issue #131 fixed

datacenter · Oct 10, 2024 · 5b51a22 · 5b51a22
1 parent b76fea2
commit 5b51a22
Show file tree

Hide file tree

Showing 5 changed files with 97 additions and 1 deletion.
diff --git a/aci-preupgrade-validation-script.py b/aci-preupgrade-validation-script.py
@@ -4214,6 +4214,28 @@ def validate_32_64_bit_image_check(index, total_checks, tversion, **kwargs):
  return result
 
 
+def cloudsec_encryption_check(index, total_checks, tversion, **kwargs):
+ title = 'ClouSec Encrpytion Check'
+ result = NA
+ msg = ''
+ headers = []
+ data = []
+ recommended_action = 'The feature is deprecated beginning on version 6.0(6)'
+ doc_url = 'https://datacenter.github.io/ACI-Pre-Upgrade-Validation-Script/validations#cloudsec_encryption_check'
+ print_title(title, index, total_checks)
+
+
+ cloudsec_api = 'cloudsecPreSharedKey.json'
+ cloudsecPreSharedKey = icurl('class', cloudsec_api)
+
+ if cloudsecPreSharedKey and tversion.newer_than("6.0(6a)") :
+ msg = 'The CloudSec Encryption feature is deprecated in target version'
+ result = FAIL_O
+ elif not cloudsecPreSharedKey and tversion.newer_than("6.0(6a)"):
+ result = PASS
+ print_result(title, result, msg, headers, data, recommended_action=recommended_action, doc_url=doc_url)
+ return result
+
 if __name__ == "__main__":
  prints(' ==== %s%s, Script Version %s ====\n' % (ts, tz, SCRIPT_VERSION))
  prints('!!!! Check https://github.com/datacenter/ACI-Pre-Upgrade-Validation-Script for Latest Release !!!!\n')
@@ -4294,6 +4316,7 @@ def validate_32_64_bit_image_check(index, total_checks, tversion, **kwargs):
  eecdh_cipher_check,
  subnet_scope_check,
  unsupported_fec_configuration_ex_check,
+ cloudsec_encryption_check,
 
  # Bugs
  ep_announce_check,

diff --git a/docs/docs/validations.md b/docs/docs/validations.md
@@ -118,7 +118,7 @@ Items | Faults | This Script
 [EECDH SSL Cipher Disabled][c14] | :white_check_mark: | :no_entry_sign: | :no_entry_sign:
 [BD and EPG Subnet must have matching scopes][c15] | :white_check_mark: | :no_entry_sign: | :no_entry_sign:
 [Unsupported FEC Configuration for N9K-C93180YC-EX][c16] | :white_check_mark: | :no_entry_sign: | :no_entry_sign:
-
+[CloudSec Encryption Check][c17] | :white_check_mark: | :no_entry_sign: | :no_entry_sign:
 
 [c1]: #vpc-paired-leaf-switches
 [c2]: #overlapping-vlan-pool
@@ -136,6 +136,7 @@ Items | Faults | This Script
 [c14]: #eecdh-ssl-cipher
 [c15]: #bd-and-epg-subnet-must-have-matching-scopes
 [c16]: #unsupported-fec-configuration-for-n9k-c93180yc-ex
+[c17]: #cloudsec_encryption_check
 
