeration for IS-IS levels. + """ + + LEVEL_1 = "level-1" + LEVEL_2 = "level-2" + + +class SecurityGroupStatusEnum(str, Enum): + """ + # Summary + + Enumeration for security group status. + """ + + ENABLED = "enabled" + ENABLED_STRICT = "enabledStrict" + ENABLED_LOOSE = "enabledLoose" + ENABLE_PENDING = "enablePending" + ENABLE_PENDING_STRICT = "enablePendingStrict" + ENABLE_PENDING_LOOSE = "enablePendingLoose" + DISABLE_PENDING = "disablePending" + DISABLED = "disabled" + + +class StpRootOptionEnum(str, Enum): + """ + # Summary + + Enumeration for STP root options. + """ + + RPVST_PLUS = "rpvst+" + MST = "mst" + UNMANAGED = "unmanaged" + + +class VpcPeerKeepAliveOptionEnum(str, Enum): + """ + # Summary + + Enumeration for vPC peer keep-alive options. + """ + + LOOPBACK = "loopback" + MANAGEMENT = "management" + + +class DhcpProtocolVersionEnum(str, Enum): + """ + # Summary + + Enumeration for DHCP protocol version options. + """ + + DHCPV4 = "dhcpv4" + DHCPV6 = "dhcpv6" + + +class PowerRedundancyModeEnum(str, Enum): + """ + # Summary + + Enumeration for power redundancy mode options. + """ + + REDUNDANT = "redundant" + COMBINED = "combined" + INPUT_SRC_REDUNDANT = "inputSrcRedundant" + + +class BgpAsModeEnum(str, Enum): + """ + # Summary + + Enumeration for eBGP BGP AS mode options. + """ + + MULTI_AS = "multiAS" + SAME_TIER_AS = "sameTierAS" + + +class FirstHopRedundancyProtocolEnum(str, Enum): + """ + # Summary + + Enumeration for first-hop redundancy protocol options. + """ + + HSRP = "hsrp" + VRRP = "vrrp" + + +class AimlQosPolicyEnum(str, Enum): + """ + # Summary + + Enumeration for AI/ML QoS policy options based on fabric link speed. + """ + + V_800G = "800G" + V_400G = "400G" + V_100G = "100G" + V_25G = "25G" + USER_DEFINED = "User-defined" + + +class AllowVlanOnLeafTorPairingEnum(str, Enum): + """ + # Summary + + Enumeration for allowed VLAN on leaf-TOR pairing port-channels. + """ + + NONE = "none" + ALL = "all" + + +class BgpAuthenticationKeyTypeEnum(str, Enum): + """ + # Summary + + Enumeration for BGP authentication key encryption types. + """ + + THREE_DES = "3des" + TYPE6 = "type6" + TYPE7 = "type7" + + +class DlbMixedModeDefaultEnum(str, Enum): + """ + # Summary + + Enumeration for DLB mixed mode default options. + """ + + ECMP = "ecmp" + FLOWLET = "flowlet" + PER_PACKET = "per-packet" + + +class DlbModeEnum(str, Enum): + """ + # Summary + + Enumeration for DLB mode options. + """ + + FLOWLET = "flowlet" + PER_PACKET = "per-packet" + POLICY_DRIVEN_FLOWLET = "policy-driven-flowlet" + POLICY_DRIVEN_PER_PACKET = "policy-driven-per-packet" + POLICY_DRIVEN_MIXED_MODE = "policy-driven-mixed-mode" + + +class MacsecAlgorithmEnum(str, Enum): + """ + # Summary + + Enumeration for MACsec cryptographic algorithm options. + """ + + AES_128_CMAC = "AES_128_CMAC" + AES_256_CMAC = "AES_256_CMAC" + + +class MacsecCipherSuiteEnum(str, Enum): + """ + # Summary + + Enumeration for MACsec cipher suite options. + """ + + GCM_AES_128 = "GCM-AES-128" + GCM_AES_256 = "GCM-AES-256" + GCM_AES_XPN_128 = "GCM-AES-XPN-128" + GCM_AES_XPN_256 = "GCM-AES-XPN-256" + + +class RendezvousPointCountEnum(int, Enum): + """ + # Summary + + Enumeration for number of spines acting as Rendezvous-Points. + """ + + TWO = 2 + FOUR = 4 + + +class RendezvousPointModeEnum(str, Enum): + """ + # Summary + + Enumeration for multicast rendezvous point mode. + """ + + ASM = "asm" + BIDIR = "bidir" + + +class RouteReflectorCountEnum(int, Enum): + """ + # Summary + + Enumeration for number of spines acting as Route-Reflectors. + """ + + TWO = 2 + FOUR = 4 + + +class UnderlayMulticastGroupAddressLimitEnum(int, Enum): + """ + # Summary + + Enumeration for underlay multicast group address limit. + """ + + V_128 = 128 + V_512 = 512 + + +class TelemetryCollectionTypeEnum(str, Enum): + """ + # Summary + + Enumeration for telemetry collection method options. + """ + + IN_BAND = "inBand" + OUT_OF_BAND = "outOfBand" + + +class TelemetryStreamingProtocolEnum(str, Enum): + """ + # Summary + + Enumeration for telemetry streaming protocol options. + """ + + IPV4 = "ipv4" + IPV6 = "ipv6" + + +class VrfLiteAutoConfigEnum(str, Enum): + """ + # Summary + + Enumeration for VRF Lite auto-config deployment options. + """ + + MANUAL = "manual" + BACK2BACK_AND_TO_EXTERNAL = "back2BackAndToExternal" diff --git a/plugins/module_utils/models/manage_fabric/manage_fabric_common.py b/plugins/module_utils/models/manage_fabric/manage_fabric_common.py new file mode 100644 index 00000000..9cb3af47 --- /dev/null +++ b/plugins/module_utils/models/manage_fabric/manage_fabric_common.py @@ -0,0 +1,339 @@ +# -*- coding: utf-8 -*- + +# Copyright: (c) 2026, Mike Wiebe (@mwiebe) + +# GNU General Public License v3.0+ (see LICENSE or https://www.gnu.org/licenses/gpl-3.0.txt) + +""" +# Summary + +Common Pydantic models shared across fabric types (iBGP, eBGP, External Connectivity). + +## Models + +- `LocationModel` - Geographic location coordinates +- `NetflowExporterModel` - Netflow exporter configuration +- `NetflowRecordModel` - Netflow record configuration +- `NetflowMonitorModel` - Netflow monitor configuration +- `NetflowSettingsModel` - Complete netflow settings +- `BootstrapSubnetModel` - Bootstrap subnet configuration +- `TelemetryFlowCollectionModel` - Telemetry flow collection settings +- `TelemetryMicroburstModel` - Microburst detection configuration +- `TelemetryAnalysisSettingsModel` - Telemetry analysis configuration +- `TelemetryEnergyManagementModel` - Energy management telemetry +- `TelemetryNasExportSettingsModel` - NAS export settings +- `TelemetryNasModel` - NAS telemetry configuration +- `TelemetrySettingsModel` - Complete telemetry configuration +- `ExternalStreamingSettingsModel` - External streaming configuration +""" + +from __future__ import absolute_import, division, print_function + +__metaclass__ = type + +import re +from typing import List, Dict, Any, Optional + +from ansible_collections.cisco.nd.plugins.module_utils.models.nested import NDNestedModel +from ansible_collections.cisco.nd.plugins.module_utils.common.pydantic_compat import ( + ConfigDict, + Field, +) + +# Regex from OpenAPI schema: bgpAsn accepts plain integers (1-4294967295) and +# dotted four-byte ASN notation (1-65535).(0-65535) +BGP_ASN_RE = re.compile( + r"^(([1-9]{1}[0-9]{0,8}|[1-3]{1}[0-9]{1,9}|[4]{1}([0-1]{1}[0-9]{8}" + r"|[2]{1}([0-8]{1}[0-9]{7}|[9]{1}([0-3]{1}[0-9]{6}|[4]{1}([0-8]{1}[0-9]{5}" + r"|[9]{1}([0-5]{1}[0-9]{4}|[6]{1}([0-6]{1}[0-9]{3}|[7]{1}([0-1]{1}[0-9]{2}" + r"|[2]{1}([0-8]{1}[0-9]{1}|[9]{1}[0-5]{1})))))))))" + r"|([1-5]\d{4}|[1-9]\d{0,3}|6[0-4]\d{3}|65[0-4]\d{2}|655[0-2]\d|6553[0-5])" + r"(\.([1-5]\d{4}|[1-9]\d{0,3}|6[0-4]\d{3}|65[0-4]\d{2}|655[0-2]\d|6553[0-5]|0))?)$" +) + + +class LocationModel(NDNestedModel): + """ + # Summary + + Geographic location coordinates for the fabric. + + ## Raises + + - `ValueError` - If latitude or longitude are outside valid ranges + """ + + model_config = ConfigDict(str_strip_whitespace=True, validate_assignment=True, populate_by_name=True, extra="allow") + + latitude: float = Field(description="Latitude coordinate (-90 to 90)", ge=-90.0, le=90.0) + longitude: float = Field(description="Longitude coordinate (-180 to 180)", ge=-180.0, le=180.0) + + +class NetflowExporterModel(NDNestedModel): + """ + # Summary + + Netflow exporter configuration for telemetry. + + ## Raises + + - `ValueError` - If UDP port is outside valid range or IP address is invalid + """ + + model_config = ConfigDict(str_strip_whitespace=True, validate_assignment=True, populate_by_name=True, extra="allow") + + exporter_name: str = Field(alias="exporterName", description="Name of the netflow exporter") + exporter_ip: str = Field(alias="exporterIp", description="IP address of the netflow collector") + vrf: str = Field(description="VRF name for the exporter", default="management") + source_interface_name: str = Field(alias="sourceInterfaceName", description="Source interface name") + udp_port: Optional[int] = Field(alias="udpPort", description="UDP port for netflow export", ge=1, le=65535, default=None) + + +class NetflowRecordModel(NDNestedModel): + """ + # Summary + + Netflow record configuration defining flow record templates. + + ## Raises + + None + """ + + model_config = ConfigDict(str_strip_whitespace=True, validate_assignment=True, populate_by_name=True, extra="allow") + + record_name: str = Field(alias="recordName", description="Name of the netflow record") + record_template: str = Field(alias="recordTemplate", description="Template type for the record") + layer2_record: bool = Field(alias="layer2Record", description="Enable layer 2 record fields", default=False) + + +class NetflowMonitorModel(NDNestedModel): + """ + # Summary + + Netflow monitor configuration linking records to exporters. + + ## Raises + + None + """ + + model_config = ConfigDict(str_strip_whitespace=True, validate_assignment=True, populate_by_name=True, extra="allow") + + monitor_name: str = Field(alias="monitorName", description="Name of the netflow monitor") + record_name: str = Field(alias="recordName", description="Associated record name") + exporter1_name: str = Field(alias="exporter1Name", description="Primary exporter name") + exporter2_name: str = Field(alias="exporter2Name", description="Secondary exporter name", default="") + + +class NetflowSettingsModel(NDNestedModel): + """ + # Summary + + Complete netflow configuration including exporters, records, and monitors. + + ## Raises + + - `ValueError` - If netflow lists are inconsistent with netflow enabled state + """ + + model_config = ConfigDict(str_strip_whitespace=True, validate_assignment=True, populate_by_name=True, extra="allow") + + netflow: bool = Field(description="Enable netflow collection", default=False) + netflow_exporter_collection: List[NetflowExporterModel] = Field( + alias="netflowExporterCollection", description="List of netflow exporters", default_factory=list + ) + netflow_record_collection: List[NetflowRecordModel] = Field(alias="netflowRecordCollection", description="List of netflow records", default_factory=list) + netflow_monitor_collection: List[NetflowMonitorModel] = Field( + alias="netflowMonitorCollection", description="List of netflow monitors", default_factory=list + ) + + +class BootstrapSubnetModel(NDNestedModel): + """ + # Summary + + Bootstrap subnet configuration for fabric initialization. + + ## Raises + + - `ValueError` - If IP addresses or subnet prefix are invalid + """ + + model_config = ConfigDict(str_strip_whitespace=True, validate_assignment=True, populate_by_name=True, extra="allow") + + start_ip: str = Field(alias="startIp", description="Starting IP address of the bootstrap range") + end_ip: str = Field(alias="endIp", description="Ending IP address of the bootstrap range") + default_gateway: str = Field(alias="defaultGateway", description="Default gateway for bootstrap subnet") + subnet_prefix: int = Field(alias="subnetPrefix", description="Subnet prefix length", ge=8, le=30) + + +class TelemetryFlowCollectionModel(NDNestedModel): + """ + # Summary + + Telemetry flow collection configuration. + + ## Raises + + None + """ + + model_config = ConfigDict(str_strip_whitespace=True, validate_assignment=True, populate_by_name=True, extra="allow") + + traffic_analytics: str = Field(alias="trafficAnalytics", description="Traffic analytics state", default="enabled") + traffic_analytics_scope: str = Field(alias="trafficAnalyticsScope", description="Traffic analytics scope", default="intraFabric") + operating_mode: str = Field(alias="operatingMode", description="Operating mode", default="flowTelemetry") + udp_categorization: str = Field(alias="udpCategorization", description="UDP categorization", default="enabled") + + +class TelemetryMicroburstModel(NDNestedModel): + """ + # Summary + + Microburst detection configuration. + + ## Raises + + None + """ + + model_config = ConfigDict(str_strip_whitespace=True, validate_assignment=True, populate_by_name=True, extra="allow") + + microburst: bool = Field(description="Enable microburst detection", default=False) + sensitivity: str = Field(description="Microburst sensitivity level", default="low") + + +class TelemetryAnalysisSettingsModel(NDNestedModel): + """ + # Summary + + Telemetry analysis configuration. + + ## Raises + + None + """ + + model_config = ConfigDict(str_strip_whitespace=True, validate_assignment=True, populate_by_name=True, extra="allow") + + is_enabled: bool = Field(alias="isEnabled", description="Enable telemetry analysis", default=False) + + +class TelemetryEnergyManagementModel(NDNestedModel): + """ + # Summary + + Energy management telemetry configuration. + + ## Raises + + None + """ + + model_config = ConfigDict(str_strip_whitespace=True, validate_assignment=True, populate_by_name=True, extra="allow") + + cost: float = Field(description="Energy cost per unit", default=1.2) + + +class TelemetryNasExportSettingsModel(NDNestedModel): + """ + # Summary + + NAS export settings for telemetry. + + ## Raises + + None + """ + + model_config = ConfigDict(str_strip_whitespace=True, validate_assignment=True, populate_by_name=True, extra="allow") + + export_type: str = Field(alias="exportType", description="Export type", default="full") + export_format: str = Field(alias="exportFormat", description="Export format", default="json") + + +class TelemetryNasModel(NDNestedModel): + """ + # Summary + + NAS (Network Attached Storage) telemetry configuration. + + ## Raises + + None + """ + + model_config = ConfigDict(str_strip_whitespace=True, validate_assignment=True, populate_by_name=True, extra="allow") + + server: str = Field(description="NAS server address", default="") + export_settings: TelemetryNasExportSettingsModel = Field( + alias="exportSettings", description="NAS export settings", default_factory=TelemetryNasExportSettingsModel + ) + + +class TelemetrySettingsModel(NDNestedModel): + """ + # Summary + + Complete telemetry configuration for the fabric. + + ## Raises + + None + """ + + model_config = ConfigDict(str_strip_whitespace=True, validate_assignment=True, populate_by_name=True, extra="allow") + + flow_collection: TelemetryFlowCollectionModel = Field( + alias="flowCollection", description="Flow collection settings", default_factory=TelemetryFlowCollectionModel + ) + microburst: TelemetryMicroburstModel = Field(description="Microburst detection settings", default_factory=TelemetryMicroburstModel) + analysis_settings: TelemetryAnalysisSettingsModel = Field( + alias="analysisSettings", description="Analysis settings", default_factory=TelemetryAnalysisSettingsModel + ) + nas: TelemetryNasModel = Field(description="NAS telemetry configuration", default_factory=TelemetryNasModel) + energy_management: TelemetryEnergyManagementModel = Field( + alias="energyManagement", description="Energy management settings", default_factory=TelemetryEnergyManagementModel + ) + + +class ExternalStreamingSettingsModel(NDNestedModel): + """ + # Summary + + External streaming configuration for events and data export. + + ## Raises + + None + """ + + model_config = ConfigDict(str_strip_whitespace=True, validate_assignment=True, populate_by_name=True, extra="allow") + + email: List[Dict[str, Any]] = Field(description="Email streaming configuration", default_factory=list) + message_bus: List[Dict[str, Any]] = Field(alias="messageBus", description="Message bus configuration", default_factory=list) + syslog: Dict[str, Any] = Field( + description="Syslog streaming configuration", default_factory=lambda: {"collectionSettings": {"anomalies": []}, "facility": "", "servers": []} + ) + webhooks: List[Dict[str, Any]] = Field(description="Webhook configuration", default_factory=list) + + +# Export all models for external use +__all__ = [ + "LocationModel", + "NetflowExporterModel", + "NetflowRecordModel", + "NetflowMonitorModel", + "NetflowSettingsModel", + "BootstrapSubnetModel", + "TelemetryFlowCollectionModel", + "TelemetryMicroburstModel", + "TelemetryAnalysisSettingsModel", + "TelemetryEnergyManagementModel", + "TelemetryNasExportSettingsModel", + "TelemetryNasModel", + "TelemetrySettingsModel", + "ExternalStreamingSettingsModel", + "BGP_ASN_RE", +] diff --git a/plugins/module_utils/models/manage_fabric/manage_fabric_ebgp.py b/plugins/module_utils/models/manage_fabric/manage_fabric_ebgp.py new file mode 100644 index 00000000..77aef7f4 --- /dev/null +++ b/plugins/module_utils/models/manage_fabric/manage_fabric_ebgp.py @@ -0,0 +1,929 @@ +# -*- coding: utf-8 -*- + +# Copyright: (c) 2026, Mike Wiebe (@mwiebe) + +# GNU General Public License v3.0+ (see LICENSE or https://www.gnu.org/licenses/gpl-3.0.txt) + +from __future__ import absolute_import, division, print_function + +__metaclass__ = type + +import re +from typing import List, Dict, Any, Optional, ClassVar, Literal + +from ansible_collections.cisco.nd.plugins.module_utils.models.base import NDBaseModel +from ansible_collections.cisco.nd.plugins.module_utils.models.nested import NDNestedModel +from ansible_collections.cisco.nd.plugins.module_utils.common.pydantic_compat import ( + ConfigDict, + Field, + field_validator, + model_validator, +) +from ansible_collections.cisco.nd.plugins.module_utils.models.manage_fabric.enums import ( + FabricTypeEnum, + AlertSuspendEnum, + LicenseTierEnum, + OverlayModeEnum, + ReplicationModeEnum, + CoppPolicyEnum, + GreenfieldDebugFlagEnum, + VpcPeerKeepAliveOptionEnum, + BgpAsModeEnum, + FirstHopRedundancyProtocolEnum, + AimlQosPolicyEnum, + AllowVlanOnLeafTorPairingEnum, + BgpAuthenticationKeyTypeEnum, + DhcpProtocolVersionEnum, + DlbMixedModeDefaultEnum, + DlbModeEnum, + MacsecAlgorithmEnum, + MacsecCipherSuiteEnum, + PowerRedundancyModeEnum, + RendezvousPointCountEnum, + RendezvousPointModeEnum, + UnderlayMulticastGroupAddressLimitEnum, + VrfLiteAutoConfigEnum, +) + +# Re-use shared nested models from the common module +from ansible_collections.cisco.nd.plugins.module_utils.models.manage_fabric.manage_fabric_common import ( + BGP_ASN_RE, + LocationModel, + NetflowSettingsModel, + BootstrapSubnetModel, + TelemetrySettingsModel, + ExternalStreamingSettingsModel, +) + +""" +# Comprehensive Pydantic models for eBGP VXLAN fabric management via Nexus Dashboard + +This module provides Pydantic models for creating, updating, and deleting +eBGP VXLAN fabrics through the Nexus Dashboard Fabric Controller (NDFC) API. + +## Models Overview + +- `VxlanEbgpManagementModel` - eBGP VXLAN specific management settings +- `FabricEbgpModel` - Complete fabric creation model for eBGP fabrics +- `FabricEbgpDeleteModel` - Fabric deletion model + +## Usage + +```python +# Create a new eBGP VXLAN fabric +fabric_data = { + "name": "MyEbgpFabric", + "management": { + "type": "vxlanEbgp", + "bgpAsnAutoAllocation": True, + "bgpAsnRange": "65000-65535" + } +} +fabric = FabricEbgpModel(**fabric_data) +``` +""" + + +class VxlanEbgpManagementModel(NDNestedModel): + """ + # Summary + + Comprehensive eBGP VXLAN fabric management configuration. + + This model contains all settings specific to eBGP VXLAN fabric types including + overlay configuration, BGP AS allocation, multicast settings, and advanced features. + + ## Raises + + - `ValueError` - If BGP ASN, VLAN ranges, or IP ranges are invalid + - `TypeError` - If required string fields are not provided + """ + + model_config = ConfigDict(str_strip_whitespace=True, validate_assignment=True, populate_by_name=True, extra="allow") + + # Fabric Type (required for discriminated union) + type: Literal[FabricTypeEnum.VXLAN_EBGP] = Field(description="Type of the fabric", default=FabricTypeEnum.VXLAN_EBGP) + + # Core eBGP Configuration + bgp_asn: Optional[str] = Field( + alias="bgpAsn", description="BGP Autonomous System Number 1-4294967295 | 1-65535[.0-65535]. Optional when bgpAsnAutoAllocation is True.", default=None + ) + site_id: Optional[str] = Field(alias="siteId", description="For EVPN Multi-Site Support. Defaults to Fabric ASN", default="") + bgp_as_mode: BgpAsModeEnum = Field( + alias="bgpAsMode", + description=( + "Multi-AS Unique ASN per Leaf/Border/Border Gateway (Borders and border gateways are " + "allowed to share ASN). Same-Tier-AS Leafs share one ASN, Borders/border gateways share one ASN" + ), + default=BgpAsModeEnum.MULTI_AS, + ) + bgp_asn_auto_allocation: bool = Field( + alias="bgpAsnAutoAllocation", + description=("Automatically allocate and track BGP ASN for leafs, borders and border gateways " "in Multi-AS mode"), + default=True, + ) + bgp_asn_range: Optional[str] = Field( + alias="bgpAsnRange", description=("BGP ASN range for auto-allocation " "(minimum: 1 or 1.0, maximum: 4294967295 or 65535.65535)"), default=None + ) + bgp_allow_as_in_num: int = Field(alias="bgpAllowAsInNum", description="Number of occurrences of ASN allowed in the BGP AS-path", default=1) + bgp_max_path: int = Field(alias="bgpMaxPath", description="BGP Maximum Paths", default=4) + bgp_underlay_failure_protect: bool = Field(alias="bgpUnderlayFailureProtect", description="Enable BGP underlay failure protection", default=False) + auto_configure_ebgp_evpn_peering: bool = Field( + alias="autoConfigureEbgpEvpnPeering", description=("Automatically configure eBGP EVPN overlay peering between leaf and spine switches"), default=True + ) + allow_leaf_same_as: bool = Field(alias="allowLeafSameAs", description="Leafs can have same BGP ASN even when AS mode is Multi-AS", default=False) + assign_ipv4_to_loopback0: bool = Field( + alias="assignIpv4ToLoopback0", + description=( + "In an IPv6 routed fabric or VXLAN EVPN fabric with IPv6 underlay, assign IPv4 address " "used for BGP Router ID to the routing loopback interface" + ), + default=True, + ) + evpn: bool = Field(description=("Enable BGP EVPN as the control plane and VXLAN as the data plane for this fabric"), default=True) + route_map_tag: int = Field(alias="routeMapTag", description="Tag for Route Map FABRIC-RMAP-REDIST-SUBNET. (Min:0, Max:4294967295)", default=12345) + disable_route_map_tag: bool = Field(alias="disableRouteMapTag", description="No match tag for Route Map FABRIC-RMAP-REDIST-SUBNET", default=False) + leaf_bgp_as: Optional[str] = Field(alias="leafBgpAs", description="Autonomous system number 1-4294967295 | 1-65535[.0-65535]", default=None) + border_bgp_as: Optional[str] = Field(alias="borderBgpAs", description="Autonomous system number 1-4294967295 | 1-65535[.0-65535]", default=None) + super_spine_bgp_as: Optional[str] = Field(alias="superSpineBgpAs", description="Autonomous system number 1-4294967295 | 1-65535[.0-65535]", default=None) + + # Propagated from FabricEbgpModel + name: Optional[str] = Field(description="Fabric name", min_length=1, max_length=64, default="") + + # Network Addressing + bgp_loopback_id: int = Field(alias="bgpLoopbackId", description="Underlay Routing Loopback Id", ge=0, le=1023, default=0) + bgp_loopback_ip_range: str = Field(alias="bgpLoopbackIpRange", description="Typically Loopback0 IP Address Range", default="10.2.0.0/22") + bgp_loopback_ipv6_range: str = Field(alias="bgpLoopbackIpv6Range", description="Typically Loopback0 IPv6 Address Range", default="fd00::a02:0/119") + nve_loopback_id: int = Field( + alias="nveLoopbackId", + description=("Underlay VTEP loopback Id associated with the Network Virtualization Edge (nve) interface"), + ge=0, + le=1023, + default=1, + ) + nve_loopback_ip_range: str = Field(alias="nveLoopbackIpRange", description="Typically Loopback1 IP Address Range", default="10.3.0.0/22") + nve_loopback_ipv6_range: str = Field( + alias="nveLoopbackIpv6Range", description="Typically Loopback1 and Anycast Loopback IPv6 Address Range", default="fd00::a03:0/118" + ) + anycast_loopback_id: int = Field( + alias="anycastLoopbackId", description="Underlay Anycast Loopback Id. Used for vPC Peering in VXLANv6 Fabrics", default=10 + ) + anycast_rendezvous_point_ip_range: str = Field( + alias="anycastRendezvousPointIpRange", description="Anycast or Phantom RP IP Address Range", default="10.254.254.0/24" + ) + ipv6_anycast_rendezvous_point_ip_range: str = Field( + alias="ipv6AnycastRendezvousPointIpRange", description="Anycast RP IPv6 Address Range", default="fd00::254:254:0/118" + ) + intra_fabric_subnet_range: str = Field( + alias="intraFabricSubnetRange", description="Address range to assign numbered and peer link SVI IPs", default="10.4.0.0/16" + ) + + # VLAN and VNI Ranges + l2_vni_range: str = Field(alias="l2VniRange", description="Overlay network identifier range (minimum: 1, maximum: 16777214)", default="30000-49000") + l3_vni_range: str = Field(alias="l3VniRange", description="Overlay VRF identifier range (minimum: 1, maximum: 16777214)", default="50000-59000") + network_vlan_range: str = Field( + alias="networkVlanRange", description="Per Switch Overlay Network VLAN Range (minimum: 2, maximum: 4094)", default="2300-2999" + ) + vrf_vlan_range: str = Field(alias="vrfVlanRange", description="Per Switch Overlay VRF VLAN Range (minimum: 2, maximum: 4094)", default="2000-2299") + + # Overlay Configuration + overlay_mode: OverlayModeEnum = Field( + alias="overlayMode", description="Overlay Mode. VRF/Network configuration using config-profile or CLI", default=OverlayModeEnum.CLI + ) + replication_mode: ReplicationModeEnum = Field( + alias="replicationMode", description="Replication Mode for BUM Traffic", default=ReplicationModeEnum.MULTICAST + ) + multicast_group_subnet: str = Field( + alias="multicastGroupSubnet", + description=("Multicast pool prefix between 8 to 30. A multicast group ipv4 from this pool " "is used for BUM traffic for each overlay network."), + default="239.1.1.0/25", + ) + auto_generate_multicast_group_address: bool = Field( + alias="autoGenerateMulticastGroupAddress", + description=("Generate a new multicast group address from the multicast pool using a round-robin approach"), + default=False, + ) + underlay_multicast_group_address_limit: UnderlayMulticastGroupAddressLimitEnum = Field( + alias="underlayMulticastGroupAddressLimit", + description=("The maximum supported value is 128 for NX-OS version 10.2(1) or earlier " "and 512 for versions above 10.2(1)"), + default=UnderlayMulticastGroupAddressLimitEnum.V_128, + ) + tenant_routed_multicast: bool = Field(alias="tenantRoutedMulticast", description="For Overlay ipv4 Multicast Support In VXLAN Fabrics", default=False) + tenant_routed_multicast_ipv6: bool = Field( + alias="tenantRoutedMulticastIpv6", description="For Overlay IPv6 Multicast Support In VXLAN Fabrics", default=False + ) + first_hop_redundancy_protocol: FirstHopRedundancyProtocolEnum = Field( + alias="firstHopRedundancyProtocol", description="First Hop Redundancy Protocol HSRP or VRRP", default=FirstHopRedundancyProtocolEnum.HSRP + ) + + # Multicast / Rendezvous Point + rendezvous_point_count: RendezvousPointCountEnum = Field( + alias="rendezvousPointCount", description="Number of spines acting as Rendezvous-Points (RPs)", default=RendezvousPointCountEnum.TWO + ) + rendezvous_point_loopback_id: int = Field(alias="rendezvousPointLoopbackId", description="Rendezvous point loopback Id", default=254) + rendezvous_point_mode: RendezvousPointModeEnum = Field( + alias="rendezvousPointMode", description="Multicast rendezvous point Mode. For ipv6 underlay, please use asm only", default=RendezvousPointModeEnum.ASM + ) + phantom_rendezvous_point_loopback_id1: int = Field( + alias="phantomRendezvousPointLoopbackId1", description="Underlay phantom rendezvous point loopback primary Id for PIM Bi-dir deployments", default=2 + ) + phantom_rendezvous_point_loopback_id2: int = Field( + alias="phantomRendezvousPointLoopbackId2", description="Underlay phantom rendezvous point loopback secondary Id for PIM Bi-dir deployments", default=3 + ) + phantom_rendezvous_point_loopback_id3: int = Field( + alias="phantomRendezvousPointLoopbackId3", description="Underlay phantom rendezvous point loopback tertiary Id for PIM Bi-dir deployments", default=4 + ) + phantom_rendezvous_point_loopback_id4: int = Field( + alias="phantomRendezvousPointLoopbackId4", + description=("Underlay phantom rendezvous point loopback quaternary Id for PIM Bi-dir deployments"), + default=5, + ) + l3vni_multicast_group: str = Field( + alias="l3vniMulticastGroup", description="Default Underlay Multicast group IPv4 address assigned for every overlay VRF", default="239.1.1.0" + ) + l3_vni_ipv6_multicast_group: str = Field( + alias="l3VniIpv6MulticastGroup", description="Default Underlay Multicast group IP6 address assigned for every overlay VRF", default="ff1e::" + ) + ipv6_multicast_group_subnet: str = Field( + alias="ipv6MulticastGroupSubnet", description="IPv6 Multicast address with prefix 112 to 128", default="ff1e::/121" + ) + mvpn_vrf_route_import_id: bool = Field( + alias="mvpnVrfRouteImportId", description="Enable MVPN VRI ID Generation For Tenant Routed Multicast With IPv4 Underlay", default=True + ) + mvpn_vrf_route_import_id_range: Optional[str] = Field( + alias="mvpnVrfRouteImportIdRange", + description=( + "MVPN VRI ID (minimum: 1, maximum: 65535) for vPC, applicable when TRM enabled " + "with IPv6 underlay, or mvpnVrfRouteImportId enabled with IPv4 underlay" + ), + default=None, + ) + vrf_route_import_id_reallocation: bool = Field( + alias="vrfRouteImportIdReallocation", description="One time VRI ID re-allocation based on 'MVPN VRI ID Range'", default=False + ) + + # Advanced Features + anycast_gateway_mac: str = Field(alias="anycastGatewayMac", description="Shared anycast gateway MAC address for all VTEPs", default="2020.0000.00aa") + target_subnet_mask: int = Field(alias="targetSubnetMask", description="Mask for underlay subnet IP range", ge=24, le=31, default=30) + fabric_mtu: int = Field(alias="fabricMtu", description="Intra Fabric Interface MTU. Must be an even number", ge=1500, le=9216, default=9216) + l2_host_interface_mtu: int = Field( + alias="l2HostInterfaceMtu", description="Layer 2 host interface MTU. Must be an even number", ge=1500, le=9216, default=9216 + ) + l3_vni_no_vlan_default_option: bool = Field( + alias="l3VniNoVlanDefaultOption", + description=( + "L3 VNI configuration without VLAN configuration. This value is propagated on vrf " + "creation as the default value of 'Enable L3VNI w/o VLAN' in vrf" + ), + default=False, + ) + underlay_ipv6: bool = Field(alias="underlayIpv6", description="If not enabled, IPv4 underlay is used", default=False) + static_underlay_ip_allocation: bool = Field( + alias="staticUnderlayIpAllocation", description="Checking this will disable Dynamic Underlay IP Address Allocations", default=False + ) + anycast_border_gateway_advertise_physical_ip: bool = Field( + alias="anycastBorderGatewayAdvertisePhysicalIp", + description=("To advertise Anycast Border Gateway PIP as VTEP. " "Effective on MSD fabric 'Recalculate Config'"), + default=False, + ) + + # VPC Configuration + vpc_domain_id_range: str = Field( + alias="vpcDomainIdRange", description="vPC Domain id range (minimum: 1, maximum: 1000) to use for new pairings", default="1-1000" + ) + vpc_peer_link_vlan: str = Field(alias="vpcPeerLinkVlan", description="VLAN range (minimum: 2, maximum: 4094) for vPC Peer Link SVI", default="3600") + vpc_peer_link_enable_native_vlan: bool = Field(alias="vpcPeerLinkEnableNativeVlan", description="Enable VpcPeer Link for Native Vlan", default=False) + vpc_peer_keep_alive_option: VpcPeerKeepAliveOptionEnum = Field( + alias="vpcPeerKeepAliveOption", description="Use vPC Peer Keep Alive with Loopback or Management", default=VpcPeerKeepAliveOptionEnum.MANAGEMENT + ) + vpc_auto_recovery_timer: int = Field(alias="vpcAutoRecoveryTimer", description="vPC auto recovery timer (in seconds)", ge=240, le=3600, default=360) + vpc_delay_restore_timer: int = Field(alias="vpcDelayRestoreTimer", description="vPC delay restore timer (in seconds)", ge=1, le=3600, default=150) + vpc_peer_link_port_channel_id: str = Field( + alias="vpcPeerLinkPortChannelId", description="vPC Peer Link Port Channel ID (minimum: 1, maximum: 4096)", default="500" + ) + vpc_ipv6_neighbor_discovery_sync: bool = Field( + alias="vpcIpv6NeighborDiscoverySync", description="Enable IPv6 ND synchronization between vPC peers", default=True + ) + vpc_layer3_peer_router: bool = Field(alias="vpcLayer3PeerRouter", description="Enable Layer-3 Peer-Router on all Leaf switches", default=True) + vpc_tor_delay_restore_timer: int = Field(alias="vpcTorDelayRestoreTimer", description="vPC delay restore timer for ToR switches (in seconds)", default=30) + fabric_vpc_domain_id: bool = Field( + alias="fabricVpcDomainId", description="Enable the same vPC Domain Id for all vPC Pairs. Not Recommended.", default=False + ) + shared_vpc_domain_id: int = Field(alias="sharedVpcDomainId", description="vPC Domain Id to be used on all vPC pairs", default=1) + fabric_vpc_qos: bool = Field(alias="fabricVpcQos", description="Qos on spines for guaranteed delivery of vPC Fabric Peering communication", default=False) + fabric_vpc_qos_policy_name: str = Field( + alias="fabricVpcQosPolicyName", description="Qos Policy name should be same on all spines", default="spine_qos_for_fabric_vpc_peering" + ) + enable_peer_switch: bool = Field(alias="enablePeerSwitch", description="Enable the vPC peer-switch feature on ToR switches", default=False) + + # Per-VRF Loopback + per_vrf_loopback_auto_provision: bool = Field( + alias="perVrfLoopbackAutoProvision", + description=( + "Auto provision an IPv4 loopback on a VTEP on VRF attachment. Note: Enabling this option " + "auto-provisions loopback on existing VRF attachments and also when Edit, QuickAttach, or " + "Multiattach actions are performed. Provisioned loopbacks cannot be deleted until VRFs " + "are unattached." + ), + default=False, + ) + per_vrf_loopback_ip_range: str = Field( + alias="perVrfLoopbackIpRange", description="Prefix pool to assign IPv4 addresses to loopbacks on VTEPs on a per VRF basis", default="10.5.0.0/22" + ) + per_vrf_loopback_auto_provision_ipv6: bool = Field( + alias="perVrfLoopbackAutoProvisionIpv6", description="Auto provision an IPv6 loopback on a VTEP on VRF attachment.", default=False + ) + per_vrf_loopback_ipv6_range: str = Field( + alias="perVrfLoopbackIpv6Range", description="Prefix pool to assign IPv6 addresses to loopbacks on VTEPs on a per VRF basis", default="fd00::a05:0/112" + ) + + # Templates + vrf_template: str = Field(alias="vrfTemplate", description="Default overlay VRF template for leafs", default="Default_VRF_Universal") + network_template: str = Field(alias="networkTemplate", description="Default overlay network template for leafs", default="Default_Network_Universal") + vrf_extension_template: str = Field( + alias="vrfExtensionTemplate", description="Default overlay VRF template for borders", default="Default_VRF_Extension_Universal" + ) + network_extension_template: str = Field( + alias="networkExtensionTemplate", description="Default overlay network template for borders", default="Default_Network_Extension_Universal" + ) + + # Optional Advanced Settings + performance_monitoring: bool = Field( + alias="performanceMonitoring", + description=("If enabled, switch metrics are collected through periodic SNMP polling. " "Alternative to real-time telemetry"), + default=False, + ) + tenant_dhcp: bool = Field(alias="tenantDhcp", description="Enable tenant DHCP", default=True) + advertise_physical_ip: bool = Field( + alias="advertisePhysicalIp", description="For Primary VTEP IP Advertisement As Next-Hop Of Prefix Routes", default=False + ) + advertise_physical_ip_on_border: bool = Field( + alias="advertisePhysicalIpOnBorder", + description=("Enable advertise-pip on vPC borders and border gateways only. " "Applicable only when vPC advertise-pip is not enabled"), + default=True, + ) + + # Protocol Settings — BGP + bgp_authentication: bool = Field(alias="bgpAuthentication", description="Enables or disables the BGP authentication", default=False) + bgp_authentication_key_type: BgpAuthenticationKeyTypeEnum = Field( + alias="bgpAuthenticationKeyType", + description="BGP key encryption type: 3 - 3DES, 6 - Cisco type 6, 7 - Cisco type 7", + default=BgpAuthenticationKeyTypeEnum.THREE_DES, + ) + bgp_authentication_key: str = Field(alias="bgpAuthenticationKey", description="Encrypted BGP authentication key based on type", default="") + + # Protocol Settings — BFD + bfd: bool = Field(description="Enable BFD. Valid for IPv4 Underlay only", default=False) + bfd_ibgp: bool = Field(alias="bfdIbgp", description="Enable BFD For iBGP", default=False) + bfd_authentication: bool = Field(alias="bfdAuthentication", description="Enable BFD Authentication. Valid for P2P Interfaces only", default=False) + bfd_authentication_key_id: int = Field(alias="bfdAuthenticationKeyId", description="BFD Authentication Key ID", default=100) + bfd_authentication_key: str = Field(alias="bfdAuthenticationKey", description="Encrypted SHA1 secret value", default="") + + # Protocol Settings — PIM + pim_hello_authentication: bool = Field(alias="pimHelloAuthentication", description="Valid for IPv4 Underlay only", default=False) + pim_hello_authentication_key: str = Field(alias="pimHelloAuthenticationKey", description="3DES Encrypted", default="") + + # Management Settings + nxapi: bool = Field(description="Enable NX-API over HTTPS", default=False) + nxapi_http: bool = Field(alias="nxapiHttp", description="Enable NX-API over HTTP", default=False) + nxapi_https_port: int = Field(alias="nxapiHttpsPort", description="HTTPS port for NX-API", ge=1, le=65535, default=443) + nxapi_http_port: int = Field(alias="nxapiHttpPort", description="HTTP port for NX-API", ge=1, le=65535, default=80) + + # Bootstrap / Day-0 / DHCP + day0_bootstrap: bool = Field(alias="day0Bootstrap", description="Automatic IP Assignment For POAP", default=False) + bootstrap_subnet_collection: List[BootstrapSubnetModel] = Field( + alias="bootstrapSubnetCollection", description="List of IPv4 or IPv6 subnets to be used for bootstrap", default_factory=list + ) + local_dhcp_server: bool = Field(alias="localDhcpServer", description="Automatic IP Assignment For POAP From Local DHCP Server", default=False) + dhcp_protocol_version: DhcpProtocolVersionEnum = Field( + alias="dhcpProtocolVersion", description="IP protocol version for Local DHCP Server", default=DhcpProtocolVersionEnum.DHCPV4 + ) + dhcp_start_address: str = Field(alias="dhcpStartAddress", description="DHCP Scope Start Address For Switch POAP", default="") + dhcp_end_address: str = Field(alias="dhcpEndAddress", description="DHCP Scope End Address For Switch POAP", default="") + management_gateway: str = Field(alias="managementGateway", description="Default Gateway For Management VRF On The Switch", default="") + management_ipv4_prefix: int = Field(alias="managementIpv4Prefix", description="Switch Mgmt IP Subnet Prefix if ipv4", default=24) + management_ipv6_prefix: int = Field(alias="managementIpv6Prefix", description="Switch Management IP Subnet Prefix if ipv6", default=64) + + # Netflow Settings + netflow_settings: NetflowSettingsModel = Field(alias="netflowSettings", description="Netflow configuration", default_factory=NetflowSettingsModel) + + # Backup / Restore + real_time_backup: Optional[bool] = Field( + alias="realTimeBackup", description=("Backup hourly only if there is any config deployment since last backup"), default=None + ) + scheduled_backup: Optional[bool] = Field(alias="scheduledBackup", description="Enable backup at the specified time daily", default=None) + scheduled_backup_time: str = Field( + alias="scheduledBackupTime", description=("Time (UTC) in 24 hour format to take a daily backup if enabled (00:00 to 23:59)"), default="" + ) + + # VRF Lite / Sub-Interface + sub_interface_dot1q_range: str = Field( + alias="subInterfaceDot1qRange", description="Per aggregation dot1q range for VRF-Lite connectivity (minimum: 2, maximum: 4093)", default="2-511" + ) + vrf_lite_auto_config: VrfLiteAutoConfigEnum = Field( + alias="vrfLiteAutoConfig", + description=( + "VRF Lite Inter-Fabric Connection Deployment Options. If 'back2BackAndToExternal' is " + "selected, VRF Lite IFCs are auto created between border devices of two Easy Fabrics, " + "and between border devices in Easy Fabric and edge routers in External Fabric. " + "The IP address is taken from the 'VRF Lite Subnet IP Range' pool." + ), + default=VrfLiteAutoConfigEnum.MANUAL, + ) + vrf_lite_subnet_range: str = Field(alias="vrfLiteSubnetRange", description="Address range to assign P2P Interfabric Connections", default="10.33.0.0/16") + vrf_lite_subnet_target_mask: int = Field(alias="vrfLiteSubnetTargetMask", description="VRF Lite Subnet Mask", default=30) + auto_unique_vrf_lite_ip_prefix: bool = Field( + alias="autoUniqueVrfLiteIpPrefix", + description=( + "When enabled, IP prefix allocated to the VRF LITE IFC is not reused on VRF extension " + "over VRF LITE IFC. Instead, unique IP Subnet is allocated for each VRF extension " + "over VRF LITE IFC." + ), + default=False, + ) + + # Leaf / TOR + leaf_tor_id_range: bool = Field(alias="leafTorIdRange", description="Use specific vPC/Port-channel ID range for leaf-tor pairings", default=False) + leaf_tor_vpc_port_channel_id_range: str = Field( + alias="leafTorVpcPortChannelIdRange", + description=( + "Specify vPC/Port-channel ID range (minimum: 1, maximum: 4096), this range is used " + "for auto-allocating vPC/Port-Channel IDs for leaf-tor pairings" + ), + default="1-499", + ) + allow_vlan_on_leaf_tor_pairing: AllowVlanOnLeafTorPairingEnum = Field( + alias="allowVlanOnLeafTorPairing", + description="Set trunk allowed vlan to 'none' or 'all' for leaf-tor pairing port-channels", + default=AllowVlanOnLeafTorPairingEnum.NONE, + ) + + # DNS / NTP / Syslog Collections + ntp_server_collection: List[str] = Field( + default_factory=lambda: ["string"], alias="ntpServerCollection", description="List of NTP server IPv4/IPv6 addresses and/or hostnames" + ) + ntp_server_vrf_collection: List[str] = Field( + default_factory=lambda: ["string"], + alias="ntpServerVrfCollection", + description=("NTP Server VRFs. One VRF for all NTP servers or a list of VRFs, one per NTP server"), + ) + dns_collection: List[str] = Field(default_factory=lambda: ["5.192.28.174"], alias="dnsCollection", description="List of IPv4 and IPv6 DNS addresses") + dns_vrf_collection: List[str] = Field( + default_factory=lambda: ["string"], + alias="dnsVrfCollection", + description=("DNS Server VRFs. One VRF for all DNS servers or a list of VRFs, one per DNS server"), + ) + syslog_server_collection: List[str] = Field( + default_factory=lambda: ["string"], alias="syslogServerCollection", description="List of Syslog server IPv4/IPv6 addresses and/or hostnames" + ) + syslog_server_vrf_collection: List[str] = Field( + default_factory=lambda: ["string"], + alias="syslogServerVrfCollection", + description=("Syslog Server VRFs. One VRF for all Syslog servers or a list of VRFs, " "one per Syslog server"), + ) + syslog_severity_collection: List[int] = Field( + default_factory=lambda: [7], alias="syslogSeverityCollection", description="List of Syslog severity values, one per Syslog server" + ) + + # Extra Config / Pre-Interface Config / AAA / Banner + banner: str = Field( + description=("Message of the Day (motd) banner. Delimiter char (very first char is delimiter char) " "followed by message ending with delimiter"), + default="", + ) + extra_config_leaf: str = Field( + alias="extraConfigLeaf", + description=( + "Additional CLIs as captured from the show running configuration, added after interface " + "configurations for all switches with a VTEP unless they have some spine role" + ), + default="", + ) + extra_config_spine: str = Field( + alias="extraConfigSpine", + description=( + "Additional CLIs as captured from the show running configuration, added after interface " "configurations for all switches with some spine role" + ), + default="", + ) + extra_config_tor: str = Field( + alias="extraConfigTor", + description=("Additional CLIs as captured from the show running configuration, added after interface " "configurations for all ToRs"), + default="", + ) + extra_config_intra_fabric_links: str = Field(alias="extraConfigIntraFabricLinks", description="Additional CLIs for all Intra-Fabric links", default="") + extra_config_aaa: str = Field(alias="extraConfigAaa", description="AAA Configurations", default="") + extra_config_nxos_bootstrap: str = Field( + alias="extraConfigNxosBootstrap", description="Additional CLIs required during device bootup/login e.g. AAA/Radius", default="" + ) + aaa: bool = Field(description="Include AAA configs from Manageability tab during device bootup", default=False) + pre_interface_config_leaf: str = Field( + alias="preInterfaceConfigLeaf", + description=( + "Additional CLIs as captured from the show running configuration, added before interface " + "configurations for all switches with a VTEP unless they have some spine role" + ), + default="", + ) + pre_interface_config_spine: str = Field( + alias="preInterfaceConfigSpine", + description=( + "Additional CLIs as captured from the show running configuration, added before interface " "configurations for all switches with some spine role" + ), + default="", + ) + pre_interface_config_tor: str = Field( + alias="preInterfaceConfigTor", + description=("Additional CLIs as captured from the show running configuration, added before interface " "configurations for all ToRs"), + default="", + ) + + # System / Compliance / OAM / Misc + greenfield_debug_flag: GreenfieldDebugFlagEnum = Field( + alias="greenfieldDebugFlag", + description=("Allow switch configuration to be cleared without a reload when " "preserveConfig is set to false"), + default=GreenfieldDebugFlagEnum.DISABLE, + ) + interface_statistics_load_interval: int = Field( + alias="interfaceStatisticsLoadInterval", description="Interface Statistics Load Interval. Time in seconds", default=10 + ) + nve_hold_down_timer: int = Field(alias="nveHoldDownTimer", description="NVE Source Inteface HoldDown Time in seconds", default=180) + next_generation_oam: bool = Field( + alias="nextGenerationOAM", + description=("Enable the Next Generation (NG) OAM feature for all switches in the fabric " "to aid in trouble-shooting VXLAN EVPN fabrics"), + default=True, + ) + ngoam_south_bound_loop_detect: bool = Field( + alias="ngoamSouthBoundLoopDetect", description="Enable the Next Generation (NG) OAM southbound loop detection", default=False + ) + ngoam_south_bound_loop_detect_probe_interval: int = Field( + alias="ngoamSouthBoundLoopDetectProbeInterval", + description=("Set Next Generation (NG) OAM southbound loop detection probe interval in seconds."), + default=300, + ) + ngoam_south_bound_loop_detect_recovery_interval: int = Field( + alias="ngoamSouthBoundLoopDetectRecoveryInterval", + description=("Set the Next Generation (NG) OAM southbound loop detection recovery interval in seconds"), + default=600, + ) + strict_config_compliance_mode: bool = Field( + alias="strictConfigComplianceMode", + description=("Enable bi-directional compliance checks to flag additional configs in the running config " "that are not in the intent/expected config"), + default=False, + ) + advanced_ssh_option: bool = Field( + alias="advancedSshOption", + description=("Enable AAA IP Authorization. Enable only, when IP Authorization is enabled " "in the AAA Server"), + default=False, + ) + copp_policy: CoppPolicyEnum = Field( + alias="coppPolicy", + description=("Fabric wide CoPP policy. Customized CoPP policy should be provided " "when 'manual' is selected."), + default=CoppPolicyEnum.STRICT, + ) + power_redundancy_mode: PowerRedundancyModeEnum = Field( + alias="powerRedundancyMode", description="Default Power Supply Mode for NX-OS Switches", default=PowerRedundancyModeEnum.REDUNDANT + ) + heartbeat_interval: int = Field(alias="heartbeatInterval", description="XConnect heartbeat interval for periodic link status checks", default=190) + snmp_trap: bool = Field(alias="snmpTrap", description="Configure ND as a receiver for SNMP traps", default=True) + cdp: bool = Field(description="Enable CDP on management interface", default=False) + real_time_interface_statistics_collection: bool = Field( + alias="realTimeInterfaceStatisticsCollection", description="Enable Real Time Interface Statistics Collection. Valid for NX-OS only", default=False + ) + tcam_allocation: bool = Field( + alias="tcamAllocation", description=("TCAM commands are automatically generated for VxLAN and vPC Fabric Peering when Enabled"), default=True + ) + allow_smart_switch_onboarding: bool = Field( + alias="allowSmartSwitchOnboarding", description="Enable onboarding of smart switches to Hypershield for firewall service", default=False + ) + + # Queuing / QoS + default_queuing_policy: bool = Field(alias="defaultQueuingPolicy", description="Enable Default Queuing Policies", default=False) + default_queuing_policy_cloudscale: str = Field( + alias="defaultQueuingPolicyCloudscale", + description=("Queuing Policy for all 92xx, -EX, -FX, -FX2, -FX3, -GX series switches in the fabric"), + default="queuing_policy_default_8q_cloudscale", + ) + default_queuing_policy_r_series: str = Field( + alias="defaultQueuingPolicyRSeries", description="Queueing policy for all Nexus R-series switches", default="queuing_policy_default_r_series" + ) + default_queuing_policy_other: str = Field( + alias="defaultQueuingPolicyOther", description="Queuing Policy for all other switches in the fabric", default="queuing_policy_default_other" + ) + aiml_qos: bool = Field( + alias="aimlQos", + description=("Configures QoS and Queuing Policies specific to N9K Cloud Scale (CS) & Silicon One (S1) " "switch fabric for AI network workloads"), + default=False, + ) + aiml_qos_policy: AimlQosPolicyEnum = Field( + alias="aimlQosPolicy", + description=("Queuing Policy based on predominant fabric link speed: 800G / 400G / 100G / 25G. " "User-defined allows for custom configuration."), + default=AimlQosPolicyEnum.V_400G, + ) + roce_v2: str = Field( + alias="roceV2", + description=( + "DSCP for RDMA traffic: numeric (0-63) with ranges/comma, named values " + "(af11,af12,af13,af21,af22,af23,af31,af32,af33,af41,af42,af43," + "cs1,cs2,cs3,cs4,cs5,cs6,cs7,default,ef)" + ), + default="26", + ) + cnp: str = Field( + description=( + "DSCP value for Congestion Notification: numeric (0-63) with ranges/comma, named values " + "(af11,af12,af13,af21,af22,af23,af31,af32,af33,af41,af42,af43," + "cs1,cs2,cs3,cs4,cs5,cs6,cs7,default,ef)" + ), + default="48", + ) + wred_min: int = Field(alias="wredMin", description="WRED minimum threshold (in kbytes)", default=950) + wred_max: int = Field(alias="wredMax", description="WRED maximum threshold (in kbytes)", default=3000) + wred_drop_probability: int = Field(alias="wredDropProbability", description="Drop probability %", default=7) + wred_weight: int = Field(alias="wredWeight", description="Influences how quickly WRED reacts to queue depth changes", default=0) + bandwidth_remaining: int = Field(alias="bandwidthRemaining", description="Percentage of remaining bandwidth allocated to AI traffic queues", default=50) + dlb: bool = Field( + description=( + "Enables fabric-level Dynamic Load Balancing (DLB) configuration. " "Note: Inter-Switch-Links (ISL) will be configured as DLB Interfaces" + ), + default=False, + ) + dlb_mode: DlbModeEnum = Field( + alias="dlbMode", + description=( + "Select system-wide flowlet, per-packet (packet spraying) or policy driven mixed mode. " + "Note: Mixed mode is supported on Silicon One (S1) platform only." + ), + default=DlbModeEnum.FLOWLET, + ) + dlb_mixed_mode_default: DlbMixedModeDefaultEnum = Field( + alias="dlbMixedModeDefault", description="Default load balancing mode for policy driven mixed mode DLB", default=DlbMixedModeDefaultEnum.ECMP + ) + flowlet_aging: Optional[int] = Field( + alias="flowletAging", + description=( + "Flowlet aging timer in microseconds. Valid range depends on platform: " + "Cloud Scale (CS)=1-2000000 (default 500), Silicon One (S1)=1-1024 (default 256)" + ), + default=None, + ) + flowlet_dscp: str = Field( + alias="flowletDscp", + description=( + "DSCP values for flowlet load balancing: numeric (0-63) with ranges/comma, named values " + "(af11,af12,af13,af21,af22,af23,af31,af32,af33,af41,af42,af43," + "cs1,cs2,cs3,cs4,cs5,cs6,cs7,default,ef)" + ), + default="", + ) + per_packet_dscp: str = Field( + alias="perPacketDscp", + description=( + "DSCP values for per-packet load balancing: numeric (0-63) with ranges/comma, named values " + "(af11,af12,af13,af21,af22,af23,af31,af32,af33,af41,af42,af43," + "cs1,cs2,cs3,cs4,cs5,cs6,cs7,default,ef)" + ), + default="", + ) + ai_load_sharing: bool = Field( + alias="aiLoadSharing", description=("Enable IP load sharing using source and destination address for AI workloads"), default=False + ) + priority_flow_control_watch_interval: Optional[int] = Field( + alias="priorityFlowControlWatchInterval", + description=("Acceptable values from 101 to 1000 (milliseconds). " "Leave blank for system default (100ms)."), + default=None, + ) + + # PTP + ptp: bool = Field(description="Enable Precision Time Protocol (PTP)", default=False) + ptp_loopback_id: int = Field(alias="ptpLoopbackId", description="Precision Time Protocol Source Loopback Id", default=0) + ptp_domain_id: int = Field(alias="ptpDomainId", description="Multiple Independent PTP Clocking Subdomains on a Single Network", default=0) + + # Private VLAN + private_vlan: bool = Field(alias="privateVlan", description="Enable PVLAN on switches except spines and super spines", default=False) + default_private_vlan_secondary_network_template: str = Field( + alias="defaultPrivateVlanSecondaryNetworkTemplate", description="Default PVLAN secondary network template", default="Pvlan_Secondary_Network" + ) + + # MACsec + macsec: bool = Field( + description=( + "Enable MACsec in the fabric. MACsec fabric parameters are used for configuring " "MACsec on a fabric link if MACsec is enabled on the link." + ), + default=False, + ) + macsec_cipher_suite: MacsecCipherSuiteEnum = Field( + alias="macsecCipherSuite", description="Configure Cipher Suite", default=MacsecCipherSuiteEnum.GCM_AES_XPN_256 + ) + macsec_key_string: str = Field(alias="macsecKeyString", description="MACsec Primary Key String. Cisco Type 7 Encrypted Octet String", default="") + macsec_algorithm: MacsecAlgorithmEnum = Field( + alias="macsecAlgorithm", description="MACsec Primary Cryptographic Algorithm. AES_128_CMAC or AES_256_CMAC", default=MacsecAlgorithmEnum.AES_128_CMAC + ) + macsec_fallback_key_string: str = Field( + alias="macsecFallbackKeyString", description="MACsec Fallback Key String. Cisco Type 7 Encrypted Octet