[Ignore] Fixed BD module based on PR comments

- Added examples to the documentation - Fixed pim source and destination filters and added test cases - Fixed child config removal code and added test cases.
CiscoDevNet · Feb 27, 2024 · b890c9f · b890c9f
1 parent 158009d
commit b890c9f
Show file tree

Hide file tree

Showing 2 changed files with 211 additions and 30 deletions.
diff --git a/plugins/modules/aci_bd.py b/plugins/modules/aci_bd.py
@@ -204,37 +204,44 @@
   mld_snoop_policy:
     description:
     - The name of the Multicast Listener Discovery (MLD) Snooping Policy the Bridge Domain should use when overriding the default MLD Snooping Policy.
+    - To delete this attribute, pass an empty string.
     type: str
     aliases: [mld_snoop, mld_policy]
   igmp_policy:
     description:
     - The name of the IGMP Interface Policy the Bridge Domain should use when overriding the default IGMP Interface Policy.
+    - To delete this attribute, pass an empty string.
     type: str
     aliases: [igmp]
   vlan:
     description:
     - The selected VLAN for bridge domain access port encapsulation.
+    - To delete this attribute, pass an empty string.
     type: str
     aliases: [encap]
   monitoring_policy:
     description:
     - The name of the Monitoring Policy to apply to the Bridge Domain.
+    - To delete this attribute, pass an empty string.
     type: str
     aliases: [mon_pol, monitoring_pol]
   first_hop_security_policy:
     description:
     - The name of the First Hop Security Policy to apply to the Bridge Domain.
+    - To delete this attribute, pass an empty string.
     type: str
     aliases: [fhsp, fhs_pol, fhsp_name]
   pim_source_filter:
     description:
     - The name of the PIM Source Filter to apply to the Bridge Domain.
+    - To delete this attribute, pass an empty string.
     - Only available in APIC version 5.2 or later.
     type: str
     aliases: [pim_source]
   pim_destination_filter:
     description:
     - The name of the PIM Destination Filter to apply to the Bridge Domain.
+    - To delete this attribute, pass an empty string.
     - Only available in APIC version 5.2 or later.
     type: str
     aliases: [pim_dest, pim_destination]
@@ -268,6 +275,19 @@
     bd: web_servers
     mac_address: 00:22:BD:F8:19:FE
     vrf: prod_vrf
+    host_based_routing: true
+    allow_intersite_bum_traffic: true
+    allow_intersite_l2_stretch: true
+    allow_ipv6_mcast: true
+    ll_addr: "fe80::1322:33ff:fe44:5566"
+    vmac: "00:AA:BB:CC:DD:03"
+    optimize_wan_bandwidth: true
+    vlan: vlan-101
+    igmp_policy: web_servers_igmp_pol
+    monitoring_policy: web_servers_monitoring_pol
+    igmp_snoop_policy: web_servers_igmp_snoop
+    mld_snoop_policy: web_servers_mld_snoop
+    first_hop_security_policy: web_servers_fhs
     state: present
   delegate_to: localhost
 
@@ -298,6 +318,21 @@
     state: present
   delegate_to: localhost
 
+- name: Modify a Bridge Domain to remove mld_snoop_policy and first_hop_security_policy
+  cisco.aci.aci_bd:
+    host: "{{ inventory_hostname }}"
+    username: "{{ username }}"
+    password: "{{ password }}"
+    validate_certs: true
+    tenant: prod
+    bd: web_servers
+    arp_flooding: true
+    l2_unknown_unicast: flood
+    mld_snoop_policy: ""
+    first_hop_security_policy: ""
+    state: present
+  delegate_to: localhost
+
 - name: Query All Bridge Domains
   cisco.aci.aci_bd:
     host: "{{ inventory_hostname }}"
@@ -548,6 +583,30 @@ def main():
     pim_source_filter = module.params.get("pim_source_filter")
     pim_destination_filter = module.params.get("pim_destination_filter")
 
