|
|
|
---
|
|
|
|
- debug: msg="START connection={{ ansible_connection }} nxos_snmp_user sanity test"
|
|
|
|
- debug: msg="Using provider={{ connection.transport }}"
|
|
|
|
when: ansible_connection == "local"
|
|
|
|
|
|
|
|
- set_fact: delete_last_user_allowed='true'
|
|
|
|
- set_fact: delete_last_user_allowed='false'
|
|
|
|
when: imagetag and (imagetag is version_compare('9.1', 'ge'))
|
|
|
|
- set_fact: delete_last_user_allowed='false'
|
|
|
|
when: platform is search('N5K|N6K|N9K-F')
|
|
|
|
|
|
|
|
- name: Remove snmp user
|
nxos_snmp_user: platform fixes for get_snmp_user (#55832)
* nxos_snmp_user: platform fixes for get_snmp_user
snmp user output behavior varies quite a bit for the different nxos platforms and required several workarounds:
- N5K/N6k
- These platforms do not support structured output for `show snmp user`.
- The current code lands in an `except` clause when the output is not structured; so I added a new `get_non_structured_snmp_user` method to scrape the state from the regular cli output if it's present.
- N9K-F
- The `group` data in the JSON output is different for this platform; it has a different key (just `group` instead of `TABLE_groups` or `group_names`) and it is not indexed
- For a single group the value is a string, for multiple groups it's a list
- sanity
- N5K/N6K/N9K-F platforms will reject `no snmp user <name> <role>` when it's the last role defined for the user.
- workaround is to use `nxos_user` to remove the user
- Changes validated on:
- `N3K, N3K-F, N35, N6K, N7K, N9K, N9K-F`
- `6.0(2)A8`
- `7.0(3)I2, 7.0(3)I4, 7.0(3)I5, 7.0(3)I6, 7.0(3)I7`
- `7.3(2)D1`
- `7.3(3)N1, 7.3(4)N1`
- `8.3(2)`
- `9.2(2), 9.2(3)`
* fix lint warning
6 years ago
|
|
|
nxos_snmp_user: &remove_snmp_user
|
|
|
|
user: ntc
|
|
|
|
provider: "{{ connection }}"
|
|
|
|
state: absent
|
nxos_snmp_user: platform fixes for get_snmp_user (#55832)
* nxos_snmp_user: platform fixes for get_snmp_user
snmp user output behavior varies quite a bit for the different nxos platforms and required several workarounds:
- N5K/N6k
- These platforms do not support structured output for `show snmp user`.
- The current code lands in an `except` clause when the output is not structured; so I added a new `get_non_structured_snmp_user` method to scrape the state from the regular cli output if it's present.
- N9K-F
- The `group` data in the JSON output is different for this platform; it has a different key (just `group` instead of `TABLE_groups` or `group_names`) and it is not indexed
- For a single group the value is a string, for multiple groups it's a list
- sanity
- N5K/N6K/N9K-F platforms will reject `no snmp user <name> <role>` when it's the last role defined for the user.
- workaround is to use `nxos_user` to remove the user
- Changes validated on:
- `N3K, N3K-F, N35, N6K, N7K, N9K, N9K-F`
- `6.0(2)A8`
- `7.0(3)I2, 7.0(3)I4, 7.0(3)I5, 7.0(3)I6, 7.0(3)I7`
- `7.3(2)D1`
- `7.3(3)N1, 7.3(4)N1`
- `8.3(2)`
- `9.2(2), 9.2(3)`
* fix lint warning
6 years ago
|
|
|
ignore_errors: yes
|
|
|
|
when: platform is not search('N5K|N6K|N9K-F')
|
|
|
|
|
|
|
|
- name: Remove user workaround
|
|
|
|
# Some platforms will not allow snmp_user to remove the last role
|
|
|
|
nxos_user: &workaround_remove_user
|
|
|
|
name: ntc
|
|
|
|
provider: "{{ connection }}"
|
|
|
|
state: absent
|
|
|
|
ignore_errors: yes
|
|
|
|
when: platform is search('N5K|N6K|N9K-F')
|
|
|
|
|
|
|
|
- pause:
|
|
|
|
seconds: 5
|
|
|
|
|
|
|
|
- block:
|
|
|
|
- name: Create snmp user
|
|
|
|
nxos_snmp_user: &create
|
|
|
|
user: ntc
|
|
|
|
group: network-operator
|
|
|
|
authentication: md5
|
|
|
|
pwd: N$tOpe%1
|
|
|
|
privacy: HelloU$er1
|
|
|
|
encrypt: true
|
|
|
|
provider: "{{ connection }}"
|
|
|
|
register: result
|
|
|
|
|
|
|
|
- assert: &true
|
|
|
|
that:
|
|
|
|
- "result.changed == true"
|
|
|
|
|
|
|
|
- name: Add another group to user
|
|
|
|
nxos_snmp_user: &chg
|
|
|
|
user: ntc
|
|
|
|
group: network-admin
|
|
|
|
provider: "{{ connection }}"
|
|
|
|
register: result
|
|
|
|
|
|
|
|
- assert: *true
|
|
|
|
|
|
|
|
- name: "Check Idempotence"
|
|
|
|
nxos_snmp_user: *chg
|
|
|
|
register: result
|
|
|
|
|
|
|
|
- assert: &false
|
|
|
|
that:
|
|
|
|
- "result.changed == false"
|
|
|
|
|
|
|
|
- name: Remove group from user
|
|
|
|
nxos_snmp_user: &remg
|
|
|
|
user: ntc
|
|
|
|
group: network-admin
|
|
|
|
provider: "{{ connection }}"
|
|
|
|
state: absent
|
|
|
|
register: result
|
|
|
|
|
|
|
|
- assert: *true
|
|
|
|
|
|
|
|
- pause:
|
|
|
|
seconds: 5
|
|
|
|
|
|
|
|
- name: "Check Idempotence"
|
|
|
|
nxos_snmp_user: *remg
|
|
|
|
register: result
|
|
|
|
|
|
|
|
- assert: *false
|
|
|
|
|
nxos_snmp_user: platform fixes for get_snmp_user (#55832)
* nxos_snmp_user: platform fixes for get_snmp_user
snmp user output behavior varies quite a bit for the different nxos platforms and required several workarounds:
- N5K/N6k
- These platforms do not support structured output for `show snmp user`.
