ND Pre-Change Validation
Users of Nexus Dashboard Insights (NDI) can leverage this solution for automated pre-change validation. Hundreds of different checks have been codified and can be used to validate your changes on-demand. Compared to the --rules
argument in nac-validate
, there is no need to write Python code that contain your checks. NDI will notify you of any anomalies imposed by your new configuration. Besides looking at potential configuration errors, NDI provides a framework that enables users to write their own configuration and compliance rules. Each time a pre-change validation is run, that set of requirements is evaluated. Consider the following examples:
In this example, Endpoint Group (EPG) web
and db
must be able to communicate:
In this example all bridge domains need to be configured with at least one private subnet
:
Compliance requirements in NDI drastically reduce the time required to write tests, in order to meet business requirements when driving automated changes.
Using the commandline tool Nexus-PCV, you can automate Pre-Change Validations in NDI. Nexus-PCV can either work with provided JSON
file(s) or a terraform plan
output from a Network-as-Code project. A planned change can be validated before applying it to a production environment by running a terraform plan
operation first and then providing the output to nexus-pcv
to trigger a pre-change validation.
The tool can easily be integrated with CI/CD workflows. Arguments can either be provided via command line or environment variables. The tool will exit with a non-zero exit code in case of an error or non-suppressed events being discovered during the pre-change analysis. The --output-summary
and --output-url
arguments can be used to write a summary and/or a link (URL) to a file, which can then be embedded or parsed into notifications (e.g., Webex).
Python 3.10+ is required to install nexus-pcv. Nexus-pcv can be installed using pip
:
pip install nexus-pcv
To create a plan output that can be used by nexus-pcv
in order to create a PCV in NDI, the following can be run:
> terraform plan -out=plan.tfplan> terraform show -json plan.tfplan > plan.json> nexus-pcv --hostname-ip 10.0.0.1 --username admin --password Cisco123 --group <yoursitegroup> --site <yourfabric> --name pcv123 --nac-tf-plan plan.json --output-summary output-summary.txt --output-url output-url.txt
This will trigger a new PCV in NDI:
After a few minutes you can evaluate the results:
Alternatively you can refer to the output-summary.txt
to see if any anomalies have been found based on your intended configuration.