+    child_classes = [
+        "fvRsCtx",
+        "fvRsIgmpsn",
+        "fvRsBDToNdP",
+        "fvRsBdToEpRet",
+        "fvRsBDToProfile",
+        "fvRsMldsn",
+        "igmpIfP",
+        "igmpRsIfPol",
+        "fvAccP",
+        "fvRsABDPolMonPol",
+        "fvRsBDToFhs",
+    ]
+    if pim_source_filter is not None or pim_destination_filter is not None:
+        # Only valid for APIC verion 5.2+
+        child_classes.extend(
+            [
+                "pimBDP",
+                "pimBDFilterPol",
+                "pimBDSrcFilterPol",
+                "pimBDDestFilterPol",
+                "rtdmcRsFilterToRtMapPol",
+            ]
+        )
     aci.construct_url(
         root_class=dict(
             aci_class="fvTenant",
@@ -561,19 +620,7 @@ def main():
             module_object=bd,
             target_filter={"name": bd},
         ),
-        child_classes=[
-            "fvRsCtx",
-            "fvRsIgmpsn",
-            "fvRsBDToNdP",
-            "fvRsBdToEpRet",
-            "fvRsBDToProfile",
-            "fvRsMldsn",
-            "igmpIfP",
-            "igmpRsIfPol",
-            "fvAccP",
-            "fvRsABDPolMonPol",
-            "fvRsBDToFhs",
-        ],
+        child_classes=child_classes,
     )
 
     aci.get_existing()
@@ -616,27 +663,24 @@ def main():
             {"fvRsBDToNdP": {"attributes": {"tnNdIfPolName": ipv6_nd_policy}}},
             {"fvRsBdToEpRet": {"attributes": {"resolveAct": endpoint_retention_action, "tnFvEpRetPolName": endpoint_retention_policy}}},
             {"fvRsBDToProfile": {"attributes": {"tnL3extOutName": route_profile_l3out, "tnRtctrlProfileName": route_profile}}},
+            {"fvRsBDToFhs": {"attributes": {"tnFhsBDPolName": first_hop_security_policy}}},
+            {"fvAccP": {"attributes": {"encap": vlan}}},
+            {"fvRsABDPolMonPol": {"attributes": {"tnMonEPGPolName": monitoring_policy}}},
         ]
 
-        if igmp_policy:
-            igmp_policy_tdn = "uni/tn-{0}/igmpIfPol-{1}".format(tenant, igmp_policy)
+        if igmp_policy is not None:
+            igmp_policy_tdn = "" if igmp_policy == "" else "uni/tn-{0}/igmpIfPol-{1}".format(tenant, igmp_policy)
             child_configs.append({"igmpIfP": {"attributes": {}, "children": [{"igmpRsIfPol": {"attributes": {"tDn": igmp_policy_tdn}}}]}})
-        if vlan:
-            child_configs.append({"fvAccP": {"attributes": {"encap": vlan}}})
-        if monitoring_policy:
-            child_configs.append({"fvRsABDPolMonPol": {"attributes": {"tnMonEPGPolName": monitoring_policy}}})
-        if first_hop_security_policy:
-            child_configs.append({"fvRsBDToFhs": {"attributes": {"tnFhsBDPolName": first_hop_security_policy}}})
-        if pim_source_filter or pim_destination_filter:
+        if pim_source_filter is not None or pim_destination_filter is not None:
             pim_bd = {"pimBDP": {"attributes": {}, "children": []}}
             pim_filter_pol = {"pimBDFilterPol": {"attributes": {}, "children": []}}
-            if pim_source_filter:
-                pim_source_filter_tdn = "uni/tn-{0}/rtmap-{1}".format(tenant, pim_source_filter)
+            if pim_source_filter is not None:
+                pim_source_filter_tdn = "" if pim_source_filter == "" else "uni/tn-{0}/rtmap-{1}".format(tenant, pim_source_filter)
                 pim_filter_pol["pimBDFilterPol"]["children"].append(
                     {"pimBDSrcFilterPol": {"attributes": {}, "children": [{"rtdmcRsFilterToRtMapPol": {"attributes": {"tDn": pim_source_filter_tdn}}}]}}
                 )
-            if pim_destination_filter:
-                pim_destination_filter_tdn = "uni/tn-{0}/rtmap-{1}".format(tenant, pim_destination_filter)
+            if pim_destination_filter is not None:
+                pim_destination_filter_tdn = "" if pim_destination_filter == "" else "uni/tn-{0}/rtmap-{1}".format(tenant, pim_destination_filter)
                 pim_filter_pol["pimBDFilterPol"]["children"].append(
                     {"pimBDDestFilterPol": {"attributes": {}, "children": [{"rtdmcRsFilterToRtMapPol": {"attributes": {"tDn": pim_destination_filter_tdn}}}]}}
                 )

