Fix(eos_cli_config_gen,eos_designs): Dont configure access group on i…

…nterface when access group is defined on session level (#4565)

ansible_collections/arista/avd/molecule/eos_cli_config_gen/documentation/devices/monitor-sessions.md

@@ -68,7 +68,7 @@ interface Management1
 | Ethernet3, Ethernet5 | rx | - | - | - |
 | Ethernet10-15 | rx | - | - | - |
 | Ethernet12 | rx | - | - | - |
-| Ethernet18 | tx | mac | macACL | 100 |
+| Ethernet18 | tx | - | - | 100 |
 
 ####### myMonitoringSession2 Destinations and Session Settings
 
@@ -94,6 +94,24 @@ interface Management1
 | -------- | ------ |
 | Destinations | - |
 
+##### myMonitoringSession4
+
+####### myMonitoringSession4 Sources
+
+| Sources | Direction | Access Group Type | Access Group Name | Access Group Priority |
+| ------- | --------- | ----------------- | ----------------- | --------------------- |
+| Ethernet3, Ethernet5 | rx | - | - | - |
+| Ethernet10-15 | rx | - | - | - |
+| Ethernet12 | rx | - | - | - |
+| Ethernet18 | tx | mac | macACL | 100 |
+
+####### myMonitoringSession4 Destinations and Session Settings
+
+| Settings | Values |
+| -------- | ------ |
+| Destinations | Cpu, Ethernet50 |
+| Encapsulation Gre Metadata Tx | True |
+
 #### Monitor Sessions Device Configuration
 
 ```eos
@@ -108,10 +126,17 @@ monitor session myMonitoringSession2 ip access-group ipv4ACL
 monitor session myMonitoringSession2 source Ethernet3, Ethernet5 rx
 monitor session myMonitoringSession2 source Ethernet10-15 rx
 monitor session myMonitoringSession2 source Ethernet12 rx
-monitor session myMonitoringSession2 source Ethernet18 tx mac access-group macACL priority 100
+monitor session myMonitoringSession2 source Ethernet18 tx
 monitor session myMonitoringSession2 destination Cpu
 monitor session myMonitoringSession2 destination Ethernet50
 monitor session myMonitoringSession2 sample 50
 monitor session myMonitoringSession2 encapsulation gre metadata tx
 monitor session myMonitoringSession3 source Ethernet20 both ip access-group ipv4ACL priority 10
+monitor session myMonitoringSession4 source Ethernet3, Ethernet5 rx
+monitor session myMonitoringSession4 source Ethernet10-15 rx
+monitor session myMonitoringSession4 source Ethernet12 rx
+monitor session myMonitoringSession4 source Ethernet18 tx mac access-group macACL priority 100
+monitor session myMonitoringSession4 destination Cpu
+monitor session myMonitoringSession4 destination Ethernet50
+monitor session myMonitoringSession4 encapsulation gre metadata tx
 ```

ansible_collections/arista/avd/molecule/eos_cli_config_gen/intended/configs/monitor-sessions.cfg

@@ -14,9 +14,16 @@ monitor session myMonitoringSession2 ip access-group ipv4ACL
 monitor session myMonitoringSession2 source Ethernet3, Ethernet5 rx
 monitor session myMonitoringSession2 source Ethernet10-15 rx
 monitor session myMonitoringSession2 source Ethernet12 rx
-monitor session myMonitoringSession2 source Ethernet18 tx mac access-group macACL priority 100
+monitor session myMonitoringSession2 source Ethernet18 tx
 monitor session myMonitoringSession2 destination Cpu
 monitor session myMonitoringSession2 destination Ethernet50
 monitor session myMonitoringSession2 sample 50
 monitor session myMonitoringSession2 encapsulation gre metadata tx
 monitor session myMonitoringSession3 source Ethernet20 both ip access-group ipv4ACL priority 10
+monitor session myMonitoringSession4 source Ethernet3, Ethernet5 rx
+monitor session myMonitoringSession4 source Ethernet10-15 rx
+monitor session myMonitoringSession4 source Ethernet12 rx
+monitor session myMonitoringSession4 source Ethernet18 tx mac access-group macACL priority 100
+monitor session myMonitoringSession4 destination Cpu
+monitor session myMonitoringSession4 destination Ethernet50
+monitor session myMonitoringSession4 encapsulation gre metadata tx

ansible_collections/arista/avd/molecule/eos_cli_config_gen/inventory/host_vars/monitor-sessions.yml

