Skip to content

nd_interface_subinterface_managed#296

Open
allenrobel wants to merge 2 commits into
nd_interface_svifrom
nd_interface_subinterface_managed
Open

nd_interface_subinterface_managed#296
allenrobel wants to merge 2 commits into
nd_interface_svifrom
nd_interface_subinterface_managed

Conversation

@allenrobel
Copy link
Copy Markdown
Collaborator

@allenrobel allenrobel commented May 28, 2026

Related Issue(s)

References #295 (the 207-status:failed silent-success bug in response_handler_nd.py is worked around in this module via _raise_on_multi_status_failures; remove the workaround when #295 lands).

Proposed Changes

  • Add the nd_interface_subinterface_managed module to manage L3 subinterfaces (managed variant, policyType: subinterface) on Cisco Nexus Dashboard 4.2.
  • Add SubinterfaceManagedInterfaceModel (Pydantic v2 via the project's pydantic_compat shim) and SubinterfaceManagedInterfaceOrchestrator, both following the loopback / SVI / ethernet-access patterns.
  • Composite identifier (switch_ip, interface_name); bulk POST per switch; partial PUT; bulk remove via interfaceActions/remove followed by interfaceActions/deploy.
  • Add integration test target covering merged (single, multi, Port-channel parent, idempotency, update), replaced, overridden, deleted states.
  • Stacked on nd_interface_svi; the unmanaged-variant module (policyType: monitorSubinterface) follows as a separate PR stacked on this one.

L3 field set: admin_state, description, extra_config, mtu, vlan_id, vrf_interface, ip, prefix, ipv6, ipv6_prefix, routing_tag, ip_redirects, pim_sparse, pim_dr_priority, netflow, netflow_monitor, netflow_sampler.

Test Notes

  • Integration tests pass on ND 4.2.1 lab SITE1 against routed-mode parents (Ethernet1/3 and Port-channel10 on S1_TOR1).
  • ansible-test sanity --docker clean on the touched files.
  • Three documented ND 4.2.1 wire workarounds in the model/orchestrator:
    • Parent must be in routed (L3) mode — ND rejects POST against L2 parents with HTTP 207 status:failed; surfaced to the user via the orchestrator's multi-status check and documented in module notes:.
    • routing_tag is echoed as int on GET despite being string on POST/PUT — model has a mode='before' validator coercing int → str. Marked TODO(4.2.1).
    • interface_name echoed lowercased on GET — field validator canonicalizes to Ethernet... / Port-channel... so idempotency comparisons work.

Cisco Nexus Dashboard Version

4.2.1

Related ND API Resource Category

  • analyze
  • infra
  • manage
  • onemanage
  • other

Checklist

  • Latest commit is rebased from develop with merge conflicts resolved
  • New or updates to documentation has been made accordingly
  • Assigned the proper reviewers

🤖 Generated with Claude Code

@allenrobel allenrobel mentioned this pull request May 28, 2026
Open
8 tasks
@allenrobel allenrobel changed the title Add nd_interface_subinterface_managed module nd_interface_subinterface_managed May 28, 2026
@allenrobel allenrobel force-pushed the nd_interface_subinterface_managed branch from d6ffd4d to fe87d36 Compare May 28, 2026 17:34
@allenrobel allenrobel force-pushed the nd_interface_subinterface_managed branch from fe87d36 to 28b57a4 Compare May 28, 2026 17:56
@allenrobel allenrobel force-pushed the nd_interface_subinterface_managed branch from 28b57a4 to 0a92a71 Compare May 28, 2026 18:15
@allenrobel allenrobel force-pushed the nd_interface_subinterface_managed branch from 0a92a71 to c85f5d4 Compare May 29, 2026 17:54
@allenrobel allenrobel force-pushed the nd_interface_subinterface_managed branch from c85f5d4 to f5ebacf Compare May 29, 2026 20:20
@allenrobel allenrobel force-pushed the nd_interface_subinterface_managed branch from f5ebacf to 8c05c0d Compare May 29, 2026 22:13
@allenrobel allenrobel force-pushed the nd_interface_subinterface_managed branch from 8c05c0d to b63fa6f Compare May 29, 2026 22:36
@allenrobel allenrobel force-pushed the nd_interface_subinterface_managed branch from b63fa6f to ec2060a Compare May 29, 2026 22:46
allenrobel and others added 2 commits May 29, 2026 12:47
@allenrobel @claude
Add nd_interface_subinterface_managed module
251d26b 
Manages L3 (managed) subinterfaces on Cisco Nexus Dashboard via the
Manage Interfaces API. Mirrors the SVI / loopback / ethernet-access
patterns: composite identifier (switch_ip, interface_name), bulk POST
per switch, partial PUT, bulk remove via interfaceActions/remove
followed by interfaceActions/deploy.

