Enforcing NXAPI default HTTP behavior (#41817)

* nxos_nxapi http default behavior

* Use nxos_nxapi module in prepare_nxos_tests

* Refactor nxos_nxapi configure test to use yaml block

* Extend nxos_nxapi https & http test cases

* Removed NXOS internal release naming

* Resolved ansibot sanity errors

* Fix typo in prepare_nxos_tests

* Address PR comments

* Shippable indicates this is no longer needed

* Add port change logic and testing
This commit is contained in:
tstoner 2018-07-02 14:58:37 -04:00 committed by Nathaniel Case
parent b87e1a023d
commit db7300904d
17 changed files with 279 additions and 64 deletions

View file

@ -162,7 +162,8 @@ def check_args(module, warnings):
def map_obj_to_commands(want, have, module):
commands = list()
send_commands = list()
commands = dict()
def needs_update(x):
return want.get(x) is not None and (want.get(x) != have.get(x))
@ -170,29 +171,30 @@ def map_obj_to_commands(want, have, module):
if needs_update('state'):
if want['state'] == 'absent':
return ['no feature nxapi']
commands.append('feature nxapi')
send_commands.append('feature nxapi')
elif want['state'] == 'absent':
return send_commands
if needs_update('http') or (have.get('http') and needs_update('http_port')):
if want['http'] is True or (want['http'] is None and have['http'] is True):
port = want['http_port'] or 80
commands.append('nxapi http port %s' % port)
elif want['http'] is False:
commands.append('no nxapi http')
for parameter in ['http', 'https']:
port_param = parameter + '_port'
if needs_update(parameter):
if want.get(parameter) is False:
commands[parameter] = 'no nxapi %s' % parameter
else:
commands[parameter] = 'nxapi %s port %s' % (parameter, want.get(port_param))
if needs_update('https') or (have.get('https') and needs_update('https_port')):
if want['https'] is True or (want['https'] is None and have['https'] is True):
port = want['https_port'] or 443
commands.append('nxapi https port %s' % port)
elif want['https'] is False:
commands.append('no nxapi https')
if needs_update(port_param) and want.get(parameter) is True:
commands[parameter] = 'nxapi %s port %s' % (parameter, want.get(port_param))
if needs_update('sandbox'):
cmd = 'nxapi sandbox'
commands['sandbox'] = 'nxapi sandbox'
if not want['sandbox']:
cmd = 'no %s' % cmd
commands.append(cmd)
commands['sandbox'] = 'no %s' % commands['sandbox']
return commands
for parameter in commands.keys():
send_commands.append(commands[parameter])
return send_commands
def parse_http(data):
@ -265,10 +267,10 @@ def main():
""" main entry point for module execution
"""
argument_spec = dict(
http=dict(aliases=['enable_http'], type='bool'),
http_port=dict(type='int'),
https=dict(aliases=['enable_https'], type='bool'),
https_port=dict(type='int'),
http=dict(aliases=['enable_http'], type='bool', default=True),
http_port=dict(type='int', default=80),
https=dict(aliases=['enable_https'], type='bool', default=False),
https_port=dict(type='int', default=443),
sandbox=dict(aliases=['enable_sandbox'], type='bool'),
state=dict(default='present', choices=['started', 'stopped', 'present', 'absent'])
)
@ -279,6 +281,11 @@ def main():
supports_check_mode=True)
warnings = list()
warning_msg = "Module nxos_nxapi currently defaults to configure 'http port 80'. "
warning_msg += "Default behavior is changing to configure 'https port 443'"
warning_msg += " when params 'http, http_port, https, https_port' are not set in the playbook"
module.deprecate(msg=warning_msg, version="2.11")
check_args(module, warnings)
result = {'changed': False, 'warnings': warnings}

View file

@ -1,7 +0,0 @@
---
- name: Assert configuration changes
assert:
that:
- result.stdout[0]['TABLE_listen_on_port']['ROW_listen_on_port'].l_port
- result.stdout[0]['TABLE_listen_on_port']['ROW_listen_on_port'].l_port|string is search("9443")
- result.stdout[0]['operation_status'].o_status == 'nxapi enabled'