String", default="" + ) + macsec_fallback_algorithm: MacsecAlgorithmEnum = Field( + alias="macsecFallbackAlgorithm", + description="MACsec Fallback Cryptographic Algorithm. AES_128_CMAC or AES_256_CMAC", + default=MacsecAlgorithmEnum.AES_128_CMAC, + ) + macsec_report_timer: int = Field(alias="macsecReportTimer", description="MACsec Operational Status periodic report timer in minutes", default=5) + + # Hypershield / Connectivity + enable_dpu_pinning: bool = Field( + alias="enableDpuPinning", description="Enable pinning of VRFs and networks to specific DPUs on smart switches", default=False + ) + connectivity_domain_name: Optional[str] = Field(alias="connectivityDomainName", description="Domain name to connect to Hypershield", default=None) + hypershield_connectivity_proxy_server: Optional[str] = Field( + alias="hypershieldConnectivityProxyServer", + description="IPv4 address, IPv6 address, or DNS name of the proxy server for Hypershield communication", + default=None, + ) + hypershield_connectivity_proxy_server_port: Optional[int] = Field( + alias="hypershieldConnectivityProxyServerPort", description="Proxy port number for communication with Hypershield", default=None + ) + hypershield_connectivity_source_intf: Optional[str] = Field( + alias="hypershieldConnectivitySourceIntf", description="Loopback interface on smart switch for communication with Hypershield", default=None + ) + + @field_validator("bgp_asn") + @classmethod + def validate_bgp_asn(cls, value: Optional[str]) -> Optional[str]: + """ + # Summary + + Validate BGP ASN format and range when provided. + + ## Raises + + - `ValueError` - If value does not match the expected ASN format + """ + if value is None: + return value + if not BGP_ASN_RE.match(value): + raise ValueError(f"Invalid BGP ASN '{value}'. " "Expected a plain integer (1-4294967295) or dotted notation (1-65535.0-65535).") + return value + + @field_validator("site_id") + @classmethod + def validate_site_id(cls, value: str) -> str: + """ + # Summary + + Validate site ID format. + + ## Raises + + - `ValueError` - If site ID is not numeric or outside valid range + """ + if value == "": + return value + if not value.isdigit(): + raise ValueError(f"Site ID must be numeric, got: {value}") + site_id_int = int(value) + if not (1 <= site_id_int <= 281474976710655): + raise ValueError(f"Site ID must be between 1 and 281474976710655, got: {site_id_int}") + return value + + @field_validator("anycast_gateway_mac") + @classmethod + def validate_mac_address(cls, value: str) -> str: + """ + # Summary + + Validate MAC address format. + + ## Raises + + - `ValueError` - If MAC address format is invalid + """ + mac_pattern = re.compile(r"^([0-9a-fA-F]{4}\.){2}[0-9a-fA-F]{4}$") + if not mac_pattern.match(value): + raise ValueError(f"Invalid MAC address format, expected xxxx.xxxx.xxxx, got: {value}") + return value.lower() + + +class FabricEbgpModel(NDBaseModel): + """ + # Summary + + Complete model for creating a new eBGP VXLAN fabric. + + ## Raises + + - `ValueError` - If required fields are missing or invalid + - `TypeError` - If field types don't match expected types + """ + + model_config = ConfigDict(str_strip_whitespace=True, validate_assignment=True, populate_by_name=True, extra="allow") + + identifiers: ClassVar[Optional[List[str]]] = ["fabric_name"] + identifier_strategy: ClassVar[Optional[Literal["single", "composite", "hierarchical", "singleton"]]] = "single" + + # Basic Fabric Properties + category: Literal["fabric"] = Field(description="Resource category", default="fabric") + fabric_name: str = Field(alias="name", description="Fabric name", min_length=1, max_length=64) + location: Optional[LocationModel] = Field(description="Geographic location of the fabric", default=None) + + # License and Operations + license_tier: LicenseTierEnum = Field(alias="licenseTier", description="License tier", default=LicenseTierEnum.PREMIER) + alert_suspend: AlertSuspendEnum = Field(alias="alertSuspend", description="Alert suspension state", default=AlertSuspendEnum.DISABLED) + telemetry_collection: bool = Field(alias="telemetryCollection", description="Enable telemetry collection", default=False) + telemetry_collection_type: str = Field(alias="telemetryCollectionType", description="Telemetry collection type", default="outOfBand") + telemetry_streaming_protocol: str = Field(alias="telemetryStreamingProtocol", description="Telemetry streaming protocol", default="ipv4") + telemetry_source_interface: str = Field(alias="telemetrySourceInterface", description="Telemetry source interface", default="") + telemetry_source_vrf: str = Field(alias="telemetrySourceVrf", description="Telemetry source VRF", default="") + security_domain: str = Field(alias="securityDomain", description="Security domain", default="all") + + # Core Management Configuration + management: Optional[VxlanEbgpManagementModel] = Field(description="eBGP VXLAN management configuration", default=None) + + # Optional Advanced Settings + telemetry_settings: Optional[TelemetrySettingsModel] = Field(alias="telemetrySettings", description="Telemetry configuration", default=None) + external_streaming_settings: ExternalStreamingSettingsModel = Field( + alias="externalStreamingSettings", description="External streaming settings", default_factory=ExternalStreamingSettingsModel + ) + + @field_validator("fabric_name") + @classmethod + def validate_fabric_name(cls, value: str) -> str: + """ + # Summary + + Validate fabric name format and characters. + + ## Raises + + - `ValueError` - If name contains invalid characters or format + """ + if not re.match(r"^[a-zA-Z0-9_-]+$", value): + raise ValueError(f"Fabric name can only contain letters, numbers, underscores, and hyphens, got: {value}") + return value + + @model_validator(mode="after") + def validate_fabric_consistency(self) -> "FabricEbgpModel": + """ + # Summary + + Validate consistency between fabric settings and management configuration. + + ## Raises + + - `ValueError` - If fabric settings are inconsistent + """ + if self.management is not None and self.management.type != FabricTypeEnum.VXLAN_EBGP: + raise ValueError(f"Management type must be {FabricTypeEnum.VXLAN_EBGP}") + + # Propagate fabric name to management model + if self.management is not None: + self.management.name = self.fabric_name + + # Propagate BGP ASN to site_id if both are set and site_id is empty + if self.management is not None and self.management.site_id == "" and self.management.bgp_asn is not None: + bgp_asn = self.management.bgp_asn + if "." in bgp_asn: + high, low = bgp_asn.split(".") + self.management.site_id = str(int(high) * 65536 + int(low)) + else: + self.management.site_id = bgp_asn + + # Auto-create default telemetry settings if collection is enabled + if self.telemetry_collection and self.telemetry_settings is None: + self.telemetry_settings = TelemetrySettingsModel() + + return self + + def to_diff_dict(self, **kwargs) -> Dict[str, Any]: + """Export for diff comparison, excluding fields that ND overrides for eBGP fabrics.""" + d = super().to_diff_dict(**kwargs) + # ND always returns nxapiHttp=True for eBGP fabrics regardless of the configured value, + # so exclude it from diff comparison to prevent a persistent false-positive diff. + if "management" in d: + d["management"].pop("nxapiHttp", None) + return d + + @classmethod + def get_argument_spec(cls) -> Dict: + return dict( + state={ + "type": "str", + "default": "merged", + "choices": ["merged", "replaced", "deleted", "overridden"], + }, + config={"required": False, "type": "list", "elements": "dict"}, + ) + + +# Export all models for external use +__all__ = [ + "VxlanEbgpManagementModel", + "FabricEbgpModel", + "FabricTypeEnum", + "AlertSuspendEnum", + "LicenseTierEnum", + "ReplicationModeEnum", + "OverlayModeEnum", + "BgpAsModeEnum", + "FirstHopRedundancyProtocolEnum", + "VpcPeerKeepAliveOptionEnum", + "CoppPolicyEnum", + "GreenfieldDebugFlagEnum", +] diff --git a/plugins/module_utils/models/manage_fabric/manage_fabric_external.py b/plugins/module_utils/models/manage_fabric/manage_fabric_external.py new file mode 100644 index 00000000..893c908a --- /dev/null +++ b/plugins/module_utils/models/manage_fabric/manage_fabric_external.py @@ -0,0 +1,569 @@ +# -*- coding: utf-8 -*- + +# Copyright: (c) 2026, Mike Wiebe (@mwiebe) + +# GNU General Public License v3.0+ (see LICENSE or https://www.gnu.org/licenses/gpl-3.0.txt) + +from __future__ import absolute_import, division, print_function + +__metaclass__ = type + +import re +from typing import List, Dict, Optional, ClassVar, Literal + +from ansible_collections.cisco.nd.plugins.module_utils.models.base import NDBaseModel +from ansible_collections.cisco.nd.plugins.module_utils.models.nested import NDNestedModel +from ansible_collections.cisco.nd.plugins.module_utils.common.pydantic_compat import ( + ConfigDict, + Field, + field_validator, + model_validator, +) +from ansible_collections.cisco.nd.plugins.module_utils.models.manage_fabric.enums import ( + FabricTypeEnum, + AlertSuspendEnum, + LicenseTierEnum, + CoppPolicyEnum, + DhcpProtocolVersionEnum, + PowerRedundancyModeEnum, + TelemetryCollectionTypeEnum, + TelemetryStreamingProtocolEnum, +) +from ansible_collections.cisco.nd.plugins.module_utils.models.manage_fabric.manage_fabric_common import ( + BGP_ASN_RE, + LocationModel, + NetflowExporterModel, + NetflowRecordModel, + NetflowMonitorModel, + NetflowSettingsModel, + BootstrapSubnetModel, + TelemetryFlowCollectionModel, + TelemetryMicroburstModel, + TelemetryAnalysisSettingsModel, + TelemetryEnergyManagementModel, + TelemetrySettingsModel, + ExternalStreamingSettingsModel, +) + +""" +# Comprehensive Pydantic models for External Connectivity fabric management via Nexus Dashboard + +This module provides comprehensive Pydantic models for creating, updating, and deleting +External Connectivity fabrics through the Nexus Dashboard Fabric Controller (NDFC) API. + +## Models Overview + +- `ExternalConnectivityManagementModel` - External Connectivity specific management settings +- `FabricExternalConnectivityModel` - Complete fabric creation model + +## Usage + +```python +# Create a new External Connectivity fabric +fabric_data = { + "name": "MyExtFabric", + "location": {"latitude": 37.7749, "longitude": -122.4194}, + "management": { + "type": "externalConnectivity", + "bgp_asn": "65001", + } +} +fabric = FabricExternalConnectivityModel(**fabric_data) +``` +""" + + +class ExternalConnectivityManagementModel(NDNestedModel): + """ + # Summary + + Comprehensive External Connectivity fabric management configuration. + + This model contains all settings specific to External Connectivity fabric types including + BGP configuration, bootstrap settings, and advanced features. + + ## Raises + + - `ValueError` - If BGP ASN or IP ranges are invalid + - `TypeError` - If required string fields are not provided + """ + + model_config = ConfigDict(str_strip_whitespace=True, validate_assignment=True, populate_by_name=True, extra="allow") + + # Fabric Type (required for discriminated union) + type: Literal[FabricTypeEnum.EXTERNAL_CONNECTIVITY] = Field(description="Fabric management type", default=FabricTypeEnum.EXTERNAL_CONNECTIVITY) + + # Core Configuration + bgp_asn: str = Field( + alias="bgpAsn", + description="Autonomous system number 1-4294967295 | 1-65535[.0-65535]", + ) + + # Name under management section is optional for backward compatibility + name: Optional[str] = Field(description="Fabric name", min_length=1, max_length=64, default="") + + # AAA + aaa: bool = Field( + description="Include AAA configs from Advanced tab during device bootup", + default=False, + ) + + # SSH + advanced_ssh_option: bool = Field( + alias="advancedSshOption", + description="Enable only, when IP Authorization is enabled in the AAA Server", + default=False, + ) + + # Loopback + allow_same_loopback_ip_on_switches: bool = Field( + alias="allowSameLoopbackIpOnSwitches", + description=("Allow the same loopback IP address to be configured on multiple" " switches (e.g. RP loopback IP)"), + default=False, + ) + + # Smart Switch + allow_smart_switch_onboarding: bool = Field( + alias="allowSmartSwitchOnboarding", + description=("Enable onboarding of smart switches to Hypershield" " for firewall service"), + default=False, + ) + + # Bootstrap Subnet Collection + bootstrap_subnet_collection: List[BootstrapSubnetModel] = Field( + alias="bootstrapSubnetCollection", + description="List of IPv4 or IPv6 subnets to be used for bootstrap", + default_factory=list, + ) + + # CDP + cdp: bool = Field(description="Enable CDP on management interface", default=False) + + # CoPP Policy + copp_policy: CoppPolicyEnum = Field( + alias="coppPolicy", + description=("Fabric wide CoPP policy. Customized CoPP policy should be" " provided when 'manual' is selected."), + default=CoppPolicyEnum.MANUAL, + ) + + # BGP Configuration + create_bgp_config: bool = Field( + alias="createBgpConfig", + description="Generate BGP configuration for core and edge routers", + default=True, + ) + + # Bootstrap Settings + day0_bootstrap: bool = Field( + alias="day0Bootstrap", + description="Support day 0 touchless switch bringup", + default=False, + ) + day0_plug_and_play: bool = Field( + alias="day0PlugAndPlay", + description="Enable Plug n Play for Catalyst 9000 switches", + default=False, + ) + + # DHCP + dhcp_end_address: str = Field( + alias="dhcpEndAddress", + description="DHCP Scope End Address For Switch POAP", + default="", + ) + dhcp_protocol_version: DhcpProtocolVersionEnum = Field( + alias="dhcpProtocolVersion", + description="IP protocol version for Local DHCP Server", + default=DhcpProtocolVersionEnum.DHCPV4, + ) + dhcp_start_address: str = Field( + alias="dhcpStartAddress", + description="DHCP Scope Start Address For Switch POAP", + default="", + ) + + # DNS + dns_collection: List[str] = Field( + alias="dnsCollection", + description="List of IPv4 and IPv6 DNS addresses", + default_factory=list, + ) + dns_vrf_collection: List[str] = Field( + alias="dnsVrfCollection", + description=("DNS Server VRFs. One VRF for all DNS servers or a list of VRFs," " one per DNS server"), + default_factory=list, + ) + + # Domain + domain_name: str = Field( + alias="domainName", + description="Domain name for DHCP server PnP block", + default="", + ) + + # DPU Pinning + enable_dpu_pinning: bool = Field( + alias="enableDpuPinning", + description=("Enable pinning of VRFs and networks to specific DPUs" " on smart switches"), + default=False, + ) + + # Extra Config + extra_config_aaa: str = Field( + alias="extraConfigAaa", + description="Additional CLIs for AAA Configuration", + default="", + ) + extra_config_fabric: str = Field( + alias="extraConfigFabric", + description="Additional CLIs for all switches", + default="", + ) + extra_config_nxos_bootstrap: str = Field( + alias="extraConfigNxosBootstrap", + description=("Additional CLIs required during device bootup/login" " e.g. AAA/Radius (NX-OS)"), + default="", + ) + extra_config_xe_bootstrap: str = Field( + alias="extraConfigXeBootstrap", + description=("Additional CLIs required during device bootup/login" " e.g. AAA/Radius (IOS-XE)"), + default="", + ) + + # Inband Management + inband_day0_bootstrap: bool = Field( + alias="inbandDay0Bootstrap", + description="Support day 0 touchless switch bringup via inband management", + default=False, + ) + inband_management: bool = Field( + alias="inbandManagement", + description=("Import switches with reachability over the switch" " front-panel ports"), + default=False, + ) + + # Interface Statistics + interface_statistics_load_interval: int = Field( + alias="interfaceStatisticsLoadInterval", + description="Interface Statistics Load Interval Time in seconds", + default=10, + ) + + # Local DHCP Server + local_dhcp_server: bool = Field( + alias="localDhcpServer", + description="Automatic IP Assignment For POAP from Local DHCP Server", + default=False, + ) + + # Management + management_gateway: str = Field( + alias="managementGateway", + description="Default Gateway For Management VRF On The Switch", + default="", + ) + management_ipv4_prefix: int = Field( + alias="managementIpv4Prefix", + description="Switch Mgmt IP Subnet Prefix if ipv4", + default=24, + ) + management_ipv6_prefix: int = Field( + alias="managementIpv6Prefix", + description="Switch Management IP Subnet Prefix if ipv6", + default=64, + ) + + # Monitored Mode + monitored_mode: bool = Field( + alias="monitoredMode", + description=("If enabled, fabric is only monitored." " No configuration will be deployed"), + default=False, + ) + + # MPLS Handoff + mpls_handoff: bool = Field( + alias="mplsHandoff", + description="Enable MPLS Handoff", + default=False, + ) + mpls_loopback_identifier: Optional[int] = Field( + alias="mplsLoopbackIdentifier", + description="Underlay MPLS Loopback Identifier", + default=None, + ) + mpls_loopback_ip_range: str = Field( + alias="mplsLoopbackIpRange", + description="MPLS Loopback IP Address Range", + default="10.102.0.0/25", + ) + + # Netflow Settings + netflow_settings: NetflowSettingsModel = Field( + alias="netflowSettings", + description="Settings associated with netflow", + default_factory=NetflowSettingsModel, + ) + + # NX-API Settings + nxapi: bool = Field(description="Enable NX-API over HTTPS", default=False) + nxapi_http: bool = Field(alias="nxapiHttp", description="Enable NX-API over HTTP", default=False) + nxapi_http_port: int = Field(alias="nxapiHttpPort", description="HTTP port for NX-API", ge=1, le=65535, default=80) + nxapi_https_port: int = Field(alias="nxapiHttpsPort", description="HTTPS port for NX-API", ge=1, le=65535, default=443) + + # Performance Monitoring + performance_monitoring: bool = Field( + alias="performanceMonitoring", + description=("If enabled, switch metrics are collected through periodic SNMP" " polling. Alternative to real-time telemetry"), + default=False, + ) + + # Power Redundancy + power_redundancy_mode: PowerRedundancyModeEnum = Field( + alias="powerRedundancyMode", + description="Default Power Supply Mode for NX-OS Switches", + default=PowerRedundancyModeEnum.REDUNDANT, + ) + + # PTP + ptp: bool = Field(description="Enable Precision Time Protocol (PTP)", default=False) + ptp_domain_id: int = Field( + alias="ptpDomainId", + description=("Multiple Independent PTP Clocking Subdomains" " on a Single Network"), + default=0, + ) + ptp_loopback_id: int = Field( + alias="ptpLoopbackId", + description="Precision Time Protocol Source Loopback Id", + default=0, + ) + + # Backup / Restore + real_time_backup: Optional[bool] = Field( + alias="realTimeBackup", + description=("Hourly Fabric Backup only if there is any config deployment" " since last backup"), + default=None, + ) + + # Interface Statistics Collection + real_time_interface_statistics_collection: bool = Field( + alias="realTimeInterfaceStatisticsCollection", + description=("Enable Real Time Interface Statistics Collection." " Valid for NX-OS only"), + default=False, + ) + + # Scheduled Backup + scheduled_backup: Optional[bool] = Field( + alias="scheduledBackup", + description="Enable backup at the specified time daily", + default=None, + ) + scheduled_backup_time: str = Field( + alias="scheduledBackupTime", + description=("Time (UTC) in 24 hour format to take a daily backup" " if enabled (00:00 to 23:59)"), + default="", + ) + + # SNMP + snmp_trap: bool = Field( + alias="snmpTrap", + description="Configure Nexus Dashboard as a receiver for SNMP traps", + default=True, + ) + + # Sub-Interface + sub_interface_dot1q_range: str = Field( + alias="subInterfaceDot1qRange", + description=("Per aggregation dot1q range for VRF-Lite connectivity" " (minimum: 2, maximum: 4093)"), + default="2-511", + ) + + # Hypershield / Connectivity + connectivity_domain_name: Optional[str] = Field(alias="connectivityDomainName", description="Domain name to connect to Hypershield", default=None) + hypershield_connectivity_proxy_server: Optional[str] = Field( + alias="hypershieldConnectivityProxyServer", + description="IPv4 address, IPv6 address, or DNS name of the proxy server for Hypershield communication", + default=None, + ) + hypershield_connectivity_proxy_server_port: Optional[int] = Field( + alias="hypershieldConnectivityProxyServerPort", description="Proxy port number for communication with Hypershield", default=None + ) + hypershield_connectivity_source_intf: Optional[str] = Field( + alias="hypershieldConnectivitySourceIntf", description="Loopback interface on smart switch for communication with Hypershield", default=None + ) + + @field_validator("bgp_asn") + @classmethod + def validate_bgp_asn(cls, value: str) -> str: + """ + # Summary + + Validate BGP ASN format and range. + + ## Description + + Accepts either a plain integer ASN (1-4294967295) or dotted four-byte + ASN notation in the form ``MMMM.NNNN`` where both parts are in the + range 1-65535 / 0-65535 respectively. + + ## Raises + + - `ValueError` - If the value does not match the expected ASN format + """ + if not BGP_ASN_RE.match(value): + raise ValueError(f"Invalid BGP ASN '{value}'. " "Expected a plain integer (1-4294967295) or dotted notation (1-65535.0-65535).") + return value + + +class FabricExternalConnectivityModel(NDBaseModel): + """ + # Summary + + Complete model for creating a new External Connectivity fabric. + + This model combines all necessary components for fabric creation including + basic fabric properties, management settings, telemetry, and streaming configuration. + + ## Raises + + - `ValueError` - If required fields are missing or invalid + - `TypeError` - If field types don't match expected types + """ + + model_config = ConfigDict( + str_strip_whitespace=True, validate_assignment=True, populate_by_name=True, extra="allow" # Allow extra fields from API responses + ) + + identifiers: ClassVar[Optional[List[str]]] = ["fabric_name"] + identifier_strategy: ClassVar[Optional[Literal["single", "composite", "hierarchical", "singleton"]]] = "single" + + # Basic Fabric Properties + category: Literal["fabric"] = Field(description="Resource category", default="fabric") + fabric_name: str = Field(alias="name", description="Fabric name", min_length=1, max_length=64) + location: Optional[LocationModel] = Field(description="Geographic location of the fabric", default=None) + + # License and Operations + license_tier: LicenseTierEnum = Field( + alias="licenseTier", + description="License Tier value of a fabric.", + default=LicenseTierEnum.PREMIER, + ) + alert_suspend: AlertSuspendEnum = Field( + alias="alertSuspend", + description="Alert Suspend state configured on the fabric", + default=AlertSuspendEnum.DISABLED, + ) + telemetry_collection: bool = Field(alias="telemetryCollection", description="Enable telemetry collection", default=False) + telemetry_collection_type: TelemetryCollectionTypeEnum = Field( + alias="telemetryCollectionType", + description="Telemetry collection method.", + default=TelemetryCollectionTypeEnum.OUT_OF_BAND, + ) + telemetry_streaming_protocol: TelemetryStreamingProtocolEnum = Field( + alias="telemetryStreamingProtocol", + description="Telemetry Streaming Protocol.", + default=TelemetryStreamingProtocolEnum.IPV4, + ) + telemetry_source_interface: str = Field( + alias="telemetrySourceInterface", + description=("Telemetry Source Interface (VLAN id or Loopback id) only valid" " if Telemetry Collection is set to inBand"), + default="", + ) + telemetry_source_vrf: str = Field( + alias="telemetrySourceVrf", + description=("VRF over which telemetry is streamed, valid only if telemetry" " collection is set to inband"), + default="", + ) + security_domain: str = Field( + alias="securityDomain", + description="Security Domain associated with the fabric", + default="all", + ) + + # Core Management Configuration + management: Optional[ExternalConnectivityManagementModel] = Field(description="External Connectivity management configuration", default=None) + + # Optional Advanced Settings + telemetry_settings: Optional[TelemetrySettingsModel] = Field(alias="telemetrySettings", description="Telemetry configuration", default=None) + external_streaming_settings: ExternalStreamingSettingsModel = Field( + alias="externalStreamingSettings", description="External streaming settings", default_factory=ExternalStreamingSettingsModel + ) + + @field_validator("fabric_name") + @classmethod + def validate_fabric_name(cls, value: str) -> str: + """ + # Summary + + Validate fabric name format and characters. + + ## Raises + + - `ValueError` - If name contains invalid characters or format + """ + if not re.match(r"^[a-zA-Z0-9_-]+$", value): + raise ValueError(f"Fabric name can only contain letters, numbers, underscores, and hyphens, got: {value}") + + return value + + @model_validator(mode="after") + def validate_fabric_consistency(self) -> "FabricExternalConnectivityModel": + """ + # Summary + + Validate consistency between fabric settings and management configuration. + + ## Raises + + - `ValueError` - If fabric settings are inconsistent + """ + # Ensure management type matches model type + if self.management is not None and self.management.type != FabricTypeEnum.EXTERNAL_CONNECTIVITY: + raise ValueError(f"Management type must be {FabricTypeEnum.EXTERNAL_CONNECTIVITY}") + + # Propagate fabric name to management model + if self.management is not None: + self.management.name = self.fabric_name + + # Validate telemetry consistency + if self.telemetry_collection and self.telemetry_settings is None: + # Auto-create default telemetry settings if collection is enabled + self.telemetry_settings = TelemetrySettingsModel() + + return self + + # TODO: to generate from Fields (low priority) + @classmethod + def get_argument_spec(cls) -> Dict: + return dict( + state={ + "type": "str", + "default": "merged", + "choices": ["merged", "replaced", "deleted", "overridden"], + }, + config={"required": False, "type": "list", "elements": "dict"}, + ) + + +# Export all models for external use +__all__ = [ + "LocationModel", + "NetflowExporterModel", + "NetflowRecordModel", + "NetflowMonitorModel", + "NetflowSettingsModel", + "BootstrapSubnetModel", + "TelemetryFlowCollectionModel", + "TelemetryMicroburstModel", + "TelemetryAnalysisSettingsModel", + "TelemetryEnergyManagementModel", + "TelemetrySettingsModel", + "ExternalStreamingSettingsModel", + "ExternalConnectivityManagementModel", + "FabricExternalConnectivityModel", + "FabricTypeEnum", + "AlertSuspendEnum", + "LicenseTierEnum", + "CoppPolicyEnum", + "DhcpProtocolVersionEnum", + "PowerRedundancyModeEnum", +] diff --git a/plugins/module_utils/models/manage_fabric/manage_fabric_ibgp.py b/plugins/module_utils/models/manage_fabric/manage_fabric_ibgp.py new file mode 100644 index 00000000..c2ecb713 --- /dev/null +++ b/plugins/module_utils/models/manage_fabric/manage_fabric_ibgp.py @@ -0,0 +1,1195 @@ +# -*- coding: utf-8 -*- + +# Copyright: (c) 2026, Mike Wiebe (@mwiebe) + +# GNU General Public License v3.0+ (see LICENSE or https://www.gnu.org/licenses/gpl-3.0.txt) + +from __future__ import absolute_import, division, print_function + +__metaclass__ = type + +import re + +# from datetime import datetime +from typing import List, Dict, Optional, ClassVar, Literal + +from ansible_collections.cisco.nd.plugins.module_utils.models.base import NDBaseModel +from ansible_collections.cisco.nd.plugins.module_utils.models.nested import NDNestedModel +from ansible_collections.cisco.nd.plugins.module_utils.common.pydantic_compat import ( + ConfigDict, + Field, + field_validator, + model_validator, +) +from ansible_collections.cisco.nd.plugins.module_utils.models.manage_fabric.enums import ( + FabricTypeEnum, + AlertSuspendEnum, + LicenseTierEnum, + OverlayModeEnum, + ReplicationModeEnum, + LinkStateRoutingProtocolEnum, + CoppPolicyEnum, + FabricInterfaceTypeEnum, + GreenfieldDebugFlagEnum, + IsisLevelEnum, + SecurityGroupStatusEnum, + StpRootOptionEnum, + VpcPeerKeepAliveOptionEnum, + AimlQosPolicyEnum, + AllowVlanOnLeafTorPairingEnum, + BgpAuthenticationKeyTypeEnum, + DhcpProtocolVersionEnum, + DlbMixedModeDefaultEnum, + DlbModeEnum, + MacsecAlgorithmEnum, + MacsecCipherSuiteEnum, + PowerRedundancyModeEnum, + RendezvousPointCountEnum, + RendezvousPointModeEnum, + RouteReflectorCountEnum, + UnderlayMulticastGroupAddressLimitEnum, + VrfLiteAutoConfigEnum, +) +from ansible_collections.cisco.nd.plugins.module_utils.models.manage_fabric.manage_fabric_common import ( + BGP_ASN_RE, + LocationModel, + NetflowExporterModel, + NetflowRecordModel, + NetflowMonitorModel, + NetflowSettingsModel, + BootstrapSubnetModel, + TelemetryFlowCollectionModel, + TelemetryMicroburstModel, + TelemetryAnalysisSettingsModel, + TelemetryEnergyManagementModel, + TelemetrySettingsModel, + ExternalStreamingSettingsModel, +) + +""" +# Comprehensive Pydantic models for iBGP VXLAN fabric management via Nexus Dashboard + +This module provides comprehensive Pydantic models for creating, updating, and deleting +iBGP VXLAN fabrics through the Nexus Dashboard Fabric Controller (NDFC) API. + +## Models Overview + +- `LocationModel` - Geographic location coordinates +- `NetflowExporterModel` - Netflow exporter configuration +- `NetflowRecordModel` - Netflow record configuration +- `NetflowMonitorModel` - Netflow monitor configuration +- `NetflowSettingsModel` - Complete netflow settings +- `BootstrapSubnetModel` - Bootstrap subnet configuration +- `TelemetryFlowCollectionModel` - Telemetry flow collection settings +- `TelemetrySettingsModel` - Complete telemetry configuration +- `ExternalStreamingSettingsModel` - External streaming configuration +- `VxlanIbgpManagementModel` - iBGP VXLAN specific management settings +- `FabricModel` - Complete fabric creation model +- `FabricDeleteModel` - Fabric deletion model + +## Usage + +```python +# Create a new iBGP VXLAN fabric +fabric_data = { + "name": "MyFabric", + "location": {"latitude": 37.7749, "longitude": -122.4194}, + "management": { + "type": "vxlanIbgp", + "bgp_asn": "65001", + "site_id": "65001" + } +} +fabric = FabricModel(**fabric_data) +``` +""" + + +class VxlanIbgpManagementModel(NDNestedModel): + """ + # Summary + + Comprehensive iBGP VXLAN fabric management configuration. + + This model contains all settings specific to iBGP VXLAN fabric types including + overlay configuration, underlay routing, multicast settings, and advanced features. + + ## Raises + + - `ValueError` - If BGP ASN, VLAN ranges, or IP ranges are invalid + - `TypeError` - If required string fields are not provided + """ + + model_config = ConfigDict(str_strip_whitespace=True, validate_assignment=True, populate_by_name=True, extra="allow") + + # Fabric Type (required for discriminated union) + type: Literal[FabricTypeEnum.VXLAN_IBGP] = Field(description="Type of the fabric", default=FabricTypeEnum.VXLAN_IBGP) + + # Core iBGP Configuration + bgp_asn: str = Field(alias="bgpAsn", description="Autonomous system number 1-4294967295 | 1-65535[.0-65535]") + site_id: Optional[str] = Field(alias="siteId", description="For EVPN Multi-Site Support. Defaults to Fabric ASN", default="") + + # Name under management section is optional for backward compatibility, but if provided must be non-empty string + name: Optional[str] = Field(description="Fabric name", min_length=1, max_length=64, default="") + # border_count: Optional[int] = Field(alias="borderCount", description="Number of border switches", ge=0, le=32, default=0) + # breakout_spine_interfaces: Optional[bool] = Field(alias="breakoutSpineInterfaces", description="Enable breakout spine interfaces", default=False) + # designer_use_robot_password: Optional[bool] = Field(alias="designerUseRobotPassword", description="Use robot password for designer", default=False) + # leaf_count: Optional[int] = Field(alias="leafCount", description="Number of leaf switches", ge=1, le=128, default=1) + # spine_count: Optional[int] = Field(alias="spineCount", description="Number of spine switches", ge=1, le=32, default=1) + # vrf_lite_ipv6_subnet_range: Optional[str] = Field(alias="vrfLiteIpv6SubnetRange", description="VRF Lite IPv6 subnet range", default="fd00::a33:0/112") + # vrf_lite_ipv6_subnet_target_mask: Optional[int] = Field( + # alias="vrfLiteIpv6SubnetTargetMask", + # description="VRF Lite IPv6 subnet target mask", ge=112, le=128, default=126) + + # Network Addressing + bgp_loopback_ip_range: str = Field(alias="bgpLoopbackIpRange", description="Typically Loopback0 IP Address Range", default="10.2.0.0/22") + nve_loopback_ip_range: str = Field(alias="nveLoopbackIpRange", description="Typically Loopback1 IP Address Range", default="10.3.0.0/22") + anycast_rendezvous_point_ip_range: str = Field( + alias="anycastRendezvousPointIpRange", description="Anycast or Phantom RP IP Address Range", default="10.254.254.0/24" + ) + intra_fabric_subnet_range: str = Field( + alias="intraFabricSubnetRange", description="Address range to assign numbered and peer link SVI IPs", default="10.4.0.0/16" + ) + + # VLAN and VNI Ranges + l2_vni_range: str = Field(alias="l2VniRange", description="Overlay network identifier range (minimum: 1, maximum: 16777214)", default="30000-49000") + l3_vni_range: str = Field(alias="l3VniRange", description="Overlay VRF identifier range (minimum: 1, maximum: 16777214)", default="50000-59000") + network_vlan_range: str = Field( + alias="networkVlanRange", description="Per Switch Overlay Network VLAN Range (minimum: 2, maximum: 4094)", default="2300-2999" + ) + vrf_vlan_range: str = Field(alias="vrfVlanRange", description="Per Switch Overlay VRF VLAN Range (minimum: 2, maximum: 4094)", default="2000-2299") + + # Overlay Configuration + overlay_mode: OverlayModeEnum = Field( + alias="overlayMode", description="Overlay Mode. VRF/Network configuration using config-profile or CLI", default=OverlayModeEnum.CLI + ) + replication_mode: ReplicationModeEnum = Field( + alias="replicationMode", description="Replication Mode for BUM Traffic", default=ReplicationModeEnum.MULTICAST + ) + multicast_group_subnet: str = Field( + alias="multicastGroupSubnet", + description=("Multicast pool prefix between 8 to 30. A multicast group ipv4 from this pool is used for BUM traffic for " "each overlay network."), + default="239.1.1.0/25", + ) + auto_generate_multicast_group_address: bool = Field( + alias="autoGenerateMulticastGroupAddress", + description="Generate a new multicast group address from the multicast pool using a round-robin approach", + default=False, + ) + underlay_multicast_group_address_limit: UnderlayMulticastGroupAddressLimitEnum = Field( + alias="underlayMulticastGroupAddressLimit", + description=("The maximum supported value is 128 for NX-OS version 10.2(1) or earlier " "and 512 for versions above 10.2(1)"), + default=UnderlayMulticastGroupAddressLimitEnum.V_128, + ) + tenant_routed_multicast: bool = Field(alias="tenantRoutedMulticast", description="For Overlay ipv4 Multicast Support In VXLAN Fabrics", default=False) + + # Underlay Configuration + link_state_routing_protocol: LinkStateRoutingProtocolEnum = Field( + alias="linkStateRoutingProtocol", description="Underlay Routing Protocol. Used for Spine-Leaf Connectivity", default=LinkStateRoutingProtocolEnum.OSPF + ) + ospf_area_id: str = Field(alias="ospfAreaId", description="OSPF Area Id in IP address format", default="0.0.0.0") + fabric_interface_type: FabricInterfaceTypeEnum = Field( + alias="fabricInterfaceType", description="Numbered(Point-to-Point) or unNumbered", default=FabricInterfaceTypeEnum.P2P + ) + + # Advanced Features + target_subnet_mask: int = Field(alias="targetSubnetMask", description="Mask for underlay subnet IP range", ge=24, le=31, default=30) + anycast_gateway_mac: str = Field(alias="anycastGatewayMac", description="Shared anycast gateway MAC address for all VTEPs", default="2020.0000.00aa") + fabric_mtu: int = Field(alias="fabricMtu", description="Intra Fabric Interface MTU. Must be an even number", ge=1500, le=9216, default=9216) + l2_host_interface_mtu: int = Field( + alias="l2HostInterfaceMtu", description="Layer 2 host interface MTU. Must be an even number", ge=1500, le=9216, default=9216 + ) + + # VPC Configuration + vpc_domain_id_range: str = Field( + alias="vpcDomainIdRange", description="vPC Domain id range (minimum: 1, maximum: 1000) to use for new pairings", default="1-1000" + ) + vpc_peer_link_vlan: str = Field(alias="vpcPeerLinkVlan", description="VLAN range (minimum: 2, maximum: 4094) for vPC Peer Link SVI", default="3600") + vpc_peer_link_enable_native_vlan: bool = Field(alias="vpcPeerLinkEnableNativeVlan", description="Enable VpcPeer Link for Native Vlan", default=False) + vpc_peer_keep_alive_option: VpcPeerKeepAliveOptionEnum = Field( + alias="vpcPeerKeepAliveOption", description="Use vPC Peer Keep Alive with Loopback or Management", default=VpcPeerKeepAliveOptionEnum.MANAGEMENT + ) + vpc_auto_recovery_timer: int = Field(alias="vpcAutoRecoveryTimer", description="vPC auto recovery timer (in seconds)", ge=240, le=3600, default=360) + vpc_delay_restore_timer: int = Field(alias="vpcDelayRestoreTimer", description="vPC delay restore timer (in seconds)", ge=1, le=3600, default=150) + + # Loopback Configuration + bgp_loopback_id: int = Field(alias="bgpLoopbackId", description="Underlay Routing Loopback Id", ge=0, le=1023, default=0) + nve_loopback_id: int = Field( + alias="nveLoopbackId", + description="Underlay VTEP loopback Id associated with the Network Virtualization Edge (nve) interface", + ge=0, + le=1023, + default=1, + ) + route_reflector_count: RouteReflectorCountEnum = Field( + alias="routeReflectorCount", description="Number of spines acting as Route-Reflectors", default=RouteReflectorCountEnum.TWO + ) + + # Templates + vrf_template: str = Field(alias="vrfTemplate", description="Default overlay VRF template for leafs", default="Default_VRF_Universal") + network_template: str = Field(alias="networkTemplate", description="Default overlay network template for leafs", default="Default_Network_Universal") + vrf_extension_template: str = Field( + alias="vrfExtensionTemplate", description="Default overlay VRF template for borders", default="Default_VRF_Extension_Universal" + ) + network_extension_template: str = Field( + alias="networkExtensionTemplate", description="Default overlay network template for borders", default="Default_Network_Extension_Universal" + ) + + # Optional Advanced Settings + performance_monitoring: bool = Field( + alias="performanceMonitoring", + description=("If enabled, switch metrics are collected through periodic SNMP polling. " "Alternative to real-time telemetry"), + default=False, + ) + tenant_dhcp: bool = Field(alias="tenantDhcp", description="Enable Tenant DHCP", default=True) + advertise_physical_ip: bool = Field( + alias="advertisePhysicalIp", description="For Primary VTEP IP Advertisement As Next-Hop Of Prefix Routes", default=False + ) + advertise_physical_ip_on_border: bool = Field( + alias="advertisePhysicalIpOnBorder", + description=("Enable advertise-pip on vPC borders and border gateways only. Applicable only when vPC advertise-pip is " "not enabled"), + default=True, + ) + + # Protocol Settings + bgp_authentication: bool = Field(alias="bgpAuthentication", description="Enables or disables the BGP authentication", default=False) + bgp_authentication_key_type: BgpAuthenticationKeyTypeEnum = Field( + alias="bgpAuthenticationKeyType", + description="BGP key encryption type: 3 - 3DES, 6 - Cisco type 6, 7 - Cisco type 7", + default=BgpAuthenticationKeyTypeEnum.THREE_DES, + ) + bfd: bool = Field(description="Enable BFD. Valid for IPv4 Underlay only", default=False) + bfd_ibgp: bool = Field(alias="bfdIbgp", description="Enable BFD For iBGP", default=False) + + # Management Settings + nxapi: bool = Field(description="Enable NX-API over HTTPS", default=False) + nxapi_http: bool = Field(alias="nxapiHttp", description="Enable NX-API over HTTP", default=False) + nxapi_https_port: int = Field(alias="nxapiHttpsPort", description="HTTPS port for NX-API", ge=1, le=65535, default=443) + nxapi_http_port: int = Field(alias="nxapiHttpPort", description="HTTP port for NX-API", ge=1, le=65535, default=80) + + # Bootstrap Settings + day0_bootstrap: bool = Field(alias="day0Bootstrap", description="Automatic IP Assignment For POAP", default=False) + bootstrap_subnet_collection: List[BootstrapSubnetModel] = Field( + alias="bootstrapSubnetCollection", description="List of IPv4 or IPv6 subnets to be used for bootstrap", default_factory=list + ) + + # Netflow Settings + netflow_settings: NetflowSettingsModel = Field( + alias="netflowSettings", description="Settings associated with netflow", default_factory=NetflowSettingsModel + ) + + # Multicast Settings + rendezvous_point_count: RendezvousPointCountEnum = Field( + alias="rendezvousPointCount", description="Number of spines acting as Rendezvous-Points (RPs)", default=RendezvousPointCountEnum.TWO + ) + rendezvous_point_loopback_id: int = Field(alias="rendezvousPointLoopbackId", description="Rendezvous point loopback Id", ge=0, le=1023, default=254) + + # System Settings + snmp_trap: bool = Field(alias="snmpTrap", description="Configure ND as a receiver for SNMP traps", default=True) + cdp: bool = Field(description="Enable CDP on management interface", default=False) + real_time_interface_statistics_collection: bool = Field( + alias="realTimeInterfaceStatisticsCollection", description="Enable Real Time Interface Statistics Collection. Valid for NX-OS only", default=False + ) + tcam_allocation: bool = Field( + alias="tcamAllocation", description="TCAM commands are automatically generated for VxLAN and vPC Fabric Peering when Enabled", default=True + ) + + # VPC Extended Configuration + vpc_peer_link_port_channel_id: str = Field( + alias="vpcPeerLinkPortChannelId", description="vPC Peer Link Port Channel ID (minimum: 1, maximum: 4096)", default="500" + ) + vpc_ipv6_neighbor_discovery_sync: bool = Field( + alias="vpcIpv6NeighborDiscoverySync", description="Enable IPv6 ND synchronization between vPC peers", default=True + ) + vpc_layer3_peer_router: bool = Field(alias="vpcLayer3PeerRouter", description="Enable Layer-3 Peer-Router on all Leaf switches", default=True) + vpc_tor_delay_restore_timer: int = Field(alias="vpcTorDelayRestoreTimer", description="vPC delay restore timer for ToR switches (in seconds)", default=30) + fabric_vpc_domain_id: bool = Field( + alias="fabricVpcDomainId", description="Enable the same vPC Domain Id for all vPC Pairs. Not Recommended.", default=False + ) + shared_vpc_domain_id: int = Field(alias="sharedVpcDomainId", description="vPC Domain Id to be used on all vPC pairs", default=1) + fabric_vpc_qos: bool = Field(alias="fabricVpcQos", description="Qos on spines for guaranteed delivery of vPC Fabric Peering communication", default=False) + fabric_vpc_qos_policy_name: str = Field( + alias="fabricVpcQosPolicyName", description="Qos Policy name should be same on all spines", default="spine_qos_for_fabric_vpc_peering" + ) + enable_peer_switch: bool = Field(alias="enablePeerSwitch", description="Enable the vPC peer-switch feature on ToR switches", default=False) + + # Bootstrap / Day-0 / DHCP + local_dhcp_server: bool = Field(alias="localDhcpServer", description="Automatic IP Assignment For POAP From Local DHCP Server", default=False) + dhcp_protocol_version: DhcpProtocolVersionEnum = Field( + alias="dhcpProtocolVersion", description="IP protocol version for Local DHCP Server", default=DhcpProtocolVersionEnum.DHCPV4 + ) + dhcp_start_address: str = Field(alias="dhcpStartAddress", description="DHCP Scope Start Address For Switch POAP", default="") + dhcp_end_address: str = Field(alias="dhcpEndAddress", description="DHCP Scope End Address For Switch POAP", default="") + management_gateway: str = Field(alias="managementGateway", description="Default Gateway For Management VRF On The Switch", default="") + management_ipv4_prefix: int = Field(alias="managementIpv4Prefix", description="Switch Mgmt IP Subnet Prefix if ipv4", default=24) + management_ipv6_prefix: int = Field(alias="managementIpv6Prefix", description="Switch Management IP Subnet Prefix if ipv6", default=64) + extra_config_nxos_bootstrap: str = Field( + alias="extraConfigNxosBootstrap", description="Additional CLIs required during device bootup/login e.g. AAA/Radius", default="" + ) + unnumbered_bootstrap_loopback_id: int = Field( + alias="unNumberedBootstrapLoopbackId", description="Bootstrap Seed Switch Loopback Interface ID", default=253 + ) + unnumbered_dhcp_start_address: str = Field( + alias="unNumberedDhcpStartAddress", + description="Switch Loopback DHCP Scope Start Address. Must be a subset of IGP/BGP Loopback Prefix Pool", + default="", + ) + unnumbered_dhcp_end_address: str = Field( + alias="unNumberedDhcpEndAddress", description="Switch Loopback DHCP Scope End Address. Must be a subset of IGP/BGP Loopback Prefix Pool", default="" + ) + inband_management: bool = Field(alias="inbandManagement", description="Manage switches with only Inband connectivity", default=False) + inband_dhcp_servers: List[str] = Field(alias="inbandDhcpServers", description="List of external DHCP server IP addresses (Max 3)", default_factory=list) + seed_switch_core_interfaces: List[str] = Field( + alias="seedSwitchCoreInterfaces", description="Seed switch fabric interfaces. Core-facing interface list on seed switch", default_factory=list + ) + spine_switch_core_interfaces: List[str] = Field( + alias="spineSwitchCoreInterfaces", description="Spine switch fabric interfaces. Core-facing interface list on all spines", default_factory=list + ) + + # Backup / Restore + real_time_backup: bool = Field(alias="realTimeBackup", description="Backup hourly only if there is any config deployment since last backup", default=False) + scheduled_backup: bool = Field(alias="scheduledBackup", description="Enable backup at the specified time daily", default=False) + scheduled_backup_time: str = Field( + alias="scheduledBackupTime", description="Time (UTC) in 24 hour format to take a daily backup if enabled (00:00 to 23:59)", default="" + ) + + # IPv6 / Dual-Stack + underlay_ipv6: bool = Field(alias="underlayIpv6", description="If not enabled, IPv4 underlay is used", default=False) + ipv6_multicast_group_subnet: str = Field( + alias="ipv6MulticastGroupSubnet", description="IPv6 Multicast address with prefix 112 to 128", default="ff1e::/121" + ) + tenant_routed_multicast_ipv6: bool = Field( + alias="tenantRoutedMulticastIpv6", description="For Overlay IPv6 Multicast Support In VXLAN Fabrics", default=False + ) + ipv6_link_local: bool = Field(alias="ipv6LinkLocal", description="If not enabled, Spine-Leaf interfaces will use global IPv6 addresses", default=True) + ipv6_subnet_target_mask: int = Field(alias="ipv6SubnetTargetMask", description="Mask for Underlay Subnet IPv6 Range", default=126) + ipv6_subnet_range: str = Field( + alias="ipv6SubnetRange", description="Underlay Subnet ipv6 range to assign Numbered and Peer Link SVI IPs", default="fd00::a04:0/112" + ) + bgp_loopback_ipv6_range: str = Field(alias="bgpLoopbackIpv6Range", description="Typically Loopback0 IPv6 Address Range", default="fd00::a02:0/119") + nve_loopback_ipv6_range: str = Field( + alias="nveLoopbackIpv6Range", description="Typically Loopback1 and Anycast Loopback IPv6 Address Range", default="fd00::a03:0/118" + ) + ipv6_anycast_rendezvous_point_ip_range: str = Field( + alias="ipv6AnycastRendezvousPointIpRange", description="Anycast RP IPv6 Address Range", default="fd00::254:254:0/118" + ) + + # Multicast / Rendezvous Point Extended + mvpn_vrf_route_import_id: bool = Field( + alias="mvpnVrfRouteImportId", description="Enable MVPN VRI ID Generation For Tenant Routed Multicast With IPv4 Underlay", default=True + ) + mvpn_vrf_route_import_id_range: str = Field( + alias="mvpnVrfRouteImportIdRange", + description=( + "MVPN VRI ID (minimum: 1, maximum: 65535) for vPC, applicable when TRM enabled with IPv6 underlay, or " + "mvpnVrfRouteImportId enabled with IPv4 underlay" + ), + default="", + ) + vrf_route_import_id_reallocation: bool = Field( + alias="vrfRouteImportIdReallocation", description="One time VRI ID re-allocation based on 'MVPN VRI ID Range'", default=False + ) + l3vni_multicast_group: str = Field( + alias="l3vniMulticastGroup", description="Default Underlay Multicast group IPv4 address assigned for every overlay VRF", default="239.1.1.0" + ) + l3_vni_ipv6_multicast_group: str = Field( + alias="l3VniIpv6MulticastGroup", description="Default Underlay Multicast group IP6 address assigned for every overlay VRF", default="ff1e::" + ) + rendezvous_point_mode: RendezvousPointModeEnum = Field( + alias="rendezvousPointMode", description="Multicast rendezvous point Mode. For ipv6 underlay, please use asm only", default=RendezvousPointModeEnum.ASM + ) + phantom_rendezvous_point_loopback_id1: int = Field( + alias="phantomRendezvousPointLoopbackId1", description="Underlay phantom rendezvous point loopback primary Id for PIM Bi-dir deployments", default=2 + ) + phantom_rendezvous_point_loopback_id2: int = Field( + alias="phantomRendezvousPointLoopbackId2", description="Underlay phantom rendezvous point loopback secondary Id for PIM Bi-dir deployments", default=3 + ) + phantom_rendezvous_point_loopback_id3: int = Field( + alias="phantomRendezvousPointLoopbackId3", description="Underlay phantom rendezvous point loopback tertiary Id for PIM Bi-dir deployments", default=4 + ) + phantom_rendezvous_point_loopback_id4: int = Field( + alias="phantomRendezvousPointLoopbackId4", description="Underlay phantom rendezvous point loopback quaternary Id for PIM Bi-dir deployments", default=5 + ) + anycast_loopback_id: int = Field( + alias="anycastLoopbackId", description="Underlay Anycast Loopback Id. Used for vPC Peering in VXLANv6 Fabrics", default=10 + ) + + # VRF Lite / Sub-Interface + sub_interface_dot1q_range: str = Field( + alias="subInterfaceDot1qRange", description="Per aggregation dot1q range for VRF-Lite connectivity (minimum: 2, maximum: 4093)", default="2-511" + ) + vrf_lite_auto_config: VrfLiteAutoConfigEnum = Field( + alias="vrfLiteAutoConfig", + description=( + "VRF Lite Inter-Fabric Connection Deployment Options. If 'back2BackAndToExternal' is selected, VRF Lite " + "IFCs are auto created between border devices of two Easy Fabrics, and between border devices in Easy " + "Fabric and edge routers in External Fabric. The IP address is taken from the 'VRF Lite Subnet IP Range' " + "pool." + ), + default=VrfLiteAutoConfigEnum.MANUAL, + ) + vrf_lite_subnet_range: str = Field(alias="vrfLiteSubnetRange", description="Address range to assign P2P Interfabric Connections", default="10.33.0.0/16") + vrf_lite_subnet_target_mask: int = Field(alias="vrfLiteSubnetTargetMask", description="VRF Lite Subnet Mask", default=30) + auto_unique_vrf_lite_ip_prefix: bool = Field( + alias="autoUniqueVrfLiteIpPrefix", + description=( + "When enabled, IP prefix allocated to the VRF LITE IFC is not reused on VRF extension over VRF LITE IFC. " + "Instead, unique IP Subnet is allocated for each VRF extension over VRF LITE IFC." + ), + default=False, + ) + auto_symmetric_vrf_lite: bool = Field( + alias="autoSymmetricVrfLite", + description=( + "Whether to auto generate VRF LITE sub-interface and BGP peering configuration on managed " + "neighbor devices. If set, auto created VRF Lite IFC links will have " + "'Auto Deploy for Peer' enabled." + ), + default=False, + ) + auto_vrf_lite_default_vrf: bool = Field( + alias="autoVrfLiteDefaultVrf", + description=( + "For ipv4 underlay, whether to auto generate BGP peering in Default VRF for VRF Lite IFC auto deployment " + "option. If set, will auto create VRF Lite Inter-Fabric links with 'Auto Deploy Default VRF' knob enabled" + ), + default=False, + ) + auto_symmetric_default_vrf: bool = Field( + alias="autoSymmetricDefaultVrf", + description=( + "Whether to auto generate Default VRF interface and BGP peering configuration on managed neighbor devices. " + "If set, auto created VRF Lite IFC links will have 'Auto Deploy Default VRF for Peer' enabled." + ), + default=False, + ) + default_vrf_redistribution_bgp_route_map: str = Field( + alias="defaultVrfRedistributionBgpRouteMap", + description=("Route Map used to redistribute BGP routes to IGP in default vrf " "in auto created VRF Lite IFC links"), + default="extcon-rmap-filter", + ) + + # Per-VRF Loopback + per_vrf_loopback_auto_provision: bool = Field( + alias="perVrfLoopbackAutoProvision", + description=( + "Auto provision an IPv4 loopback on a VTEP on VRF attachment. Note: Enabling this option auto-provisions " + "loopback on existing VRF attachments and also when Edit, QuickAttach, or Multiattach actions are " + "performed. Provisioned loopbacks cannot be deleted until VRFs are unattached." + ), + default=False, + ) + per_vrf_loopback_ip_range: str = Field( + alias="perVrfLoopbackIpRange", description="Prefix pool to assign IPv4 addresses to loopbacks on VTEPs on a per VRF basis", default="10.5.0.0/22" + ) + per_vrf_loopback_auto_provision_ipv6: bool = Field( + alias="perVrfLoopbackAutoProvisionIpv6", description="Auto provision an IPv6 loopback on a VTEP on VRF attachment.", default=False + ) + per_vrf_loopback_ipv6_range: str = Field( + alias="perVrfLoopbackIpv6Range", description="Prefix pool to assign IPv6 addresses to loopbacks on VTEPs on a per VRF basis", default="fd00::a05:0/112" + ) + per_vrf_unique_loopback_auto_provision: bool = Field( + alias="perVrfUniqueLoopbackAutoProvision", + description=( + "Auto provision a unique IPV4 loopback on a VTEP on VRF attachment. Note: Enabling this option " + "auto-provisions unique loopback in the fabric per request. This option and per VRF per VTEP loopback " + "auto-provisioning are mutually exclusive. Provisioned unique loopbacks will be released upon VRF " + "unattachment or per request." + ), + default=False, + ) + per_vrf_unique_loopback_ip_range: str = Field( + alias="perVrfUniqueLoopbackIpRange", + description="Prefix pool to assign unique IPv4 addresses to loopbacks on VTEPs on a per VRF basis", + default="10.6.0.0/22", + ) + per_vrf_unique_loopback_auto_provision_v6: bool = Field( + alias="perVrfUniqueLoopbackAutoProvisionV6", description="Auto provision a unique IPV6 loopback on a VTEP on VRF attachment.", default=False + ) + per_vrf_unique_loopback_ipv6_range: str = Field( + alias="perVrfUniqueLoopbackIpv6Range", + description="Prefix pool to assign unique IPv6 addresses to loopbacks on VTEPs on a per VRF basis", + default="fd00::a06:0/112", + ) + + # Authentication — BGP Extended + bgp_authentication_key: str = Field(alias="bgpAuthenticationKey", description="Encrypted BGP authentication key based on type", default="") + + # Authentication — PIM + pim_hello_authentication: bool = Field(alias="pimHelloAuthentication", description="Valid for IPv4 Underlay only", default=False) + pim_hello_authentication_key: str = Field(alias="pimHelloAuthenticationKey", description="3DES Encrypted", default="") + + # Authentication — BFD + bfd_authentication: bool = Field(alias="bfdAuthentication", description="Enable BFD Authentication. Valid for P2P Interfaces only", default=False) + bfd_authentication_key_id: int = Field(alias="bfdAuthenticationKeyId", description="BFD Authentication Key ID", default=100) + bfd_authentication_key: str = Field(alias="bfdAuthenticationKey", description="Encrypted SHA1 secret value", default="") + bfd_ospf: bool = Field(alias="bfdOspf", description="Enable BFD For OSPF", default=False) + bfd_isis: bool = Field(alias="bfdIsis", description="Enable BFD For ISIS", default=False) + bfd_pim: bool = Field(alias="bfdPim", description="Enable BFD For PIM", default=False) + + # Authentication — OSPF + ospf_authentication: bool = Field(alias="ospfAuthentication", description="Enable OSPF Authentication", default=False) + ospf_authentication_key_id: int = Field(alias="ospfAuthenticationKeyId", description="(Min:0, Max:255)", default=127) + ospf_authentication_key: str = Field(alias="ospfAuthenticationKey", description="OSPF Authentication Key. 3DES Encrypted", default="") + + # IS-IS + isis_level: IsisLevelEnum = Field(alias="isisLevel", description="IS-IS Level", default=IsisLevelEnum.LEVEL_2) + isis_area_number: str = Field( + alias="isisAreaNumber", + description=( + "NET in form of XX.