search

CiscoTestAutomation / genieparser

sub-component of Genie that parse the device output into structured datastructure
Apache License 2.0
243 stars 370 forks source link

[IOS-XE] Parser for "show mka policy" does not work #850

Closed ChristopherJHart closed 2 days ago

ChristopherJHart commented 2 weeks ago

Sample CLI output:

MKA Policy Summary...

Codes : CO - Confidentiality Offset, ICVIND - Include ICV-Indicator,
        SAKR OLPL - SAK-Rekey On-Live-Peer-Loss,
        DP - Delay Protect, KS Prio - Key Server Priority

Policy            KS   DP    CO SAKR  ICVIND Cipher          Interfaces        
Name              Prio          OLPL         Suite(s)        Applied           
===============================================================================
*DEFAULT POLICY*  0    FALSE 0  FALSE TRUE   GCM-AES-128     
                                             GCM-AES-256     

MACSEC_POLICY_1   0    FALSE 0  FALSE TRUE   GCM-AES-256     Te0/0/0    Te0/0/1

Traceback:

2024-04-29T13:10:35: %SCRIPT-ERROR: Traceback (most recent call last):
2024-04-29T13:10:35: %SCRIPT-ERROR:   File "/Users/chart2/Documents/Python/genieparser/src/genie/libs/parser/utils/unittests.py", line 580, in test_golden
2024-04-29T13:10:35: %SCRIPT-ERROR:     parsed_output = obj.parse(**arguments)
2024-04-29T13:10:35: %SCRIPT-ERROR:                     ^^^^^^^^^^^^^^^^^^^^^^
2024-04-29T13:10:35: %SCRIPT-ERROR:   File "src/genie/metaparser/_metaparser.py", line 342, in genie.metaparser._metaparser.MetaParser.parse
2024-04-29T13:10:35: %SCRIPT-ERROR:   File "src/genie/metaparser/_metaparser.py", line 322, in genie.metaparser._metaparser.MetaParser.parse
2024-04-29T13:10:35: %SCRIPT-ERROR:   File "src/genie/metaparser/util/schemaengine.py", line 419, in genie.metaparser.util.schemaengine.Schema.validate
2024-04-29T13:10:35: %SCRIPT-ERROR: genie.metaparser.util.exceptions.SchemaMissingKeyError: Missing keys: [['send_secure_announcements']]
SohanTirpude commented 2 weeks ago

Hello @ChristopherJHart,

It looks like a bug. Kindly give me some time to analyse this issue.

Thank you.

Harishv01 commented 2 weeks ago 
expected_output = {
    "policy": {
        "MACSEC_POLICY_1": {
            "key_server_priority": 0,
            "delay_protect": "FALSE",
            "confidentiality_offset": 0,
            "sak_rey_key_on_live_peer_loss": "FALSE",
            "include_icv_indicator": "TRUE",
            "cipher": "GCM-AES-256",
            "interfaces": [
                "Te0/0/0",
                "Te0/0/1"
            ]
        }
    }
}

I have raised a PR for your issue and the output looks like the above. Please check and let me know in case of any queries. If everything is good, I will merge the PR.

ChristopherJHart commented 1 week ago

Hi @Harishv01 - that looks good to me! Should the interface names be expanded?

Harishv01 commented 1 week ago

I have expanded the interface names and the output looks like this. I have raised the PR and will let you know once it is merged.

expected_output = {
    'send_secure_announcements': 'DISABLED',
    'policy': {
        "macsec": {
            'key_server_priority': 0,
            'delay_protect': "FALSE",
            'confidentiality_offset': 30,
            'sak_rey_key_on_live_peer_loss': "FALSE",
            'include_icv_indicator': "TRUE",
            'cipher': "GCM-AES-128",
            'interfaces': ['TenGigabitEthernet1/0/48', 'FortyGigabitEthernet1/1/2', 'GigabitEthernet2/0/12', 'GigabitEthernet2/0/22', 'TenGigabitEthernet3/0/46', 'TenGigabitEthernet3/0/48']
        },
        'macsec1': {
            'cipher': 'GCM-AES-128',
            'confidentiality_offset': 30,
            'delay_protect': 'FALSE',
            'include_icv_indicator': 'TRUE',
            'interfaces': ['TenGigabitEthernet1/0/48', 'FortyGigabitEthernet1/1/2'],
            'key_server_priority': 0,
            'sak_rey_key_on_live_peer_loss': 'FALSE'
        },
        'macsec2': {
            'cipher': 'GCM-AES-128',
            'confidentiality_offset': 30,
            'delay_protect': 'FALSE',
            'include_icv_indicator': 'TRUE',
            'interfaces': ['TenGigabitEthernet1/0/48'],
            'key_server_priority': 0,
            'sak_rey_key_on_live_peer_loss': 'FALSE'
        },
        "DEFAULT POLICY": {
            'key_server_priority': 0,
            'delay_protect': "FALSE",
            'confidentiality_offset': 0,
            'sak_rey_key_on_live_peer_loss': "FALSE",
            'include_icv_indicator': "TRUE",
            'cipher': "GCM-AES-128"
        }
    }
}

Thank you.

Harishv01 commented 2 days ago

The PR has been merged and this fix will be available in the next version of pyats, i.e. 24.5. Hence, I am closing this ticket.

Thank you.