-
Notifications
You must be signed in to change notification settings - Fork 39
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
dcnm_vrf: Fix issues #351, #356, #357 #354
Merged
Merged
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
The fix entails a modification to wait_for_vrf_del_ready() In both the legitimate case (user trying to delete a VRF after having removed all network attachments) `lanAttachState` very briefly transitions to DEPLOY before transitioning to its final state of NA. However, in this case, `isLanAttached` (in the same data structure) is False. Whereas in the illegitimate case (user hasn't removed network attachments) `isLanAttached` is True. Hence, we can leverage `isLanAttached` to differentiate between legitimate and illegitimate cases. Adding another conditional that checks if `lanAttachState` == DEPLOY AND `isLanAttached` == True. If this is the case, then the user is trying to delete a VRF that still contains network attachments and we now fail immediately with an appropriate error message. Other changes: 1. Add standard python logging 2. Use `ControllerVersion()` to retrieve the NDFC version and remove import for `dcnm_version_supported` 3. Use `FabricDetails()` to retrieve fabric type. 4. Modify `update_attach_params()` to improve readability by first populating the neighbor dictionary before appending it. This way, we avoid a lot of unsightly accesses to element 0 of the list. For example: ```python if a_l["peer_vrf"]: vrflite_con["VRF_LITE_CONN"][0]["PEER_VRF_NAME"] = a_l["peer_vrf"] else: vrflite_con["VRF_LITE_CONN"][0]["PEER_VRF_NAME"] = "" ``` Becomes: ```python if a_l["peer_vrf"]: nbr_dict["PEER_VRF_NAME"] = a_l["peer_vrf"] else: nbr_dict["PEER_VRF_NAME"] = "" ``` 5. diff_for_attach_deploy() - Reduce indentation by reversing logic of conditional. The following: ```python if wlite["IF_NAME"] == hlite["IF_NAME"]: # Lots of indented code ... ``` Becomes: ```python if wlite["IF_NAME"] != hlite["IF_NAME"]: continue # unindent the above code ``` 6. get_have() - Reduce indentation levels by reversing logic (similar to #5 above) 7. Add method want_and_have_vrf_template_configs_differ(), see next item. 8. diff_for_create() - Leverage want_and_have_vrf_template_configs_differ() to simplify. 9. Add method to_bool(), see next item 10. diff_for_attach_deploy() - Simplify/shorten by leveraging to_bool() 11. In multiple places, ensure that a key exists before accessing it or deleting it. 12. Run though black 13. Several minor formatting changes for improved readability.
The initial implementation would return True for e.g. "false" since bool(non-null-string) is always True. 1. Modify to explicitly compare against known boolean-like strings i.e. "false", "False", "true", and "True". 2. Add the caller to the error message for better debugging ability in the future.
* Fix for issue 347 Manually tested this to verify. Still need to update integration and unit tests. * dcnm_image_policy: Update integration test Update integration test for overridden state. 1. playbooks/roles/dcnm_image_policy/dcnm_tests.yaml - Add vars - install_package_1 - uninstall_package_1 2. test/integration/targets/dcnm_image_policy/tests/dcnm_image_policy_overridden.yaml - Add packages.install and packages.uninstall configuration - Verify that merged state adds these packages to the controller config - Verify that overridden state removes packages.install and packages.uninstall - Verify that overridden state metadata.action is "replace" instead of "update"
Two bits of vulnerable code found when porting to ndfc-python. 1. plugins/modules/dcnm_fabric.py Accessing dictionary key directly can lead to a KeyError exception. 2. plugins/module_utils/fabric/replaced.py If user omits the DEPLOY parameter from their playbook (ndfc-python) the DEPLOY key would be None, and not get popped from the payload. This would cause NDFC to complain about an invalid key in the payload. We need to unconditionally pop DEPLOY here, if it's present. Hence, we've removed the value check (if DEPLOY is not None).
1. Removed all instances where values were cast to bool. These potentially could result in bad results e.g. bool("false") returns True. 2. Renamed and fixed want_and_have_vrf_template_configs_differ(). Renamed to dict_values_differ() Fix was to add a skip_keys parameter so that we can skip vrfVlanId in one of the elif()s 3. Added some debugging statements.
1. find_dict_in_list_by_key_value() new method to generalize and consolidate duplicate code. 2. Remove a few cases of single-use vars. 3. Run though black
I opened an issue to track what this comment describes, so can remove the comment from the module. #352
1. Replace several bits that can be replaced with a call to get_vrf_lite_objects(). 2. Fix a few pylint f-string complaints. There are many more of these, which we'll address in the next commit. One of these required a change to an associated unit test.
