arista/anta
1
0
Fork 0
Code Issues Activity

Merging upstream version 1.3.0.

Browse source 
Signed-off-by: Daniel Baumann <daniel@debian.org>
This commit is contained in:
Daniel Baumann 2025-03-17 07:33:51 +01:00
parent 5b922100c9
commit 8a6a3342fc
Signed by: daniel
GPG key ID: FBB4F0E80A80222F
337 changed files with 16571 additions and 4891 deletions
Download patch file Download diff file Expand all files Collapse all files

203
tests/units/anta_tests/test_security.py
View file

@ -1,4 +1,4 @@
# Copyright (c) 2023-2024 Arista Networks, Inc.
# Copyright (c) 2023-2025 Arista Networks, Inc.
# Use of this source code is governed by the Apache License 2.0
# that can be found in the LICENSE file.
"""Tests for anta.tests.security.py."""
@ -42,7 +42,7 @@ DATA: list[dict[str, Any]] = [
"test": VerifySSHStatus,
"eos_data": ["SSH per host connection limit is 20\nFIPS status: disabled\n\n"],
"inputs": None,
"expected": {"result": "failure", "messages": ["Could not find SSH status in returned output."]},
"expected": {"result": "failure", "messages": ["Could not find SSH status in returned output"]},
},
{
"name": "failure-ssh-enabled",
@ -83,14 +83,14 @@ DATA: list[dict[str, Any]] = [
"test": VerifySSHIPv4Acl,
"eos_data": [{"ipAclList": {"aclList": []}}],
"inputs": {"number": 1, "vrf": "MGMT"},
"expected": {"result": "failure", "messages": ["Expected 1 SSH IPv4 ACL(s) in vrf MGMT but got 0"]},
"expected": {"result": "failure", "messages": ["VRF: MGMT - SSH IPv4 ACL(s) count mismatch - Expected: 1 Actual: 0"]},
},
{
"name": "failure-wrong-vrf",
"test": VerifySSHIPv4Acl,
"eos_data": [{"ipAclList": {"aclList": [{"type": "Ip4Acl", "name": "ACL_IPV4_SSH", "configuredVrfs": ["default"], "activeVrfs": ["default"]}]}}],
"inputs": {"number": 1, "vrf": "MGMT"},
"expected": {"result": "failure", "messages": ["SSH IPv4 ACL(s) not configured or active in vrf MGMT: ['ACL_IPV4_SSH']"]},
"expected": {"result": "failure", "messages": ["VRF: MGMT - Following SSH IPv4 ACL(s) not configured or active: ACL_IPV4_SSH"]},
},
{
"name": "success",
@ -104,14 +104,14 @@ DATA: list[dict[str, Any]] = [
"test": VerifySSHIPv6Acl,
"eos_data": [{"ipv6AclList": {"aclList": []}}],
"inputs": {"number": 1, "vrf": "MGMT"},
"expected": {"result": "failure", "messages": ["Expected 1 SSH IPv6 ACL(s) in vrf MGMT but got 0"]},
"expected": {"result": "failure", "messages": ["VRF: MGMT - SSH IPv6 ACL(s) count mismatch - Expected: 1 Actual: 0"]},
},
{
"name": "failure-wrong-vrf",
"test": VerifySSHIPv6Acl,
"eos_data": [{"ipv6AclList": {"aclList": [{"type": "Ip6Acl", "name": "ACL_IPV6_SSH", "configuredVrfs": ["default"], "activeVrfs": ["default"]}]}}],
"inputs": {"number": 1, "vrf": "MGMT"},
"expected": {"result": "failure", "messages": ["SSH IPv6 ACL(s) not configured or active in vrf MGMT: ['ACL_IPV6_SSH']"]},
"expected": {"result": "failure", "messages": ["VRF: MGMT - Following SSH IPv6 ACL(s) not configured or active: ACL_IPV6_SSH"]},
},
{
"name": "success",
@ -192,7 +192,7 @@ DATA: list[dict[str, Any]] = [
},
],
"inputs": {"profile": "API_SSL_Profile"},
"expected": {"result": "failure", "messages": ["eAPI HTTPS server SSL profile (API_SSL_Profile) is not configured"]},
"expected": {"result": "failure", "messages": ["eAPI HTTPS server SSL profile API_SSL_Profile is not configured"]},
},
{
"name": "failure-misconfigured-invalid",
@ -209,7 +209,7 @@ DATA: list[dict[str, Any]] = [
},
],
"inputs": {"profile": "API_SSL_Profile"},