- The current code lands in an `except` clause when the output is not structured; so I added a new `get_non_structured_snmp_user` method to scrape the state from the regular cli output if it's present.
- N9K-F
- The `group` data in the JSON output is different for this platform; it has a different key (just `group` instead of `TABLE_groups` or `group_names`) and it is not indexed
- For a single group the value is a string, for multiple groups it's a list
- sanity
- N5K/N6K/N9K-F platforms will reject `no snmp user <name> <role>` when it's the last role defined for the user.
- workaround is to use `nxos_user` to remove the user
- Changes validated on:
- `N3K, N3K-F, N35, N6K, N7K, N9K, N9K-F`
- `6.0(2)A8`
- `7.0(3)I2, 7.0(3)I4, 7.0(3)I5, 7.0(3)I6, 7.0(3)I7`
- `7.3(2)D1`
- `7.3(3)N1, 7.3(4)N1`
- `8.3(2)`
- `9.2(2), 9.2(3)`
* fix lint warning
6 years ago
|
|
|
- block:
|
|
|
|
# Some platforms will not allow snmp_user to remove the last role
|
|
|
|
- name: delete snmp user
|
|
|
|
nxos_snmp_user: &remove1
|
|
|
|
user: ntc
|
|
|
|
group: network-operator
|
|
|
|
provider: "{{ connection }}"
|
|
|
|
state: absent
|
|
|
|
register: result
|
|
|
|
|
nxos_snmp_user: platform fixes for get_snmp_user (#55832)
* nxos_snmp_user: platform fixes for get_snmp_user
snmp user output behavior varies quite a bit for the different nxos platforms and required several workarounds:
- N5K/N6k
- These platforms do not support structured output for `show snmp user`.
- The current code lands in an `except` clause when the output is not structured; so I added a new `get_non_structured_snmp_user` method to scrape the state from the regular cli output if it's present.
- N9K-F
- The `group` data in the JSON output is different for this platform; it has a different key (just `group` instead of `TABLE_groups` or `group_names`) and it is not indexed
- For a single group the value is a string, for multiple groups it's a list
- sanity
- N5K/N6K/N9K-F platforms will reject `no snmp user <name> <role>` when it's the last role defined for the user.
- workaround is to use `nxos_user` to remove the user
- Changes validated on:
- `N3K, N3K-F, N35, N6K, N7K, N9K, N9K-F`
- `6.0(2)A8`
- `7.0(3)I2, 7.0(3)I4, 7.0(3)I5, 7.0(3)I6, 7.0(3)I7`
- `7.3(2)D1`
- `7.3(3)N1, 7.3(4)N1`
- `8.3(2)`
- `9.2(2), 9.2(3)`
* fix lint warning
6 years ago
|
|
|
- assert: *true
|
|
|
|
|
nxos_snmp_user: platform fixes for get_snmp_user (#55832)
* nxos_snmp_user: platform fixes for get_snmp_user
snmp user output behavior varies quite a bit for the different nxos platforms and required several workarounds:
- N5K/N6k
- These platforms do not support structured output for `show snmp user`.
- The current code lands in an `except` clause when the output is not structured; so I added a new `get_non_structured_snmp_user` method to scrape the state from the regular cli output if it's present.
- N9K-F
- The `group` data in the JSON output is different for this platform; it has a different key (just `group` instead of `TABLE_groups` or `group_names`) and it is not indexed
- For a single group the value is a string, for multiple groups it's a list
- sanity
- N5K/N6K/N9K-F platforms will reject `no snmp user <name> <role>` when it's the last role defined for the user.
