Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

ce_ntp_auth: update to "state is present but all of the following are missing: pas… #59344

Merged
merged 1 commit into from
Jul 23, 2019
Merged

ce_ntp_auth: update to "state is present but all of the following are missing: pas… #59344

Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Jump to
Jump to file
Failed to load files.
Diff view
Diff view
229 changes: 82 additions & 147 deletions lib/ansible/modules/network/cloudengine/ce_ntp_auth.py
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -195,84 +195,8 @@
import re

from ansible.module_utils.basic import AnsibleModule
from ansible.module_utils.network.cloudengine.ce import ce_argument_spec, load_config, get_nc_config, set_nc_config

CE_NC_GET_NTP_AUTH_CONFIG = """
<filter type="subtree">
<ntp xmlns="http://www.huawei.com/netconf/vrp" content-version="1.0" format-version="1.0">
<ntpAuthKeyCfgs>
<ntpAuthKeyCfg>
<keyId>%s</keyId>
<mode></mode>
<keyVal></keyVal>
<isReliable></isReliable>
</ntpAuthKeyCfg>
</ntpAuthKeyCfgs>
</ntp>
</filter>
"""

CE_NC_GET_ALL_NTP_AUTH_CONFIG = """
<filter type="subtree">
<ntp xmlns="http://www.huawei.com/netconf/vrp" content-version="1.0" format-version="1.0">
<ntpAuthKeyCfgs>
<ntpAuthKeyCfg>
<keyId></keyId>
<mode></mode>
<keyVal></keyVal>
<isReliable></isReliable>
</ntpAuthKeyCfg>
</ntpAuthKeyCfgs>
</ntp>
</filter>
"""

CE_NC_GET_NTP_AUTH_ENABLE = """
<filter type="subtree">
<ntp xmlns="http://www.huawei.com/netconf/vrp" content-version="1.0" format-version="1.0">
<ntpSystemCfg>
<isAuthEnable></isAuthEnable>
</ntpSystemCfg>
</ntp>
</filter>
"""

CE_NC_MERGE_NTP_AUTH_CONFIG = """
<config>
<ntp xmlns="http://www.huawei.com/netconf/vrp" content-version="1.0" format-version="1.0">
<ntpAuthKeyCfgs>
<ntpAuthKeyCfg operation="merge">
<keyId>%s</keyId>
<mode>%s</mode>
<keyVal>%s</keyVal>
<isReliable>%s</isReliable>
</ntpAuthKeyCfg>
</ntpAuthKeyCfgs>
</ntp>
</config>
"""

CE_NC_MERGE_NTP_AUTH_ENABLE = """
<config>
<ntp xmlns="http://www.huawei.com/netconf/vrp" content-version="1.0" format-version="1.0">
<ntpSystemCfg operation="merge">
<isAuthEnable>%s</isAuthEnable>
</ntpSystemCfg>
</ntp>
</config>
"""

CE_NC_DELETE_NTP_AUTH_CONFIG = """
<config>
<ntp xmlns="http://www.huawei.com/netconf/vrp" content-version="1.0" format-version="1.0">
<ntpAuthKeyCfgs>
<ntpAuthKeyCfg operation="delete">
<keyId>%s</keyId>
</ntpAuthKeyCfg>
</ntpAuthKeyCfgs>
</ntp>
</config>
"""
from ansible.module_utils.network.cloudengine.ce import ce_argument_spec, load_config
from ansible.module_utils.connection import exec_command


class NtpAuth(object):
Expand Down Expand Up @@ -317,8 +241,10 @@ def check_params(self):
if (int(self.key_id) < 1) or (int(self.key_id) > 4294967295):
self.module.fail_json(
msg='Error: The length of key_id is between 1 and 4294967295.')

