Aerleon

What's Changed

Aerleon is built and released using a SLSA Level 3 build process. Releases can be verified using the steps described in https://aerleon.readthedocs.io/en/latest/install/#verifying-installation.

New Features
* Network definitions can now contain FQDN data by adding a `fqdn` entry similar to `address`. by ankenyr in https://github.com/aerleon/aerleon/pull/291
* aclgen can now be invoked using "python -m aerleon" by jtwb in https://github.com/aerleon/aerleon/pull/287

Related Tools
* [po2yaml](https://github.com/aerleon/pol2yaml), a converter from DSL to YAML, is available in its own repo.
* IDEs that integrate with [JSON Schema Store](https://www.schemastore.org/json/) will now automatically apply validation, tooltips, and autocomplete when editing Aerleon YAML files. This applies to YAML policy files, policy file fragments (include files), network and service definition files, and the aerleon.yml config file.

Other Changes
* aclcheck now accepts command line flags with underscore names (e.g. --definitions_directory), matching the format used by the aclgen, cgrep, and pol2yaml programs.
* cgrep now accepts the --definitions_directory flag (previously -d or -def), matching the format used by the aclgen, aclcheck, and pol2yaml programs.
* The Aerleon documentation website was updated to use the material theme. by itdependsnetworks in https://github.com/aerleon/aerleon/pull/238
* The docs navigation structure has been updated and various docs pages have been expanded.
* [Security] Dependency pymdown-extensions was updated from 9.9.1 to 10.0 by dependabot in https://github.com/aerleon/aerleon/pull/289
* [Security] Dependency requests was updated from 2.28.2 to 2.31.0 by dependabot in https://github.com/aerleon/aerleon/pull/294

Internal Tooling
* DevContainer configuration is now included in the repo. Users of VS Code and GitHub Codespaces can follow prompts to bring up a container with Python and Poetry installed. by jtwb in https://github.com/aerleon/aerleon/pull/290


**Full Changelog**: https://github.com/aerleon/aerleon/compare/1.2.3...1.3.0

What's Changed
This is a patch release of Aerleon.

Bug Fixes
* Fixes destination hosts being outputted incorrectly. See https://github.com/aerleon/aerleon/pull/283 by ankenyr.

Documentation
* Add required import statements to make the example code functional. See https://github.com/aerleon/aerleon/pull/285 by OliElli.

Internal Tooling
* [Typing] Typing functions missed by monkeytype. See in https://github.com/aerleon/aerleon/pull/274 by ankenyr.
* [Tests] Add a Better ciscoasa dsmo test. See 284 by ankenyr.

New Contributors
* OliElli made their first contribution in https://github.com/aerleon/aerleon/pull/285

**Full Changelog**: https://github.com/aerleon/aerleon/compare/1.2.2...1.2.3

What's Changed
This is a patch release of Aerleon.


Bug Fixes
* IP address sorting in Cisco ACLs is restored to pre-1.2.0 behavior. See 276.


Internal Tooling
* Adds additional Python types to Windows IPSec and Windows Advanced Firewall generators. These types are not checked at runtime.

**Full Changelog**: https://github.com/aerleon/aerleon/compare/1.2.1...1.2.2

What's Changed
This is a patch release of Aerleon.

There are no user-facing changes in this patch release.

Internal Tooling
* Python types have been added to some parts of the codebase. These types are not checked at runtime.

**Full Changelog**: https://github.com/aerleon/aerleon/compare/1.2.0...1.2.1

What's Changed
This is a scheduled biweekly release of Aerleon, a fork of Capirca.

Aerleon is built and released using a SLSA Level 3 build process. Releases can be verified using the steps described in https://aerleon.readthedocs.io/en/latest/install/#verifying-installation.

