icx: new module icx_user (#60007)

* new module

* new terminal

* new terminal

* new cliconf

* cliconf

* icx cliconf

* icx_cliconf

* icx test units module

* icx units module

* icx banner unit test

* PR changes resolved

* changes resolved

* Changes Resolved

* check_running_config changes resolved

* added notes

* removed icx rst

* new changes

* deleted icx rst

* icx .rst

* modified platform_index.rst

* modified platform_index.rst

* changes resolved

* PR comments resolved

* Update platform_index.rst

PR comment resolved

* test

* Revert "test"

This reverts commit 99b72c6614.

* new module icx_user

* new changes

* new changes

* new changes

* new changes

* new changes

* new changes

* changes

* changes

* new fixes

* new changes

* notes updated
pull/61364/head
sushma-alethea 5 years ago committed by Ganesh Nalawade
parent a68d91d0a7
commit b09db0ba9e

@ -0,0 +1,391 @@
#!/usr/bin/python
# Copyright: Ansible Project
# GNU General Public License v3.0+ (see COPYING or https://www.gnu.org/licenses/gpl-3.0.txt)
from __future__ import absolute_import, division, print_function
__metaclass__ = type
ANSIBLE_METADATA = {'metadata_version': '1.1',
'status': ['preview'],
'supported_by': 'community'}
DOCUMENTATION = """
---
module: icx_user
version_added: "2.9"
author: "Ruckus Wireless (@Commscope)"
short_description: Manage the user accounts on Ruckus ICX 7000 series switches.
description:
- This module creates or updates user account on network devices. It allows playbooks to manage
either individual usernames or the aggregate of usernames in the
current running config. It also supports purging usernames from the
configuration that are not explicitly defined.
notes:
- Tested against ICX 10.1.
- For information on using ICX platform, see L(the ICX OS Platform Options guide,../network/user_guide/platform_icx.html).
options:
aggregate:
description:
- The set of username objects to be configured on the remote
ICX device. The list entries can either be the username
or a hash of username and properties. This argument is mutually
exclusive with the C(name) argument.
aliases: ['users', 'collection']
type: list
suboptions:
name:
description:
- The username to be configured on the ICX device.
required: true
type: str
configured_password:
description: The password to be configured on the ICX device.
type: str
update_password:
description:
- This argument will instruct the module when to change the password. When
set to C(always), the password will always be updated in the device
and when set to C(on_create) the password will be updated only if
the username is created.
choices: ['on_create', 'always']
type: str
privilege:
description:
- The privilege level to be granted to the user
choices: ['0', '4', '5']
type: str
nopassword:
description:
- Defines the username without assigning
a password. This will allow the user to login to the system
without being authenticated by a password.
type: bool
state:
description:
- Configures the state of the username definition
as it relates to the device operational configuration. When set
to I(present), the username(s) should be configured in the device active
configuration and when set to I(absent) the username(s) should not be
in the device active configuration
choices: ['present', 'absent']
type: str
access_time:
description:
- This parameter indicates the time the file's access time should be set to.
Should be preserve when no modification is required, YYYYMMDDHHMM.SS when using default time format, or now.
Default is None meaning that preserve is the default for state=[file,directory,link,hard] and now is default for state=touch
type: str
check_running_config:
description:
- Check running configuration. This can be set as environment variable.
Module will use environment variable value(default:True), unless it is overriden, by specifying it as module parameter.
type: bool
name:
description:
- The username to be configured on the ICX device.
required: true
type: str
configured_password:
description: The password to be configured on the ICX device.
type: str
update_password:
description:
- This argument will instruct the module when to change the password. When
set to C(always), the password will always be updated in the device
and when set to C(on_create) the password will be updated only if
the username is created.
default: always
choices: ['on_create', 'always']
type: str
privilege:
description:
- The privilege level to be granted to the user
default: 0
choices: ['0', '4', '5']
type: str
nopassword:
description:
- Defines the username without assigning
a password. This will allow the user to login to the system
without being authenticated by a password.
type: bool
purge:
description:
- If set to true module will remove any previously
configured usernames on the device except the current defined set of users.
type: bool
default: false
state:
description:
- Configures the state of the username definition
as it relates to the device operational configuration. When set
to I(present), the username(s) should be configured in the device active
configuration and when set to I(absent) the username(s) should not be
in the device active configuration
default: present
choices: ['present', 'absent']
type: str
access_time:
description:
- This parameter indicates the time the file's access time should be set to.
Should be preserve when no modification is required, YYYYMMDDHHMM.SS when using default time format, or now.
Default is None meaning that preserve is the default for state=[file,directory,link,hard] and now is default for state=touch
type: str
check_running_config:
description:
- Check running configuration. This can be set as environment variable.
Module will use environment variable value(default:True), unless it is overriden, by specifying it as module parameter.
type: bool
default: yes
"""
EXAMPLES = """
- name: create a new user without password
icx_user:
name: user1
nopassword: true
- name: create a new user with password
icx_user:
name: user1
configured_password: 'newpassword'
- name: remove users
icx_user:
name: user1
state: absent
- name: set user privilege level to 5
icx_user:
name: user1
privilege: 5
"""
RETURN = """
commands:
description: The list of configuration mode commands to send to the device
returned: always
type: list
sample:
- username ansible nopassword
- username ansible password-string alethea123
- no username ansible
- username ansible privilege 5
- username ansible enable
"""
from copy import deepcopy
import re
import base64
import hashlib
from functools import partial
from ansible.module_utils.basic import AnsibleModule, env_fallback
from ansible.module_utils.network.common.utils import remove_default_spec
from ansible.module_utils.connection import exec_command
from ansible.module_utils.six import iteritems
from ansible.module_utils.network.icx.icx import get_config, load_config
def get_param_value(key, item, module):
if not item.get(key):
value = module.params[key]
else:
value_type = module.argument_spec[key].get('type', 'str')
type_checker = module._CHECK_ARGUMENT_TYPES_DISPATCHER[value_type]
type_checker(item[key])
value = item[key]
validator = globals().get('validate_%s' % key)
if all((value, validator)):
validator(value, module)
return value
def map_params_to_obj(module):
users = module.params['aggregate']
if not users:
if not module.params['name'] and module.params['purge']:
return list()
elif not module.params['name']:
module.fail_json(msg='username is required')
else:
aggregate = [{'name': module.params['name']}]
else:
aggregate = list()
for item in users:
if not isinstance(item, dict):
aggregate.append({'name': item})
elif 'name' not in item:
module.fail_json(msg='name is required')
else:
aggregate.append(item)
objects = list()
for item in aggregate:
get_value = partial(get_param_value, item=item, module=module)
item['configured_password'] = get_value('configured_password')
item['nopassword'] = get_value('nopassword')
item['privilege'] = get_value('privilege')
item['state'] = get_value('state')
objects.append(item)
