From a372142434522fb7ba219945238595595def0d86 Mon Sep 17 00:00:00 2001 From: saichint Date: Tue, 17 Apr 2018 05:25:05 -0700 Subject: [PATCH] fix ntp_auth issues (#38824) --- .../modules/network/nxos/nxos_ntp_auth.py | 70 ++++++++------- .../nxos_ntp_auth/tests/common/sanity.yaml | 89 +++++++++++++++---- 2 files changed, 108 insertions(+), 51 deletions(-) diff --git a/lib/ansible/modules/network/nxos/nxos_ntp_auth.py b/lib/ansible/modules/network/nxos/nxos_ntp_auth.py index d2e6509351..5cd96c702e 100644 --- a/lib/ansible/modules/network/nxos/nxos_ntp_auth.py +++ b/lib/ansible/modules/network/nxos/nxos_ntp_auth.py @@ -34,19 +34,15 @@ author: - Jason Edelman (@jedelman8) notes: - Tested against NXOSv 7.3.(0)D1(1) on VIRL - - If C(state=absent), the module will attempt to remove the given key configuration. - If a matching key configuration isn't found on the device, the module will fail. + - If C(state=absent), the module will remove the given key configuration if it exists. - If C(state=absent) and C(authentication=on), authentication will be turned off. - - If C(state=absent) and C(authentication=off), authentication will be turned on. options: key_id: description: - Authentication key identifier (numeric). - required: true md5string: description: - MD5 String. - required: true auth_type: description: - Whether the given md5string is in cleartext or @@ -156,17 +152,19 @@ def get_ntp_auth_key(key_id, module): authentication_key = {} command = 'show run | inc ntp.authentication-key.{0}'.format(key_id) auth_regex = (r".*ntp\sauthentication-key\s(?P\d+)\s" - r"md5\s(?P\S+).*") + r"md5\s(?P\S+)\s(?P\S+).*") body = execute_show_command(command, module)[0] try: match_authentication = re.match(auth_regex, body, re.DOTALL) group_authentication = match_authentication.groupdict() - key_id = group_authentication["key_id"] - md5string = group_authentication['md5string'] - authentication_key['key_id'] = key_id - authentication_key['md5string'] = md5string + authentication_key['key_id'] = group_authentication['key_id'] + authentication_key['md5string'] = group_authentication['md5string'] + if group_authentication['atype'] == '7': + authentication_key['auth_type'] = 'encrypt' + else: + authentication_key['auth_type'] = 'text' except (AttributeError, TypeError): authentication_key = {} @@ -200,10 +198,11 @@ def auth_type_to_num(auth_type): def set_ntp_auth_key(key_id, md5string, auth_type, trusted_key, authentication): ntp_auth_cmds = [] - auth_type_num = auth_type_to_num(auth_type) - ntp_auth_cmds.append( - 'ntp authentication-key {0} md5 {1} {2}'.format( - key_id, md5string, auth_type_num)) + if key_id and md5string: + auth_type_num = auth_type_to_num(auth_type) + ntp_auth_cmds.append( + 'ntp authentication-key {0} md5 {1} {2}'.format( + key_id, md5string, auth_type_num)) if trusted_key == 'true': ntp_auth_cmds.append( @@ -224,25 +223,22 @@ def set_ntp_auth_key(key_id, md5string, auth_type, trusted_key, authentication): def remove_ntp_auth_key(key_id, md5string, auth_type, trusted_key, authentication): auth_remove_cmds = [] - auth_type_num = auth_type_to_num(auth_type) - auth_remove_cmds.append( - 'no ntp authentication-key {0} md5 {1} {2}'.format( - key_id, md5string, auth_type_num)) + if key_id: + auth_type_num = auth_type_to_num(auth_type) + auth_remove_cmds.append( + 'no ntp authentication-key {0} md5 {1} {2}'.format( + key_id, md5string, auth_type_num)) - if authentication == 'on': + if authentication: auth_remove_cmds.append( 'no ntp authenticate') - elif authentication == 'off': - auth_remove_cmds.append( - 'ntp authenticate') - return auth_remove_cmds def main(): argument_spec = dict( - key_id=dict(required=True, type='str'), - md5string=dict(required=True, type='str'), + key_id=dict(type='str'), + md5string=dict(type='str'), auth_type=dict(choices=['text', 'encrypt'], default='text'), trusted_key=dict(choices=['true', 'false'], default='false'), authentication=dict(choices=['on', 'off']), @@ -264,6 +260,10 @@ def main(): authentication = module.params['authentication'] state = module.params['state'] + if key_id: + if not trusted_key and not md5string: + module.fail_json(msg='trusted_key or md5string MUST be specified') + args = dict(key_id=key_id, md5string=md5string, auth_type=auth_type, trusted_key=trusted_key, authentication=authentication) @@ -280,18 +280,20 @@ def main(): if state == 'present': if delta: command = set_ntp_auth_key( - key_id, md5string, auth_type, trusted_key, delta.get('authentication')) + key_id, md5string, delta.get('auth_type'), + delta.get('trusted_key'), delta.get('authentication')) if command: commands.append(command) elif state == 'absent': - if existing: - auth_toggle = None - if authentication == existing.get('authentication'): - auth_toggle = authentication - command = remove_ntp_auth_key( - key_id, md5string, auth_type, trusted_key, auth_toggle) - if command: - commands.append(command) + auth_toggle = None + if existing.get('authentication') == 'on': + auth_toggle = True + if not existing.get('key_id'): + key_id = None + command = remove_ntp_auth_key( + key_id, md5string, auth_type, trusted_key, auth_toggle) + if command: + commands.append(command) cmds = flatten_list(commands) if cmds: diff --git a/test/integration/targets/nxos_ntp_auth/tests/common/sanity.yaml b/test/integration/targets/nxos_ntp_auth/tests/common/sanity.yaml index e9e411dfde..76f1ea5c5b 100644 --- a/test/integration/targets/nxos_ntp_auth/tests/common/sanity.yaml +++ b/test/integration/targets/nxos_ntp_auth/tests/common/sanity.yaml @@ -17,9 +17,7 @@ nxos_ntp_auth: &configure_text key_id: 32 md5string: hello - auth_type: text - trusted_key: true - authentication: on + authentication: off state: present provider: "{{ connection }}" register: result @@ -28,21 +26,11 @@ that: - "result.changed == true" - - name: "Check Idempotence - Configure text ntp authentication" - nxos_ntp_auth: *configure_text - register: result - - - assert: &false - that: - - "result.changed == false" - - name: Remove text ntp authentication nxos_ntp_auth: &remove_text key_id: 32 md5string: hello - auth_type: text - trusted_key: true - authentication: on + authentication: off state: absent provider: "{{ connection }}" register: result @@ -54,8 +42,6 @@ key_id: 32 md5string: hello auth_type: encrypt - trusted_key: true - authentication: on state: present provider: "{{ connection }}" register: result @@ -66,6 +52,70 @@ nxos_ntp_auth: *configure_encrypt register: result + - assert: &false + that: + - "result.changed == false" + + - name: Turn on authentication + nxos_ntp_auth: &authon + authentication: on + state: present + provider: "{{ connection }}" + register: result + + - assert: *true + + - name: "Check Idempotence - Turn on authentication" + nxos_ntp_auth: *authon + register: result + + - assert: *false + + - name: Turn off authentication + nxos_ntp_auth: &authoff + authentication: off + state: present + provider: "{{ connection }}" + register: result + + - assert: *true + + - name: "Check Idempotence - Turn off authentication" + nxos_ntp_auth: *authoff + register: result + + - assert: *false + + - name: Add trusted key + nxos_ntp_auth: &tkey + key_id: 32 + trusted_key: true + state: present + provider: "{{ connection }}" + register: result + + - assert: *true + + - name: "Check Idempotence - Add trusted key" + nxos_ntp_auth: *tkey + register: result + + - assert: *false + + - name: Remove trusted key + nxos_ntp_auth: &rtkey + key_id: 32 + trusted_key: false + state: present + provider: "{{ connection }}" + register: result + + - assert: *true + + - name: "Check Idempotence - Remove trusted key" + nxos_ntp_auth: *rtkey + register: result + - assert: *false - name: Remove encrypt ntp authentication @@ -73,7 +123,6 @@ key_id: 32 md5string: hello auth_type: encrypt - trusted_key: true authentication: on state: absent provider: "{{ connection }}" @@ -81,6 +130,12 @@ - assert: *true + - name: "Check Idempotence - Remove encrypt ntp authentication" + nxos_ntp_auth: *remove_encrypt + register: result + + - assert: *false + always: - name: Cleanup ntp auth config nxos_ntp_auth: *setup