1. Appease pylint f-string complaints 2. optimize a couple conditionals 3. Change an "== True" to the preferred "is True" 4. Add a few TODO comments
Unit tests pass locally if Ithe tests in the following file are disabled: ~/test/unit/module_utils/common/test_log_v2.py. Temporarily disabling these to see if the same is seen when running the unit tests on Github. If the same is seen, will debug why this is happening.
Fix bare-except and dangerous-default-value errors.
test_dcnm_vrf.py: Removed two (out of four) contiguous blank lines.
python 3.9 doesn't like: def find_dict_in_list_by_key_value( ... ) -> dict | None: Removed the type hint: def find_dict_in_list_by_key_value( ... ):
mikewiebe
reviewed
Dec 5, 2024
mikewiebe
reviewed
Dec 5, 2024
If we fail_json(), or even if we sys.exit() in main() logging setup, the unit tests fail. The failure is a KeyError in logging.config.dictConfig when disabling logging in log_v2.py: def disable_logging(self): logger = logging.getLogger() for handler in logger.handlers.copy(): try: logger.removeHandler(handler) except ValueError: # if handler already removed pass logger.addHandler(logging.NullHandler()) logger.propagate = False Above, the KeyError happens here logger.removeHandler(handler) The value of handler when this happens is "standard" I'm not sure why this happens ONLY when the log_v2.py unit tests are run prior to the dcnm_vrf.py unit tests (running these tests separately works). For now, a "fix" is to pass in the except portion of the try/except block in dcnm_vrf.py main(). def main(): try: log = Log() log.commit() except (TypeError, ValueError) as error: pass Will investigate further, but the above works, and logging is enabled with no issue in normal use. Am renaming __DISABLE_test_log_v2.py back to test_log_v2.py
Remove unused import (sys, added to test fixes for the unit test failures). Remove extra lines.
allenrobel
added
ready for review
PR is ready to be reviewed
and removed
Work in Progress
Code not ready for review.
labels
Dec 5, 2024
Modify another OR-conditional to use the preferred: if X "in" (X, Y, Z):
Use generic names for the two dicts.
mikewiebe
reviewed
Dec 6, 2024
mikewiebe
reviewed
Dec 6, 2024
mikewiebe
reviewed
Dec 10, 2024
1. Include all vars used in the dcnm_vrf integration tests. 2. Update the path to dynamic_inventory.py
Address mwiebe comments by including more detailed usage and examples. Add fabric_2, fabric_3 in case any tests require more than one fabric.
1. The current interface var names did not incorporate a way to encode switch ownership. Modified the var naming to allow for specifying multiple interfaces per switch in such a way that the switch ownership of an interface is evident. This is documented in: playbooks/files/dynamic_inventory.py 2. Modified all dcnm_vrf test cases to align with this convention. - Updated test case header comments with the new usage - Updated all test case interface vars - Ran the following tests - deleted.yaml - overridden.yaml - replaced.yaml - query.yaml - sanity.yaml 3. dynamic_interface.py In addition to the changes above: - Fixed the documentation for environment variable ND_ROLE (previously it was misnamed NDFC_ROLE in the documentation, but was correct -- ND_ROLE -- in the actual usage). - Fix Markdown heading levels
1. Use standardized task titles 2. Print results prior to each assert
1. dcnm_vrf: use switch_1, switch_2, switch_3 directly 2. Add scale role to the 'if nd_role' conditional
1. Fix case where previous commit in this PR broke undeploy. 2. Fix for issue #356 2. Update unit tests to align with changes in this commit 3. Some simplifications, including - Add a method send_to_controller() to aggregate POST, PUT, DELETE verb handling. This method calls dcnm_send() and then calls the response handler, etc. This removes duplicated code throughout the module. - Refactor vrf_lite handlng out of update_attach_params() and into new method update_attach_params_extension_values() - Never noticed this, but it appears we don't have to use inspect() with the new logging system, except in cases where fail_json() is called. Removed inspect() from all methods that do not call fail_json() - New method is_border_switch() to remove this code from push_diff_attach() and for future consolidation into a shared library. - Move dcnm_vrf_paths dictionary out of the class. These endpoints will later be moved to common/api/ep/. - in __init__(), add self.sn_ip, built from self.ip_sn. There were several case where the module wanted a serial_number given an ip_address. Added two methods that leverage self.sn_ip and self.ip_sn: - self.serial_number_to_ip() - self.ip_to_serial_number() Replaced all instances where duplicated code was performing these functions.
