Feature: Add REST API to render intended config Jinja templates

gsnider2195 commented 1 month ago

This is part of the jinja template editor epic. This PR introduces the /api/plugins/golden-config/generate-intended-config/ REST API endpoint. This endpoint allows template developers to test jinja template rendering of intended configs using an arbitrary git repository on a single device.

This PR also contains some housekeeping changes:

Readability changes to the doc for configuration postprocessing
Add a custom manager for the GoldenConfigSetting model to add a get_for_device convenience method
Add a GoldenConfigSetting.get_jinja_template_path_for_device instance method for conveniently retrieving this filesystem path
Fix incorrect base class for ConfigPlanTest
Update some of the test cases to use the faster setUpTestData instead of setUp
Fix invalid html in tables.py causing test failures in Nautobot v2.3.8

Not implemented

Config post-processing
- Since this isn't being performed by the job yet I wasn't sure if this feature was planned to be implemented. Also it doesn't seem necessary to render secrets when doing jinja template development
Implement a UI
- This is coming in a follow-up story
Make the gitrepo optional
- This feature as implemented is intended for use by jinja template developers. We could make this a generic feature that would be useful for a network engineer for generating an intended config for any arbitrary device if we made the gitrepo parameter optional and fall back to the GoldenConfigSetting.jinja_repository. I think we should consider how this overlaps with the existing REST API for config post-processing (/api/plugins/golden-config/sotagg/<uuid:pk>/) before making this decision

Docs

{9F03993E-46D3-4172-910D-6F567A803E3D}

Sample Data

Git repo used for testing this feature is here

Jinja template used for testing

!
username test password test
no logging console
logging format timestamp high-resolution
logging facility local6
!
hostname {{ hostname }}
ip name-server 1.2.3.4
ip name-server 5.6.7.8
ip domain-name test.example.com
!
ntp source Management1
ntp server 1.2.3.4 prefer
ntp server 5.6.7.8
!
snmp-server contact "Enterprise Network Operations"
snmp-server location {{ location.name }}
snmp-server source-interface Management1
snmp-server community snmptest ro RO-SNMP-ACL
snmp-server host 1.1.1.1 traps version 2c snmptest
snmp-server enable traps entity
snmp-server enable traps lldp
snmp-server enable traps snmp
!
tacacs-server key tacacstest
tacacs-server host 2.2.2.2
ip tacacs source-interface Management1
!
aaa authentication login default group tacacs+ local
aaa authentication enable default group tacacs+ local
aaa authorization console
aaa authorization exec default group tacacs+ none
aaa authorization commands 1,15 default group tacacs+ none
aaa accounting exec default start-stop group tacacs+
aaa accounting commands 15 default start-stop group tacacs+
!
no aaa root
!
banner login
This system is privately owned and operated. Access
to this system is restricted to authorized users
only. Criminal and civil laws prohibit unauthorized
use. Violators will be prosecuted. You must disconnect
immediately if you are not an authorized user.
EOF
!
management api http-commands
  no shutdown
!

Request

curl -X 'GET' \
  'http://localhost:8080/api/plugins/golden-config/generate-intended-config/?device_id=231b8765-054d-4abe-bdbf-cd60e049cd8d&git_repository_id=82c051e0-d0a9-4008-948a-936a409c654a' \
  -H 'accept: application/json'

Response

{
  "intended_config": "!\nusername test password test\nno logging console\nlogging format timestamp high-resolution\nlogging facility local6\n!\nhostname Access Point-10\nip name-server 1.2.3.4\nip name-server 5.6.7.8\nip domain-name test.example.com\n!\nntp source Management1\nntp server 1.2.3.4 prefer\nntp server 5.6.7.8\n!\nsnmp-server contact \"Enterprise Network Operations\"\nsnmp-server location Aisle-41\nsnmp-server source-interface Management1\nsnmp-server community snmptest ro RO-SNMP-ACL\nsnmp-server host 1.1.1.1 traps version 2c snmptest\nsnmp-server enable traps entity\nsnmp-server enable traps lldp\nsnmp-server enable traps snmp\n!\ntacacs-server key tacacstest\ntacacs-server host 2.2.2.2\nip tacacs source-interface Management1\n!\naaa authentication login default group tacacs+ local\naaa authentication enable default group tacacs+ local\naaa authorization console\naaa authorization exec default group tacacs+ none\naaa authorization commands 1,15 default group tacacs+ none\naaa accounting exec default start-stop group tacacs+\naaa accounting commands 15 default start-stop group tacacs+\n!\nno aaa root\n!\nbanner login\nThis system is privately owned and operated. Access\nto this system is restricted to authorized users\nonly. Criminal and civil laws prohibit unauthorized\nuse. Violators will be prosecuted. You must disconnect\nimmediately if you are not an authorized user.\nEOF\n!\nmanagement api http-commands\n  no shutdown\n!",
  "intended_config_lines": [
    "!",
    "username test password test",
    "no logging console",
    "logging format timestamp high-resolution",
    "logging facility local6",
    "!",
    "hostname Access Point-10",
    "ip name-server 1.2.3.4",
    "ip name-server 5.6.7.8",
    "ip domain-name test.example.com",
    "!",
    "ntp source Management1",
    "ntp server 1.2.3.4 prefer",
    "ntp server 5.6.7.8",
    "!",
    "snmp-server contact \"Enterprise Network Operations\"",
    "snmp-server location Aisle-41",
    "snmp-server source-interface Management1",
    "snmp-server community snmptest ro RO-SNMP-ACL",
    "snmp-server host 1.1.1.1 traps version 2c snmptest",
    "snmp-server enable traps entity",
    "snmp-server enable traps lldp",
    "snmp-server enable traps snmp",
    "!",
    "tacacs-server key tacacstest",
    "tacacs-server host 2.2.2.2",
    "ip tacacs source-interface Management1",
    "!",
    "aaa authentication login default group tacacs+ local",
    "aaa authentication enable default group tacacs+ local",
    "aaa authorization console",
    "aaa authorization exec default group tacacs+ none",
    "aaa authorization commands 1,15 default group tacacs+ none",
    "aaa accounting exec default start-stop group tacacs+",
    "aaa accounting commands 15 default start-stop group tacacs+",
    "!",
    "no aaa root",
    "!",
    "banner login",
    "This system is privately owned and operated. Access",
    "to this system is restricted to authorized users",
    "only. Criminal and civil laws prohibit unauthorized",
    "use. Violators will be prosecuted. You must disconnect",
    "immediately if you are not an authorized user.",
    "EOF",
    "!",
    "management api http-commands",
    "  no shutdown",
    "!"
  ]
}

itdependsnetworks commented 4 weeks ago

@jeffkala let's sync on this one. The PR looks good, I just want to make sure that there is thought around where the core rendering logic goes, as an example could/should we make it the same piece of code that is ran in the job

gsnider2195 commented 3 weeks ago

As discussed, we'll update this to spin up a Nornir task to leverage nornir_nautobot.plugins.tasks.dispatcher.default.DispatcherMixin.generate_config instead of going straight to nautobot's render_jinja2

We'll need to set the output_file_location to /dev/null to prevent generate_config from generating a file every time we call it

nautobot / nautobot-app-golden-config