"expected": {"result": "failure", "messages": ["eAPI HTTPS server SSL profile (API_SSL_Profile) is misconfigured or invalid"]},
"expected": {"result": "failure", "messages": ["eAPI HTTPS server SSL profile API_SSL_Profile is misconfigured or invalid"]},
},
{
"name": "success",
@ -223,14 +223,14 @@ DATA: list[dict[str, Any]] = [
"test": VerifyAPIIPv4Acl,
"eos_data": [{"ipAclList": {"aclList": []}}],
"inputs": {"number": 1, "vrf": "MGMT"},
"expected": {"result": "failure", "messages": ["Expected 1 eAPI IPv4 ACL(s) in vrf MGMT but got 0"]},
"expected": {"result": "failure", "messages": ["VRF: MGMT - eAPI IPv4 ACL(s) count mismatch - Expected: 1 Actual: 0"]},
},
{
"name": "failure-wrong-vrf",
"test": VerifyAPIIPv4Acl,
"eos_data": [{"ipAclList": {"aclList": [{"type": "Ip4Acl", "name": "ACL_IPV4_API", "configuredVrfs": ["default"], "activeVrfs": ["default"]}]}}],
"inputs": {"number": 1, "vrf": "MGMT"},
"expected": {"result": "failure", "messages": ["eAPI IPv4 ACL(s) not configured or active in vrf MGMT: ['ACL_IPV4_API']"]},
"expected": {"result": "failure", "messages": ["VRF: MGMT - Following eAPI IPv4 ACL(s) not configured or active: ACL_IPV4_API"]},
},
{
"name": "success",
@ -244,14 +244,14 @@ DATA: list[dict[str, Any]] = [
"test": VerifyAPIIPv6Acl,
"eos_data": [{"ipv6AclList": {"aclList": []}}],
"inputs": {"number": 1, "vrf": "MGMT"},
"expected": {"result": "failure", "messages": ["Expected 1 eAPI IPv6 ACL(s) in vrf MGMT but got 0"]},
"expected": {"result": "failure", "messages": ["VRF: MGMT - eAPI IPv6 ACL(s) count mismatch - Expected: 1 Actual: 0"]},
},
{
"name": "failure-wrong-vrf",
"test": VerifyAPIIPv6Acl,
"eos_data": [{"ipv6AclList": {"aclList": [{"type": "Ip6Acl", "name": "ACL_IPV6_API", "configuredVrfs": ["default"], "activeVrfs": ["default"]}]}}],
"inputs": {"number": 1, "vrf": "MGMT"},
"expected": {"result": "failure", "messages": ["eAPI IPv6 ACL(s) not configured or active in vrf MGMT: ['ACL_IPV6_API']"]},
"expected": {"result": "failure", "messages": ["VRF: MGMT - Following eAPI IPv6 ACL(s) not configured or active: ACL_IPV6_API"]},
},
{
"name": "success",
@ -341,7 +341,7 @@ DATA: list[dict[str, Any]] = [
},
"expected": {
"result": "failure",
"messages": ["SSL certificate 'ARISTA_ROOT_CA.crt', is not configured.\n"],
"messages": ["Certificate: ARISTA_ROOT_CA.crt - Not found"],
},
},
{
@ -366,13 +366,6 @@ DATA: list[dict[str, Any]] = [
],
"inputs": {
"certificates": [
{
"certificate_name": "ARISTA_SIGNING_CA.crt",
"expiry_threshold": 30,
"common_name": "AristaIT-ICA ECDSA Issuing Cert Authority",
"encryption_algorithm": "ECDSA",
"key_size": 256,
},
{
"certificate_name": "ARISTA_ROOT_CA.crt",
"expiry_threshold": 30,
@ -384,7 +377,7 @@ DATA: list[dict[str, Any]] = [
},
"expected": {
"result": "failure",
"messages": ["SSL certificate 'ARISTA_SIGNING_CA.crt', is not configured.\n", "SSL certificate `ARISTA_ROOT_CA.crt` is expired.\n"],
"messages": ["Certificate: ARISTA_ROOT_CA.crt - certificate expired"],
},
},
{
@ -403,7 +396,7 @@ DATA: list[dict[str, Any]] = [
},
"ARISTA_SIGNING_CA.crt": {
"subject": {"commonName": "AristaIT-ICA ECDSA Issuing Cert Authority"},
"notAfter": 1702533518,
"notAfter": 1705992709,
"publicKey": {
"encryptionAlgorithm": "ECDSA",
"size": 256,
@ -435,7 +428,9 @@ DATA: list[dict[str, Any]] = [
},
"expected": {
"result": "failure",
"messages": ["SSL certificate `ARISTA_SIGNING_CA.crt` is expired.\n", "SSL certificate `ARISTA_ROOT_CA.crt` is about to expire in 25 days."],
"messages": [
"Certificate: ARISTA_ROOT_CA.crt - set to expire within the threshold - Threshold: 30 days Actual: 25 days",