return objects
def parse_privilege(data):
match = re.search(r'privilege (\S)', data, re.M)
if match:
return match.group(1)
def map_config_to_obj(module):
compare = module.params['check_running_config']
data = get_config(module, flags=['| include username'], compare=compare)
match = re.findall(r'(?:^(?:u|\s{2}u))sername (\S+)', data, re.M)
if not match:
return list()
instances = list()
for user in set(match):
regex = r'username %s .+$' % user
cfg = re.findall(regex, data, re.M)
cfg = '\n'.join(cfg)
obj = {
'name': user,
'state': 'present',
'nopassword': 'nopassword' in cfg,
'configured_password': None,
'privilege': parse_privilege(cfg)
}
instances.append(obj)
return instances
def map_obj_to_commands(updates, module):
commands = list()
state = module.params['state']
update_password = module.params['update_password']
def needs_update(want, have, x):
return want.get(x) and (want.get(x) != have.get(x))
def add(command, want, x):
command.append('username %s %s' % (want['name'], x))
for update in updates:
want, have = update
if want['state'] == 'absent':
commands.append(user_del_cmd(want['name']))
if needs_update(want, have, 'privilege'):
add(commands, want, 'privilege %s password %s' % (want['privilege'], want['configured_password']))
else:
if needs_update(want, have, 'configured_password'):
if update_password == 'always' or not have:
add(commands, want, '%spassword %s' % ('privilege ' + str(have.get('privilege')) +
" " if have.get('privilege') is not None else '', want['configured_password']))
if needs_update(want, have, 'nopassword'):
if want['nopassword']:
add(commands, want, 'nopassword')
if needs_update(want, have, 'access_time'):
add(commands, want, 'access-time %s' % want['access_time'])
if needs_update(want, have, 'expiry_days'):
add(commands, want, 'expires %s' % want['expiry_days'])
return commands
def update_objects(want, have):
updates = list()
for entry in want:
item = next((i for i in have if i['name'] == entry['name']), None)
if all((item is None, entry['state'] == 'present')):
updates.append((entry, {}))
elif all((have == [], entry['state'] == 'absent')):
for key, value in iteritems(entry):
if key not in ['update_password']:
updates.append((entry, item))
break
elif item:
for key, value in iteritems(entry):
if key not in ['update_password']:
if value is not None and value != item.get(key):
updates.append((entry, item))
break
return updates
def user_del_cmd(username):
return 'no username %s' % username
def main():
"""entry point for module execution
"""
element_spec = dict(
name=dict(),
configured_password=dict(no_log=True),
nopassword=dict(type='bool', default=False),
update_password=dict(default='always', choices=['on_create', 'always']),
privilege=dict(type='str', choices=['0', '4', '5']),
access_time=dict(type='str'),
state=dict(default='present', choices=['present', 'absent']),
check_running_config=dict(default=True, type='bool', fallback=(env_fallback, ['ANSIBLE_CHECK_ICX_RUNNING_CONFIG']))
)
aggregate_spec = deepcopy(element_spec)
aggregate_spec['name'] = dict(required=True)
remove_default_spec(aggregate_spec)
argument_spec = dict(
aggregate=dict(type='list', elements='dict', options=aggregate_spec, aliases=['users', 'collection']),
purge=dict(type='bool', default=False)
)
argument_spec.update(element_spec)
mutually_exclusive = [('name', 'aggregate')]
module = AnsibleModule(argument_spec=argument_spec,
mutually_exclusive=mutually_exclusive,
supports_check_mode=True)
result = {'changed': False}
exec_command(module, 'skip')
want = map_params_to_obj(module)
have = map_config_to_obj(module)
commands = map_obj_to_commands(update_objects(want, have), module)
if module.params['purge']:
want_users = [x['name'] for x in want]
have_users = [x['name'] for x in have]
for item in set(have_users).difference(want_users):
if item != 'admin':
commands.append(user_del_cmd(item))
result["commands"] = commands
if commands:
if not module.check_mode:
load_config(module, commands)
result['changed'] = True
module.exit_json(**result)
if __name__ == '__main__':
main()