<4-hex-digit Custom Area Number>.XXXX.XXXX.XXXX.00, default Area Number " + "is 0001. If area number in existing NETs matches the previous area number set in fabric " + "settings and is different from the " + "current area number, these NETs will be updated by Recalculate and Deploy." + ), + default="0001", + ) + isis_point_to_point: bool = Field( + alias="isisPointToPoint", description="This will enable network point-to-point on fabric interfaces which are numbered", default=True + ) + isis_authentication: bool = Field(alias="isisAuthentication", description="Enable IS-IS Authentication", default=False) + isis_authentication_keychain_name: str = Field(alias="isisAuthenticationKeychainName", description="IS-IS Authentication Keychain Name", default="") + isis_authentication_keychain_key_id: int = Field(alias="isisAuthenticationKeychainKeyId", description="IS-IS Authentication Key ID", default=127) + isis_authentication_key: str = Field(alias="isisAuthenticationKey", description="IS-IS Authentication Key. Cisco Type 7 Encrypted", default="") + isis_overload: bool = Field( + alias="isisOverload", description="Set IS-IS Overload Bit. When enabled, set the overload bit for an elapsed time after a reload", default=True + ) + isis_overload_elapse_time: int = Field( + alias="isisOverloadElapseTime", description="IS-IS Overload Bit Elapsed Time. Clear the overload bit after an elapsed time in seconds", default=60 + ) + + # MACsec + macsec: bool = Field( + description=( + "Enable MACsec in the fabric. MACsec fabric parameters are used for configuring MACsec on a fabric link if " "MACsec is enabled on the link." + ), + default=False, + ) + macsec_cipher_suite: MacsecCipherSuiteEnum = Field( + alias="macsecCipherSuite", description="Configure Cipher Suite", default=MacsecCipherSuiteEnum.GCM_AES_XPN_256 + ) + macsec_key_string: str = Field(alias="macsecKeyString", description="MACsec Primary Key String. Cisco Type 7 Encrypted Octet String", default="") + macsec_algorithm: MacsecAlgorithmEnum = Field( + alias="macsecAlgorithm", description="MACsec Primary Cryptographic Algorithm. AES_128_CMAC or AES_256_CMAC", default=MacsecAlgorithmEnum.AES_128_CMAC + ) + macsec_fallback_key_string: str = Field( + alias="macsecFallbackKeyString", description="MACsec Fallback Key String. Cisco Type 7 Encrypted Octet String", default="" + ) + macsec_fallback_algorithm: MacsecAlgorithmEnum = Field( + alias="macsecFallbackAlgorithm", + description="MACsec Fallback Cryptographic Algorithm. AES_128_CMAC or AES_256_CMAC", + default=MacsecAlgorithmEnum.AES_128_CMAC, + ) + macsec_report_timer: int = Field(alias="macsecReportTimer", description="MACsec Operational Status periodic report timer in minutes", default=5) + + # VRF Lite MACsec + vrf_lite_macsec: bool = Field( + alias="vrfLiteMacsec", + description=( + "Enable MACsec on DCI links. DCI MACsec fabric parameters are used for configuring MACsec on a DCI link if " + "'Use Link MACsec Setting' is disabled on the link." + ), + default=False, + ) + vrf_lite_macsec_cipher_suite: MacsecCipherSuiteEnum = Field( + alias="vrfLiteMacsecCipherSuite", description="DCI MACsec Cipher Suite", default=MacsecCipherSuiteEnum.GCM_AES_XPN_256 + ) + vrf_lite_macsec_key_string: str = Field( + alias="vrfLiteMacsecKeyString", description="DCI MACsec Primary Key String. Cisco Type 7 Encrypted Octet String", default="" + ) + vrf_lite_macsec_algorithm: MacsecAlgorithmEnum = Field( + alias="vrfLiteMacsecAlgorithm", description="DCI MACsec Primary Cryptographic Algorithm", default=MacsecAlgorithmEnum.AES_128_CMAC + ) + vrf_lite_macsec_fallback_key_string: str = Field( + alias="vrfLiteMacsecFallbackKeyString", + description=("DCI MACsec Fallback Key String. Cisco Type 7 Encrypted Octet String. " "This parameter is used when DCI link has QKD disabled."), + default="", + ) + vrf_lite_macsec_fallback_algorithm: MacsecAlgorithmEnum = Field( + alias="vrfLiteMacsecFallbackAlgorithm", + description="AES_128_CMAC or AES_256_CMAC. This parameter is used when DCI link has QKD disabled.", + default=MacsecAlgorithmEnum.AES_128_CMAC, + ) + + # Quantum Key Distribution / Trustpoint + quantum_key_distribution: bool = Field( + alias="quantumKeyDistribution", + description=("Enable Data Center Interconnect Media Access Control Security " "with Quantum Key Distribution config"), + default=False, + ) + quantum_key_distribution_profile_name: str = Field( + alias="quantumKeyDistributionProfileName", description="Name of crypto profile (Max Size 63)", default="" + ) + key_management_entity_server_ip: str = Field(alias="keyManagementEntityServerIp", description="Key Management Entity server ipv4 address", default="") + key_management_entity_server_port: int = Field(alias="keyManagementEntityServerPort", description="Key Management Entity server port number", default=0) + trustpoint_label: str = Field(alias="trustpointLabel", description="Tls authentication type trustpoint label", default="") + skip_certificate_verification: bool = Field(alias="skipCertificateVerification", description="Skip verification of incoming certificate", default=False) + + # BGP / Routing Enhancements + auto_bgp_neighbor_description: bool = Field(alias="autoBgpNeighborDescription", description="Generate BGP EVPN Neighbor Description", default=True) + ibgp_peer_template: str = Field( + alias="ibgpPeerTemplate", + description=( + "Specifies the iBGP Peer-Template config used for Route Reflectors and spines with border " + "or border gateway role. This field should begin with ' template peer' or " + "' template peer-session'. This must have 2 " + "leading spaces. Note ! All configs should strictly match show run output, with respect to case and " + "newlines. Any mismatches will yield unexpected diffs during deploy." + ), + default="", + ) + leaf_ibgp_peer_template: str = Field( + alias="leafIbgpPeerTemplate", + description=( + "Specifies the config used for leaf, border or border gateway. If this field is empty, the peer template " + "defined in iBGP Peer-Template Config is used on all BGP enabled devices (RRs, leafs, border or border " + "gateway roles). This field should begin with ' template peer' or ' template peer-session'. This must " + "have 2 leading spaces. Note ! All configs should strictly match 'show run' output, with respect to case " + "and newlines. Any mismatches will yield unexpected diffs during deploy." + ), + default="", + ) + link_state_routing_tag: str = Field(alias="linkStateRoutingTag", description="Underlay routing protocol process tag", default="UNDERLAY") + static_underlay_ip_allocation: bool = Field( + alias="staticUnderlayIpAllocation", description="Checking this will disable Dynamic Underlay IP Address Allocations", default=False + ) + router_id_range: str = Field(alias="routerIdRange", description="BGP Router ID Range in IPv4 subnet format used for IPv6 Underlay.", default="10.2.0.0/23") + + # Security Group Tags (SGT) + security_group_tag: bool = Field(alias="securityGroupTag", description="Security group can be enabled only with cli overlay mode", default=False) + security_group_tag_prefix: str = Field(alias="securityGroupTagPrefix", description="Prefix to be used when a new security group is created", default="SG_") + security_group_tag_mac_segmentation: bool = Field( + alias="securityGroupTagMacSegmentation", description="Enable MAC based segmentation for security groups", default=False + ) + security_group_tag_id_range: str = Field( + alias="securityGroupTagIdRange", description="Security group tag (SGT) identifier range (minimum: 16, maximum: 65535)", default="10000-14000" + ) + security_group_tag_preprovision: bool = Field( + alias="securityGroupTagPreprovision", description="Generate security groups configuration for non-enforced VRFs", default=False + ) + security_group_status: SecurityGroupStatusEnum = Field( + alias="securityGroupStatus", description="Security group status", default=SecurityGroupStatusEnum.DISABLED + ) + + # Queuing / QoS + default_queuing_policy: bool = Field(alias="defaultQueuingPolicy", description="Enable Default Queuing Policies", default=False) + default_queuing_policy_cloudscale: str = Field( + alias="defaultQueuingPolicyCloudscale", + description="Queuing Policy for all 92xx, -EX, -FX, -FX2, -FX3, -GX series switches in the fabric", + default="queuing_policy_default_8q_cloudscale", + ) + default_queuing_policy_r_series: str = Field( + alias="defaultQueuingPolicyRSeries", description="Queueing policy for all Nexus R-series switches", default="queuing_policy_default_r_series" + ) + default_queuing_policy_other: str = Field( + alias="defaultQueuingPolicyOther", description="Queuing Policy for all other switches in the fabric", default="queuing_policy_default_other" + ) + aiml_qos: bool = Field( + alias="aimlQos", + description=("Configures QoS and Queuing Policies specific to N9K Cloud Scale (CS) & Silicon One (S1) switch fabric for " "AI network workloads"), + default=False, + ) + aiml_qos_policy: AimlQosPolicyEnum = Field( + alias="aimlQosPolicy", + description=("Queuing Policy based on predominant fabric link speed: 800G / 400G / 100G / 25G. User-defined allows for " "custom configuration."), + default=AimlQosPolicyEnum.V_400G, + ) + roce_v2: str = Field( + alias="roceV2", + description=( + "DSCP for RDMA traffic: numeric (0-63) with ranges/comma, named values " + "(af11,af12,af13,af21,af22,af23,af31,af32,af33,af41,af42,af43,cs1,cs2,cs3,cs4,cs5,cs6,cs7,default,ef)" + ), + default="26", + ) + cnp: str = Field( + description=( + "DSCP value for Congestion Notification: numeric (0-63) with ranges/comma, named values " + "(af11,af12,af13,af21,af22,af23,af31,af32,af33,af41,af42,af43,cs1,cs2,cs3,cs4,cs5,cs6,cs7,default,ef)" + ), + default="48", + ) + wred_min: int = Field(alias="wredMin", description="WRED minimum threshold (in kbytes)", default=950) + wred_max: int = Field(alias="wredMax", description="WRED maximum threshold (in kbytes)", default=3000) + wred_drop_probability: int = Field(alias="wredDropProbability", description="Drop probability %", default=7) + wred_weight: int = Field(alias="wredWeight", description="Influences how quickly WRED reacts to queue depth changes", default=0) + bandwidth_remaining: int = Field(alias="bandwidthRemaining", description="Percentage of remaining bandwidth allocated to AI traffic queues", default=50) + dlb: bool = Field( + description=( + "Enables fabric-level Dynamic Load Balancing (DLB) configuration. Note: Inter-Switch-Links (ISL) will be " "configured as DLB Interfaces" + ), + default=False, + ) + dlb_mode: DlbModeEnum = Field( + alias="dlbMode", + description=( + "Select system-wide flowlet, per-packet (packet spraying) or policy driven mixed mode. Note: Mixed mode is " + "supported on Silicon One (S1) platform only." + ), + default=DlbModeEnum.FLOWLET, + ) + dlb_mixed_mode_default: DlbMixedModeDefaultEnum = Field( + alias="dlbMixedModeDefault", description="Default load balancing mode for policy driven mixed mode DLB", default=DlbMixedModeDefaultEnum.ECMP + ) + flowlet_aging: int = Field( + alias="flowletAging", + description=( + "Flowlet aging timer in microseconds. Valid range depends on platform: Cloud Scale (CS)=1-2000000 (default " + "500), Silicon One (S1)=1-1024 (default 256)" + ), + default=1, + ) + flowlet_dscp: str = Field( + alias="flowletDscp", + description=( + "DSCP values for flowlet load balancing: numeric (0-63) with ranges/comma, named values " + "(af11,af12,af13,af21,af22,af23,af31,af32,af33,af41,af42,af43,cs1,cs2,cs3,cs4,cs5,cs6,cs7,default,ef)" + ), + default="", + ) + per_packet_dscp: str = Field( + alias="perPacketDscp", + description=( + "DSCP values for per-packet load balancing: numeric (0-63) with ranges/comma, named values " + "(af11,af12,af13,af21,af22,af23,af31,af32,af33,af41,af42,af43,cs1,cs2,cs3,cs4,cs5,cs6,cs7,default,ef)" + ), + default="", + ) + ai_load_sharing: bool = Field( + alias="aiLoadSharing", description="Enable IP load sharing using source and destination address for AI workloads", default=False + ) + priority_flow_control_watch_interval: int = Field( + alias="priorityFlowControlWatchInterval", + description="Acceptable values from 101 to 1000 (milliseconds). Leave blank for system default (100ms).", + default=101, + ) + + # PTP + ptp: bool = Field(description="Enable Precision Time Protocol (PTP)", default=False) + ptp_loopback_id: int = Field(alias="ptpLoopbackId", description="Precision Time Protocol Source Loopback Id", default=0) + ptp_domain_id: int = Field(alias="ptpDomainId", description="Multiple Independent PTP Clocking Subdomains on a Single Network", default=0) + ptp_vlan_id: int = Field(alias="ptpVlanId", description="Precision Time Protocol (PTP) Source VLAN ID. SVI used for ptp source on ToRs", default=2) + + # STP + stp_root_option: StpRootOptionEnum = Field( + alias="stpRootOption", + description=( + "Which protocol to use for configuring root bridge? rpvst+: Rapid Per-VLAN Spanning Tree, mst: Multiple " + "Spanning Tree, unmanaged (default): STP Root not managed by ND" + ), + default=StpRootOptionEnum.UNMANAGED, + ) + stp_vlan_range: str = Field(alias="stpVlanRange", description="Spanning tree Vlan range (minimum: 1, maximum: 4094)", default="1-3967") + mst_instance_range: str = Field(alias="mstInstanceRange", description="Minimum Spanning Tree instance range (minimum: 0, maximum: 4094)", default="0") + stp_bridge_priority: int = Field(alias="stpBridgePriority", description="Bridge priority for the spanning tree in increments of 4096", default=0) + + # MPLS Handoff + mpls_handoff: bool = Field(alias="mplsHandoff", description="Enable MPLS Handoff", default=False) + mpls_loopback_identifier: int = Field(alias="mplsLoopbackIdentifier", description="Used for VXLAN to MPLS SR/LDP Handoff", default=101) + mpls_isis_area_number: str = Field( + alias="mplsIsisAreaNumber", + description=( + "NET in form of XX.<4-hex-digit Custom Area Number>.XXXX.XXXX.XXXX.00, default Area Number is 0001, used " + "only if routing protocol on DCI MPLS link is is-is" + ), + default="0001", + ) + mpls_loopback_ip_range: str = Field(alias="mplsLoopbackIpRange", description="Used for VXLAN to MPLS SR/LDP Handoff", default="10.101.0.0/25") + + # Private VLAN + private_vlan: bool = Field(alias="privateVlan", description="Enable PVLAN on switches except spines and super spines", default=False) + default_private_vlan_secondary_network_template: str = Field( + alias="defaultPrivateVlanSecondaryNetworkTemplate", description="Default PVLAN secondary network template", default="Pvlan_Secondary_Network" + ) + allow_vlan_on_leaf_tor_pairing: AllowVlanOnLeafTorPairingEnum = Field( + alias="allowVlanOnLeafTorPairing", + description="Set trunk allowed vlan to 'none' or 'all' for leaf-tor pairing port-channels", + default=AllowVlanOnLeafTorPairingEnum.NONE, + ) + + # Leaf / TOR + leaf_tor_id_range: bool = Field(alias="leafTorIdRange", description="Use specific vPC/Port-channel ID range for leaf-tor pairings", default=False) + leaf_tor_vpc_port_channel_id_range: str = Field( + alias="leafTorVpcPortChannelIdRange", + description=( + "Specify vPC/Port-channel ID range (minimum: 1, maximum: 4096), this range is used for auto-allocating " + "vPC/Port-Channel IDs for leaf-tor pairings" + ), + default="1-499", + ) + + # Resource ID Ranges + l3_vni_no_vlan_default_option: bool = Field( + alias="l3VniNoVlanDefaultOption", + description=( + "L3 VNI configuration without VLAN configuration. This value is propagated on vrf creation as the default " + "value of 'Enable L3VNI w/o VLAN' in vrf" + ), + default=False, + ) + ip_service_level_agreement_id_range: str = Field( + alias="ipServiceLevelAgreementIdRange", + description=("Service Level Agreement (SLA) ID Range " "(minimum: 1, maximum: 655214748364735). Per switch SLA ID Range"), + default="10000-19999", + ) + object_tracking_number_range: str = Field( + alias="objectTrackingNumberRange", + description="Tracked Object ID Range (minimum: 1, maximum: 512) Per switch tracked object ID Range", + default="100-299", + ) + service_network_vlan_range: str = Field( + alias="serviceNetworkVlanRange", + description=("Service Network VLAN Range (minimum: 2, maximum: 4094). " "Per Switch Overlay Service Network VLAN Range"), + default="3000-3199", + ) + route_map_sequence_number_range: str = Field( + alias="routeMapSequenceNumberRange", description="Route Map Sequence Number Range (minimum: 1, maximum: 65534)", default="1-65534" + ) + + # DNS / NTP / Syslog Collections + ntp_server_collection: List[str] = Field(default_factory=lambda: ["string"], alias="ntpServerCollection") + ntp_server_vrf_collection: List[str] = Field(default_factory=lambda: ["string"], alias="ntpServerVrfCollection") + dns_collection: List[str] = Field(default_factory=lambda: ["5.192.28.174"], alias="dnsCollection") + dns_vrf_collection: List[str] = Field(default_factory=lambda: ["string"], alias="dnsVrfCollection") + syslog_server_collection: List[str] = Field(default_factory=lambda: ["string"], alias="syslogServerCollection") + syslog_server_vrf_collection: List[str] = Field(default_factory=lambda: ["string"], alias="syslogServerVrfCollection") + syslog_severity_collection: List[int] = Field( + default_factory=lambda: [7], alias="syslogSeverityCollection", description="List of Syslog severity values, one per Syslog server" + ) + + # Extra Config / Pre-Interface Config / AAA / Banner + banner: str = Field( + description=("Message of the Day (motd) banner. Delimiter char (very first char is delimiter char) followed by message " "ending with delimiter"), + default="", + ) + extra_config_leaf: str = Field( + alias="extraConfigLeaf", + description=( + "Additional CLIs as captured from the show running configuration, added after interface configurations for " + "all switches with a VTEP unless they have some spine role" + ), + default="", + ) + extra_config_spine: str = Field( + alias="extraConfigSpine", + description=( + "Additional CLIs as captured from the show running configuration, added after interface configurations for " "all switches with some spine role" + ), + default="", + ) + extra_config_tor: str = Field( + alias="extraConfigTor", + description=("Additional CLIs as captured from the show running configuration, added after interface configurations for " "all ToRs"), + default="", + ) + extra_config_intra_fabric_links: str = Field(alias="extraConfigIntraFabricLinks", description="Additional CLIs for all Intra-Fabric links", default="") + extra_config_aaa: str = Field(alias="extraConfigAaa", description="AAA Configurations", default="") + aaa: bool = Field(description="Include AAA configs from Manageability tab during device bootup", default=False) + pre_interface_config_leaf: str = Field( + alias="preInterfaceConfigLeaf", + description=( + "Additional CLIs as captured from the show running configuration, added before interface " + "configurations for all switches with a VTEP unless they have some spine role" + ), + default="", + ) + pre_interface_config_spine: str = Field( + alias="preInterfaceConfigSpine", + description=( + "Additional CLIs as captured from the show running configuration, added before interface " "configurations for all switches with some spine role" + ), + default="", + ) + pre_interface_config_tor: str = Field( + alias="preInterfaceConfigTor", + description=("Additional CLIs as captured from the show running configuration, added before interface " "configurations for all ToRs"), + default="", + ) + + # System / Compliance / OAM / Misc + anycast_border_gateway_advertise_physical_ip: bool = Field( + alias="anycastBorderGatewayAdvertisePhysicalIp", + description="To advertise Anycast Border Gateway PIP as VTEP. Effective on MSD fabric 'Recalculate Config'", + default=False, + ) + greenfield_debug_flag: GreenfieldDebugFlagEnum = Field( + alias="greenfieldDebugFlag", + description="Allow switch configuration to be cleared without a reload when preserveConfig is set to false", + default=GreenfieldDebugFlagEnum.DISABLE, + ) + interface_statistics_load_interval: int = Field( + alias="interfaceStatisticsLoadInterval", description="Interface Statistics Load Interval. Time in seconds", default=10 + ) + nve_hold_down_timer: int = Field(alias="nveHoldDownTimer", description="NVE Source Inteface HoldDown Time in seconds", default=180) + next_generation_oam: bool = Field( + alias="nextGenerationOAM", + description=("Enable the Next Generation (NG) OAM feature for all switches in the fabric to aid in trouble-shooting " "VXLAN EVPN fabrics"), + default=True, + ) + ngoam_south_bound_loop_detect: bool = Field( + alias="ngoamSouthBoundLoopDetect", description="Enable the Next Generation (NG) OAM southbound loop detection", default=False + ) + ngoam_south_bound_loop_detect_probe_interval: int = Field( + alias="ngoamSouthBoundLoopDetectProbeInterval", + description="Set Next Generation (NG) OAM southbound loop detection probe interval in seconds.", + default=300, + ) + ngoam_south_bound_loop_detect_recovery_interval: int = Field( + alias="ngoamSouthBoundLoopDetectRecoveryInterval", + description="Set the Next Generation (NG) OAM southbound loop detection recovery interval in seconds", + default=600, + ) + strict_config_compliance_mode: bool = Field( + alias="strictConfigComplianceMode", + description=("Enable bi-directional compliance checks to flag additional configs in the running config that are not in " "the intent/expected config"), + default=False, + ) + advanced_ssh_option: bool = Field( + alias="advancedSshOption", description="Enable AAA IP Authorization. Enable only, when IP Authorization is enabled in the AAA Server", default=False + ) + copp_policy: CoppPolicyEnum = Field( + alias="coppPolicy", + description="Fabric wide CoPP policy. Customized CoPP policy should be provided when 'manual' is selected.", + default=CoppPolicyEnum.STRICT, + ) + power_redundancy_mode: PowerRedundancyModeEnum = Field( + alias="powerRedundancyMode", description="Default Power Supply Mode for NX-OS Switches", default=PowerRedundancyModeEnum.REDUNDANT + ) + host_interface_admin_state: bool = Field(alias="hostInterfaceAdminState", description="Unshut Host Interfaces by Default", default=True) + heartbeat_interval: int = Field(alias="heartbeatInterval", description="XConnect heartbeat interval for periodic link status checks", default=190) + policy_based_routing: bool = Field( + alias="policyBasedRouting", + description="Enable feature pbr, sla sender, epbr, or enable feature pbr, based on the L4-L7 Services use case", + default=False, + ) + brownfield_network_name_format: str = Field( + alias="brownfieldNetworkNameFormat", + description="Generated network name should be less than 64 characters", + default="Auto_Net_VNI$$VNI$$_VLAN$$VLAN_ID$$", + ) + brownfield_skip_overlay_network_attachments: bool = Field( + alias="brownfieldSkipOverlayNetworkAttachments", + description="Skip Overlay Network Interface Attachments for Brownfield and Host Port Resync cases", + default=False, + ) + allow_smart_switch_onboarding: bool = Field( + alias="allowSmartSwitchOnboarding", description="Enable onboarding of smart switches to Hypershield for firewall service", default=False + ) + + # Hypershield / Connectivity + connectivity_domain_name: Optional[str] = Field(alias="connectivityDomainName", description="Domain name to connect to Hypershield", default=None) + hypershield_connectivity_proxy_server: Optional[str] = Field( + alias="hypershieldConnectivityProxyServer", + description="IPv4 address, IPv6 address, or DNS name of the proxy server for Hypershield communication", + default=None, + ) + hypershield_connectivity_proxy_server_port: Optional[int] = Field( + alias="hypershieldConnectivityProxyServerPort", description="Proxy port number for communication with Hypershield", default=None + ) + hypershield_connectivity_source_intf: Optional[str] = Field( + alias="hypershieldConnectivitySourceIntf", description="Loopback interface on smart switch for communication with Hypershield", default=None + ) + + @field_validator("bgp_asn") + @classmethod + def validate_bgp_asn(cls, value: str) -> str: + """ + # Summary + + Validate BGP ASN format and range. + + ## Description + + Accepts either a plain integer ASN (1-4294967295) or dotted four-byte + ASN notation in the form ``MMMM.NNNN`` where both parts are in the + range 1-65535 / 0-65535 respectively. + + ## Raises + + - `ValueError` - If the value does not match the expected ASN format + """ + if not BGP_ASN_RE.match(value): + raise ValueError(f"Invalid BGP ASN '{value}'. " "Expected a plain integer (1-4294967295) or dotted notation (1-65535.0-65535).") + return value + + @field_validator("site_id") + @classmethod + def validate_site_id(cls, value: str) -> str: + """ + # Summary + + Validate site ID format. + + ## Raises + + - `ValueError` - If site ID is not numeric or outside valid range + """ + + # If value is empty string (default), skip validation (will be set to BGP ASN later if still empty) + if value == "": + return value + + if not value.isdigit(): + raise ValueError(f"Site ID must be numeric, got: {value}") + + site_id_int = int(value) + if not (1 <= site_id_int <= 281474976710655): + raise ValueError(f"Site ID must be between 1 and 281474976710655, got: {site_id_int}") + + return value + + @field_validator("anycast_gateway_mac") + @classmethod + def validate_mac_address(cls, value: str) -> str: + """ + # Summary + + Validate MAC address format. + + ## Raises + + - `ValueError` - If MAC address format is invalid + """ + mac_pattern = re.compile(r"^([0-9a-fA-F]{4}\.){2}[0-9a-fA-F]{4}$") + if not mac_pattern.match(value): + raise ValueError(f"Invalid MAC address format, expected xxxx.xxxx.xxxx, got: {value}") + + return value.lower() + + +class FabricIbgpModel(NDBaseModel): + """ + # Summary + + Complete model for creating a new iBGP VXLAN fabric. + + This model combines all necessary components for fabric creation including + basic fabric properties, management settings, telemetry, and streaming configuration. + + ## Raises + + - `ValueError` - If required fields are missing or invalid + - `TypeError` - If field types don't match expected types + """ + + model_config = ConfigDict( + str_strip_whitespace=True, validate_assignment=True, populate_by_name=True, extra="allow" # Allow extra fields from API responses + ) + + identifiers: ClassVar[Optional[List[str]]] = ["fabric_name"] + identifier_strategy: ClassVar[Optional[Literal["single", "composite", "hierarchical", "singleton"]]] = "single" + + # Basic Fabric Properties + category: Literal["fabric"] = Field(description="Resource category", default="fabric") + fabric_name: str = Field(alias="name", description="Fabric name", min_length=1, max_length=64) + location: Optional[LocationModel] = Field(description="Geographic location of the fabric", default=None) + + # License and Operations + license_tier: LicenseTierEnum = Field(alias="licenseTier", description="License tier", default=LicenseTierEnum.PREMIER) + alert_suspend: AlertSuspendEnum = Field(alias="alertSuspend", description="Alert suspension state", default=AlertSuspendEnum.DISABLED) + telemetry_collection: bool = Field(alias="telemetryCollection", description="Enable telemetry collection", default=False) + telemetry_collection_type: str = Field(alias="telemetryCollectionType", description="Telemetry collection type", default="outOfBand") + telemetry_streaming_protocol: str = Field(alias="telemetryStreamingProtocol", description="Telemetry streaming protocol", default="ipv4") + telemetry_source_interface: str = Field(alias="telemetrySourceInterface", description="Telemetry source interface", default="") + telemetry_source_vrf: str = Field(alias="telemetrySourceVrf", description="Telemetry source VRF", default="") + security_domain: str = Field(alias="securityDomain", description="Security domain", default="all") + + # Core Management Configuration + management: Optional[VxlanIbgpManagementModel] = Field(description="iBGP VXLAN management configuration", default=None) + + # Optional Advanced Settings + telemetry_settings: Optional[TelemetrySettingsModel] = Field(alias="telemetrySettings", description="Telemetry configuration", default=None) + external_streaming_settings: ExternalStreamingSettingsModel = Field( + alias="externalStreamingSettings", description="External streaming settings", default_factory=ExternalStreamingSettingsModel + ) + + @field_validator("fabric_name") + @classmethod + def validate_fabric_name(cls, value: str) -> str: + """ + # Summary + + Validate fabric name format and characters. + + ## Raises + + - `ValueError` - If name contains invalid characters or format + """ + if not re.match(r"^[a-zA-Z0-9_-]+$", value): + raise ValueError(f"Fabric name can only contain letters, numbers, underscores, and hyphens, got: {value}") + + return value + + @model_validator(mode="after") + def validate_fabric_consistency(self) -> "FabricModel": + """ + # Summary + + Validate consistency between fabric settings and management configuration. + + ## Raises + + - `ValueError` - If fabric settings are inconsistent + """ + # Ensure management type matches model type + if self.management is not None and self.management.type != FabricTypeEnum.VXLAN_IBGP: + raise ValueError(f"Management type must be {FabricTypeEnum.VXLAN_IBGP}") + + # Propagate fabric name to management model + if self.management is not None: + self.management.name = self.fabric_name + + # Propagate BGP ASN to Site ID management model if not set + if self.management is not None and self.management.site_id == "": + bgp_asn = self.management.bgp_asn + if "." in bgp_asn: + # asdot notation (High.Low) → convert to asplain decimal: (High × 65536) + Low + high, low = bgp_asn.split(".") + self.management.site_id = str(int(high) * 65536 + int(low)) + else: + # Already plain decimal + self.management.site_id = bgp_asn + + # Validate telemetry consistency + if self.telemetry_collection and self.telemetry_settings is None: + # Auto-create default telemetry settings if collection is enabled + self.telemetry_settings = TelemetrySettingsModel() + + return self + + # TODO: to generate from Fields (low priority) + @classmethod + def get_argument_spec(cls) -> Dict: + return dict( + state={ + "type": "str", + "default": "merged", + "choices": ["merged", "replaced", "deleted", "overridden"], + }, + config={"required": False, "type": "list", "elements": "dict"}, + ) + + +# Export all models for external use +__all__ = [ + "LocationModel", + "NetflowExporterModel", + "NetflowRecordModel", + "NetflowMonitorModel", + "NetflowSettingsModel", + "BootstrapSubnetModel", + "TelemetryFlowCollectionModel", + "TelemetryMicroburstModel", + "TelemetryAnalysisSettingsModel", + "TelemetryEnergyManagementModel", + "TelemetrySettingsModel", + "ExternalStreamingSettingsModel", + "VxlanIbgpManagementModel", + "FabricIbgpModel", + "FabricTypeEnum", + "AlertSuspendEnum", + "LicenseTierEnum", + "ReplicationModeEnum", + "OverlayModeEnum", + "LinkStateRoutingProtocolEnum", +] diff --git a/plugins/module_utils/nd.py b/plugins/module_utils/nd.py index 50a5eeb2..f8f14e5d 100644 --- a/plugins/module_utils/nd.py +++ b/plugins/module_utils/nd.py @@ -75,7 +75,18 @@ def issubset(subset, superset): if not isinstance(subset, dict): if isinstance(subset, list): - return all(item in superset for item in subset) + if len(subset) != len(superset): + return False + + remaining = list(superset) + for item in subset: + for index, candidate in enumerate(remaining): + if issubset(item, candidate) and issubset(candidate, item): + del remaining[index] + break + else: + return False + return True return subset == superset for key, value in subset.items(): diff --git a/plugins/module_utils/nd_config_collection.py b/plugins/module_utils/nd_config_collection.py index 832cc132..4e3541cd 100644 --- a/plugins/module_utils/nd_config_collection.py +++ b/plugins/module_utils/nd_config_collection.py @@ -119,9 +119,15 @@ def delete(self, key: IdentifierKey) -> bool: # Diff Operations - def get_diff_config(self, new_item: NDBaseModel) -> Literal["new", "no_diff", "changed"]: + def get_diff_config(self, new_item: NDBaseModel, exclude_unset: bool = False) -> Literal["new", "no_diff", "changed"]: """ Compare single item against collection. + + Args: + new_item: The proposed configuration item. + exclude_unset: When True, only compare fields explicitly set in + ``new_item``. Useful for merge operations where unspecified + fields should not trigger a diff. """ try: key = self._extract_key(new_item) @@ -133,7 +139,7 @@ def get_diff_config(self, new_item: NDBaseModel) -> Literal["new", "no_diff", "c if existing is None: return "new" - is_subset = existing.get_diff(new_item) + is_subset = existing.get_diff(new_item, exclude_unset=exclude_unset) return "no_diff" if is_subset else "changed" diff --git a/plugins/module_utils/nd_state_machine.py b/plugins/module_utils/nd_state_machine.py index fb812c33..109c7ca3 100644 --- a/plugins/module_utils/nd_state_machine.py +++ b/plugins/module_utils/nd_state_machine.py @@ -77,7 +77,11 @@ def _manage_create_update_state(self) -> None: identifier = proposed_item.get_identifier_value() try: # Determine diff status - diff_status = self.existing.get_diff_config(proposed_item) + # For merged state, only compare fields explicitly provided by + # the user so that Pydantic default values do not trigger false + # diffs or overwrite existing configuration. + exclude_unset = self.state == "merged" + diff_status = self.existing.get_diff_config(proposed_item, exclude_unset=exclude_unset) # No changes needed if diff_status == "no_diff": diff --git a/plugins/module_utils/orchestrators/manage_fabric_ebgp.py b/plugins/module_utils/orchestrators/manage_fabric_ebgp.py new file mode 100644 index 00000000..2171189a --- /dev/null +++ b/plugins/module_utils/orchestrators/manage_fabric_ebgp.py @@ -0,0 +1,46 @@ +# -*- coding: utf-8 -*- + +# Copyright: (c) 2026, Mike Wiebe (@mwiebe) + +# GNU General Public License v3.0+ (see LICENSE or https://www.gnu.org/licenses/gpl-3.0.txt) + +from __future__ import absolute_import, division, print_function + +__metaclass__ = type + +from typing import Type +from ansible_collections.cisco.nd.plugins.module_utils.orchestrators.base import NDBaseOrchestrator +from ansible_collections.cisco.nd.plugins.module_utils.models.base import NDBaseModel +from ansible_collections.cisco.nd.plugins.module_utils.models.manage_fabric.manage_fabric_ebgp import FabricEbgpModel +from ansible_collections.cisco.nd.plugins.module_utils.endpoints.base import NDEndpointBaseModel +from ansible_collections.cisco.nd.plugins.module_utils.orchestrators.types import ResponseType +from ansible_collections.cisco.nd.plugins.module_utils.endpoints.v1.manage.manage_fabrics import ( + EpManageFabricsGet, + EpManageFabricsListGet, + EpManageFabricsPost, + EpManageFabricsPut, + EpManageFabricsDelete, +) + + +class ManageEbgpFabricOrchestrator(NDBaseOrchestrator): + model_class: Type[NDBaseModel] = FabricEbgpModel + + create_endpoint: Type[NDEndpointBaseModel] = EpManageFabricsPost + update_endpoint: Type[NDEndpointBaseModel] = EpManageFabricsPut + delete_endpoint: Type[NDEndpointBaseModel] = EpManageFabricsDelete + query_one_endpoint: Type[NDEndpointBaseModel] = EpManageFabricsGet + query_all_endpoint: Type[NDEndpointBaseModel] = EpManageFabricsListGet + + def query_all(self) -> ResponseType: + """ + Custom query_all action to extract 'fabrics' from response, + filtered to only vxlanEbgp fabric types. + """ + try: + api_endpoint = self.query_all_endpoint() + result = self.sender.query_obj(api_endpoint.path) + fabrics = result.get("fabrics", []) or [] + return [f for f in fabrics if f.get("management", {}).get("type") == "vxlanEbgp"] + except Exception as e: + raise Exception(f"Query all failed: {e}") from e diff --git a/plugins/module_utils/orchestrators/manage_fabric_external.py b/plugins/module_utils/orchestrators/manage_fabric_external.py new file mode 100644 index 00000000..d370315a --- /dev/null +++ b/plugins/module_utils/orchestrators/manage_fabric_external.py @@ -0,0 +1,46 @@ +# -*- coding: utf-8 -*- + +# Copyright: (c) 2026, Mike Wiebe (@mwiebe) + +# GNU General Public License v3.0+ (see LICENSE or https://www.gnu.org/licenses/gpl-3.0.txt) + +from __future__ import absolute_import, division, print_function + +__metaclass__ = type + +from typing import Type +from ansible_collections.cisco.nd.plugins.module_utils.orchestrators.base import NDBaseOrchestrator +from ansible_collections.cisco.nd.plugins.module_utils.models.base import NDBaseModel +from ansible_collections.cisco.nd.plugins.module_utils.models.manage_fabric.manage_fabric_external import FabricExternalConnectivityModel +from ansible_collections.cisco.nd.plugins.module_utils.endpoints.base import NDEndpointBaseModel +from ansible_collections.cisco.nd.plugins.module_utils.orchestrators.types import ResponseType +from ansible_collections.cisco.nd.plugins.module_utils.endpoints.v1.manage.manage_fabrics import ( + EpManageFabricsGet, + EpManageFabricsListGet, + EpManageFabricsPost, + EpManageFabricsPut, + EpManageFabricsDelete, +) + + +class ManageExternalFabricOrchestrator(NDBaseOrchestrator): + model_class: Type[NDBaseModel] = FabricExternalConnectivityModel + + create_endpoint: Type[NDEndpointBaseModel] = EpManageFabricsPost + update_endpoint: Type[NDEndpointBaseModel] = EpManageFabricsPut + delete_endpoint: Type[NDEndpointBaseModel] = EpManageFabricsDelete + query_one_endpoint: Type[NDEndpointBaseModel] = EpManageFabricsGet + query_all_endpoint: Type[NDEndpointBaseModel] = EpManageFabricsListGet + + def query_all(self) -> ResponseType: + """ + Custom query_all action to extract 'fabrics' from response, + filtered to only externalConnectivity fabric types. + """ + try: + api_endpoint = self.query_all_endpoint() + result = self.sender.query_obj(api_endpoint.path) + fabrics = result.get("fabrics", []) or [] + return [f for f in fabrics if f.get("management", {}).get("type") == "externalConnectivity"] + except Exception as e: + raise Exception(f"Query all failed: {e}") from e diff --git a/plugins/module_utils/orchestrators/manage_fabric_ibgp.py b/plugins/module_utils/orchestrators/manage_fabric_ibgp.py new file mode 100644 index 00000000..9fb5da78 --- /dev/null +++ b/plugins/module_utils/orchestrators/manage_fabric_ibgp.py @@ -0,0 +1,46 @@ +# -*- coding: utf-8 -*- + +# Copyright: (c) 2026, Mike Wiebe (@mwiebe) + +# GNU General Public License v3.0+ (see LICENSE or https://www.gnu.org/licenses/gpl-3.0.txt) + +from __future__ import absolute_import, division, print_function + +__metaclass__ = type + +from typing import Type +from ansible_collections.cisco.nd.plugins.module_utils.orchestrators.base import NDBaseOrchestrator +from ansible_collections.cisco.nd.plugins.module_utils.models.base import NDBaseModel +from ansible_collections.cisco.nd.plugins.module_utils.models.manage_fabric.manage_fabric_ibgp import FabricIbgpModel +from ansible_collections.cisco.nd.plugins.module_utils.endpoints.base import NDEndpointBaseModel +from ansible_collections.cisco.nd.plugins.module_utils.orchestrators.types import ResponseType +from ansible_collections.cisco.nd.plugins.module_utils.endpoints.v1.manage.manage_fabrics import ( + EpManageFabricsGet, + EpManageFabricsListGet, + EpManageFabricsPost, + EpManageFabricsPut, + EpManageFabricsDelete, +) + + +class ManageIbgpFabricOrchestrator(NDBaseOrchestrator): + model_class: Type[NDBaseModel] = FabricIbgpModel + + create_endpoint: Type[NDEndpointBaseModel] = EpManageFabricsPost + update_endpoint: Type[NDEndpointBaseModel] = EpManageFabricsPut + delete_endpoint: Type[NDEndpointBaseModel] = EpManageFabricsDelete + query_one_endpoint: Type[NDEndpointBaseModel] = EpManageFabricsGet + query_all_endpoint: Type[NDEndpointBaseModel] = EpManageFabricsListGet + + def query_all(self) -> ResponseType: + """ + Custom query_all action to extract 'fabrics' from response, + filtered to only vxlanIbgp fabric types. + """ + try: + api_endpoint = self.query_all_endpoint() + result = self.sender.query_obj(api_endpoint.path) + fabrics = result.get("fabrics", []) or [] + return [f for f in fabrics if f.get("management", {}).get("type") == "vxlanIbgp"] + except Exception as e: + raise Exception(f"Query all failed: {e}") from e diff --git a/plugins/module_utils/utils.py b/plugins/module_utils/utils.py index 7d05e4af..d4c3e59b 100644 --- a/plugins/module_utils/utils.py +++ b/plugins/module_utils/utils.py @@ -36,7 +36,18 @@ def issubset(subset: Any, superset: Any) -> bool: if not isinstance(subset, dict): if isinstance(subset, list): - return all(item in superset for item in subset) + if len(subset) != len(superset): + return False + + remaining = list(superset) + for item in subset: + for index, candidate in enumerate(remaining): + if issubset(item, candidate) and issubset(candidate, item): + del remaining[index] + break + else: + return False + return True return subset == superset for key, value in subset.items(): diff --git a/plugins/modules/nd_manage_fabric_ebgp.py b/plugins/modules/nd_manage_fabric_ebgp.py new file mode 100644 index 00000000..dc6affaf --- /dev/null +++ b/plugins/modules/nd_manage_fabric_ebgp.py @@ -0,0 +1,1690 @@ +#!/usr/bin/python +# -*- coding: utf-8 -*- + +# Copyright: (c) 2026, Mike Wiebe (@mwiebe) + +# GNU General Public License v3.0+ (see LICENSE or https://www.gnu.org/licenses/gpl-3.0.txt) + +from __future__ import absolute_import, division, print_function + +__metaclass__ = type + +ANSIBLE_METADATA = {"metadata_version": "1.1", "status": ["preview"], "supported_by": "community"} + +DOCUMENTATION = r""" +--- +module: nd_manage_fabric_ebgp +version_added: "1.4.0" +short_description: Manage eBGP VXLAN fabrics on Cisco Nexus Dashboard +description: +- Manage eBGP VXLAN fabrics on Cisco Nexus Dashboard (ND). +- It supports creating, updating, replacing, and deleting eBGP VXLAN fabrics. +author: +- Mike Wiebe (@mwiebe) +options: + config: + description: + - The list of eBGP VXLAN fabrics to configure. + type: list + elements: dict + suboptions: + fabric_name: + description: + - The name of the fabric. + - Only letters, numbers, underscores, and hyphens are allowed. + - The O(config.fabric_name) must be defined when creating, updating or deleting a fabric. + type: str + required: true + category: + description: + - The resource category. + type: str + default: fabric + location: + description: + - The geographic location of the fabric. + type: dict + suboptions: + latitude: + description: + - Latitude coordinate of the fabric location (-90 to 90). + type: float + required: true + longitude: + description: + - Longitude coordinate of the fabric location (-180 to 180). + type: float + required: true + license_tier: + description: + - The license tier for the fabric. + type: str + default: premier + choices: [ essentials, advantage, premier ] + alert_suspend: + description: + - The alert suspension state for the fabric. + type: str + default: disabled + choices: [ enabled, disabled ] + telemetry_collection: + description: + - Enable telemetry collection for the fabric. + type: bool + default: false + telemetry_collection_type: + description: + - The telemetry collection type. + type: str + default: outOfBand + telemetry_streaming_protocol: + description: + - The telemetry streaming protocol. + type: str + default: ipv4 + telemetry_source_interface: + description: + - The telemetry source interface. + type: str + default: "" + telemetry_source_vrf: + description: + - The telemetry source VRF. + type: str + default: "" + security_domain: + description: + - The security domain associated with the fabric. + type: str + default: all + management: + description: + - The eBGP VXLAN management configuration for the fabric. + type: dict + suboptions: + type: + description: + - The fabric management type. Must be C(vxlanEbgp) for eBGP VXLAN fabrics. + type: str + default: vxlanEbgp + choices: [ vxlanEbgp ] + bgp_asn: + description: + - The BGP Autonomous System Number for the fabric. + - Must be a numeric value between 1 and 4294967295, or dotted notation (1-65535.0-65535). + - Optional when O(config.management.bgp_asn_auto_allocation) is C(true). + type: str + bgp_asn_auto_allocation: + description: + - Enable automatic BGP ASN allocation from the O(config.management.bgp_asn_range) pool. + type: bool + default: true + bgp_asn_range: + description: + - The BGP ASN range to use for automatic ASN allocation (e.g. C(65000-65535)). + - Required when O(config.management.bgp_asn_auto_allocation) is C(true). + type: str + bgp_as_mode: + description: + - The BGP AS mode for the fabric. + - C(multiAS) assigns a unique AS number per leaf/border/border gateway (borders and border gateways may share ASN). + - C(sameTierAS) assigns the same AS number within a tier (leafs share one ASN, borders/border gateways share one ASN). + type: str + default: multiAS + choices: [ multiAS, sameTierAS ] + bgp_allow_as_in_num: + description: + - The number of occurrences of the local AS number allowed in the BGP AS-path. + type: int + default: 1 + bgp_max_path: + description: + - The maximum number of BGP equal-cost paths. + type: int + default: 4 + bgp_underlay_failure_protect: + description: + - Enable BGP underlay failure protection. + type: bool + default: false + auto_configure_ebgp_evpn_peering: + description: + - Automatically configure eBGP EVPN overlay peering between leaf and spine switches. + type: bool + default: true + allow_leaf_same_as: + description: + - Allow leaf switches to have the same BGP ASN even when AS mode is Multi-AS. + type: bool + default: false + assign_ipv4_to_loopback0: + description: + - In an IPv6 routed fabric or VXLAN EVPN fabric with IPv6 underlay, assign IPv4 address + used for BGP Router ID to the routing loopback interface. + type: bool + default: true + evpn: + description: + - Enable BGP EVPN as the control plane and VXLAN as the data plane for this fabric. + type: bool + default: true + route_map_tag: + description: + - Tag for Route Map FABRIC-RMAP-REDIST-SUBNET. (Min 0, Max 4294967295). + type: int + default: 12345 + disable_route_map_tag: + description: + - Disable match tag for Route Map FABRIC-RMAP-REDIST-SUBNET. + type: bool + default: false + leaf_bgp_as: + description: + - The BGP AS number for leaf switches. + - Autonomous system number 1-4294967295 or dotted notation 1-65535.0-65535. + type: str + border_bgp_as: + description: + - The BGP AS number for border switches. + - Autonomous system number 1-4294967295 or dotted notation 1-65535.0-65535. + type: str + super_spine_bgp_as: + description: + - The BGP AS number for super-spine switches. + - Autonomous system number 1-4294967295 or dotted notation 1-65535.0-65535. + type: str + site_id: + description: + - The site identifier for EVPN Multi-Site support. + - Defaults to the value of O(config.management.bgp_asn) if not provided. + type: str + default: "" + bgp_loopback_id: + description: + - The underlay routing loopback interface ID (0-1023). + type: int + default: 0 + bgp_loopback_ip_range: + description: + - Typically Loopback0 IP address range. + type: str + default: "10.2.0.0/22" + bgp_loopback_ipv6_range: + description: + - Typically Loopback0 IPv6 address range. + type: str + default: "fd00::a02:0/119" + nve_loopback_id: + description: + - The underlay VTEP loopback ID associated with the NVE interface (0-1023). + type: int + default: 1 + nve_loopback_ip_range: + description: + - Typically Loopback1 IP address range. + type: str + default: "10.3.0.0/22" + nve_loopback_ipv6_range: + description: + - Typically Loopback1 and Anycast Loopback IPv6 address range. + type: str + default: "fd00::a03:0/118" + anycast_loopback_id: + description: + - Underlay anycast loopback ID. Used for vPC peering in VXLANv6 fabrics. + type: int + default: 10 + anycast_rendezvous_point_ip_range: + description: + - Anycast or Phantom RP IP address range. + type: str + default: "10.254.254.0/24" + ipv6_anycast_rendezvous_point_ip_range: + description: + - Anycast RP IPv6 address range. + type: str + default: "fd00::254:254:0/118" + intra_fabric_subnet_range: + description: + - Address range to assign numbered and peer link SVI IPs. + type: str + default: "10.4.0.0/16" + l2_vni_range: + description: + - Overlay network identifier range (minimum 1, maximum 16777214). + type: str + default: "30000-49000" + l3_vni_range: + description: + - Overlay VRF identifier range (minimum 1, maximum 16777214). + type: str + default: "50000-59000" + network_vlan_range: + description: + - Per switch overlay network VLAN range (minimum 2, maximum 4094). + type: str + default: "2300-2999" + vrf_vlan_range: + description: + - Per switch overlay VRF VLAN range (minimum 2, maximum 4094). + type: str + default: "2000-2299" + overlay_mode: + description: + - Overlay mode. VRF/Network configuration using config-profile or CLI. + type: str + default: cli + choices: [ cli, config-profile ] + replication_mode: + description: + - Replication mode for BUM traffic. + type: str + default: multicast + choices: [ multicast, ingress ] + multicast_group_subnet: + description: + - Multicast pool prefix between 8 to 30. A multicast group IPv4 from this pool + is used for BUM traffic for each overlay network. + type: str + default: "239.1.1.0/25" + auto_generate_multicast_group_address: + description: + - Generate a new multicast group address from the multicast pool using a round-robin approach. + type: bool + default: false + underlay_multicast_group_address_limit: + description: + - The maximum supported value is 128 for NX-OS version 10.2(1) or earlier + and 512 for versions above 10.2(1). + type: int + default: 128 + choices: [ 128, 512 ] + tenant_routed_multicast: + description: + - Enable overlay IPv4 multicast support in VXLAN fabrics. + type: bool + default: false + tenant_routed_multicast_ipv6: + description: + - Enable overlay IPv6 multicast support in VXLAN fabrics. + type: bool + default: false + first_hop_redundancy_protocol: + description: + - First hop redundancy protocol, HSRP or VRRP. + type: str + default: hsrp + choices: [ hsrp, vrrp ] + rendezvous_point_count: + description: + - Number of spines acting as Rendezvous-Points (RPs). + type: int + default: 2 + choices: [ 2, 4 ] + rendezvous_point_loopback_id: + description: + - The rendezvous point loopback interface ID. + type: int + default: 254 + rendezvous_point_mode: + description: + - Multicast rendezvous point mode. For IPv6 underlay, use C(asm) only. + type: str + default: asm + choices: [ asm, bidir ] + phantom_rendezvous_point_loopback_id1: + description: + - Underlay phantom rendezvous point loopback primary ID for PIM Bi-dir deployments. + type: int + default: 2 + phantom_rendezvous_point_loopback_id2: + description: + - Underlay phantom rendezvous point loopback secondary ID for PIM Bi-dir deployments. + type: int + default: 3 + phantom_rendezvous_point_loopback_id3: + description: + - Underlay phantom rendezvous point loopback tertiary ID for PIM Bi-dir deployments. + type: int + default: 4 + phantom_rendezvous_point_loopback_id4: + description: + - Underlay phantom rendezvous point loopback quaternary ID for PIM Bi-dir deployments. + type: int + default: 5 + l3vni_multicast_group: + description: + - Default underlay multicast group IPv4 address assigned for every overlay VRF. + type: str + default: "239.1.1.0" + l3_vni_ipv6_multicast_group: + description: + - Default underlay multicast group IPv6 address assigned for every overlay VRF. + type: str + default: "ff1e::" + ipv6_multicast_group_subnet: + description: + - IPv6 multicast address with prefix 112 to 128. + type: str + default: "ff1e::/121" + mvpn_vrf_route_import_id: + description: + - Enable MVPN VRI ID generation for tenant routed multicast with IPv4 underlay. + type: bool + default: true + mvpn_vrf_route_import_id_range: + description: + - MVPN VRI ID range (minimum 1, maximum 65535) for vPC, applicable when TRM is enabled + with IPv6 underlay, or O(config.management.mvpn_vrf_route_import_id) is enabled with IPv4 underlay. + type: str + vrf_route_import_id_reallocation: + description: + - One time VRI ID re-allocation based on MVPN VRI ID Range. + type: bool + default: false + target_subnet_mask: + description: + - Mask for underlay subnet IP range (24-31). + type: int + default: 30 + anycast_gateway_mac: + description: + - Shared anycast gateway MAC address for all VTEPs in xxxx.xxxx.xxxx format. + type: str + default: 2020.0000.00aa + fabric_mtu: + description: + - Intra fabric interface MTU. Must be an even number (1500-9216). + type: int + default: 9216 + l2_host_interface_mtu: + description: + - Layer 2 host interface MTU. Must be an even number (1500-9216). + type: int + default: 9216 + l3_vni_no_vlan_default_option: + description: + - L3 VNI configuration without VLAN configuration. This value is propagated on VRF + creation as the default value of Enable L3VNI w/o VLAN in VRF. + type: bool + default: false + underlay_ipv6: + description: + - Enable IPv6 underlay. If