],
},
},
{
@ -487,12 +482,10 @@ DATA: list[dict[str, Any]] = [
"expected": {
"result": "failure",
"messages": [
"SSL certificate `ARISTA_SIGNING_CA.crt` is not configured properly:\n"
"Expected `AristaIT-ICA ECDSA Issuing Cert Authority` as the subject.commonName, but found "
"`Arista ECDSA Issuing Cert Authority` instead.\n",
"SSL certificate `ARISTA_ROOT_CA.crt` is not configured properly:\n"
"Expected `Arista Networks Internal IT Root Cert Authority` as the subject.commonName, "
"but found `AristaIT-ICA Networks Internal IT Root Cert Authority` instead.\n",
"Certificate: ARISTA_SIGNING_CA.crt - incorrect common name - Expected: AristaIT-ICA ECDSA Issuing Cert Authority "
"Actual: Arista ECDSA Issuing Cert Authority",
"Certificate: ARISTA_ROOT_CA.crt - incorrect common name - Expected: Arista Networks Internal IT Root Cert Authority "
"Actual: AristaIT-ICA Networks Internal IT Root Cert Authority",
],
},
},
@ -545,17 +538,15 @@ DATA: list[dict[str, Any]] = [
"expected": {
"result": "failure",
"messages": [
"SSL certificate `ARISTA_SIGNING_CA.crt` is not configured properly:\n"
"Expected `ECDSA` as the publicKey.encryptionAlgorithm, but found `RSA` instead.\n"
"Expected `256` as the publicKey.size, but found `4096` instead.\n",
"SSL certificate `ARISTA_ROOT_CA.crt` is not configured properly:\n"
"Expected `RSA` as the publicKey.encryptionAlgorithm, but found `ECDSA` instead.\n"
"Expected `4096` as the publicKey.size, but found `256` instead.\n",
"Certificate: ARISTA_SIGNING_CA.crt - incorrect encryption algorithm - Expected: ECDSA Actual: RSA",
"Certificate: ARISTA_SIGNING_CA.crt - incorrect public key - Expected: 256 Actual: 4096",
"Certificate: ARISTA_ROOT_CA.crt - incorrect encryption algorithm - Expected: RSA Actual: ECDSA",
"Certificate: ARISTA_ROOT_CA.crt - incorrect public key - Expected: 4096 Actual: 256",
],
},
},
{
"name": "failure-missing-actual-output",
"name": "failure-missing-algorithm-details",
"test": VerifyAPISSLCertificate,
"eos_data": [
{
@ -595,12 +586,10 @@ DATA: list[dict[str, Any]] = [
"expected": {
"result": "failure",
"messages": [
"SSL certificate `ARISTA_SIGNING_CA.crt` is not configured properly:\n"
"Expected `ECDSA` as the publicKey.encryptionAlgorithm, but it was not found in the actual output.\n"
"Expected `256` as the publicKey.size, but it was not found in the actual output.\n",
"SSL certificate `ARISTA_ROOT_CA.crt` is not configured properly:\n"
"Expected `RSA` as the publicKey.encryptionAlgorithm, but it was not found in the actual output.\n"
"Expected `4096` as the publicKey.size, but it was not found in the actual output.\n",
"Certificate: ARISTA_SIGNING_CA.crt - incorrect encryption algorithm - Expected: ECDSA Actual: Not found",
"Certificate: ARISTA_SIGNING_CA.crt - incorrect public key - Expected: 256 Actual: Not found",
"Certificate: ARISTA_ROOT_CA.crt - incorrect encryption algorithm - Expected: RSA Actual: Not found",
"Certificate: ARISTA_ROOT_CA.crt - incorrect public key - Expected: 4096 Actual: Not found",
],
},
},
@ -651,12 +640,26 @@ DATA: list[dict[str, Any]] = [
"expected": {
"result": "failure",
"messages": [
"Expected `Copyright (c) 2023-2024 Arista Networks, Inc.\nUse of this source code is governed by the Apache License 2.0\n"
"that can be found in the LICENSE file.` as the login banner, but found `Copyright (c) 2023 Arista Networks, Inc.\nUse of this source code is "
"governed by the Apache License 2.0\nthat can be found in the LICENSE file.` instead."
