Feat(eos_cli_config_gen): Add support to render empty ACLs (with no ACEs)

[alexeygorbunov]

Enhancement summary

ip_access_lists[].entries (python-avd/pyavd/_eos_cli_config_gen/j2templates/eos/ip-access-lists.j2) is treated in J2 as a mandatory field (although not set as required in schema). Therefore it's not allowed right now to build an ACL with no ACEs.

{%     for acl in ip_access_lists | arista.avd.natural_sort('name') %}  
{%         if not (acl.name is arista.avd.defined) or  
              not (acl.entries is arista.avd.defined) %}  
{#             break cycle if mandatory keys are not defined #}  
{%             continue %} 

This is not aligned with EoS behavior. ACL with no entries in EOS is a valid ACL (EoS treats it as deny ip any any. We should allow rendering of such ACLs.

avd-ci-leaf2(config-s-s3d)#ip access-list ACL_WITHOUT_ENTRIES  
avd-ci-leaf2(config-s-s3d-acl-ACL_WITHOUT_ENTRIES)#exit  
avd-ci-leaf2(config-s-s3d)#show session-config diffs 
--- system:/running-config  
+++ session:/s3d-session-config  
+ip access-list ACL_WITHOUT_ENTRIES  
avd-ci-leaf2(config-s-s3d)#commit timer 00:05:00  
avd-ci-leaf2#sh ip access-lists ACL_WITHOUT_ENTRIES  
IP Access List ACL_WITHOUT_ENTRIES  
        (implicit) deny ip any any  

avd-ci-leaf2#sh run sec ACL_WITHOUT_ENTRIES  
ip access-list ACL_WITHOUT_ENTRIES  
avd-ci-leaf2#  

Which component of AVD is impacted

eos_cli_config_gen

Use case example

ACL with no ACEs is a valid ACL which can be used as any other ACL (with ACEs)

Describe the solution you would like

or not (acl.entries is arista.avd.defined) should be removed from the expression validated to render initial ip access-list {{ acl.name }} config line

Describe alternatives you have considered

N/A

Additional context

No response

Contributing Guide

• I agree to follow this project's Code of Conduct