AVE check + pytest + doc

Author: monrog2

aci-preupgrade-validation-script.py

@@ -5062,6 +5062,35 @@ def observer_db_size_check(index, total_checks, username, password, **kwargs):
     return result
 
 
+def ave_eol_check(index, total_checks, tversion, **kwargs):
+    title = 'AVE End-of-Life'
+    result = PASS
+    msg = ''
+    headers = ["AVE Domain Name"]
+    data = []
+    recommended_action = 'AVE domain(s) must be migrated to supported domain types prior to 6.0+ upgrade'
+    doc_url = 'https://datacenter.github.io/ACI-Pre-Upgrade-Validation-Script/validations/#ave-end-of-life'
+    print_title(title, index, total_checks)
+
+    ave_api = 'vmmDomP.json'
+    ave_api += '?query-target-filter=eq(vmmDomP.enableAVE,"true")'
+
+    if not tversion:
+        print_result(title, MANUAL, "Target version not supplied. Skipping.")
+        return MANUAL
+
+    if tversion.newer_than("6.0(1a)"):
+        ave = icurl('class', ave_api)
+        for domain in ave:
+            name = domain['vmmDomP']['attributes']['name']
+            data.append([name])
+    if data:
+        result = FAIL_O
+
+    print_result(title, result, msg, headers, data, recommended_action=recommended_action, doc_url=doc_url)
+    return result
+
+
 if __name__ == "__main__":
     prints('    ==== %s%s, Script Version %s  ====\n' % (ts, tz, SCRIPT_VERSION))
     prints('!!!! Check https://github.com/datacenter/ACI-Pre-Upgrade-Validation-Script for Latest Release !!!!\n')
@@ -5149,6 +5178,7 @@ def observer_db_size_check(index, total_checks, username, password, **kwargs):
         https_throttle_rate_check,
         aes_encryption_check,
         service_bd_forceful_routing_check,
+        ave_eol_check,
 
         # Bugs
         ep_announce_check,

docs/docs/validations.md

@@ -128,6 +128,8 @@ Items                                         | Faults         | This Script
 [HTTPS Request Throttle Rate][c20]                    | :white_check_mark: | :no_entry_sign:           | :no_entry_sign:
 [Global AES Encryption][c21]                          | :white_check_mark: | :white_check_mark: 6.1(2) | :no_entry_sign:
 [Service Graph BD Forceful Routing][c22]              | :white_check_mark: | :no_entry_sign:           | :no_entry_sign:
+[AVE End-of-life][c23]                                | :white_check_mark: | :no_entry_sign:           | :no_entry_sign:
+
 
 [c1]: #vpc-paired-leaf-switches
 [c2]: #overlapping-vlan-pool
@@ -151,6 +153,7 @@ Items                                         | Faults         | This Script
 [c20]: #https-request-throttle-rate
 [c21]: #global-aes-encryption
 [c22]: #service-graph-bd-forceful-routing
+[c23]: #ave-end-of-life
 
 ### Defect Condition Checks
 
@@ -1384,7 +1387,7 @@ Failure to do so may lead to outages during switch upgrades due to leaf nodes no
     ```
 
 
-## Equipment Disk Limits Exceeded
+### Equipment Disk Limits Exceeded
 
 This fault occurs when the disk usage of a partiton increases beyond its threshold.
 
@@ -2088,7 +2091,8 @@ When **Global AES Encryption** is not enabled, this script alerts users in two d
 * When it is not enabled and the target version is older than 6.1(2), this check is flagged as `MANUAL CHECK REQUIRED` to encourage users to follow the best practice to enable it (and take a configuration back again before the upgrade).
 
 
-## Service Graph BD Forceful Routing
+
+### Service Graph BD Forceful Routing
 
 Starting from ACI 6.0(2), a bridge domain containing an L4-L7 service graph device (a.k.a service BD) starts to forward packets based on their IP headers even for bridging traffic which used to be forwarded based on their MAC addresses in their ethernet headers and ignored their IP headers. This "forceful routing" is to support IP-based selectors in ESG or microsegement EPG (uSeg EPG) when service graph is configured between those ESGs/uSeg EPGs and they are in the same bridge domain as the service graph device.
 