@ -0,0 +1,8 @@
username ale1 privilege 5 password .....
username ale1 expires 3
username ale2 privilege 5 password .....
username ale2 expires 3
username ale3 privilege 5 password .....
username ale3 expires 3
username ale4 privilege 5 password .....
username ale4 expires 3

@ -0,0 +1,197 @@
# Copyright: (c) 2019, Ansible Project
# GNU General Public License v3.0+ (see COPYING or https://www.gnu.org/licenses/gpl-3.0.txt)
from __future__ import (absolute_import, division, print_function)
__metaclass__ = type
from units.compat.mock import patch
from ansible.modules.network.icx import icx_user
from units.modules.utils import set_module_args
from .icx_module import TestICXModule, load_fixture
class TestICXSCPModule(TestICXModule):
module = icx_user
def setUp(self):
super(TestICXSCPModule, self).setUp()
self.mock_get_config = patch('ansible.modules.network.icx.icx_user.get_config')
self.get_config = self.mock_get_config.start()
self.mock_load_config = patch('ansible.modules.network.icx.icx_user.load_config')
self.load_config = self.mock_load_config.start()
self.mock_exec_command = patch('ansible.modules.network.icx.icx_user.exec_command')
self.exec_command = self.mock_exec_command.start()
self.set_running_config()
def tearDown(self):
super(TestICXSCPModule, self).tearDown()
self.mock_get_config.stop()
self.mock_load_config.stop()
self.mock_exec_command.stop()
def load_fixtures(self, commands=None):
compares = None
def load_file(*args, **kwargs):
module = args
for arg in args:
if arg.params['check_running_config'] is True:
return load_fixture('show_running-config_include_username.txt').strip()
else:
return ''
self.get_config.side_effect = load_file
self.load_config.return_value = None
def test_icx_user_create_new_with_password(self):
set_module_args(dict(name='ale6', configured_password='alethea123'))
if not self.ENV_ICX_USE_DIFF:
commands = ['username ale6 password alethea123']
self.execute_module(commands=commands, changed=True)
else:
commands = ['username ale6 password alethea123']
self.execute_module(commands=commands, changed=True)
def test_icx_user_create_new_with_password_and_privilege(self):
set_module_args(dict(name='ale6', privilege="5", configured_password='alethea123'))
if not self.ENV_ICX_USE_DIFF:
commands = ['username ale6 privilege 5 password alethea123']
self.execute_module(commands=commands, changed=True)
else:
commands = ['username ale6 privilege 5 password alethea123']
self.execute_module(commands=commands, changed=True)
def test_icx_user_update_privilege(self):
set_module_args(dict(name='ale1', privilege="0", configured_password='alethea123'))
if not self.ENV_ICX_USE_DIFF:
commands = ['username ale1 privilege 0 password alethea123']
self.execute_module(commands=commands, changed=True)
else:
commands = ['username ale1 privilege 0 password alethea123']
self.execute_module(commands=commands, changed=True)
def test_icx_user_update_password(self):
set_module_args(dict(name='ale1', configured_password='alethea123'))
if not self.ENV_ICX_USE_DIFF:
commands = ['username ale1 password alethea123'] # previous privilage will be added
self.execute_module(commands=commands, changed=True)
else:
commands = ['username ale1 privilege 5 password alethea123'] # previous privilage will be added
self.execute_module(commands=commands, changed=True)
def test_icx_user_update_password_compare(self):
set_module_args(dict(name='ale1', configured_password='alethea123', check_running_config=True))
if not self.ENV_ICX_USE_DIFF:
commands = ['username ale1 privilege 5 password alethea123'] # previous privilage will be added
self.execute_module(commands=commands, changed=True)
else:
commands = ['username ale1 privilege 5 password alethea123'] # previous privilage will be added
self.execute_module(commands=commands, changed=True)
def test_icx_user_delete_user(self):
set_module_args(dict(name='ale1', state="absent"))
if not self.ENV_ICX_USE_DIFF:
commands = ['no username ale1']
self.execute_module(commands=commands, changed=True)
else:
commands = ['no username ale1']
self.execute_module(commands=commands, changed=True)
def test_icx_user_agregate(self):
set_module_args(dict(aggregate=[
{
"name": 'ale6',
"configured_password": 'alethea123'
},
{
"name": 'ale7',
"configured_password": 'alethea123'
}
]))
if not self.ENV_ICX_USE_DIFF:
commands = [
'username ale6 password alethea123',
'username ale7 password alethea123'
]
self.execute_module(commands=commands, changed=True)
else:
commands = [
'username ale6 password alethea123',
'username ale7 password alethea123'
]
self.execute_module(commands=commands, changed=True)
def test_icx_user_not_update_old_user_password(self):
set_module_args(dict(aggregate=[
{
"name": 'ale6',
"configured_password": 'alethea123'
},
{
"name": 'ale1',
"configured_password": 'alethea123',
},
],
update_password='on_create'
))
if not self.ENV_ICX_USE_DIFF:
commands = [
'username ale1 password alethea123',
'username ale6 password alethea123',
]
self.execute_module(commands=commands, changed=True)
else:
commands = [
'username ale6 password alethea123',
]
self.execute_module(commands=commands, changed=True)
def test_icx_user_only_update_changed_settings(self):
set_module_args(dict(aggregate=[
{
"name": 'ale1'
},
{
"name": 'ale2',
"privilege": 5,
"configured_password": "ale123"
},
{
"name": 'ale3',
"privilege": 4,
"configured_password": "ale123"
}
],
update_password="on_create"
))
if not self.ENV_ICX_USE_DIFF:
commands = [
'username ale2 privilege 5 password ale123',
'username ale3 privilege 4 password ale123'
]
self.execute_module(commands=commands, changed=True)
else:
commands = [
'username ale3 privilege 4 password ale123'
]
self.execute_module(commands=commands, changed=True)
def test_icx_user_purge(self):
set_module_args(dict(aggregate=[
{
"name": 'ale1'
}
],
purge=True
))
if not self.ENV_ICX_USE_DIFF:
commands = [
]
self.execute_module(commands=commands, changed=False)
else:
commands = [
'no username ale2',
'no username ale3',
'no username ale4'
]
self.execute_module(commands=commands, changed=True)
Loading…
Cancel
Save