Refactor(eos_cli_config_gen): Replace sequence_numbers with new entries key in standard_access_lists (#6606)

Co-authored-by: pre-commit-ci[bot] <66853113+pre-commit-ci[bot]@users.noreply.github.com>
Co-authored-by: Vibhu-gslab <[email protected]>
Co-authored-by: Shivani-gslab <[email protected]>
Co-authored-by: Carl Baillargeon <[email protected]>

Author: 5 people

ansible_collections/arista/avd/extensions/molecule/eos_cli_config_gen/documentation/devices/host1.md

@@ -11996,70 +11996,75 @@ poe
 
 ##### 99
 
-| Sequence | Action |
-| -------- | ------ |
-| 10 | remark ACL to restrict access RFC1918 addresses |
-| 20 | permit 10.0.0.0/8 |
-| 30 | permit 172.16.0.0/12 |
-| 40 | permit 192.168.0.0/16 |
+| Sequence | Action | Source | Remark | VLAN/Mask | Inner VLAN/Mask | Log | Mirror Session |
+| -------- | ------ | ------ | ------ | ---- | ---------- | --- | -------------- |
+| - | - | - | ACL to restrict access RFC1918 addresses | - | - | - | - |
+| - | permit | 10.0.0.0/8 | - | 20 | 10 | - | mirror1 |
+| 30 | permit | 172.16.0.0/12 | - | - | - | True | - |
+| 40 | permit | 192.168.0.0/16 | - | - | - | True | mirror2 |
+| 50 | permit | any | - | - | - | - | - |
+| 60 | permit | - | - | - | - | - | - |
 
 ##### ACL-API
 
-| Sequence | Action |
-| -------- | ------ |
-| 10 | remark ACL to restrict access to switch API to CVP and Ansible |
-| 20 | permit host 10.10.10.10 |
-| 30 | permit host 10.10.10.11 |
-| 40 | permit host 10.10.10.12 |
+| Sequence | Action | Source | Remark | VLAN/Mask | Inner VLAN/Mask | Log | Mirror Session |
+| -------- | ------ | ------ | ------ | ---- | ---------- | --- | -------------- |
+| 10 | - | - | ACL to restrict access to switch API to CVP and Ansible | - | - | - | - |
+| 20 | permit | 10.10.10.10 | - | 10 0x001 | - | - | mirror1 |
+| 30 | permit | 10.10.10.11 | - | - | 10 0x001 | True | - |
+| 40 | permit | 10.10.10.12 | - | 10 0x001 | 10 0x001 | True | mirror1 |
+| 50 | permit | any | - | 10 0x001 | 10 0x001 | - | - |
 
 ##### ACL-SSH
 
 ACL has counting mode `counters per-entry` enabled!
 
-| Sequence | Action |
-| -------- | ------ |
-| 10 | remark ACL to restrict access RFC1918 addresses |
-| 20 | permit 10.0.0.0/8 |
-| 30 | permit 172.16.0.0/12 |
-| 40 | permit 192.168.0.0/16 |
+| Sequence | Action | Source | Remark | VLAN/Mask | Inner VLAN/Mask | Log | Mirror Session |
+| -------- | ------ | ------ | ------ | ---- | ---------- | --- | -------------- |
+| 10 | - | - | ACL to restrict access RFC1918 addresses | - | - | - | - |
+| 20 | permit | 10.0.0.0/8 | - | 10 0x000 | 20 0x001 | True | mirror1 |
+| 30 | permit | 172.16.0.0/12 | - | - | 20 0x001 | True | mirror1 |
+| 40 | permit | 192.168.0.0/16 | - | - | - | - | - |
 