@@ -2138,6 +2142,12 @@ See below for the workaround and examples of traffic that will stop working afte
     See [SNAT Traffic for Kubernetes with Cisco ACI CNI][52] for details about ACI CNI with SNAT.
 
 
+### AVE End-of-life
+As outlined in the [End-of-Sale and End-of-Life Announcement for Cisco Application Centric Infrastructure Virtual Edge and Virtual Pod][55], the Cisco ACI Virtual Edge (AVE) Domain is end-of-life and end-of-support for ACI releases 6.0 and above.
+
+If planning an upgrade to 6.0+, review the [Cisco ACI Virtual Edge Migration Guide][56] and complete a domain migration prior to performing the upgrade.
+
+
 ## Defect Check Details
 
 ### EP Announce Compatibility
@@ -2536,4 +2546,6 @@ This check logs in to each APIC, checks the contents of the `/data2/dbstats/` di
 [51]: https://www.cisco.com/c/en/us/solutions/collateral/data-center-virtualization/application-centric-infrastructure/white-paper-c11-739971.html
 [52]: https://www.cisco.com/c/en/us/td/docs/switches/datacenter/aci/apic/sw/kb/cisco-aci-plug-in-snat-on-egress.html
 [53]: https://bst.cloudapps.cisco.com/bugsearch/bug/CSCvw45531
-[54]: https://bst.cloudapps.cisco.com/bugsearch/bug/CSCvt47850
+[54]: https://bst.cloudapps.cisco.com/bugsearch/bug/CSCvt47850
+[55]: https://www.cisco.com/c/en/us/products/collateral/cloud-systems-management/application-policy-infrastructure-controller-apic/eol-apic-virtual-edge-pod-pb.html
+[56]: https://www.cisco.com/c/en/us/td/docs/dcn/whitepapers/cisco-aci-virtual-edge-migration.html

tests/ave_eol_check/test_ave_eol_check.py

@@ -0,0 +1,49 @@
+import os
+import pytest
+import logging
+import importlib
+from helpers.utils import read_data
+
+script = importlib.import_module("aci-preupgrade-validation-script")
+
+log = logging.getLogger(__name__)
+dir = os.path.dirname(os.path.abspath(__file__))
+
+
+# icurl queries
+
+ave_api = 'vmmDomP.json'
+ave_api += '?query-target-filter=eq(vmmDomP.enableAVE,"true")'
+
+@pytest.mark.parametrize(
+    "icurl_outputs, tversion, expected_result",
+    [
+        # FABRIC HAS AVE and going to affected tversion
+        (
+            {ave_api: read_data(dir, "vmmDomP_POS.json")},
+            "6.1(3b)",
+            script.FAIL_O,
+        ),
+        # FABRIC HAS AVE and going to NOT-affected tversion
+        (
+            {ave_api: read_data(dir, "vmmDomP_POS.json")},
+            "5.2(7e)",
+            script.PASS,
+        ),
+        # NO AVE
+        (
+            {ave_api: []},
+            "6.1(3b)",
+            script.PASS,
+        ),
+        # NO TVERSION
+        (
+            {ave_api: []},
+            None,
+            script.MANUAL,
+        ),
+    ],
+)
+def test_logic(mock_icurl, tversion, expected_result):
+    result = script.ave_eol_check(1, 1, script.AciVersion(tversion) if tversion else None)
+    assert result == expected_result

tests/ave_eol_check/vmmDomP_POS.json

@@ -0,0 +1,9 @@
+[{
+    "vmmDomP": {
+        "attributes": {
+        "dn": "uni/vmmp-VMware/dom-my-ave",
+        "enableAVE": "yes",
+        "name": "my-ave"
+        }
+    }
+}]