not enabled, IPv4 underlay is used. + type: bool + default: false + static_underlay_ip_allocation: + description: + - Disable dynamic underlay IP address allocation. + type: bool + default: false + anycast_border_gateway_advertise_physical_ip: + description: + - Advertise Anycast Border Gateway PIP as VTEP. + Effective on MSD fabric Recalculate Config. + type: bool + default: false + sub_interface_dot1q_range: + description: + - Per aggregation dot1q range for VRF-Lite connectivity (minimum 2, maximum 4093). + type: str + default: "2-511" + vrf_lite_auto_config: + description: + - VRF Lite Inter-Fabric Connection Deployment Options. + - If C(back2BackAndToExternal) is selected, VRF Lite IFCs are auto created between + border devices of two Easy Fabrics, and between border devices in Easy Fabric and + edge routers in External Fabric. + type: str + default: manual + choices: [ manual, back2BackAndToExternal ] + vrf_lite_subnet_range: + description: + - Address range to assign P2P interfabric connections. + type: str + default: "10.33.0.0/16" + vrf_lite_subnet_target_mask: + description: + - VRF Lite subnet mask. + type: int + default: 30 + auto_unique_vrf_lite_ip_prefix: + description: + - When enabled, IP prefix allocated to the VRF LITE IFC is not reused on VRF extension + over VRF LITE IFC. Instead, a unique IP subnet is allocated for each VRF extension. + type: bool + default: false + vpc_domain_id_range: + description: + - vPC domain ID range (minimum 1, maximum 1000) to use for new pairings. + type: str + default: "1-1000" + vpc_peer_link_vlan: + description: + - VLAN range (minimum 2, maximum 4094) for vPC Peer Link SVI. + type: str + default: "3600" + vpc_peer_link_enable_native_vlan: + description: + - Enable vPC peer link for native VLAN. + type: bool + default: false + vpc_peer_keep_alive_option: + description: + - Use vPC peer keep alive with loopback or management. + type: str + default: management + choices: [ loopback, management ] + vpc_auto_recovery_timer: + description: + - vPC auto recovery timer in seconds (240-3600). + type: int + default: 360 + vpc_delay_restore_timer: + description: + - vPC delay restore timer in seconds (1-3600). + type: int + default: 150 + vpc_peer_link_port_channel_id: + description: + - vPC peer link port channel ID (minimum 1, maximum 4096). + type: str + default: "500" + vpc_ipv6_neighbor_discovery_sync: + description: + - Enable IPv6 ND synchronization between vPC peers. + type: bool + default: true + vpc_layer3_peer_router: + description: + - Enable layer-3 peer-router on all leaf switches. + type: bool + default: true + vpc_tor_delay_restore_timer: + description: + - vPC delay restore timer for ToR switches in seconds. + type: int + default: 30 + fabric_vpc_domain_id: + description: + - Enable the same vPC domain ID for all vPC pairs. Not recommended. + type: bool + default: false + shared_vpc_domain_id: + description: + - vPC domain ID to be used on all vPC pairs. + type: int + default: 1 + fabric_vpc_qos: + description: + - QoS on spines for guaranteed delivery of vPC Fabric Peering communication. + type: bool + default: false + fabric_vpc_qos_policy_name: + description: + - QoS policy name. Should be the same on all spines. + type: str + default: spine_qos_for_fabric_vpc_peering + enable_peer_switch: + description: + - Enable the vPC peer-switch feature on ToR switches. + type: bool + default: false + per_vrf_loopback_auto_provision: + description: + - Auto provision an IPv4 loopback on a VTEP on VRF attachment. + - Enabling this option auto-provisions loopback on existing VRF attachments and also + when Edit, QuickAttach, or Multiattach actions are performed. + type: bool + default: false + per_vrf_loopback_ip_range: + description: + - Prefix pool to assign IPv4 addresses to loopbacks on VTEPs on a per VRF basis. + type: str + default: "10.5.0.0/22" + per_vrf_loopback_auto_provision_ipv6: + description: + - Auto provision an IPv6 loopback on a VTEP on VRF attachment. + type: bool + default: false + per_vrf_loopback_ipv6_range: + description: + - Prefix pool to assign IPv6 addresses to loopbacks on VTEPs on a per VRF basis. + type: str + default: "fd00::a05:0/112" + vrf_template: + description: + - Default overlay VRF template for leafs. + type: str + default: Default_VRF_Universal + network_template: + description: + - Default overlay network template for leafs. + type: str + default: Default_Network_Universal + vrf_extension_template: + description: + - Default overlay VRF template for borders. + type: str + default: Default_VRF_Extension_Universal + network_extension_template: + description: + - Default overlay network template for borders. + type: str + default: Default_Network_Extension_Universal + performance_monitoring: + description: + - If enabled, switch metrics are collected through periodic SNMP polling. + Alternative to real-time telemetry. + type: bool + default: false + tenant_dhcp: + description: + - Enable tenant DHCP. + type: bool + default: true + advertise_physical_ip: + description: + - For primary VTEP IP advertisement as next-hop of prefix routes. + type: bool + default: false + advertise_physical_ip_on_border: + description: + - Enable advertise-pip on vPC borders and border gateways only. + Applicable only when vPC advertise-pip is not enabled. + type: bool + default: true + bgp_authentication: + description: + - Enable BGP authentication. + type: bool + default: false + bgp_authentication_key_type: + description: + - BGP key encryption type. 3 - 3DES, 6 - Cisco type 6, 7 - Cisco type 7. + type: str + default: 3des + choices: [ 3des, type6, type7 ] + bgp_authentication_key: + description: + - Encrypted BGP authentication key based on type. + type: str + default: "" + bfd: + description: + - Enable BFD. Valid for IPv4 underlay only. + type: bool + default: false + bfd_ibgp: + description: + - Enable BFD for iBGP. + type: bool + default: false + bfd_authentication: + description: + - Enable BFD authentication. Valid for P2P interfaces only. + type: bool + default: false + bfd_authentication_key_id: + description: + - BFD authentication key ID. + type: int + default: 100 + bfd_authentication_key: + description: + - Encrypted SHA1 secret value. + type: str + default: "" + pim_hello_authentication: + description: + - Enable PIM hello authentication. Valid for IPv4 underlay only. + type: bool + default: false + pim_hello_authentication_key: + description: + - PIM hello authentication key. 3DES encrypted. + type: str + default: "" + nxapi: + description: + - Enable NX-API over HTTPS. + type: bool + default: false + nxapi_http: + description: + - Enable NX-API over HTTP. + type: bool + default: false + nxapi_https_port: + description: + - HTTPS port for NX-API (1-65535). + type: int + default: 443 + nxapi_http_port: + description: + - HTTP port for NX-API (1-65535). + type: int + default: 80 + day0_bootstrap: + description: + - Automatic IP assignment for POAP. + type: bool + default: false + bootstrap_subnet_collection: + description: + - List of IPv4 or IPv6 subnets to be used for bootstrap. + - When O(state=merged), omitting this option preserves the existing collection. + - When O(state=merged), providing this option replaces the entire collection with the supplied list. + - Under O(state=merged), entries in this list are not merged item-by-item. + - Under O(state=merged), removing one entry from the playbook removes it from the fabric, and setting an empty list clears the collection. + - When O(state=replaced), this option is also treated as the exact desired collection. + - When O(state=replaced), omitting this option resets the collection to its default empty value. + type: list + elements: dict + suboptions: + start_ip: + description: + - Starting IP address of the bootstrap range. + type: str + required: true + end_ip: + description: + - Ending IP address of the bootstrap range. + type: str + required: true + default_gateway: + description: + - Default gateway for the bootstrap subnet. + type: str + required: true + subnet_prefix: + description: + - Subnet prefix length (8-30). + type: int + required: true + local_dhcp_server: + description: + - Automatic IP assignment for POAP from local DHCP server. + type: bool + default: false + dhcp_protocol_version: + description: + - IP protocol version for local DHCP server. + type: str + default: dhcpv4 + choices: [ dhcpv4, dhcpv6 ] + dhcp_start_address: + description: + - DHCP scope start address for switch POAP. + type: str + default: "" + dhcp_end_address: + description: + - DHCP scope end address for switch POAP. + type: str + default: "" + management_gateway: + description: + - Default gateway for management VRF on the switch. + type: str + default: "" + management_ipv4_prefix: + description: + - Switch management IP subnet prefix for IPv4. + type: int + default: 24 + management_ipv6_prefix: + description: + - Switch management IP subnet prefix for IPv6. + type: int + default: 64 + netflow_settings: + description: + - Netflow configuration settings. + type: dict + suboptions: + netflow: + description: + - Enable netflow collection. + type: bool + default: false + netflow_exporter_collection: + description: + - List of netflow exporters. + type: list + elements: dict + suboptions: + exporter_name: + description: + - Name of the netflow exporter. + type: str + required: true + exporter_ip: + description: + - IP address of the netflow collector. + type: str + required: true + vrf: + description: + - VRF name for the exporter. + type: str + default: management + source_interface_name: + description: + - Source interface name. + type: str + required: true + udp_port: + description: + - UDP port for netflow export (1-65535). + type: int + netflow_record_collection: + description: + - List of netflow records. + type: list + elements: dict + suboptions: + record_name: + description: + - Name of the netflow record. + type: str + required: true + record_template: + description: + - Template type for the record. + type: str + required: true + layer2_record: + description: + - Enable layer 2 record fields. + type: bool + default: false + netflow_monitor_collection: + description: + - List of netflow monitors. + type: list + elements: dict + suboptions: + monitor_name: + description: + - Name of the netflow monitor. + type: str + required: true + record_name: + description: + - Associated record name. + type: str + required: true + exporter1_name: + description: + - Primary exporter name. + type: str + required: true + exporter2_name: + description: + - Secondary exporter name. + type: str + default: "" + real_time_backup: + description: + - Backup hourly only if there is any config deployment since last backup. + type: bool + scheduled_backup: + description: + - Enable backup at the specified time daily. + type: bool + scheduled_backup_time: + description: + - Time (UTC) in 24 hour format to take a daily backup if enabled (00:00 to 23:59). + type: str + default: "" + leaf_tor_id_range: + description: + - Use specific vPC/Port-channel ID range for leaf-tor pairings. + type: bool + default: false + leaf_tor_vpc_port_channel_id_range: + description: + - vPC/Port-channel ID range (minimum 1, maximum 4096), used for auto-allocating + vPC/Port-Channel IDs for leaf-tor pairings. + type: str + default: "1-499" + allow_vlan_on_leaf_tor_pairing: + description: + - Set trunk allowed VLAN to none or all for leaf-tor pairing port-channels. + type: str + default: none + choices: [ none, all ] + ntp_server_collection: + description: + - List of NTP server IPv4/IPv6 addresses and/or hostnames. + type: list + elements: str + ntp_server_vrf_collection: + description: + - NTP Server VRFs. One VRF for all NTP servers or a list of VRFs, one per NTP server. + type: list + elements: str + dns_collection: + description: + - List of IPv4 and IPv6 DNS addresses. + type: list + elements: str + dns_vrf_collection: + description: + - DNS Server VRFs. One VRF for all DNS servers or a list of VRFs, one per DNS server. + type: list + elements: str + syslog_server_collection: + description: + - List of syslog server IPv4/IPv6 addresses and/or hostnames. + type: list + elements: str + syslog_server_vrf_collection: + description: + - Syslog Server VRFs. One VRF for all syslog servers or a list of VRFs, one per syslog server. + type: list + elements: str + syslog_severity_collection: + description: + - List of syslog severity values, one per syslog server. + type: list + elements: int + banner: + description: + - Message of the Day (motd) banner. Delimiter char (very first char is delimiter char) + followed by message ending with delimiter. + type: str + default: "" + extra_config_leaf: + description: + - Additional CLIs added after interface configurations for all switches with a VTEP + unless they have some spine role. + type: str + default: "" + extra_config_spine: + description: + - Additional CLIs added after interface configurations for all switches with some spine role. + type: str + default: "" + extra_config_tor: + description: + - Additional CLIs added after interface configurations for all ToRs. + type: str + default: "" + extra_config_intra_fabric_links: + description: + - Additional CLIs for all intra-fabric links. + type: str + default: "" + extra_config_aaa: + description: + - AAA configurations. + type: str + default: "" + extra_config_nxos_bootstrap: + description: + - Additional CLIs required during device bootup/login e.g. AAA/Radius. + type: str + default: "" + aaa: + description: + - Include AAA configs from Manageability tab during device bootup. + type: bool + default: false + pre_interface_config_leaf: + description: + - Additional CLIs added before interface configurations for all switches with a VTEP + unless they have some spine role. + type: str + default: "" + pre_interface_config_spine: + description: + - Additional CLIs added before interface configurations for all switches with some spine role. + type: str + default: "" + pre_interface_config_tor: + description: + - Additional CLIs added before interface configurations for all ToRs. + type: str + default: "" + greenfield_debug_flag: + description: + - Allow switch configuration to be cleared without a reload when preserveConfig is set to false. + type: str + default: disable + choices: [ enable, disable ] + interface_statistics_load_interval: + description: + - Interface statistics load interval in seconds. + type: int + default: 10 + nve_hold_down_timer: + description: + - NVE source interface hold-down time in seconds. + type: int + default: 180 + next_generation_oam: + description: + - Enable the Next Generation (NG) OAM feature for all switches in the fabric + to aid in troubleshooting VXLAN EVPN fabrics. + type: bool + default: true + ngoam_south_bound_loop_detect: + description: + - Enable the Next Generation (NG) OAM southbound loop detection. + type: bool + default: false + ngoam_south_bound_loop_detect_probe_interval: + description: + - Next Generation (NG) OAM southbound loop detection probe interval in seconds. + type: int + default: 300 + ngoam_south_bound_loop_detect_recovery_interval: + description: + - Next Generation (NG) OAM southbound loop detection recovery interval in seconds. + type: int + default: 600 + strict_config_compliance_mode: + description: + - Enable bi-directional compliance checks to flag additional configs in the running + config that are not in the intent/expected config. + type: bool + default: false + advanced_ssh_option: + description: + - Enable AAA IP Authorization. Enable only when IP Authorization is enabled + in the AAA Server. + type: bool + default: false + copp_policy: + description: + - Fabric wide CoPP policy. Customized CoPP policy should be provided when C(manual) is selected. + type: str + default: strict + choices: [ dense, lenient, moderate, strict, manual ] + power_redundancy_mode: + description: + - Default power supply mode for NX-OS switches. + type: str + default: redundant + choices: [ redundant, combined, inputSrcRedundant ] + heartbeat_interval: + description: + - XConnect heartbeat interval for periodic link status checks. + type: int + default: 190 + snmp_trap: + description: + - Configure ND as a receiver for SNMP traps. + type: bool + default: true + cdp: + description: + - Enable CDP on management interface. + type: bool + default: false + real_time_interface_statistics_collection: + description: + - Enable real time interface statistics collection. Valid for NX-OS only. + type: bool + default: false + tcam_allocation: + description: + - TCAM commands are automatically generated for VxLAN and vPC Fabric Peering when enabled. + type: bool + default: true + allow_smart_switch_onboarding: + description: + - Enable onboarding of smart switches to Hypershield for firewall service. + type: bool + default: false + default_queuing_policy: + description: + - Enable default queuing policies. + type: bool + default: false + default_queuing_policy_cloudscale: + description: + - Queuing policy for all 92xx, -EX, -FX, -FX2, -FX3, -GX series switches in the fabric. + type: str + default: queuing_policy_default_8q_cloudscale + default_queuing_policy_r_series: + description: + - Queueing policy for all Nexus R-series switches. + type: str + default: queuing_policy_default_r_series + default_queuing_policy_other: + description: + - Queuing policy for all other switches in the fabric. + type: str + default: queuing_policy_default_other + aiml_qos: + description: + - Configures QoS and Queuing Policies specific to N9K Cloud Scale (CS) and + Silicon One (S1) switch fabric for AI network workloads. + type: bool + default: false + aiml_qos_policy: + description: + - Queuing policy based on predominant fabric link speed. + C(User-defined) allows for custom configuration. + type: str + default: 400G + choices: [ 800G, 400G, 100G, 25G, User-defined ] + roce_v2: + description: + - DSCP for RDMA traffic. Numeric (0-63) with ranges/comma, or named values + (af11, af12, af13, af21, af22, af23, af31, af32, af33, af41, af42, af43, + cs1, cs2, cs3, cs4, cs5, cs6, cs7, default, ef). + type: str + default: "26" + cnp: + description: + - DSCP value for Congestion Notification. Numeric (0-63) with ranges/comma, or named values + (af11, af12, af13, af21, af22, af23, af31, af32, af33, af41, af42, af43, + cs1, cs2, cs3, cs4, cs5, cs6, cs7, default, ef). + type: str + default: "48" + wred_min: + description: + - WRED minimum threshold in kbytes. + type: int + default: 950 + wred_max: + description: + - WRED maximum threshold in kbytes. + type: int + default: 3000 + wred_drop_probability: + description: + - WRED drop probability percentage. + type: int + default: 7 + wred_weight: + description: + - Influences how quickly WRED reacts to queue depth changes. + type: int + default: 0 + bandwidth_remaining: + description: + - Percentage of remaining bandwidth allocated to AI traffic queues. + type: int + default: 50 + dlb: + description: + - Enables fabric-level Dynamic Load Balancing (DLB) configuration. + Inter-Switch-Links (ISL) will be configured as DLB interfaces. + type: bool + default: false + dlb_mode: + description: + - Select system-wide flowlet, per-packet (packet spraying) or policy driven mixed mode. + Mixed mode is supported on Silicon One (S1) platform only. + type: str + default: flowlet + choices: [ flowlet, per-packet, policy-driven-flowlet, policy-driven-per-packet, policy-driven-mixed-mode ] + dlb_mixed_mode_default: + description: + - Default load balancing mode for policy driven mixed mode DLB. + type: str + default: ecmp + choices: [ ecmp, flowlet, per-packet ] + flowlet_aging: + description: + - Flowlet aging timer in microseconds. Valid range depends on platform. + Cloud Scale (CS) 1-2000000 (default 500), Silicon One (S1) 1-1024 (default 256). + type: int + flowlet_dscp: + description: + - DSCP values for flowlet load balancing. Numeric (0-63) with ranges/comma, or named values + (af11, af12, af13, af21, af22, af23, af31, af32, af33, af41, af42, af43, + cs1, cs2, cs3, cs4, cs5, cs6, cs7, default, ef). + type: str + default: "" + per_packet_dscp: + description: + - DSCP values for per-packet load balancing. Numeric (0-63) with ranges/comma, or named values + (af11, af12, af13, af21, af22, af23, af31, af32, af33, af41, af42, af43, + cs1, cs2, cs3, cs4, cs5, cs6, cs7, default, ef). + type: str + default: "" + ai_load_sharing: + description: + - Enable IP load sharing using source and destination address for AI workloads. + type: bool + default: false + priority_flow_control_watch_interval: + description: + - Acceptable values from 101 to 1000 (milliseconds). + Leave blank for system default (100ms). + type: int + ptp: + description: + - Enable Precision Time Protocol (PTP). + type: bool + default: false + ptp_loopback_id: + description: + - Precision Time Protocol source loopback ID. + type: int + default: 0 + ptp_domain_id: + description: + - Multiple independent PTP clocking subdomains on a single network. + type: int + default: 0 + private_vlan: + description: + - Enable PVLAN on switches except spines and super spines. + type: bool + default: false + default_private_vlan_secondary_network_template: + description: + - Default PVLAN secondary network template. + type: str + default: Pvlan_Secondary_Network + macsec: + description: + - Enable MACsec in the fabric. MACsec fabric parameters are used for configuring + MACsec on a fabric link if MACsec is enabled on the link. + type: bool + default: false + macsec_cipher_suite: + description: + - Configure MACsec cipher suite. + type: str + default: GCM-AES-XPN-256 + choices: [ GCM-AES-128, GCM-AES-256, GCM-AES-XPN-128, GCM-AES-XPN-256 ] + macsec_key_string: + description: + - MACsec primary key string. Cisco Type 7 encrypted octet string. + type: str + default: "" + macsec_algorithm: + description: + - MACsec primary cryptographic algorithm. AES_128_CMAC or AES_256_CMAC. + type: str + default: AES_128_CMAC + choices: [ AES_128_CMAC, AES_256_CMAC ] + macsec_fallback_key_string: + description: + - MACsec fallback key string. Cisco Type 7 encrypted octet string. + type: str + default: "" + macsec_fallback_algorithm: + description: + - MACsec fallback cryptographic algorithm. AES_128_CMAC or AES_256_CMAC. + type: str + default: AES_128_CMAC + choices: [ AES_128_CMAC, AES_256_CMAC ] + macsec_report_timer: + description: + - MACsec operational status periodic report timer in minutes. + type: int + default: 5 + enable_dpu_pinning: + description: + - Enable pinning of VRFs and networks to specific DPUs on smart switches. + type: bool + default: false + connectivity_domain_name: + description: + - Domain name to connect to Hypershield. + type: str + hypershield_connectivity_proxy_server: + description: + - IPv4 address, IPv6 address, or DNS name of the proxy server for Hypershield communication. + type: str + hypershield_connectivity_proxy_server_port: + description: + - Proxy port number for communication with Hypershield. + type: int + hypershield_connectivity_source_intf: + description: + - Loopback interface on smart switch for communication with Hypershield. + type: str + telemetry_settings: + description: + - Telemetry configuration settings. + type: dict + suboptions: + flow_collection: + description: + - Flow collection settings. + type: dict + suboptions: + traffic_analytics: + description: + - Traffic analytics state. + type: str + default: enabled + traffic_analytics_scope: + description: + - Traffic analytics scope. + type: str + default: intraFabric + operating_mode: + description: + - Operating mode. + type: str + default: flowTelemetry + udp_categorization: + description: + - UDP categorization. + type: str + default: enabled + microburst: + description: + - Microburst detection settings. + type: dict + suboptions: + microburst: + description: + - Enable microburst detection. + type: bool + default: false + sensitivity: + description: + - Microburst sensitivity level. + type: str + default: low + analysis_settings: + description: + - Telemetry analysis settings. + type: dict + suboptions: + is_enabled: + description: + - Enable telemetry analysis. + type: bool + default: false + nas: + description: + - NAS telemetry configuration. + type: dict + suboptions: + server: + description: + - NAS server address. + type: str + default: "" + export_settings: + description: + - NAS export settings. + type: dict + suboptions: + export_type: + description: + - Export type. + type: str + default: full + export_format: + description: + - Export format. + type: str + default: json + energy_management: + description: + - Energy management settings. + type: dict + suboptions: + cost: + description: + - Energy cost per unit. + type: float + default: 1.2 + external_streaming_settings: + description: + - External streaming settings. + type: dict + suboptions: + email: + description: + - Email streaming configuration. + type: list + elements: dict + message_bus: + description: + - Message bus configuration. + type: list + elements: dict + syslog: + description: + - Syslog streaming configuration. + type: dict + webhooks: + description: + - Webhook configuration. + type: list + elements: dict + state: + description: + - The desired state of the fabric resources on the Cisco Nexus Dashboard. + - Use O(state=merged) to create new fabrics and update existing ones as defined in the configuration. + Resources on ND that are not specified in the configuration will be left unchanged. + - Use O(state=replaced) to replace the fabric configuration specified in the configuration. + Any settings not explicitly provided will revert to their defaults. + - Use O(state=overridden) to enforce the configuration as the single source of truth. + Any fabric existing on ND but not present in the configuration will be deleted. Use with extra caution. + - Use O(state=deleted) to remove the fabrics specified in the configuration from the Cisco Nexus Dashboard. + type: str + default: merged + choices: [ merged, replaced, overridden, deleted ] +extends_documentation_fragment: +- cisco.nd.modules +- cisco.nd.check_mode +notes: +- This module is only supported on Nexus Dashboard having version 4.1.0 or higher. +- Only eBGP VXLAN fabric type (C(vxlanEbgp)) is supported by this module. +- When using O(state=replaced) with only required fields, all optional management settings revert to their defaults. +- The O(config.management.bgp_asn) field is optional when O(config.management.bgp_asn_auto_allocation) is C(true). +- The O(config.management.bgp_asn) field is required when O(config.management.bgp_asn_auto_allocation) is C(false). +- O(config.management.site_id) defaults to the value of O(config.management.bgp_asn) if not provided. +- The default O(config.management.vpc_peer_keep_alive_option) for eBGP fabrics is C(management), unlike iBGP fabrics. +""" + +EXAMPLES = r""" +- name: Create an eBGP VXLAN fabric using state merged (with auto ASN allocation) + cisco.nd.nd_manage_fabric_ebgp: + state: merged + config: + - fabric_name: my_ebgp_fabric + category: fabric + location: + latitude: 37.7749 + longitude: -122.4194 + license_tier: premier + alert_suspend: disabled + security_domain: all + telemetry_collection: false + management: + type: vxlanEbgp + bgp_asn_auto_allocation: true + bgp_asn_range: "65000-65535" + bgp_as_mode: multiAS + target_subnet_mask: 30 + anycast_gateway_mac: "2020.0000.00aa" + performance_monitoring: false + replication_mode: multicast + multicast_group_subnet: "239.1.1.0/25" + auto_generate_multicast_group_address: false + underlay_multicast_group_address_limit: 128 + tenant_routed_multicast: false + rendezvous_point_count: 2 + rendezvous_point_loopback_id: 254 + vpc_peer_link_vlan: "3600" + vpc_peer_link_enable_native_vlan: false + vpc_peer_keep_alive_option: management + vpc_auto_recovery_timer: 360 + vpc_delay_restore_timer: 150 + vpc_peer_link_port_channel_id: "500" + advertise_physical_ip: false + vpc_domain_id_range: "1-1000" + bgp_loopback_id: 0 + nve_loopback_id: 1 + vrf_template: Default_VRF_Universal + network_template: Default_Network_Universal + vrf_extension_template: Default_VRF_Extension_Universal + network_extension_template: Default_Network_Extension_Universal + l3_vni_no_vlan_default_option: false + fabric_mtu: 9216 + l2_host_interface_mtu: 9216 + tenant_dhcp: true + nxapi: false + nxapi_https_port: 443 + nxapi_http: false + nxapi_http_port: 80 + snmp_trap: true + anycast_border_gateway_advertise_physical_ip: false + greenfield_debug_flag: disable + tcam_allocation: true + real_time_interface_statistics_collection: false + interface_statistics_load_interval: 10 + bgp_loopback_ip_range: "10.2.0.0/22" + nve_loopback_ip_range: "10.3.0.0/22" + anycast_rendezvous_point_ip_range: "10.254.254.0/24" + intra_fabric_subnet_range: "10.4.0.0/16" + l2_vni_range: "30000-49000" + l3_vni_range: "50000-59000" + network_vlan_range: "2300-2999" + vrf_vlan_range: "2000-2299" + sub_interface_dot1q_range: "2-511" + vrf_lite_auto_config: manual + vrf_lite_subnet_range: "10.33.0.0/16" + vrf_lite_subnet_target_mask: 30 + auto_unique_vrf_lite_ip_prefix: false + per_vrf_loopback_auto_provision: true + per_vrf_loopback_ip_range: "10.5.0.0/22" + banner: "" + day0_bootstrap: false + local_dhcp_server: false + dhcp_protocol_version: dhcpv4 + dhcp_start_address: "" + dhcp_end_address: "" + management_gateway: "" + management_ipv4_prefix: 24 + register: result + +- name: Create an eBGP VXLAN fabric with a static BGP ASN + cisco.nd.nd_manage_fabric_ebgp: + state: merged + config: + - fabric_name: my_ebgp_fabric_static + category: fabric + management: + type: vxlanEbgp + bgp_asn: "65001" + bgp_asn_auto_allocation: false + site_id: "65001" + bgp_as_mode: multiAS + target_subnet_mask: 30 + anycast_gateway_mac: "2020.0000.00aa" + replication_mode: multicast + multicast_group_subnet: "239.1.1.0/25" + bgp_loopback_ip_range: "10.2.0.0/22" + nve_loopback_ip_range: "10.3.0.0/22" + anycast_rendezvous_point_ip_range: "10.254.254.0/24" + intra_fabric_subnet_range: "10.4.0.0/16" + l2_vni_range: "30000-49000" + l3_vni_range: "50000-59000" + network_vlan_range: "2300-2999" + vrf_vlan_range: "2000-2299" + register: result + +- name: Update specific fields on an existing eBGP fabric using state merged (partial update) + cisco.nd.nd_manage_fabric_ebgp: + state: merged + config: + - fabric_name: my_ebgp_fabric + category: fabric + management: + bgp_asn_range: "65100-65199" + anycast_gateway_mac: "2020.0000.00bb" + performance_monitoring: true + register: result + +- name: Create or fully replace an eBGP VXLAN fabric using state replaced + cisco.nd.nd_manage_fabric_ebgp: + state: replaced + config: + - fabric_name: my_ebgp_fabric + category: fabric + location: + latitude: 37.7749 + longitude: -122.4194 + license_tier: premier + alert_suspend: disabled + security_domain: all + telemetry_collection: false + management: + type: vxlanEbgp + bgp_asn: "65004" + bgp_asn_auto_allocation: false + site_id: "65004" + bgp_as_mode: multiAS + target_subnet_mask: 30 + anycast_gateway_mac: "2020.0000.00dd" + performance_monitoring: true + replication_mode: multicast + multicast_group_subnet: "239.1.3.0/25" + rendezvous_point_count: 3 + rendezvous_point_loopback_id: 253 + vpc_peer_link_vlan: "3700" + vpc_peer_keep_alive_option: management + vpc_auto_recovery_timer: 300 + vpc_delay_restore_timer: 120 + vpc_peer_link_port_channel_id: "600" + advertise_physical_ip: true + vpc_domain_id_range: "1-800" + fabric_mtu: 9000 + l2_host_interface_mtu: 9000 + tenant_dhcp: false + snmp_trap: false + anycast_border_gateway_advertise_physical_ip: true + greenfield_debug_flag: disable + tcam_allocation: false + real_time_interface_statistics_collection: true + interface_statistics_load_interval: 30 + bgp_loopback_ip_range: "10.22.0.0/22" + nve_loopback_ip_range: "10.23.0.0/22" + anycast_rendezvous_point_ip_range: "10.254.252.0/24" + intra_fabric_subnet_range: "10.24.0.0/16" + l2_vni_range: "40000-59000" + l3_vni_range: "60000-69000" + network_vlan_range: "2400-3099" + vrf_vlan_range: "2100-2399" + banner: "^ Managed by Ansible ^" + register: result + +- name: Replace fabric with only required fields (all optional settings revert to defaults) + cisco.nd.nd_manage_fabric_ebgp: + state: replaced + config: + - fabric_name: my_ebgp_fabric + category: fabric + management: + type: vxlanEbgp + bgp_asn: "65004" + bgp_asn_auto_allocation: false + site_id: "65004" + banner: "^ Managed by Ansible ^" + register: result + +- name: Enforce exact fabric inventory using state overridden (deletes unlisted fabrics) + cisco.nd.nd_manage_fabric_ebgp: + state: overridden + config: + - fabric_name: fabric_east + category: fabric + location: + latitude: 40.7128 + longitude: -74.0060 + license_tier: premier + alert_suspend: disabled + security_domain: all + telemetry_collection: false + management: + type: vxlanEbgp + bgp_asn: "65010" + bgp_asn_auto_allocation: false + site_id: "65010" + bgp_as_mode: multiAS + target_subnet_mask: 30 + anycast_gateway_mac: "2020.0000.0010" + replication_mode: multicast + multicast_group_subnet: "239.1.10.0/25" + bgp_loopback_ip_range: "10.10.0.0/22" + nve_loopback_ip_range: "10.11.0.0/22" + anycast_rendezvous_point_ip_range: "10.254.10.0/24" + intra_fabric_subnet_range: "10.12.0.0/16" + l2_vni_range: "30000-49000" + l3_vni_range: "50000-59000" + network_vlan_range: "2300-2999" + vrf_vlan_range: "2000-2299" + - fabric_name: fabric_west + category: fabric + location: + latitude: 34.0522 + longitude: -118.2437 + license_tier: premier + alert_suspend: disabled + security_domain: all + telemetry_collection: false + management: + type: vxlanEbgp + bgp_asn: "65020" + bgp_asn_auto_allocation: false + site_id: "65020" + bgp_as_mode: multiAS + target_subnet_mask: 30 + anycast_gateway_mac: "2020.0000.0020" + replication_mode: multicast + multicast_group_subnet: "239.1.20.0/25" + bgp_loopback_ip_range: "10.20.0.0/22" + nve_loopback_ip_range: "10.21.0.0/22" + anycast_rendezvous_point_ip_range: "10.254.20.0/24" + intra_fabric_subnet_range: "10.22.0.0/16" + l2_vni_range: "30000-49000" + l3_vni_range: "50000-59000" + network_vlan_range: "2300-2999" + vrf_vlan_range: "2000-2299" + register: result + +- name: Delete a specific eBGP fabric using state deleted + cisco.nd.nd_manage_fabric_ebgp: + state: deleted + config: + - fabric_name: my_ebgp_fabric + register: result + +- name: Delete multiple eBGP fabrics in a single task + cisco.nd.nd_manage_fabric_ebgp: + state: deleted + config: + - fabric_name: fabric_east + - fabric_name: fabric_west + - fabric_name: fabric_old + register: result +""" + +RETURN = r""" +""" + +from ansible.module_utils.basic import AnsibleModule +from ansible_collections.cisco.nd.plugins.module_utils.nd import nd_argument_spec +from ansible_collections.cisco.nd.plugins.module_utils.nd_state_machine import NDStateMachine +from ansible_collections.cisco.nd.plugins.module_utils.models.manage_fabric.manage_fabric_ebgp import FabricEbgpModel +from ansible_collections.cisco.nd.plugins.module_utils.orchestrators.manage_fabric_ebgp import ManageEbgpFabricOrchestrator +from ansible_collections.cisco.nd.plugins.module_utils.common.exceptions import NDStateMachineError + + +def main(): + argument_spec = nd_argument_spec() + argument_spec.update(FabricEbgpModel.get_argument_spec()) + + module = AnsibleModule( + argument_spec=argument_spec, + supports_check_mode=True, + ) + + try: + # Initialize StateMachine + nd_state_machine = NDStateMachine( + module=module, + model_orchestrator=ManageEbgpFabricOrchestrator, + ) + + # Manage state + nd_state_machine.manage_state() + + module.exit_json(**nd_state_machine.output.format()) + + except NDStateMachineError as e: + module.fail_json(msg=str(e)) + except Exception as e: + module.fail_json(msg=f"Module execution failed: {str(e)}") + + +if __name__ == "__main__": + main() diff --git a/plugins/modules/nd_manage_fabric_external.py b/plugins/modules/nd_manage_fabric_external.py new file mode 100644 index 00000000..0bed6cc3 --- /dev/null +++ b/plugins/modules/nd_manage_fabric_external.py @@ -0,0 +1,780 @@ +#!/usr/bin/python +# -*- coding: utf-8 -*- + +# Copyright: (c) 2026, Mike Wiebe (@mwiebe) + +# GNU General Public License v3.0+ (see LICENSE or https://www.gnu.org/licenses/gpl-3.0.txt) + +from __future__ import absolute_import, division, print_function + +__metaclass__ = type + +ANSIBLE_METADATA = {"metadata_version": "1.1", "status": ["preview"], "supported_by": "community"} + +DOCUMENTATION = r""" +--- +module: nd_manage_fabric_external +version_added: "1.4.0" +short_description: Manage External Connectivity fabrics on Cisco Nexus Dashboard +description: +- Manage External Connectivity fabrics on Cisco Nexus Dashboard (ND). +- It supports creating, updating, replacing, and deleting External Connectivity fabrics. +author: +- Mike Wiebe (@mwiebe) +options: + config: + description: + - The list of External Connectivity fabrics to configure. + type: list + elements: dict + suboptions: + fabric_name: + description: + - The name of the fabric. + - Only letters, numbers, underscores, and hyphens are allowed. + - The O(config.fabric_name) must be defined when creating, updating or deleting a fabric. + type: str + required: true + category: + description: + - The resource category. + type: str + default: fabric + location: + description: + - The geographic location of the fabric. + type: dict + suboptions: + latitude: + description: + - Latitude coordinate of the fabric location (-90 to 90). + type: float + required: true + longitude: + description: + - Longitude coordinate of the fabric location (-180 to 180). + type: float + required: true + license_tier: + description: + - License Tier value of a fabric. + type: str + default: premier + choices: [ essentials, advantage, premier ] + alert_suspend: + description: + - Alert Suspend state configured on the fabric. + type: str + default: disabled + choices: [ enabled, disabled ] + telemetry_collection: + description: + - Enable telemetry collection for the fabric. + type: bool + default: false + telemetry_collection_type: + description: + - Telemetry collection method. + type: str + default: outOfBand + choices: [ inBand, outOfBand ] + telemetry_streaming_protocol: + description: + - Telemetry Streaming Protocol. + type: str + default: ipv4 + choices: [ ipv4, ipv6 ] + telemetry_source_interface: + description: + - Telemetry Source Interface (VLAN id or Loopback id) only valid if Telemetry Collection is set to inBand. + type: str + default: "" + telemetry_source_vrf: + description: + - VRF over which telemetry is streamed, valid only if telemetry collection is set to inband. + type: str + default: "" + security_domain: + description: + - Security Domain associated with the fabric. + type: str + default: all + management: + description: + - The External Connectivity management configuration for the fabric. + type: dict + suboptions: + type: + description: + - The fabric management type. Must be C(externalConnectivity) for External Connectivity fabrics. + type: str + default: externalConnectivity + choices: [ externalConnectivity ] + bgp_asn: + description: + - Autonomous system number 1-4294967295 | 1-65535[.0-65535]. + type: str + required: true + aaa: + description: + - Include AAA configs from Advanced tab during device bootup. + type: bool + default: false + advanced_ssh_option: + description: + - Enable only, when IP Authorization is enabled in the AAA Server. + type: bool + default: false + allow_same_loopback_ip_on_switches: + description: + - Allow the same loopback IP address to be configured on multiple switches (e.g. RP loopback IP). + type: bool + default: false + allow_smart_switch_onboarding: + description: + - Enable onboarding of smart switches to Hypershield for firewall service. + type: bool + default: false + bootstrap_subnet_collection: + description: + - List of IPv4 or IPv6 subnets to be used for bootstrap. + - When O(state=merged), omitting this option preserves the existing collection. + - When O(state=merged), providing this option replaces the entire collection with the supplied list. + - Under O(state=merged), entries in this list are not merged item-by-item. + - Under O(state=merged), removing one entry from the playbook removes it from the fabric, and setting an empty list clears the collection. + - When O(state=replaced), this option is also treated as the exact desired collection. + - When O(state=replaced), omitting this option resets the collection to its default empty value. + type: list + elements: dict + suboptions: + start_ip: + description: + - Starting IP address of the bootstrap range. + type: str + required: true + end_ip: + description: + - Ending IP address of the bootstrap range. + type: str + required: true + default_gateway: + description: + - Default gateway for bootstrap subnet. + type: str + required: true + subnet_prefix: + description: + - Subnet prefix length (8-30). + type: int + required: true + cdp: + description: + - Enable CDP on management interface. + type: bool + default: false + copp_policy: + description: + - Fabric wide CoPP policy. + - Customized CoPP policy should be provided when C(manual) is selected. + type: str + default: manual + choices: [ dense, lenient, moderate, strict, manual ] + create_bgp_config: + description: + - Generate BGP configuration for core and edge routers. + type: bool + default: true + day0_bootstrap: + description: + - Support day 0 touchless switch bringup. + type: bool + default: false + day0_plug_and_play: + description: + - Enable Plug n Play for Catalyst 9000 switches. + type: bool + default: false + dhcp_end_address: + description: + - DHCP Scope End Address For Switch POAP. + type: str + default: "" + dhcp_protocol_version: + description: + - IP protocol version for Local DHCP Server. + type: str + default: dhcpv4 + choices: [ dhcpv4, dhcpv6 ] + dhcp_start_address: + description: + - DHCP Scope Start Address For Switch POAP. + type: str + default: "" + dns_collection: + description: + - List of IPv4 and IPv6 DNS addresses. + type: list + elements: str + dns_vrf_collection: + description: + - DNS Server VRFs. + - One VRF for all DNS servers or a list of VRFs, one per DNS server. + type: list + elements: str + domain_name: + description: + - Domain name for DHCP server PnP block. + type: str + default: "" + enable_dpu_pinning: + description: + - Enable pinning of VRFs and networks to specific DPUs on smart switches. + type: bool + default: false + extra_config_aaa: + description: + - Additional CLIs for AAA Configuration. + type: str + default: "" + extra_config_fabric: + description: + - Additional CLIs for all switches. + type: str + default: "" + extra_config_nxos_bootstrap: + description: + - Additional CLIs required during device bootup/login e.g. AAA/Radius (NX-OS). + type: str + default: "" + extra_config_xe_bootstrap: + description: + - Additional CLIs required during device bootup/login e.g. AAA/Radius (IOS-XE). + type: str + default: "" + inband_day0_bootstrap: + description: + - Support day 0 touchless switch bringup via inband management. + type: bool + default: false + inband_management: + description: + - Import switches with reachability over the switch front-panel ports. + type: bool + default: false + interface_statistics_load_interval: + description: + - Interface Statistics Load Interval Time in seconds. + type: int + default: 10 + local_dhcp_server: + description: + - Automatic IP Assignment For POAP from Local DHCP Server. + type: bool + default: false + management_gateway: + description: + - Default Gateway For Management VRF On The Switch. + type: str + default: "" + management_ipv4_prefix: + description: + - Switch Mgmt IP Subnet Prefix if ipv4. + type: int + default: 24 + management_ipv6_prefix: + description: + - Switch Management IP Subnet Prefix if ipv6. + type: int + default: 64 + monitored_mode: + description: + - If enabled, fabric is only monitored. + - No configuration will be deployed. + type: bool + default: false + mpls_handoff: + description: + - Enable MPLS Handoff. + type: bool + default: false + mpls_loopback_identifier: + description: + - Underlay MPLS Loopback Identifier. + type: int + mpls_loopback_ip_range: + description: + - MPLS Loopback IP Address Range. + type: str + default: "10.102.0.0/25" + netflow_settings: + description: + - Settings associated with netflow. + type: dict + suboptions: + netflow: + description: + - Enable netflow collection. + type: bool + default: false + netflow_exporter_collection: + description: + - List of netflow exporters. + type: list + elements: dict + suboptions: + exporter_name: + description: + - Name of the netflow exporter. + type: str + required: true + exporter_ip: + description: + - IP address of the netflow collector. + type: str + required: true + vrf: + description: + - VRF name for the exporter. + type: str + default: management + source_interface_name: + description: + - Source interface name. + type: str + required: true + udp_port: + description: + - UDP port for netflow export (1-65535). + type: int + netflow_record_collection: + description: + - List of netflow records. + type: list + elements: dict + suboptions: + record_name: + description: + - Name of the netflow record. + type: str + required: true + record_template: + description: + - Template type for the record. + type: str + required: true + layer2_record: + description: + - Enable layer 2 record fields. + type: bool + default: false + netflow_monitor_collection: + description: + - List of netflow monitors. + type: list + elements: dict + suboptions: + monitor_name: + description: + - Name of the netflow monitor. + type: str + required: true + record_name: + description: + - Associated record name. + type: str + required: true + exporter1_name: + description: + - Primary exporter name. + type: str + required: true + exporter2_name: + description: + - Secondary exporter name. + type: str + default: "" + nxapi: + description: + - Enable NX-API over HTTPS. + type: bool + default: false + nxapi_http: + description: + - Enable NX-API over HTTP. + type: bool + default: false + nxapi_http_port: + description: + - HTTP port for NX-API (1-65535). + type: int + default: 80 + nxapi_https_port: + description: + - HTTPS port for NX-API (1-65535). + type: int + default: 443 + performance_monitoring: + description: + - If enabled, switch metrics are collected through periodic SNMP polling. + - Alternative to real-time telemetry. + type: bool + default: false + power_redundancy_mode: + description: + - Default Power Supply Mode for NX-OS Switches. + type: str + default: redundant + choices: [ redundant, combined, inputSrcRedundant ] + ptp: + description: + - Enable Precision Time Protocol (PTP). + type: bool + default: false + ptp_domain_id: + description: + - Multiple Independent PTP Clocking Subdomains on a Single Network. + type: int + default: 0 + ptp_loopback_id: + description: + - Precision Time Protocol Source Loopback Id. + type: int + default: 0 + real_time_backup: + description: + - Hourly Fabric Backup only if there is any config deployment since last backup. + type: bool + real_time_interface_statistics_collection: + description: + - Enable Real Time Interface Statistics Collection. + - Valid for NX-OS only. + type: bool + default: false + scheduled_backup: + description: + - Enable backup at the specified time daily. + type: bool + scheduled_backup_time: + description: + - Time (UTC) in 24 hour format to take a daily backup if enabled (00:00 to 23:59). + type: str + default: "" + snmp_trap: + description: + - Configure Nexus Dashboard as a receiver for SNMP traps. + type: bool + default: true + sub_interface_dot1q_range: + description: + - Per aggregation dot1q range for VRF-Lite connectivity (minimum 2, maximum 4093). + type: str + default: "2-511" + connectivity_domain_name: + description: + - Domain name to connect to Hypershield. + type: str + hypershield_connectivity_proxy_server: + description: + - IPv4 address, IPv6 address, or DNS name of the proxy server for Hypershield communication. + type: str + hypershield_connectivity_proxy_server_port: + description: + - Proxy port number for communication with Hypershield. + type: int + hypershield_connectivity_source_intf: + description: + - Loopback interface on smart switch for communication with Hypershield. + type: str + telemetry_settings: + description: + - Telemetry configuration for the fabric. + type: dict + suboptions: + flow_collection: + description: + - Flow collection settings. + type: dict + suboptions: + traffic_analytics: + description: + - Traffic analytics state. + type: str + default: enabled + traffic_analytics_scope: + description: + - Traffic analytics scope. + type: str + default: intraFabric + operating_mode: + description: + - Operating mode. + type: str + default: flowTelemetry + udp_categorization: + description: + - UDP categorization. + type: str + default: enabled + microburst: + description: + - Microburst detection settings. + type: dict + suboptions: + microburst: + description: + - Enable microburst detection. + type: bool + default: false + sensitivity: + description: + - Microburst sensitivity level. + type: str + default: low + analysis_settings: + description: + - Analysis settings. + type: dict + suboptions: + is_enabled: + description: + - Enable telemetry analysis. + type: bool + default: false + nas: + description: + - NAS telemetry configuration. + type: dict + suboptions: + server: + description: + - NAS server address. + type: str + default: "" + export_settings: + description: + - NAS export settings. + type: dict + suboptions: + export_type: + description: + - Export type. + type: str + default: full + export_format: + description: + - Export format. + type: str + default: json + energy_management: + description: + - Energy management settings. + type: dict + suboptions: + cost: + description: + - Energy cost per unit. + type: float + default: 1.2 + external_streaming_settings: + description: + - External streaming settings for the fabric. + type: dict + suboptions: + email: + description: + - Email streaming configuration. + type: list + elements: dict + message_bus: + description: + - Message bus configuration. + type: list + elements: dict + syslog: + description: + - Syslog streaming configuration. + type: dict + webhooks: + description: + - Webhook configuration. + type: list + elements: dict + state: + description: + - The desired state of the fabric resources on the Cisco Nexus Dashboard. + - Use O(state=merged) to create new fabrics and update existing ones as defined in the configuration. + Resources on ND that are not specified in the configuration will be left unchanged. + - Use O(state=replaced) to replace the fabric configuration specified in the configuration. + Any settings not explicitly provided will revert to their defaults. + - Use O(state=overridden) to enforce the configuration as the single source of truth. + Any fabric existing on ND but not present in the configuration will be deleted. Use with extra caution. + - Use O(state=deleted) to remove the fabrics specified in the configuration from the Cisco Nexus Dashboard. + type: str + default: merged + choices: [ merged, replaced, overridden, deleted ] +extends_documentation_fragment: +- cisco.nd.modules +- cisco.nd.check_mode +notes: +- This module is only supported on Nexus Dashboard having version 4.1.0 or higher. +- Only External Connectivity fabric type (C(externalConnectivity)) is supported by this module. +- When using O(state=replaced) with only required fields, all optional management settings revert to their defaults. +- The O(config.management.bgp_asn) field is required when creating a fabric. +""" + +EXAMPLES = r""" +- name: Create an External Connectivity fabric using state merged + cisco.nd.nd_manage_fabric_external: + state: merged + config: + - fabric_name: my_ext_fabric + category: fabric + location: + latitude: 37.7749 + longitude: -122.4194 + license_tier: premier + alert_suspend: disabled + security_domain: all + telemetry_collection: false + management: + type: externalConnectivity + bgp_asn: "65001" + copp_policy: manual + create_bgp_config: true + cdp: false + snmp_trap: true + nxapi: false + nxapi_http: false + nxapi_https_port: 443 + nxapi_http_port: 80 + performance_monitoring: false + real_time_interface_statistics_collection: false + interface_statistics_load_interval: 10 + sub_interface_dot1q_range: "2-511" + day0_bootstrap: false + local_dhcp_server: false + dhcp_protocol_version: dhcpv4 + dhcp_start_address: "" + dhcp_end_address: "" + management_gateway: "" + management_ipv4_prefix: 24 + register: result + +- name: Update specific fields on an existing fabric using state merged (partial update) + cisco.nd.nd_manage_fabric_external: + state: merged + config: + - fabric_name: my_ext_fabric + category: fabric + management: + bgp_asn: "65002" + performance_monitoring: true + snmp_trap: false + register: result + +- name: Create or fully replace an External Connectivity fabric using state replaced + cisco.nd.nd_manage_fabric_external: + state: replaced + config: + - fabric_name: my_ext_fabric + category: fabric + location: + latitude: 37.7749 + longitude: -122.4194 + license_tier: premier + alert_suspend: disabled + security_domain: all + telemetry_collection: false + management: + type: externalConnectivity + bgp_asn: "65004" + copp_policy: strict + create_bgp_config: true + cdp: true + snmp_trap: false + nxapi: true + nxapi_http: true + nxapi_https_port: 443 + nxapi_http_port: 80 + performance_monitoring: true + real_time_interface_statistics_collection: true + interface_statistics_load_interval: 30 + sub_interface_dot1q_range: "2-511" + power_redundancy_mode: combined + day0_bootstrap: false + local_dhcp_server: false + dhcp_protocol_version: dhcpv4 + dhcp_start_address: "" + dhcp_end_address: "" + management_gateway: "" + management_ipv4_prefix: 24 + management_ipv6_prefix: 64 + register: result + +- name: Replace fabric with only required fields (all optional settings revert to defaults) + cisco.nd.nd_manage_fabric_external: + state: replaced + config: + - fabric_name: my_ext_fabric + category: fabric + management: + type: externalConnectivity + bgp_asn: "65004" + register: result + +- name: Delete a specific fabric using state deleted + cisco.nd.nd_manage_fabric_external: + state: deleted + config: + - fabric_name: my_ext_fabric + register: result + +- name: Delete multiple fabrics in a single task + cisco.nd.nd_manage_fabric_external: + state: deleted + config: + - fabric_name: ext_fabric_east + - fabric_name: ext_fabric_west + register: result +""" + +RETURN = r""" +""" + +from ansible.module_utils.basic import AnsibleModule +from ansible_collections.cisco.nd.plugins.module_utils.nd import nd_argument_spec +from ansible_collections.cisco.nd.plugins.module_utils.nd_state_machine import NDStateMachine +from ansible_collections.cisco.nd.plugins.module_utils.models.manage_fabric.manage_fabric_external import FabricExternalConnectivityModel +from ansible_collections.cisco.nd.plugins.module_utils.orchestrators.manage_fabric_external import ManageExternalFabricOrchestrator +from ansible_collections.cisco.nd.plugins.module_utils.common.exceptions import NDStateMachineError + + +def main(): + argument_spec = nd_argument_spec() + argument_spec.update(FabricExternalConnectivityModel.get_argument_spec()) + + module = AnsibleModule( + argument_spec=argument_spec, + supports_check_mode=True, + ) + + try: + # Initialize StateMachine + nd_state_machine = NDStateMachine( + module=module, + model_orchestrator=ManageExternalFabricOrchestrator, + ) + + # Manage state + nd_state_machine.manage_state() + + module.exit_json(**nd_state_machine.output.format()) + + except NDStateMachineError as e: + module.fail_json(msg=str(e)) + except Exception as e: + module.fail_json(msg=f"Module execution failed: {str(e)}") + + +if __name__ == "__main__": + main() diff --git a/plugins/modules/nd_manage_fabric_ibgp.py b/plugins/modules/nd_manage_fabric_ibgp.py new file mode 100644 index 00000000..61ac1f0d --- /dev/null +++ b/plugins/modules/nd_manage_fabric_ibgp.py @@ -0,0 +1,1888 @@ +#!