diff --git a/tests/integration/targets/aci_bd/tasks/main.yml b/tests/integration/targets/aci_bd/tasks/main.yml
@@ -128,6 +128,9 @@
       <<: *aci_tenant_present
       bd: anstest
       description: Ansible Test
+      mld_snoop_policy: ansible_mld_snoop
+      first_hop_security_policy: ansible_fhs
+      igmp_policy: ansible_igmp_pol
     check_mode: true
     register: bd_present_check_mode
 
@@ -141,13 +144,33 @@
       <<: *aci_bd_present
     register: bd_present_idempotent
 
+  # UPDATE BD
   - name: update bd - update works
     cisco.aci.aci_bd:
       <<: *aci_bd_present
       vrf: anstest
       description: Ansible Test Update
     register: bd_update
 
+  - name: Update bd to remove child config (check_mode)
+    cisco.aci.aci_bd: &aci_bd_update
+      <<: *aci_bd_present
+      mld_snoop_policy: ""
+      first_hop_security_policy: ""
+      igmp_policy: ""
+    check_mode: true
+    register: cm_update_bd_2
+
+  - name: Update bd to remove child config (normal_mode)
+    cisco.aci.aci_bd:
+      <<: *aci_bd_update  
+    register: nm_update_bd_2
+
+  - name: Update bd again to remove child config (testing idempotency)
+    cisco.aci.aci_bd:
+      <<: *aci_bd_update  
+    register: nm_update_bd_2_again
+
   - name: create another bd - check more params
     cisco.aci.aci_bd:
       <<: *aci_bd_present
@@ -239,6 +262,25 @@
     ignore_errors: true
     register: bd_present_missing_param
 