"Incorrect login banner configured - Expected: Copyright (c) 2023-2024 Arista Networks, Inc.\n"
"Use of this source code is governed by the Apache License 2.0\nthat can be found in the LICENSE file. "
"Actual: Copyright (c) 2023 Arista Networks, Inc.\n"
"Use of this source code is governed by the Apache License 2.0\nthat can be found in the LICENSE file."
],
},
},
{
"name": "failure-login-banner-not-configured",
"test": VerifyBannerLogin,
"eos_data": [{"loginBanner": ""}],
"inputs": {
"login_banner": "Copyright (c) 2023-2024 Arista Networks, Inc.\nUse of this source code is governed by the Apache License 2.0\n"
"that can be found in the LICENSE file."
},
"expected": {
"result": "failure",
"messages": ["Login banner is not configured"],
},
},
{
"name": "success",
"test": VerifyBannerMotd,
@ -704,12 +707,26 @@ DATA: list[dict[str, Any]] = [
"expected": {
"result": "failure",
"messages": [
"Expected `Copyright (c) 2023-2024 Arista Networks, Inc.\nUse of this source code is governed by the Apache License 2.0\n"
"that can be found in the LICENSE file.` as the motd banner, but found `Copyright (c) 2023 Arista Networks, Inc.\nUse of this source code is "
"governed by the Apache License 2.0\nthat can be found in the LICENSE file.` instead."
"Incorrect MOTD banner configured - Expected: Copyright (c) 2023-2024 Arista Networks, Inc.\n"
"Use of this source code is governed by the Apache License 2.0\nthat can be found in the LICENSE file. "
"Actual: Copyright (c) 2023 Arista Networks, Inc.\nUse of this source code is governed by the Apache License 2.0\n"
"that can be found in the LICENSE file."
],
},
},
{
"name": "failure-login-banner-not-configured",
"test": VerifyBannerMotd,
"eos_data": [{"motd": ""}],
"inputs": {
"motd_banner": "Copyright (c) 2023-2024 Arista Networks, Inc.\nUse of this source code is governed by the Apache License 2.0\n"
"that can be found in the LICENSE file."
},
"expected": {
"result": "failure",
"messages": ["MOTD banner is not configured"],
},
},
{
"name": "success",
"test": VerifyIPv4ACL,
@ -717,22 +734,20 @@ DATA: list[dict[str, Any]] = [
{
"aclList": [
{
"name": "default-control-plane-acl",
"sequence": [
{"text": "permit icmp any any", "sequenceNumber": 10},
{"text": "permit ip any any tracked", "sequenceNumber": 20},
{"text": "permit udp any any eq bfd ttl eq 255", "sequenceNumber": 30},
],
}
]
},
{
"aclList": [
},
{
"name": "LabTest",
"sequence": [
{"text": "permit icmp any any", "sequenceNumber": 10},
{"text": "permit tcp any any range 5900 5910", "sequenceNumber": 20},
],
}
},
]
},
],
@ -754,6 +769,24 @@ DATA: list[dict[str, Any]] = [
},
"expected": {"result": "success"},
},
{
"name": "failure-no-acl-list",
"test": VerifyIPv4ACL,
"eos_data": [
{"aclList": []},
],
"inputs": {
"ipv4_access_lists": [
{
"name": "default-control-plane-acl",
"entries": [
{"sequence": 10, "action": "permit icmp any any"},
],
},
]
},
"expected": {"result": "failure", "messages": ["No Access Control List (ACL) configured"]},
},
{
"name": "failure-acl-not-found",
"test": VerifyIPv4ACL,
@ -761,6 +794,7 @@ DATA: list[dict[str, Any]] = [
{
"aclList": [
{
"name": "default-control-plane-acl",
"sequence": [
{"text": "permit icmp any any", "sequenceNumber": 10},
{"text": "permit ip any any tracked", "sequenceNumber": 20},
@ -769,7 +803,6 @@ DATA: list[dict[str, Any]] = [
}
]
},
{"aclList": []},
],
"inputs": {
"ipv4_access_lists": [
@ -787,7 +820,7 @@ DATA: list[dict[str, Any]] = [
},
]
},
"expected": {"result": "failure", "messages": ["LabTest: Not found"]},
"expected": {"result": "failure", "messages": ["ACL name: LabTest - Not configured"]},
},
{
"name": "failure-sequence-not-found",
@ -796,22 +829,20 @@ DATA: list[dict[str, Any]] = [
