issue #131 fixed

aci-preupgrade-validation-script.py

@@ -4214,6 +4214,28 @@ def validate_32_64_bit_image_check(index, total_checks, tversion, **kwargs):
     return result
 
 
+def cloudsec_encryption_check(index, total_checks, tversion, **kwargs):
+    title = 'ClouSec Encrpytion Check'
+    result = NA
+    msg = ''
+    headers = []
+    data = []
+    recommended_action = 'The feature is deprecated beginning on version 6.0(6)'
+    doc_url = 'https://datacenter.github.io/ACI-Pre-Upgrade-Validation-Script/validations#cloudsec_encryption_check'
+    print_title(title, index, total_checks)
+
+
+    cloudsec_api =  'cloudsecPreSharedKey.json'
+    cloudsecPreSharedKey = icurl('class', cloudsec_api)
+
+    if cloudsecPreSharedKey and tversion.newer_than("6.0(6a)") :
+        msg = 'The CloudSec Encryption feature is deprecated in target version'
+        result = FAIL_O
+    elif not cloudsecPreSharedKey and tversion.newer_than("6.0(6a)"):
+        result = PASS
+    print_result(title, result, msg, headers, data, recommended_action=recommended_action, doc_url=doc_url)
+    return result
+
 if __name__ == "__main__":
     prints('    ==== %s%s, Script Version %s  ====\n' % (ts, tz, SCRIPT_VERSION))
     prints('!!!! Check https://github.com/datacenter/ACI-Pre-Upgrade-Validation-Script for Latest Release !!!!\n')
@@ -4294,6 +4316,7 @@ def validate_32_64_bit_image_check(index, total_checks, tversion, **kwargs):
         eecdh_cipher_check,
         subnet_scope_check,
         unsupported_fec_configuration_ex_check,
+        cloudsec_encryption_check,
 
         # Bugs
         ep_announce_check,

docs/docs/validations.md

@@ -118,7 +118,7 @@ Items                                         | Faults         | This Script
 [EECDH SSL Cipher Disabled][c14]                      | :white_check_mark: | :no_entry_sign:           | :no_entry_sign:
 [BD and EPG Subnet must have matching scopes][c15]    | :white_check_mark: | :no_entry_sign:           | :no_entry_sign:
 [Unsupported FEC Configuration for N9K-C93180YC-EX][c16]    | :white_check_mark: | :no_entry_sign:           | :no_entry_sign:
-
+[CloudSec Encryption Check][c17]                      | :white_check_mark: | :no_entry_sign:           | :no_entry_sign:
 
 [c1]: #vpc-paired-leaf-switches
 [c2]: #overlapping-vlan-pool
@@ -136,6 +136,7 @@ Items                                         | Faults         | This Script
 [c14]: #eecdh-ssl-cipher
 [c15]: #bd-and-epg-subnet-must-have-matching-scopes
 [c16]: #unsupported-fec-configuration-for-n9k-c93180yc-ex
+[c17]: #cloudsec_encryption_check
 
 
 ### Defect Condition Checks
@@ -1931,6 +1932,13 @@ It is important to remove any unsupported configuration prior to ugprade to avoi
     fecMode                        : ieee-rs-fec   <<<
     ```
 
+### CloudSec Encrpytion Check
+
+Starting in Cisco ACI 6.0(6) the CloudSec Encryption feature is deprecated as mentioned in the [Cisco Application Policy Infrastructure Controller Release Notes, Release 6.0(6)][31]
+
+It is important to review if the feature is in use prior to upgrading to 6.0(6) or later.
+
+
 ## Defect Check Details
 
 ### EP Announce Compatibility
@@ -2213,3 +2221,4 @@ If found, the target version of your upgrade should be a version with a fix for
 [28]: https://www.cisco.com/c/en/us/td/docs/dcn/aci/apic/all/apic-installation-aci-upgrade-downgrade/Cisco-APIC-Installation-ACI-Upgrade-Downgrade-Guide/m-aci-upgrade-downgrade-architecture.html#Cisco_Reference.dita_22480abb-4138-416b-8dd5-ecde23f707b4
 [29]: https://bst.cloudapps.cisco.com/bugsearch/bug/CSCwb86706
 [30]: https://bst.cloudapps.cisco.com/bugsearch/bug/CSCwf44222
+[31]: https://www.cisco.com/c/en/us/td/docs/dcn/aci/apic/6x/release-notes/cisco-apic-release-notes-606.html

tests/cloudsec_encryption_check/cloudsecPreSharedKey_neg.json

@@ -0,0 +1 @@
+[]

tests/cloudsec_encryption_check/cloudsecPreSharedKey_pos.json

@@ -0,0 +1,15 @@
+[
+    {
+        "cloudsecPreSharedKey": {
+            "attributes": {
+                "dn": "uni/tn-infra/cloudsecifp-default/psk-1",
+                "monPolDn": "uni/tn-common/monepg-default",
+                "name": "",
+                "nameAlias": "",
+                "ownerKey": "",
+                "ownerTag": "",
+                "status": ""
+            }
+        }
+    }
+]

tests/cloudsec_encryption_check/test_cloudsec_encryption_check.py

@@ -0,0 +1,49 @@
+# -*- coding: utf-8 -*-
+import os
+import pytest
+import logging
+import importlib
+from helpers.utils import read_data
+
+script = importlib.import_module("aci-preupgrade-validation-script")
+
+log = logging.getLogger(__name__)
+dir = os.path.dirname(os.path.abspath(__file__))
+
+
+# icurl queries
+cloudsecPreSharedKey = 'cloudsecPreSharedKey.json'
+
+
+@pytest.mark.parametrize(
+    "icurl_outputs, tversion, expected_result",
+    [
+        (
+            ## TARGET VERSION IS OLDER THAN 6.0(6), CLOUDSEC IS PRESENT, VALIDATION RESULT : N/A
+            {cloudsecPreSharedKey: read_data(dir, "cloudsecPreSharedKey_pos.json")},
+            "5.2(6a)",
+            script.NA,
+        ),
+        (
+            ## TARGET VERSION IS OLDER THAN 6.0(6), NO CLOUDSEC PRESENT, VALIDATION RESULT : N/A
+            {cloudsecPreSharedKey: read_data(dir, "cloudsecPreSharedKey_neg.json")},
+            "5.2(6b)",
+            script.NA,
+        ),
+        (
+            ## TARGET VERSION IS NEWER THAN 6.0(6), NO CLOUDSEC PRESENT, VALIDATION RESULT : PASS
+            {cloudsecPreSharedKey: read_data(dir, "cloudsecPreSharedKey_neg.json")},
+            "6.0(6b)",
+            script.PASS,
+        ),
+        (
+            ## TARGET VERSION IS NEWER THAN 6.0(6), CLOUDSEC PRESENT, VALIDATION RESULT : FAIL_O            
+            {cloudsecPreSharedKey: read_data(dir, "cloudsecPreSharedKey_pos.json")},
+            "6.0(6b)",
+            script.FAIL_O,
+        ),
+    ],
+)
+def test_logic(mock_icurl, tversion, expected_result):
+    result = script.cloudsec_encryption_check(1, 1, script.AciVersion(tversion))
+    assert result == expected_result