+  - name: present asserts for removing children
+    ansible.builtin.assert:
+      that:
+        - cm_update_bd_2 is changed
+        - cm_update_bd_2.previous == cm_update_bd_2.current
+        - cm_update_bd_2.proposed.fvBD.children | length == 3
+        - cm_update_bd_2.proposed.fvBD.children.0.fvRsMldsn.attributes.tnMldSnoopPolName == ''
+        - cm_update_bd_2.proposed.fvBD.children.1.fvRsBDToFhs.attributes.tnFhsBDPolName == ''
+        - cm_update_bd_2.proposed.fvBD.children.2.igmpIfP.children.0.igmpRsIfPol.attributes.tDn == ''
+        - nm_update_bd_2 is changed
+        - nm_update_bd_2.previous.0.fvBD.children.0.fvRsMldsn.attributes.tnMldSnoopPolName == 'ansible_mld_snoop'
+        - nm_update_bd_2.previous.0.fvBD.children.1.fvRsBDToFhs.attributes.tnFhsBDPolName == 'ansible_fhs'
+        - nm_update_bd_2.previous.0.fvBD.children.2.igmpIfP.children.0.igmpRsIfPol.attributes.tDn == 'uni/tn-ansible_test/igmpIfPol-ansible_igmp_pol'
+        - nm_update_bd_2.current.0.fvBD.children.0.fvRsMldsn.attributes.tnMldSnoopPolName == ''
+        - nm_update_bd_2.current.0.fvBD.children.1.fvRsBDToFhs.attributes.tnFhsBDPolName == ''
+        - nm_update_bd_2.current.0.fvBD.children.2.igmpIfP.children.0.igmpRsIfPol.attributes.tDn == ''
+        - nm_update_bd_2_again is not changed
+        - nm_update_bd_2_again.previous == nm_update_bd_2_again.current
+
   - name: present asserts (<v4.2)
     ansible.builtin.assert:
       that:
@@ -308,10 +350,10 @@
         - bd_present_2b.sent.fvBD.children.1.fvRsMldsn.attributes.tnMldSnoopPolName == 'ansible_mld_snoop'
         - bd_present_2b.sent.fvBD.children.2.fvRsBDToProfile.attributes.tnL3extOutName == 'ansible_l3out'
         - bd_present_2b.sent.fvBD.children.2.fvRsBDToProfile.attributes.tnRtctrlProfileName == 'ansible_l3out_route'
-        - bd_present_2b.sent.fvBD.children.3.igmpIfP.children.0.igmpRsIfPol.attributes.tDn == 'uni/tn-ansible_test/igmpIfPol-ansible_igmp_pol'
+        - bd_present_2b.sent.fvBD.children.3.fvRsBDToFhs.attributes.tnFhsBDPolName == 'ansible_fhs'
         - bd_present_2b.sent.fvBD.children.4.fvAccP.attributes.encap == 'vlan-101'
         - bd_present_2b.sent.fvBD.children.5.fvRsABDPolMonPol.attributes.tnMonEPGPolName == 'ansible_monitoring_pol'
-        - bd_present_2b.sent.fvBD.children.6.fvRsBDToFhs.attributes.tnFhsBDPolName == 'ansible_fhs'
+        - bd_present_2b.sent.fvBD.children.6.igmpIfP.children.0.igmpRsIfPol.attributes.tDn == 'uni/tn-ansible_test/igmpIfPol-ansible_igmp_pol'
         - bd_present_missing_param is failed
         - 'bd_present_missing_param.msg == "state is present but all of the following are missing: tenant"'
     when: version.current.0.topSystem.attributes.version is version('4.2', '>=') and
@@ -356,16 +398,111 @@
         - bd_present_2c.sent.fvBD.children.1.fvRsMldsn.attributes.tnMldSnoopPolName == 'ansible_mld_snoop'
         - bd_present_2c.sent.fvBD.children.2.fvRsBDToProfile.attributes.tnRtctrlProfileName == 'ansible_l3out_route'
         - bd_present_2c.sent.fvBD.children.2.fvRsBDToProfile.attributes.tnL3extOutName == 'ansible_l3out'
-        - bd_present_2c.sent.fvBD.children.3.igmpIfP.children.0.igmpRsIfPol.attributes.tDn == 'uni/tn-ansible_test/igmpIfPol-ansible_igmp_pol'
+        - bd_present_2c.sent.fvBD.children.3.fvRsBDToFhs.attributes.tnFhsBDPolName == 'ansible_fhs'
         - bd_present_2c.sent.fvBD.children.4.fvAccP.attributes.encap == 'vlan-101'
         - bd_present_2c.sent.fvBD.children.5.fvRsABDPolMonPol.attributes.tnMonEPGPolName == 'ansible_monitoring_pol'
-        - bd_present_2c.sent.fvBD.children.6.fvRsBDToFhs.attributes.tnFhsBDPolName == 'ansible_fhs'
+        - bd_present_2c.sent.fvBD.children.6.igmpIfP.children.0.igmpRsIfPol.attributes.tDn == 'uni/tn-ansible_test/igmpIfPol-ansible_igmp_pol'
         - bd_present_2c.sent.fvBD.children.7.pimBDP.children.0.pimBDFilterPol.children.0.pimBDSrcFilterPol.children.0.rtdmcRsFilterToRtMapPol.attributes.tDn == 'uni/tn-ansible_test/rtmap-ansible_route_map_pol'
         - bd_present_2c.sent.fvBD.children.7.pimBDP.children.0.pimBDFilterPol.children.1.pimBDDestFilterPol.children.0.rtdmcRsFilterToRtMapPol.attributes.tDn == 'uni/tn-ansible_test/rtmap-ansible_route_map_pol'
         - bd_present_missing_param is failed
         - 'bd_present_missing_param.msg == "state is present but all of the following are missing: tenant"'
     when: version.current.0.topSystem.attributes.version is version('6.0', '>=')
 