The subinterface family of policies is split into two modules per the
one-policy-per-module convention. This commit covers the managed
variant (policyType: subinterface) which carries the L3 field set:
admin_state, description, extra_config, mtu, vlan_id, vrf_interface,
ip/prefix, ipv6/ipv6_prefix, routing_tag, ip_redirects, pim_sparse,
pim_dr_priority, netflow, netflow_monitor, netflow_sampler. The
unmanaged variant (policyType: monitorSubinterface) will follow as a
separate module stacked on top of this one.

Field bounds are aligned with the live intSubifTemplate schema on
ND 4.2.1 (prefix 8-31, vlan_id 2-4094, mtu 576-9216). Two wire quirks
worked around in the model:

- routing_tag: ND accepts string on POST/PUT but returns int on GET.
  Coerce int -> str so round-trips compare equal. Marked TODO(4.2.1).
- interface_name: ND accepts canonical case on POST (Ethernet1/3.2)
  but returns lowercase on GET (ethernet1/3.2, port-channel10.5).
  The field validator now accepts any case and normalizes to the
  canonical form so user input, POST payloads, and GET responses all
  compare equal. Marked TODO(4.2.1).

One handler-layer workaround in the orchestrator:

- ND returns HTTP 207 Multi-Status with per-item status: "failed" when
  the parent interface is not in routed mode (or other policy
  validation fails). Our RestSend response_handler classifies 207 as
  success, so without this check the orchestrator would silently
  report changed=True with nothing actually created. create() and
  create_bulk() now inspect the body and raise with the ND failure
  message. To be removed once #295 lands at the RestSend layer.

The module's `notes:` documents the parent-must-be-routed
prerequisite, including why typical L2 vPC port-channels and
peer-links reject subinterface creation in practice.

Test notes: integration target covers merged/replaced/overridden/
deleted lifecycles plus check-mode and idempotency assertions, on
both Ethernet and Port-channel parents. Live-verified against ND
4.2.1 lab SITE1 with a routed Port-channel parent and a routed
Ethernet parent.

Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com>
@allenrobel
Bump version_added to 2.0.0 for next ND collection release
94796ca
@allenrobel allenrobel force-pushed the nd_interface_subinterface_managed branch from ec2060a to 94796ca Compare May 29, 2026 22:48
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@akinross akinross Awaiting requested review from akinross akinross is a code owner

@anvitha-jain anvitha-jain Awaiting requested review from anvitha-jain anvitha-jain is a code owner

@gmicol gmicol Awaiting requested review from gmicol gmicol is a code owner

@lhercot lhercot Awaiting requested review from lhercot lhercot is a code owner

@mtarking mtarking Awaiting requested review from mtarking mtarking is a code owner

@mikewiebe mikewiebe Awaiting requested review from mikewiebe mikewiebe is a code owner

@sajagana sajagana Awaiting requested review from sajagana sajagana is a code owner

@samiib samiib Awaiting requested review from samiib samiib is a code owner

@shrsr shrsr Awaiting requested review from shrsr shrsr is a code owner

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@allenrobel