Skip to content

New validation for CFD CSCwf26626 #303

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
Harinadh-Saladi wants to merge 8 commits into
base: master
Choose a base branch
from
Open

New validation for CFD CSCwf26626 #303

Harinadh-Saladi wants to merge 8 commits into from

Conversation

@Harinadh-Saladi
Copy link

@Harinadh-Saladi Harinadh-Saladi commented Dec 12, 2025

Added additional test cases and modifed validations.md file

@Harinadh-Saladi
Added disabled_cipher_check for CSCwf26626
11a7f81 
- Implemented new check function to detect disabled cipher configuration issues
- Added comprehensive test suite with 6 test cases covering all scenarios
- Update validations.md documentation with check details and recommendations
@Harinadh-Saladi
Fix fabricNode.json: Replace leaf node with third APIC controller (ap…
2ddec88 
…ic3)
@Harinadh-Saladi
Updated test data JSON files to array format with full cipher attributes
75fde2d
@Harinadh-Saladi
Added additional test cases for disabled_cipher_check and modified va…
3145419 
…lidations.md file as it was having a typo
lovkeshsharma702
lovkeshsharma702 suggested changes Dec 15, 2025
View reviewed changes
Copy link

@lovkeshsharma702 lovkeshsharma702 left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

logic is not correct. it just verify the version and fail, In fab3 apic1, all cph are enabled and no nginx error but the check still fail.
Please work on correcting, testing, validating the main function and test cases.

lovkeshsharma702
lovkeshsharma702 reviewed Dec 15, 2025
View reviewed changes
aci-preupgrade-validation-script.py
cipher_api = "commCipher.json?query-target-filter=and(or(wcard(commCipher.id,\"ECDHE-RSA\"),wcard(commCipher.id,\"DHE-RSA\"),wcard(commCipher.id,\"TLS_AES_256\")),eq(commCipher.state,\"disabled\"))"
try:
disabled_ciphers = icurl("class", cipher_api)
disabled_cipher_count = len(disabled_ciphers)
Copy link

@lovkeshsharma702 lovkeshsharma702 Dec 15, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

why do we need to use len in this case? please use totalcount value to validate.

Copy link
Author

@Harinadh-Saladi Harinadh-Saladi Dec 18, 2025
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Hi Lovkesh, The entire codebase uses the same pattern - working directly with the array returned by icurl function.
Also I felt more efficient using length, since it doesn't needs extra parsing whereas totalcount needs extra parsing from string to int.

@Harinadh-Saladi
Copy link
Author

Harinadh-Saladi commented Dec 18, 2025

logic is not correct. it just verify the version and fail, In fab3 apic1, all cph are enabled and no nginx error but the check still fail. Please work on correcting, testing, validating the main function and test cases.

Hi Lovkesh. Thanks for sharing your comment. I have debugged and done the changes. After testing it's working as anticipated. Actually the logic is correct only but the string "Failed to write nginxproxy conf file" appears in the command itself, so even when zgrep returns empty result, command echo still contains this string.

So it was a false positive, detecting the search term from the command, but not from actual grep results.

Have fixed nginx log check by filtering out command echo and prompt correctly. Now script will detect FOUND only if actual grep results contain error message. Have re-pushed the code.

@Harinadh-Saladi
Copy link
Author

Harinadh-Saladi commented Dec 18, 2025

Enclosing the pytest logs for the same.
Pytest logs.txt

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

1 more reviewer

@lovkeshsharma702 lovkeshsharma702 lovkeshsharma702 requested changes

Reviewers whose approvals may not affect merge requirements

At least 1 approving review is required to merge this pull request.

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@Harinadh-Saladi @lovkeshsharma702