diff --git a/lib/ansible/modules/network/netvisor/pn_log_audit_exception.py b/lib/ansible/modules/network/netvisor/pn_log_audit_exception.py new file mode 100644 index 0000000000..fe42dfa412 --- /dev/null +++ b/lib/ansible/modules/network/netvisor/pn_log_audit_exception.py @@ -0,0 +1,204 @@ +#!/usr/bin/python +# Copyright: (c) 2018, Pluribus Networks +# GNU General Public License v3.0+ (see COPYING or https://www.gnu.org/license/gpl-3.0.txt) + +from __future__ import absolute_import, division, print_function +__metaclass__ = type + + +ANSIBLE_METADATA = {'metadata_version': '1.1', + 'status': ['preview'], + 'supported_by': 'community'} + + +DOCUMENTATION = """ +--- +module: pn_log_audit_exception +author: "Pluribus Networks (@rajaspachipulusu17)" +version_added: "2.9" +short_description: CLI command to create/delete an audit exception +description: + - This module can be used to create an audit exception and delete an audit exception. +options: + pn_cliswitch: + description: + - Target switch to run the CLI on. + required: false + type: str + pn_audit_type: + description: + - Specify the type of audit exception. + required: false + type: str + choices: ['cli', 'shell', 'vtysh'] + state: + description: + - State the action to perform. Use 'present' to create audit-exception and + 'absent' to delete audit-exception. + required: false + type: str + choices: ['present', 'absent'] + default: 'present' + pn_pattern: + description: + - Specify a regular expression to match exceptions. + required: false + type: str + pn_scope: + description: + - scope - local or fabric. + required: false + type: str + choices: ['local', 'fabric'] + pn_access: + description: + - Specify the access type to match exceptions. + required: true + type: str + choices: ['any', 'read-only', 'read-write'] +""" + +EXAMPLES = """ +- name: create a log-audit-exception + pn_log_audit_exception: + pn_audit_type: "cli" + pn_pattern: "test" + state: "present" + pn_access: "any" + pn_scope: "local" + +- name: delete a log-audit-exception + pn_log_audit_exception: + pn_audit_type: "shell" + pn_pattern: "test" + state: "absent" + pn_access: "any" +""" + +RETURN = """ +command: + description: the CLI command run on the target node. + returned: always + type: str +stdout: + description: set of responses from the pn_log_audit_exceptions command. + returned: always + type: list +stderr: + description: set of error responses from the log_audit_exceptions command. + returned: on error + type: list +changed: + description: indicates whether the CLI caused changes on the target. + returned: always + type: bool +""" + +from ansible.module_utils.basic import AnsibleModule +from ansible.module_utils.network.netvisor.pn_nvos import pn_cli, run_cli +from ansible.module_utils.network.netvisor.netvisor import run_commands + + +def check_cli(module, cli): + """ + This method checks for idempotency using the log-audit-exception command. + If a list with given name exists, return exists as True else False. + :param module: The Ansible module to fetch input parameters. + :return Booleans: True or False. + """ + state = module.params['state'] + audit_type = module.params['pn_audit_type'] + pattern = module.params['pn_pattern'] + access = module.params['pn_access'] + scope = module.params['pn_scope'] + cli += ' log-audit-exception-show' + cli += ' no-show-headers format ' + cli += ' type,pattern,access,scope parsable-delim DELIM' + + stdout = run_commands(module, cli)[1] + + if stdout: + linelist = stdout.strip().split('\n') + for line in linelist: + wordlist = line.split('DELIM') + count = 0 + + if wordlist[0] == audit_type: + count += 1 + if wordlist[1] == pattern: + count += 1 + if wordlist[2] == access: + count += 1 + if state == 'present' and wordlist[3] == scope: + count += 1 + elif state == 'absent' and count == 3: + return True + if state == 'present' and count == 4: + return True + + return False + + +def main(): + """ This section is for arguments parsing """ + + state_map = dict( + present='log-audit-exception-create', + absent='log-audit-exception-delete', + ) + + argument_spec = dict( + pn_cliswitch=dict(required=False, type='str'), + pn_pattern=dict(required=True, type='str'), + state=dict(required=False, type='str', + choices=state_map.keys(), default='present'), + pn_access=dict(required=True, type='str', choices=['any', 'read-only', 'read-write']), + pn_audit_type=dict(required=True, type='str', choices=['cli', 'shell', 'vtysh']), + pn_scope=dict(required=False, type='str', choices=['local', 'fabric']), + ) + + module = AnsibleModule( + argument_spec=argument_spec, + required_if=( + ["state", "present", ["pn_scope"]], + ), + ) + + # Accessing the arguments + + cliswitch = module.params['pn_cliswitch'] + state = module.params['state'] + access = module.params['pn_access'] + audit_type = module.params['pn_audit_type'] + pattern = module.params['pn_pattern'] + scope = module.params['pn_scope'] + + command = state_map[state] + + # Building the CLI command string + cli = pn_cli(module, cliswitch) + + audit_log_exists = check_cli(module, cli) + + cli += ' %s %s pattern %s %s' % (command, audit_type, pattern, access) + + if state == 'absent': + if audit_log_exists is False: + module.exit_json( + skipped=True, + msg='This audit log exception entry does not exist' + ) + run_cli(module, cli, state_map) + + elif state == 'present': + if audit_log_exists is True: + module.exit_json( + skipped=True, + msg='This audit log exception entry already exists' + ) + cli += ' scope %s ' % scope + run_cli(module, cli, state_map) + + +if __name__ == '__main__': + main() diff --git a/test/units/modules/network/netvisor/test_pn_log_audit_exception.py b/test/units/modules/network/netvisor/test_pn_log_audit_exception.py new file mode 100644 index 0000000000..635f253f7b --- /dev/null +++ b/test/units/modules/network/netvisor/test_pn_log_audit_exception.py @@ -0,0 +1,62 @@ +# Copyright: (c) 2018, Pluribus Networks +# GNU General Public License v3.0+ (see COPYING or https://www.gnu.org/licenses/gpl-3.0.txt) + +from __future__ import (absolute_import, division, print_function) +__metaclass__ = type + +import json + +from units.compat.mock import patch +from ansible.modules.network.netvisor import pn_log_audit_exception +from units.modules.utils import set_module_args +from .nvos_module import TestNvosModule, load_fixture + + +class TestLogAuditExceptionModule(TestNvosModule): + + module = pn_log_audit_exception + + def setUp(self): + self.mock_run_nvos_commands = patch('ansible.modules.network.netvisor.pn_log_audit_exception.run_cli') + self.run_nvos_commands = self.mock_run_nvos_commands.start() + + self.mock_run_check_cli = patch('ansible.modules.network.netvisor.pn_log_audit_exception.check_cli') + self.run_check_cli = self.mock_run_check_cli.start() + + def tearDown(self): + self.mock_run_nvos_commands.stop() + self.mock_run_check_cli.stop() + + def run_cli_patch(self, module, cli, state_map): + if state_map['present'] == 'log-audit-exception-create': + results = dict( + changed=True, + cli_cmd=cli + ) + elif state_map['absent'] == 'log-audit-exception-delete': + results = dict( + changed=True, + cli_cmd=cli + ) + module.exit_json(**results) + + def load_fixtures(self, commands=None, state=None, transport='cli'): + self.run_nvos_commands.side_effect = self.run_cli_patch + if state == 'present': + self.run_check_cli.return_value = False + if state == 'absent': + self.run_check_cli.return_value = True + + def test_log_audit_exception_create(self): + set_module_args({'pn_cliswitch': 'sw01', 'pn_audit_type': 'cli', + 'pn_pattern': 'test', 'pn_scope': 'local', 'pn_access': 'any', 'state': 'present'}) + result = self.execute_module(changed=True, state='present') + expected_cmd = ' switch sw01 log-audit-exception-create cli pattern test any scope local ' + self.assertEqual(result['cli_cmd'], expected_cmd) + + def test_log_audit_exception_delete(self): + set_module_args({'pn_cliswitch': 'sw01', 'pn_audit_type': 'cli', + 'pn_pattern': 'test', 'pn_access': 'any', 'state': 'absent'}) + result = self.execute_module(changed=True, state='absent') + expected_cmd = ' switch sw01 log-audit-exception-delete cli pattern test any' + self.assertEqual(result['cli_cmd'], expected_cmd)