fix nxos_snmp_user issues (#39760)

* fix nxos_snmp_user issues * shipppable fix
7 years ago · e3bfbe5875
parent 58f9676d4b
commit e3bfbe5875
2 changed files with 138 additions and 54 deletions
--- a/lib/ansible/modules/network/nxos/nxos_snmp_user.py
+++ b/lib/ansible/modules/network/nxos/nxos_snmp_user.py
@ -42,7 +42,15 @@ options:
    group:
        description:
            - Group to which the user will belong to.
-        required: true
+              If state = present, and the user is existing,
+              the group is added to the user. If the user
+              is not existing, user entry is created with this
+              group argument.
+              If state = absent, only the group is removed from the
+              user entry. However, to maintain backward compatibility,
+              if the existing user belongs to only one group, and if
+              group argument is same as the existing user's group,
+              then the user entry also is deleted.
    authentication:
        description:
            - Authentication parameters for the user.
@ -50,9 +58,11 @@ options:
    pwd:
        description:
            - Authentication password when using md5 or sha.
+              This is not idempotent
    privacy:
        description:
            - Privacy password for the user.
+              This is not idempotent
    encrypt:
        description:
            - Enables AES-128 bit encryption when using privacy password.
@ -148,8 +158,18 @@ def get_snmp_user(user, module):
            privkey = 'priv'
            grpkey = 'group'

-        resource_table = body[0][tablekey][rowkey]
-        resource['user'] = str(resource_table['user'])
+        rt = body[0][tablekey][rowkey]
+        # on some older platforms, all groups except the 1st one
+        # are in list elements by themselves and they are
+        # indexed by 'user'. This is due to a platform bug.
+        # Get first element if rt is a list due to the bug
+        # or if there is no bug, parse rt directly
+        if isinstance(rt, list):
+            resource_table = rt[0]
+        else:
+            resource_table = rt
+
+        resource['user'] = user
        resource['authentication'] = str(resource_table[authkey]).strip()
        encrypt = str(resource_table[privkey]).strip()
        if encrypt.startswith('aes'):
@ -166,6 +186,15 @@ def get_snmp_user(user, module):
        except TypeError:
            groups.append(str(group_table[grpkey]).strip())

+        # Now for the platform bug case, get the groups
+        if isinstance(rt, list):
+            # remove 1st element from the list as this is parsed already
+            rt.pop(0)
+            # iterate through other elements indexed by
+            # 'user' and add it to groups.
+            for each in rt:
+                groups.append(each['user'].strip())
+
        resource['group'] = groups

    except (KeyError, AttributeError, IndexError, TypeError):
@ -174,22 +203,23 @@ def get_snmp_user(user, module):
    return resource


-def remove_snmp_user(user):
+def remove_snmp_user(user, group=None):
+    if group:
+        return ['no snmp-server user {0} {1}'.format(user, group)]
+    else:
        return ['no snmp-server user {0}'.format(user)]


-def config_snmp_user(proposed, user, reset, new):
-    if reset and not new:
+def config_snmp_user(proposed, user, reset):
+    if reset:
        commands = remove_snmp_user(user)
    else:
        commands = []

-    group = proposed.get('group', None)
-
-    cmd = ''
-
-    if group:
+    if proposed.get('group'):
        cmd = 'snmp-server user {0} {group}'.format(user, **proposed)
+    else:
+        cmd = 'snmp-server user {0}'.format(user)

    auth = proposed.get('authentication', None)
    pwd = proposed.get('pwd', None)
@ -214,7 +244,7 @@ def config_snmp_user(proposed, user, reset, new):
 def main():
    argument_spec = dict(
        user=dict(required=True, type='str'),
-        group=dict(type='str', required=True),
+        group=dict(type='str'),
        pwd=dict(type='str'),
        privacy=dict(type='str'),
        authentication=dict(choices=['md5', 'sha']),
@ -251,19 +281,28 @@ def main():

    existing = get_snmp_user(user, module)