View file

@ -0,0 +1,16 @@
---
- name: Assert HTTP configuration changes
assert:
that:
- result.stdout[0]['TABLE_listen_on_port']['ROW_listen_on_port'].l_port
- result.stdout[0]['TABLE_listen_on_port']['ROW_listen_on_port'].l_port|string is search("80")
- result.stdout[0]['operation_status'].o_status == 'nxapi enabled'
when: major_version is version('9.2', '<')
- name: Assert HTTP configuration changes 9.2 or greater
assert:
that:
- result.stdout[0]['http_port']
- result.stdout[0]['http_port']|string is search("80")
- result.stdout[0]['nxapi_status'] == 'nxapi enabled'
when: major_version is version('9.2', '>=')

View file

@ -0,0 +1,16 @@
---
- name: Assert HTTPS configuration changes
assert:
that:
- result.stdout[0]['TABLE_listen_on_port']['ROW_listen_on_port'].l_port
- result.stdout[0]['TABLE_listen_on_port']['ROW_listen_on_port'].l_port|string is search("9443")
- result.stdout[0]['operation_status'].o_status == 'nxapi enabled'
when: major_version is version('9.2', '<')
- name: Assert HTTPS configuration changes 9.2 or greater
assert:
that:
- result.stdout[0]['https_port']
- result.stdout[0]['https_port']|string is search("9443")
- result.stdout[0]['nxapi_status'] == 'nxapi enabled'
when: major_version is version('9.2', '>=')

View file

@ -0,0 +1,20 @@
---
- name: Assert HTTPS & HTTP configuration changes
assert:
that:
- result.stdout[0]['TABLE_listen_on_port']['ROW_listen_on_port'][1].l_port
- result.stdout[0]['TABLE_listen_on_port']['ROW_listen_on_port'][1].l_port|string is search("9443")
- result.stdout[0]['TABLE_listen_on_port']['ROW_listen_on_port'][0].l_port
- result.stdout[0]['TABLE_listen_on_port']['ROW_listen_on_port'][0].l_port|string is search("80")
- result.stdout[0]['operation_status'].o_status == 'nxapi enabled'
when: major_version is version('9.2', '<')
- name: Assert HTTPS & HTTP configuration changes 9.2 or greater
assert:
that:
- result.stdout[0]['https_port']
- result.stdout[0]['https_port']|string is search("9443")
- result.stdout[0]['http_port']
- result.stdout[0]['http_port']|string is search("80")
- result.stdout[0]['nxapi_status'] == 'nxapi enabled'
when: major_version is version('9.2', '>=')

View file

@ -0,0 +1,20 @@
---
- name: Assert HTTPS & HTTP configuration changes
assert:
that:
- result.stdout[0]['TABLE_listen_on_port']['ROW_listen_on_port'][1].l_port
- result.stdout[0]['TABLE_listen_on_port']['ROW_listen_on_port'][1].l_port|string is search("500")
- result.stdout[0]['TABLE_listen_on_port']['ROW_listen_on_port'][0].l_port
- result.stdout[0]['TABLE_listen_on_port']['ROW_listen_on_port'][0].l_port|string is search("99")
- result.stdout[0]['operation_status'].o_status == 'nxapi enabled'
when: major_version is version('9.2', '<')
- name: Assert HTTPS & HTTP configuration changes 9.2 or greater
assert:
that:
- result.stdout[0]['https_port']
- result.stdout[0]['https_port']|string is search("500")
- result.stdout[0]['http_port']
- result.stdout[0]['http_port']|string is search("99")
- result.stdout[0]['nxapi_status'] == 'nxapi enabled'
when: major_version is version('9.2', '>=')

View file

@ -0,0 +1,6 @@
---
- name: Assert HTTP configuration changes
assert:
that:
- result.stdout[0].https_port is not defined
- result.stdout[0].http_port|string is search("80")