/usr/bin/python +# -*- coding: utf-8 -*- + +# Copyright: (c) 2026, Mike Wiebe (@mwiebe) + +# GNU General Public License v3.0+ (see LICENSE or https://www.gnu.org/licenses/gpl-3.0.txt) + +from __future__ import absolute_import, division, print_function + +__metaclass__ = type + +ANSIBLE_METADATA = {"metadata_version": "1.1", "status": ["preview"], "supported_by": "community"} + +DOCUMENTATION = r""" +--- +module: nd_manage_fabric_ibgp +version_added: "1.4.0" +short_description: Manage iBGP VXLAN fabrics on Cisco Nexus Dashboard +description: +- Manage iBGP VXLAN fabrics on Cisco Nexus Dashboard (ND). +- It supports creating, updating, replacing, and deleting iBGP VXLAN fabrics. +author: +- Mike Wiebe (@mwiebe) +options: + config: + description: + - The list of iBGP VXLAN fabrics to configure. + type: list + elements: dict + suboptions: + fabric_name: + description: + - The name of the fabric. + - Only letters, numbers, underscores, and hyphens are allowed. + - The O(config.fabric_name) must be defined when creating, updating or deleting a fabric. + type: str + required: true + category: + description: + - The resource category. + type: str + default: fabric + location: + description: + - The geographic location of the fabric. + type: dict + suboptions: + latitude: + description: + - Latitude coordinate of the fabric location (-90 to 90). + type: float + required: true + longitude: + description: + - Longitude coordinate of the fabric location (-180 to 180). + type: float + required: true + license_tier: + description: + - The license tier for the fabric. + type: str + default: premier + choices: [ essentials, advantage, premier ] + alert_suspend: + description: + - The alert suspension state for the fabric. + type: str + default: disabled + choices: [ enabled, disabled ] + telemetry_collection: + description: + - Enable telemetry collection for the fabric. + type: bool + default: false + telemetry_collection_type: + description: + - The telemetry collection type. + type: str + default: outOfBand + telemetry_streaming_protocol: + description: + - The telemetry streaming protocol. + type: str + default: ipv4 + telemetry_source_interface: + description: + - The telemetry source interface. + type: str + default: "" + telemetry_source_vrf: + description: + - The telemetry source VRF. + type: str + default: "" + security_domain: + description: + - The security domain associated with the fabric. + type: str + default: all + management: + description: + - The iBGP VXLAN management configuration for the fabric. + - Properties are grouped by template section for readability in the module documentation source. + type: dict + suboptions: + # General + type: + description: + - The fabric management type. Must be C(vxlanIbgp) for iBGP VXLAN fabrics. + type: str + default: vxlanIbgp + choices: [ vxlanIbgp ] + bgp_asn: + description: + - The BGP Autonomous System Number for the fabric. + - Accepts a plain integer (1-4294967295) or dotted notation (1-65535.0-65535). + type: str + required: true + underlay_ipv6: + description: + - Enable IPv6 underlay. + type: bool + default: false + fabric_interface_type: + description: + - The fabric interface type. Numbered (Point-to-Point) or unnumbered. + type: str + default: p2p + choices: [ p2p, unNumbered ] + link_state_routing_protocol: + description: + - The underlay link-state routing protocol. + type: str + default: ospf + choices: [ ospf, isis ] + target_subnet_mask: + description: + - The target subnet mask for intra-fabric links (24-31). + type: int + default: 30 + ipv6_link_local: + description: + - Enable IPv6 link-local addressing. + type: bool + default: true + ipv6_subnet_target_mask: + description: + - The IPv6 subnet target mask. + type: int + default: 126 + route_reflector_count: + description: + - The number of spines acting as BGP route reflectors. + type: int + default: 2 + choices: [ 2, 4 ] + anycast_gateway_mac: + description: + - The anycast gateway MAC address in xxxx.xxxx.xxxx format. + type: str + default: 2020.0000.00aa + performance_monitoring: + description: + - Enable performance monitoring. + type: bool + default: false + + # Replication + replication_mode: + description: + - The multicast replication mode. + type: str + default: multicast + choices: [ multicast, ingress ] + multicast_group_subnet: + description: + - The multicast group subnet. + type: str + default: "239.1.1.0/25" + ipv6_multicast_group_subnet: + description: + - The IPv6 multicast group subnet. + type: str + default: "ff1e::/121" + auto_generate_multicast_group_address: + description: + - Automatically generate multicast group addresses. + type: bool + default: false + underlay_multicast_group_address_limit: + description: + - The underlay multicast group address limit. + - The maximum supported value is 128 for NX-OS version 10.2(1) or earlier and 512 for versions above 10.2(1). + type: int + default: 128 + choices: [ 128, 512 ] + tenant_routed_multicast: + description: + - Enable tenant routed multicast. + type: bool + default: false + tenant_routed_multicast_ipv6: + description: + - Enable tenant routed multicast for IPv6. + type: bool + default: false + rendezvous_point_count: + description: + - The number of spines acting as Rendezvous-Points (RPs). + type: int + default: 2 + choices: [ 2, 4 ] + rendezvous_point_mode: + description: + - Multicast rendezvous point mode. For IPv6 underlay, use C(asm) only. + type: str + default: asm + choices: [ asm, bidir ] + rendezvous_point_loopback_id: + description: + - The rendezvous point loopback interface ID (0-1023). + type: int + default: 254 + phantom_rendezvous_point_loopback_id1: + description: + - Underlay phantom RP loopback primary ID for PIM Bi-dir deployments. + type: int + default: 2 + phantom_rendezvous_point_loopback_id2: + description: + - Underlay phantom RP loopback secondary ID for PIM Bi-dir deployments. + type: int + default: 3 + phantom_rendezvous_point_loopback_id3: + description: + - Underlay phantom RP loopback tertiary ID for PIM Bi-dir deployments. + type: int + default: 4 + phantom_rendezvous_point_loopback_id4: + description: + - Underlay phantom RP loopback quaternary ID for PIM Bi-dir deployments. + type: int + default: 5 + anycast_rendezvous_point_ip_range: + description: + - The anycast rendezvous point IP address pool. + type: str + default: "10.254.254.0/24" + ipv6_anycast_rendezvous_point_ip_range: + description: + - The IPv6 anycast rendezvous point IP address pool. + type: str + default: "fd00::254:254:0/118" + l3vni_multicast_group: + description: + - Default underlay multicast group IPv4 address assigned for every overlay VRF. + type: str + default: "239.1.1.0" + l3_vni_ipv6_multicast_group: + description: + - Default underlay multicast group IPv6 address assigned for every overlay VRF. + type: str + default: "ff1e::" + mvpn_vrf_route_import_id: + description: + - Enable MVPN VRI ID generation for Tenant Routed Multicast with IPv4 underlay. + type: bool + default: true + mvpn_vrf_route_import_id_range: + description: + - MVPN VRI ID range (minimum 1, maximum 65535) for vPC. + - Applicable when TRM is enabled with IPv6 underlay, or mvpn_vrf_route_import_id is enabled with IPv4 underlay. + type: str + default: "" + vrf_route_import_id_reallocation: + description: + - One time VRI ID re-allocation based on MVPN VRI ID Range. + type: bool + default: false + + # vPC + vpc_domain_id_range: + description: + - The vPC domain ID range. + type: str + default: "1-1000" + vpc_peer_link_vlan: + description: + - The vPC peer link VLAN ID. + type: str + default: "3600" + vpc_peer_link_enable_native_vlan: + description: + - Enable native VLAN on the vPC peer link. + type: bool + default: false + vpc_peer_keep_alive_option: + description: + - The vPC peer keep-alive option. + type: str + default: management + choices: [ loopback, management ] + vpc_auto_recovery_timer: + description: + - The vPC auto recovery timer in seconds (240-3600). + type: int + default: 360 + vpc_delay_restore_timer: + description: + - The vPC delay restore timer in seconds (1-3600). + type: int + default: 150 + vpc_peer_link_port_channel_id: + description: + - The vPC peer link port-channel ID. + type: str + default: "500" + vpc_ipv6_neighbor_discovery_sync: + description: + - Enable vPC IPv6 neighbor discovery synchronization. + type: bool + default: true + vpc_layer3_peer_router: + description: + - Enable vPC layer-3 peer router. + type: bool + default: true + vpc_tor_delay_restore_timer: + description: + - The vPC TOR delay restore timer. + type: int + default: 30 + fabric_vpc_domain_id: + description: + - Enable fabric vPC domain ID. + type: bool + default: false + shared_vpc_domain_id: + description: + - The shared vPC domain ID. + type: int + default: 1 + fabric_vpc_qos: + description: + - Enable fabric vPC QoS. + type: bool + default: false + fabric_vpc_qos_policy_name: + description: + - The fabric vPC QoS policy name. + type: str + default: spine_qos_for_fabric_vpc_peering + enable_peer_switch: + description: + - Enable peer switch. + type: bool + default: false + advertise_physical_ip: + description: + - Advertise physical IP address for NVE loopback. + type: bool + default: false + advertise_physical_ip_on_border: + description: + - Advertise physical IP address on border switches. + type: bool + default: true + anycast_border_gateway_advertise_physical_ip: + description: + - Enable anycast border gateway to advertise physical IP. + type: bool + default: false + allow_vlan_on_leaf_tor_pairing: + description: + - "Set trunk allowed VLAN to 'none' or 'all' for leaf-TOR pairing port-channels." + type: str + default: none + choices: [ none, all ] + leaf_tor_id_range: + description: + - Use specific vPC/Port-channel ID range for leaf-TOR pairings. + type: bool + default: false + leaf_tor_vpc_port_channel_id_range: + description: + - Specify vPC/Port-channel ID range (minimum 1, maximum 4096) for leaf-TOR pairings. + type: str + default: "1-499" + + # Protocols + ospf_area_id: + description: + - The OSPF area ID. + type: str + default: "0.0.0.0" + bgp_loopback_id: + description: + - The BGP loopback interface ID (0-1023). + type: int + default: 0 + nve_loopback_id: + description: + - The NVE loopback interface ID (0-1023). + type: int + default: 1 + anycast_loopback_id: + description: + - Underlay Anycast Loopback ID. Used for vPC Peering in VXLANv6 Fabrics. + type: int + default: 10 + auto_bgp_neighbor_description: + description: + - Enable automatic BGP neighbor description. + type: bool + default: true + ibgp_peer_template: + description: + - The iBGP peer template name. + type: str + default: "" + leaf_ibgp_peer_template: + description: + - The leaf iBGP peer template name. + type: str + default: "" + link_state_routing_tag: + description: + - The link state routing tag. + type: str + default: UNDERLAY + bgp_authentication: + description: + - Enable BGP authentication. + type: bool + default: false + bgp_authentication_key_type: + description: + - "BGP key encryption type: 3 - 3DES, 6 - Cisco type 6, 7 - Cisco type 7." + type: str + default: 3des + choices: [ 3des, type6, type7 ] + bgp_authentication_key: + description: + - The BGP authentication key. + type: str + default: "" + bfd: + description: + - Enable BFD globally. + type: bool + default: false + bfd_ibgp: + description: + - Enable BFD for iBGP sessions. + type: bool + default: false + bfd_ospf: + description: + - Enable BFD for OSPF. + type: bool + default: false + bfd_isis: + description: + - Enable BFD for IS-IS. + type: bool + default: false + bfd_pim: + description: + - Enable BFD for PIM. + type: bool + default: false + bfd_authentication: + description: + - Enable BFD authentication. + type: bool + default: false + bfd_authentication_key_id: + description: + - The BFD authentication key ID. + type: int + default: 100 + bfd_authentication_key: + description: + - The BFD authentication key. + type: str + default: "" + ospf_authentication: + description: + - Enable OSPF authentication. + type: bool + default: false + ospf_authentication_key_id: + description: + - The OSPF authentication key ID. + type: int + default: 127 + ospf_authentication_key: + description: + - The OSPF authentication key. + type: str + default: "" + pim_hello_authentication: + description: + - Enable PIM hello authentication. + type: bool + default: false + pim_hello_authentication_key: + description: + - The PIM hello authentication key. + type: str + default: "" + isis_level: + description: + - The IS-IS level. + type: str + default: level-2 + choices: [ level-1, level-2 ] + isis_area_number: + description: + - The IS-IS area number. + type: str + default: "0001" + isis_point_to_point: + description: + - Enable IS-IS point-to-point. + type: bool + default: true + isis_authentication: + description: + - Enable IS-IS authentication. + type: bool + default: false + isis_authentication_keychain_name: + description: + - The IS-IS authentication keychain name. + type: str + default: "" + isis_authentication_keychain_key_id: + description: + - The IS-IS authentication keychain key ID. + type: int + default: 127 + isis_authentication_key: + description: + - The IS-IS authentication key. + type: str + default: "" + isis_overload: + description: + - Enable IS-IS overload bit. + type: bool + default: true + isis_overload_elapse_time: + description: + - The IS-IS overload elapse time in seconds. + type: int + default: 60 + + # Security + security_group_tag: + description: + - Enable Security Group Tag (SGT) support. + type: bool + default: false + security_group_tag_prefix: + description: + - The SGT prefix. + type: str + default: SG_ + security_group_tag_mac_segmentation: + description: + - Enable SGT MAC segmentation. + type: bool + default: false + security_group_tag_id_range: + description: + - The SGT ID range. + type: str + default: "10000-14000" + security_group_tag_preprovision: + description: + - Enable SGT pre-provisioning. + type: bool + default: false + security_group_status: + description: + - The security group status. + type: str + default: disabled + choices: [ enabled, enabledStrict, enabledLoose, enablePending, enablePendingStrict, enablePendingLoose, disablePending, disabled ] + macsec: + description: + - Enable MACsec on intra-fabric links. + type: bool + default: false + macsec_cipher_suite: + description: + - The MACsec cipher suite. + type: str + default: GCM-AES-XPN-256 + choices: [ GCM-AES-128, GCM-AES-256, GCM-AES-XPN-128, GCM-AES-XPN-256 ] + macsec_key_string: + description: + - The MACsec primary key string. + type: str + default: "" + macsec_algorithm: + description: + - The MACsec primary cryptographic algorithm. + type: str + default: AES_128_CMAC + choices: [ AES_128_CMAC, AES_256_CMAC ] + macsec_fallback_key_string: + description: + - The MACsec fallback key string. + type: str + default: "" + macsec_fallback_algorithm: + description: + - The MACsec fallback cryptographic algorithm. + type: str + default: AES_128_CMAC + choices: [ AES_128_CMAC, AES_256_CMAC ] + macsec_report_timer: + description: + - The MACsec report timer. + type: int + default: 5 + vrf_lite_macsec: + description: + - Enable MACsec on DCI links. + type: bool + default: false + vrf_lite_macsec_cipher_suite: + description: + - The DCI MACsec cipher suite. + type: str + default: GCM-AES-XPN-256 + choices: [ GCM-AES-128, GCM-AES-256, GCM-AES-XPN-128, GCM-AES-XPN-256 ] + vrf_lite_macsec_key_string: + description: + - The DCI MACsec primary key string (Cisco Type 7 Encrypted Octet String). + type: str + default: "" + vrf_lite_macsec_algorithm: + description: + - The DCI MACsec primary cryptographic algorithm. + type: str + default: AES_128_CMAC + choices: [ AES_128_CMAC, AES_256_CMAC ] + vrf_lite_macsec_fallback_key_string: + description: + - The DCI MACsec fallback key string (Cisco Type 7 Encrypted Octet String). + - This parameter is used when DCI link has QKD disabled. + type: str + default: "" + vrf_lite_macsec_fallback_algorithm: + description: + - The DCI MACsec fallback cryptographic algorithm. + - This parameter is used when DCI link has QKD disabled. + type: str + default: AES_128_CMAC + choices: [ AES_128_CMAC, AES_256_CMAC ] + quantum_key_distribution: + description: + - Enable quantum key distribution. + type: bool + default: false + quantum_key_distribution_profile_name: + description: + - The quantum key distribution profile name. + type: str + default: "" + key_management_entity_server_ip: + description: + - The key management entity server IP address. + type: str + default: "" + key_management_entity_server_port: + description: + - The key management entity server port. + type: int + default: 0 + trustpoint_label: + description: + - The trustpoint label for TLS authentication. + type: str + default: "" + skip_certificate_verification: + description: + - Skip verification of incoming certificate. + type: bool + default: false + + # Advanced + site_id: + description: + - The site identifier for the fabric (for EVPN Multi-Site support). + - Must be a numeric value between 1 and 281474976710655. + - Defaults to the value of O(config.management.bgp_asn) if not provided. + type: str + default: "" + overlay_mode: + description: + - The overlay configuration mode. + type: str + default: cli + choices: [ cli, config-profile ] + vrf_template: + description: + - The VRF template name. + type: str + default: Default_VRF_Universal + network_template: + description: + - The network template name. + type: str + default: Default_Network_Universal + vrf_extension_template: + description: + - The VRF extension template name. + type: str + default: Default_VRF_Extension_Universal + network_extension_template: + description: + - The network extension template name. + type: str + default: Default_Network_Extension_Universal + l3_vni_no_vlan_default_option: + description: + - Enable L3 VNI no-VLAN default option. + type: bool + default: false + fabric_mtu: + description: + - The fabric MTU size (1500-9216). + type: int + default: 9216 + l2_host_interface_mtu: + description: + - The L2 host interface MTU size (1500-9216). + type: int + default: 9216 + tenant_dhcp: + description: + - Enable tenant DHCP. + type: bool + default: true + snmp_trap: + description: + - Enable SNMP traps. + type: bool + default: true + cdp: + description: + - Enable CDP. + type: bool + default: false + tcam_allocation: + description: + - Enable TCAM allocation. + type: bool + default: true + real_time_interface_statistics_collection: + description: + - Enable real-time interface statistics collection. + type: bool + default: false + interface_statistics_load_interval: + description: + - The interface statistics load interval in seconds. + type: int + default: 10 + greenfield_debug_flag: + description: + - Allow switch configuration to be cleared without a reload when preserveConfig is set to false. + type: str + default: disable + choices: [ enable, disable ] + nxapi: + description: + - Enable NX-API (HTTPS). + type: bool + default: false + nxapi_https_port: + description: + - The NX-API HTTPS port (1-65535). + type: int + default: 443 + nxapi_http: + description: + - Enable NX-API over HTTP. + type: bool + default: false + nxapi_http_port: + description: + - The NX-API HTTP port (1-65535). + type: int + default: 80 + default_queuing_policy: + description: + - Enable default queuing policies. + type: bool + default: false + default_queuing_policy_cloudscale: + description: + - Queuing policy for all 92xx, -EX, -FX, -FX2, -FX3, -GX series switches in the fabric. + type: str + default: queuing_policy_default_8q_cloudscale + default_queuing_policy_r_series: + description: + - Queuing policy for all Nexus R-series switches. + type: str + default: queuing_policy_default_r_series + default_queuing_policy_other: + description: + - Queuing policy for all other switches in the fabric. + type: str + default: queuing_policy_default_other + aiml_qos: + description: + - Enable AI/ML QoS. Configures QoS and queuing policies specific to N9K Cloud Scale and Silicon One switch fabric + for AI network workloads. + type: bool + default: false + aiml_qos_policy: + description: + - Queuing policy based on predominant fabric link speed. + type: str + default: 400G + choices: [ 800G, 400G, 100G, 25G, User-defined ] + roce_v2: + description: + - DSCP for RDMA traffic. Numeric (0-63) with ranges/comma, or named values. + type: str + default: "26" + cnp: + description: + - DSCP value for Congestion Notification. Numeric (0-63) with ranges/comma, or named values. + type: str + default: "48" + wred_min: + description: + - WRED minimum threshold (in kbytes). + type: int + default: 950 + wred_max: + description: + - WRED maximum threshold (in kbytes). + type: int + default: 3000 + wred_drop_probability: + description: + - WRED drop probability percentage. + type: int + default: 7 + wred_weight: + description: + - Influences how quickly WRED reacts to queue depth changes. + type: int + default: 0 + bandwidth_remaining: + description: + - Percentage of remaining bandwidth allocated to AI traffic queues. + type: int + default: 50 + dlb: + description: + - Enable fabric-level Dynamic Load Balancing (DLB). Inter-Switch-Links will be configured as DLB interfaces. + type: bool + default: false + dlb_mode: + description: + - "Select system-wide DLB mode: flowlet, per-packet (packet spraying), or policy driven mixed mode. + Mixed mode is supported on Silicon One (S1) platform only." + type: str + default: flowlet + choices: [ flowlet, per-packet, policy-driven-flowlet, policy-driven-per-packet, policy-driven-mixed-mode ] + dlb_mixed_mode_default: + description: + - Default load balancing mode for policy driven mixed mode DLB. + type: str + default: ecmp + choices: [ ecmp, flowlet, per-packet ] + flowlet_aging: + description: + - "Flowlet aging timer in microseconds. Valid range depends on platform: Cloud Scale (CS)=1-2000000, + Silicon One (S1)=1-1024." + type: int + default: 1 + flowlet_dscp: + description: + - DSCP values for flowlet load balancing. Numeric (0-63) with ranges/comma, or named values. + type: str + default: "" + per_packet_dscp: + description: + - DSCP values for per-packet load balancing. Numeric (0-63) with ranges/comma, or named values. + type: str + default: "" + ai_load_sharing: + description: + - Enable IP load sharing using source and destination address for AI workloads. + type: bool + default: false + priority_flow_control_watch_interval: + description: + - PFC watch interval in milliseconds (101-1000). Leave blank for system default (100ms). + type: int + default: 101 + ptp: + description: + - Enable Precision Time Protocol (PTP). + type: bool + default: false + ptp_loopback_id: + description: + - The PTP loopback ID. + type: int + default: 0 + ptp_domain_id: + description: + - The PTP domain ID for multiple independent PTP clocking subdomains on a single network. + type: int + default: 0 + ptp_vlan_id: + description: + - Precision Time Protocol (PTP) source VLAN ID. SVI used for PTP source on ToRs. + type: int + default: 2 + stp_root_option: + description: + - "Which protocol to use for configuring root bridge: rpvst+ (Rapid Per-VLAN Spanning Tree), + mst (Multiple Spanning Tree), or unmanaged (STP Root not managed by ND)." + type: str + default: unmanaged + choices: [ rpvst+, mst, unmanaged ] + stp_vlan_range: + description: + - The STP VLAN range (minimum 1, maximum 4094). + type: str + default: "1-3967" + mst_instance_range: + description: + - The MST instance range (minimum 0, maximum 4094). + type: str + default: "0" + stp_bridge_priority: + description: + - The STP bridge priority. + type: int + default: 0 + mpls_handoff: + description: + - Enable MPLS handoff. + type: bool + default: false + mpls_loopback_identifier: + description: + - The MPLS loopback identifier used for VXLAN to MPLS SR/LDP Handoff. + type: int + default: 101 + mpls_isis_area_number: + description: + - IS-IS area number for DCI MPLS link. Used only if routing protocol on DCI MPLS link is IS-IS. + type: str + default: "0001" + mpls_loopback_ip_range: + description: + - The MPLS loopback IP address pool. + type: str + default: "10.101.0.0/25" + private_vlan: + description: + - Enable PVLAN on switches except spines and super spines. + type: bool + default: false + default_private_vlan_secondary_network_template: + description: + - Default PVLAN secondary network template. + type: str + default: Pvlan_Secondary_Network + nve_hold_down_timer: + description: + - The NVE hold-down timer in seconds. + type: int + default: 180 + next_generation_oam: + description: + - Enable the Next Generation (NG) OAM feature for all switches in the fabric. + type: bool + default: true + ngoam_south_bound_loop_detect: + description: + - Enable the Next Generation (NG) OAM southbound loop detection. + type: bool + default: false + ngoam_south_bound_loop_detect_probe_interval: + description: + - Set NG OAM southbound loop detection probe interval in seconds. + type: int + default: 300 + ngoam_south_bound_loop_detect_recovery_interval: + description: + - Set NG OAM southbound loop detection recovery interval in seconds. + type: int + default: 600 + strict_config_compliance_mode: + description: + - Enable bi-directional compliance checks to flag additional configs in the running config + that are not in the intent/expected config. + type: bool + default: false + advanced_ssh_option: + description: + - Enable AAA IP Authorization. Enable only when IP Authorization is enabled in the AAA Server. + type: bool + default: false + copp_policy: + description: + - The fabric wide CoPP policy. Customized CoPP policy should be provided when C(manual) is selected. + type: str + default: strict + choices: [ dense, lenient, moderate, strict, manual ] + power_redundancy_mode: + description: + - Default power supply mode for NX-OS switches. + type: str + default: redundant + choices: [ redundant, combined, inputSrcRedundant ] + host_interface_admin_state: + description: + - Enable host interface admin state. + type: bool + default: true + heartbeat_interval: + description: + - The heartbeat interval. + type: int + default: 190 + policy_based_routing: + description: + - Enable policy-based routing. + type: bool + default: false + brownfield_network_name_format: + description: + - The brownfield network name format. + type: str + default: "Auto_Net_VNI$$VNI$$_VLAN$$VLAN_ID$$" + brownfield_skip_overlay_network_attachments: + description: + - Skip brownfield overlay network attachments. + type: bool + default: false + + # Freeform + extra_config_leaf: + description: + - Extra freeform configuration applied to leaf switches. + type: str + default: "" + extra_config_spine: + description: + - Extra freeform configuration applied to spine switches. + type: str + default: "" + extra_config_tor: + description: + - Extra freeform configuration applied to TOR switches. + type: str + default: "" + extra_config_intra_fabric_links: + description: + - Extra freeform configuration applied to intra-fabric links. + type: str + default: "" + pre_interface_config_leaf: + description: + - Additional CLIs added before interface configurations for all switches with a VTEP + unless they have some spine role. + type: str + default: "" + pre_interface_config_spine: + description: + - Additional CLIs added before interface configurations for all switches with some spine role. + type: str + default: "" + pre_interface_config_tor: + description: + - Additional CLIs added before interface configurations for all ToRs. + type: str + default: "" + + # Resources + static_underlay_ip_allocation: + description: + - Enable static underlay IP allocation. + type: bool + default: false + bgp_loopback_ip_range: + description: + - The BGP loopback IP address pool. + type: str + default: "10.2.0.0/22" + nve_loopback_ip_range: + description: + - The NVE loopback IP address pool. + type: str + default: "10.3.0.0/22" + bgp_loopback_ipv6_range: + description: + - The BGP loopback IPv6 address pool. + type: str + default: "fd00::a02:0/119" + nve_loopback_ipv6_range: + description: + - The NVE loopback IPv6 address pool. + type: str + default: "fd00::a03:0/118" + intra_fabric_subnet_range: + description: + - The intra-fabric subnet IP address pool. + type: str + default: "10.4.0.0/16" + ipv6_subnet_range: + description: + - The IPv6 subnet range. + type: str + default: "fd00::a04:0/112" + router_id_range: + description: + - The BGP router ID range in IPv4 subnet format. Used for IPv6 underlay. + type: str + default: "10.2.0.0/23" + l2_vni_range: + description: + - The Layer 2 VNI range. + type: str + default: "30000-49000" + l3_vni_range: + description: + - The Layer 3 VNI range. + type: str + default: "50000-59000" + network_vlan_range: + description: + - The network VLAN range. + type: str + default: "2300-2999" + vrf_vlan_range: + description: + - The VRF VLAN range. + type: str + default: "2000-2299" + sub_interface_dot1q_range: + description: + - The sub-interface 802.1q range (minimum 2, maximum 4093). + type: str + default: "2-511" + vrf_lite_auto_config: + description: + - "VRF Lite Inter-Fabric Connection deployment options. If C(back2BackAndToExternal) is selected, + VRF Lite IFCs are auto created between border devices of two Easy Fabrics, and between + border devices in Easy Fabric and edge routers in External Fabric." + type: str + default: manual + choices: [ manual, back2BackAndToExternal ] + vrf_lite_subnet_range: + description: + - The VRF lite subnet IP address pool. + type: str + default: "10.33.0.0/16" + vrf_lite_subnet_target_mask: + description: + - The VRF lite subnet target mask. + type: int + default: 30 + auto_unique_vrf_lite_ip_prefix: + description: + - Enable auto unique VRF lite IP prefix. + type: bool + default: false + auto_symmetric_vrf_lite: + description: + - Enable auto symmetric VRF lite. + type: bool + default: false + auto_vrf_lite_default_vrf: + description: + - Enable auto VRF lite for the default VRF. + type: bool + default: false + auto_symmetric_default_vrf: + description: + - Enable auto symmetric default VRF. + type: bool + default: false + default_vrf_redistribution_bgp_route_map: + description: + - Route Map used to redistribute BGP routes to IGP in default VRF in auto created VRF Lite IFC links. + type: str + default: extcon-rmap-filter + per_vrf_loopback_auto_provision: + description: + - Enable per-VRF loopback auto-provisioning. + type: bool + default: false + per_vrf_loopback_ip_range: + description: + - The per-VRF loopback IP address pool. + type: str + default: "10.5.0.0/22" + per_vrf_loopback_auto_provision_ipv6: + description: + - Enable per-VRF loopback auto-provisioning for IPv6. + type: bool + default: false + per_vrf_loopback_ipv6_range: + description: + - The per-VRF loopback IPv6 address pool. + type: str + default: "fd00::a05:0/112" + per_vrf_unique_loopback_auto_provision: + description: + - Auto provision a unique IPv4 loopback on a VTEP on VRF attachment. + - This option and per VRF per VTEP loopback auto-provisioning are mutually exclusive. + type: bool + default: false + per_vrf_unique_loopback_ip_range: + description: + - Prefix pool to assign unique IPv4 addresses to loopbacks on VTEPs on a per VRF basis. + type: str + default: "10.6.0.0/22" + per_vrf_unique_loopback_auto_provision_v6: + description: + - Auto provision a unique IPv6 loopback on a VTEP on VRF attachment. + type: bool + default: false + per_vrf_unique_loopback_ipv6_range: + description: + - Prefix pool to assign unique IPv6 addresses to loopbacks on VTEPs on a per VRF basis. + type: str + default: "fd00::a06:0/112" + ip_service_level_agreement_id_range: + description: + - The IP SLA ID range. + type: str + default: "10000-19999" + object_tracking_number_range: + description: + - The object tracking number range. + type: str + default: "100-299" + route_map_sequence_number_range: + description: + - The route map sequence number range (minimum 1, maximum 65534). + type: str + default: "1-65534" + service_network_vlan_range: + description: + - Per Switch Overlay Service Network VLAN Range (minimum 2, maximum 4094). + type: str + default: "3000-3199" + + # Manageability + inband_management: + description: + - Manage switches with only inband connectivity. + type: bool + default: false + aaa: + description: + - Enable AAA. + type: bool + default: false + extra_config_aaa: + description: + - Extra freeform AAA configuration. + type: str + default: "" + banner: + description: + - The fabric banner text displayed on switch login. + type: str + default: "" + ntp_server_collection: + description: + - The list of NTP server IP addresses. + type: list + elements: str + ntp_server_vrf_collection: + description: + - The list of VRFs for NTP servers. + type: list + elements: str + dns_collection: + description: + - The list of DNS server IP addresses. + type: list + elements: str + dns_vrf_collection: + description: + - The list of VRFs for DNS servers. + type: list + elements: str + syslog_server_collection: + description: + - The list of syslog server IP addresses. + type: list + elements: str + syslog_server_vrf_collection: + description: + - The list of VRFs for syslog servers. + type: list + elements: str + syslog_severity_collection: + description: + - The list of syslog severity levels (0-7). + type: list + elements: int + + # Hypershield + allow_smart_switch_onboarding: + description: + - Enable onboarding of smart switches to Hypershield for firewall service. + type: bool + default: false + connectivity_domain_name: + description: + - Domain name to connect to Hypershield. + type: str + hypershield_connectivity_proxy_server: + description: + - IPv4 address, IPv6 address, or DNS name of the proxy server for Hypershield communication. + type: str + hypershield_connectivity_proxy_server_port: + description: + - Proxy port number for communication with Hypershield. + type: int + hypershield_connectivity_source_intf: + description: + - Loopback interface on smart switch for communication with Hypershield. + type: str + + # Bootstrap + day0_bootstrap: + description: + - Enable day-0 bootstrap (POAP). + type: bool + default: false + local_dhcp_server: + description: + - Enable local DHCP server for bootstrap. + type: bool + default: false + dhcp_protocol_version: + description: + - The IP protocol version for local DHCP server. + type: str + default: dhcpv4 + choices: [ dhcpv4, dhcpv6 ] + dhcp_start_address: + description: + - The DHCP start address for bootstrap. + type: str + default: "" + dhcp_end_address: + description: + - The DHCP end address for bootstrap. + type: str + default: "" + management_gateway: + description: + - The management gateway for bootstrap. + type: str + default: "" + management_ipv4_prefix: + description: + - The management IPv4 prefix length for bootstrap. + type: int + default: 24 + management_ipv6_prefix: + description: + - The management IPv6 prefix length for bootstrap. + type: int + default: 64 + bootstrap_subnet_collection: + description: + - List of IPv4 or IPv6 subnets to be used for bootstrap. + - When O(state=merged), omitting this option preserves the existing collection. + - When O(state=merged), providing this option replaces the entire collection with the supplied list. + - Under O(state=merged), entries in this list are not merged item-by-item. + - Under O(state=merged), removing one entry from the playbook removes it from the fabric, and setting an empty list clears the collection. + - When O(state=replaced), this option is also treated as the exact desired collection. + - When O(state=replaced), omitting this option resets the collection to its default empty value. + type: list + elements: dict + suboptions: + start_ip: + description: + - Starting IP address of the bootstrap range. + type: str + required: true + end_ip: + description: + - Ending IP address of the bootstrap range. + type: str + required: true + default_gateway: + description: + - Default gateway for bootstrap subnet. + type: str + required: true + subnet_prefix: + description: + - Subnet prefix length (8-30). + type: int + required: true + seed_switch_core_interfaces: + description: + - Seed switch fabric interfaces. Core-facing interface list on seed switch. + type: list + elements: str + spine_switch_core_interfaces: + description: + - Spine switch fabric interfaces. Core-facing interface list on all spines. + type: list + elements: str + inband_dhcp_servers: + description: + - List of external DHCP server IP addresses (Max 3). + type: list + elements: str + extra_config_nxos_bootstrap: + description: + - Additional CLIs required during device bootup/login (e.g. AAA/Radius). + type: str + default: "" + unnumbered_bootstrap_loopback_id: + description: + - Bootstrap Seed Switch Loopback Interface ID. + type: int + default: 253 + unnumbered_dhcp_start_address: + description: + - Switch Loopback DHCP Scope Start Address. Must be a subset of IGP/BGP Loopback Prefix Pool. + type: str + default: "" + unnumbered_dhcp_end_address: + description: + - Switch Loopback DHCP Scope End Address. Must be a subset of IGP/BGP Loopback Prefix Pool. + type: str + default: "" + + # Configuration Backup + real_time_backup: + description: + - Enable real-time backup. + type: bool + default: false + scheduled_backup: + description: + - Enable scheduled backup. + type: bool + default: false + scheduled_backup_time: + description: + - The scheduled backup time. + type: str + default: "" + + # Flow Monitor + netflow_settings: + description: + - Settings associated with netflow. + type: dict + suboptions: + netflow: + description: + - Enable netflow collection. + type: bool + default: false + netflow_exporter_collection: + description: + - List of netflow exporters. + type: list + elements: dict + suboptions: + exporter_name: + description: + - Name of the netflow exporter. + type: str + required: true + exporter_ip: + description: + - IP address of the netflow collector. + type: str + required: true + vrf: + description: + - VRF name for the exporter. + type: str + default: management + source_interface_name: + description: + - Source interface name. + type: str + required: true + udp_port: + description: + - UDP port for netflow export (1-65535). + type: int + netflow_record_collection: + description: + - List of netflow records. + type: list + elements: dict + suboptions: + record_name: + description: + - Name of the netflow record. + type: str + required: true + record_template: + description: + - Template type for the record. + type: str + required: true + layer2_record: + description: + - Enable layer 2 record fields. + type: bool + default: false + netflow_monitor_collection: + description: + - List of netflow monitors. + type: list + elements: dict + suboptions: + monitor_name: + description: + - Name of the netflow monitor. + type: str + required: true + record_name: + description: + - Associated record name. + type: str + required: true + exporter1_name: + description: + - Primary exporter name. + type: str + required: true + exporter2_name: + description: + - Secondary exporter name. + type: str + default: "" + state: + description: + - The desired state of the fabric resources on the Cisco Nexus Dashboard. + - Use O(state=merged) to create new fabrics and update existing ones as defined in the configuration. + Resources on ND that are not specified in the configuration will be left unchanged. + - Use O(state=replaced) to replace the fabric configuration specified in the configuration. + Any settings not explicitly provided will revert to their defaults. + - Use O(state=overridden) to enforce the configuration as the single source of truth. + Any fabric existing on ND but not present in the configuration will be deleted. Use with extra caution. + - Use O(state=deleted) to remove the fabrics specified in the configuration from the Cisco Nexus Dashboard. + type: str + default: merged + choices: [ merged, replaced, overridden, deleted ] +extends_documentation_fragment: +- cisco.nd.modules +- cisco.nd.check_mode +notes: +- This module is only supported on Nexus Dashboard having version 4.1.0 or higher. +- Only iBGP VXLAN fabric type (C(vxlanIbgp)) is supported by this module. +- When using O(state=replaced) with only required fields, all optional management settings revert to their defaults. +- The O(config.management.bgp_asn) field is required when creating a fabric. +- O(config.management.site_id) defaults to the value of O(config.management.bgp_asn) if not provided. +""" + +EXAMPLES = r""" +- name: Create an iBGP VXLAN fabric using state merged + cisco.nd.nd_manage_fabric_ibgp: + state: merged + config: + - fabric_name: my_fabric + category: fabric + location: + latitude: 37.7749 + longitude: -122.4194 + license_tier: premier + alert_suspend: disabled + security_domain: all + telemetry_collection: false + management: + type: vxlanIbgp + bgp_asn: "65001" + site_id: "65001" + target_subnet_mask: 30 + anycast_gateway_mac: "2020.0000.00aa" + performance_monitoring: false + replication_mode: multicast + multicast_group_subnet: "239.1.1.0/25" + auto_generate_multicast_group_address: false + underlay_multicast_group_address_limit: 128 + tenant_routed_multicast: false + rendezvous_point_count: 2 + rendezvous_point_loopback_id: 254 + vpc_peer_link_vlan: "3600" + vpc_peer_link_enable_native_vlan: false + vpc_peer_keep_alive_option: loopback + vpc_auto_recovery_timer: 360 + vpc_delay_restore_timer: 150 + vpc_peer_link_port_channel_id: "500" + advertise_physical_ip: false + vpc_domain_id_range: "1-1000" + bgp_loopback_id: 0 + nve_loopback_id: 1 + vrf_template: Default_VRF_Universal + network_template: Default_Network_Universal + vrf_extension_template: Default_VRF_Extension_Universal + network_extension_template: Default_Network_Extension_Universal + l3_vni_no_vlan_default_option: false + fabric_mtu: 9216 + l2_host_interface_mtu: 9216 + tenant_dhcp: true + nxapi: true + nxapi_https_port: 443 + nxapi_http: false + nxapi_http_port: 80 + snmp_trap: true + anycast_border_gateway_advertise_physical_ip: false + greenfield_debug_flag: enable + tcam_allocation: true + real_time_interface_statistics_collection: false + interface_statistics_load_interval: 10 + bgp_loopback_ip_range: "10.2.0.0/22" + nve_loopback_ip_range: "10.3.0.0/22" + anycast_rendezvous_point_ip_range: "10.254.254.0/24" + intra_fabric_subnet_range: "10.4.0.0/16" + l2_vni_range: "30000-49000" + l3_vni_range: "50000-59000" + network_vlan_range: "2300-2999" + vrf_vlan_range: "2000-2299" + sub_interface_dot1q_range: "2-511" + vrf_lite_auto_config: manual + vrf_lite_subnet_range: "10.33.0.0/16" + vrf_lite_subnet_target_mask: 30 + auto_unique_vrf_lite_ip_prefix: false + per_vrf_loopback_auto_provision: true + per_vrf_loopback_ip_range: "10.5.0.0/22" + banner: "" + day0_bootstrap: false + local_dhcp_server: false + dhcp_protocol_version: dhcpv4 + dhcp_start_address: "" + dhcp_end_address: "" + management_gateway: "" + management_ipv4_prefix: 24 + register: result + +- name: Update specific fields on an existing fabric using state merged (partial update) + cisco.nd.nd_manage_fabric_ibgp: + state: merged + config: + - fabric_name: my_fabric + category: fabric + management: + bgp_asn: "65002" + site_id: "65002" + anycast_gateway_mac: "2020.0000.00bb" + performance_monitoring: true + register: result + +- name: Create or fully replace an iBGP VXLAN fabric using state replaced + cisco.nd.nd_manage_fabric_ibgp: + state: replaced + config: + - fabric_name: my_fabric + category: fabric + location: + latitude: 37.7749 + longitude: -122.4194 + license_tier: premier + alert_suspend: disabled + security_domain: all + telemetry_collection: false + management: + type: vxlanIbgp + bgp_asn: "65004" + site_id: "65004" + target_subnet_mask: 30 + anycast_gateway_mac: "2020.0000.00dd" + performance_monitoring: true + replication_mode: multicast + multicast_group_subnet: "239.1.3.0/25" + auto_generate_multicast_group_address: false + underlay_multicast_group_address_limit: 128 + tenant_routed_multicast: false + rendezvous_point_count: 3 + rendezvous_point_loopback_id: 253 + vpc_peer_link_vlan: "3700" + vpc_peer_link_enable_native_vlan: false + vpc_peer_keep_alive_option: loopback + vpc_auto_recovery_timer: 300 + vpc_delay_restore_timer: 120 + vpc_peer_link_port_channel_id: "600" + vpc_ipv6_neighbor_discovery_sync: false + advertise_physical_ip: true + vpc_domain_id_range: "1-800" + bgp_loopback_id: 0 + nve_loopback_id: 1 + vrf_template: Default_VRF_Universal + network_template: Default_Network_Universal + vrf_extension_template: Default_VRF_Extension_Universal + network_extension_template: Default_Network_Extension_Universal + l3_vni_no_vlan_default_option: false + fabric_mtu: 9000 + l2_host_interface_mtu: 9000 + tenant_dhcp: false + nxapi: false + nxapi_https_port: 443 + nxapi_http: true + nxapi_http_port: 80 + snmp_trap: false + anycast_border_gateway_advertise_physical_ip: true + greenfield_debug_flag: disable + tcam_allocation: false + real_time_interface_statistics_collection: true + interface_statistics_load_interval: 30 + bgp_loopback_ip_range: "10.22.0.0/22" + nve_loopback_ip_range: "10.23.0.0/22" + anycast_rendezvous_point_ip_range: "10.254.252.0/24" + intra_fabric_subnet_range: "10.24.0.0/16" + l2_vni_range: "40000-59000" + l3_vni_range: "60000-69000" + network_vlan_range: "2400-3099" + vrf_vlan_range: "2100-2399" + sub_interface_dot1q_range: "2-511" + vrf_lite_auto_config: manual + vrf_lite_subnet_range: "10.53.0.0/16" + vrf_lite_subnet_target_mask: 30 + auto_unique_vrf_lite_ip_prefix: false + per_vrf_loopback_auto_provision: true + per_vrf_loopback_ip_range: "10.25.0.0/22" + per_vrf_loopback_auto_provision_ipv6: true + per_vrf_loopback_ipv6_range: "fd00::a25:0/112" + banner: "^ Managed by Ansible ^" + day0_bootstrap: false + local_dhcp_server: false + dhcp_protocol_version: dhcpv4 + dhcp_start_address: "" + dhcp_end_address: "" + management_gateway: "" + management_ipv4_prefix: 24 + management_ipv6_prefix: 64 + register: result + +- name: Replace fabric with only required fields (all optional settings revert to defaults) + cisco.nd.nd_manage_fabric_ibgp: + state: replaced + config: + - fabric_name: my_fabric + category: fabric + management: + type: vxlanIbgp + bgp_asn: "65004" + site_id: "65004" + banner: "^ Managed by Ansible ^" + register: result + +- name: Enforce exact fabric inventory using state overridden (deletes unlisted fabrics) + cisco.nd.nd_manage_fabric_ibgp: + state: overridden + config: + - fabric_name: fabric_east + category: fabric + location: + latitude: 40.7128 + longitude: -74.0060 + license_tier: premier + alert_suspend: disabled + security_domain: all + telemetry_collection: false + management: + type: vxlanIbgp + bgp_asn: "65010" + site_id: "65010" + target_subnet_mask: 30 + anycast_gateway_mac: "2020.0000.0010" + replication_mode: multicast + multicast_group_subnet: "239.1.10.0/25" + bgp_loopback_ip_range: "10.10.0.0/22" + nve_loopback_ip_range: "10.11.0.0/22" + anycast_rendezvous_point_ip_range: "10.254.10.0/24" + intra_fabric_subnet_range: "10.12.0.0/16" + l2_vni_range: "30000-49000" + l3_vni_range: "50000-59000" + network_vlan_range: "2300-2999" + vrf_vlan_range: "2000-2299" + - fabric_name: fabric_west + category: fabric + location: + latitude: 34.0522 + longitude: -118.2437 + license_tier: premier + alert_suspend: disabled + security_domain: all + telemetry_collection: false + management: + type: vxlanIbgp + bgp_asn: "65020" + site_id: "65020" + target_subnet_mask: 30 + anycast_gateway_mac: "2020.0000.0020" + replication_mode: multicast + multicast_group_subnet: "239.1.20.0/25" + bgp_loopback_ip_range: "10.20.0.0/22" + nve_loopback_ip_range: "10.21.0.0/22" + anycast_rendezvous_point_ip_range: "10.254.20.0/24" + intra_fabric_subnet_range: "10.22.0.0/16" + l2_vni_range: "30000-49000" + l3_vni_range: "50000-59000" + network_vlan_range: "2300-2999" + vrf_vlan_range: "2000-2299" + register: result + +- name: Delete a specific fabric using state deleted + cisco.nd.nd_manage_fabric_ibgp: + state: deleted + config: + - fabric_name: my_fabric + register: result + +- name: Delete multiple fabrics in a single task + cisco.nd.nd_manage_fabric_ibgp: + state: deleted + config: + - fabric_name: fabric_east + - fabric_name: fabric_west + - fabric_name: fabric_old + register: result +""" + +RETURN = r""" +""" + +from ansible.module_utils.basic import AnsibleModule +from ansible_collections.cisco.nd.plugins.module_utils.nd import nd_argument_spec +from ansible_collections.cisco.nd.plugins.module_utils.nd_state_machine import NDStateMachine +from ansible_collections.cisco.nd.plugins.module_utils.models.manage_fabric.manage_fabric_ibgp import FabricIbgpModel +from ansible_collections.cisco.nd.plugins.module_utils.orchestrators.manage_fabric_ibgp import ManageIbgpFabricOrchestrator +from ansible_collections.cisco.nd.plugins.module_utils.common.exceptions import NDStateMachineError + + +def main(): + argument_spec = nd_argument_spec() + argument_spec.update(FabricIbgpModel.get_argument_spec()) + + module = AnsibleModule( + argument_spec=argument_spec, + supports_check_mode=True, + ) + + try: + # Initialize StateMachine + nd_state_machine = NDStateMachine( + module=module, + model_orchestrator=ManageIbgpFabricOrchestrator, + ) + + # Manage state + nd_state_machine.manage_state() + + module.exit_json(**nd_state_machine.output.format()) + + except NDStateMachineError as e: + module.fail_json(msg=str(e)) + except Exception as e: + module.fail_json(msg=f"Module execution failed: {str(e)}") + + +if __name__ == "__main__": + main() diff --git a/tests/integration/targets/nd_manage_fabric/tasks/fabric_ebgp.yaml b/tests/integration/targets/nd_manage_fabric/tasks/fabric_ebgp.yaml new file mode 100644 index 00000000..80671b5d --- /dev/null +++ b/tests/integration/targets/nd_manage_fabric/tasks/fabric_ebgp.yaml @@ -0,0 +1,1228 @@ +--- +# Test code for the ND modules +# Copyright: (c) 2026, Mike Wiebe (@mwiebe) + +# GNU General Public License v3.0+ (see LICENSE or https://www.gnu.org/licenses/gpl-3.0.txt) + +- name: Test that we have a Nexus Dashboard host, username and password + ansible.builtin.fail: + msg: 'Please define the following variables: ansible_host, ansible_user and ansible_password.' + when: ansible_host is not defined or ansible_user is not defined or ansible_password is not defined + +- name: Set vars + ansible.builtin.set_fact: + nd_info: &nd_info + output_level: '{{ api_key_output_level | default("debug") }}' + +############################################################################# +# CLEANUP - Ensure clean state before tests +############################################################################# +- name: Clean up any existing test fabrics before starting tests + cisco.nd.nd_manage_fabric_ebgp: + <<: *nd_info + state: deleted + config: + - fabric_name: "{{ ebgp_test_fabric_merged }}" + - fabric_name: "{{ ebgp_test_fabric_replaced }}" + - fabric_name: "{{ ebgp_test_fabric_deleted }}" + tags: always + +############################################################################# +# TEST 1: STATE MERGED - Create fabric using merged state +############################################################################# +- name: "TEST 1a: Create eBGP fabric using state merged (first run)" + cisco.nd.nd_manage_fabric_ebgp: + <<: *nd_info + state: merged + config: + - "{{ {'fabric_name': ebgp_test_fabric_merged} | combine(fabric_config_ebgp) }}" + register: ebgp_merged_result_1 + tags: [test_merged, test_merged_create] + +- name: "TEST 1a: Verify eBGP fabric was created using merged state" + assert: + that: + - ebgp_merged_result_1 is changed + - ebgp_merged_result_1 is not failed + fail_msg: "eBGP fabric creation with state merged failed" + success_msg: "eBGP fabric successfully created with state merged" + tags: [test_merged, test_merged_create] + +- name: "TEST 1b: Create eBGP fabric using state merged (second run - idempotency test)" + cisco.nd.nd_manage_fabric_ebgp: + <<: *nd_info + state: merged + config: + - "{{ {'fabric_name': ebgp_test_fabric_merged} | combine(fabric_config_ebgp) }}" + register: ebgp_merged_result_2 + tags: [test_merged, test_merged_idempotent] + +- name: "TEST 1b: Verify merged state is idempotent" + assert: + that: + - ebgp_merged_result_2 is not changed + - ebgp_merged_result_2 is not failed + fail_msg: "Merged state is not idempotent - should not change when run twice with same config" + success_msg: "Merged state is idempotent - no changes on second run" + tags: [test_merged, test_merged_idempotent] + +- name: "TEST 1c: Update eBGP fabric using state merged (modify existing)" + cisco.nd.nd_manage_fabric_ebgp: + <<: *nd_info + state: merged + config: + - fabric_name: "{{ ebgp_test_fabric_merged }}" + category: fabric + location: + latitude: 37.7749 + longitude: -122.4194 + license_tier: premier + alert_suspend: disabled + security_domain: all + telemetry_collection: false + management: + type: vxlanEbgp + bgp_asn: "65002" # Changed from 65001 + bgp_asn_auto_allocation: false + site_id: "65002" # Changed from 65001 + bgp_as_mode: multiAS + bgp_allow_as_in_num: 1 + bgp_max_path: 4 + auto_configure_ebgp_evpn_peering: true + target_subnet_mask: 30 + anycast_gateway_mac: "2020.0000.00bb" # Changed from 00aa + performance_monitoring: true # Changed from false + replication_mode: multicast + multicast_group_subnet: "239.1.1.0/25" + auto_generate_multicast_group_address: false + underlay_multicast_group_address_limit: 128 + tenant_routed_multicast: false + rendezvous_point_count: 2 + rendezvous_point_loopback_id: 254 + vpc_peer_link_vlan: "3600" + vpc_peer_link_enable_native_vlan: false + vpc_peer_keep_alive_option: management + vpc_auto_recovery_timer: 360 + vpc_delay_restore_timer: 150 + vpc_peer_link_port_channel_id: "500" + advertise_physical_ip: false + vpc_domain_id_range: "1-1000" + bgp_loopback_id: 0 + nve_loopback_id: 1 + vrf_template: Default_VRF_Universal + network_template: Default_Network_Universal + vrf_extension_template: Default_VRF_Extension_Universal + network_extension_template: Default_Network_Extension_Universal + l3_vni_no_vlan_default_option: false + fabric_mtu: 9216 + l2_host_interface_mtu: 9216 + tenant_dhcp: true + nxapi: false + nxapi_https_port: 443 + nxapi_http: false + nxapi_http_port: 80 + snmp_trap: true + anycast_border_gateway_advertise_physical_ip: false + greenfield_debug_flag: disable + tcam_allocation: true + real_time_interface_statistics_collection: false + interface_statistics_load_interval: 10 + bgp_loopback_ip_range: "10.2.0.0/22" + nve_loopback_ip_range: "10.3.0.0/22" + anycast_rendezvous_point_ip_range: "10.254.254.0/24" + intra_fabric_subnet_range: "10.4.0.0/16" + l2_vni_range: "30000-49000" + l3_vni_range: "50000-59000" + network_vlan_range: "2300-2999" + vrf_vlan_range: "2000-2299" + sub_interface_dot1q_range: "2-511" + vrf_lite_auto_config: manual + vrf_lite_subnet_range: "10.33.0.0/16" + vrf_lite_subnet_target_mask: 30 + auto_unique_vrf_lite_ip_prefix: false + per_vrf_loopback_auto_provision: true + per_vrf_loopback_ip_range: "10.5.0.0/22" + banner: "" + day0_bootstrap: false + local_dhcp_server: false + dhcp_protocol_version: dhcpv4 + dhcp_start_address: "" + dhcp_end_address: "" + management_gateway: "" + management_ipv4_prefix: 24 + register: ebgp_merged_result_3 + tags: [test_merged, test_merged_update] + +- name: "TEST 1c: Verify eBGP fabric was updated using merged state" + assert: + that: + - ebgp_merged_result_3 is changed + - ebgp_merged_result_3 is not failed + fail_msg: "eBGP fabric update with state merged failed" + success_msg: "eBGP fabric successfully updated with state merged" + tags: [test_merged, test_merged_update] + +############################################################################# +# VALIDATION: Query ebgp_test_fabric_merged and validate expected changes +############################################################################# +- name: "VALIDATION 1: Authenticate with ND to get token" + ansible.builtin.uri: + url: "https://{{ ansible_host }}:{{ ansible_httpapi_port | default(443) }}/login" + method: POST + headers: + Content-Type: "application/json" + body_format: json + body: + domain: "{{ ansible_httpapi_login_domain | default('local') }}" + userName: "{{ ansible_user }}" + userPasswd: "{{ ansible_password }}" + validate_certs: false + return_content: true + status_code: + - 200 + register: nd_auth_response + tags: [test_merged, test_merged_validation] + delegate_to: localhost + +- name: "VALIDATION 1: Query ebgp_test_fabric_merged configuration from ND" + ansible.builtin.uri: + url: "https://{{ ansible_host }}:{{ ansible_httpapi_port | default(443) }}/api/v1/manage/fabrics/{{ ebgp_test_fabric_merged }}" + method: GET + headers: + Authorization: "Bearer {{ nd_auth_response.json.jwttoken }}" + Content-Type: "application/json" + validate_certs: false + return_content: true + status_code: + - 200 + - 404 + register: ebgp_merged_fabric_query + tags: [test_merged, test_merged_validation] + delegate_to: localhost + +- name: "VALIDATION 1: Parse eBGP fabric configuration response" + set_fact: + ebgp_merged_fabric_config: "{{ ebgp_merged_fabric_query.json }}" + tags: [test_merged, test_merged_validation] + +- name: "VALIDATION 1: Verify BGP ASN was updated to 65002" + assert: + that: + - ebgp_merged_fabric_config.management.bgpAsn == "65002" + fail_msg: "BGP ASN validation failed. Expected: 65002, Actual: {{ ebgp_merged_fabric_config.management.bgpAsn }}" + success_msg: "✓ BGP ASN correctly updated to 65002" + tags: [test_merged, test_merged_validation] + +- name: "VALIDATION 1: Verify Site ID was updated to 65002" + assert: + that: + - ebgp_merged_fabric_config.management.siteId == "65002" + fail_msg: "Site ID validation failed. Expected: 65002, Actual: {{ ebgp_merged_fabric_config.management.siteId }}" + success_msg: "✓ Site ID correctly updated to 65002" + tags: [test_merged, test_merged_validation] + +- name: "VALIDATION 1: Verify Anycast Gateway MAC was updated to 2020.0000.00bb" + assert: + that: + - ebgp_merged_fabric_config.management.anycastGatewayMac == "2020.0000.00bb" + fail_msg: "Anycast Gateway MAC validation failed. Expected: 2020.0000.00bb, Actual: {{ ebgp_merged_fabric_config.management.anycastGatewayMac }}" + success_msg: "✓ Anycast Gateway MAC correctly updated to 2020.0000.00bb" + tags: [test_merged, test_merged_validation] + +- name: "VALIDATION 1: Verify Performance Monitoring was enabled" + assert: + that: + - ebgp_merged_fabric_config.management.performanceMonitoring == true + fail_msg: "Performance Monitoring validation failed. Expected: true, Actual: {{ ebgp_merged_fabric_config.management.performanceMonitoring }}" + success_msg: "✓ Performance Monitoring correctly enabled" + tags: [test_merged, test_merged_validation] + +- name: "VALIDATION 1: Verify BGP AS Mode is multiAS" + assert: + that: + - ebgp_merged_fabric_config.management.bgpAsMode == "multiAS" + fail_msg: "BGP AS Mode validation failed. Expected: multiAS, Actual: {{ ebgp_merged_fabric_config.management.bgpAsMode }}" + success_msg: "✓ BGP AS Mode correctly set to multiAS" + tags: [test_merged, test_merged_validation] + +- name: "VALIDATION 1: Display successful validation summary for ebgp_test_fabric_merged" + debug: + msg: | + ======================================== + VALIDATION SUMMARY for ebgp_test_fabric_merged: + ======================================== + ✓ BGP ASN: {{ ebgp_merged_fabric_config.management.bgpAsn }} + ✓ Site ID: {{ ebgp_merged_fabric_config.management.siteId }} + ✓ Anycast Gateway MAC: {{ ebgp_merged_fabric_config.management.anycastGatewayMac }} + ✓ Performance Monitoring: {{ ebgp_merged_fabric_config.management.performanceMonitoring }} + ✓ BGP AS Mode: {{ ebgp_merged_fabric_config.management.bgpAsMode }} + + All 5 expected changes validated successfully! + ======================================== + tags: [test_merged, test_merged_validation] + +############################################################################# +# TEST 2: STATE REPLACED - Create and manage fabric using replaced state +############################################################################# +- name: "TEST 2a: Create eBGP fabric using state replaced (first run)" + cisco.nd.nd_manage_fabric_ebgp: + <<: *nd_info + state: replaced + config: + - fabric_name: "{{ ebgp_test_fabric_replaced }}" + category: fabric + location: + latitude: 37.7749 + longitude: -122.4194 + license_tier: premier + alert_suspend: disabled + security_domain: all + telemetry_collection: false + management: + type: vxlanEbgp + bgp_asn: "65004" # Different from default ASN + bgp_asn_auto_allocation: true + bgp_asn_range: "65000-65100" + site_id: "65004" # Different from default site_id + bgp_as_mode: multiAS # Different from default multiAS + bgp_allow_as_in_num: 2 # Different from default 1 + bgp_max_path: 8 # Different from default 4 + auto_configure_ebgp_evpn_peering: true + target_subnet_mask: 30 + anycast_gateway_mac: "2020.0000.00dd" # Different from default MAC + performance_monitoring: true # Different from default false + replication_mode: multicast + multicast_group_subnet: "239.1.3.0/25" # Different from default subnet + auto_generate_multicast_group_address: false + underlay_multicast_group_address_limit: 128 + tenant_routed_multicast: false + rendezvous_point_count: 4 # Different from default 2 + rendezvous_point_loopback_id: 253 # Different from default 254 + vpc_peer_link_vlan: "3700" # Different from default 3600 + vpc_peer_link_enable_native_vlan: false + vpc_peer_keep_alive_option: management + vpc_auto_recovery_timer: 300 # Different from default 360 + vpc_delay_restore_timer: 120 # Different from default 150 + vpc_peer_link_port_channel_id: "600" # Different from default 500 + vpc_ipv6_neighbor_discovery_sync: false # Different from default true + advertise_physical_ip: true # Different from default false + vpc_domain_id_range: "1-800" # Different from default 1-1000 + bgp_loopback_id: 0 + nve_loopback_id: 1 + vrf_template: Default_VRF_Universal + network_template: Default_Network_Universal + vrf_extension_template: Default_VRF_Extension_Universal + network_extension_template: Default_Network_Extension_Universal + l3_vni_no_vlan_default_option: false + fabric_mtu: 9000 # Different from default 9216 + l2_host_interface_mtu: 9000 # Different from default 9216 + tenant_dhcp: false # Different from default true + nxapi: false + nxapi_https_port: 443 + nxapi_http: true # Different from default false + nxapi_http_port: 80 + snmp_trap: false # Different from default true + anycast_border_gateway_advertise_physical_ip: true # Different from default false + greenfield_debug_flag: enable # Different from default disable + tcam_allocation: false # Different from default true + real_time_interface_statistics_collection: true # Different from default false + interface_statistics_load_interval: 30 # Different from default 10 + bgp_loopback_ip_range: "10.22.0.0/22" # Different from default range + nve_loopback_ip_range: "10.23.0.0/22" # Different from default range + anycast_rendezvous_point_ip_range: "10.254.252.0/24" # Different from default range + intra_fabric_subnet_range: "10.24.0.0/16" # Different from default range + l2_vni_range: "40000-59000" # Different from default range + l3_vni_range: "60000-69000" # Different from default range + network_vlan_range: "2400-3099" # Different from default range + vrf_vlan_range: "2100-2399" # Different from default range + sub_interface_dot1q_range: "2-511" + vrf_lite_auto_config: manual + vrf_lite_subnet_range: "10.53.0.0/16" # Different from default range + vrf_lite_subnet_target_mask: 30 + auto_unique_vrf_lite_ip_prefix: false + per_vrf_loopback_auto_provision: true + per_vrf_loopback_ip_range: "10.25.0.0/22" # Different from default range + per_vrf_loopback_auto_provision_ipv6: true + per_vrf_loopback_ipv6_range: "fd00::a25:0/112" # Different from default range + banner: "^ Updated via replaced state ^" + day0_bootstrap: false + local_dhcp_server: false + dhcp_protocol_version: dhcpv4 + dhcp_start_address: "" + dhcp_end_address: "" + management_gateway: "" + management_ipv4_prefix: 24 + management_ipv6_prefix: 64 + register: ebgp_replaced_result_1 + tags: [test_replaced, test_replaced_create] + +- name: "TEST 2a: Verify eBGP fabric was created using replaced state" + assert: + that: + - ebgp_replaced_result_1 is changed + - ebgp_replaced_result_1 is not failed + fail_msg: "eBGP fabric creation with state replaced failed" + success_msg: "eBGP fabric successfully created with state replaced" + tags: [test_replaced, test_replaced_create] + +- name: "TEST 2b: Create eBGP fabric using state replaced (second run - idempotency test)" + cisco.nd.nd_manage_fabric_ebgp: + <<: *nd_info + state: replaced + config: + - fabric_name: "{{ ebgp_test_fabric_replaced }}" + category: fabric + location: + latitude: 37.7749 + longitude: -122.4194 + license_tier: premier + alert_suspend: disabled + security_domain: all + telemetry_collection: false + management: + type: vxlanEbgp + bgp_asn: "65004" # Different from default ASN + bgp_asn_auto_allocation: true + bgp_asn_range: "65000-65100" + site_id: "65004" + bgp_as_mode: multiAS # Different from default multiAS + bgp_allow_as_in_num: 2 + bgp_max_path: 8 + auto_configure_ebgp_evpn_peering: true + target_subnet_mask: 30 + anycast_gateway_mac: "2020.0000.00dd" + performance_monitoring: true + replication_mode: multicast + multicast_group_subnet: "239.1.3.0/25" + auto_generate_multicast_group_address: false + underlay_multicast_group_address_limit: 128 + tenant_routed_multicast: false + rendezvous_point_count: 4 + rendezvous_point_loopback_id: 253 + vpc_peer_link_vlan: "3700" + vpc_peer_link_enable_native_vlan: false + vpc_peer_keep_alive_option: management + vpc_auto_recovery_timer: 300 + vpc_delay_restore_timer: 120 + vpc_peer_link_port_channel_id: "600" + vpc_ipv6_neighbor_discovery_sync: false + advertise_physical_ip: true + vpc_domain_id_range: "1-800" + bgp_loopback_id: 0 + nve_loopback_id: 1 + vrf_template: Default_VRF_Universal + network_template: Default_Network_Universal + vrf_extension_template: Default_VRF_Extension_Universal + network_extension_template: Default_Network_Extension_Universal + l3_vni_no_vlan_default_option: false + fabric_mtu: 9000 + l2_host_interface_mtu: 9000 + tenant_dhcp: false + nxapi: false + nxapi_https_port: 443 + nxapi_http: true + nxapi_http_port: 80 + snmp_trap: false + anycast_border_gateway_advertise_physical_ip: true + greenfield_debug_flag: enable + tcam_allocation: false + real_time_interface_statistics_collection: true + interface_statistics_load_interval: 30 + bgp_loopback_ip_range: "10.22.0.0/22" + nve_loopback_ip_range: "10.23.0.0/22" + anycast_rendezvous_point_ip_range: "10.254.252.0/24" + intra_fabric_subnet_range: "10.24.0.0/16" + l2_vni_range: "40000-59000" + l3_vni_range: "60000-69000" + network_vlan_range: "2400-3099" + vrf_vlan_range: "2100-2399" + sub_interface_dot1q_range: "2-511" + vrf_lite_auto_config: manual + vrf_lite_subnet_range: "10.53.0.0/16" + vrf_lite_subnet_target_mask: 30 + auto_unique_vrf_lite_ip_prefix: false + per_vrf_loopback_auto_provision: true + per_vrf_loopback_ip_range: "10.25.0.0/22" + per_vrf_loopback_auto_provision_ipv6: true + per_vrf_loopback_ipv6_range: "fd00::a25:0/112" + banner: "^ Updated via replaced state ^" + day0_bootstrap: false + local_dhcp_server: false + dhcp_protocol_version: dhcpv4 + dhcp_start_address: "" + dhcp_end_address: "" + management_gateway: "" + management_ipv4_prefix: 24 + management_ipv6_prefix: 64 + register: ebgp_replaced_result_2 + tags: [test_replaced, test_replaced_idempotent] + +- name: "TEST 2b: Verify replaced state is idempotent" + assert: + that: + - ebgp_replaced_result_2 is not changed + - ebgp_replaced_result_2 is not failed + fail_msg: "Replaced state is not idempotent - should not change when run twice with same config" + success_msg: "Replaced state is idempotent - no changes on second run" + tags: [test_replaced, test_replaced_idempotent] + +- name: "TEST 2c: Update eBGP fabric using state replaced (complete replacement with minimal config)" + cisco.nd.nd_manage_fabric_ebgp: + <<: *nd_info + state: replaced + config: + - fabric_name: "{{ ebgp_test_fabric_replaced }}" + category: fabric + location: + latitude: 37.7749 + longitude: -122.4194 + license_tier: premier + alert_suspend: disabled + security_domain: all + telemetry_collection: false + management: + type: vxlanEbgp + bgp_asn: "65004" # Different from default ASN + bgp_asn_auto_allocation: true + bgp_asn_range: "65000-65100" + site_id: "65004" + banner: "^ Updated via replaced state ^" + register: ebgp_replaced_result_3 + tags: [test_replaced, test_replaced_update] + +- name: "TEST 2c: Verify eBGP fabric was completely replaced (defaults restored)" + assert: + that: + - ebgp_replaced_result_3 is changed + - ebgp_replaced_result_3 is not failed + fail_msg: "eBGP fabric replacement with state replaced failed" + success_msg: "eBGP fabric successfully replaced with state replaced" + tags: [test_replaced, test_replaced_update] + +############################################################################# +# VALIDATION: Query ebgp_test_fabric_replaced and validate defaults are restored +############################################################################# +- name: "VALIDATION 2: Authenticate with ND to get token" + ansible.builtin.uri: + url: "https://{{ ansible_host }}:{{ ansible_httpapi_port | default(443) }}/login" + method: POST + headers: + Content-Type: "application/json" + body_format: json + body: + domain: "{{ ansible_httpapi_login_domain | default('local') }}" + userName: "{{ ansible_user }}" + userPasswd: "{{ ansible_password }}" + validate_certs: false + return_content: true + status_code: + - 200 + register: nd_auth_response_2 + tags: [test_replaced, test_replaced_validation] + delegate_to: localhost + +- name: "VALIDATION 2: Query ebgp_test_fabric_replaced configuration from ND" + ansible.builtin.uri: + url: "https://{{ ansible_host }}:{{ ansible_httpapi_port | default(443) }}/api/v1/manage/fabrics/{{ ebgp_test_fabric_replaced }}" + method: GET + headers: + Authorization: "Bearer {{ nd_auth_response_2.json.jwttoken }}" + Content-Type: "application/json" + validate_certs: false + return_content: true + status_code: + - 200 + - 404 + register: ebgp_replaced_fabric_query + tags: [test_replaced, test_replaced_validation] + delegate_to: localhost + +- name: "VALIDATION 2: Parse eBGP fabric configuration response" + set_fact: + ebgp_replaced_fabric_config: "{{ ebgp_replaced_fabric_query.json }}" + tags: [test_replaced, test_replaced_validation] + +# Network Range Validations - verify defaults were restored +- name: "VALIDATION 2: Verify L3 VNI Range was standardized to 50000-59000" + assert: + that: + - ebgp_replaced_fabric_config.management.l3VniRange == "50000-59000" + fail_msg: "L3 VNI Range validation failed. Expected: 50000-59000, Actual: {{ ebgp_replaced_fabric_config.management.l3VniRange }}" + success_msg: "✓ L3 VNI Range correctly standardized to 50000-59000" + tags: [test_replaced, test_replaced_validation] + +- name: "VALIDATION 2: Verify L2 VNI Range was standardized to 30000-49000" + assert: + that: + - ebgp_replaced_fabric_config.management.l2VniRange == "30000-49000" + fail_msg: "L2 VNI Range validation failed. Expected: 30000-49000, Actual: {{ ebgp_replaced_fabric_config.management.l2VniRange }}" + success_msg: "✓ L2 VNI Range correctly standardized to 30000-49000" + tags: [test_replaced, test_replaced_validation] + +- name: "VALIDATION 2: Verify BGP Loopback IP Range was standardized to 10.2.0.0/22" + assert: + that: + - ebgp_replaced_fabric_config.management.bgpLoopbackIpRange == "10.2.0.0/22" + fail_msg: "BGP Loopback IP Range validation failed. Expected: 10.2.0.0/22, Actual: {{ ebgp_replaced_fabric_config.management.bgpLoopbackIpRange }}" + success_msg: "✓ BGP Loopback IP Range correctly standardized to 10.2.0.0/22" + tags: [test_replaced, test_replaced_validation] + +- name: "VALIDATION 2: Verify NVE Loopback IP Range was standardized to 10.3.0.0/22" + assert: + that: + - ebgp_replaced_fabric_config.management.nveLoopbackIpRange == "10.3.0.0/22" + fail_msg: "NVE Loopback IP Range validation failed. Expected: 10.3.0.0/22, Actual: {{ ebgp_replaced_fabric_config.management.nveLoopbackIpRange }}" + success_msg: "✓ NVE Loopback IP Range correctly standardized to 10.3.0.0/22" + tags: [test_replaced, test_replaced_validation] + +- name: "VALIDATION 2: Verify Intra-Fabric Subnet Range was standardized to 10.4.0.0/16" + assert: + that: + - ebgp_replaced_fabric_config.management.intraFabricSubnetRange == "10.4.0.0/16" + fail_msg: "Intra-Fabric Subnet Range validation failed. Expected: 10.4.0.0/16, Actual: {{ ebgp_replaced_fabric_config.management.intraFabricSubnetRange }}" + success_msg: "✓ Intra-Fabric Subnet Range correctly standardized to 10.4.0.0/16" + tags: [test_replaced, test_replaced_validation] + +- name: "VALIDATION 2: Verify VRF Lite Subnet Range was standardized to 10.33.0.0/16" + assert: + that: + - ebgp_replaced_fabric_config.management.vrfLiteSubnetRange == "10.33.0.0/16" + fail_msg: "VRF Lite Subnet Range validation failed. Expected: 10.33.0.0/16, Actual: {{ ebgp_replaced_fabric_config.management.vrfLiteSubnetRange }}" + success_msg: "✓ VRF Lite Subnet Range correctly standardized to 10.33.0.0/16" + tags: [test_replaced, test_replaced_validation] + +- name: "VALIDATION 2: Verify Anycast RP IP Range was standardized to 10.254.254.0/24" + assert: + that: + - ebgp_replaced_fabric_config.management.anycastRendezvousPointIpRange == "10.254.254.0/24" + fail_msg: "Anycast RP IP Range validation failed. Expected: 10.254.254.0/24, Actual: {{ ebgp_replaced_fabric_config.management.anycastRendezvousPointIpRange }}" + success_msg: "✓ Anycast RP IP Range correctly standardized to 10.254.254.0/24" + tags: [test_replaced, test_replaced_validation] + +# VLAN Range Validations +- name: "VALIDATION 2: Verify Network VLAN Range was standardized to 2300-2999" + assert: + that: + - ebgp_replaced_fabric_config.management.networkVlanRange == "2300-2999" + fail_msg: "Network VLAN Range validation failed. Expected: 2300-2999, Actual: {{ ebgp_replaced_fabric_config.management.networkVlanRange }}" + success_msg: "✓ Network VLAN Range correctly standardized to 2300-2999" + tags: [test_replaced, test_replaced_validation] + +- name: "VALIDATION 2: Verify VRF VLAN Range was standardized to 2000-2299" + assert: + that: + - ebgp_replaced_fabric_config.management.vrfVlanRange == "2000-2299" + fail_msg: "VRF VLAN Range validation failed. Expected: 2000-2299, Actual: {{ ebgp_replaced_fabric_config.management.vrfVlanRange }}" + success_msg: "✓ VRF VLAN Range correctly standardized to 2000-2299" + tags: [test_replaced, test_replaced_validation] + +# MTU Validations +- name: "VALIDATION 2: Verify Fabric MTU was restored to 9216" + assert: + that: + - ebgp_replaced_fabric_config.management.fabricMtu == 9216 + fail_msg: "Fabric MTU validation failed. Expected: 9216, Actual: {{ ebgp_replaced_fabric_config.management.fabricMtu }}" + success_msg: "✓ Fabric MTU correctly restored to 9216" + tags: [test_replaced, test_replaced_validation] + +- name: "VALIDATION 2: Verify L2 Host Interface MTU was restored to 9216" + assert: + that: + - ebgp_replaced_fabric_config.management.l2HostInterfaceMtu == 9216 + fail_msg: "L2 Host Interface MTU validation failed. Expected: 9216, Actual: {{ ebgp_replaced_fabric_config.management.l2HostInterfaceMtu }}" + success_msg: "✓ L2 Host Interface MTU correctly restored to 9216" + tags: [test_replaced, test_replaced_validation] + +# Gateway and Multicast Validations +- name: "VALIDATION 2: Verify Anycast Gateway MAC was standardized to 2020.0000.00aa" + assert: + that: + - ebgp_replaced_fabric_config.management.anycastGatewayMac == "2020.0000.00aa" + fail_msg: "Anycast Gateway MAC validation failed. Expected: 2020.0000.00aa, Actual: {{ ebgp_replaced_fabric_config.management.anycastGatewayMac }}" + success_msg: "✓ Anycast Gateway MAC correctly standardized to 2020.0000.00aa" + tags: [test_replaced, test_replaced_validation] + +- name: "VALIDATION 2: Verify Multicast Group Subnet was standardized to 239.1.1.0/25" + assert: + that: + - ebgp_replaced_fabric_config.management.multicastGroupSubnet == "239.1.1.0/25" + fail_msg: "Multicast Group Subnet validation failed. Expected: 239.1.1.0/25, Actual: {{ ebgp_replaced_fabric_config.management.multicastGroupSubnet }}" + success_msg: "✓ Multicast Group Subnet correctly standardized to 239.1.1.0/25" + tags: [test_replaced, test_replaced_validation] + +# VPC Configuration Validations +- name: "VALIDATION 2: Verify VPC Auto Recovery Timer was standardized to 360" + assert: + that: + - ebgp_replaced_fabric_config.management.vpcAutoRecoveryTimer == 360 + fail_msg: "VPC Auto Recovery Timer validation failed. Expected: 360, Actual: {{ ebgp_replaced_fabric_config.management.vpcAutoRecoveryTimer }}" + success_msg: "✓ VPC Auto Recovery Timer correctly standardized to 360" + tags: [test_replaced, test_replaced_validation] + +- name: "VALIDATION 2: Verify VPC Delay Restore Timer was standardized to 150" + assert: + that: + - ebgp_replaced_fabric_config.management.vpcDelayRestoreTimer == 150 + fail_msg: "VPC Delay Restore Timer validation failed. Expected: 150, Actual: {{ ebgp_replaced_fabric_config.management.vpcDelayRestoreTimer }}" + success_msg: "✓ VPC Delay Restore Timer correctly standardized to 150" + tags: [test_replaced, test_replaced_validation] + +- name: "VALIDATION 2: Verify VPC Peer Link Port Channel ID was standardized to 500" + assert: + that: + - ebgp_replaced_fabric_config.management.vpcPeerLinkPortChannelId == "500" + fail_msg: "VPC Peer Link Port Channel ID validation failed. Expected: 500, Actual: {{ ebgp_replaced_fabric_config.management.vpcPeerLinkPortChannelId }}" + success_msg: "✓ VPC Peer Link Port Channel ID correctly standardized to 500" + tags: [test_replaced, test_replaced_validation] + +- name: "VALIDATION 2: Verify VPC Peer Link VLAN was standardized to 3600" + assert: + that: + - ebgp_replaced_fabric_config.management.vpcPeerLinkVlan == "3600" + fail_msg: "VPC Peer Link VLAN validation failed. Expected: 3600, Actual: {{ ebgp_replaced_fabric_config.management.vpcPeerLinkVlan }}" + success_msg: "✓ VPC Peer Link VLAN correctly standardized to 3600" + tags: [test_replaced, test_replaced_validation] + +- name: "VALIDATION 2: Verify VPC Domain ID Range was standardized to 1-1000" + assert: + that: + - ebgp_replaced_fabric_config.management.vpcDomainIdRange == "1-1000" + fail_msg: "VPC Domain ID Range validation failed. Expected: 1-1000, Actual: {{ ebgp_replaced_fabric_config.management.vpcDomainIdRange }}" + success_msg: "✓ VPC Domain ID Range correctly standardized to 1-1000" + tags: [test_replaced, test_replaced_validation] + +- name: "VALIDATION 2: Verify VPC IPv6 Neighbor Discovery Sync was enabled" + assert: + that: + - ebgp_replaced_fabric_config.management.vpcIpv6NeighborDiscoverySync == true + fail_msg: "VPC IPv6 Neighbor Discovery Sync validation failed. Expected: true, Actual: {{ ebgp_replaced_fabric_config.management.vpcIpv6NeighborDiscoverySync }}" + success_msg: "✓ VPC IPv6 Neighbor Discovery Sync correctly enabled" + tags: [test_replaced, test_replaced_validation] + +# Multicast Settings Validations +- name: "VALIDATION 2: Verify Rendezvous Point Count was standardized to 2" + assert: + that: + - ebgp_replaced_fabric_config.management.rendezvousPointCount == 2 + fail_msg: "Rendezvous Point Count validation failed. Expected: 2, Actual: {{ ebgp_replaced_fabric_config.management.rendezvousPointCount }}" + success_msg: "✓ Rendezvous Point Count correctly standardized to 2" + tags: [test_replaced, test_replaced_validation] + +- name: "VALIDATION 2: Verify Rendezvous Point Loopback ID was standardized to 254" + assert: + that: + - ebgp_replaced_fabric_config.management.rendezvousPointLoopbackId == 254 + fail_msg: "Rendezvous Point Loopback ID validation failed. Expected: 254, Actual: {{ ebgp_replaced_fabric_config.management.rendezvousPointLoopbackId }}" + success_msg: "✓ Rendezvous Point Loopback ID correctly standardized to 254" + tags: [test_replaced, test_replaced_validation] + +# eBGP-specific Validations +- name: "VALIDATION 2: Verify BGP AS Mode was standardized to multiAS" + assert: + that: + - ebgp_replaced_fabric_config.management.bgpAsMode == "multiAS" + fail_msg: "BGP AS Mode validation failed. Expected: multiAS, Actual: {{ ebgp_replaced_fabric_config.management.bgpAsMode }}" + success_msg: "✓ BGP AS Mode correctly standardized to multiAS" + tags: [test_replaced, test_replaced_validation] + +- name: "VALIDATION 2: Verify BGP Allow AS In Num was standardized to 1" + assert: + that: + - ebgp_replaced_fabric_config.management.bgpAllowAsInNum == 1 + fail_msg: "BGP Allow AS In Num validation failed. Expected: 1, Actual: {{ ebgp_replaced_fabric_config.management.bgpAllowAsInNum }}" + success_msg: "✓ BGP Allow AS In Num correctly standardized to 1" + tags: [test_replaced, test_replaced_validation] + +- name: "VALIDATION 2: Verify BGP Max Path was standardized to 4" + assert: + that: + - ebgp_replaced_fabric_config.management.bgpMaxPath == 4 + fail_msg: "BGP Max Path validation failed. Expected: 4, Actual: {{ ebgp_replaced_fabric_config.management.bgpMaxPath }}" + success_msg: "✓ BGP Max Path correctly standardized to 4" + tags: [test_replaced, test_replaced_validation] + +# Feature Flag Validations +- name: "VALIDATION 2: Verify TCAM Allocation was re-enabled" + assert: + that: + - ebgp_replaced_fabric_config.management.tcamAllocation == true + fail_msg: "TCAM Allocation validation failed. Expected: true, Actual: {{ ebgp_replaced_fabric_config.management.tcamAllocation }}" + success_msg: "✓ TCAM Allocation correctly re-enabled" + tags: [test_replaced, test_replaced_validation] + +- name: "VALIDATION 2: Verify Real Time Interface Statistics Collection was disabled" + assert: + that: + - ebgp_replaced_fabric_config.management.realTimeInterfaceStatisticsCollection == false + fail_msg: "Real Time Interface Statistics Collection validation failed. Expected: false, Actual: {{ ebgp_replaced_fabric_config.management.realTimeInterfaceStatisticsCollection }}" + success_msg: "✓ Real Time Interface Statistics Collection correctly disabled" + tags: [test_replaced, test_replaced_validation] + +- name: "VALIDATION 2: Verify Performance Monitoring was disabled" + assert: + that: + - ebgp_replaced_fabric_config.management.performanceMonitoring == false + fail_msg: "Performance Monitoring validation failed. Expected: false, Actual: {{ ebgp_replaced_fabric_config.management.performanceMonitoring }}" + success_msg: "✓ Performance Monitoring correctly disabled" + tags: [test_replaced, test_replaced_validation] + +- name: "VALIDATION 2: Verify Tenant DHCP was re-enabled" + assert: + that: + - ebgp_replaced_fabric_config.management.tenantDhcp == true + fail_msg: "Tenant DHCP validation failed. Expected: true, Actual: {{ ebgp_replaced_fabric_config.management.tenantDhcp }}" + success_msg: "✓ Tenant DHCP correctly re-enabled" + tags: [test_replaced, test_replaced_validation] + +- name: "VALIDATION 2: Verify SNMP Trap was re-enabled" + assert: + that: + - ebgp_replaced_fabric_config.management.snmpTrap == true + fail_msg: "SNMP Trap validation failed. Expected: true, Actual: {{ ebgp_replaced_fabric_config.management.snmpTrap }}" + success_msg: "✓ SNMP Trap correctly re-enabled" + tags: [test_replaced, test_replaced_validation] + +- name: "VALIDATION 2: Verify Greenfield Debug Flag was set to disable (eBGP default)" + assert: + that: + - ebgp_replaced_fabric_config.management.greenfieldDebugFlag == "disable" + fail_msg: "Greenfield Debug Flag validation failed. Expected: disable, Actual: {{ ebgp_replaced_fabric_config.management.greenfieldDebugFlag }}" + success_msg: "✓ Greenfield Debug Flag correctly set to disable (eBGP default)" + tags: [test_replaced, test_replaced_validation] + +- name: "VALIDATION 2: Verify NXAPI HTTP is always true for eBGP (ND enforced behavior)" + assert: + that: + - ebgp_replaced_fabric_config.management.nxapiHttp == true + fail_msg: "NXAPI HTTP validation failed. ND enforces nxapiHttp=true for eBGP fabrics, Actual: {{ ebgp_replaced_fabric_config.management.nxapiHttp }}" + success_msg: "✓ NXAPI HTTP is true (ND enforces this for eBGP fabrics regardless of configured value)" + tags: [test_replaced, test_replaced_validation] + +- name: "VALIDATION 2: Verify NXAPI was disabled" + assert: + that: + - ebgp_replaced_fabric_config.management.nxapi == false + fail_msg: "NXAPI validation failed. Expected: false, Actual: {{ ebgp_replaced_fabric_config.management.nxapi }}" + success_msg: "✓ NXAPI correctly disabled" + tags: [test_replaced, test_replaced_validation] + +- name: "VALIDATION 2: Verify Per VRF Loopback Auto Provision was disabled" + assert: + that: + - ebgp_replaced_fabric_config.management.perVrfLoopbackAutoProvision == false + fail_msg: "Per VRF Loopback Auto Provision validation failed. Expected: false, Actual: {{ ebgp_replaced_fabric_config.management.perVrfLoopbackAutoProvision }}" + success_msg: "✓ Per VRF Loopback Auto Provision correctly disabled" + tags: [test_replaced, test_replaced_validation] + +- name: "VALIDATION 2: Verify Per VRF Loopback Auto Provision IPv6 was disabled" + assert: + that: + - ebgp_replaced_fabric_config.management.perVrfLoopbackAutoProvisionIpv6 == false + fail_msg: "Per VRF Loopback Auto Provision IPv6 validation failed. Expected: false, Actual: {{ ebgp_replaced_fabric_config.management.perVrfLoopbackAutoProvisionIpv6 }}" + success_msg: "✓ Per VRF Loopback Auto Provision IPv6 correctly disabled" + tags: [test_replaced, test_replaced_validation] + +- name: "VALIDATION 2: Verify Banner was preserved" + assert: + that: + - ebgp_replaced_fabric_config.management.banner == "^ Updated via replaced state ^" + fail_msg: "Banner validation failed. Expected: '^ Updated via replaced state ^', Actual: {{ ebgp_replaced_fabric_config.management.banner }}" + success_msg: "✓ Banner correctly preserved: '{{ ebgp_replaced_fabric_config.management.banner }}'" + tags: [test_replaced, test_replaced_validation] + +- name: "VALIDATION 2: Display successful validation summary for ebgp_test_fabric_replaced" + debug: + msg: | + ======================================== + VALIDATION SUMMARY for ebgp_test_fabric_replaced: + ======================================== + Network Ranges (restored to defaults): + ✓ L3 VNI Range: {{ ebgp_replaced_fabric_config.management.l3VniRange }} + ✓ L2 VNI Range: {{ ebgp_replaced_fabric_config.management.l2VniRange }} + ✓ BGP Loopback IP Range: {{ ebgp_replaced_fabric_config.management.bgpLoopbackIpRange }} + ✓ NVE Loopback IP Range: {{ ebgp_replaced_fabric_config.management.nveLoopbackIpRange }} + ✓ Intra-Fabric Subnet Range: {{ ebgp_replaced_fabric_config.management.intraFabricSubnetRange }} + ✓ VRF Lite Subnet Range: {{ ebgp_replaced_fabric_config.management.vrfLiteSubnetRange }} + ✓ Anycast RP IP Range: {{ ebgp_replaced_fabric_config.management.anycastRendezvousPointIpRange }} + + VLAN Ranges: + ✓ Network VLAN Range: {{ ebgp_replaced_fabric_config.management.networkVlanRange }} + ✓ VRF VLAN Range: {{ ebgp_replaced_fabric_config.management.vrfVlanRange }} + + MTU Settings: + ✓ Fabric MTU: {{ ebgp_replaced_fabric_config.management.fabricMtu }} + ✓ L2 Host Interface MTU: {{ ebgp_replaced_fabric_config.management.l2HostInterfaceMtu }} + + VPC Configuration: + ✓ VPC Auto Recovery Timer: {{ ebgp_replaced_fabric_config.management.vpcAutoRecoveryTimer }} + ✓ VPC Delay Restore Timer: {{ ebgp_replaced_fabric_config.management.vpcDelayRestoreTimer }} + ✓ VPC Peer Link Port Channel ID: {{ ebgp_replaced_fabric_config.management.vpcPeerLinkPortChannelId }} + ✓ VPC Peer Link VLAN: {{ ebgp_replaced_fabric_config.management.vpcPeerLinkVlan }} + ✓ VPC Domain ID Range: {{ ebgp_replaced_fabric_config.management.vpcDomainIdRange }} + ✓ VPC IPv6 Neighbor Discovery Sync: {{ ebgp_replaced_fabric_config.management.vpcIpv6NeighborDiscoverySync }} + + Gateway & Multicast: + ✓ Anycast Gateway MAC: {{ ebgp_replaced_fabric_config.management.anycastGatewayMac }} + ✓ Multicast Group Subnet: {{ ebgp_replaced_fabric_config.management.multicastGroupSubnet }} + ✓ Rendezvous Point Count: {{ ebgp_replaced_fabric_config.management.rendezvousPointCount }} + ✓ Rendezvous Point Loopback ID: {{ ebgp_replaced_fabric_config.management.rendezvousPointLoopbackId }} + + eBGP-specific: + ✓ BGP AS Mode: {{ ebgp_replaced_fabric_config.management.bgpAsMode }} + ✓ BGP Allow AS In Num: {{ ebgp_replaced_fabric_config.management.bgpAllowAsInNum }} + ✓ BGP Max Path: {{ ebgp_replaced_fabric_config.management.bgpMaxPath }} + + Feature Flags: + ✓ TCAM Allocation: {{ ebgp_replaced_fabric_config.management.tcamAllocation }} + ✓ Real Time Interface Statistics Collection: {{ ebgp_replaced_fabric_config.management.realTimeInterfaceStatisticsCollection }} + ✓ Performance Monitoring: {{ ebgp_replaced_fabric_config.management.performanceMonitoring }} + ✓ Tenant DHCP: {{ ebgp_replaced_fabric_config.management.tenantDhcp }} + ✓ SNMP Trap: {{ ebgp_replaced_fabric_config.management.snmpTrap }} + ✓ Greenfield Debug Flag (eBGP default): {{ ebgp_replaced_fabric_config.management.greenfieldDebugFlag }} + ✓ NXAPI HTTP (ND enforces true for eBGP): {{ ebgp_replaced_fabric_config.management.nxapiHttp }} + ✓ NXAPI: {{ ebgp_replaced_fabric_config.management.nxapi }} + + Auto-Provisioning: + ✓ Per VRF Loopback Auto Provision: {{ ebgp_replaced_fabric_config.management.perVrfLoopbackAutoProvision }} + ✓ Per VRF Loopback Auto Provision IPv6: {{ ebgp_replaced_fabric_config.management.perVrfLoopbackAutoProvisionIpv6 }} + + Preserved Settings: + ✓ Banner: "{{ ebgp_replaced_fabric_config.management.banner }}" + + All 35+ expected changes validated successfully! + ======================================== + tags: [test_replaced, test_replaced_validation] + +############################################################################# +# TEST 3: Demonstrate difference between merged and replaced states +############################################################################# +- name: "TEST 3: Create eBGP fabric for merged vs replaced comparison" + cisco.nd.nd_manage_fabric_ebgp: + <<: *nd_info + state: replaced + config: + - "{{ {'fabric_name': ebgp_test_fabric_deleted} | combine(fabric_config_ebgp) }}" + register: ebgp_comparison_fabric_creation + tags: [test_comparison] + +- name: "TEST 3a: Partial update using merged state (should merge changes)" + cisco.nd.nd_manage_fabric_ebgp: + <<: *nd_info + state: merged + config: + - fabric_name: "{{ ebgp_test_fabric_deleted }}" + category: fabric + management: + bgp_asn: "65004" # Different from default ASN + # bgp_asn_auto_allocation: true + bgp_asn_range: "65000-65100" + fabric_mtu: 8000 # Only updating MTU + register: ebgp_merged_partial_result + tags: [test_comparison, test_merged_partial] + +- name: "TEST 3a: Verify merged state preserves existing configuration" + assert: + that: + - ebgp_merged_partial_result is changed + - ebgp_merged_partial_result is not failed + fail_msg: "Partial update with merged state failed" + success_msg: "Merged state successfully performed partial update" + tags: [test_comparison, test_merged_partial] + +- name: "TEST 3b: Partial update using replaced state (should replace entire config)" + cisco.nd.nd_manage_fabric_ebgp: + <<: *nd_info + state: replaced + config: + - fabric_name: "{{ ebgp_test_fabric_deleted }}" + category: fabric + management: + type: vxlanEbgp + bgp_asn: "65100" + bgp_asn_auto_allocation: true + bgp_asn_range: "65000-65100" + target_subnet_mask: 30 + register: ebgp_replaced_partial_result + tags: [test_comparison, test_replaced_partial] + +- name: "TEST 3b: Verify replaced state performs complete replacement" + assert: + that: + - ebgp_replaced_partial_result is changed + - ebgp_replaced_partial_result is not failed + fail_msg: "Partial replacement with replaced state failed" + success_msg: "Replaced state successfully performed complete replacement" + tags: [test_comparison, test_replaced_partial] + +############################################################################# +# TEST 4: STATE DELETED - Delete fabrics +############################################################################# +- name: "TEST 4a: Delete eBGP fabric using state deleted" + cisco.nd.nd_manage_fabric_ebgp: + <<: *nd_info + state: deleted + config: + - fabric_name: "{{ ebgp_test_fabric_deleted }}" + register: ebgp_deleted_result_1 + tags: [test_deleted, test_deleted_delete] + +- name: "TEST 4a: Verify eBGP fabric was deleted" + assert: + that: + - ebgp_deleted_result_1 is changed + - ebgp_deleted_result_1 is not failed + fail_msg: "eBGP fabric deletion with state deleted failed" + success_msg: "eBGP fabric successfully deleted with state deleted" + tags: [test_deleted, test_deleted_delete] + +- name: "TEST 4b: Delete eBGP fabric using state deleted (second run - idempotency test)" + cisco.nd.nd_manage_fabric_ebgp: + <<: *nd_info + state: deleted + config: + - fabric_name: "{{ ebgp_test_fabric_deleted }}" + register: ebgp_deleted_result_2 + tags: [test_deleted, test_deleted_idempotent] + +- name: "TEST 4b: Verify deleted state is idempotent" + assert: + that: + - ebgp_deleted_result_2 is not changed + - ebgp_deleted_result_2 is not failed + fail_msg: "Deleted state is not idempotent - should not change when deleting non-existent fabric" + success_msg: "Deleted state is idempotent - no changes when deleting non-existent fabric" + tags: [test_deleted, test_deleted_idempotent] + +############################################################################# +# TEST 5: Multiple fabric operations in single task +############################################################################# +- name: "TEST 5: Multiple eBGP fabric operations in single task" + cisco.nd.nd_manage_fabric_ebgp: + <<: *nd_info + state: merged + config: + - fabric_name: "multi_ebgp_fabric_1" + category: fabric + location: + latitude: 37.7749 + longitude: -122.4194 + license_tier: premier + alert_suspend: disabled + security_domain: all + telemetry_collection: false + management: + type: vxlanEbgp + bgp_asn: "65101" + bgp_asn_auto_allocation: false + site_id: "65101" + bgp_as_mode: sameTierAS + bgp_allow_as_in_num: 1 + bgp_max_path: 4 + auto_configure_ebgp_evpn_peering: true + target_subnet_mask: 30 + anycast_gateway_mac: "2020.0000.0001" + performance_monitoring: false + replication_mode: multicast + multicast_group_subnet: "239.1.1.0/25" + auto_generate_multicast_group_address: false + underlay_multicast_group_address_limit: 128 + tenant_routed_multicast: false + rendezvous_point_count: 2 + rendezvous_point_loopback_id: 254 + vpc_peer_link_vlan: "3600" + vpc_peer_link_enable_native_vlan: false + vpc_peer_keep_alive_option: management + vpc_auto_recovery_timer: 360 + vpc_delay_restore_timer: 150 + vpc_peer_link_port_channel_id: "500" + advertise_physical_ip: false + vpc_domain_id_range: "1-1000" + bgp_loopback_id: 0 + nve_loopback_id: 1 + vrf_template: Default_VRF_Universal + network_template: Default_Network_Universal + vrf_extension_template: Default_VRF_Extension_Universal + network_extension_template: Default_Network_Extension_Universal + l3_vni_no_vlan_default_option: false + fabric_mtu: 9216 + l2_host_interface_mtu: 9216 + tenant_dhcp: true + nxapi: false + nxapi_https_port: 443 + nxapi_http: false + nxapi_http_port: 80 + snmp_trap: true + anycast_border_gateway_advertise_physical_ip: false + greenfield_debug_flag: disable + tcam_allocation: true + real_time_interface_statistics_collection: false + interface_statistics_load_interval: 10 + bgp_loopback_ip_range: "10.101.0.0/22" + nve_loopback_ip_range: "10.103.0.0/22" + anycast_rendezvous_point_ip_range: "10.254.101.0/24" + intra_fabric_subnet_range: "10.104.0.0/16" + l2_vni_range: "30000-49000" + l3_vni_range: "50000-59000" + network_vlan_range: "2300-2999" + vrf_vlan_range: "2000-2299" + sub_interface_dot1q_range: "2-511" + vrf_lite_auto_config: manual + vrf_lite_subnet_range: "10.133.0.0/16" + vrf_lite_subnet_target_mask: 30 + auto_unique_vrf_lite_ip_prefix: false + per_vrf_loopback_auto_provision: true + per_vrf_loopback_ip_range: "10.105.0.0/22" + banner: "" + day0_bootstrap: false + local_dhcp_server: false + dhcp_protocol_version: dhcpv4 + dhcp_start_address: "" + dhcp_end_address: "" + management_gateway: "" + management_ipv4_prefix: 24 + - fabric_name: "multi_ebgp_fabric_2" + category: fabric + location: + latitude: 37.7749 + longitude: -122.4194 + license_tier: premier + alert_suspend: disabled + security_domain: all + telemetry_collection: false + management: + type: vxlanEbgp + bgp_asn: "65102" + bgp_asn_auto_allocation: false + site_id: "65102" + bgp_as_mode: sameTierAS + bgp_allow_as_in_num: 1 + bgp_max_path: 4 + auto_configure_ebgp_evpn_peering: true + target_subnet_mask: 30 + anycast_gateway_mac: "2020.0000.0002" + performance_monitoring: false + replication_mode: multicast + multicast_group_subnet: "239.1.1.0/25" + auto_generate_multicast_group_address: false + underlay_multicast_group_address_limit: 128 + tenant_routed_multicast: false + rendezvous_point_count: 2 + rendezvous_point_loopback_id: 254 + vpc_peer_link_vlan: "3600" + vpc_peer_link_enable_native_vlan: false + vpc_peer_keep_alive_option: management + vpc_auto_recovery_timer: 360 + vpc_delay_restore_timer: 150 + vpc_peer_link_port_channel_id: "500" + advertise_physical_ip: false + vpc_domain_id_range: "1-1000" + bgp_loopback_id: 0 + nve_loopback_id: 1 + vrf_template: Default_VRF_Universal + network_template: Default_Network_Universal + vrf_extension_template: Default_VRF_Extension_Universal + network_extension_template: Default_Network_Extension_Universal + l3_vni_no_vlan_default_option: false + fabric_mtu: 9216 + l2_host_interface_mtu: 9216 + tenant_dhcp: true + nxapi: false + nxapi_https_port: 443 + nxapi_http: false + nxapi_http_port: 80 + snmp_trap: true + anycast_border_gateway_advertise_physical_ip: false + greenfield_debug_flag: disable + tcam_allocation: true + real_time_interface_statistics_collection: false + interface_statistics_load_interval: 10 + bgp_loopback_ip_range: "10.102.0.0/22" + nve_loopback_ip_range: "10.103.0.0/22" + anycast_rendezvous_point_ip_range: "10.254.102.0/24" + intra_fabric_subnet_range: "10.104.0.0/16" + l2_vni_range: "30000-49000" + l3_vni_range: "50000-59000" + network_vlan_range: "2300-2999" + vrf_vlan_range: "2000-2299" + sub_interface_dot1q_range: "2-511" + vrf_lite_auto_config: manual + vrf_lite_subnet_range: "10.134.0.0/16" + vrf_lite_subnet_target_mask: 30 + auto_unique_vrf_lite_ip_prefix: false + per_vrf_loopback_auto_provision: true + per_vrf_loopback_ip_range: "10.106.0.0/22" + banner: "" + day0_bootstrap: false + local_dhcp_server: false + dhcp_protocol_version: dhcpv4 + dhcp_start_address: "" + dhcp_end_address: "" + management_gateway: "" + management_ipv4_prefix: 24 + register: ebgp_multi_fabric_result + tags: [test_multi, test_multi_create] + +- name: "TEST 5: Verify multiple eBGP fabrics were created" + assert: + that: + - ebgp_multi_fabric_result is changed + - ebgp_multi_fabric_result is not failed + fail_msg: "Multiple eBGP fabric creation failed" + success_msg: "Multiple eBGP fabrics successfully created" + tags: [test_multi, test_multi_create] + +############################################################################# +# FINAL CLEANUP - Clean up all test fabrics +############################################################################# +- name: "CLEANUP: Delete all test eBGP fabrics" + cisco.nd.nd_manage_fabric_ebgp: + <<: *nd_info + state: deleted + config: + - fabric_name: "{{ ebgp_test_fabric_merged }}" + - fabric_name: "{{ ebgp_test_fabric_replaced }}" + - fabric_name: "{{ ebgp_test_fabric_deleted }}" + - fabric_name: "multi_ebgp_fabric_1" + - fabric_name: "multi_ebgp_fabric_2" + ignore_errors: true + tags: [cleanup, always] + +############################################################################# +# TEST SUMMARY +############################################################################# +- name: "TEST SUMMARY: Display eBGP test results" + debug: + msg: | + ======================================================== + TEST SUMMARY for cisco.nd.nd_manage_fabric_ebgp module: + ======================================================== + ✓ TEST 1: STATE MERGED + - Create fabric: {{ 'PASSED' if ebgp_merged_result_1 is changed else 'FAILED' }} + - Idempotency: {{ 'PASSED' if ebgp_merged_result_2 is not changed else 'FAILED' }} + - Update fabric: {{ 'PASSED' if ebgp_merged_result_3 is changed else 'FAILED' }} + + ✓ TEST 2: STATE REPLACED + - Create fabric: {{ 'PASSED' if ebgp_replaced_result_1 is changed else 'FAILED' }} + - Idempotency: {{ 'PASSED' if ebgp_replaced_result_2 is not changed else 'FAILED' }} + - Replace fabric: {{ 'PASSED' if ebgp_replaced_result_3 is changed else 'FAILED' }} + + ✓ TEST 3: MERGED vs REPLACED Comparison + - Merged partial: {{ 'PASSED' if ebgp_merged_partial_result is changed else 'FAILED' }} + - Replaced partial: {{ 'PASSED' if ebgp_replaced_partial_result is changed else 'FAILED' }} + + ✓ TEST 4: STATE DELETED + - Delete fabric: {{ 'PASSED' if ebgp_deleted_result_1 is changed else 'FAILED' }} + - Idempotency: {{ 'PASSED' if ebgp_deleted_result_2 is not changed else 'FAILED' }} + + ✓ TEST 5: MULTIPLE FABRICS + - Multi-create: {{ 'PASSED' if ebgp_multi_fabric_result is changed else 'FAILED' }} + + All tests validate: + - State merged: Creates and updates eBGP fabrics by merging changes + - State replaced: Creates and completely replaces eBGP fabric configuration + - State deleted: Removes eBGP fabrics + - Idempotency: All operations are idempotent when run multiple times + - Difference: Merged preserves existing config, replaced overwrites completely + - eBGP-specific: bgpAsMode, bgpAllowAsInNum, bgpMaxPath defaults validated + ======================================== + tags: [summary, always] diff --git a/tests/integration/targets/nd_manage_fabric/tasks/fabric_external.yaml b/tests/integration/targets/nd_manage_fabric/tasks/fabric_external.yaml new file mode 100644 index 00000000..e5841a81 --- /dev/null +++ b/tests/integration/targets/nd_manage_fabric/tasks/fabric_external.yaml @@ -0,0 +1,719 @@ +--- +# Test code for the ND modules +# Copyright: (c) 2026, Mike Wiebe (@mwiebe) + +# GNU General Public License v3.0+ (see LICENSE or https://www.gnu.org/licenses/gpl-3.0.txt) + +- name: Test that we have a Nexus Dashboard host, username and password + ansible.builtin.fail: + msg: 'Please define the following variables: ansible_host, ansible_user and ansible_password.' + when: ansible_host is not defined or ansible_user is not defined or ansible_password is not defined + +- name: Set vars + ansible.builtin.set_fact: + nd_info: &nd_info + output_level: '{{ api_key_output_level | default("debug") }}' + +############################################################################# +# CLEANUP - Ensure clean state before tests +############################################################################# +- name: Clean up any existing test fabrics before starting tests + cisco.nd.nd_manage_fabric_external: + <<: *nd_info + state: deleted + config: + - fabric_name: "{{ ext_test_fabric_merged }}" + - fabric_name: "{{ ext_test_fabric_replaced }}" + - fabric_name: "{{ ext_test_fabric_deleted }}" + tags: always + +############################################################################# +# TEST 1: STATE MERGED - Create fabric using merged state +############################################################################# +- name: "TEST 1a: Create fabric using state merged (first run)" + cisco.nd.nd_manage_fabric_external: + <<: *nd_info + state: merged + config: + - "{{ {'fabric_name': ext_test_fabric_merged} | combine(fabric_config_external) }}" + register: ext_merged_result_1 + tags: [test_merged, test_merged_create] + +- name: "TEST 1a: Verify fabric was created using merged state" + assert: + that: + - ext_merged_result_1 is changed + - ext_merged_result_1 is not failed + fail_msg: "Fabric creation with state merged failed" + success_msg: "Fabric successfully created with state merged" + tags: [test_merged, test_merged_create] + +- name: "TEST 1b: Create fabric using state merged (second run - idempotency test)" + cisco.nd.nd_manage_fabric_external: + <<: *nd_info + state: merged + config: + - "{{ {'fabric_name': ext_test_fabric_merged} | combine(fabric_config_external) }}" + register: ext_merged_result_2 + tags: [test_merged, test_merged_idempotent] + +- name: "TEST 1b: Verify merged state is idempotent" + assert: + that: + - ext_merged_result_2 is not changed + - ext_merged_result_2 is not failed + fail_msg: "Merged state is not idempotent - should not change when run twice with same config" + success_msg: "Merged state is idempotent - no changes on second run" + tags: [test_merged, test_merged_idempotent] + +- name: "TEST 1c: Update fabric using state merged (modify existing)" + cisco.nd.nd_manage_fabric_external: + <<: *nd_info + state: merged + config: + - fabric_name: "{{ ext_test_fabric_merged }}" + category: fabric + location: + latitude: 37.7749 + longitude: -122.4194 + license_tier: premier + alert_suspend: disabled + security_domain: all + telemetry_collection: false + management: + type: externalConnectivity + bgp_asn: "65002" # Changed from 65001 + copp_policy: strict # Changed from manual + create_bgp_config: true + cdp: true # Changed from false + snmp_trap: false # Changed from true + nxapi: true # Changed from false + nxapi_http: true # Changed from false + nxapi_https_port: 443 + nxapi_http_port: 80 + performance_monitoring: true # Changed from false + real_time_interface_statistics_collection: true # Changed from false + interface_statistics_load_interval: 30 # Changed from 10 + sub_interface_dot1q_range: "2-511" + power_redundancy_mode: combined # Changed from redundant + day0_bootstrap: false + local_dhcp_server: false + dhcp_protocol_version: dhcpv4 + dhcp_start_address: "" + dhcp_end_address: "" + management_gateway: "" + management_ipv4_prefix: 24 + register: ext_merged_result_3 + tags: [test_merged, test_merged_update] + +- name: "TEST 1c: Verify fabric was updated using merged state" + assert: + that: + - ext_merged_result_3 is changed + - ext_merged_result_3 is not failed + fail_msg: "Fabric update with state merged failed" + success_msg: "Fabric successfully updated with state merged" + tags: [test_merged, test_merged_update] + +############################################################################# +# VALIDATION: Query ext_test_fabric_merged and validate expected changes +############################################################################# +- name: "VALIDATION 1: Authenticate with ND to get token" + ansible.builtin.uri: + url: "https://{{ ansible_host }}:{{ ansible_httpapi_port | default(443) }}/login" + method: POST + headers: + Content-Type: "application/json" + body_format: json + body: + domain: "{{ ansible_httpapi_login_domain | default('local') }}" + userName: "{{ ansible_user }}" + userPasswd: "{{ ansible_password }}" + validate_certs: false + return_content: true + status_code: + - 200 + register: nd_auth_response + tags: [test_merged, test_merged_validation] + delegate_to: localhost + +- name: "VALIDATION 1: Query ext_test_fabric_merged configuration from ND" + ansible.builtin.uri: + url: "https://{{ ansible_host }}:{{ ansible_httpapi_port | default(443) }}/api/v1/manage/fabrics/{{ ext_test_fabric_merged }}" + method: GET + headers: + Authorization: "Bearer {{ nd_auth_response.json.jwttoken }}" + Content-Type: "application/json" + validate_certs: false + return_content: true + status_code: + - 200 + - 404 + register: ext_merged_fabric_query + tags: [test_merged, test_merged_validation] + delegate_to: localhost + +- name: "VALIDATION 1: Parse fabric configuration response" + set_fact: + ext_merged_fabric_config: "{{ ext_merged_fabric_query.json }}" + tags: [test_merged, test_merged_validation] + +- name: "VALIDATION 1: Verify BGP ASN was updated to 65002" + assert: + that: + - ext_merged_fabric_config.management.bgpAsn == "65002" + fail_msg: "BGP ASN validation failed. Expected: 65002, Actual: {{ ext_merged_fabric_config.management.bgpAsn }}" + success_msg: "✓ BGP ASN correctly updated to 65002" + tags: [test_merged, test_merged_validation] + +- name: "VALIDATION 1: Verify CoPP Policy was updated to strict" + assert: + that: + - ext_merged_fabric_config.management.coppPolicy == "strict" + fail_msg: "CoPP Policy validation failed. Expected: strict, Actual: {{ ext_merged_fabric_config.management.coppPolicy }}" + success_msg: "✓ CoPP Policy correctly updated to strict" + tags: [test_merged, test_merged_validation] + +- name: "VALIDATION 1: Verify Performance Monitoring was enabled" + assert: + that: + - ext_merged_fabric_config.management.performanceMonitoring == true + fail_msg: "Performance Monitoring validation failed. Expected: true, Actual: {{ ext_merged_fabric_config.management.performanceMonitoring }}" + success_msg: "✓ Performance Monitoring correctly enabled" + tags: [test_merged, test_merged_validation] + +- name: "VALIDATION 1: Verify CDP was enabled" + assert: + that: + - ext_merged_fabric_config.management.cdp == true + fail_msg: "CDP validation failed. Expected: true, Actual: {{ ext_merged_fabric_config.management.cdp }}" + success_msg: "✓ CDP correctly enabled" + tags: [test_merged, test_merged_validation] + +- name: "VALIDATION 1: Display successful validation summary for ext_test_fabric_merged" + debug: + msg: | + ======================================== + VALIDATION SUMMARY for ext_test_fabric_merged: + ======================================== + ✓ BGP ASN: {{ ext_merged_fabric_config.management.bgpAsn }} + ✓ CoPP Policy: {{ ext_merged_fabric_config.management.coppPolicy }} + ✓ Performance Monitoring: {{ ext_merged_fabric_config.management.performanceMonitoring }} + ✓ CDP: {{ ext_merged_fabric_config.management.cdp }} + + All 4 expected changes validated successfully! + ======================================== + tags: [test_merged, test_merged_validation] + +############################################################################# +# TEST 2: STATE REPLACED - Create and manage fabric using replaced state +############################################################################# +- name: "TEST 2a: Create fabric using state replaced (first run)" + cisco.nd.nd_manage_fabric_external: + <<: *nd_info + state: replaced + config: + - fabric_name: "{{ ext_test_fabric_replaced }}" + category: fabric + location: + latitude: 37.7749 + longitude: -122.4194 + license_tier: premier + alert_suspend: disabled + security_domain: all + telemetry_collection: false + management: + type: externalConnectivity + bgp_asn: "65004" + copp_policy: strict # Different from default + create_bgp_config: true + cdp: true # Different from default + snmp_trap: false # Different from default + nxapi: true # Different from default + nxapi_http: true # Different from default + nxapi_https_port: 443 + nxapi_http_port: 80 + performance_monitoring: true # Different from default + real_time_interface_statistics_collection: true # Different from default + interface_statistics_load_interval: 30 # Different from default + sub_interface_dot1q_range: "2-511" + power_redundancy_mode: combined # Different from default + ptp: true # Different from default + ptp_domain_id: 10 # Different from default + ptp_loopback_id: 5 # Different from default + mpls_handoff: false + mpls_loopback_ip_range: "10.102.0.0/25" + day0_bootstrap: false + local_dhcp_server: false + dhcp_protocol_version: dhcpv4 + dhcp_start_address: "" + dhcp_end_address: "" + management_gateway: "" + management_ipv4_prefix: 24 + management_ipv6_prefix: 64 + extra_config_aaa: "" + extra_config_fabric: "" + register: ext_replaced_result_1 + tags: [test_replaced, test_replaced_create] + +- name: "TEST 2a: Verify fabric was created using replaced state" + assert: + that: + - ext_replaced_result_1 is changed + - ext_replaced_result_1 is not failed + fail_msg: "Fabric creation with state replaced failed" + success_msg: "Fabric successfully created with state replaced" + tags: [test_replaced, test_replaced_create] + +- name: "TEST 2b: Create fabric using state replaced (second run - idempotency test)" + cisco.nd.nd_manage_fabric_external: + <<: *nd_info + state: replaced + config: + - fabric_name: "{{ ext_test_fabric_replaced }}" + category: fabric + location: + latitude: 37.7749 + longitude: -122.4194 + license_tier: premier + alert_suspend: disabled + security_domain: all + telemetry_collection: false + management: + type: externalConnectivity + bgp_asn: "65004" + copp_policy: strict + create_bgp_config: true + cdp: true + snmp_trap: false + nxapi: true + nxapi_http: true + nxapi_https_port: 443 + nxapi_http_port: 80 + performance_monitoring: true + real_time_interface_statistics_collection: true + interface_statistics_load_interval: 30 + sub_interface_dot1q_range: "2-511" + power_redundancy_mode: combined + ptp: true + ptp_domain_id: 10 + ptp_loopback_id: 5 + mpls_handoff: false + mpls_loopback_ip_range: "10.102.0.0/25" + day0_bootstrap: false + local_dhcp_server: false + dhcp_protocol_version: dhcpv4 + dhcp_start_address: "" + dhcp_end_address: "" + management_gateway: "" + management_ipv4_prefix: 24 + management_ipv6_prefix: 64 + extra_config_aaa: "" + extra_config_fabric: "" + register: ext_replaced_result_2 + tags: [test_replaced, test_replaced_idempotent] + +- name: "TEST 2b: Verify replaced state is idempotent" + assert: + that: + - ext_replaced_result_2 is not changed + - ext_replaced_result_2 is not failed + fail_msg: "Replaced state is not idempotent - should not change when run twice with same config" + success_msg: "Replaced state is idempotent - no changes on second run" + tags: [test_replaced, test_replaced_idempotent] + +- name: "TEST 2c: Update fabric using state replaced (complete replacement with minimal config)" + cisco.nd.nd_manage_fabric_external: + <<: *nd_info + state: replaced + config: + - fabric_name: "{{ ext_test_fabric_replaced }}" + category: fabric + location: + latitude: 37.7749 + longitude: -122.4194 + license_tier: premier + alert_suspend: disabled + security_domain: all + telemetry_collection: false + management: + type: externalConnectivity + bgp_asn: "65004" + register: ext_replaced_result_3 + tags: [test_replaced, test_replaced_update] + +- name: "TEST 2c: Verify fabric was completely replaced" + assert: + that: + - ext_replaced_result_3 is changed + - ext_replaced_result_3 is not failed + fail_msg: "Fabric replacement with state replaced failed" + success_msg: "Fabric successfully replaced with state replaced" + tags: [test_replaced, test_replaced_update] + +############################################################################# +# VALIDATION: Query ext_test_fabric_replaced and validate defaults restored +############################################################################# +- name: "VALIDATION 2: Authenticate with ND to get token" + ansible.builtin.uri: + url: "https://{{ ansible_host }}:{{ ansible_httpapi_port | default(443) }}/login" + method: POST + headers: + Content-Type: "application/json" + body_format: json + body: + domain: "{{ ansible_httpapi_login_domain | default('local') }}" + userName: "{{ ansible_user }}" + userPasswd: "{{ ansible_password }}" + validate_certs: false + return_content: true + status_code: + - 200 + register: nd_auth_response_2 + tags: [test_replaced, test_replaced_validation] + delegate_to: localhost + +- name: "VALIDATION 2: Query ext_test_fabric_replaced configuration from ND" + ansible.builtin.uri: + url: "https://{{ ansible_host }}:{{ ansible_httpapi_port | default(443) }}/api/v1/manage/fabrics/{{ ext_test_fabric_replaced }}" + method: GET + headers: + Authorization: "Bearer {{ nd_auth_response_2.json.jwttoken }}" + Content-Type: "application/json" + validate_certs: false + return_content: true + status_code: + - 200 + - 404 + register: ext_replaced_fabric_query + tags: [test_replaced, test_replaced_validation] + delegate_to: localhost + +- name: "VALIDATION 2: Parse fabric configuration response" + set_fact: + ext_replaced_fabric_config: "{{ ext_replaced_fabric_query.json }}" + tags: [test_replaced, test_replaced_validation] + +- name: "VALIDATION 2: Verify CoPP Policy was standardized to manual (default)" + assert: + that: + - ext_replaced_fabric_config.management.coppPolicy == "manual" + fail_msg: "CoPP Policy validation failed. Expected: manual, Actual: {{ ext_replaced_fabric_config.management.coppPolicy }}" + success_msg: "✓ CoPP Policy correctly standardized to manual" + tags: [test_replaced, test_replaced_validation] + +- name: "VALIDATION 2: Verify SNMP Trap was restored to default (true)" + assert: + that: + - ext_replaced_fabric_config.management.snmpTrap == true + fail_msg: "SNMP Trap validation failed. Expected: true, Actual: {{ ext_replaced_fabric_config.management.snmpTrap }}" + success_msg: "✓ SNMP Trap correctly restored to default" + tags: [test_replaced, test_replaced_validation] + +- name: "VALIDATION 2: Verify CDP was restored to default (false)" + assert: + that: + - ext_replaced_fabric_config.management.cdp == false + fail_msg: "CDP validation failed. Expected: false, Actual: {{ ext_replaced_fabric_config.management.cdp }}" + success_msg: "✓ CDP correctly restored to default" + tags: [test_replaced, test_replaced_validation] + +- name: "VALIDATION 2: Verify NXAPI was restored to default (false)" + assert: + that: + - ext_replaced_fabric_config.management.nxapi == false + fail_msg: "NXAPI validation failed. Expected: false, Actual: {{ ext_replaced_fabric_config.management.nxapi }}" + success_msg: "✓ NXAPI correctly restored to default" + tags: [test_replaced, test_replaced_validation] + +- name: "VALIDATION 2: Verify NXAPI HTTP was restored to default (false)" + assert: + that: + - ext_replaced_fabric_config.management.nxapiHttp == false + fail_msg: "NXAPI HTTP validation failed. Expected: false, Actual: {{ ext_replaced_fabric_config.management.nxapiHttp }}" + success_msg: "✓ NXAPI HTTP correctly restored to default" + tags: [test_replaced, test_replaced_validation] + +- name: "VALIDATION 2: Verify Performance Monitoring was restored to default (false)" + assert: + that: + - ext_replaced_fabric_config.management.performanceMonitoring == false + fail_msg: "Performance Monitoring validation failed. Expected: false, Actual: {{ ext_replaced_fabric_config.management.performanceMonitoring }}" + success_msg: "✓ Performance Monitoring correctly restored to default" + tags: [test_replaced, test_replaced_validation] + +- name: "VALIDATION 2: Verify Real Time Interface Statistics Collection was restored to default (false)" + assert: + that: + - ext_replaced_fabric_config.management.realTimeInterfaceStatisticsCollection == false + fail_msg: "Real Time Interface Statistics Collection validation failed. Expected: false, Actual: {{ ext_replaced_fabric_config.management.realTimeInterfaceStatisticsCollection }}" + success_msg: "✓ Real Time Interface Statistics Collection correctly restored to default" + tags: [test_replaced, test_replaced_validation] + +- name: "VALIDATION 2: Verify Power Redundancy Mode was restored to default (redundant)" + assert: + that: + - ext_replaced_fabric_config.management.powerRedundancyMode == "redundant" + fail_msg: "Power Redundancy Mode validation failed. Expected: redundant, Actual: {{ ext_replaced_fabric_config.management.powerRedundancyMode }}" + success_msg: "✓ Power Redundancy Mode correctly restored to default" + tags: [test_replaced, test_replaced_validation] + +- name: "VALIDATION 2: Verify PTP was restored to default (false)" + assert: + that: + - ext_replaced_fabric_config.management.ptp == false + fail_msg: "PTP validation failed. Expected: false, Actual: {{ ext_replaced_fabric_config.management.ptp }}" + success_msg: "✓ PTP correctly restored to default" + tags: [test_replaced, test_replaced_validation] + +- name: "VALIDATION 2: Display successful validation summary for ext_test_fabric_replaced" + debug: + msg: | + ======================================== + VALIDATION SUMMARY for ext_test_fabric_replaced: + ======================================== + ✓ CoPP Policy: {{ ext_replaced_fabric_config.management.coppPolicy }} + ✓ SNMP Trap: {{ ext_replaced_fabric_config.management.snmpTrap }} + ✓ CDP: {{ ext_replaced_fabric_config.management.cdp }} + ✓ NXAPI: {{ ext_replaced_fabric_config.management.nxapi }} + ✓ NXAPI HTTP: {{ ext_replaced_fabric_config.management.nxapiHttp }} + ✓ Performance Monitoring: {{ ext_replaced_fabric_config.management.performanceMonitoring }} + ✓ Real Time Interface Statistics: {{ ext_replaced_fabric_config.management.realTimeInterfaceStatisticsCollection }} + ✓ Power Redundancy Mode: {{ ext_replaced_fabric_config.management.powerRedundancyMode }} + ✓ PTP: {{ ext_replaced_fabric_config.management.ptp }} + + All defaults correctly restored after replaced with minimal config! + ======================================== + tags: [test_replaced, test_replaced_validation] + +############################################################################# +# TEST 3: Demonstrate difference between merged and replaced states +############################################################################# +- name: "TEST 3: Create fabric for merged vs replaced comparison" + cisco.nd.nd_manage_fabric_external: + <<: *nd_info + state: replaced + config: + - "{{ {'fabric_name': ext_test_fabric_deleted} | combine(fabric_config_external) }}" + register: ext_comparison_fabric_creation + tags: [test_comparison] + +- name: "TEST 3a: Partial update using merged state (should merge changes)" + cisco.nd.nd_manage_fabric_external: + <<: *nd_info + state: merged + config: + - fabric_name: "{{ ext_test_fabric_deleted }}" + category: fabric + management: + bgp_asn: "65099" # Only updating ASN + copp_policy: strict # Only updating CoPP policy + register: ext_merged_partial_result + tags: [test_comparison, test_merged_partial] + +- name: "TEST 3a: Verify merged state preserves existing configuration" + assert: + that: + - ext_merged_partial_result is changed + - ext_merged_partial_result is not failed + fail_msg: "Partial update with merged state failed" + success_msg: "Merged state successfully performed partial update" + tags: [test_comparison, test_merged_partial] + +- name: "TEST 3b: Partial update using replaced state (should replace entire config)" + cisco.nd.nd_manage_fabric_external: + <<: *nd_info + state: replaced + config: + - fabric_name: "{{ ext_test_fabric_deleted }}" + category: fabric + management: + type: externalConnectivity + bgp_asn: "65100" # Only specifying minimal config for replaced + register: ext_replaced_partial_result + tags: [test_comparison, test_replaced_partial] + +- name: "TEST 3b: Verify replaced state performs complete replacement" + assert: + that: + - ext_replaced_partial_result is changed + - ext_replaced_partial_result is not failed + fail_msg: "Partial replacement with replaced state failed" + success_msg: "Replaced state successfully performed complete replacement" + tags: [test_comparison, test_replaced_partial] + +############################################################################# +# TEST 4: STATE DELETED - Delete fabrics +############################################################################# +- name: "TEST 4a: Delete fabric using state deleted" + cisco.nd.nd_manage_fabric_external: + <<: *nd_info + state: deleted + config: + - fabric_name: "{{ ext_test_fabric_deleted }}" + register: ext_deleted_result_1 + tags: [test_deleted, test_deleted_delete] + +- name: "TEST 4a: Verify fabric was deleted" + assert: + that: + - ext_deleted_result_1 is changed + - ext_deleted_result_1 is not failed + fail_msg: "Fabric deletion with state deleted failed" + success_msg: "Fabric successfully deleted with state deleted" + tags: [test_deleted, test_deleted_delete] + +- name: "TEST 4b: Delete fabric using state deleted (second run - idempotency test)" + cisco.nd.nd_manage_fabric_external: + <<: *nd_info + state: deleted + config: + - fabric_name: "{{ ext_test_fabric_deleted }}" + register: ext_deleted_result_2 + tags: [test_deleted, test_deleted_idempotent] + +- name: "TEST 4b: Verify deleted state is idempotent" + assert: + that: + - ext_deleted_result_2 is not changed + - ext_deleted_result_2 is not failed + fail_msg: "Deleted state is not idempotent - should not change when deleting non-existent fabric" + success_msg: "Deleted state is idempotent - no changes when deleting non-existent fabric" + tags: [test_deleted, test_deleted_idempotent] + +############################################################################# +# TEST 5: Multiple fabric operations in single task +############################################################################# +- name: "TEST 5: Multiple fabric operations in single task" + cisco.nd.nd_manage_fabric_external: + <<: *nd_info + state: merged + config: + - fabric_name: "ext_multi_fabric_1" + category: fabric + location: + latitude: 37.7749 + longitude: -122.4194 + license_tier: premier + alert_suspend: disabled + security_domain: all + telemetry_collection: false + management: + type: externalConnectivity + bgp_asn: "65101" + copp_policy: manual + create_bgp_config: true + cdp: false + snmp_trap: true + nxapi: false + nxapi_http: false + nxapi_https_port: 443 + nxapi_http_port: 80 + performance_monitoring: false + real_time_interface_statistics_collection: false + interface_statistics_load_interval: 10 + sub_interface_dot1q_range: "2-511" + day0_bootstrap: false + local_dhcp_server: false + dhcp_protocol_version: dhcpv4 + dhcp_start_address: "" + dhcp_end_address: "" + management_gateway: "" + management_ipv4_prefix: 24 + - fabric_name: "ext_multi_fabric_2" + category: fabric + location: + latitude: 37.7749 + longitude: -122.4194 + license_tier: premier + alert_suspend: disabled + security_domain: all + telemetry_collection: false + management: + type: externalConnectivity + bgp_asn: "65102" + copp_policy: manual + create_bgp_config: true + cdp: false + snmp_trap: true + nxapi: false + nxapi_http: false + nxapi_https_port: 443 + nxapi_http_port: 80 + performance_monitoring: false + real_time_interface_statistics_collection: false + interface_statistics_load_interval: 10 + sub_interface_dot1q_range: "2-511" + day0_bootstrap: false + local_dhcp_server: false + dhcp_protocol_version: dhcpv4 + dhcp_start_address: "" + dhcp_end_address: "" + management_gateway: "" + management_ipv4_prefix: 24 + register: ext_multi_fabric_result + tags: [test_multi, test_multi_create] + +- name: "TEST 5: Verify multiple fabrics were created" + assert: + that: + - ext_multi_fabric_result is changed + - ext_multi_fabric_result is not failed + fail_msg: "Multiple fabric creation failed" + success_msg: "Multiple fabrics successfully created" + tags: [test_multi, test_multi_create] + +############################################################################# +# FINAL CLEANUP - Clean up all test fabrics +############################################################################# +- name: "CLEANUP: Delete all test fabrics" + cisco.nd.nd_manage_fabric_external: + <<: *nd_info + state: deleted + config: + - fabric_name: "{{ ext_test_fabric_merged }}" + - fabric_name: "{{ ext_test_fabric_replaced }}" + - fabric_name: "{{ ext_test_fabric_deleted }}" + - fabric_name: "ext_multi_fabric_1" + - fabric_name: "ext_multi_fabric_2" + ignore_errors: true + tags: [cleanup, always] + +############################################################################# +# TEST SUMMARY +############################################################################# +- name: "TEST SUMMARY: Display test results" + debug: + msg: | + ======================================================== + TEST SUMMARY for cisco.nd.nd_manage_fabric_external module: + ======================================================== + ✓ TEST 1: STATE MERGED + - Create fabric: {{ 'PASSED' if ext_merged_result_1 is changed else 'FAILED' }} + - Idempotency: {{ 'PASSED' if ext_merged_result_2 is not changed else 'FAILED' }} + - Update fabric: {{ 'PASSED' if ext_merged_result_3 is changed else 'FAILED' }} + + ✓ TEST 2: STATE REPLACED + - Create fabric: {{ 'PASSED' if ext_replaced_result_1 is changed else 'FAILED' }} + - Idempotency: {{ 'PASSED' if ext_replaced_result_2 is not changed else 'FAILED' }} + - Replace fabric: {{ 'PASSED' if ext_replaced_result_3 is changed else 'FAILED' }} + + ✓ TEST 3: MERGED vs REPLACED Comparison + - Merged partial: {{ 'PASSED' if ext_merged_partial_result is changed else 'FAILED' }} + - Replaced partial: {{ 'PASSED' if ext_replaced_partial_result is changed else 'FAILED' }} + + ✓ TEST 4: STATE DELETED + - Delete fabric: {{ 'PASSED' if ext_deleted_result_1 is changed else 'FAILED' }} + - Idempotency: {{ 'PASSED' if ext_deleted_result_2 is not changed else 'FAILED' }} + + ✓ TEST 5: MULTIPLE FABRICS + - Multi-create: {{ 'PASSED' if ext_multi_fabric_result is changed else 'FAILED' }} + + All tests validate: + - State merged: Creates and updates fabrics by merging changes + - State replaced: Creates and completely replaces fabric configuration + - State deleted: Removes fabrics + - Idempotency: All operations are idempotent when run multiple times + - Difference: Merged preserves existing config, replaced overwrites completely + ======================================== + tags: [summary, always] diff --git a/tests/integration/targets/nd_manage_fabric/tasks/fabric_ibgp.yaml b/tests/integration/targets/nd_manage_fabric/tasks/fabric_ibgp.yaml new file mode 100644 index 00000000..733cd35a --- /dev/null +++ b/tests/integration/targets/nd_manage_fabric/tasks/fabric_ibgp.yaml @@ -0,0 +1,1332 @@ +--- +# Test code for the ND modules +# Copyright: (c) 2026, Mike Wiebe (@mwiebe) + +# GNU General Public License v3.0+ (see LICENSE or https://www.gnu.org/licenses/gpl-3.0.txt) + +- name: Test that we have a Nexus Dashboard host, username and password + ansible.builtin.fail: + msg: 'Please define the following variables: ansible_host, ansible_user and ansible_password.' + when: ansible_host is not defined or ansible_user is not defined or ansible_password is not defined + +- name: Set vars + ansible.builtin.set_fact: + nd_info: &nd_info + output_level: '{{ api_key_output_level | default("debug") }}' + +############################################################################# +# CLEANUP - Ensure clean state before tests +############################################################################# +- name: Clean up any existing test fabrics before starting tests + cisco.nd.nd_manage_fabric_ibgp: + <<: *nd_info + state: deleted + config: + - fabric_name: "{{ test_fabric_merged }}" + - fabric_name: "{{ test_fabric_replaced }}" + tags: always + +############################################################################# +# TEST 1: STATE MERGED - Create fabric using merged state +############################################################################# +- name: "TEST 1a: Create fabric using state merged (first run)" + cisco.nd.nd_manage_fabric_ibgp: + <<: *nd_info + state: merged + config: + - "{{ {'fabric_name': test_fabric_merged} | combine(fabric_config_ibgp) }}" + register: merged_result_1 + tags: [test_merged, test_merged_create] + +- name: "TEST 1a: Verify fabric was created using merged state" + assert: + that: + - merged_result_1 is changed + - merged_result_1 is not failed + fail_msg: "Fabric creation with state merged failed" + success_msg: "Fabric successfully created with state merged" + tags: [test_merged, test_merged_create] + +- name: "TEST 1b: Create fabric using state merged (second run - idempotency test)" + cisco.nd.nd_manage_fabric_ibgp: + <<: *nd_info + state: merged + config: + - "{{ {'fabric_name': test_fabric_merged} | combine(fabric_config_ibgp) }}" + register: merged_result_2 + tags: [test_merged, test_merged_idempotent] + +- name: "TEST 1b: Verify merged state is idempotent" + assert: + that: + - merged_result_2 is not changed + - merged_result_2 is not failed + fail_msg: "Merged state is not idempotent - should not change when run twice with same config" + success_msg: "Merged state is idempotent - no changes on second run" + tags: [test_merged, test_merged_idempotent] + +- name: "TEST 1c: Update fabric using state merged (modify existing)" + cisco.nd.nd_manage_fabric_ibgp: + <<: *nd_info + state: merged + config: + - fabric_name: "{{ test_fabric_merged }}" + category: fabric + location: + latitude: 37.7749 + longitude: -122.4194 + license_tier: premier + alert_suspend: disabled + security_domain: all + telemetry_collection: false + management: + type: vxlanIbgp + bgp_asn: "65002" # Changed from 65001 + site_id: "65002" # Changed from 65001 + target_subnet_mask: 30 + anycast_gateway_mac: "2020.0000.00bb" # Changed from 00aa + performance_monitoring: true # Changed from false + replication_mode: multicast + multicast_group_subnet: "239.1.1.0/25" + auto_generate_multicast_group_address: false + underlay_multicast_group_address_limit: 128 + tenant_routed_multicast: false + rendezvous_point_count: 2 + rendezvous_point_loopback_id: 254 + vpc_peer_link_vlan: "3600" + vpc_peer_link_enable_native_vlan: false + vpc_peer_keep_alive_option: loopback + vpc_auto_recovery_timer: 360 + vpc_delay_restore_timer: 150 + vpc_peer_link_port_channel_id: "500" + advertise_physical_ip: false + vpc_domain_id_range: "1-1000" + bgp_loopback_id: 0 + nve_loopback_id: 1 + vrf_template: Default_VRF_Universal + network_template: Default_Network_Universal + vrf_extension_template: Default_VRF_Extension_Universal + network_extension_template: Default_Network_Extension_Universal + l3_vni_no_vlan_default_option: false + fabric_mtu: 9216 + l2_host_interface_mtu: 9216 + tenant_dhcp: true + nxapi: true + nxapi_https_port: 443 + nxapi_http: false + nxapi_http_port: 80 + snmp_trap: true + anycast_border_gateway_advertise_physical_ip: false + greenfield_debug_flag: enable + tcam_allocation: true + real_time_interface_statistics_collection: false + interface_statistics_load_interval: 10 + bgp_loopback_ip_range: "10.2.0.0/22" + nve_loopback_ip_range: "10.3.0.0/22" + anycast_rendezvous_point_ip_range: "10.254.254.0/24" + intra_fabric_subnet_range: "10.4.0.0/16" + l2_vni_range: "30000-49000" + l3_vni_range: "50000-59000" + network_vlan_range: "2300-2999" + vrf_vlan_range: "2000-2299" + sub_interface_dot1q_range: "2-511" + vrf_lite_auto_config: manual + vrf_lite_subnet_range: "10.33.0.0/16" + vrf_lite_subnet_target_mask: 30 + auto_unique_vrf_lite_ip_prefix: false + per_vrf_loopback_auto_provision: true + per_vrf_loopback_ip_range: "10.5.0.0/22" + day0_bootstrap: false + local_dhcp_server: false + dhcp_protocol_version: dhcpv4 + dhcp_start_address: "" + dhcp_end_address: "" + management_gateway: "" + management_ipv4_prefix: 24 + register: merged_result_3 + tags: [test_merged, test_merged_update] + +- name: "TEST 1c: Verify fabric was updated using merged state" + assert: + that: + - merged_result_3 is changed + - merged_result_3 is not failed + fail_msg: "Fabric update with state merged failed" + success_msg: "Fabric successfully updated with state merged" + tags: [test_merged, test_merged_update] + +############################################################################# +# VALIDATION: Query test_fabric_merged and validate expected changes +############################################################################# +# Get authentication token first +- name: "VALIDATION 1: Authenticate with ND to get token" + ansible.builtin.uri: + url: "https://{{ ansible_host }}:{{ ansible_httpapi_port | default(443) }}/login" + method: POST + headers: + Content-Type: "application/json" + body_format: json + body: + domain: "{{ ansible_httpapi_login_domain | default('local') }}" + userName: "{{ ansible_user }}" + userPasswd: "{{ ansible_password }}" + validate_certs: false + return_content: true + status_code: + - 200 + register: nd_auth_response + tags: [test_merged, test_merged_validation] + delegate_to: localhost + +- name: "VALIDATION 1: Query test_fabric_merged configuration from ND" + ansible.builtin.uri: + url: "https://{{ ansible_host }}:{{ ansible_httpapi_port | default(443) }}/api/v1/manage/fabrics/{{ test_fabric_merged }}" + method: GET + headers: + Authorization: "Bearer {{ nd_auth_response.json.jwttoken }}" + Content-Type: "application/json" + validate_certs: false + return_content: true + status_code: + - 200 + - 404 + register: merged_fabric_query + tags: [test_merged, test_merged_validation] + delegate_to: localhost + +- name: "VALIDATION 1: Parse fabric configuration response" + set_fact: + merged_fabric_config: "{{ merged_fabric_query.json }}" + tags: [test_merged, test_merged_validation] + +# +# Category 1: Properties CHANGED by TEST 1c merge +# +- name: "VALIDATION 1a: Verify changed properties after merge" + assert: + that: + - merged_fabric_config.management.bgpAsn == "65002" + - merged_fabric_config.management.siteId == "65002" + - merged_fabric_config.management.anycastGatewayMac == "2020.0000.00bb" + - merged_fabric_config.management.performanceMonitoring == true + fail_msg: >- + Changed properties validation failed. + bgpAsn: {{ merged_fabric_config.management.bgpAsn }} (expected 65002), + siteId: {{ merged_fabric_config.management.siteId }} (expected 65002), + anycastGatewayMac: {{ merged_fabric_config.management.anycastGatewayMac }} (expected 2020.0000.00bb), + performanceMonitoring: {{ merged_fabric_config.management.performanceMonitoring }} (expected true) + success_msg: "✓ All 4 changed properties updated correctly (bgpAsn, siteId, anycastGatewayMac, performanceMonitoring)" + tags: [test_merged, test_merged_validation] + +# +# Category 2: Properties re-specified in TEST 1c with same values +# +- name: "VALIDATION 1b: Verify re-specified management properties (same values)" + assert: + that: + # Core + - merged_fabric_config.management.targetSubnetMask == 30 + - merged_fabric_config.management.fabricMtu == 9216 + - merged_fabric_config.management.l2HostInterfaceMtu == 9216 + - merged_fabric_config.management.l3VniNoVlanDefaultOption == false + # Multicast / Replication + - merged_fabric_config.management.replicationMode == "multicast" + - merged_fabric_config.management.multicastGroupSubnet == "239.1.1.0/25" + - merged_fabric_config.management.autoGenerateMulticastGroupAddress == false + - merged_fabric_config.management.underlayMulticastGroupAddressLimit == 128 + - merged_fabric_config.management.tenantRoutedMulticast == false + - merged_fabric_config.management.rendezvousPointCount == 2 + - merged_fabric_config.management.rendezvousPointLoopbackId == 254 + # vPC + - merged_fabric_config.management.vpcPeerLinkVlan == "3600" + - merged_fabric_config.management.vpcPeerLinkEnableNativeVlan == false + - merged_fabric_config.management.vpcPeerKeepAliveOption == "loopback" + - merged_fabric_config.management.vpcAutoRecoveryTimer == 360 + - merged_fabric_config.management.vpcDelayRestoreTimer == 150 + - merged_fabric_config.management.vpcPeerLinkPortChannelId == "500" + # Loopback / Domain IDs + - merged_fabric_config.management.vpcDomainIdRange == "1-1000" + - merged_fabric_config.management.bgpLoopbackId == 0 + - merged_fabric_config.management.nveLoopbackId == 1 + # Templates + - merged_fabric_config.management.vrfTemplate == "Default_VRF_Universal" + - merged_fabric_config.management.networkTemplate == "Default_Network_Universal" + - merged_fabric_config.management.vrfExtensionTemplate == "Default_VRF_Extension_Universal" + - merged_fabric_config.management.networkExtensionTemplate == "Default_Network_Extension_Universal" + fail_msg: "Re-specified management properties validation failed" + success_msg: "✓ All 24 re-specified management properties match expected values" + tags: [test_merged, test_merged_validation] + +- name: "VALIDATION 1b: Verify re-specified IP ranges and VNI ranges" + assert: + that: + # IP Ranges + - merged_fabric_config.management.bgpLoopbackIpRange == "10.2.0.0/22" + - merged_fabric_config.management.nveLoopbackIpRange == "10.3.0.0/22" + - merged_fabric_config.management.anycastRendezvousPointIpRange == "10.254.254.0/24" + - merged_fabric_config.management.intraFabricSubnetRange == "10.4.0.0/16" + # VNI / VLAN Ranges + - merged_fabric_config.management.l2VniRange == "30000-49000" + - merged_fabric_config.management.l3VniRange == "50000-59000" + - merged_fabric_config.management.networkVlanRange == "2300-2999" + - merged_fabric_config.management.vrfVlanRange == "2000-2299" + - merged_fabric_config.management.subInterfaceDot1qRange == "2-511" + # VRF Lite / DCI + - merged_fabric_config.management.vrfLiteAutoConfig == "manual" + - merged_fabric_config.management.vrfLiteSubnetRange == "10.33.0.0/16" + - merged_fabric_config.management.vrfLiteSubnetTargetMask == 30 + - merged_fabric_config.management.autoUniqueVrfLiteIpPrefix == false + # Per-VRF Loopback + - merged_fabric_config.management.perVrfLoopbackAutoProvision == true + - merged_fabric_config.management.perVrfLoopbackIpRange == "10.5.0.0/22" + fail_msg: "Re-specified IP/VNI ranges validation failed" + success_msg: "✓ All 15 re-specified IP and VNI range properties match expected values" + tags: [test_merged, test_merged_validation] + +- name: "VALIDATION 1b: Verify re-specified system and NX-API settings" + assert: + that: + - merged_fabric_config.management.tenantDhcp == true + - merged_fabric_config.management.nxapi == true + - merged_fabric_config.management.nxapiHttpsPort == 443 + - merged_fabric_config.management.nxapiHttp == false + - merged_fabric_config.management.nxapiHttpPort == 80 + - merged_fabric_config.management.snmpTrap == true + - merged_fabric_config.management.advertisePhysicalIp == false + - merged_fabric_config.management.anycastBorderGatewayAdvertisePhysicalIp == false + - merged_fabric_config.management.greenfieldDebugFlag == "enable" + - merged_fabric_config.management.tcamAllocation == true + - merged_fabric_config.management.realTimeInterfaceStatisticsCollection == false + # Bootstrap / DHCP + - merged_fabric_config.management.day0Bootstrap == false + - merged_fabric_config.management.localDhcpServer == false + fail_msg: "Re-specified system/NX-API settings validation failed" + success_msg: "✓ All 13 re-specified system and NX-API properties match expected values" + tags: [test_merged, test_merged_validation] + +# +# Category 3: Properties NOT in TEST 1c - MUST be preserved from original create +# These are the critical assertions for validating the merge fix. +# Prior to the fix, these would be reset to Pydantic model defaults. +# +- name: "VALIDATION 1c: Verify preserved underlay/overlay config (not in merge task)" + assert: + that: + - merged_fabric_config.management.overlayMode == "cli" + - merged_fabric_config.management.underlayIpv6 == false + - merged_fabric_config.management.fabricInterfaceType == "p2p" + - merged_fabric_config.management.linkStateRoutingProtocol == "ospf" + - merged_fabric_config.management.ospfAreaId == "0.0.0.0" + - merged_fabric_config.management.routeReflectorCount == 4 + - merged_fabric_config.management.staticUnderlayIpAllocation == false + fail_msg: >- + Preserved underlay/overlay config validation failed. These fields were not + in the merge task and should retain their original values from creation. + success_msg: "✓ All 7 preserved underlay/overlay properties retained correctly" + tags: [test_merged, test_merged_validation] + +- name: "VALIDATION 1c: Verify preserved multicast/RP settings (not in merge task)" + assert: + that: + - merged_fabric_config.management.tenantRoutedMulticastIpv6 == false + - merged_fabric_config.management.rendezvousPointMode == "asm" + - merged_fabric_config.management.pimHelloAuthentication == false + fail_msg: >- + Preserved multicast/RP settings validation failed. These fields were not + in the merge task and should retain their original values. + success_msg: "✓ All 3 preserved multicast/RP properties retained correctly" + tags: [test_merged, test_merged_validation] + +- name: "VALIDATION 1c: Verify preserved vPC extended settings (not in merge task)" + assert: + that: + - merged_fabric_config.management.vpcIpv6NeighborDiscoverySync == true + - merged_fabric_config.management.vpcLayer3PeerRouter == true + - merged_fabric_config.management.vpcTorDelayRestoreTimer == 30 + - merged_fabric_config.management.fabricVpcDomainId == false + - merged_fabric_config.management.fabricVpcQos == false + - merged_fabric_config.management.enablePeerSwitch == false + fail_msg: >- + Preserved vPC extended settings validation failed. These fields were not + in the merge task and should retain their original values. + success_msg: "✓ All 6 preserved vPC extended properties retained correctly" + tags: [test_merged, test_merged_validation] + +- name: "VALIDATION 1c: Verify preserved advertising and protocol auth (not in merge task)" + assert: + that: + - merged_fabric_config.management.advertisePhysicalIpOnBorder == true + - merged_fabric_config.management.bgpAuthentication == false + - merged_fabric_config.management.ospfAuthentication == false + - merged_fabric_config.management.bfd == false + - merged_fabric_config.management.macsec == false + - merged_fabric_config.management.vrfLiteMacsec == false + fail_msg: >- + Preserved advertising/protocol auth validation failed. These fields were + not in the merge task and should retain their original values. + success_msg: "✓ All 6 preserved advertising and protocol authentication properties retained correctly" + tags: [test_merged, test_merged_validation] + +- name: "VALIDATION 1c: Verify preserved BGP/routing enhancements (not in merge task)" + assert: + that: + - merged_fabric_config.management.autoBgpNeighborDescription == true + - merged_fabric_config.management.linkStateRoutingTag == "UNDERLAY" + fail_msg: >- + Preserved BGP/routing enhancements validation failed. + success_msg: "✓ All 2 preserved BGP/routing enhancement properties retained correctly" + tags: [test_merged, test_merged_validation] + +- name: "VALIDATION 1c: Verify preserved resource ID ranges (not in merge task)" + assert: + that: + - merged_fabric_config.management.ipServiceLevelAgreementIdRange == "10000-19999" + - merged_fabric_config.management.objectTrackingNumberRange == "100-299" + - merged_fabric_config.management.serviceNetworkVlanRange == "3000-3199" + - merged_fabric_config.management.routeMapSequenceNumberRange == "1-65534" + - merged_fabric_config.management.perVrfLoopbackAutoProvisionIpv6 == false + fail_msg: >- + Preserved resource ID ranges validation failed. These fields were not + in the merge task and should retain their original values. + success_msg: "✓ All 5 preserved resource ID range properties retained correctly" + tags: [test_merged, test_merged_validation] + +- name: "VALIDATION 1c: Verify preserved system policies (not in merge task)" + assert: + that: + - merged_fabric_config.management.cdp == false + - merged_fabric_config.management.inbandManagement == false + - merged_fabric_config.management.securityGroupTag == false + - merged_fabric_config.management.privateVlan == false + - merged_fabric_config.management.defaultQueuingPolicy == false + - merged_fabric_config.management.aimlQos == false + - merged_fabric_config.management.dlb == false + - merged_fabric_config.management.aiLoadSharing == false + - merged_fabric_config.management.ptp == false + - merged_fabric_config.management.stpRootOption == "unmanaged" + - merged_fabric_config.management.mplsHandoff == false + fail_msg: >- + Preserved system policies validation failed. These fields were not + in the merge task and should retain their original values. + success_msg: "✓ All 11 preserved system policy properties retained correctly" + tags: [test_merged, test_merged_validation] + +- name: "VALIDATION 1c: Verify preserved OAM/compliance/system settings (not in merge task)" + assert: + that: + - merged_fabric_config.management.allowVlanOnLeafTorPairing == "none" + - merged_fabric_config.management.leafTorIdRange == false + - merged_fabric_config.management.nveHoldDownTimer == 180 + - merged_fabric_config.management.strictConfigComplianceMode == false + - merged_fabric_config.management.advancedSshOption == false + - merged_fabric_config.management.coppPolicy == "strict" + - merged_fabric_config.management.powerRedundancyMode == "redundant" + - merged_fabric_config.management.hostInterfaceAdminState == true + - merged_fabric_config.management.policyBasedRouting == false + fail_msg: >- + Preserved OAM/compliance/system settings validation failed. + success_msg: "✓ All 9 preserved OAM/compliance/system properties retained correctly" + tags: [test_merged, test_merged_validation] + +- name: "VALIDATION 1c: Verify preserved banner (not in merge task - critical merge fix test)" + assert: + that: + - merged_fabric_config.management.banner is defined + - merged_fabric_config.management.banner | length > 0 + - "'ADVISORY' in merged_fabric_config.management.banner" + fail_msg: >- + CRITICAL: Banner was reset to empty by the merge operation! + The banner field was not specified in the merge task and must be + preserved from the original create. Expected banner containing + 'ADVISORY', Actual: '{{ merged_fabric_config.management.banner | default("") }}' + success_msg: "✓ Banner correctly preserved after merge: {{ merged_fabric_config.management.banner }}" + tags: [test_merged, test_merged_validation] + +- name: "VALIDATION 1c: Verify preserved backup and brownfield settings (not in merge task)" + assert: + that: + - merged_fabric_config.management.realTimeBackup == false + - merged_fabric_config.management.scheduledBackup == false + - merged_fabric_config.management.brownfieldNetworkNameFormat == "Auto_Net_VNI$$VNI$$_VLAN$$VLAN_ID$$" + - merged_fabric_config.management.brownfieldSkipOverlayNetworkAttachments == false + - merged_fabric_config.management.allowSmartSwitchOnboarding == false + fail_msg: >- + Preserved backup/brownfield settings validation failed. + success_msg: "✓ All 5 preserved backup and brownfield properties retained correctly" + tags: [test_merged, test_merged_validation] + +- name: "VALIDATION 1: Display comprehensive validation summary" + debug: + msg: | + ============================================================ + COMPREHENSIVE VALIDATION SUMMARY for test_fabric_merged + ============================================================ + Category 1 - Changed properties (4 fields): + ✓ bgpAsn: {{ merged_fabric_config.management.bgpAsn }} + ✓ siteId: {{ merged_fabric_config.management.siteId }} + ✓ anycastGatewayMac: {{ merged_fabric_config.management.anycastGatewayMac }} + ✓ performanceMonitoring: {{ merged_fabric_config.management.performanceMonitoring }} + + Category 2 - Re-specified properties (52 fields): + ✓ Management, IP ranges, VNI ranges, system, NX-API, bootstrap + + Category 3 - Preserved properties NOT in merge task (54 fields): + ✓ Underlay/overlay config (7 fields) + ✓ Multicast/RP settings (3 fields) + ✓ vPC extended settings (6 fields) + ✓ Advertising & protocol auth (6 fields) + ✓ BGP/routing enhancements (2 fields) + ✓ Resource ID ranges (5 fields) + ✓ System policies (11 fields) + ✓ OAM/compliance/system (9 fields) + ✓ Banner: {{ merged_fabric_config.management.banner }} + ✓ Backup & brownfield (5 fields) + + Total: 110 properties validated across all categories! + ============================================================ + tags: [test_merged, test_merged_validation] + +############################################################################# +# TEST 2: STATE REPLACED - Create and manage fabric using replaced state +############################################################################# +- name: "TEST 2a: Create fabric using state replaced (first run)" + cisco.nd.nd_manage_fabric_ibgp: + <<: *nd_info + state: replaced + config: + - fabric_name: "{{ test_fabric_replaced }}" + category: fabric + location: + latitude: 37.7749 + longitude: -122.4194 + license_tier: premier + alert_suspend: disabled + security_domain: all + telemetry_collection: false + management: + type: vxlanIbgp + bgp_asn: "65004" # DIfferent from default ASN + site_id: "65004" # DIfferent from default site_id + target_subnet_mask: 30 + anycast_gateway_mac: "2020.0000.00dd" # DIfferent from default MAC + performance_monitoring: true # DIfferent from default to true + replication_mode: multicast + multicast_group_subnet: "239.1.3.0/25" # DIfferent from default subnet + auto_generate_multicast_group_address: false + underlay_multicast_group_address_limit: 128 + tenant_routed_multicast: false + rendezvous_point_count: 4 # DIfferent from default count + rendezvous_point_loopback_id: 253 # DIfferent from default loopback + vpc_peer_link_vlan: "3700" # DIfferent from default VLAN + vpc_peer_link_enable_native_vlan: false + vpc_peer_keep_alive_option: loopback + vpc_auto_recovery_timer: 300 # DIfferent from default timer + vpc_delay_restore_timer: 120 # DIfferent from default timer + vpc_peer_link_port_channel_id: "600" # DIfferent from default port channel + vpc_ipv6_neighbor_discovery_sync: false # DIfferent from default to false + advertise_physical_ip: true # DIfferent from default to true + vpc_domain_id_range: "1-800" # DIfferent from default range + bgp_loopback_id: 0 + nve_loopback_id: 1 + vrf_template: Default_VRF_Universal + network_template: Default_Network_Universal + vrf_extension_template: Default_VRF_Extension_Universal + network_extension_template: Default_Network_Extension_Universal + l3_vni_no_vlan_default_option: false + fabric_mtu: 9000 # DIfferent from default MTU + l2_host_interface_mtu: 9000 # DIfferent from default MTU + tenant_dhcp: false # DIfferent from default to false + nxapi: false # DIfferent from default to false + nxapi_https_port: 443 + nxapi_http: true # DIfferent from default to true + nxapi_http_port: 80 + snmp_trap: false # DIfferent from default to false + anycast_border_gateway_advertise_physical_ip: true # DIfferent from default to true + greenfield_debug_flag: disable # DIfferent from default to disable + tcam_allocation: false # DIfferent from default to false + real_time_interface_statistics_collection: true # DIfferent from default to true + interface_statistics_load_interval: 30 # DIfferent from default interval + bgp_loopback_ip_range: "10.22.0.0/22" # DIfferent from default range + nve_loopback_ip_range: "10.23.0.0/22" # DIfferent from default range + anycast_rendezvous_point_ip_range: "10.254.252.0/24" # DIfferent from default range + intra_fabric_subnet_range: "10.24.0.0/16" # DIfferent from default range + l2_vni_range: "40000-59000" # DIfferent from default range + l3_vni_range: "60000-69000" # DIfferent from default range + network_vlan_range: "2400-3099" # DIfferent from default range + vrf_vlan_range: "2100-2399" # DIfferent from default range + sub_interface_dot1q_range: "2-511" + vrf_lite_auto_config: manual + vrf_lite_subnet_range: "10.53.0.0/16" # DIfferent from default range + vrf_lite_subnet_target_mask: 30 + auto_unique_vrf_lite_ip_prefix: false + per_vrf_loopback_auto_provision: true + per_vrf_loopback_ip_range: "10.25.0.0/22" # DIfferent from default range + per_vrf_loopback_auto_provision_ipv6: true + per_vrf_loopback_ipv6_range: "fd00::a25:0/112" # DIfferent from default range + banner: "^ Updated via replaced state ^" # Added banner + day0_bootstrap: false + local_dhcp_server: false + dhcp_protocol_version: dhcpv4 + dhcp_start_address: "" + dhcp_end_address: "" + management_gateway: "" + management_ipv4_prefix: 24 + management_ipv6_prefix: 64 + register: replaced_result_1 + tags: [test_replaced, test_replaced_create] + +- name: "TEST 2a: Verify fabric was created using replaced state" + assert: + that: + - replaced_result_1 is changed + - replaced_result_1 is not failed + fail_msg: "Fabric creation with state replaced failed" + success_msg: "Fabric successfully created with state replaced" + tags: [test_replaced, test_replaced_create] + +- name: "TEST 2b: Create fabric using state replaced (second run - idempotency test)" + cisco.nd.nd_manage_fabric_ibgp: + <<: *nd_info + state: replaced + config: + - fabric_name: "{{ test_fabric_replaced }}" + category: fabric + location: + latitude: 37.7749 + longitude: -122.4194 + license_tier: premier + alert_suspend: disabled + security_domain: all + telemetry_collection: false + management: + type: vxlanIbgp + bgp_asn: "65004" # DIfferent from default ASN + site_id: "65004" # DIfferent from default site_id + target_subnet_mask: 30 + anycast_gateway_mac: "2020.0000.00dd" # DIfferent from default MAC + performance_monitoring: true # DIfferent from default to true + replication_mode: multicast + multicast_group_subnet: "239.1.3.0/25" # DIfferent from default subnet + auto_generate_multicast_group_address: false + underlay_multicast_group_address_limit: 128 + tenant_routed_multicast: false + rendezvous_point_count: 4 # DIfferent from default count + rendezvous_point_loopback_id: 253 # DIfferent from default loopback + vpc_peer_link_vlan: "3700" # DIfferent from default VLAN + vpc_peer_link_enable_native_vlan: false + vpc_peer_keep_alive_option: loopback + vpc_auto_recovery_timer: 300 # DIfferent from default timer + vpc_delay_restore_timer: 120 # DIfferent from default timer + vpc_peer_link_port_channel_id: "600" # DIfferent from default port channel + vpc_ipv6_neighbor_discovery_sync: false # DIfferent from default to false + advertise_physical_ip: true # DIfferent from default to true + vpc_domain_id_range: "1-800" # DIfferent from default range + bgp_loopback_id: 0 + nve_loopback_id: 1 + vrf_template: Default_VRF_Universal + network_template: Default_Network_Universal + vrf_extension_template: Default_VRF_Extension_Universal + network_extension_template: Default_Network_Extension_Universal + l3_vni_no_vlan_default_option: false + fabric_mtu: 9000 # DIfferent from default MTU + l2_host_interface_mtu: 9000 # DIfferent from default MTU + tenant_dhcp: false # DIfferent from default to false + nxapi: false # DIfferent from default to false + nxapi_https_port: 443 + nxapi_http: true # DIfferent from default to true + nxapi_http_port: 80 + snmp_trap: false # DIfferent from default to false + anycast_border_gateway_advertise_physical_ip: true # DIfferent from default to true + greenfield_debug_flag: disable # DIfferent from default to disable + tcam_allocation: false # DIfferent from default to false + real_time_interface_statistics_collection: true # DIfferent from default to true + interface_statistics_load_interval: 30 # DIfferent from default interval + bgp_loopback_ip_range: "10.22.0.0/22" # DIfferent from default range + nve_loopback_ip_range: "10.23.0.0/22" # DIfferent from default range + anycast_rendezvous_point_ip_range: "10.254.252.0/24" # DIfferent from default range + intra_fabric_subnet_range: "10.24.0.0/16" # DIfferent from default range + l2_vni_range: "40000-59000" # DIfferent from default range + l3_vni_range: "60000-69000" # DIfferent from default range + network_vlan_range: "2400-3099" # DIfferent from default range + vrf_vlan_range: "2100-2399" # DIfferent from default range + sub_interface_dot1q_range: "2-511" + vrf_lite_auto_config: manual + vrf_lite_subnet_range: "10.53.0.0/16" # DIfferent from default range + vrf_lite_subnet_target_mask: 30 + auto_unique_vrf_lite_ip_prefix: false + per_vrf_loopback_auto_provision: true + per_vrf_loopback_ip_range: "10.25.0.0/22" # DIfferent from default range + per_vrf_loopback_auto_provision_ipv6: true + per_vrf_loopback_ipv6_range: "fd00::a25:0/112" # DIfferent from default range + banner: "^ Updated via replaced state ^" # Added banner + day0_bootstrap: false + local_dhcp_server: false + dhcp_protocol_version: dhcpv4 + dhcp_start_address: "" + dhcp_end_address: "" + management_gateway: "" + management_ipv4_prefix: 24 + management_ipv6_prefix: 64 + register: replaced_result_2 + tags: [test_replaced, test_replaced_idempotent] + +- name: "TEST 2b: Verify replaced state is idempotent" + assert: + that: + - replaced_result_2 is not changed + - replaced_result_2 is not failed + fail_msg: "Replaced state is not idempotent - should not change when run twice with same config" + success_msg: "Replaced state is idempotent - no changes on second run" + tags: [test_replaced, test_replaced_idempotent] + +- name: "TEST 2c: Update fabric using state replaced (complete replacement)" + cisco.nd.nd_manage_fabric_ibgp: + <<: *nd_info + state: replaced + config: + - fabric_name: "{{ test_fabric_replaced }}" + category: fabric + location: + latitude: 37.7749 + longitude: -122.4194 + license_tier: premier + alert_suspend: disabled + security_domain: all + telemetry_collection: false + management: + type: vxlanIbgp + bgp_asn: "65004" # Changed ASN + site_id: "65004" # Changed site_id + banner: "^ Updated via replaced state ^" # Added banner + register: replaced_result_3 + tags: [test_replaced, test_replaced_update] + +- name: "TEST 2c: Verify fabric was completely replaced" + assert: + that: + - replaced_result_3 is changed + - replaced_result_3 is not failed + fail_msg: "Fabric replacement with state replaced failed" + success_msg: "Fabric successfully replaced with state replaced" + tags: [test_replaced, test_replaced_update] + +# ############################################################################# +# # VALIDATION: Query test_fabric_replaced and validate expected changes +# ############################################################################# +# Get authentication token first +- name: "VALIDATION 2: Authenticate with ND to get token" + ansible.builtin.uri: + url: "https://{{ ansible_host }}:{{ ansible_httpapi_port | default(443) }}/login" + method: POST + headers: + Content-Type: "application/json" + body_format: json + body: + domain: "{{ ansible_httpapi_login_domain | default('local') }}" + userName: "{{ ansible_user }}" + userPasswd: "{{ ansible_password }}" + validate_certs: false + return_content: true + status_code: + - 200 + register: nd_auth_response_2 + tags: [test_replaced, test_replaced_validation] + delegate_to: localhost + +- name: "VALIDATION 2: Query