allenrobel
added
Work in Progress
Code not ready for review.
and removed
ready for review
PR is ready to be reviewed
labels
Dec 16, 2024
1. Potential fix for issue #357 If any interface in the playbook task's vrf_lite configuration does not match an interface on the switch that had extensionValues, call fail_json(). - Refactor vrf_lite processing out of push_diff_attach() and into: - update_vrf_attach_vrf_lite_extensions() - In update_vrf_attach_vrf_lite_extensions() verify that all interfaces in the playbook's vrf_lite section match an interface on the switch that has extensionValues. If this check fails, call fail_json() 2. Rename get_extension_values_from_lite_object() to get_extension_values_from_lite_objects() and be explicit that the method takes a list of objects and returns a list of objects, or an empty list. 3. Add some debug statements 4. Rename vrf to vrf_name in push_to_remote()
allenrobel
changed the title
dcnm_vrf fix issue 351
dcnm_vrf fix issues #351, #356, #357
Dec 16, 2024
1. Update task titles to group tests. 2. Print results before each assert stanza. 3. Increase pause after VRF deletion from 40 to 60 seconds.
Update the comment for test 3b to indicate that the workaround is needed only when Overlay Mode is set to "config-profile" (which is the default for new fabrics). The issue does not happen when Overlay Mode is set to "cli".
1. Uncommenting a call to dcnm_get_ip_addr_info() after realizing it also converts serial numbers to ip addresses. 2. Added a method to break up long lists into a list of lists comprizing smaller lists. This is called in release_resources_by_id() to limit the size of the list of IDs we send to the controller to 512. The actual size NDFC can process is somewhere between 512 and 630, but don't know exactly what the limit is, so leaving at 512. I checked later and, since we are processing the release of IDs per-vrf, we are not sending anywhere near a 512 item list, but get_list_of_lists() will be a noop if the length is under (in this case) 512, so no harm adding this. And, depending on the number of switches in a fabric, this could actually be larger than 512 in some environments.
Due to refactoring, conf_changed was set in diff_merge_create() and then cleared before being accessed in diff_merge_attach(). These two methods used to be part of a larger method before the refactoring, so the value of conf_changed was accessible by diff_merged_attach(). This commit does the following to rectify this. 1.Change the scope of conf_changed to class scope by renaming to self.conf_changed and initializing self.conf_changed in __init__(). 2. In diff_merge_attach(), remove the line where conf_changed was initialized. 3. Rename an unrelated var (named conf_changed, but is a boolean) to configuration_changed to avoid any future confusion. 4. In diff_merge_attach() (re)initialize self.conf_changed to {}. All Integration tests have been run with these changes and pass.
Some test cases were previously (incorrectly) passing, but starting failing after the commit for issue #357 This commit updates these test cases to (correctly pass and adds corresponding test cases which (correctly) fail. 1. Updated test cases that previously passed incorrectly to now pass correctly. These test cases previously passed despite using an interface that did not contain extensionValues. Modified these test cases to use an interface WITH extensionValues. 2. Added test cases, corresponding to the above test cases, which fail due to using an interface without extensionValues. These test cases are modified to expect fail_json() to be called. 3. Modified ALL testcases to call self.test_data.get() to retrieve their playbook. Previously, global vars were used for their playbook. This has a couple advantages. a. when a testcase (or set of testcases) are run, only the playbook fixtures needed to be retrieved are retrieved. Previously, ALL playbook fixtures where retrieved even if only one test case was run. b. The dict() definition is now simpler and more consistent between testcases, since the config key in the dict() will always be playbook i.e. dict(config=playbook), where previously the config key contained different vars for every testcase. 4. Fixed a reference to a non-existent fixture in delete_std_lite. This test case was trying to access self.mock_vrf_attach_get_ext_object_dcnm_att4_only, which does not exist. Modified it to use self.mock_vrf_attach_get_ext_object_dcnm_att2_only. 5. Ran black, isort linters.
1. The first return statement was inconsistent with the second return statement. Fixed by adding the boolean configuration_changed to the first return statement. 2. All the other changes are due to running the black and isort linters.
In push_diff_attach(), only the last update to lan_attach_list was being appended to diff_attach_list because the update to dif_attach_list was happening outside the 'for diff_attach` loop. The fix was to indent the append for new_diff_attach_list to be under the 'for diff_attach' loop.
allenrobel
added
ready for review
PR is ready to be reviewed
and removed
Work in Progress
Code not ready for review.
labels
Jan 6, 2025
allenrobel
changed the title
dcnm_vrf fix issues #351, #356, #357
dcnm_vrf: fix issues #351, #356, #357
Jan 8, 2025
allenrobel
changed the title
dcnm_vrf: fix issues #351, #356, #357
dcnm_vrf: Fix issues #351, #356, #357
Jan 8, 2025
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Summary
This PR includes:
Status
All items are complete.