-    if existing:
+    if state == 'present' and existing:
+        if group:
            if group not in existing['group']:
                existing['group'] = None
            else:
                existing['group'] = group
+        else:
+            existing['group'] = None

    commands = []

    if state == 'absent' and existing:
+        if group:
+            if group in existing['group']:
+                if len(existing['group']) == 1:
+                    commands.append(remove_snmp_user(user))
+                else:
+                    commands.append(remove_snmp_user(user, group))
+        else:
            commands.append(remove_snmp_user(user))

    elif state == 'present':
-        new = False
        reset = False

        args = dict(user=user, pwd=pwd, group=group, privacy=privacy,
@ -273,7 +312,7 @@ def main():
        if not existing:
            if encrypt:
                proposed['encrypt'] = 'aes-128'
-            commands.append(config_snmp_user(proposed, user, reset, new))
+            commands.append(config_snmp_user(proposed, user, reset))

        elif existing:
            if encrypt and not existing['encrypt'].startswith('aes'):
@ -285,13 +324,11 @@ def main():
            if delta.get('pwd'):
                delta['authentication'] = authentication

-            if delta:
-                delta['group'] = group
-
            if delta and encrypt:
                delta['encrypt'] = 'aes-128'

-            command = config_snmp_user(delta, user, reset, new)
+            if delta:
+                command = config_snmp_user(delta, user, reset)
                commands.append(command)

    cmds = flatten_list(commands)
--- a/test/integration/targets/nxos_snmp_user/tests/common/sanity.yaml
+++ b/test/integration/targets/nxos_snmp_user/tests/common/sanity.yaml
@ -3,7 +3,17 @@
 - debug: msg="Using provider={{ connection.transport }}"
  when: ansible_connection == "local"

- name: Create snmp user
+- name: Remove snmp user
+  nxos_snmp_user: &remove
+    user: ntc
+    state: absent
+    provider: "{{ connection }}"
+
+- pause:
+    seconds: 5
+
+- block:
+  - name: Create snmp user
    nxos_snmp_user: &create
      user: ntc
      group: network-operator
@ -14,30 +24,67 @@
      provider: "{{ connection }}"
    register: result

- assert: &true
+  - assert: &true
      that:
        - "result.changed == true"

- name: delete snmp user
-  nxos_snmp_user: &remove
+  - name: Add another group to user
+    nxos_snmp_user: &chg
      user: ntc
-    group: network-operator
-    authentication: md5
-    pwd: Testing1%
-    privacy: HelloU$er1
-    encrypt: true
-    state: absent
+      group: network-admin
      provider: "{{ connection }}"
    register: result

- assert: *true
+  - assert: *true

- name: "Remove Idempotence"
-  nxos_snmp_user: *remove
+  - name: "Check Idempotence"
+    nxos_snmp_user: *chg
    register: result

- assert: &false
+  - assert: &false
      that:
        - "result.changed == false"

+  - name: Remove group from user
+    nxos_snmp_user: &remg
+      user: ntc
+      group: network-admin
+      state: absent
+      provider: "{{ connection }}"
+    register: result
+
+  - assert: *true
+
+  - pause:
+      seconds: 5
+
+  - name: "Check Idempotence"
+    nxos_snmp_user: *remg
+    register: result
+
+  - assert: *false
+
+  - name: delete snmp user
+    nxos_snmp_user: &remove1
+      user: ntc
+      group: network-operator
+      state: absent
+      provider: "{{ connection }}"
+    register: result
+
+  - assert: *true
+
+  - pause:
+      seconds: 5
+
+  - name: "Remove Idempotence"
+    nxos_snmp_user: *remove1
+    register: result
+
+  - assert: *false
+
+  always:
+    - name: delete snmp user
+      nxos_snmp_user: *remove
+
 - debug: msg="END connection={{ ansible_connection }} nxos_snmp_user sanity test"