View file

@ -1,5 +1,5 @@
---
- name: Assert configuration changes
- name: Assert HTTPS configuration changes
assert:
that:
- result.stdout[0].http_port is not defined

View file

@ -0,0 +1,8 @@
---
- name: Assert HTTPS && HTTP configuration changes
assert:
that:
- result.stdout[0].https_port is defined
- result.stdout[0].http_port is defined
- result.stdout[0].https_port|string is search("9443")
- result.stdout[0].http_port|string is search("80")

View file

@ -0,0 +1,8 @@
---
- name: Assert HTTPS && HTTP configuration changes
assert:
that:
- result.stdout[0].https_port is defined
- result.stdout[0].http_port is defined
- result.stdout[0].https_port|string is search("500")
- result.stdout[0].http_port|string is search("99")

View file

@ -0,0 +1,7 @@
---
- name: Assert HTTP configuration changes
assert:
that:
- result.stdout[0].https_port is not defined
- result.stdout[0].http_port|string is search("80")
- result.stdout[0].sandbox_status == 'Enabled'

View file

@ -1,5 +1,5 @@
---
- name: Assert configuration changes
- name: Assert HTTPS configuration changes
assert:
that:
- result.stdout[0].http_port is not defined

View file

@ -0,0 +1,9 @@
---
- name: Assert HTTPS & HTTP configuration changes
assert:
that:
- result.stdout[0].https_port is defined
- result.stdout[0].http_port is defined
- result.stdout[0].https_port|string is search("9443")
- result.stdout[0].http_port|string is search("80")
- result.stdout[0].sandbox_status == 'Enabled'

View file

@ -0,0 +1,9 @@
---
- name: Assert HTTPS & HTTP configuration changes
assert:
that:
- result.stdout[0].https_port is defined
- result.stdout[0].http_port is defined
- result.stdout[0].https_port|string is search("500")
- result.stdout[0].http_port|string is search("99")
- result.stdout[0].sandbox_status == 'Enabled'