Fix for issue #351
This involves a change to
wait_for_vrf_del_ready()
where we call fail_json() if bothlanAttachedState
== "DEPLOYED" andisLanAttached
is True.fix for issue #356
Added two methods:
release_orphaned_resources()
release_resources_by_id()
release_orphaned_resources()
creates a list of resource IDs which are "orphaned". In this context, "orphaned" means that the resource'sallocatedFlag
is False and theresourcePool.vrfName
field is null. It then checks that the resource'sentityName
matches the current VRF name, and that theressourcePool.fabricName
matches the current fabric name. If all of this is True, then it adds the resource'sid
to a list of IDs to be deleted and passes that list torelease_resources_by_id()
which releases the resource IDs in the list.In
push_to_remote()
, a call torelease_orphaned_resources()
is then made for every VRF that was previously deleted inpush_diff_delete()
.fix for issue #357
Previously, fail_json() was called only if the switch did not contain any interfaces with
extensionValues
. If an interface in the playbook contains a vrf_lite config, and the interface in this vrf_lite config does not match an interface on the switch withextensionValues
, but at least one interface on the switch DOES haveextensionValues
, the generated payload for the interface in the vrf_lite config will be incomplete, which generates the 500 error.The fix is to call fail_json() if any interface in the playbook's vrf_lite config does not match an interface with
extensionValues
on the switch. This new check causes several unit-tests to fail, since the unit-tests meet all the conditions for fail_json() to be called with this new check in place. These unit-tests need to be modified so that the interface in thevrf_lite
config will match one of the interfaces in the test case fixture that containsextensionValues
.Improve code readability
Refactored a few bits of code that were duplicated in multiple places into the following methods
compare_properties()
find_dict_in_list_by_key_value()
to_bool()
dict_values_differ()
get_vrf_objects()
get_vrf_lite_objects()
get_items_to_detach()
Reversed the logic of several conditionals to reduce indentation.
Examples can be found in:
get_have()
push_to_remote()
Populate dicts before appending them to list
Previously, dicts were appended to a list (within another dict) and then populated. This resulted in code that was harder to read due to the multi-level accesses made when setting each key/value in the embedded dict. This was changed in a couple places so that we first populate the dict, and then append the dict to the list afterwards.
Examples in:
get_have()
update_attach_params()
Use
in
to simplifyor
conditionalsFor example, changed:
To:
Rename vars whose names were hard to understand
In some cases, the name was hard to understand, and didn't add any value. In these cases, used a generic name like
item
instead:a_l
renamed toitem
In other cases, the name was ambiguous:
dep_vrf
seemed to me to mean "dependent vrf", but it actually means "deploy vrf", so renamed it todeploy_vrf
. Several other cases along these lines.Harden against KeyErrors and misinterpreted booleans
Removed all bool() casts
In multiple places
bool(thing)
was used to try to castthing
into a boolean. This can (potentially) result in misinterpretation ofthing
. For example:bool("false") returns True.
Removed all cases of
bool()
casts since debugging these showed that, in all of them, the thing being casted was already a boolean. Hence, in these cases, there was no misinterpretation, but casting to bool should be considered bad practice in most circumstances.Harden against
KeyError
Several places were accessing dict keys directly without using
dict.get()
. Changed those that I noticed.Add logging
Standard python logging was added (similarly to e.g. dcnm_fabric, etc).
inspect
is used to add the method name to all logged messages and to messages passed to fail_json().One issue that adding logging raised is that unit tests failed until the following was changed in main():
From:
To:
The issue seems to be that the dcnm_vrf unit tests are run like this:
And somehow (which I don't understand) this is causing the following error in logging.config.DictConfigurator (part of the standard Python logging system), but ONLY when unit tests for log_v2.py are run in the same session as unit tests for dcnm_vrf.py, i.e.:
The following results in the error:
pytest -k "test_dcnm_vrf or test_log"
Whereas the following does not:
pytest -k test_log
pytest -k test_dcnm_vrf
Which is called from common/log_v2.py, in
enable_logging()
here:So, maybe something having to do with the use of the temporary path
/private/var/...
, or permissions on this path when both tests are run, or the path's length?Will investigate further, but the "fix" (ugly as it is) above works for both the unit tests and for normal usage.