+  - name: execute tasks for pim source filter & pim destination filter (>=v5.2)
+    when: version.current.0.topSystem.attributes.version is version('5.2', '>=')
+    block:
+
+    - name: create another bd - check pim source filter (check_mode)
+      cisco.aci.aci_bd: &aci_bd_pim_s
+        <<: *aci_bd_present
+        bd: anstest_pim_s
+        pim_source_filter: ansible_route_map_pol
+      check_mode: true
+      register: cm_bd_pim_s
+
+    - name: create another bd - check pim source filter (normal_mode)
+      cisco.aci.aci_bd:
+        <<: *aci_bd_pim_s
+      register: nm_bd_pim_s
+
+    - name: create another bd - check pim source filter (testing idempotency)
+      cisco.aci.aci_bd:
+        <<: *aci_bd_pim_s 
+      register: nm_bd_pim_s_again
+
+    - name: update bd - remove pim source filter
+      cisco.aci.aci_bd:
+        <<: *aci_bd_pim_s
+        pim_source_filter: ""
+      register: nm_bd_pim_s_remove
+
+    - name: create another bd - check pim destination filter (check_mode)
+      cisco.aci.aci_bd: &aci_bd_pim_d
+        <<: *aci_bd_present
+        bd: anstest_pim_d
+        pim_destination_filter: ansible_route_map_pol
+      check_mode: true
+      register: cm_bd_pim_d
+
+    - name: create another bd - check pim destination filter (normal_mode)
+      cisco.aci.aci_bd:
+        <<: *aci_bd_pim_d
+      register: nm_bd_pim_d
+
+    - name: create another bd - check pim destination filter (testing idempotency)
+      cisco.aci.aci_bd:
+        <<: *aci_bd_pim_d 
+      register: nm_bd_pim_d_again
+
+    - name: update bd - remove pim destination filter
+      cisco.aci.aci_bd:
+        <<: *aci_bd_pim_d
+        pim_destination_filter: ""
+      register: nm_bd_pim_d_remove
+
+    - name: cleanup pim_s and pim_d BDs
+      cisco.aci.aci_bd:
+        <<: *aci_bd_present
+        bd: "{{ item }}"
+        state: absent
+      loop:
+        - anstest_pim_s
+        - anstest_pim_d
+
+    - name: asserts for pim source filter and pim destination filter
+      ansible.builtin.assert:
+        that:
+          - cm_bd_pim_s is changed
+          - cm_bd_pim_s.current == []
+          - cm_bd_pim_s.previous == []
+          - cm_bd_pim_s.proposed.fvBD.children.3.pimBDP.children.0.pimBDFilterPol.children | length == 1
+          - cm_bd_pim_s.proposed.fvBD.children.3.pimBDP.children.0.pimBDFilterPol.children.0.pimBDSrcFilterPol.children.0.rtdmcRsFilterToRtMapPol.attributes.tDn == 'uni/tn-ansible_test/rtmap-ansible_route_map_pol'
+          - nm_bd_pim_s is changed
+          - nm_bd_pim_s.previous == []
+          - nm_bd_pim_s.current.0.fvBD.children.5.pimBDP.children.0.pimBDFilterPol.children | length == 1
+          - nm_bd_pim_s.current.0.fvBD.children.5.pimBDP.children.0.pimBDFilterPol.children.0.pimBDSrcFilterPol.children.0.rtdmcRsFilterToRtMapPol.attributes.tDn == 'uni/tn-ansible_test/rtmap-ansible_route_map_pol'