if self.state == "present":
if self.state == "present" and not self.password:
self.module.fail_json(
msg='Error: The password cannot be empty.')
if self.state == "present" and self.password:
if (self.auth_type == 'encrypt') and\
((len(self.password) < 20) or (len(self.password) > 392)):
self.module.fail_json(
Expand All @@ -331,67 +257,72 @@ def check_params(self):
def init_module(self):
"""Init module object"""

required_if = [("state", "present", ("password", "auth_mode"))]
required_if = [("state", "present", ("auth_pwd", "auth_mode"))]
self.module = AnsibleModule(
argument_spec=self.spec,
required_if=required_if,
supports_check_mode=True
)

def check_response(self, xml_str, xml_name):
"""Check if response message is already succeed."""
def get_config(self, flags=None):
"""Retrieves the current config from the device or cache
"""
flags = [] if flags is None else flags

cmd = 'display current-configuration '
cmd += ' '.join(flags)
cmd = cmd.strip()

if "<ok/>" not in xml_str:
self.module.fail_json(msg='Error: %s failed.' % xml_name)
rc, out, err = exec_command(self.module, cmd)
if rc != 0:
self.module.fail_json(msg=err)
cfg = str(out).strip()

return cfg

def get_ntp_auth_enable(self):
"""Get ntp authentication enable state"""

xml_str = CE_NC_GET_NTP_AUTH_ENABLE
con_obj = get_nc_config(self.module, xml_str)
if "<data/>" in con_obj:
return

# get ntp authentication enable
flags = list()
exp = "| exclude undo | include ntp authentication"
flags.append(exp)
config = self.get_config(flags)
auth_en = re.findall(
r'.*<isAuthEnable>(.*)</isAuthEnable>.*', con_obj)
r'.*ntp\s*authentication\s*enable.*', config)
if auth_en:
if auth_en[0] == 'true':
self.ntp_auth_conf['authentication'] = 'enable'
else:
self.ntp_auth_conf['authentication'] = 'disable'
self.ntp_auth_conf['authentication'] = 'enable'
else:
self.ntp_auth_conf['authentication'] = 'disable'

def get_ntp_all_auth_keyid(self):
"""Get all authentication keyid info"""

ntp_auth_conf = list()

xml_str = CE_NC_GET_ALL_NTP_AUTH_CONFIG
con_obj = get_nc_config(self.module, xml_str)
if "<data/>" in con_obj:
flags = list()
exp = "| include authentication-keyid %s" % self.key_id
flags.append(exp)
config = self.get_config(flags)
ntp_config_list = config.split('\n')
if not ntp_config_list:
self.ntp_auth_conf["authentication-keyid"] = "None"
return ntp_auth_conf

# get ntp authentication config
ntp_auth = re.findall(
r'.*<keyId>(.*)</keyId>.*\s*<mode>(.*)</mode>.*\s*'
r'<keyVal>(.*)</keyVal>.*\s*<isReliable>(.*)</isReliable>.*', con_obj)

for ntp_auth_num in ntp_auth:
if ntp_auth_num[0] == self.key_id:
self.key_id_exist = True
if ntp_auth_num[3] == 'true':
self.cur_trusted_key = 'enable'
else:
self.cur_trusted_key = 'disable'

if ntp_auth_num[3] == 'true':
trusted_key = 'enable'
else:
trusted_key = 'disable'
ntp_auth_conf.append(dict(key_id=ntp_auth_num[0],
auth_mode=ntp_auth_num[1].lower(),
trusted_key=trusted_key))
self.key_id_exist = True
cur_auth_mode = ""
cur_auth_pwd = ""
for ntp_config in ntp_config_list:
ntp_auth_mode = re.findall(r'.*authentication-mode(\s\S*)\s\S*\s(\S*)', ntp_config)
ntp_auth_trust = re.findall(r'.*trusted.*', ntp_config)
if ntp_auth_trust:
self.cur_trusted_key = 'enable'
if ntp_auth_mode:
cur_auth_mode = ntp_auth_mode[0][0].strip()
cur_auth_pwd = ntp_auth_mode[0][1].strip()
ntp_auth_conf.append(dict(key_id=self.key_id,
auth_mode=cur_auth_mode,
auth_pwd=cur_auth_pwd,
trusted_key=self.cur_trusted_key))
self.ntp_auth_conf["authentication-keyid"] = ntp_auth_conf