 
 ### Defect Condition Checks
@@ -1931,6 +1932,13 @@ It is important to remove any unsupported configuration prior to ugprade to avoi
  fecMode : ieee-rs-fec <<<
  ```
 
+### CloudSec Encrpytion Check
+
+Starting in Cisco ACI 6.0(6) the CloudSec Encryption feature is deprecated as mentioned in the [Cisco Application Policy Infrastructure Controller Release Notes, Release 6.0(6)][31]
+
+It is important to review if the feature is in use prior to upgrading to 6.0(6) or later.
+
+
 ## Defect Check Details
 
 ### EP Announce Compatibility
@@ -2213,3 +2221,4 @@ If found, the target version of your upgrade should be a version with a fix for
 [28]: https://www.cisco.com/c/en/us/td/docs/dcn/aci/apic/all/apic-installation-aci-upgrade-downgrade/Cisco-APIC-Installation-ACI-Upgrade-Downgrade-Guide/m-aci-upgrade-downgrade-architecture.html#Cisco_Reference.dita_22480abb-4138-416b-8dd5-ecde23f707b4
 [29]: https://bst.cloudapps.cisco.com/bugsearch/bug/CSCwb86706
 [30]: https://bst.cloudapps.cisco.com/bugsearch/bug/CSCwf44222
+[31]: https://www.cisco.com/c/en/us/td/docs/dcn/aci/apic/6x/release-notes/cisco-apic-release-notes-606.html
diff --git a/tests/cloudsec_encryption_check/cloudsecPreSharedKey_neg.json b/tests/cloudsec_encryption_check/cloudsecPreSharedKey_neg.json
@@ -0,0 +1 @@
+[]
diff --git a/tests/cloudsec_encryption_check/cloudsecPreSharedKey_pos.json b/tests/cloudsec_encryption_check/cloudsecPreSharedKey_pos.json
@@ -0,0 +1,15 @@
+[
+ {
+ "cloudsecPreSharedKey": {
+ "attributes": {
+ "dn": "uni/tn-infra/cloudsecifp-default/psk-1",
+ "monPolDn": "uni/tn-common/monepg-default",
+ "name": "",
+ "nameAlias": "",
+ "ownerKey": "",
+ "ownerTag": "",
+ "status": ""
+ }
+ }
+ }
+]
diff --git a/tests/cloudsec_encryption_check/test_cloudsec_encryption_check.py b/tests/cloudsec_encryption_check/test_cloudsec_encryption_check.py
@@ -0,0 +1,48 @@
+import os
+import pytest
+import logging
+import importlib
+from helpers.utils import read_data
+
+script = importlib.import_module("aci-preupgrade-validation-script")
+
+log = logging.getLogger(__name__)
+dir = os.path.dirname(os.path.abspath(__file__))
+
+
+# icurl queries
+cloudsecPreSharedKey = 'cloudsecPreSharedKey.json'
+
+
+@pytest.mark.parametrize(
+ "icurl_outputs, tversion, expected_result",
+ [
+ (
+ ## TARGET VERSION IS OLDER THAN 6.0(6), CLOUDSEC IS PRESENT, VALIDATION RESULT : N/A
+ {cloudsecPreSharedKey: read_data(dir, "cloudsecPreSharedKey_pos.json")},
+ "5.2(6a)",
+ script.NA,
+ ),
+ (
+ ## TARGET VERSION IS OLDER THAN 6.0(6), NO CLOUDSEC PRESENT, VALIDATION RESULT : N/A
+ {cloudsecPreSharedKey: read_data(dir, "cloudsecPreSharedKey_neg.json")},
+ "5.2(6b)",
+ script.NA,
+ ),
+ (
+ ## TARGET VERSION IS NEWER THAN 6.0(6), NO CLOUDSEC PRESENT, VALIDATION RESULT : PASS
+ {cloudsecPreSharedKey: read_data(dir, "cloudsecPreSharedKey_neg.json")},
+ "6.0(6b)",
+ script.PASS,
+ ),
+ (
+ ## TARGET VERSION IS NEWER THAN 6.0(6), CLOUDSEC PRESENT, VALIDATION RESULT : FAIL_O 
+ {cloudsecPreSharedKey: read_data(dir, "cloudsecPreSharedKey_pos.json")},
+ "6.0(6b)",
+ script.FAIL_O,
+ ),
+ ],
+)
+def test_logic(mock_icurl, tversion, expected_result):
+ result = script.cloudsec_encryption_check(1, 1, script.AciVersion(tversion))
+ assert result == expected_result