Feat(eos_cli_config_gen): Added the support of TLS for AAA server group RADIUS (#6827)

Co-authored-by: Vibhu-gslab <109593615+Vibhu-gslab@users.noreply.github.com>

Author: MaheshGSLAB

ansible_collections/arista/avd/extensions/molecule/eos_cli_config_gen/documentation/devices/host1.md

@@ -1667,23 +1667,25 @@ ip radius vrf abc source-interface Loopback10
 
 #### AAA Server Groups Summary
 
-| Server Group Name | Type | VRF | IP address |
-| ----------------- | ---- | --- | ---------- |
-| TACACS | tacacs+ | mgt | 10.10.11.157 |
-| TACACS | tacacs+ | default | 10.10.11.249 |
-| TACACS1 | tacacs+ | mgt | 10.10.10.157 |
-| TACACS1 | tacacs+ | default | 10.10.10.249 |
-| TACACS2 | tacacs+ | mgt | 192.168.10.157 |
-| TACACS2 | tacacs+ | default | 10.10.10.248 |
-| LDAP1 | ldap | mgt | 192.168.10.157 |
-| LDAP1 | ldap | default | 10.10.10.248 |
-| LADP2 | ldap | mgt | 10.10.10.157 |
-| LADP2 | ldap | default | 10.10.10.249 |
-| RADIUS1 | radius | mgt | 192.168.10.157 |
-| RADIUS1 | radius | default | 10.10.10.248 |
-| RADIUS2 | radius | mgt | 10.10.10.157 |
-| RADIUS2 | radius | default | 10.10.10.249 |
-| RADIUS3 | radius | - | - |
+| Server Group Name | Type | VRF | IP address | TLS Enabled | TLS Port |
+| ----------------- | ---- | --- | ---------- | ----------- | -------- |
+| TACACS | tacacs+ | mgt | 10.10.11.157 | - | - |
+| TACACS | tacacs+ | default | 10.10.11.249 | - | - |
+| TACACS1 | tacacs+ | mgt | 10.10.10.157 | - | - |
+| TACACS1 | tacacs+ | default | 10.10.10.249 | - | - |
+| TACACS2 | tacacs+ | mgt | 192.168.10.157 | - | - |
+| TACACS2 | tacacs+ | default | 10.10.10.248 | - | - |
+| LDAP1 | ldap | mgt | 192.168.10.157 | - | - |
+| LDAP1 | ldap | default | 10.10.10.248 | - | - |
+| LADP2 | ldap | mgt | 10.10.10.157 | - | - |
+| LADP2 | ldap | default | 10.10.10.249 | - | - |
+| RADIUS1 | radius | mgt | 192.168.10.157 | - | - |
+| RADIUS1 | radius | default | 10.10.10.248 | - | - |
+| RADIUS1 | radius | mgt | 11.11.11.123 | True | 2086 |
+| RADIUS2 | radius | mgt | 10.10.10.157 | - | - |
+| RADIUS2 | radius | default | 10.10.10.249 | - | - |
+| RADIUS2 | radius | default | 12.12.12.145 | True | - |
+| RADIUS3 | radius | - | - | - | - |
 
 #### AAA Server Groups Device Configuration
 
@@ -1700,10 +1702,12 @@ aaa group server ldap LDAP1
 aaa group server radius RADIUS1
    server 192.168.10.157 vrf mgt
    server 10.10.10.248
+   server 11.11.11.123 vrf mgt tls port 2086
 !
 aaa group server radius RADIUS2
    server 10.10.10.157 vrf mgt
    server 10.10.10.249
+   server 12.12.12.145 tls
 !
 aaa group server radius RADIUS3
 !

ansible_collections/arista/avd/extensions/molecule/eos_cli_config_gen/intended/configs/host1.cfg

@@ -1894,10 +1894,12 @@ radius-server host 10.10.11.158 vrf mgt tls ssl-profile SSL_PROFILE
 aaa group server radius RADIUS1
    server 192.168.10.157 vrf mgt
    server 10.10.10.248
+   server 11.11.11.123 vrf mgt tls port 2086
 !
 aaa group server radius RADIUS2
    server 10.10.10.157 vrf mgt
    server 10.10.10.249
+   server 12.12.12.145 tls
 !
 aaa group server radius RADIUS3
 !

