CiscoTestAutomation
iosxe - ShowCryptoSession SchemaMissingKeyError
(22.11) 12:39:49-apieters@as8368-netdevops-vm:~ $ genie parse "show crypto session" --testbed-file /home/apieters/pyats/SRC/INPUT/TOPOLOGY/UAT/cml_testbed.yaml --device virl.aal1-dmvpn
0%| | 0/1 [00:00<?, ?it/s]Issue with the parser show crypto session
Traceback (most recent call last):
File "src/genie/cli/commands/parser.py", line 339, in genie.cli.commands.parser.ParserCommand.parse
File "src/genie/conf/base/device.py", line 531, in genie.conf.base.device.Device.parse
File "src/genie/conf/base/device.py", line 570, in genie.conf.base.device.Device._get_parser_output
File "src/genie/conf/base/device.py", line 568, in genie.conf.base.device.Device._get_parser_output
File "src/genie/metaparser/_metaparser.py", line 342, in genie.metaparser._metaparser.MetaParser.parse
File "src/genie/metaparser/_metaparser.py", line 322, in genie.metaparser._metaparser.MetaParser.parse
File "src/genie/metaparser/util/schemaengine.py", line 419, in genie.metaparser.util.schemaengine.Schema.validate
genie.metaparser.util.exceptions.SchemaMissingKeyError: Missing keys: [['interface', 'Tunnel3111', 'peer']]
Current parsing mechanism is not taking into account that the show command output could have a repetition on the same interface name.
virl.aal1-dmvpn#show crypto session
Crypto session current status
**Interface: Tunnel3111**
Session status: DOWN
Peer: 192.168.1.1 port 500
IPSEC FLOW: permit ip 100.75.0.0/255.255.255.192 192.168.25.0/255.255.255.128
Active SAs: 0, origin: crypto map
IPSEC FLOW: permit ip host 100.74.10.1 192.168.25.0/255.255.255.128
Active SAs: 0, origin: crypto map
**Interface: Tunnel3111**
Profile: ISAKMP-inner-LOC_A
Session status: DOWN-NEGOTIATING
Peer: 192.168.1.1 port 500
Session ID: 0
IKEv1 SA: local 94.140.184.80/500 remote 192.168.1.1/500 Inactive
Session ID: 0
IKEv1 SA: local 94.140.184.80/500 remote 192.168.1.1/500 Inactive
reviewing the code inside show_crypto.py (parser in IOSXE)
#Interface: Tunnel0
m1= p1.match(line)
if m1:
groups=m1.groupdict()
crypto_session_dict[groups['interface_name']]={}
interface_dict=crypto_session_dict[groups['interface_name']]
crypto_session_dict is taking the 'interface name' as key. This means that upon the second iteration where line="Interface: Tunnel3111" the first instance is getting overwritten leading to an error eventually.
Hi
As you know, genieparser is community driven, I would like you to create a PR with the potential fix that helps to fix this. Let me know if you need any help in this process.
Hi
As you know, genieparser is community driven, I would like you to create a PR with the potential fix that helps to fix this. Let me know if you need any help in this process.
PR released: [https://github.com/CiscoTestAutomation/genieparser/pull/725]
Hi
Thanks for your contribution. We will follow up on getting the PR merged.
Hi @awk5303
There is a version mismatch which caused the pipeline to fail. Can you please update your code
Hi
Can you please update your pyats. It should fix the issue the jenkins issue
Hi @awk5303
There is a version mismatch which caused the pipeline to fail. Can you please update your code
in release v23.01 the class ShowCryptoSessionSchema(MetaParser) was changed and made peer / ike_sa / ipsec-flows optional. This fixed the parsing python expection as I experienced in v22.11 but the parsing under v23.01 is dropping content in the parsing.
under v23.01 I get this parsing result: {'interface': {'Tunnel3111': {'profile': 'ISAKMP-inner-LOC_A', 'session_status': 'DOWN-NEGOTIATING'}}}
with the code fix implemented for this fork:
{'interface': {'1': {'interface': 'Tunnel3111',
'peer': {'192.168.1.1': {'port': {'500': {'desc': 'none',
'fvrf': 'none',
'ipsec_flow': {'permit ip 100.75.0.0/255.255.255.192 192.168.25.0/255.255.255.0': {'active_sas': 0,
'inbound_life_kb': '0',
'inbound_life_secs': '0',
'inbound_pkts_decrypted': 0,
'inbound_pkts_drop': 0,
'origin': 'crypto '
'map',
'outbound_life_kb': '0',
'outbound_life_secs': '0',
'outbound_pkts_drop': 0,
'outbound_pkts_encrypted': 0},
'permit ip 100.75.0.0/255.255.255.192 192.168.25.0/255.255.255.128': {'active_sas': 0,
'inbound_life_kb': '0',
'inbound_life_secs': '0',
'inbound_pkts_decrypted': 0,
'inbound_pkts_drop': 0,
'origin': 'crypto '
'map',
'outbound_life_kb': '0',
'outbound_life_secs': '0',
'outbound_pkts_drop': 0,
'outbound_pkts_encrypted': 0},
'permit ip 100.75.0.0/255.255.255.192 192.168.26.0/255.255.255.0': {'active_sas': 0,
'inbound_life_kb': '0',
'inbound_life_secs': '0',
'inbound_pkts_decrypted': 0,
'inbound_pkts_drop': 0,
'origin': 'crypto '
'map',
'outbound_life_kb': '0',
'outbound_life_secs': '0',
'outbound_pkts_drop': 0,
'outbound_pkts_encrypted': 0},
'permit ip host 100.74.10.1 192.168.25.0/255.255.255.0': {'active_sas': 0,
'inbound_life_kb': '0',
'inbound_life_secs': '0',
'inbound_pkts_decrypted': 0,
'inbound_pkts_drop': 0,
'origin': 'crypto '
'map',
'outbound_life_kb': '0',
'outbound_life_secs': '0',
'outbound_pkts_drop': 0,
'outbound_pkts_encrypted': 0},
'permit ip host 100.74.10.1 192.168.25.0/255.255.255.128': {'active_sas': 0,
'inbound_life_kb': '0',
'inbound_life_secs': '0',
'inbound_pkts_decrypted': 0,
'inbound_pkts_drop': 0,
'origin': 'crypto '
'map',
'outbound_life_kb': '0',
'outbound_life_secs': '0',
'outbound_pkts_drop': 0,
'outbound_pkts_encrypted': 0},
'permit ip host 100.74.10.1 192.168.26.0/255.255.255.0': {'active_sas': 0,
'inbound_life_kb': '0',
'inbound_life_secs': '0',
'inbound_pkts_decrypted': 0,
'inbound_pkts_drop': 0,
'origin': 'crypto '
'map',
'outbound_life_kb': '0',
'outbound_life_secs': '0',
'outbound_pkts_drop': 0,
'outbound_pkts_encrypted': 0}},
'ivrf': 'inner',
'phase1_id': '(none)'}}}},
'session_status': 'DOWN'},
'2': {'interface': 'Tunnel3111',
'peer': {'192.168.1.1': {'port': {'500': {'desc': 'none',
'fvrf': 'none',
'ike_sa': {'1': {'capabilities': 'none',
'conn_id': '0',
'lifetime': '0',
'local': '