Skip to content

New validation for CFD CSCwf26626 #303

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
Harinadh-Saladi wants to merge 9 commits into
base: master
Choose a base branch
from
Open

New validation for CFD CSCwf26626 #303

Harinadh-Saladi wants to merge 9 commits into from

Conversation

@Harinadh-Saladi
Copy link

@Harinadh-Saladi Harinadh-Saladi commented Dec 12, 2025

Added additional test cases and modifed validations.md file

@Harinadh-Saladi
Added disabled_cipher_check for CSCwf26626
11a7f81 
- Implemented new check function to detect disabled cipher configuration issues
- Added comprehensive test suite with 6 test cases covering all scenarios
- Update validations.md documentation with check details and recommendations
@Harinadh-Saladi
Fix fabricNode.json: Replace leaf node with third APIC controller (ap…
2ddec88 
…ic3)
@Harinadh-Saladi
Updated test data JSON files to array format with full cipher attributes
75fde2d
@Harinadh-Saladi
Added additional test cases for disabled_cipher_check and modified va…
3145419 
…lidations.md file as it was having a typo
lovkeshsharma702
lovkeshsharma702 suggested changes Dec 15, 2025
View reviewed changes
Copy link

@lovkeshsharma702 lovkeshsharma702 left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

logic is not correct. it just verify the version and fail, In fab3 apic1, all cph are enabled and no nginx error but the check still fail.
Please work on correcting, testing, validating the main function and test cases.

@Harinadh-Saladi
Copy link
Author

Harinadh-Saladi commented Dec 18, 2025

logic is not correct. it just verify the version and fail, In fab3 apic1, all cph are enabled and no nginx error but the check still fail. Please work on correcting, testing, validating the main function and test cases.

Hi Lovkesh. Thanks for sharing your comment. I have debugged and done the changes. After testing it's working as anticipated. Actually the logic is correct only but the string "Failed to write nginxproxy conf file" appears in the command itself, so even when zgrep returns empty result, command echo still contains this string.

So it was a false positive, detecting the search term from the command, but not from actual grep results.

Have fixed nginx log check by filtering out command echo and prompt correctly. Now script will detect FOUND only if actual grep results contain error message. Have re-pushed the code.

Harinadh-Saladi
Harinadh-Saladi commented Dec 18, 2025
View reviewed changes
aci-preupgrade-validation-script.py
cipher_api = "commCipher.json?query-target-filter=and(or(wcard(commCipher.id,\"ECDHE-RSA\"),wcard(commCipher.id,\"DHE-RSA\"),wcard(commCipher.id,\"TLS_AES_256\")),eq(commCipher.state,\"disabled\"))"
try:
disabled_ciphers = icurl("class", cipher_api)
disabled_cipher_count = len(disabled_ciphers)
Copy link
Author

@Harinadh-Saladi Harinadh-Saladi Dec 18, 2025
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Hi Lovkesh, The entire codebase uses the same pattern - working directly with the array returned by icurl function.
Also I felt more efficient using length, since it doesn't needs extra parsing whereas totalcount needs extra parsing from string to int.

@Harinadh-Saladi
Copy link
Author

Harinadh-Saladi commented Dec 18, 2025

Enclosing the pytest logs for the same.
Pytest logs.txt

@diwakarmishra1190
Copy link

diwakarmishra1190 commented Jan 5, 2026

Code logic looks good .
all test passed.

diwakarmishra1190
diwakarmishra1190 approved these changes Jan 5, 2026
View reviewed changes
Copy link

@diwakarmishra1190 diwakarmishra1190 left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

tested locally .
LGTM.

lovkeshsharma702
lovkeshsharma702 reviewed Jan 7, 2026
View reviewed changes
aci-preupgrade-validation-script.py Outdated

return Result(result=result, headers=headers, data=data, recommended_action=recommended_action, doc_url=doc_url)

<<<<<<< HEAD
Copy link

@lovkeshsharma702 lovkeshsharma702 Jan 7, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

why do we have <<<<<< HEAD ?

lovkeshsharma702
lovkeshsharma702 suggested changes Jan 7, 2026
View reviewed changes
Copy link

@lovkeshsharma702 lovkeshsharma702 left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

requested change.

@Harinadh-Saladi
Remove merge conflict markers from previous commit
60cebbb 
- Removed <<<<<<< HEAD, =======, and >>>>>>> upstream/master markers
- Kept both disabled_cipher_check and apic_vmm_inventory_sync_faults_check functions
- Fixed improper merge from commit 6cb1209
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

2 more reviewers

@lovkeshsharma702 lovkeshsharma702 lovkeshsharma702 requested changes

@diwakarmishra1190 diwakarmishra1190 diwakarmishra1190 approved these changes

Reviewers whose approvals may not affect merge requirements

At least 1 approving review is required to merge this pull request.

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@Harinadh-Saladi @diwakarmishra1190 @lovkeshsharma702