- workaround is to use `nxos_user` to remove the user
- Changes validated on:
- `N3K, N3K-F, N35, N6K, N7K, N9K, N9K-F`
- `6.0(2)A8`
- `7.0(3)I2, 7.0(3)I4, 7.0(3)I5, 7.0(3)I6, 7.0(3)I7`
- `7.3(2)D1`
- `7.3(3)N1, 7.3(4)N1`
- `8.3(2)`
- `9.2(2), 9.2(3)`
* fix lint warning
6 years ago
|
|
|
- pause:
|
|
|
|
seconds: 5
|
|
|
|
|
nxos_snmp_user: platform fixes for get_snmp_user (#55832)
* nxos_snmp_user: platform fixes for get_snmp_user
snmp user output behavior varies quite a bit for the different nxos platforms and required several workarounds:
- N5K/N6k
- These platforms do not support structured output for `show snmp user`.
- The current code lands in an `except` clause when the output is not structured; so I added a new `get_non_structured_snmp_user` method to scrape the state from the regular cli output if it's present.
- N9K-F
- The `group` data in the JSON output is different for this platform; it has a different key (just `group` instead of `TABLE_groups` or `group_names`) and it is not indexed
- For a single group the value is a string, for multiple groups it's a list
- sanity
- N5K/N6K/N9K-F platforms will reject `no snmp user <name> <role>` when it's the last role defined for the user.
- workaround is to use `nxos_user` to remove the user
- Changes validated on:
- `N3K, N3K-F, N35, N6K, N7K, N9K, N9K-F`
- `6.0(2)A8`
- `7.0(3)I2, 7.0(3)I4, 7.0(3)I5, 7.0(3)I6, 7.0(3)I7`
- `7.3(2)D1`
- `7.3(3)N1, 7.3(4)N1`
- `8.3(2)`
- `9.2(2), 9.2(3)`
* fix lint warning
6 years ago
|
|
|
- name: "Remove Idempotence"
|
|
|
|
nxos_snmp_user: *remove1
|
|
|
|
register: result
|
|
|
|
|
nxos_snmp_user: platform fixes for get_snmp_user (#55832)
* nxos_snmp_user: platform fixes for get_snmp_user
snmp user output behavior varies quite a bit for the different nxos platforms and required several workarounds:
- N5K/N6k
- These platforms do not support structured output for `show snmp user`.
- The current code lands in an `except` clause when the output is not structured; so I added a new `get_non_structured_snmp_user` method to scrape the state from the regular cli output if it's present.
- N9K-F
- The `group` data in the JSON output is different for this platform; it has a different key (just `group` instead of `TABLE_groups` or `group_names`) and it is not indexed
- For a single group the value is a string, for multiple groups it's a list
- sanity
- N5K/N6K/N9K-F platforms will reject `no snmp user <name> <role>` when it's the last role defined for the user.
- workaround is to use `nxos_user` to remove the user
- Changes validated on:
- `N3K, N3K-F, N35, N6K, N7K, N9K, N9K-F`
- `6.0(2)A8`
- `7.0(3)I2, 7.0(3)I4, 7.0(3)I5, 7.0(3)I6, 7.0(3)I7`
- `7.3(2)D1`
- `7.3(3)N1, 7.3(4)N1`
- `8.3(2)`
- `9.2(2), 9.2(3)`
* fix lint warning
6 years ago
|
|
|
- assert: *false
|
|
|
|
when: delete_last_user_allowed
|
|
|
|
|
|
|
|
always:
|
|
|
|
- name: delete snmp user
|
nxos_snmp_user: platform fixes for get_snmp_user (#55832)
* nxos_snmp_user: platform fixes for get_snmp_user
snmp user output behavior varies quite a bit for the different nxos platforms and required several workarounds:
- N5K/N6k
- These platforms do not support structured output for `show snmp user`.
- The current code lands in an `except` clause when the output is not structured; so I added a new `get_non_structured_snmp_user` method to scrape the state from the regular cli output if it's present.
- N9K-F
- The `group` data in the JSON output is different for this platform; it has a different key (just `group` instead of `TABLE_groups` or `group_names`) and it is not indexed
- For a single group the value is a string, for multiple groups it's a list
- sanity
- N5K/N6K/N9K-F platforms will reject `no snmp user <name> <role>` when it's the last role defined for the user.
- workaround is to use `nxos_user` to remove the user
- Changes validated on:
- `N3K, N3K-F, N35, N6K, N7K, N9K, N9K-F`
- `6.0(2)A8`
- `7.0(3)I2, 7.0(3)I4, 7.0(3)I5, 7.0(3)I6, 7.0(3)I7`
- `7.3(2)D1`
- `7.3(3)N1, 7.3(4)N1`
- `8.3(2)`
- `9.2(2), 9.2(3)`
* fix lint warning
6 years ago
|
|
|
nxos_snmp_user: *remove_snmp_user
|
|
|
|
when: platform is not search('N5K|N6K|N9K-F')
|
|
|
|
|
|
|
|
- name: remove user workaround
|
|
|
|
nxos_user: *workaround_remove_user
|
|
|
|
when: platform is search('N5K|N6K|N9K-F')
|
|
|
|
|
|
|
|
- debug: msg="END connection={{ ansible_connection }} nxos_snmp_user sanity test"
|