 ##### ACL-SSH-VRF
 
-| Sequence | Action |
-| -------- | ------ |
-| 10 | remark ACL to restrict access RFC1918 addresses |
-| 20 | permit 10.0.0.0/8 |
-| 30 | permit 172.16.0.0/12 |
-| 40 | permit 192.168.0.0/16 |
+| Sequence | Action | Source | Remark | VLAN/Mask | Inner VLAN/Mask | Log | Mirror Session |
+| -------- | ------ | ------ | ------ | ---- | ---------- | --- | -------------- |
+| 10 | - | - | ACL to restrict access RFC1918 addresses | - | - | - | - |
+| 20 | permit | 10.0.0.0/8 | - | 10 0x000 | 20 0x001 | - | - |
+| 30 | permit | 172.16.0.0/12 | - | 10 0x000 | - | - | - |
+| 40 | permit | 192.168.0.0/16 | - | - | 20 0x001 | - | - |
 
 #### Standard Access-lists Device Configuration
 
 ```eos
 !
 ip access-list standard 99
-   10 remark ACL to restrict access RFC1918 addresses
-   20 permit 10.0.0.0/8
-   30 permit 172.16.0.0/12
-   40 permit 192.168.0.0/16
+   remark ACL to restrict access RFC1918 addresses
+   permit 10.0.0.0/8 mirror session mirror1
+   30 permit 172.16.0.0/12 log
+   40 permit 192.168.0.0/16 mirror session mirror2 log
+   50 permit any
 !
 ip access-list standard ACL-API
    10 remark ACL to restrict access to switch API to CVP and Ansible
-   20 permit host 10.10.10.10
-   30 permit host 10.10.10.11
-   40 permit host 10.10.10.12
+   20 permit vlan 10 0x001 host 10.10.10.10 mirror session mirror1
+   30 permit vlan inner 10 0x001 host 10.10.10.11 log
+   40 permit vlan 10 0x001 inner 10 0x001 host 10.10.10.12 mirror session mirror1 log
+   50 permit vlan 10 0x001 inner 10 0x001 any
 !
 ip access-list standard ACL-SSH
    counters per-entry
    10 remark ACL to restrict access RFC1918 addresses
-   20 permit 10.0.0.0/8
-   30 permit 172.16.0.0/12
+   20 permit vlan 10 0x000 inner 20 0x001 10.0.0.0/8 mirror session mirror1 log
+   30 permit vlan inner 20 0x001 172.16.0.0/12 mirror session mirror1 log
    40 permit 192.168.0.0/16
 !
 ip access-list standard ACL-SSH-VRF
    10 remark ACL to restrict access RFC1918 addresses
-   20 permit 10.0.0.0/8
-   30 permit 172.16.0.0/12
-   40 permit 192.168.0.0/16
+   20 permit vlan 10 0x000 inner 20 0x001 10.0.0.0/8
+   30 permit vlan 10 0x000 172.16.0.0/12
+   40 permit vlan inner 20 0x001 192.168.0.0/16
 ```
 
 ### IP Access-lists

ansible_collections/arista/avd/extensions/molecule/eos_cli_config_gen/intended/configs/host1.cfg

