Skip to content

Commit

Permalink
[ignore_changes] Added additional changes to support delete and updat…
Browse files Browse the repository at this point in the history 
…e with uuid.
  • Loading branch information
@anvitha-jain
anvitha-jain committed Oct 2, 2024
1 parent 589a4b3 commit dbb0238
Show file tree
Hide file tree
Showing 2 changed files with 96 additions and 26 deletions.
43 changes: 32 additions & 11 deletions plugins/modules/ndo_mac_sec_policy.py
View file
Original file line number Diff line number Diff line change
Expand Up @@ -178,10 +178,11 @@
host: mso_host
username: admin
password: SomeSecretPassword
template: ansible_test_template
state: query
register: query_all
- name: Query a MACSec Policy with mac_sec_policy uuid
- name: Query a MACSec Policy with mac_sec_policy UUID
cisco.mso.ndo_mac_sec_policy:
host: mso_host
username: admin
Expand All @@ -191,14 +192,23 @@
state: query
register: query_uuid
- name: Delete a MACSec Policy
- name: Delete a MACSec Policy with name
cisco.mso.ndo_mac_sec_policy:
host: mso_host
username: admin
password: SomeSecretPassword
template: ansible_test_template
mac_sec_policy: ansible_test_mac_sec_policy
state: absent
- name: Delete a MACSec Policy with UUID
cisco.mso.ndo_mac_sec_policy:
host: mso_host
username: admin
password: SomeSecretPassword
template: ansible_test_template
mac_sec_policy_uuid: ansible_test_mac_sec_policy_uuid
state: absent
"""

RETURN = r"""
Expand Down Expand Up @@ -248,7 +258,7 @@ def main():
supports_check_mode=True,
required_if=[
["state", "present", ["mac_sec_policy"]],
["state", "absent", ["mac_sec_policy"]],
["state", "absent", ["mac_sec_policy", "mac_sec_policy_uuid"], True],
],
)

Expand Down Expand Up @@ -276,15 +286,15 @@ def main():
mso_template.validate_template("fabricPolicy")

path = "/fabricPolicyTemplate/template/macsecPolicies"
object_description = "MACSec Policy"

existing_mac_sec_policies = mso_template.template.get("fabricPolicyTemplate", {}).get("template", {}).get("macsecPolicies", [])
if mac_sec_policy or mac_sec_policy_uuid:
object_description = "MACSec Policy"
if mac_sec_policy_uuid:
match = mso_template.get_object_by_uuid(object_description, existing_mac_sec_policies, mac_sec_policy_uuid)
else:
kv_list = [KVPair("name", mac_sec_policy)]
match = mso_template.get_object_by_key_value_pairs(object_description, existing_mac_sec_policies, kv_list)
match = mso_template.get_object_by_key_value_pairs(
object_description,
existing_mac_sec_policies,
[KVPair("uuid", mac_sec_policy_uuid) if mac_sec_policy_uuid else KVPair("name", mac_sec_policy)],
)
if match:
mso.existing = mso.previous = copy.deepcopy(match.details)
else:
Expand Down Expand Up @@ -410,10 +420,21 @@ def main():
elif state == "absent":
if match:
ops.append(dict(op="remove", path="{0}/{1}".format(path, match.index)))
mso.existing = {}

if not module.check_mode and ops:
mso.request(mso_template.template_path, method="PATCH", data=ops)
response = mso.request(mso_template.template_path, method="PATCH", data=ops)
macsec_policies = response.get("fabricPolicyTemplate", {}).get("template", {}).get("macsecPolicies", [])
match = mso_template.get_object_by_key_value_pairs(
object_description,
macsec_policies,
[KVPair("uuid", mac_sec_policy_uuid) if mac_sec_policy_uuid else KVPair("name", mac_sec_policy)],
)
if match:
mso.existing = match.details
else:
mso.existing = {}
elif module.check_mode and state != "query":
mso.existing = mso.proposed if state == "present" else {}

mso.exit_json()

Expand Down
79 changes: 64 additions & 15 deletions tests/integration/targets/ndo_mac_sec_policy/tasks/main.yml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -40,9 +40,7 @@

- name: Create a fabric template
cisco.mso.ndo_template:
<<: *mso_info
name: ansible_fabric_policy_template
type: fabric_policy
<<: *template_absent
state: present