@@ -27,6 +27,7 @@ monitor_sessions:
       - name: Ethernet3, Ethernet5
         direction: rx
       - name: Ethernet18
+        # This access_group is ignored as access_group is already set on session level.
         access_group:
           type: mac
           name: macACL
@@ -48,3 +49,21 @@ monitor_sessions:
           type: ip
           name: ipv4ACL
           priority: 10
+  - name: myMonitoringSession4
+    sources:
+      - name: Ethernet12
+        direction: rx
+      - name: Ethernet10-15
+        direction: rx
+      - name: Ethernet3, Ethernet5
+        direction: rx
+      - name: Ethernet18
+        access_group:
+          type: mac
+          name: macACL
+          priority: 100
+        direction: tx
+    destinations:
+      - Cpu
+      - Ethernet50
+    encapsulation_gre_metadata_tx: true

ansible_collections/arista/avd/molecule/eos_designs_negative_unit_tests/inventory/host_vars/connected-endpoints-monitor-session-connected-endpoint-acl.yml

@@ -0,0 +1,32 @@
+loopback_ipv4_pool: 192.168.1.0/24
+
+type: l2leaf
+l2leaf:
+  defaults:
+  nodes:
+    - name: connected-endpoints-monitor-session-connected-endpoint-acl
+
+servers:
+  - name: INDIVIDUAL_1
+    adapters:
+      - switches: [connected-endpoints-monitor-session-connected-endpoint-acl]
+        switch_ports: [Ethernet14]
+        description: Monitor port-channel 14
+        port_channel:
+          channel_id: 14
+          mode: active
+        monitor_sessions:
+          - name: DMF
+            role: source
+            source_settings:
+              access_group:
+                type: ip
+                name: acl2
+            session_settings:
+              access_group:
+                type: ip
+                name: acl1
+
+expected_error_message: >-
+  Cannot set an ACL for both `session_settings` and `source_settings` under the monitor session 'DMF'
+  for servers[name=INDIVIDUAL_1].adapters[0].

ansible_collections/arista/avd/molecule/eos_designs_negative_unit_tests/inventory/host_vars/connected-endpoints-monitor-session-network-port-acl.yml

@@ -0,0 +1,28 @@
+loopback_ipv4_pool: 192.168.1.0/24
+
+type: l2leaf
+l2leaf:
+  defaults:
+  nodes:
+    - name: connected-endpoints-monitor-session-network-port-acl
+network_ports:
+  - switches:
+      - connected-endpoints-monitor-session-network-port-acl
+    switch_ports:
+      - Ethernet24-25
+    description: PC
+    monitor_sessions:
+      - name: DMF
+        role: source
+        source_settings:
+          access_group:
+            type: ip
+            name: acl2
+        session_settings:
+          access_group:
+            type: ip
+            name: acl1
+
+expected_error_message: >-
+  Cannot set an ACL for both `session_settings` and `source_settings` under the monitor session 'DMF'
+  for network_ports[0].

ansible_collections/arista/avd/molecule/eos_designs_negative_unit_tests/inventory/host_vars/connected-endpoints-wrong-profile-lacp-fallback.yml

@@ -28,4 +28,4 @@ port_profiles:
     native_vlan: 123
 
 expected_error_message: >-
-  Profile 'INDIVIDUAL_TRUNK' applied under 'server[name=INDIVIDUAL_1].adapters[0].port_channel.lacp_fallback.individual' does not exist in `port_profiles`.
+  Profile 'INDIVIDUAL_TRUNK' applied under 'servers[name=INDIVIDUAL_1].adapters[0].port_channel.lacp_fallback.individual' does not exist in `port_profiles`.

ansible_collections/arista/avd/molecule/eos_designs_negative_unit_tests/inventory/host_vars/failure-adapter-ptp-profile-does-not-exist.yml

@@ -29,5 +29,5 @@ servers:
           profile: THIS-PROFILE-DOES-NOT-EXIST
 
 expected_error_message: >-
-  PTP Profile 'THIS-PROFILE-DOES-NOT-EXIST' referenced under server[name=INDIVIDUAL_1].adapters[0]
+  PTP Profile 'THIS-PROFILE-DOES-NOT-EXIST' referenced under servers[name=INDIVIDUAL_1].adapters[0]
   does not exist in `ptp_profiles`.