test_fabric_replaced configuration from ND" + ansible.builtin.uri: + url: "https://{{ ansible_host }}:{{ ansible_httpapi_port | default(443) }}/api/v1/manage/fabrics/{{ test_fabric_replaced }}" + method: GET + headers: + Authorization: "Bearer {{ nd_auth_response_2.json.jwttoken }}" + Content-Type: "application/json" + validate_certs: false + return_content: true + status_code: + - 200 + - 404 + register: replaced_fabric_query + tags: [test_replaced, test_replaced_validation] + delegate_to: localhost + +- name: "VALIDATION 2: Parse fabric configuration response" + set_fact: + replaced_fabric_config: "{{ replaced_fabric_query.json }}" + tags: [test_replaced, test_replaced_validation] + +# Network Range Validations +# +# Category 1: Properties explicitly specified in TEST 2c replace task +# +- name: "VALIDATION 2a: Verify explicitly specified properties in replace" + assert: + that: + - replaced_fabric_config.management.bgpAsn == "65004" + - replaced_fabric_config.management.siteId == "65004" + - replaced_fabric_config.management.banner == "^ Updated via replaced state ^" + fail_msg: >- + Explicitly specified properties validation failed. + bgpAsn: {{ replaced_fabric_config.management.bgpAsn }} (expected 65004), + siteId: {{ replaced_fabric_config.management.siteId }} (expected 65004), + banner: '{{ replaced_fabric_config.management.banner }}' (expected '^ Updated via replaced state ^') + success_msg: "✓ All 3 explicitly specified properties set correctly (bgpAsn, siteId, banner)" + tags: [test_replaced, test_replaced_validation] + +# +# Category 2: Properties NOT specified in TEST 2c - MUST revert to Pydantic defaults +# This is the critical replaced behavior: complete replacement means unspecified +# properties get their model default values, NOT the values from TEST 2a. +# +- name: "VALIDATION 2b: Verify core/overlay defaults after replace (was changed in 2a)" + assert: + that: + # These were set to non-default values in TEST 2a and must now revert + - replaced_fabric_config.management.anycastGatewayMac == "2020.0000.00aa" # was 2020.0000.00dd + - replaced_fabric_config.management.performanceMonitoring == false # was true + - replaced_fabric_config.management.targetSubnetMask == 30 + - replaced_fabric_config.management.fabricMtu == 9216 # was 9000 + - replaced_fabric_config.management.l2HostInterfaceMtu == 9216 # was 9000 + - replaced_fabric_config.management.overlayMode == "cli" + - replaced_fabric_config.management.underlayIpv6 == false + - replaced_fabric_config.management.fabricInterfaceType == "p2p" + - replaced_fabric_config.management.linkStateRoutingProtocol == "ospf" + - replaced_fabric_config.management.ospfAreaId == "0.0.0.0" + - replaced_fabric_config.management.staticUnderlayIpAllocation == false + fail_msg: >- + Core/overlay defaults validation failed after replace. Properties not + specified in the replace task must revert to Pydantic model defaults. + success_msg: "✓ All 11 core/overlay properties correctly reverted to defaults" + tags: [test_replaced, test_replaced_validation] + +- name: "VALIDATION 2b: Verify multicast/replication defaults after replace" + assert: + that: + - replaced_fabric_config.management.replicationMode == "multicast" + - replaced_fabric_config.management.multicastGroupSubnet == "239.1.1.0/25" # was 239.1.3.0/25 + - replaced_fabric_config.management.autoGenerateMulticastGroupAddress == false + - replaced_fabric_config.management.underlayMulticastGroupAddressLimit == 128 + - replaced_fabric_config.management.tenantRoutedMulticast == false + - replaced_fabric_config.management.tenantRoutedMulticastIpv6 == false + - replaced_fabric_config.management.rendezvousPointCount == 2 # was 4 + - replaced_fabric_config.management.rendezvousPointLoopbackId == 254 # was 253 + - replaced_fabric_config.management.rendezvousPointMode == "asm" + - replaced_fabric_config.management.pimHelloAuthentication == false + fail_msg: >- + Multicast/replication defaults validation failed after replace. + success_msg: "✓ All 10 multicast/replication properties correctly reverted to defaults" + tags: [test_replaced, test_replaced_validation] + +- name: "VALIDATION 2b: Verify vPC defaults after replace (were changed in 2a)" + assert: + that: + - replaced_fabric_config.management.vpcPeerLinkVlan == "3600" # was 3700 + - replaced_fabric_config.management.vpcPeerLinkEnableNativeVlan == false + - replaced_fabric_config.management.vpcPeerKeepAliveOption == "management" # default is management, 2a used loopback + - replaced_fabric_config.management.vpcAutoRecoveryTimer == 360 # was 300 + - replaced_fabric_config.management.vpcDelayRestoreTimer == 150 # was 120 + - replaced_fabric_config.management.vpcPeerLinkPortChannelId == "500" # was 600 + - replaced_fabric_config.management.vpcDomainIdRange == "1-1000" # was 1-800 + - replaced_fabric_config.management.vpcIpv6NeighborDiscoverySync == true # was false in 2a + - replaced_fabric_config.management.vpcLayer3PeerRouter == true + - replaced_fabric_config.management.vpcTorDelayRestoreTimer == 30 + - replaced_fabric_config.management.fabricVpcDomainId == false + - replaced_fabric_config.management.fabricVpcQos == false + - replaced_fabric_config.management.enablePeerSwitch == false + fail_msg: >- + vPC defaults validation failed after replace. + success_msg: "✓ All 13 vPC properties correctly reverted to defaults" + tags: [test_replaced, test_replaced_validation] + +- name: "VALIDATION 2b: Verify loopback/template/routing defaults after replace" + assert: + that: + - replaced_fabric_config.management.bgpLoopbackId == 0 + - replaced_fabric_config.management.nveLoopbackId == 1 + - replaced_fabric_config.management.routeReflectorCount == 2 + - replaced_fabric_config.management.vrfTemplate == "Default_VRF_Universal" + - replaced_fabric_config.management.networkTemplate == "Default_Network_Universal" + - replaced_fabric_config.management.vrfExtensionTemplate == "Default_VRF_Extension_Universal" + - replaced_fabric_config.management.networkExtensionTemplate == "Default_Network_Extension_Universal" + - replaced_fabric_config.management.autoBgpNeighborDescription == true + - replaced_fabric_config.management.linkStateRoutingTag == "UNDERLAY" + fail_msg: >- + Loopback/template/routing defaults validation failed after replace. + success_msg: "✓ All 9 loopback/template/routing properties correctly reverted to defaults" + tags: [test_replaced, test_replaced_validation] + +- name: "VALIDATION 2b: Verify IP range defaults after replace (were changed in 2a)" + assert: + that: + - replaced_fabric_config.management.bgpLoopbackIpRange == "10.2.0.0/22" # was 10.22.0.0/22 + - replaced_fabric_config.management.nveLoopbackIpRange == "10.3.0.0/22" # was 10.23.0.0/22 + - replaced_fabric_config.management.anycastRendezvousPointIpRange == "10.254.254.0/24" # was 10.254.252.0/24 + - replaced_fabric_config.management.intraFabricSubnetRange == "10.4.0.0/16" # was 10.24.0.0/16 + fail_msg: >- + IP range defaults validation failed after replace. + success_msg: "✓ All 4 IP range properties correctly reverted to defaults" + tags: [test_replaced, test_replaced_validation] + +- name: "VALIDATION 2b: Verify VNI/VLAN range defaults after replace (were changed in 2a)" + assert: + that: + - replaced_fabric_config.management.l2VniRange == "30000-49000" # was 40000-59000 + - replaced_fabric_config.management.l3VniRange == "50000-59000" # was 60000-69000 + - replaced_fabric_config.management.networkVlanRange == "2300-2999" # was 2400-3099 + - replaced_fabric_config.management.vrfVlanRange == "2000-2299" # was 2100-2399 + - replaced_fabric_config.management.subInterfaceDot1qRange == "2-511" + - replaced_fabric_config.management.l3VniNoVlanDefaultOption == false + fail_msg: >- + VNI/VLAN range defaults validation failed after replace. + success_msg: "✓ All 6 VNI/VLAN range properties correctly reverted to defaults" + tags: [test_replaced, test_replaced_validation] + +- name: "VALIDATION 2b: Verify VRF Lite defaults after replace (were changed in 2a)" + assert: + that: + - replaced_fabric_config.management.vrfLiteAutoConfig == "manual" + - replaced_fabric_config.management.vrfLiteSubnetRange == "10.33.0.0/16" # was 10.53.0.0/16 + - replaced_fabric_config.management.vrfLiteSubnetTargetMask == 30 + - replaced_fabric_config.management.autoUniqueVrfLiteIpPrefix == false + fail_msg: >- + VRF Lite defaults validation failed after replace. + success_msg: "✓ All 4 VRF Lite properties correctly reverted to defaults" + tags: [test_replaced, test_replaced_validation] + +- name: "VALIDATION 2b: Verify per-VRF loopback defaults after replace (were changed in 2a)" + assert: + that: + - replaced_fabric_config.management.perVrfLoopbackAutoProvision == false # was true in 2a + - replaced_fabric_config.management.perVrfLoopbackAutoProvisionIpv6 == false # was true in 2a + fail_msg: >- + Per-VRF loopback defaults validation failed after replace. + success_msg: "✓ All 2 per-VRF loopback properties correctly reverted to defaults" + tags: [test_replaced, test_replaced_validation] + +- name: "VALIDATION 2b: Verify NX-API/system defaults after replace (were changed in 2a)" + assert: + that: + - replaced_fabric_config.management.nxapi == false # default is false + - replaced_fabric_config.management.nxapiHttp == true # NDFC API default is true (overrides Pydantic default of false) + - replaced_fabric_config.management.nxapiHttpsPort == 443 + - replaced_fabric_config.management.nxapiHttpPort == 80 + - replaced_fabric_config.management.tenantDhcp == true + - replaced_fabric_config.management.snmpTrap == true # was false in 2a + - replaced_fabric_config.management.cdp == false + - replaced_fabric_config.management.tcamAllocation == true # was false in 2a + - replaced_fabric_config.management.realTimeInterfaceStatisticsCollection == false # was true in 2a + fail_msg: >- + NX-API/system defaults validation failed after replace. + success_msg: "✓ All 9 NX-API/system properties correctly reverted to defaults" + tags: [test_replaced, test_replaced_validation] + +- name: "VALIDATION 2b: Verify advertising/pip defaults after replace (were changed in 2a)" + assert: + that: + - replaced_fabric_config.management.advertisePhysicalIp == false # was true in 2a + - replaced_fabric_config.management.advertisePhysicalIpOnBorder == true + - replaced_fabric_config.management.anycastBorderGatewayAdvertisePhysicalIp == false # was true in 2a + fail_msg: >- + Advertising/PIP defaults validation failed after replace. + success_msg: "✓ All 3 advertising/PIP properties correctly reverted to defaults" + tags: [test_replaced, test_replaced_validation] + +- name: "VALIDATION 2b: Verify greenfield/debug defaults after replace" + assert: + that: + - replaced_fabric_config.management.greenfieldDebugFlag == "disable" # default is disable + fail_msg: >- + Greenfield debug flag validation failed after replace. + success_msg: "✓ Greenfield debug flag correctly set to default" + tags: [test_replaced, test_replaced_validation] + +- name: "VALIDATION 2b: Verify protocol auth defaults after replace" + assert: + that: + - replaced_fabric_config.management.bgpAuthentication == false + - replaced_fabric_config.management.ospfAuthentication == false + - replaced_fabric_config.management.bfd == false + - replaced_fabric_config.management.macsec == false + - replaced_fabric_config.management.vrfLiteMacsec == false + fail_msg: >- + Protocol authentication defaults validation failed after replace. + success_msg: "✓ All 5 protocol authentication properties correctly reverted to defaults" + tags: [test_replaced, test_replaced_validation] + +- name: "VALIDATION 2b: Verify system policy defaults after replace" + assert: + that: + - replaced_fabric_config.management.securityGroupTag == false + - replaced_fabric_config.management.privateVlan == false + - replaced_fabric_config.management.defaultQueuingPolicy == false + - replaced_fabric_config.management.aimlQos == false + - replaced_fabric_config.management.dlb == false + - replaced_fabric_config.management.aiLoadSharing == false + - replaced_fabric_config.management.ptp == false + - replaced_fabric_config.management.stpRootOption == "unmanaged" + - replaced_fabric_config.management.mplsHandoff == false + - replaced_fabric_config.management.allowVlanOnLeafTorPairing == "none" + - replaced_fabric_config.management.leafTorIdRange == false + fail_msg: >- + System policy defaults validation failed after replace. + success_msg: "✓ All 11 system policy properties correctly reverted to defaults" + tags: [test_replaced, test_replaced_validation] + +- name: "VALIDATION 2b: Verify OAM/compliance/advanced defaults after replace" + assert: + that: + - replaced_fabric_config.management.nveHoldDownTimer == 180 + - replaced_fabric_config.management.nextGenerationOAM == true + - replaced_fabric_config.management.strictConfigComplianceMode == false + - replaced_fabric_config.management.advancedSshOption == false + - replaced_fabric_config.management.coppPolicy == "strict" + - replaced_fabric_config.management.powerRedundancyMode == "redundant" + - replaced_fabric_config.management.hostInterfaceAdminState == true + - replaced_fabric_config.management.policyBasedRouting == false + - replaced_fabric_config.management.inbandManagement == false + fail_msg: >- + OAM/compliance/advanced defaults validation failed after replace. + success_msg: "✓ All 9 OAM/compliance/advanced properties correctly reverted to defaults" + tags: [test_replaced, test_replaced_validation] + +- name: "VALIDATION 2b: Verify resource ID range defaults after replace" + assert: + that: + - replaced_fabric_config.management.ipServiceLevelAgreementIdRange == "10000-19999" + - replaced_fabric_config.management.objectTrackingNumberRange == "100-299" + - replaced_fabric_config.management.serviceNetworkVlanRange == "3000-3199" + - replaced_fabric_config.management.routeMapSequenceNumberRange == "1-65534" + fail_msg: >- + Resource ID range defaults validation failed after replace. + success_msg: "✓ All 4 resource ID range properties correctly reverted to defaults" + tags: [test_replaced, test_replaced_validation] + +- name: "VALIDATION 2b: Verify backup/brownfield defaults after replace" + assert: + that: + - replaced_fabric_config.management.realTimeBackup == false + - replaced_fabric_config.management.scheduledBackup == false + - replaced_fabric_config.management.brownfieldNetworkNameFormat == "Auto_Net_VNI$$VNI$$_VLAN$$VLAN_ID$$" + - replaced_fabric_config.management.brownfieldSkipOverlayNetworkAttachments == false + - replaced_fabric_config.management.allowSmartSwitchOnboarding == false + fail_msg: >- + Backup/brownfield defaults validation failed after replace. + success_msg: "✓ All 5 backup/brownfield properties correctly reverted to defaults" + tags: [test_replaced, test_replaced_validation] + +- name: "VALIDATION 2b: Verify bootstrap/DHCP defaults after replace" + assert: + that: + - replaced_fabric_config.management.day0Bootstrap == false + - replaced_fabric_config.management.localDhcpServer == false + fail_msg: >- + Bootstrap/DHCP defaults validation failed after replace. + success_msg: "✓ All 2 bootstrap/DHCP properties correctly reverted to defaults" + tags: [test_replaced, test_replaced_validation] + +- name: "VALIDATION 2: Display comprehensive validation summary for replaced" + debug: + msg: | + ============================================================ + COMPREHENSIVE VALIDATION SUMMARY for test_fabric_replaced + After TEST 2c: Replace with only bgpAsn, siteId, and banner + ============================================================ + Category 1 - Explicitly specified (3 fields): + ✓ bgpAsn: {{ replaced_fabric_config.management.bgpAsn }} + ✓ siteId: {{ replaced_fabric_config.management.siteId }} + ✓ banner: "{{ replaced_fabric_config.management.banner }}" + + Category 2 - Reverted to Pydantic defaults (108 fields): + ✓ Core/overlay config (11 fields) + ✓ Multicast/replication (10 fields) + ✓ vPC settings (13 fields) + ✓ Loopback/template/routing (9 fields) + ✓ IP ranges (4 fields) + ✓ VNI/VLAN ranges (6 fields) + ✓ VRF Lite (4 fields) + ✓ Per-VRF loopback (2 fields) + ✓ NX-API/system (9 fields) + ✓ Advertising/PIP (3 fields) + ✓ Greenfield debug (1 field) + ✓ Protocol auth (5 fields) + ✓ System policies (11 fields) + ✓ OAM/compliance/advanced (9 fields) + ✓ Resource ID ranges (4 fields) + ✓ Backup/brownfield (5 fields) + ✓ Bootstrap/DHCP (2 fields) + + Total: 111 properties validated! + Key replaced behavior verified: + - Properties from TEST 2a that were NOT in TEST 2c are reset to defaults + - anycastGatewayMac: 2020.0000.00dd → 2020.0000.00aa (default) + - multicastGroupSubnet: 239.1.3.0/25 → 239.1.1.0/25 (default) + - fabricMtu: 9000 → 9216 (default) + - vpcAutoRecoveryTimer: 300 → 360 (default) + - advertisePhysicalIp: true → false (default) + - nxapiHttp: true → false (default) + - perVrfLoopbackAutoProvision: true → false (default) + ============================================================ + tags: [test_replaced, test_replaced_validation] + +############################################################################# +# TEST 3: STATE DELETED - Delete fabrics (uses test_fabric_replaced from TEST 2) +############################################################################# +- name: "TEST 3a: Delete fabric using state deleted" + cisco.nd.nd_manage_fabric_ibgp: + <<: *nd_info + state: deleted + config: + - fabric_name: "{{ test_fabric_replaced }}" + register: deleted_result_1 + tags: [test_deleted, test_deleted_delete] + +- name: "TEST 3a: Verify fabric was deleted" + assert: + that: + - deleted_result_1 is changed + - deleted_result_1 is not failed + fail_msg: "Fabric deletion with state deleted failed" + success_msg: "Fabric successfully deleted with state deleted" + tags: [test_deleted, test_deleted_delete] + +- name: "TEST 3b: Delete fabric using state deleted (second run - idempotency test)" + cisco.nd.nd_manage_fabric_ibgp: + <<: *nd_info + state: deleted + config: + - fabric_name: "{{ test_fabric_replaced }}" + register: deleted_result_2 + tags: [test_deleted, test_deleted_idempotent] + +- name: "TEST 3b: Verify deleted state is idempotent" + assert: + that: + - deleted_result_2 is not changed + - deleted_result_2 is not failed + fail_msg: "Deleted state is not idempotent - should not change when deleting non-existent fabric" + success_msg: "Deleted state is idempotent - no changes when deleting non-existent fabric" + tags: [test_deleted, test_deleted_idempotent] + +############################################################################# +# TEST 4: Multiple fabric operations in single task +############################################################################# +- name: "TEST 4: Multiple fabric operations in single task" + cisco.nd.nd_manage_fabric_ibgp: + <<: *nd_info + state: merged + config: + - fabric_name: "multi_fabric_1" + category: fabric + location: + latitude: 37.7749 + longitude: -122.4194 + license_tier: premier + alert_suspend: disabled + security_domain: all + telemetry_collection: false + management: + type: vxlanIbgp + bgp_asn: "65101" + site_id: "65101" + target_subnet_mask: 30 + anycast_gateway_mac: "2020.0000.0001" + performance_monitoring: false + replication_mode: multicast + multicast_group_subnet: "239.1.1.0/25" + auto_generate_multicast_group_address: false + underlay_multicast_group_address_limit: 128 + tenant_routed_multicast: false + rendezvous_point_count: 2 + rendezvous_point_loopback_id: 254 + vpc_peer_link_vlan: "3600" + vpc_peer_link_enable_native_vlan: false + vpc_peer_keep_alive_option: loopback + vpc_auto_recovery_timer: 360 + vpc_delay_restore_timer: 150 + vpc_peer_link_port_channel_id: "500" + # vpc_ipv6_neighbor_discovery_sync: true + advertise_physical_ip: false + vpc_domain_id_range: "1-1000" + bgp_loopback_id: 0 + nve_loopback_id: 1 + vrf_template: Default_VRF_Universal + network_template: Default_Network_Universal + vrf_extension_template: Default_VRF_Extension_Universal + network_extension_template: Default_Network_Extension_Universal + l3_vni_no_vlan_default_option: false + fabric_mtu: 9216 + l2_host_interface_mtu: 9216 + tenant_dhcp: true + nxapi: true + nxapi_https_port: 443 + nxapi_http: false + nxapi_http_port: 80 + snmp_trap: true + anycast_border_gateway_advertise_physical_ip: false + greenfield_debug_flag: enable + tcam_allocation: true + real_time_interface_statistics_collection: false + interface_statistics_load_interval: 10 + bgp_loopback_ip_range: "10.101.0.0/22" + nve_loopback_ip_range: "10.103.0.0/22" + anycast_rendezvous_point_ip_range: "10.254.101.0/24" + intra_fabric_subnet_range: "10.104.0.0/16" + l2_vni_range: "30000-49000" + l3_vni_range: "50000-59000" + network_vlan_range: "2300-2999" + vrf_vlan_range: "2000-2299" + sub_interface_dot1q_range: "2-511" + vrf_lite_auto_config: manual + vrf_lite_subnet_range: "10.133.0.0/16" + vrf_lite_subnet_target_mask: 30 + auto_unique_vrf_lite_ip_prefix: false + per_vrf_loopback_auto_provision: true + per_vrf_loopback_ip_range: "10.105.0.0/22" + # per_vrf_loopback_auto_provision_ipv6: false + # per_vrf_loopback_ipv6_range: "fd00::a105:0/112" + banner: "" + day0_bootstrap: false + local_dhcp_server: false + dhcp_protocol_version: dhcpv4 + dhcp_start_address: "" + dhcp_end_address: "" + management_gateway: "" + management_ipv4_prefix: 24 + # management_ipv6_prefix: 64 + - fabric_name: "multi_fabric_2" + category: fabric + location: + latitude: 37.7749 + longitude: -122.4194 + license_tier: premier + alert_suspend: disabled + security_domain: all + telemetry_collection: false + management: + type: vxlanIbgp + bgp_asn: "65102" + site_id: "65102" + target_subnet_mask: 30 + anycast_gateway_mac: "2020.0000.0002" + performance_monitoring: false + replication_mode: multicast + multicast_group_subnet: "239.1.1.0/25" + auto_generate_multicast_group_address: false + underlay_multicast_group_address_limit: 128 + tenant_routed_multicast: false + rendezvous_point_count: 2 + rendezvous_point_loopback_id: 254 + vpc_peer_link_vlan: "3600" + vpc_peer_link_enable_native_vlan: false + vpc_peer_keep_alive_option: loopback + vpc_auto_recovery_timer: 360 + vpc_delay_restore_timer: 150 + vpc_peer_link_port_channel_id: "500" + # vpc_ipv6_neighbor_discovery_sync: true + advertise_physical_ip: false + vpc_domain_id_range: "1-1000" + bgp_loopback_id: 0 + nve_loopback_id: 1 + vrf_template: Default_VRF_Universal + network_template: Default_Network_Universal + vrf_extension_template: Default_VRF_Extension_Universal + network_extension_template: Default_Network_Extension_Universal + l3_vni_no_vlan_default_option: false + fabric_mtu: 9216 + l2_host_interface_mtu: 9216 + tenant_dhcp: true + nxapi: true + nxapi_https_port: 443 + nxapi_http: false + nxapi_http_port: 80 + snmp_trap: true + anycast_border_gateway_advertise_physical_ip: false + greenfield_debug_flag: enable + tcam_allocation: true + real_time_interface_statistics_collection: false + interface_statistics_load_interval: 10 + bgp_loopback_ip_range: "10.102.0.0/22" + nve_loopback_ip_range: "10.103.0.0/22" + anycast_rendezvous_point_ip_range: "10.254.102.0/24" + intra_fabric_subnet_range: "10.104.0.0/16" + l2_vni_range: "30000-49000" + l3_vni_range: "50000-59000" + network_vlan_range: "2300-2999" + vrf_vlan_range: "2000-2299" + sub_interface_dot1q_range: "2-511" + vrf_lite_auto_config: manual + vrf_lite_subnet_range: "10.134.0.0/16" + vrf_lite_subnet_target_mask: 30 + auto_unique_vrf_lite_ip_prefix: false + per_vrf_loopback_auto_provision: true + per_vrf_loopback_ip_range: "10.106.0.0/22" + # per_vrf_loopback_auto_provision_ipv6: false + # per_vrf_loopback_ipv6_range: "fd00::a106:0/112" + banner: "" + day0_bootstrap: false + local_dhcp_server: false + dhcp_protocol_version: dhcpv4 + dhcp_start_address: "" + dhcp_end_address: "" + management_gateway: "" + management_ipv4_prefix: 24 + # management_ipv6_prefix: 64 + register: multi_fabric_result + tags: [test_multi, test_multi_create] + +- name: "TEST 4: Verify multiple fabrics were created" + assert: + that: + - multi_fabric_result is changed + - multi_fabric_result is not failed + fail_msg: "Multiple fabric creation failed" + success_msg: "Multiple fabrics successfully created" + tags: [test_multi, test_multi_create] + +############################################################################# +# FINAL CLEANUP - Clean up all test fabrics +############################################################################# +- name: "CLEANUP: Delete all test fabrics" + cisco.nd.nd_manage_fabric_ibgp: + <<: *nd_info + state: deleted + config: + - fabric_name: "{{ test_fabric_merged }}" + - fabric_name: "{{ test_fabric_replaced }}" + - fabric_name: "multi_fabric_1" + - fabric_name: "multi_fabric_2" + ignore_errors: true + tags: [cleanup, always] + +############################################################################# +# TEST SUMMARY +############################################################################# +- name: "TEST SUMMARY: Display test results" + debug: + msg: | + ======================================================== + TEST SUMMARY for cisco.nd.nd_manage_fabric_ibgp module: + ======================================================== + ✓ TEST 1: STATE MERGED + - Create fabric: {{ 'PASSED' if merged_result_1 is changed else 'FAILED' }} + - Idempotency: {{ 'PASSED' if merged_result_2 is not changed else 'FAILED' }} + - Update fabric: {{ 'PASSED' if merged_result_3 is changed else 'FAILED' }} + + ✓ TEST 2: STATE REPLACED + - Create fabric: {{ 'PASSED' if replaced_result_1 is changed else 'FAILED' }} + - Idempotency: {{ 'PASSED' if replaced_result_2 is not changed else 'FAILED' }} + - Replace fabric: {{ 'PASSED' if replaced_result_3 is changed else 'FAILED' }} + + ✓ TEST 3: STATE DELETED + - Delete fabric: {{ 'PASSED' if deleted_result_1 is changed else 'FAILED' }} + - Idempotency: {{ 'PASSED' if deleted_result_2 is not changed else 'FAILED' }} + + ✓ TEST 4: MULTIPLE FABRICS + - Multi-create: {{ 'PASSED' if multi_fabric_result is changed else 'FAILED' }} + + All tests validate: + - State merged: Creates and updates fabrics by merging changes + - State replaced: Creates and completely replaces fabric configuration + - State deleted: Removes fabrics + - Idempotency: All operations are idempotent when run multiple times + ======================================== + tags: [summary, always] \ No newline at end of file diff --git a/tests/integration/targets/nd_manage_fabric/tasks/main.yaml b/tests/integration/targets/nd_manage_fabric/tasks/main.yaml new file mode 100644 index 00000000..eacc3be3 --- /dev/null +++ b/tests/integration/targets/nd_manage_fabric/tasks/main.yaml @@ -0,0 +1,9 @@ +--- +- name: Run nd_manage_fabric iBGP tests + ansible.builtin.include_tasks: fabric_ibgp.yaml + +- name: Run nd_manage_fabric eBGP tests + ansible.builtin.include_tasks: fabric_ebgp.yaml + +- name: Run nd_manage_fabric External Connectivity tests + ansible.builtin.include_tasks: fabric_external.yaml diff --git a/tests/integration/targets/nd_manage_fabric/vars/main.yaml b/tests/integration/targets/nd_manage_fabric/vars/main.yaml new file mode 100644 index 00000000..893b17bb --- /dev/null +++ b/tests/integration/targets/nd_manage_fabric/vars/main.yaml @@ -0,0 +1,328 @@ +--- + +test_fabric_merged: "ibgp_test_fabric_merged" +test_fabric_replaced: "ibgp_test_fabric_replaced" +test_fabric_deleted: "ibgp_test_fabric_deleted" + +ebgp_test_fabric_merged: "ebgp_test_fabric_merged" +ebgp_test_fabric_replaced: "ebgp_test_fabric_replaced" +ebgp_test_fabric_deleted: "ebgp_test_fabric_deleted" + +ext_test_fabric_merged: "ext_test_fabric_merged" +ext_test_fabric_replaced: "ext_test_fabric_replaced" +ext_test_fabric_deleted: "ext_test_fabric_deleted" + +# Common fabric configuration for all tests +# common_fabric_config: +fabric_config_ibgp: + category: fabric + location: + latitude: 37.7749 + longitude: -122.4194 + license_tier: premier + alert_suspend: disabled + security_domain: all + telemetry_collection: false + management: + type: vxlanIbgp + bgp_asn: "65001.55" + site_id: "65001" + overlay_mode: cli + underlay_ipv6: false + fabric_interface_type: p2p + link_state_routing_protocol: ospf + ospf_area_id: "0.0.0.0" + route_reflector_count: 4 + target_subnet_mask: 30 + anycast_gateway_mac: "2020.0000.00aa" + fabric_mtu: 9216 + l2_host_interface_mtu: 9216 + performance_monitoring: false + static_underlay_ip_allocation: false + + # Replication / Multicast + replication_mode: multicast + multicast_group_subnet: "239.1.1.0/25" + auto_generate_multicast_group_address: false + underlay_multicast_group_address_limit: 128 + tenant_routed_multicast: false + tenant_routed_multicast_ipv6: false + rendezvous_point_count: 2 + rendezvous_point_mode: asm + rendezvous_point_loopback_id: 254 + pim_hello_authentication: false + + # vPC + vpc_peer_link_vlan: "3600" + vpc_peer_link_enable_native_vlan: false + vpc_peer_keep_alive_option: loopback + vpc_auto_recovery_timer: 360 + vpc_delay_restore_timer: 150 + vpc_peer_link_port_channel_id: "500" + vpc_ipv6_neighbor_discovery_sync: true + vpc_layer3_peer_router: true + vpc_tor_delay_restore_timer: 30 + fabric_vpc_domain_id: false + fabric_vpc_qos: false + enable_peer_switch: false + + # PIP / Advertising + advertise_physical_ip: false + advertise_physical_ip_on_border: true + anycast_border_gateway_advertise_physical_ip: false + + # Domain / Loopback IDs + vpc_domain_id_range: "1-1000" + bgp_loopback_id: 0 + nve_loopback_id: 1 + + # Templates + vrf_template: Default_VRF_Universal + network_template: Default_Network_Universal + vrf_extension_template: Default_VRF_Extension_Universal + network_extension_template: Default_Network_Extension_Universal + + # Protocol Authentication + bgp_authentication: false + ospf_authentication: false + bfd: false + macsec: false + vrf_lite_macsec: false + + # BGP / Routing Enhancements + auto_bgp_neighbor_description: true + ibgp_peer_template: "" + leaf_ibgp_peer_template: "" + link_state_routing_tag: "UNDERLAY" + + # Resource ID Ranges + l3_vni_no_vlan_default_option: false + l2_vni_range: "30000-49000" + l3_vni_range: "50000-59000" + network_vlan_range: "2300-2999" + vrf_vlan_range: "2000-2299" + sub_interface_dot1q_range: "2-511" + ip_service_level_agreement_id_range: "10000-19999" + object_tracking_number_range: "100-299" + service_network_vlan_range: "3000-3199" + route_map_sequence_number_range: "1-65534" + + # IP Ranges + bgp_loopback_ip_range: "10.2.0.0/22" + nve_loopback_ip_range: "10.3.0.0/22" + anycast_rendezvous_point_ip_range: "10.254.254.0/24" + intra_fabric_subnet_range: "10.4.0.0/16" + + # VRF Lite / DCI + vrf_lite_auto_config: manual + vrf_lite_subnet_range: "10.33.0.0/16" + vrf_lite_subnet_target_mask: 30 + auto_unique_vrf_lite_ip_prefix: false + + # Per-VRF Loopback + per_vrf_loopback_auto_provision: true + per_vrf_loopback_ip_range: "10.5.0.0/22" + per_vrf_loopback_auto_provision_ipv6: false + + # Management / System + tenant_dhcp: true + nxapi: true + nxapi_https_port: 443 + nxapi_http: false + nxapi_http_port: 80 + snmp_trap: true + cdp: false + real_time_interface_statistics_collection: false + interface_statistics_load_interval: 10 + tcam_allocation: true + inband_management: false + + # Security + security_group_tag: false + private_vlan: false + + # QoS / Queuing + default_queuing_policy: false + aiml_qos: false + + # DLB / AI + dlb: false + ai_load_sharing: false + + # PTP / STP / MPLS + ptp: false + stp_root_option: unmanaged + mpls_handoff: false + + # Leaf / TOR + allow_vlan_on_leaf_tor_pairing: none + leaf_tor_id_range: false + + # OAM / Compliance + nve_hold_down_timer: 180 + next_generation_oam: true + strict_config_compliance_mode: false + greenfield_debug_flag: enable + + # System Policies + advanced_ssh_option: false + copp_policy: strict + power_redundancy_mode: redundant + host_interface_admin_state: true + policy_based_routing: false + + # Freeform Config + extra_config_leaf: "" + extra_config_spine: "" + extra_config_tor: "" + extra_config_intra_fabric_links: "" + extra_config_aaa: "" + pre_interface_config_leaf: "" + pre_interface_config_spine: "" + pre_interface_config_tor: "" + + # Banner + banner: | + @ADVISORY This is a test fabric deployed by Ansible for validation purposes. Do not make changes to this fabric outside of Ansible or use it for production traffic. ADVISORY@ + + # Backup + real_time_backup: false + scheduled_backup: false + + # Brownfield + brownfield_network_name_format: "Auto_Net_VNI$$VNI$$_VLAN$$VLAN_ID$$" + brownfield_skip_overlay_network_attachments: false + + # Hypershield + allow_smart_switch_onboarding: false + + # Bootstrap / DHCP + day0_bootstrap: false + local_dhcp_server: false + dhcp_protocol_version: dhcpv4 + dhcp_start_address: "" + dhcp_end_address: "" + management_gateway: "" + management_ipv4_prefix: 24 + +# Common External Connectivity fabric configuration for all External tests +# common_external_fabric_config: +fabric_config_external: + category: fabric + location: + latitude: 37.7749 + longitude: -122.4194 + license_tier: premier + alert_suspend: disabled + security_domain: all + telemetry_collection: false + management: + type: externalConnectivity + bgp_asn: "65001" + copp_policy: manual + create_bgp_config: true + cdp: false + snmp_trap: true + nxapi: false + nxapi_http: false + nxapi_https_port: 443 + nxapi_http_port: 80 + performance_monitoring: false + real_time_interface_statistics_collection: false + interface_statistics_load_interval: 10 + sub_interface_dot1q_range: "2-511" + power_redundancy_mode: redundant + ptp: false + ptp_domain_id: 0 + ptp_loopback_id: 0 + mpls_handoff: false + mpls_loopback_ip_range: "10.102.0.0/25" + day0_bootstrap: false + local_dhcp_server: false + dhcp_protocol_version: dhcpv4 + dhcp_start_address: "" + dhcp_end_address: "" + management_gateway: "" + management_ipv4_prefix: 24 + +# Common eBGP fabric configuration for all eBGP tests +# common_ebgp_fabric_config: +fabric_config_ebgp: + category: fabric + location: + latitude: 37.7749 + longitude: -122.4194 + license_tier: premier + alert_suspend: disabled + security_domain: all + telemetry_collection: false + management: + type: vxlanEbgp + bgp_asn: "65001" + bgp_asn_auto_allocation: false + site_id: "65001" + bgp_as_mode: multiAS + bgp_allow_as_in_num: 1 + bgp_max_path: 4 + auto_configure_ebgp_evpn_peering: true + target_subnet_mask: 30 + anycast_gateway_mac: "2020.0000.00aa" + performance_monitoring: false + replication_mode: multicast + multicast_group_subnet: "239.1.1.0/25" + auto_generate_multicast_group_address: false + underlay_multicast_group_address_limit: 128 + tenant_routed_multicast: false + rendezvous_point_count: 2 + rendezvous_point_loopback_id: 254 + vpc_peer_link_vlan: "3600" + vpc_peer_link_enable_native_vlan: false + vpc_peer_keep_alive_option: management + vpc_auto_recovery_timer: 360 + vpc_delay_restore_timer: 150 + vpc_peer_link_port_channel_id: "500" + advertise_physical_ip: false + vpc_domain_id_range: "1-1000" + bgp_loopback_id: 0 + nve_loopback_id: 1 + vrf_template: Default_VRF_Universal + network_template: Default_Network_Universal + vrf_extension_template: Default_VRF_Extension_Universal + network_extension_template: Default_Network_Extension_Universal + l3_vni_no_vlan_default_option: false + fabric_mtu: 9216 + l2_host_interface_mtu: 9216 + tenant_dhcp: true + nxapi: false + nxapi_https_port: 443 + nxapi_http: false + nxapi_http_port: 80 + snmp_trap: true + anycast_border_gateway_advertise_physical_ip: false + greenfield_debug_flag: disable + tcam_allocation: true + real_time_interface_statistics_collection: false + interface_statistics_load_interval: 10 + bgp_loopback_ip_range: "10.2.0.0/22" + nve_loopback_ip_range: "10.3.0.0/22" + anycast_rendezvous_point_ip_range: "10.254.254.0/24" + intra_fabric_subnet_range: "10.4.0.0/16" + l2_vni_range: "30000-49000" + l3_vni_range: "50000-59000" + network_vlan_range: "2300-2999" + vrf_vlan_range: "2000-2299" + sub_interface_dot1q_range: "2-511" + vrf_lite_auto_config: manual + vrf_lite_subnet_range: "10.33.0.0/16" + vrf_lite_subnet_target_mask: 30 + auto_unique_vrf_lite_ip_prefix: false + per_vrf_loopback_auto_provision: true + per_vrf_loopback_ip_range: "10.5.0.0/22" + banner: "" + day0_bootstrap: false + local_dhcp_server: false + dhcp_protocol_version: dhcpv4 + dhcp_start_address: "" + dhcp_end_address: "" + management_gateway: "" + management_ipv4_prefix: 24 diff --git a/tests/unit/module_utils/endpoints/test_endpoints_api_v1_manage_fabrics.py b/tests/unit/module_utils/endpoints/test_endpoints_api_v1_manage_fabrics.py new file mode 100644 index 00000000..cb1b17d4 --- /dev/null +++ b/tests/unit/module_utils/endpoints/test_endpoints_api_v1_manage_fabrics.py @@ -0,0 +1,736 @@ +# Copyright: (c) 2026, Mike Wiebe (@mwiebe) + +# GNU General Public License v3.0+ (see LICENSE or https://www.gnu.org/licenses/gpl-3.0.txt) + +""" +Unit tests for manage_fabrics.py + +Tests the ND Manage Fabrics endpoint classes +""" + +from __future__ import absolute_import, annotations, division, print_function + +# pylint: disable=invalid-name +__metaclass__ = type +# pylint: enable=invalid-name + +import pytest # pylint: disable=unused-import +from ansible_collections.cisco.nd.plugins.module_utils.endpoints.v1.manage.manage_fabrics import ( + EpManageFabricsDelete, + EpManageFabricsGet, + EpManageFabricsListGet, + EpManageFabricsPost, + EpManageFabricsPut, + EpManageFabricsSummaryGet, +) +from ansible_collections.cisco.nd.plugins.module_utils.enums import HttpVerbEnum +from ansible_collections.cisco.nd.tests.unit.module_utils.common_utils import ( + does_not_raise, +) + +# ============================================================================= +# Test: EpManageFabricsGet +# ============================================================================= + + +def test_endpoints_api_v1_manage_fabrics_00010(): + """ + # Summary + + Verify EpManageFabricsGet basic instantiation + + ## Test + + - Instance can be created + - class_name is set correctly + - verb is GET + + ## Classes and Methods + + - EpManageFabricsGet.__init__() + - EpManageFabricsGet.verb + - EpManageFabricsGet.class_name + """ + with does_not_raise(): + instance = EpManageFabricsGet() + assert instance.class_name == "EpApiV1ManageFabricsGet" + assert instance.verb == HttpVerbEnum.GET + + +def test_endpoints_api_v1_manage_fabrics_00020(): + """ + # Summary + + Verify EpManageFabricsGet path with fabric_name + + ## Test + + - path returns "/api/v1/manage/fabrics/my-fabric" when fabric_name is set + + ## Classes and Methods + + - EpManageFabricsGet.path + - EpManageFabricsGet.fabric_name + """ + with does_not_raise(): + instance = EpManageFabricsGet() + instance.fabric_name = "my-fabric" + result = instance.path + assert result == "/api/v1/manage/fabrics/my-fabric" + + +def test_endpoints_api_v1_manage_fabrics_00030(): + """ + # Summary + + Verify EpManageFabricsGet path without fabric_name raises ValueError + + ## Test + + - Accessing path without setting fabric_name raises ValueError + + ## Classes and Methods + + - EpManageFabricsGet.path + """ + with pytest.raises(ValueError): + instance = EpManageFabricsGet() + result = instance.path # noqa: F841 + + +def test_endpoints_api_v1_manage_fabrics_00040(): + """ + # Summary + + Verify EpManageFabricsGet path with fabric_name and cluster_name query param + + ## Test + + - path includes clusterName query parameter when set + + ## Classes and Methods + + - EpManageFabricsGet.path + - EpManageFabricsGet.endpoint_params + """ + with does_not_raise(): + instance = EpManageFabricsGet() + instance.fabric_name = "my-fabric" + instance.endpoint_params.cluster_name = "cluster1" + result = instance.path + assert result == "/api/v1/manage/fabrics/my-fabric?clusterName=cluster1" + + +# ============================================================================= +# Test: EpManageFabricsListGet +# ============================================================================= + + +def test_endpoints_api_v1_manage_fabrics_00100(): + """ + # Summary + + Verify EpManageFabricsListGet basic instantiation + + ## Test + + - Instance can be created + - class_name is set correctly + - verb is GET + + ## Classes and Methods + + - EpManageFabricsListGet.__init__() + - EpManageFabricsListGet.verb + - EpManageFabricsListGet.class_name + """ + with does_not_raise(): + instance = EpManageFabricsListGet() + assert instance.class_name == "EpApiV1ManageFabricsListGet" + assert instance.verb == HttpVerbEnum.GET + + +def test_endpoints_api_v1_manage_fabrics_00110(): + """ + # Summary + + Verify EpManageFabricsListGet path without fabric_name + + ## Test + + - path returns "/api/v1/manage/fabrics" when fabric_name is not set + (no error since _require_fabric_name is False) + + ## Classes and Methods + + - EpManageFabricsListGet.path + """ + with does_not_raise(): + instance = EpManageFabricsListGet() + result = instance.path + assert result == "/api/v1/manage/fabrics" + + +def test_endpoints_api_v1_manage_fabrics_00120(): + """ + # Summary + + Verify EpManageFabricsListGet path with category and max query params + + ## Test + + - path includes category and max query parameters when set + + ## Classes and Methods + + - EpManageFabricsListGet.path + - EpManageFabricsListGet.endpoint_params + """ + with does_not_raise(): + instance = EpManageFabricsListGet() + instance.endpoint_params.category = "fabric" + instance.endpoint_params.max = 10 + result = instance.path + assert "category=fabric" in result + assert "max=10" in result + assert result.startswith("/api/v1/manage/fabrics?") + + +def test_endpoints_api_v1_manage_fabrics_00130(): + """ + # Summary + + Verify EpManageFabricsListGet path with all query params + + ## Test + + - path includes all query parameters when set + (cluster_name, category, filter, max, offset, sort) + + ## Classes and Methods + + - EpManageFabricsListGet.path + - EpManageFabricsListGet.endpoint_params + """ + with does_not_raise(): + instance = EpManageFabricsListGet() + instance.endpoint_params.cluster_name = "cluster1" + instance.endpoint_params.category = "fabric" + instance.endpoint_params.filter = "name:test" + instance.endpoint_params.max = 25 + instance.endpoint_params.offset = 5 + instance.endpoint_params.sort = "name:desc" + result = instance.path + assert "clusterName=cluster1" in result + assert "category=fabric" in result + assert "max=25" in result + assert "offset=5" in result + assert "sort=name%3Adesc" in result or "sort=name:desc" in result + assert result.startswith("/api/v1/manage/fabrics?") + + +def test_endpoints_api_v1_manage_fabrics_00140(): + """ + # Summary + + Verify EpManageFabricsListGet set_identifiers with None + + ## Test + + - set_identifiers(None) leaves fabric_name as None and path still works + + ## Classes and Methods + + - EpManageFabricsListGet.set_identifiers + - EpManageFabricsListGet.path + """ + with does_not_raise(): + instance = EpManageFabricsListGet() + instance.set_identifiers(None) + result = instance.path + assert instance.fabric_name is None + assert result == "/api/v1/manage/fabrics" + + +def test_endpoints_api_v1_manage_fabrics_00150(): + """ + # Summary + + Verify Pydantic validation rejects max < 1 + + ## Test + + - Setting max to 0 raises ValueError (ge=1 constraint) + + ## Classes and Methods + + - FabricsListEndpointParams.max + """ + with pytest.raises(ValueError): + instance = EpManageFabricsListGet() + instance.endpoint_params = type(instance.endpoint_params)(max=0) + + +# ============================================================================= +# Test: EpManageFabricsPost +# ============================================================================= + + +def test_endpoints_api_v1_manage_fabrics_00200(): + """ + # Summary + + Verify EpManageFabricsPost basic instantiation + + ## Test + + - Instance can be created + - class_name is set correctly + - verb is POST + + ## Classes and Methods + + - EpManageFabricsPost.__init__() + - EpManageFabricsPost.verb + - EpManageFabricsPost.class_name + """ + with does_not_raise(): + instance = EpManageFabricsPost() + assert instance.class_name == "EpApiV1ManageFabricsPost" + assert instance.verb == HttpVerbEnum.POST + + +def test_endpoints_api_v1_manage_fabrics_00210(): + """ + # Summary + + Verify EpManageFabricsPost path without fabric_name + + ## Test + + - path returns "/api/v1/manage/fabrics" when fabric_name is not set + (no error since _require_fabric_name is False) + + ## Classes and Methods + + - EpManageFabricsPost.path + """ + with does_not_raise(): + instance = EpManageFabricsPost() + result = instance.path + assert result == "/api/v1/manage/fabrics" + + +def test_endpoints_api_v1_manage_fabrics_00220(): + """ + # Summary + + Verify EpManageFabricsPost path with cluster_name query param + + ## Test + + - path includes clusterName query parameter when set + + ## Classes and Methods + + - EpManageFabricsPost.path + - EpManageFabricsPost.endpoint_params + """ + with does_not_raise(): + instance = EpManageFabricsPost() + instance.endpoint_params.cluster_name = "cluster1" + result = instance.path + assert result == "/api/v1/manage/fabrics?clusterName=cluster1" + + +def test_endpoints_api_v1_manage_fabrics_00230(): + """ + # Summary + + Verify EpManageFabricsPost set_identifiers sets fabric_name + + ## Test + + - set_identifiers sets fabric_name (POST doesn't require it but allows it) + + ## Classes and Methods + + - EpManageFabricsPost.set_identifiers + """ + with does_not_raise(): + instance = EpManageFabricsPost() + instance.set_identifiers("test-fabric") + assert instance.fabric_name == "test-fabric" + + +# ============================================================================= +# Test: EpManageFabricsPut +# ============================================================================= + + +def test_endpoints_api_v1_manage_fabrics_00300(): + """ + # Summary + + Verify EpManageFabricsPut basic instantiation + + ## Test + + - Instance can be created + - class_name is set correctly + - verb is PUT + + ## Classes and Methods + + - EpManageFabricsPut.__init__() + - EpManageFabricsPut.verb + - EpManageFabricsPut.class_name + """ + with does_not_raise(): + instance = EpManageFabricsPut() + assert instance.class_name == "EpApiV1ManageFabricsPut" + assert instance.verb == HttpVerbEnum.PUT + + +def test_endpoints_api_v1_manage_fabrics_00310(): + """ + # Summary + + Verify EpManageFabricsPut path with fabric_name + + ## Test + + - path returns "/api/v1/manage/fabrics/my-fabric" when fabric_name is set + + ## Classes and Methods + + - EpManageFabricsPut.path + - EpManageFabricsPut.fabric_name + """ + with does_not_raise(): + instance = EpManageFabricsPut() + instance.fabric_name = "my-fabric" + result = instance.path + assert result == "/api/v1/manage/fabrics/my-fabric" + + +def test_endpoints_api_v1_manage_fabrics_00320(): + """ + # Summary + + Verify EpManageFabricsPut path without fabric_name raises ValueError + + ## Test + + - Accessing path without setting fabric_name raises ValueError + + ## Classes and Methods + + - EpManageFabricsPut.path + """ + with pytest.raises(ValueError): + instance = EpManageFabricsPut() + result = instance.path # noqa: F841 + + +def test_endpoints_api_v1_manage_fabrics_00340(): + """ + # Summary + + Verify EpManageFabricsPut path with fabric_name and cluster_name query param + + ## Test + + - path includes clusterName query parameter when set + + ## Classes and Methods + + - EpManageFabricsPut.path + - EpManageFabricsPut.endpoint_params + """ + with does_not_raise(): + instance = EpManageFabricsPut() + instance.fabric_name = "my-fabric" + instance.endpoint_params.cluster_name = "cluster1" + result = instance.path + assert result == "/api/v1/manage/fabrics/my-fabric?clusterName=cluster1" + + +# ============================================================================= +# Test: EpManageFabricsDelete +# ============================================================================= + + +def test_endpoints_api_v1_manage_fabrics_00400(): + """ + # Summary + + Verify EpManageFabricsDelete basic instantiation + + ## Test + + - Instance can be created + - class_name is set correctly + - verb is DELETE + + ## Classes and Methods + + - EpManageFabricsDelete.__init__() + - EpManageFabricsDelete.verb + - EpManageFabricsDelete.class_name + """ + with does_not_raise(): + instance = EpManageFabricsDelete() + assert instance.class_name == "EpApiV1ManageFabricsDelete" + assert instance.verb == HttpVerbEnum.DELETE + + +def test_endpoints_api_v1_manage_fabrics_00410(): + """ + # Summary + + Verify EpManageFabricsDelete path with fabric_name + + ## Test + + - path returns "/api/v1/manage/fabrics/my-fabric" when fabric_name is set + + ## Classes and Methods + + - EpManageFabricsDelete.path + - EpManageFabricsDelete.fabric_name + """ + with does_not_raise(): + instance = EpManageFabricsDelete() + instance.fabric_name = "my-fabric" + result = instance.path + assert result == "/api/v1/manage/fabrics/my-fabric" + + +def test_endpoints_api_v1_manage_fabrics_00420(): + """ + # Summary + + Verify EpManageFabricsDelete path without fabric_name raises ValueError + + ## Test + + - Accessing path without setting fabric_name raises ValueError + + ## Classes and Methods + + - EpManageFabricsDelete.path + """ + with pytest.raises(ValueError): + instance = EpManageFabricsDelete() + result = instance.path # noqa: F841 + + +def test_endpoints_api_v1_manage_fabrics_00430(): + """ + # Summary + + Verify EpManageFabricsDelete path with fabric_name and cluster_name query param + + ## Test + + - path includes clusterName query parameter when set + + ## Classes and Methods + + - EpManageFabricsDelete.path + - EpManageFabricsDelete.endpoint_params + """ + with does_not_raise(): + instance = EpManageFabricsDelete() + instance.fabric_name = "my-fabric" + instance.endpoint_params.cluster_name = "cluster1" + result = instance.path + assert result == "/api/v1/manage/fabrics/my-fabric?clusterName=cluster1" + + +# ============================================================================= +# Test: EpManageFabricsSummaryGet +# ============================================================================= + + +def test_endpoints_api_v1_manage_fabrics_00500(): + """ + # Summary + + Verify EpManageFabricsSummaryGet basic instantiation + + ## Test + + - Instance can be created + - class_name is set correctly + - verb is GET + + ## Classes and Methods + + - EpManageFabricsSummaryGet.__init__() + - EpManageFabricsSummaryGet.verb + - EpManageFabricsSummaryGet.class_name + """ + with does_not_raise(): + instance = EpManageFabricsSummaryGet() + assert instance.class_name == "EpApiV1ManageFabricsSummaryGet" + assert instance.verb == HttpVerbEnum.GET + + +def test_endpoints_api_v1_manage_fabrics_00510(): + """ + # Summary + + Verify EpManageFabricsSummaryGet path with fabric_name + + ## Test + + - path returns "/api/v1/manage/fabrics/my-fabric/summary" when fabric_name is set + + ## Classes and Methods + + - EpManageFabricsSummaryGet.path + - EpManageFabricsSummaryGet.fabric_name + """ + with does_not_raise(): + instance = EpManageFabricsSummaryGet() + instance.fabric_name = "my-fabric" + result = instance.path + assert result == "/api/v1/manage/fabrics/my-fabric/summary" + + +def test_endpoints_api_v1_manage_fabrics_00520(): + """ + # Summary + + Verify EpManageFabricsSummaryGet path without fabric_name raises ValueError + + ## Test + + - Accessing path without setting fabric_name raises ValueError + + ## Classes and Methods + + - EpManageFabricsSummaryGet.path + """ + with pytest.raises(ValueError): + instance = EpManageFabricsSummaryGet() + result = instance.path # noqa: F841 + + +def test_endpoints_api_v1_manage_fabrics_00530(): + """ + # Summary + + Verify EpManageFabricsSummaryGet path with fabric_name and cluster_name query param + + ## Test + + - path includes clusterName query parameter when set + + ## Classes and Methods + + - EpManageFabricsSummaryGet.path + - EpManageFabricsSummaryGet.endpoint_params + """ + with does_not_raise(): + instance = EpManageFabricsSummaryGet() + instance.fabric_name = "my-fabric" + instance.endpoint_params.cluster_name = "cluster1" + result = instance.path + assert result == "/api/v1/manage/fabrics/my-fabric/summary?clusterName=cluster1" + + +# ============================================================================= +# Test: All HTTP methods on same endpoint +# ============================================================================= + + +def test_endpoints_api_v1_manage_fabrics_00600(): + """ + # Summary + + Verify all HTTP verbs produce correct paths and verbs for the same fabric_name + + ## Test + + - GET, POST, PUT, DELETE all return correct paths for same fabric_name + - Each endpoint returns the correct HTTP verb + + ## Classes and Methods + + - EpManageFabricsGet + - EpManageFabricsPost + - EpManageFabricsPut + - EpManageFabricsDelete + """ + fabric_name = "test-fabric" + + with does_not_raise(): + get_ep = EpManageFabricsGet() + get_ep.fabric_name = fabric_name + + post_ep = EpManageFabricsPost() + # POST is collection-level, but fabric_name can still be set + post_ep.fabric_name = fabric_name + + put_ep = EpManageFabricsPut() + put_ep.fabric_name = fabric_name + + delete_ep = EpManageFabricsDelete() + delete_ep.fabric_name = fabric_name + + expected_path = "/api/v1/manage/fabrics/test-fabric" + assert get_ep.path == expected_path + assert post_ep.path == expected_path + assert put_ep.path == expected_path + assert delete_ep.path == expected_path + + assert get_ep.verb == HttpVerbEnum.GET + assert post_ep.verb == HttpVerbEnum.POST + assert put_ep.verb == HttpVerbEnum.PUT + assert delete_ep.verb == HttpVerbEnum.DELETE + + +# ============================================================================= +# Test: Pydantic validation +# ============================================================================= + + +def test_endpoints_api_v1_manage_fabrics_00610(): + """ + # Summary + + Verify Pydantic validation rejects empty string for fabric_name + + ## Test + + - Empty string is rejected for fabric_name (min_length=1) + + ## Classes and Methods + + - EpManageFabricsGet.__init__() + """ + with pytest.raises(ValueError): + instance = EpManageFabricsGet() + instance.fabric_name = "" + + +def test_endpoints_api_v1_manage_fabrics_00620(): + """ + # Summary + + Verify Pydantic validation rejects fabric_name exceeding max_length + + ## Test + + - fabric_name longer than 64 characters is rejected (max_length=64) + + ## Classes and Methods + + - EpManageFabricsGet.__init__() + """ + with pytest.raises(ValueError): + instance = EpManageFabricsGet() + instance.fabric_name = "a" * 65