{
"aclList": [
{
"name": "default-control-plane-acl",
"sequence": [
{"text": "permit icmp any any", "sequenceNumber": 10},
{"text": "permit ip any any tracked", "sequenceNumber": 20},
{"text": "permit udp any any eq bfd ttl eq 255", "sequenceNumber": 40},
],
}
]
},
{
"aclList": [
},
{
"name": "LabTest",
"sequence": [
{"text": "permit icmp any any", "sequenceNumber": 10},
{"text": "permit tcp any any range 5900 5910", "sequenceNumber": 30},
],
}
},
]
},
],
@ -833,7 +864,7 @@ DATA: list[dict[str, Any]] = [
},
"expected": {
"result": "failure",
"messages": ["default-control-plane-acl:\nSequence number `30` is not found.\n", "LabTest:\nSequence number `20` is not found.\n"],
"messages": ["ACL name: default-control-plane-acl Sequence: 30 - Not configured", "ACL name: LabTest Sequence: 20 - Not configured"],
},
},
{
@ -843,22 +874,20 @@ DATA: list[dict[str, Any]] = [
{
"aclList": [
{
"name": "default-control-plane-acl",
"sequence": [
{"text": "permit icmp any any", "sequenceNumber": 10},
{"text": "permit ip any any tracked", "sequenceNumber": 20},
{"text": "permit tcp any any range 5900 5910", "sequenceNumber": 30},
],
}
]
},
{
"aclList": [
},
{
"name": "LabTest",
"sequence": [
{"text": "permit icmp any any", "sequenceNumber": 10},
{"text": "permit udp any any eq bfd ttl eq 255", "sequenceNumber": 20},
],
}
},
]
},
],
@ -881,9 +910,9 @@ DATA: list[dict[str, Any]] = [
"expected": {
"result": "failure",
"messages": [
"default-control-plane-acl:\n"
"Expected `permit udp any any eq bfd ttl eq 255` as sequence number 30 action but found `permit tcp any any range 5900 5910` instead.\n",
"LabTest:\nExpected `permit tcp any any range 5900 5910` as sequence number 20 action but found `permit udp any any eq bfd ttl eq 255` instead.\n",
"ACL name: default-control-plane-acl Sequence: 30 - action mismatch - Expected: permit udp any any eq bfd ttl eq 255 "
"Actual: permit tcp any any range 5900 5910",
"ACL name: LabTest Sequence: 20 - action mismatch - Expected: permit tcp any any range 5900 5910 Actual: permit udp any any eq bfd ttl eq 255",
],
},
},
@ -894,6 +923,7 @@ DATA: list[dict[str, Any]] = [
{
"aclList": [
{
"name": "default-control-plane-acl",
"sequence": [
{"text": "permit icmp any any", "sequenceNumber": 10},
{"text": "permit ip any any tracked", "sequenceNumber": 40},
@ -902,7 +932,6 @@ DATA: list[dict[str, Any]] = [
}
]
},
{"aclList": []},
],
"inputs": {
"ipv4_access_lists": [
@ -923,9 +952,10 @@ DATA: list[dict[str, Any]] = [
"expected": {
"result": "failure",
"messages": [
"default-control-plane-acl:\nSequence number `20` is not found.\n"
"Expected `permit udp any any eq bfd ttl eq 255` as sequence number 30 action but found `permit tcp any any range 5900 5910` instead.\n",
"LabTest: Not found",
"ACL name: default-control-plane-acl Sequence: 20 - Not configured",
"ACL name: default-control-plane-acl Sequence: 30 - action mismatch - Expected: permit udp any any eq bfd ttl eq 255 "
"Actual: permit tcp any any range 5900 5910",
"ACL name: LabTest - Not configured",
],
},
},
@ -952,7 +982,7 @@ DATA: list[dict[str, Any]] = [
"test": VerifyIPSecConnHealth,
"eos_data": [{"connections": {}}],
"inputs": {},
"expected": {"result": "failure", "messages": ["No IPv4 security connection configured."]},
"expected": {"result": "failure", "messages": ["No IPv4 security connection configured"]},
},
{
"name": "failure-not-established",
@ -974,9 +1004,8 @@ DATA: list[dict[str, Any]] = [
"expected": {
"result": "failure",
"messages": [
"The following IPv4 security connections are not established:\n"
"source:172.18.3.2 destination:172.18.2.2 vrf:default\n"
"source:100.64.3.2 destination:100.64.5.2 vrf:Guest."