# CREATE
Expand Down Expand Up @@ -77,15 +75,23 @@
- nm_add_mac_sec_policy is changed
- nm_add_mac_sec_policy.current.name == 'ansible_mac_sec_policy'
- nm_add_mac_sec_policy.current.type == 'fabric'
- nm_add_mac_sec_policy.current.description == ''
- nm_add_mac_sec_policy.current.adminState == 'enabled'
- nm_add_mac_sec_policy.current.macsecParams.cipherSuite == '256GcmAesXpn'
- nm_add_mac_sec_policy.current.macsecParams.sakExpiryTime == 0
- nm_add_mac_sec_policy.current.macsecParams.securityPol == 'shouldSecure'
- nm_add_mac_sec_policy.current.macsecParams.windowSize == 0
- nm_add_mac_sec_policy.current.uuid is defined
- nm_add_mac_sec_policy_again is not changed
- nm_add_mac_sec_policy_again.previous.name == nm_add_mac_sec_policy_again.current.name == 'ansible_mac_sec_policy'
- nm_add_mac_sec_policy_again.previous.type == nm_add_mac_sec_policy_again.current.type == 'fabric'
- nm_add_mac_sec_policy_again.previous.description == nm_add_mac_sec_policy_again.current.description == ''
- nm_add_mac_sec_policy_again.previous.uuid is defined
- nm_add_mac_sec_policy_again.current.uuid is defined
- nm_add_mac_sec_policy_again.previous.macsecParams.cipherSuite == '256GcmAesXpn'
- nm_add_mac_sec_policy_again.previous.macsecParams.sakExpiryTime == 0
- nm_add_mac_sec_policy_again.previous.macsecParams.securityPol == 'shouldSecure'
- nm_add_mac_sec_policy_again.previous.macsecParams.windowSize == 0
- nm_add_mac_sec_policy_again.previous.macsecParams.cipherSuite == nm_add_mac_sec_policy_again.current.macsecParams.cipherSuite == '256GcmAesXpn'
- nm_add_mac_sec_policy_again.previous.macsecParams.sakExpiryTime == nm_add_mac_sec_policy_again.current.macsecParams.sakExpiryTime == 0
- nm_add_mac_sec_policy_again.previous.macsecParams.securityPol == nm_add_mac_sec_policy_again.current.macsecParams.securityPol == 'shouldSecure'
- nm_add_mac_sec_policy_again.previous.macsecParams.windowSize == nm_add_mac_sec_policy_again.current.macsecParams.windowSize == 0

# MACsec policy interface_type access
- name: Create a MACSec policy of interface_type 'access'
Expand All @@ -104,6 +110,15 @@
- add_mac_sec_policy_access.previous == {}
- add_mac_sec_policy_access.current.name == 'ansible_mac_sec_policy_access'
- add_mac_sec_policy_access.current.type == 'access'
- add_mac_sec_policy_access.current.description == ''
- add_mac_sec_policy_access.current.adminState == 'enabled'
- add_mac_sec_policy_access.current.macsecParams.cipherSuite == '256GcmAesXpn'
- add_mac_sec_policy_access.current.macsecParams.sakExpiryTime == 0
- add_mac_sec_policy_access.current.macsecParams.securityPol == 'shouldSecure'
- add_mac_sec_policy_access.current.macsecParams.windowSize == 64
- add_mac_sec_policy_access.current.macsecParams.confOffSet == 'offset0'
- add_mac_sec_policy_access.current.macsecParams.keyServerPrio == 16
- add_mac_sec_policy_access.current.uuid is defined

# UPDATE

Expand Down Expand Up @@ -208,10 +223,13 @@
- nm_update_mac_sec_policy.current.macsecParams.confOffSet == 'offset30'
- nm_update_mac_sec_policy.current.macsecParams.keyServerPrio == 10
- nm_update_mac_sec_policy.current.macsecKeys | length == 3
- nm_update_mac_sec_policy.current.uuid is defined
- nm_update_mac_sec_policy_again is changed
- nm_update_mac_sec_policy_again.previous.name == cm_update_mac_sec_policy.current.name == nm_update_mac_sec_policy.current.name == 'ansible_mac_sec_policy_2'
- nm_update_mac_sec_policy_again.previous.type == cm_update_mac_sec_policy.current.type == nm_update_mac_sec_policy.current.type == 'access'
- nm_update_mac_sec_policy_again.previous.description == cm_update_mac_sec_policy.current.description == nm_update_mac_sec_policy.current.description == 'Updated description'
- nm_update_mac_sec_policy_again.current.uuid is defined
- nm_update_mac_sec_policy_again.previous.uuid is defined