return ntp_auth_conf
Expand All @@ -405,57 +336,59 @@ def get_ntp_auth_exist_config(self):
def config_ntp_auth_keyid(self):
"""Config ntp authentication keyid"""

if self.trusted_key == 'enable':
trusted_key = 'true'
commands = list()
if self.auth_type == 'encrypt':
config_cli = "ntp authentication-keyid %s authentication-mode %s cipher %s" % (
self.key_id, self.auth_mode, self.password)
else:
trusted_key = 'false'
xml_str = CE_NC_MERGE_NTP_AUTH_CONFIG % (
self.key_id, self.auth_mode.upper(), self.password, trusted_key)
ret_xml = set_nc_config(self.module, xml_str)
self.check_response(ret_xml, "NTP_AUTH_KEYID_CONFIG")
config_cli = "ntp authentication-keyid %s authentication-mode %s %s" % (
self.key_id, self.auth_mode, self.password)

commands.append(config_cli)

if self.trusted_key != self.cur_trusted_key:
if self.trusted_key == 'enable':
config_cli_trust = "ntp trusted authentication-keyid %s" % (self.key_id)
commands.append(config_cli_trust)
else:
config_cli_trust = "undo ntp trusted authentication-keyid %s" % (self.key_id)
commands.append(config_cli_trust)

self.cli_load_config(commands)

def config_ntp_auth_enable(self):
"""Config ntp authentication enable"""

commands = list()
if self.ntp_auth_conf['authentication'] != self.authentication:
if self.authentication == 'enable':
state = 'true'
config_cli = "ntp authentication enable"
else:
state = 'false'
xml_str = CE_NC_MERGE_NTP_AUTH_ENABLE % state
ret_xml = set_nc_config(self.module, xml_str)
self.check_response(ret_xml, "NTP_AUTH_ENABLE")
config_cli = "undo ntp authentication enable"
commands.append(config_cli)

self.cli_load_config(commands)

def undo_config_ntp_auth_keyid(self):
"""Undo ntp authentication key-id"""

xml_str = CE_NC_DELETE_NTP_AUTH_CONFIG % self.key_id
ret_xml = set_nc_config(self.module, xml_str)
self.check_response(ret_xml, "UNDO_NTP_AUTH_KEYID_CONFIG")
commands = list()
config_cli = "undo ntp authentication-keyid %s" % self.key_id
commands.append(config_cli)

self.cli_load_config(commands)

def cli_load_config(self, commands):
"""Load config by cli"""

if not self.module.check_mode:
load_config(self.module, commands)

def config_ntp_auth_keyid_by_cli(self):
"""Config ntp authentication keyid bye the way of CLI"""

commands = list()
config_cli = "ntp authentication-keyid %s authentication-mode %s %s" % (
self.key_id, self.auth_mode, self.password)
commands.append(config_cli)
self.cli_load_config(commands)

def config_ntp_auth(self):
"""Config ntp authentication"""

if self.state == "present":
if self.auth_type == 'encrypt':
self.config_ntp_auth_keyid()
else:
self.config_ntp_auth_keyid_by_cli()
self.config_ntp_auth_keyid()
else:
if not self.key_id_exist:
self.module.fail_json(
Expand Down Expand Up @@ -532,6 +465,8 @@ def get_end_state(self):
self.ntp_auth_conf = dict()
self.get_ntp_auth_exist_config()
self.end_state = copy.deepcopy(self.ntp_auth_conf)
if self.end_state == self.existing:
self.changed = False

def show_result(self):
"""Show result"""
Expand Down