"Source: 172.18.3.2 Destination: 172.18.2.2 VRF: default - IPv4 security connection not established",
"Source: 100.64.3.2 Destination: 100.64.5.2 VRF: Guest - IPv4 security connection not established",
],
},
},
@ -1127,10 +1156,10 @@ DATA: list[dict[str, Any]] = [
"expected": {
"result": "failure",
"messages": [
"Peer: 10.255.0.1 VRF: default Source: 172.18.3.2 Destination: 172.18.2.2 - Connection down - Expected: Established, Actual: Idle",
"Peer: 10.255.0.1 VRF: default Source: 100.64.2.2 Destination: 100.64.1.2 - Connection down - Expected: Established, Actual: Idle",
"Peer: 10.255.0.2 VRF: MGMT Source: 100.64.2.2 Destination: 100.64.1.2 - Connection down - Expected: Established, Actual: Idle",
"Peer: 10.255.0.2 VRF: MGMT Source: 172.18.2.2 Destination: 172.18.1.2 - Connection down - Expected: Established, Actual: Idle",
"Peer: 10.255.0.1 VRF: default Source: 172.18.3.2 Destination: 172.18.2.2 - Connection down - Expected: Established Actual: Idle",
"Peer: 10.255.0.1 VRF: default Source: 100.64.2.2 Destination: 100.64.1.2 - Connection down - Expected: Established Actual: Idle",
"Peer: 10.255.0.2 VRF: MGMT Source: 100.64.2.2 Destination: 100.64.1.2 - Connection down - Expected: Established Actual: Idle",
"Peer: 10.255.0.2 VRF: MGMT Source: 172.18.2.2 Destination: 172.18.1.2 - Connection down - Expected: Established Actual: Idle",
],
},
},
@ -1190,8 +1219,8 @@ DATA: list[dict[str, Any]] = [
"expected": {
"result": "failure",
"messages": [
"Peer: 10.255.0.1 VRF: default Source: 172.18.3.2 Destination: 172.18.2.2 - Connection down - Expected: Established, Actual: Idle",
"Peer: 10.255.0.1 VRF: default Source: 100.64.3.2 Destination: 100.64.2.2 - Connection down - Expected: Established, Actual: Idle",
"Peer: 10.255.0.1 VRF: default Source: 172.18.3.2 Destination: 172.18.2.2 - Connection down - Expected: Established Actual: Idle",
"Peer: 10.255.0.1 VRF: default Source: 100.64.3.2 Destination: 100.64.2.2 - Connection down - Expected: Established Actual: Idle",
"Peer: 10.255.0.2 VRF: default Source: 100.64.4.2 Destination: 100.64.1.2 - Connection not found.",
"Peer: 10.255.0.2 VRF: default Source: 172.18.4.2 Destination: 172.18.1.2 - Connection not found.",
],
@ -1209,7 +1238,7 @@ DATA: list[dict[str, Any]] = [
"test": VerifyHardwareEntropy,
"eos_data": [{"cpuModel": "2.20GHz", "cryptoModule": "Crypto Module v3.0", "hardwareEntropyEnabled": False, "blockedNetworkProtocols": []}],
"inputs": {},
"expected": {"result": "failure", "messages": ["Hardware entropy generation is disabled."]},
"expected": {"result": "failure", "messages": ["Hardware entropy generation is disabled"]},
},
]