ansible_collections/arista/avd/molecule/eos_designs_negative_unit_tests/inventory/hosts.yml

@@ -70,6 +70,8 @@ all:
             connected-endpoints-wrong-profile-lacp-fallback:
             connected-endpoints-phone-vlan-mode:
             connected-endpoints-phone-vlan-vlans:
+            connected-endpoints-monitor-session-connected-endpoint-acl:
+            connected-endpoints-monitor-session-network-port-acl:
             connected-endpoints-monitor-sessions-mismatch-direction:
             duplicate-vlans-l2vlans:
             duplicate-vlans-svi-id:

ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/configs/DC1-SVC3A.cfg

@@ -327,6 +327,14 @@ interface Port-Channel42
    switchport
    mlag 42
 !
+interface Port-Channel43
+   description server28_monitoring_session_source_settings_access_group_server28_monitoring_session_source_settings_access_group
+   no shutdown
+   switchport access vlan 110
+   switchport mode access
+   switchport
+   mlag 43
+!
 interface Port-Channel1007
    description DC1_L2LEAF2_Po1001
    no shutdown
@@ -561,6 +569,11 @@ interface Ethernet42
    no shutdown
    channel-group 42 mode active
 !
+interface Ethernet43
+   description server28_monitoring_session_source_settings_access_group_Eth3
+   no shutdown
+   channel-group 43 mode active
+!
 interface Ethernet49/1
    description P2P_LINK_TO_DC1-SPINE1_Ethernet7/1
    no shutdown
@@ -874,10 +887,11 @@ ip prefix-list PL-LOOPBACKS-EVPN-OVERLAY
 ip prefix-list PL-MLAG-PEER-VRFS
    seq 10 permit 10.255.251.6/31
 !
+monitor session MonitoringSessionServer18 source Port-Channel43 tx ip access-group myIpAVL priority 5
 monitor session MonitoringSessionServer18WithDest mac access-group mac_acl
-monitor session MonitoringSessionServer18WithDest source Ethernet25 rx ip access-group MyIpACL priority 5
-monitor session MonitoringSessionServer18WithDest source Ethernet28 tx mac access-group MyMacACL priority 5
-monitor session MonitoringSessionServer18WithDest source Port-Channel27 tx mac access-group MyMacACL priority 5
+monitor session MonitoringSessionServer18WithDest source Ethernet25 rx
+monitor session MonitoringSessionServer18WithDest source Ethernet28 tx
+monitor session MonitoringSessionServer18WithDest source Port-Channel27 tx
 monitor session MonitoringSessionServer18WithDest destination Ethernet26
 monitor session MonitoringSessionServer18WithDest destination Ethernet40
 monitor session MonitoringSessionServer18WithDest destination Port-Channel42

ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/configs/DC1-SVC3B.cfg

@@ -315,6 +315,14 @@ interface Port-Channel42
    switchport
    mlag 42
 !
+interface Port-Channel43
+   description server28_monitoring_session_source_settings_access_group_server28_monitoring_session_source_settings_access_group
+   no shutdown
+   switchport access vlan 110
+   switchport mode access
+   switchport
+   mlag 43
+!
 interface Port-Channel1007
    description DC1_L2LEAF2_Po1001
    no shutdown
@@ -526,6 +534,11 @@ interface Ethernet42
    no shutdown
    channel-group 42 mode active
 !
+interface Ethernet44
+   description server28_monitoring_session_source_settings_access_group_Eth4
+   no shutdown
+   channel-group 43 mode active
+!
 interface Ethernet49/1
    description P2P_LINK_TO_DC1-SPINE1_Ethernet9/1
    no shutdown
@@ -839,9 +852,10 @@ ip prefix-list PL-LOOPBACKS-EVPN-OVERLAY
 ip prefix-list PL-MLAG-PEER-VRFS
    seq 10 permit 10.255.251.6/31
 !
+monitor session MonitoringSessionServer18 source Port-Channel43 tx ip access-group myIpAVL priority 5
 monitor session MonitoringSessionServer18WithDest ip access-group ip_acl
-monitor session MonitoringSessionServer18WithDest source Ethernet25 rx ip access-group MyIpACL priority 5
-monitor session MonitoringSessionServer18WithDest source Port-Channel27 tx mac access-group MyMacACL priority 5
+monitor session MonitoringSessionServer18WithDest source Ethernet25 rx
+monitor session MonitoringSessionServer18WithDest source Port-Channel27 tx
 monitor session MonitoringSessionServer18WithDest destination Ethernet26
 monitor session MonitoringSessionServer18WithDest destination Port-Channel42
 monitor session MonitoringSessionServer18WithDest truncate size 20

ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/structured_configs/DC1-SVC3A.yml

@@ -1098,6 +1098,14 @@ port_channel_interfaces:
   switchport:
     enabled: true
   mlag: 34
+- name: Port-Channel43
+  description: server28_monitoring_session_source_settings_access_group_server28_monitoring_session_source_settings_access_group
+  shutdown: false
+  switchport:
+    enabled: true
+    mode: access
+    access_vlan: '110'
+  mlag: 43
 ethernet_interfaces:
 - name: Ethernet53/1
   peer: DC1-SVC3B
@@ -1539,6 +1547,16 @@ ethernet_interfaces:
   lacp_timer:
     mode: normal
     multiplier: 50
+- name: Ethernet43
+  peer: server28_monitoring_session_source_settings_access_group
+  peer_interface: Eth3
+  peer_type: server
+  port_profile: TENANT_A
+  description: server28_monitoring_session_source_settings_access_group_Eth3
+  shutdown: false
+  channel_group:
+    id: 43
+    mode: active
 mlag_configuration:
   domain_id: custom_mlag_domain_id
   local_interface: Vlan4092
@@ -1686,26 +1704,22 @@ virtual_source_nat_vrfs:
 - name: Tenant_A_OP_Zone
   ip_address: 10.255.1.12
 monitor_sessions:
-- name: MonitoringSessionServer18WithDest
+- name: MonitoringSessionServer18
   sources:
-  - name: Ethernet25
-    direction: rx
+  - name: Port-Channel43
+    direction: tx
     access_group:
       type: ip
-      name: MyIpACL
+      name: myIpAVL
       priority: 5
+- name: MonitoringSessionServer18WithDest
+  sources:
+  - name: Ethernet25
+    direction: rx
   - name: Port-Channel27
     direction: tx
-    access_group:
-      type: mac
-      name: MyMacACL
-      priority: 5
   - name: Ethernet28
     direction: tx
-    access_group:
-      type: mac
-      name: MyMacACL
-      priority: 5
   destinations:
   - Ethernet26
   - Ethernet40

ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/structured_configs/DC1-SVC3B.yml

@@ -1086,6 +1086,14 @@ port_channel_interfaces:
   switchport:
     enabled: true
   mlag: 34
+- name: Port-Channel43
+  description: server28_monitoring_session_source_settings_access_group_server28_monitoring_session_source_settings_access_group
+  shutdown: false
+  switchport:
+    enabled: true
+    mode: access
+    access_vlan: '110'
+  mlag: 43
 ethernet_interfaces:
 - name: Ethernet53/1
   peer: DC1-SVC3A
@@ -1488,6 +1496,16 @@ ethernet_interfaces:
   lacp_timer:
     mode: normal
     multiplier: 50
+- name: Ethernet44
+  peer: server28_monitoring_session_source_settings_access_group
+  peer_interface: Eth4
+  peer_type: server
+  port_profile: TENANT_A
+  description: server28_monitoring_session_source_settings_access_group_Eth4
+  shutdown: false
+  channel_group:
+    id: 43
+    mode: active
 mlag_configuration:
   domain_id: custom_mlag_domain_id
   local_interface: Vlan4092
@@ -1635,20 +1653,20 @@ virtual_source_nat_vrfs:
 - name: Tenant_A_OP_Zone
   ip_address: 10.255.1.13
 monitor_sessions:
-- name: MonitoringSessionServer18WithDest
+- name: MonitoringSessionServer18
   sources:
-  - name: Ethernet25
-    direction: rx
+  - name: Port-Channel43
+    direction: tx
     access_group:
       type: ip
-      name: MyIpACL
+      name: myIpAVL
       priority: 5
+- name: MonitoringSessionServer18WithDest
+  sources:
+  - name: Ethernet25
+    direction: rx
   - name: Port-Channel27
     direction: tx
-    access_group:
-      type: mac
-      name: MyMacACL
-      priority: 5
   destinations:
   - Ethernet26
   - Port-Channel42