ansible_collections/arista/avd/extensions/molecule/eos_cli_config_gen/inventory/host_vars/host1/aaa-server-groups.yml

@@ -37,11 +37,19 @@ aaa_server_groups:
       - server: 192.168.10.157
         vrf: mgt
       - server: 10.10.10.248
+      - server: 11.11.11.123
+        vrf: mgt
+        tls:
+          enabled: true
+          port: 2086
   - name: RADIUS2
     type: radius
     servers:
       - server: 10.10.10.157
         vrf: mgt
       - server: 10.10.10.249
+      - server: 12.12.12.145
+        tls:
+          enabled: true
   - name: RADIUS3
     type: radius

ansible_collections/arista/avd/roles/eos_cli_config_gen/docs/tables/aaa-server-groups.md

@@ -10,17 +10,23 @@
 
 #### AAA Server Groups Summary
 
-| Server Group Name | Type | VRF | IP address |
-| ----------------- | ---- | --- | ---------- |
+| Server Group Name | Type | VRF | IP address | TLS Enabled | TLS Port |
+| ----------------- | ---- | --- | ---------- | ----------- | -------- |
 {%     for aaa_server_group in aaa_server_groups %}
 {%         if aaa_server_group.type is arista.avd.defined %}
 {%             if aaa_server_group.servers is arista.avd.defined %}
 {%                 for server in aaa_server_group.servers %}
 {%                     set vrf = server.vrf | arista.avd.default('default') %}
-| {{ aaa_server_group.name }} | {{ aaa_server_group.type }} | {{ vrf }} | {{ server.server }} |
+{%                     set tls = "-" %}
+{%                     set tls_port = "-" %}
+{%                     if aaa_server_group.type is arista.avd.defined("radius") and server.tls is arista.avd.defined %}
+{%                         set tls = server.tls.enabled %}
+{%                         set tls_port = server.tls.port | arista.avd.default("-") %}
+{%                     endif %}
+| {{ aaa_server_group.name }} | {{ aaa_server_group.type }} | {{ vrf }} | {{ server.server }} | {{ tls }} | {{ tls_port }} |
 {%                 endfor %}
 {%             else %}
-| {{ aaa_server_group.name }} | {{ aaa_server_group.type }} | - | - |
+| {{ aaa_server_group.name }} | {{ aaa_server_group.type }} | - | - | - | - |
 {%             endif %}
 {%         endif %}
 {%     endfor %}

python-avd/pyavd/_eos_cli_config_gen/j2templates/documentation/aaa-server-groups.j2

@@ -12,6 +12,12 @@ aaa group server radius {{ aaa_server_group.name }}
 {%             set server_cli = "server " ~ server.server %}
 {%             if server.vrf is arista.avd.defined %}
 {%                 set server_cli = server_cli ~ " vrf " ~ server.vrf %}
+{%             endif %}
+{%             if server.tls.enabled is arista.avd.defined(true) %}
+{%                 set server_cli = server_cli ~ " tls" %}
+{%                 if server.tls.port is arista.avd.defined %}
+{%                     set server_cli = server_cli ~ " port " ~ server.tls.port %}
+{%                 endif %}
 {%             endif %}
    {{ server_cli }}
 {%         endfor %}

python-avd/pyavd/_eos_cli_config_gen/j2templates/eos/aaa-server-groups-radius.j2

@@ -33,3 +33,18 @@ keys:
                 description: VRF name.
                 convert_types:
                   - int
+              tls:
+                type: dict
+                description: TLS settings for the RADIUS group server. Only applicable when the parent server group type is 'radius'.
+                keys:
+                  enabled:
+                    type: bool
+                    description: Enable TLS to secure communication with the RADIUS group server.
+                    required: true
+                  port:
+                    type: int
+                    min: 1
+                    max: 65535
+                    convert_types:
+                      - str
+                    description: TCP port used for TLS-secured RADIUS communication. Overrides the default RadSec port (EOS default is 2083).