updated documentation management-security template with new column to…

… now include fips-restrictions
aristanetworks · Jan 6, 2025 · c8b3be9 · c8b3be9
1 parent 86c19c6
commit c8b3be9
Show file tree

Hide file tree

Showing 3 changed files with 21 additions and 18 deletions.
diff --git a/...llections/arista/avd/molecule/eos_cli_config_gen/documentation/devices/host1.md b/...llections/arista/avd/molecule/eos_cli_config_gen/documentation/devices/host1.md
@@ -1452,18 +1452,18 @@ address locking
 
 ### Management Security SSL Profiles
 
-| SSL Profile Name | TLS protocol accepted | Certificate filename | Key filename | Ciphers | CRLs |
-| ---------------- | --------------------- | -------------------- | ------------ | ------- | ---- |
-| certificate-profile | - | eAPI.crt | eAPI.key | - | ca.crl<br>intermediate.crl |
-| cipher-list-profile | - | - | - | ECDHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-SHA384 | - |
-| SSL_PROFILE | 1.1 1.2 | SSL_CERT | SSL_KEY | - | - |
-| test1-chain-cert | - | - | - | - | - |
-| test1-trust-cert | - | - | - | - | - |
-| test2-chain-cert | - | - | - | - | - |
-| test2-trust-cert | - | - | - | - | - |
-| tls-single-version-profile-as-float | 1.0 | - | - | - | - |
-| tls-single-version-profile-as-string | 1.1 | - | - | - | - |
-| tls-versions-profile | 1.0 1.1 | - | - | - | - |
+| SSL Profile Name | TLS protocol accepted | Certificate filename | Key filename | Ciphers | CRLs | FIPS restrictions |
+| ---------------- | --------------------- | -------------------- | ------------ | ------- | ---- | ----------------- |
+| certificate-profile | - | eAPI.crt | eAPI.key | - | ca.crl<br>intermediate.crl | - |
+| cipher-list-profile | - | - | - | ECDHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-SHA384 | - | - |
+| SSL_PROFILE | 1.1 1.2 | SSL_CERT | SSL_KEY | - | - | enabled |
+| test1-chain-cert | - | - | - | - | - | - |
+| test1-trust-cert | - | - | - | - | - | - |
+| test2-chain-cert | - | - | - | - | - | - |
+| test2-trust-cert | - | - | - | - | - | - |
+| tls-single-version-profile-as-float | 1.0 | - | - | - | - | - |
+| tls-single-version-profile-as-string | 1.1 | - | - | - | - | - |
+| tls-versions-profile | 1.0 1.1 | - | - | - | - | enabled |
 
 ### SSL profile test1-chain-cert Certificates Summary
 

diff --git a/...llections/arista/avd/molecule/eos_cli_config_gen/documentation/devices/host2.md b/...llections/arista/avd/molecule/eos_cli_config_gen/documentation/devices/host2.md
@@ -335,9 +335,9 @@ aaa accounting exec default none
 
 ### Management Security SSL Profiles
 
-| SSL Profile Name | TLS protocol accepted | Certificate filename | Key filename | Ciphers | CRLs |
-| ---------------- | --------------------- | -------------------- | ------------ | ------- | ---- |
-| cipher-v1.0-v1.3 | - | - | - | v1.0 to v1.2: SHA256:SHA384<br>v1.3: TLS_AES_256_GCM_SHA384:TLS_CHACHA20_POLY1305_SHA256 | - |
+| SSL Profile Name | TLS protocol accepted | Certificate filename | Key filename | Ciphers | CRLs | FIPS restrictions |
+| ---------------- | --------------------- | -------------------- | ------------ | ------- | ---- | ----------------- |
+| cipher-v1.0-v1.3 | - | - | - | v1.0 to v1.2: SHA256:SHA384<br>v1.3: TLS_AES_256_GCM_SHA384:TLS_CHACHA20_POLY1305_SHA256 | - | - |
 
 ### Management Security Device Configuration
 

diff --git a/python-avd/pyavd/_eos_cli_config_gen/j2templates/documentation/management-security.j2 b/python-avd/pyavd/_eos_cli_config_gen/j2templates/documentation/management-security.j2
@@ -34,8 +34,8 @@
 
 ### Management Security SSL Profiles
 
-| SSL Profile Name | TLS protocol accepted | Certificate filename | Key filename | Ciphers | CRLs |
-| ---------------- | --------------------- | -------------------- | ------------ | ------- | ---- |
+| SSL Profile Name | TLS protocol accepted | Certificate filename | Key filename | Ciphers | CRLs | FIPS restrictions |
+| ---------------- | --------------------- | -------------------- | ------------ | ------- | ---- | ----------------- |
 {%         set ssl_profiles_certs = [] %}
 {%         for ssl_profile in management_security.ssl_profiles | arista.avd.natural_sort %}
 {%             set crls = "-" %}
@@ -53,7 +53,10 @@
 {%             elif ssl_profile.cipher_list is arista.avd.defined %}
 {%                 set ciphers = [ssl_profile.cipher_list] %}
 {%             endif %}
-| {{ ssl_profile.name | arista.avd.default('-') }} | {{ ssl_profile.tls_versions | arista.avd.default('-') }} | {{ ssl_profile.certificate.file | arista.avd.default('-') }} | {{ ssl_profile.certificate.key | arista.avd.default('-') }} | {{ ciphers | arista.avd.default(['-']) | join('<br>') }} | {{ crls }} |
+{%             if ssl_profile.fips_restrictions is arista.avd.defined(true) %}
+{%                 set fips = "enabled" %}
+{%             endif %}
+| {{ ssl_profile.name | arista.avd.default('-') }} | {{ ssl_profile.tls_versions | arista.avd.default('-') }} | {{ ssl_profile.certificate.file | arista.avd.default('-') }} | {{ ssl_profile.certificate.key | arista.avd.default('-') }} | {{ ciphers | arista.avd.default(['-']) | join('<br>') }} | {{ crls }} | {{ fips | arista.avd.default('-') }} |
 {%             set tmp_cert = {} %}
 {%             if ssl_profile.trust_certificate is arista.avd.defined %}
 {%                 set tmp_cert = {'trust_certificate': ssl_profile.trust_certificate} %}