@@ -5062,29 +5062,31 @@ class-map type pbr match-any aaa
    match ip access-group ACL_PBR_INCLUDE
 !
 ip access-list standard 99
-   10 remark ACL to restrict access RFC1918 addresses
-   20 permit 10.0.0.0/8
-   30 permit 172.16.0.0/12
-   40 permit 192.168.0.0/16
+   remark ACL to restrict access RFC1918 addresses
+   permit 10.0.0.0/8 mirror session mirror1
+   30 permit 172.16.0.0/12 log
+   40 permit 192.168.0.0/16 mirror session mirror2 log
+   50 permit any
 !
 ip access-list standard ACL-API
    10 remark ACL to restrict access to switch API to CVP and Ansible
-   20 permit host 10.10.10.10
-   30 permit host 10.10.10.11
-   40 permit host 10.10.10.12
+   20 permit vlan 10 0x001 host 10.10.10.10 mirror session mirror1
+   30 permit vlan inner 10 0x001 host 10.10.10.11 log
+   40 permit vlan 10 0x001 inner 10 0x001 host 10.10.10.12 mirror session mirror1 log
+   50 permit vlan 10 0x001 inner 10 0x001 any
 !
 ip access-list standard ACL-SSH
    counters per-entry
    10 remark ACL to restrict access RFC1918 addresses
-   20 permit 10.0.0.0/8
-   30 permit 172.16.0.0/12
+   20 permit vlan 10 0x000 inner 20 0x001 10.0.0.0/8 mirror session mirror1 log
+   30 permit vlan inner 20 0x001 172.16.0.0/12 mirror session mirror1 log
    40 permit 192.168.0.0/16
 !
 ip access-list standard ACL-SSH-VRF
    10 remark ACL to restrict access RFC1918 addresses
-   20 permit 10.0.0.0/8
-   30 permit 172.16.0.0/12
-   40 permit 192.168.0.0/16
+   20 permit vlan 10 0x000 inner 20 0x001 10.0.0.0/8
+   30 permit vlan 10 0x000 172.16.0.0/12
+   40 permit vlan inner 20 0x001 192.168.0.0/16
 !
 ip routing ipv6 interfaces
 ip hardware fib optimize prefixes profile urpf-internet

ansible_collections/arista/avd/extensions/molecule/eos_cli_config_gen/inventory/host_vars/host1/standard-acl.yml

@@ -2,45 +2,104 @@
 ### Standard Access-Lists ###
 standard_access_lists:
   - name: ACL-API
-    sequence_numbers:
+    entries:
       - sequence: 10
-        action: "remark ACL to restrict access to switch API to CVP and Ansible"
+        remark: "ACL to restrict access to switch API to CVP and Ansible"
       - sequence: 20
-        action: "permit host 10.10.10.10"
+        action: permit
+        source: 10.10.10.10
+        mirror_session: mirror1
+        vlan: 10
+        vlan_mask: "0x001"
       - sequence: 30
-        action: "permit host 10.10.10.11"
+        action: permit
+        source: 10.10.10.11
+        inner_vlan: 10
+        inner_vlan_mask: "0x001"
+        log: true
       - sequence: 40
-        action: "permit host 10.10.10.12"
+        action: permit
+        source: 10.10.10.12
+        mirror_session: mirror1
+        log: true
+        vlan: 10
+        vlan_mask: "0x001"
+        inner_vlan: 10
+        inner_vlan_mask: "0x001"
+      - sequence: 50
+        action: permit
+        source: any
+        vlan: 10
+        vlan_mask: "0x001"
+        inner_vlan: 10
+        inner_vlan_mask: "0x001"
   - name: ACL-SSH
     counters_per_entry: true
-    sequence_numbers:
+    entries:
       - sequence: 10
-        action: "remark ACL to restrict access RFC1918 addresses"
+        remark: "ACL to restrict access RFC1918 addresses"
       - sequence: 20
-        action: "permit 10.0.0.0/8"
+        action: permit
+        source: 10.0.0.0/8
+        vlan: 10
+        vlan_mask: "0x000"
+        inner_vlan: 20
+        inner_vlan_mask: "0x001"
+        log: true
+        mirror_session: mirror1
       - sequence: 30
-        action: "permit 172.16.0.0/12"
+        action: permit
+        source: 172.16.0.0/12
+        inner_vlan: 20
+        inner_vlan_mask: "0x001"
+        log: true
+        mirror_session: mirror1
       - sequence: 40
-        action: "permit 192.168.0.0/16"
+        action: permit
+        source: 192.168.0.0/16
   - name: ACL-SSH-VRF
     counters_per_entry: false
-    sequence_numbers:
+    entries:
       - sequence: 10
-        action: "remark ACL to restrict access RFC1918 addresses"
+        remark: "ACL to restrict access RFC1918 addresses"
       - sequence: 20
-        action: "permit 10.0.0.0/8"
+        action: permit
+        source: 10.0.0.0/8
+        vlan: 10
+        vlan_mask: "0x000"
+        inner_vlan: 20
+        inner_vlan_mask: "0x001"
       - sequence: 30
-        action: "permit 172.16.0.0/12"
+        action: permit
+        source: 172.16.0.0/12
+        vlan: 10
+        vlan_mask: "0x000"
       - sequence: 40
-        action: "permit 192.168.0.0/16"
+        action: permit
+        source: 192.168.0.0/16
+        inner_vlan: 20
+        inner_vlan_mask: "0x001"
   - name: 99  # numeric ACL name
     counters_per_entry: false
-    sequence_numbers:
-      - sequence: 10
-        action: "remark ACL to restrict access RFC1918 addresses"
-      - sequence: 20
-        action: "permit 10.0.0.0/8"
+    entries:
+      - remark: "ACL to restrict access RFC1918 addresses"
+      - action: permit
+        source: 10.0.0.0/8
+        vlan: 20
+        inner_vlan: 10
+        mirror_session: mirror1
       - sequence: 30
-        action: "permit 172.16.0.0/12"
+        action: permit
+        source: 172.16.0.0/12
+        log: true
       - sequence: 40
-        action: "permit 192.168.0.0/16"
+        action: permit
+        source: 192.168.0.0/16
+        mirror_session: mirror2
+        log: true
+      - sequence: 50
+        action: permit
+        source: any
+        # Below configuration is not rendered as there is not source.
+      - sequence: 60
+        action: permit