New Features
* Aerleon's aclgen and aclcheck scripts now check for a config file named `aerleon.yml`. An example file with default values is included. `--config_file` is still supported by aclgen and is now supported by aclcheck.
* Users editing Aerleon's YAML files can now use the included YAML schemas to see inline validation, field autocompletion, and help message tooltips in their code editor. VSCode users can enable these schemas by installing the RedHat YAML extension and using the settings suggested here: https://github.com/aerleon/aerleon/commit/74f8ee7541c475e74e006facd0ef46476fdc6d8c
* An AclCheck API is now available which accepts policies, network definitions, and service definitions as native Python data.
* Cisco: the "fragments" option will now be added to all ACLs with "fragments" or "is-fragment" in the policy header.

Other Changes and Bug Fixes
* In "aclcheck", rules that would match when the source or destination IP is a subnet of an address in the rule now match correctly. Special thanks to calblox.
* The `-o` flag in cgrep now functions correctly. Special thanks to fischa.
* The version of "aclcheck" included in Aerleon 1.1.0 was not the latest open source version of the tool. Aerleon 1.2.0 updates to the latest version (fixing several bugs).
* A bug was fixed in the code example shown on the API docs page.
* A note was added to the Generators docs page explaining how to generate global policies in SRX. Special thanks to fischa.
* The command line help/usage text for "aclcheck" was updated.
* [Security] Dependency PyPI package "cryptography" was updated to 39.0.1.
* Broken links in the docs were fixed. Thanks to btriller.
* Users can now construct Policy data model objects directly from native Python data dictionaries.


Internal Tooling
* The version of 'black' used in pull request validation was updated to the same version used in `pyproject.toml`.
* A major cleanup of Cisco's object-group handling was completed in this release.

**Full Changelog**: https://github.com/aerleon/aerleon/compare/1.1.0...1.2.0

What's Changed
This is the first scheduled biweekly release of Aerleon, a fork of Capirca.

Aerleon is built and released using a SLSA Level 3 build process. Releases can be verified using the steps described in https://aerleon.readthedocs.io/en/latest/install/#verifying-installation.

New Features
* [Juniper MPC: Target “msmpc” now supports option ‘no-apply-groups’ to generate policies without ‘apply-groups’ syntax.](https://github.com/aerleon/aerleon/commit/53b9672381895ea3ef3d91377c95a495e3668ec7) Special thanks to btriller.
* Arista: Target “arista” now supports the term keywords “platform” and “platform-exclude”. Special thanks to btriller.
* Developer command line tool “cgrep” is now included in the Aerleon PyPI package. “cgrep” can operate on YAML network and service definition files and legacy network and service definition files.
* Developer command line tool “aclcheck” is now included in the Aerleon PyPI package. “aclcheck” now supports YAML policy files and legacy DSL policy files.

Other Changes and Bug Fixes
* Support for includes in YAML policy files is now fixed.
* [Security] Policy file includes can no longer load files outside of the base_directory. Policy file includes must have the correct file extension. This applies to both YAML policy files and legacy DSL policy files.
* Documentation for generator-specific options has been collected on a single page and edited for correctness.
* Collapsible code blocks on the documentation site have a new appearance. Special thanks to Ray76.
* Numerous typos and broken links have been fixed in the docs and README file. Thank you to fischa, kirschfeld, vivekvashist, and btriller.

Internal Tooling
* Code for skipping generators not targeted by the current filter is cleaned up. Special thanks to btriller.
* Unit tests are now skipped on PRs with doc-only changes.
* All Python code imports have been sorted with isort. isort is now included in the “format” nox command. Special thanks to nemith.
* PRs are now checked for formatting and import sort order. Special thanks to nemith.
* The appearance of the AllContributors panel in the README as it appears on the PyPI page for the Aerleon package is cleaned up.
* Codecov will no longer block PRs if there is an error connecting to the Codecov service.
* “.actual” files generated on reference test failure are gitignored. Special thanks to btriller.

**Full Changelog**: https://github.com/aerleon/aerleon/compare/1.0.1...1.1.0