When it comes to open-source network automation tools, NAPALM is one of the heavy hitters in the industry. For those of you who are new to NAPALM, it is:
... a vendor-neutral, cross-platform open-source project that provides a unified API to network devices.
Typically NAPALM is used for configuring devices, and reading device output. However, NAPALM also provides another lesser-known feature, which is extremely useful, called compliance reporting.
In short, compliance reporting provides a simplistic way (via YAML) to write a set of checks, such as the version must be X or the mgmt IP must be Y. This is then applied to your device, and you are given a JSON based report detailing if your device complies.
Quick example:
# define validator files
$ cat validate-eos.yml
---
- get_facts:
os_version: 4.17
# run compliance_report
>>> with eos_driver(**eos_config) as eos:
... pprint.pprint(eos.compliance_report("validate-eos.yml"))
...
{u'complies': False,
u'skipped': [],
'get_facts': {u'complies': False,
u'extra': [],
u'missing': [],
u'present': {'os_version': {u'actual_value': u'4.15.2.1F-2759627.41521F',
u'complies': False,
u'nested': False}}}
The great thing about this feature is that it isn't just limited to validating configuration. You can also validate the result of running a ping from the device, or validating CPU or memory usage! Niiice...