- name: Update the MACsec policy name
cisco.mso.ndo_mac_sec_policy:
Expand All @@ -229,6 +247,14 @@
- nm_update_mac_sec_policy_uuid.previous.name == 'ansible_mac_sec_policy'
- nm_update_mac_sec_policy_uuid.current.name == 'ansible_mac_sec_policy_changed'
- nm_update_mac_sec_policy_uuid.current.type == nm_update_mac_sec_policy_uuid.current.type == 'fabric'
- nm_update_mac_sec_policy_uuid.current.description == nm_update_mac_sec_policy_uuid.current.description == ''
- nm_update_mac_sec_policy_uuid.current.adminState == nm_update_mac_sec_policy_uuid.current.adminState == 'enabled'
- nm_update_mac_sec_policy_uuid.current.macsecParams.cipherSuite == nm_update_mac_sec_policy_uuid.current.macsecParams.cipherSuite == '256GcmAesXpn'
- nm_update_mac_sec_policy_uuid.current.macsecParams.sakExpiryTime == nm_update_mac_sec_policy_uuid.current.macsecParams.sakExpiryTime == 0
- nm_update_mac_sec_policy_uuid.current.macsecParams.securityPol == nm_update_mac_sec_policy_uuid.current.macsecParams.securityPol == 'shouldSecure'
- nm_update_mac_sec_policy_uuid.current.macsecParams.windowSize == nm_update_mac_sec_policy_uuid.current.macsecParams.windowSize == 0
- nm_update_mac_sec_policy_uuid.previous.uuid == nm_update_mac_sec_policy_uuid.current.uuid
- nm_update_mac_sec_policy_uuid.current.uuid is defined

- name: Update the MACsec policy by removing the mac_sec_key
cisco.mso.ndo_mac_sec_policy:
Expand All @@ -245,7 +271,7 @@
- rm_update_mac_sec_policy_key.current.macsecKeys is not defined

# QUERY
- name: Query a MACsec policy with mac_sec_policy name
- name: Query a MACsec policy with name
cisco.mso.ndo_mac_sec_policy:
<<: *mso_info
template: ansible_fabric_policy_template
Expand All @@ -270,15 +296,15 @@
- query_all is not changed
- query_all.current | length >= 2

- name: Query a MACsec policy with mac_sec_policy uuid
- name: Query a MACsec policy with UUID
cisco.mso.ndo_mac_sec_policy:
<<: *mso_info
template: ansible_fabric_policy_template
mac_sec_policy_uuid: '{{ nm_update_mac_sec_policy_uuid.current.uuid }}'
state: query
register: query_uuid

- name: Assert that the MACsec policy was queried with mac_sec_policy uuid
- name: Assert that the MACsec policy was queried with mac_sec_policy UUID
assert:
that:
- query_uuid is not changed
Expand Down Expand Up @@ -326,21 +352,21 @@
- validate_invalid_time.msg == "TIME FORMAT ERROR{{":"}} The time must be in 'YYYY-MM-DD HH:MM:SS' format."

# DELETE
- name: Delete a MACsec policy of interface_type 'fabric' (check mode)
- name: Delete a MACsec policy with name (check mode)
cisco.mso.ndo_mac_sec_policy: &delete_mac_sec_policy
<<: *mso_info
template: ansible_fabric_policy_template
mac_sec_policy: ansible_mac_sec_policy_changed
mac_sec_policy: ansible_mac_sec_policy_2
state: absent
check_mode: true
register: cm_delete_mac_sec_policy

- name: Delete a MACsec policy of interface_type 'fabric'
- name: Delete a MACsec policy with name
cisco.mso.ndo_mac_sec_policy:
<<: *delete_mac_sec_policy
register: nm_delete_mac_sec_policy

- name: Delete MACsec policy of interface_type 'fabric' again
- name: Delete a MACsec policy with name again
cisco.mso.ndo_mac_sec_policy:
<<: *delete_mac_sec_policy
register: nm_delete_mac_sec_policy_again
Expand All @@ -350,4 +376,27 @@
that:
- cm_delete_mac_sec_policy is changed
- nm_delete_mac_sec_policy is changed
- nm_delete_mac_sec_policy_again is not changed
- nm_delete_mac_sec_policy_again is not changed
- nm_delete_mac_sec_policy.previous.name == 'ansible_mac_sec_policy_2'
- nm_delete_mac_sec_policy.current == {}
- nm_delete_mac_sec_policy_again.current == nm_delete_mac_sec_policy_again.previous == {}

- name: Delete a MACSec policy with UUID
cisco.mso.ndo_mac_sec_policy:
<<: *mso_info
template: ansible_fabric_policy_template
mac_sec_policy_uuid: '{{ nm_update_mac_sec_policy_uuid.current.uuid }}'
state: absent
register: delete_mac_sec_policy_uuid

- name: Assert that the MACsec policy was deleted using UUID
assert:
that:
- delete_mac_sec_policy_uuid is changed
- delete_mac_sec_policy_uuid.previous.name == 'ansible_mac_sec_policy_changed'
- delete_mac_sec_policy_uuid.current == {}

# CLEANUP
- name: Remove fabric template
cisco.mso.ndo_template:
<<: *template_absent

0 comments on commit dbb0238

Please sign in to comment.