ansible_collections/arista/avd/extensions/molecule/eos_cli_config_gen_deprecated_vars/documentation/devices/host1.md

@@ -15,6 +15,7 @@
   - [Tunnel Interfaces](#tunnel-interfaces)
   - [VLAN Interfaces](#vlan-interfaces)
 - [ACL](#acl)
+  - [Standard Access-lists](#standard-access-lists)
   - [Extended Access-lists](#extended-access-lists)
 
 ## Management
@@ -280,6 +281,26 @@ interface VLAN20
 
 ## ACL
 
+### Standard Access-lists
+
+#### Standard Access-lists Summary
+
+##### ACL-API
+
+| Sequence | Action | Source | Remark | VLAN/Mask | Inner VLAN/Mask | Log | Mirror Session |
+| -------- | ------ | ------ | ------ | ---- | ---------- | --- | -------------- |
+| 10 | remark ACL to restrict access to switch API to CVP and Ansible | - | - | - | - | - | - |
+| 20 | permit host 10.10.10.10 | - | - | - | - | - | - |
+
+#### Standard Access-lists Device Configuration
+
+```eos
+!
+ip access-list standard ACL-API
+   10 remark ACL to restrict access to switch API to CVP and Ansible
+   20 permit host 10.10.10.10
+```
+
 ### Extended Access-lists
 
 #### Extended Access-lists Summary

ansible_collections/arista/avd/extensions/molecule/eos_cli_config_gen_deprecated_vars/intended/configs/host1.cfg

@@ -77,6 +77,10 @@ ip access-list acl_qos_tc0_v4
 ip access-list acl_qos_tc5_v4
    10 permit ip any any dscp ef
 !
+ip access-list standard ACL-API
+   10 remark ACL to restrict access to switch API to CVP and Ansible
+   20 permit host 10.10.10.10
+!
 ip radius vrf default source-interface Loopback1
 !
 ip radius source-interface Loopback10

ansible_collections/arista/avd/extensions/molecule/eos_cli_config_gen_deprecated_vars/inventory/host_vars/host1/standard-acls.yml

@@ -0,0 +1,9 @@
+---
+### Standard Access-Lists ###
+standard_access_lists:
+  - name: ACL-API
+    sequence_numbers:
+      - sequence: 10
+        action: "remark ACL to restrict access to switch API to CVP and Ansible"
+      - sequence: 20
+        action: "permit host 10.10.10.10"