ansible-collections/community.general
1
0
Fork 0
mirror of https://github.com/ansible-collections/community.general.git synced 2025-07-25 22:30:22 -07:00
Code Issues Projects Releases Packages Wiki Activity Actions 6

fix ntp_auth issues (#38824)

Browse source
This commit is contained in:
saichint 2018-04-17 05:25:05 -07:00 committed by Trishna Guha
commit a372142434
2 changed files with 108 additions and 51 deletions
Download patch file Download diff file Expand all files Collapse all files

70
lib/ansible/modules/network/nxos/nxos_ntp_auth.py
View file

@ -34,19 +34,15 @@ author:
- Jason Edelman (@jedelman8) - Jason Edelman (@jedelman8)
notes: notes:
- Tested against NXOSv 7.3.(0)D1(1) on VIRL - Tested against NXOSv 7.3.(0)D1(1) on VIRL
- If C(state=absent), the module will attempt to remove the given key configuration. - If C(state=absent), the module will remove the given key configuration if it exists.
If a matching key configuration isn't found on the device, the module will fail.
- If C(state=absent) and C(authentication=on), authentication will be turned off. - If C(state=absent) and C(authentication=on), authentication will be turned off.
- If C(state=absent) and C(authentication=off), authentication will be turned on.
options: options:
key_id: key_id:
description: description:
- Authentication key identifier (numeric). - Authentication key identifier (numeric).
required: true
md5string: md5string:
description: description:
- MD5 String. - MD5 String.
required: true
auth_type: auth_type:
description: description:
- Whether the given md5string is in cleartext or - Whether the given md5string is in cleartext or
@ -156,17 +152,19 @@ def get_ntp_auth_key(key_id, module):
authentication_key = {} authentication_key = {}
command = 'show run | inc ntp.authentication-key.{0}'.format(key_id) command = 'show run | inc ntp.authentication-key.{0}'.format(key_id)
auth_regex = (r".*ntp\sauthentication-key\s(?P<key_id>\d+)\s" auth_regex = (r".*ntp\sauthentication-key\s(?P<key_id>\d+)\s"
r"md5\s(?P<md5string>\S+).*") r"md5\s(?P<md5string>\S+)\s(?P<atype>\S+).*")
body = execute_show_command(command, module)[0] body = execute_show_command(command, module)[0]
try: try:
match_authentication = re.match(auth_regex, body, re.DOTALL) match_authentication = re.match(auth_regex, body, re.DOTALL)
group_authentication = match_authentication.groupdict() group_authentication = match_authentication.groupdict()
key_id = group_authentication["key_id"] authentication_key['key_id'] = group_authentication['key_id']
md5string = group_authentication['md5string'] authentication_key['md5string'] = group_authentication['md5string']
authentication_key['key_id'] = key_id if group_authentication['atype'] == '7':
authentication_key['md5string'] = md5string authentication_key['auth_type'] = 'encrypt'
else:
authentication_key['auth_type'] = 'text'
except (AttributeError, TypeError): except (AttributeError, TypeError):
authentication_key = {} authentication_key = {}
@ -200,10 +198,11 @@ def auth_type_to_num(auth_type):
def set_ntp_auth_key(key_id, md5string, auth_type, trusted_key, authentication): def set_ntp_auth_key(key_id, md5string, auth_type, trusted_key, authentication):
ntp_auth_cmds = [] ntp_auth_cmds = []
auth_type_num = auth_type_to_num(auth_type) if key_id and md5string:
ntp_auth_cmds.append( auth_type_num = auth_type_to_num(auth_type)
'ntp authentication-key {0} md5 {1} {2}'.format( ntp_auth_cmds.append(
key_id, md5string, auth_type_num)) 'ntp authentication-key {0} md5 {1} {2}'.format(
key_id, md5string, auth_type_num))
if trusted_key == 'true': if trusted_key == 'true':
ntp_auth_cmds.append( ntp_auth_cmds.append(
@ -224,25 +223,22 @@ def set_ntp_auth_key(key_id, md5string, auth_type, trusted_key, authentication):
def remove_ntp_auth_key(key_id, md5string, auth_type, trusted_key, authentication): def remove_ntp_auth_key(key_id, md5string, auth_type, trusted_key, authentication):
auth_remove_cmds = [] auth_remove_cmds = []
auth_type_num = auth_type_to_num(auth_type) if key_id:
auth_remove_cmds.append( auth_type_num = auth_type_to_num(auth_type)
'no ntp authentication-key {0} md5 {1} {2}'.format( auth_remove_cmds.append(
key_id, md5string, auth_type_num)) 'no ntp authentication-key {0} md5 {1} {2}'.format(
key_id, md5string, auth_type_num))
if authentication == 'on': if authentication:
auth_remove_cmds.append( auth_remove_cmds.append(
'no ntp authenticate') 'no ntp authenticate')
elif authentication == 'off':
auth_remove_cmds.append(
'ntp authenticate')
return auth_remove_cmds return auth_remove_cmds
def main(): def main():
argument_spec = dict( argument_spec = dict(
key_id=dict(required=True, type='str'), key_id=dict(type='str'),
md5string=dict(required=True, type='str'), md5string=dict(type='str'),
auth_type=dict(choices=['text', 'encrypt'], default='text'), auth_type=dict(choices=['text', 'encrypt'], default='text'),
trusted_key=dict(choices=['true', 'false'], default='false'), trusted_key=dict(choices=['true', 'false'], default='false'),
authentication=dict(choices=['on', 'off']), authentication=dict(choices=['on', 'off']),
@ -264,6 +260,10 @@ def main():
authentication = module.params['authentication'] authentication = module.params['authentication']
state = module.params['state'] state = module.params['state']
if key_id:
if not trusted_key and not md5string:
module.fail_json(msg='trusted_key or md5string MUST be specified')
args = dict(key_id=key_id, md5string=md5string, args = dict(key_id=key_id, md5string=md5string,
auth_type=auth_type, trusted_key=trusted_key, auth_type=auth_type, trusted_key=trusted_key,
authentication=authentication) authentication=authentication)
@ -280,18 +280,20 @@ def main():
if state == 'present': if state == 'present':
if delta: if delta:
command = set_ntp_auth_key( command = set_ntp_auth_key(
key_id, md5string, auth_type, trusted_key, delta.get('authentication')) key_id, md5string, delta.get('auth_type'),
delta.get('trusted_key'), delta.get('authentication'))
if command: if command:
commands.append(command) commands.append(command)
elif state == 'absent': elif state == 'absent':
if existing: auth_toggle = None
auth_toggle = None if existing.get('authentication') == 'on':
if authentication == existing.get('authentication'): auth_toggle = True
auth_toggle = authentication if not existing.get('key_id'):
command = remove_ntp_auth_key( key_id = None
key_id, md5string, auth_type, trusted_key, auth_toggle) command = remove_ntp_auth_key(
if command: key_id, md5string, auth_type, trusted_key, auth_toggle)
commands.append(command) if command:
commands.append(command)
cmds = flatten_list(commands) cmds = flatten_list(commands)
if cmds: if cmds:

89
test/integration/targets/nxos_ntp_auth/tests/common/sanity.yaml
View file

@ -17,9 +17,7 @@
nxos_ntp_auth: &configure_text nxos_ntp_auth: &configure_text
key_id: 32 key_id: 32
md5string: hello md5string: hello
auth_type: text authentication: off
trusted_key: true
authentication: on
state: present state: present
provider: "{{ connection }}" provider: "{{ connection }}"
register: result register: result
@ -28,21 +26,11 @@
that: that:
- "result.changed == true" - "result.changed == true"
- name: "Check Idempotence - Configure text ntp authentication"
nxos_ntp_auth: *configure_text
register: result
- assert: &false
that:
- "result.changed == false"
- name: Remove text ntp authentication - name: Remove text ntp authentication
nxos_ntp_auth: &remove_text nxos_ntp_auth: &remove_text
key_id: 32 key_id: 32
md5string: hello md5string: hello
auth_type: text authentication: off
trusted_key: true
authentication: on
state: absent state: absent
provider: "{{ connection }}" provider: "{{ connection }}"
register: result register: result
@ -54,8 +42,6 @@
key_id: 32 key_id: 32
md5string: hello md5string: hello
auth_type: encrypt auth_type: encrypt
trusted_key: true
authentication: on
state: present state: present
provider: "{{ connection }}" provider: "{{ connection }}"
register: result register: result
@ -66,6 +52,70 @@
nxos_ntp_auth: *configure_encrypt nxos_ntp_auth: *configure_encrypt
register: result register: result
- assert: &false
that:
- "result.changed == false"
- name: Turn on authentication
nxos_ntp_auth: &authon
authentication: on
state: present
provider: "{{ connection }}"
register: result
- assert: *true
- name: "Check Idempotence - Turn on authentication"
nxos_ntp_auth: *authon
register: result
- assert: *false
- name: Turn off authentication
nxos_ntp_auth: &authoff
authentication: off
state: present
provider: "{{ connection }}"
register: result
- assert: *true
- name: "Check Idempotence - Turn off authentication"
nxos_ntp_auth: *authoff
register: result
- assert: *false
- name: Add trusted key
nxos_ntp_auth: &tkey
key_id: 32
trusted_key: true
state: present
provider: "{{ connection }}"
register: result
- assert: *true
- name: "Check Idempotence - Add trusted key"
nxos_ntp_auth: *tkey
register: result
- assert: *false
- name: Remove trusted key
nxos_ntp_auth: &rtkey
key_id: 32
trusted_key: false
state: present
provider: "{{ connection }}"
register: result
- assert: *true
- name: "Check Idempotence - Remove trusted key"
nxos_ntp_auth: *rtkey
register: result
- assert: *false - assert: *false
- name: Remove encrypt ntp authentication - name: Remove encrypt ntp authentication
@ -73,7 +123,6 @@
key_id: 32 key_id: 32
md5string: hello md5string: hello
auth_type: encrypt auth_type: encrypt
trusted_key: true
authentication: on authentication: on
state: absent state: absent
provider: "{{ connection }}" provider: "{{ connection }}"
@ -81,6 +130,12 @@
- assert: *true - assert: *true
- name: "Check Idempotence - Remove encrypt ntp authentication"
nxos_ntp_auth: *remove_encrypt
register: result
- assert: *false
always: always:
- name: Cleanup ntp auth config - name: Cleanup ntp auth config
nxos_ntp_auth: *setup nxos_ntp_auth: *setup