cmueller/ansible
1
0
Fork 0
Code Issues Pull requests Projects Releases Wiki Activity

fix ntp_auth issues (#38824)

Browse source
This commit is contained in:
saichint 2018-04-17 05:25:05 -07:00 committed by Trishna Guha
parent 3d3781db57
commit a372142434
2 changed files with 108 additions and 51 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

70
lib/ansible/modules/network/nxos/nxos_ntp_auth.py
View file

@ -34,19 +34,15 @@ author:
- Jason Edelman (@jedelman8)
notes:
- Tested against NXOSv 7.3.(0)D1(1) on VIRL
- If C(state=absent), the module will attempt to remove the given key configuration.
If a matching key configuration isn't found on the device, the module will fail.
- If C(state=absent), the module will remove the given key configuration if it exists.
- If C(state=absent) and C(authentication=on), authentication will be turned off.
- If C(state=absent) and C(authentication=off), authentication will be turned on.
options:
key_id:
description:
- Authentication key identifier (numeric).
required: true
md5string:
description:
- MD5 String.
required: true
auth_type:
description:
- Whether the given md5string is in cleartext or
@ -156,17 +152,19 @@ def get_ntp_auth_key(key_id, module):
authentication_key = {}
command = 'show run | inc ntp.authentication-key.{0}'.format(key_id)
auth_regex = (r".*ntp\sauthentication-key\s(?P<key_id>\d+)\s"
r"md5\s(?P<md5string>\S+).*")
r"md5\s(?P<md5string>\S+)\s(?P<atype>\S+).*")
body = execute_show_command(command, module)[0]
try:
match_authentication = re.match(auth_regex, body, re.DOTALL)
group_authentication = match_authentication.groupdict()
key_id = group_authentication["key_id"]
md5string = group_authentication['md5string']
authentication_key['key_id'] = key_id
authentication_key['md5string'] = md5string
authentication_key['key_id'] = group_authentication['key_id']
authentication_key['md5string'] = group_authentication['md5string']
if group_authentication['atype'] == '7':
authentication_key['auth_type'] = 'encrypt'
else:
authentication_key['auth_type'] = 'text'
except (AttributeError, TypeError):
authentication_key = {}
@ -200,10 +198,11 @@ def auth_type_to_num(auth_type):
def set_ntp_auth_key(key_id, md5string, auth_type, trusted_key, authentication):
ntp_auth_cmds = []
auth_type_num = auth_type_to_num(auth_type)
ntp_auth_cmds.append(
'ntp authentication-key {0} md5 {1} {2}'.format(
key_id, md5string, auth_type_num))
if key_id and md5string:
auth_type_num = auth_type_to_num(auth_type)
ntp_auth_cmds.append(
'ntp authentication-key {0} md5 {1} {2}'.format(
key_id, md5string, auth_type_num))
if trusted_key == 'true':
ntp_auth_cmds.append(
@ -224,25 +223,22 @@ def set_ntp_auth_key(key_id, md5string, auth_type, trusted_key, authentication):
def remove_ntp_auth_key(key_id, md5string, auth_type, trusted_key, authentication):
auth_remove_cmds = []
auth_type_num = auth_type_to_num(auth_type)
auth_remove_cmds.append(
'no ntp authentication-key {0} md5 {1} {2}'.format(
key_id, md5string, auth_type_num))
if key_id:
auth_type_num = auth_type_to_num(auth_type)
auth_remove_cmds.append(
'no ntp authentication-key {0} md5 {1} {2}'.format(
key_id, md5string, auth_type_num))
if authentication == 'on':
if authentication:
auth_remove_cmds.append(
'no ntp authenticate')
elif authentication == 'off':
auth_remove_cmds.append(
'ntp authenticate')
return auth_remove_cmds
def main():
argument_spec = dict(
key_id=dict(required=True, type='str'),
md5string=dict(required=True, type='str'),
key_id=dict(type='str'),
md5string=dict(type='str'),
auth_type=dict(choices=['text', 'encrypt'], default='text'),
trusted_key=dict(choices=['true', 'false'], default='false'),
authentication=dict(choices=['on', 'off']),
@ -264,6 +260,10 @@ def main():
authentication = module.params['authentication']
state = module.params['state']
if key_id:
if not trusted_key and not md5string:
module.fail_json(msg='trusted_key or md5string MUST be specified')
args = dict(key_id=key_id, md5string=md5string,
auth_type=auth_type, trusted_key=trusted_key,
authentication=authentication)
@ -280,18 +280,20 @@ def main():
if state == 'present':
if delta:
command = set_ntp_auth_key(
key_id, md5string, auth_type, trusted_key, delta.get('authentication'))
key_id, md5string, delta.get('auth_type'),
delta.get('trusted_key'), delta.get('authentication'))
if command:
commands.append(command)
elif state == 'absent':
if existing:
auth_toggle = None
if authentication == existing.get('authentication'):
auth_toggle = authentication
command = remove_ntp_auth_key(
key_id, md5string, auth_type, trusted_key, auth_toggle)
if command:
commands.append(command)
auth_toggle = None
if existing.get('authentication') == 'on':
auth_toggle = True
if not existing.get('key_id'):
key_id = None
command = remove_ntp_auth_key(
key_id, md5string, auth_type, trusted_key, auth_toggle)
if command:
commands.append(command)
cmds = flatten_list(commands)
if cmds:

89
test/integration/targets/nxos_ntp_auth/tests/common/sanity.yaml
View file

@ -17,9 +17,7 @@
nxos_ntp_auth: &configure_text
key_id: 32
md5string: hello
auth_type: text
trusted_key: true
authentication: on
authentication: off
state: present
provider: "{{ connection }}"
register: result
@ -28,21 +26,11 @@
that:
- "result.changed == true"
- name: "Check Idempotence - Configure text ntp authentication"
nxos_ntp_auth: *configure_text
register: result
- assert: &false
that:
- "result.changed == false"
- name: Remove text ntp authentication
nxos_ntp_auth: &remove_text
key_id: 32
md5string: hello
auth_type: text
trusted_key: true
authentication: on
authentication: off
state: absent
provider: "{{ connection }}"
register: result
@ -54,8 +42,6 @@
key_id: 32
md5string: hello
auth_type: encrypt
trusted_key: true
authentication: on
state: present
provider: "{{ connection }}"
register: result
@ -66,6 +52,70 @@
nxos_ntp_auth: *configure_encrypt
register: result
- assert: &false
that:
- "result.changed == false"
- name: Turn on authentication
nxos_ntp_auth: &authon
authentication: on
state: present
provider: "{{ connection }}"
register: result
- assert: *true
- name: "Check Idempotence - Turn on authentication"
nxos_ntp_auth: *authon
register: result
- assert: *false
- name: Turn off authentication
nxos_ntp_auth: &authoff
authentication: off
state: present
provider: "{{ connection }}"
register: result
- assert: *true
- name: "Check Idempotence - Turn off authentication"
nxos_ntp_auth: *authoff
register: result
- assert: *false
- name: Add trusted key
nxos_ntp_auth: &tkey
key_id: 32
trusted_key: true
state: present
provider: "{{ connection }}"
register: result
- assert: *true
- name: "Check Idempotence - Add trusted key"
nxos_ntp_auth: *tkey
register: result
- assert: *false
- name: Remove trusted key
nxos_ntp_auth: &rtkey
key_id: 32
trusted_key: false
state: present
provider: "{{ connection }}"
register: result
- assert: *true
- name: "Check Idempotence - Remove trusted key"
nxos_ntp_auth: *rtkey
register: result
- assert: *false
- name: Remove encrypt ntp authentication
@ -73,7 +123,6 @@
key_id: 32
md5string: hello
auth_type: encrypt
trusted_key: true
authentication: on
state: absent
provider: "{{ connection }}"
@ -81,6 +130,12 @@
- assert: *true
- name: "Check Idempotence - Remove encrypt ntp authentication"
nxos_ntp_auth: *remove_encrypt
register: result
- assert: *false
always:
- name: Cleanup ntp auth config
nxos_ntp_auth: *setup