+          - nm_bd_pim_s_again.current.0.fvBD.children.5.pimBDP.children.0.pimBDFilterPol.children | length == 1
+          - nm_bd_pim_s_again.current.0.fvBD.children.5.pimBDP.children.0.pimBDFilterPol.children.0.pimBDSrcFilterPol.children.0.rtdmcRsFilterToRtMapPol.attributes.tDn == 'uni/tn-ansible_test/rtmap-ansible_route_map_pol'
+          - nm_bd_pim_s_again.previous.0.fvBD.children.5.pimBDP.children.0.pimBDFilterPol.children | length == 1
+          - nm_bd_pim_s_again.previous.0.fvBD.children.5.pimBDP.children.0.pimBDFilterPol.children.0.pimBDSrcFilterPol.children.0.rtdmcRsFilterToRtMapPol.attributes.tDn == 'uni/tn-ansible_test/rtmap-ansible_route_map_pol'
+          - nm_bd_pim_s_remove.previous == nm_bd_pim_s.current
+          - nm_bd_pim_s_remove.current.0.fvBD.children.5.pimBDP.children.0.pimBDFilterPol.children.0.pimBDSrcFilterPol.children.0.rtdmcRsFilterToRtMapPol.attributes.tDn == ''
+          - cm_bd_pim_d is changed
+          - cm_bd_pim_d.current == []
+          - cm_bd_pim_d.previous == []
+          - cm_bd_pim_d.proposed.fvBD.children.3.pimBDP.children.0.pimBDFilterPol.children | length == 1
+          - cm_bd_pim_d.proposed.fvBD.children.3.pimBDP.children.0.pimBDFilterPol.children.0.pimBDDestFilterPol.children.0.rtdmcRsFilterToRtMapPol.attributes.tDn == 'uni/tn-ansible_test/rtmap-ansible_route_map_pol'
+          - nm_bd_pim_d is changed
+          - nm_bd_pim_d.previous == []
+          - nm_bd_pim_d.current.0.fvBD.children.5.pimBDP.children.0.pimBDFilterPol.children | length == 1
+          - nm_bd_pim_d.current.0.fvBD.children.5.pimBDP.children.0.pimBDFilterPol.children.0.pimBDDestFilterPol.children.0.rtdmcRsFilterToRtMapPol.attributes.tDn == 'uni/tn-ansible_test/rtmap-ansible_route_map_pol'
+          - nm_bd_pim_d_again.current.0.fvBD.children.5.pimBDP.children.0.pimBDFilterPol.children | length == 1
+          - nm_bd_pim_d_again.current.0.fvBD.children.5.pimBDP.children.0.pimBDFilterPol.children.0.pimBDDestFilterPol.children.0.rtdmcRsFilterToRtMapPol.attributes.tDn == 'uni/tn-ansible_test/rtmap-ansible_route_map_pol'
+          - nm_bd_pim_d_again.previous.0.fvBD.children.5.pimBDP.children.0.pimBDFilterPol.children | length == 1
+          - nm_bd_pim_d_again.previous.0.fvBD.children.5.pimBDP.children.0.pimBDFilterPol.children.0.pimBDDestFilterPol.children.0.rtdmcRsFilterToRtMapPol.attributes.tDn == 'uni/tn-ansible_test/rtmap-ansible_route_map_pol'
+          - nm_bd_pim_d_remove.previous == nm_bd_pim_d.current
+          - nm_bd_pim_d_remove.current.0.fvBD.children.5.pimBDP.children.0.pimBDFilterPol.children.0.pimBDDestFilterPol.children.0.rtdmcRsFilterToRtMapPol.attributes.tDn == ''
+
   - name: get all bd
     cisco.aci.aci_bd: &aci_query
       <<: *aci_tenant_present