View file

@ -8,8 +8,9 @@
nxos_nxapi:
state: absent
- name: Configure NXAPI
nxos_nxapi:
- block:
- name: Configure NXAPI HTTPS
nxos_nxapi: &configure_https
enable_http: no
enable_sandbox: "{{nxapi_sandbox_option|default(omit)}}"
enable_https: yes
@ -21,26 +22,121 @@
- show nxapi | json
register: result
- include: targets/nxos_nxapi/tasks/platform/n7k/assert_changes.yaml
- include: targets/nxos_nxapi/tasks/platform/n7k/assert_changes_https.yaml
when: platform is match('N7K')
- include: targets/nxos_nxapi/tasks/platform/n5k/assert_changes.yaml
- include: targets/nxos_nxapi/tasks/platform/n5k/assert_changes_https.yaml
when: platform is match('N5K')
- include: targets/nxos_nxapi/tasks/platform/default/assert_changes.yaml
- include: targets/nxos_nxapi/tasks/platform/default/assert_changes_https.yaml
when: not ( platform is search('N7K')) and not (platform is search('N5K')) and not (platform is search('N35'))
- name: Configure NXAPI again
nxos_nxapi:
enable_http: no
- name: Configure NXAPI HTTPS again
nxos_nxapi: *configure_https
register: result
- name: Assert configuration is idempotent
assert: &assert_false
that:
- result.changed == false
- name: Configure NXAPI HTTPS & HTTP
nxos_nxapi: &configure_https_http
enable_http: yes
enable_sandbox: "{{nxapi_sandbox_option|default(omit)}}"
enable_https: yes
https_port: 9443
register: result
- nxos_command:
commands:
- show nxapi | json
register: result
- include: targets/nxos_nxapi/tasks/platform/n7k/assert_changes_https_http.yaml
when: platform is match('N7K')
- include: targets/nxos_nxapi/tasks/platform/n5k/assert_changes_https_http.yaml
when: platform is match('N5K')
- include: targets/nxos_nxapi/tasks/platform/default/assert_changes_https_http.yaml
when: not ( platform is search('N7K')) and not (platform is search('N5K')) and not (platform is search('N35'))
- name: Configure NXAPI HTTPS & HTTP again
nxos_nxapi: *configure_https_http
register: result
- name: Assert configuration is idempotent
assert:
that:
- result.changed == false
assert: *assert_false
- name: Configure different NXAPI HTTPS & HTTP ports
nxos_nxapi: &configure_https_http_ports
enable_http: yes
enable_sandbox: "{{nxapi_sandbox_option|default(omit)}}"
enable_https: yes
http_port: 99
https_port: 500
register: result
- nxos_command:
commands:
- show nxapi | json
register: result
- include: targets/nxos_nxapi/tasks/platform/n7k/assert_changes_https_http_ports.yaml
when: platform is match('N7K')
- include: targets/nxos_nxapi/tasks/platform/n5k/assert_changes_https_http_ports.yaml
when: platform is match('N5K')
- include: targets/nxos_nxapi/tasks/platform/default/assert_changes_https_http_ports.yaml
when: not ( platform is search('N7K')) and not (platform is search('N5K')) and not (platform is search('N35'))
- name: Configure different NXAPI HTTPS & HTTP ports again
nxos_nxapi: *configure_https_http_ports
register: result
- name: Assert configuration is idempotent
assert: *assert_false
- name: Configure NXAPI HTTP
nxos_nxapi: &configure_http
enable_http: yes
enable_sandbox: "{{nxapi_sandbox_option|default(omit)}}"
enable_https: no
register: result
- nxos_command:
commands:
- show nxapi | json
register: result
- include: targets/nxos_nxapi/tasks/platform/n7k/assert_changes_http.yaml
when: platform is match('N7K')
- include: targets/nxos_nxapi/tasks/platform/n5k/assert_changes_http.yaml
when: platform is match('N5K')
- include: targets/nxos_nxapi/tasks/platform/default/assert_changes_http.yaml
when: not ( platform is search('N7K')) and not (platform is search('N5K')) and not (platform is search('N35'))
- name: Configure NXAPI HTTP again
nxos_nxapi: *configure_http
register: result
- name: Assert configuration is idempotent
assert: *assert_false
always:
- name: Cleanup - Disable NXAPI
nxos_nxapi:
state: absent
register: result
- name: Cleanup - Re-enable NXAPI
nxos_nxapi:
state: present
register: result
- debug: msg="END cli/configure.yaml"

View file

@ -1,14 +1,14 @@
---
- name: Toggle feature nxapi - Enable
- name: Enable Feature Privilage
nxos_config:
lines:
- feature nxapi
- feature privilege
connection: network_cli
ignore_errors: yes
- name: Set nxapi to default state
- name: Enable Feature NXAPI
nxos_nxapi:
state: present
connection: network_cli
# Gather the list of interfaces on this device and make the list
@ -93,6 +93,7 @@
# 8.0(1)
# 7.3(0)D1(1)
# 7.0(3)IHD8(1)
- set_fact: major_version="{{ image_version[0:3] }}"
- set_fact: imagetag="{{ image_version[0:3] }}"
when: image_version is search("\d\.\d\(\d\)")
- set_fact: imagetag="{{ image_version[6:8] }}"

View file

@ -944,7 +944,6 @@ lib/ansible/modules/network/nxos/nxos_gir.py E326
lib/ansible/modules/network/nxos/nxos_igmp_interface.py E326
lib/ansible/modules/network/nxos/nxos_interface.py E324
lib/ansible/modules/network/nxos/nxos_lldp.py E326
lib/ansible/modules/network/nxos/nxos_nxapi.py E324
lib/ansible/modules/network/nxos/nxos_nxapi.py E326
lib/ansible/modules/network/nxos/nxos_pim_interface.py E326
lib/ansible/modules/network/nxos/nxos_pim_rp_address.py E326