From c0fe7f1e6bdd818e011f7391a60ca8851be3dcdb Mon Sep 17 00:00:00 2001 From: MUTHU-RAKESH-27 <19cs127@psgitech.ac.in> Date: Wed, 15 May 2024 17:35:40 +0530 Subject: [PATCH 1/4] Added clear description for the documentation for the network functions --- .../network_settings_workflow_manager.py | 182 ++++++++++++------ 1 file changed, 118 insertions(+), 64 deletions(-) diff --git a/plugins/modules/network_settings_workflow_manager.py b/plugins/modules/network_settings_workflow_manager.py index 9d3e395b9a..2d7be3c585 100644 --- a/plugins/modules/network_settings_workflow_manager.py +++ b/plugins/modules/network_settings_workflow_manager.py @@ -182,7 +182,7 @@ type: str ipv6_global_pool: description: - - The ipv6_global_pool is a mandatory when the ipv6_address_space is set to true. + - The ipv6_global_pool is a required when the ipv6_address_space is set to true. - It specifies the global IPv6 address pool using CIDR notation, such as "2001:db8:85a3::/64". - In cases where both ipv6_global_pool and ipv6_global_pool_name are specified, ipv6_global_pool will take precedence. type: str @@ -224,59 +224,86 @@ site_name: description: > The name of the site provided as a path parameter, used - to specify where the IP sub-pool will be reserved. + to specify where the IP sub-pool will be reserved. (eg Global/Chennai/Trill) type: str settings: description: Network management details settings. type: dict suboptions: network_aaa: - description: Network V2's network_aaa. + description: Manages AAA (Authentication Authorization Accounting) for network devices. suboptions: + servers: + description: Server type for managing AAA for network devices. + choices: [AAA, ISE] + default: ISE + type: str ip_address: - description: IP address for AAA and ISE server (eg 1.1.1.1). + description: + - Primary IP address for the ISE server. + - Secondary IP address for the AAA server. + - For example, 1.1.1.11. type: str network: - description: IP Address for AAA or ISE server (eg 2.2.2.2). + description: + - PAN IP address for the ISE server. + - Primary IP address for the AAA server. + - For example, 1.1.1.10. type: str protocol: - description: Protocol for AAA or ISE serve (eg RADIUS). - type: str - servers: - description: Server type for AAA Network (eg AAA). + description: Protocol for AAA or ISE server. + choices: [RADIUS, TACACS] + default: RADIUS type: str shared_secret: - description: Shared secret for ISE Server. + description: + - Shared secret for ISE Server. + - Required when the servers is set to ISE. + - Length of the shared secret should be atleast 4 characters. type: str type: dict client_and_endpoint_aaa: - description: Network V2's clientAndEndpoint_aaa. + description: Manages AAA (Authentication Authorization Accounting) for clients and endpoints. suboptions: + servers: + description: + - Server type for managing AAA for client and endpoints. + choices: [AAA, ISE] + default: ISE + type: str ip_address: - description: IP address for ISE serve (eg 1.1.1.4). + description: + - Primary IP address for the ISE server. + - Secondary IP address for the AAA server. + - For example, 1.1.1.1. type: str network: - description: IP address for AAA or ISE server (eg 2.2.2.1). + description: + - PAN IP address for the ISE server. + - Primary IP address for the AAA server. + - For example, 1.1.1.2. type: str protocol: - description: Protocol for AAA or ISE serve (eg RADIUS). - type: str - servers: - description: Server type AAA or ISE server (eg AAA). + description: Protocol for AAA or ISE server. + choices: [RADIUS, TACACS] + default: RADIUS type: str shared_secret: - description: Shared secret for ISE server. + description: + - Shared secret for ISE Server. + - Required when the servers is set to ISE. + - Length of the shared secret should be atleast 4 characters. type: str type: dict dhcp_server: - description: DHCP Server IP (eg 1.1.1.1). + description: DHCP Server IP address (eg 1.1.1.4). elements: str type: list dns_server: - description: Network V2's dnsServer. + description: DNS server details of the network under a specific site. suboptions: domain_name: - description: Domain Name of DHCP (eg; cisco). + description: Domain Name of DHCP (eg; cisco.com, cisco.net). type: str primary_ip_address: description: Primary IP Address for DHCP (eg 2.2.2.2). @@ -286,24 +313,24 @@ type: str type: dict ntp_server: - description: IP address for NTP server (eg 1.1.1.2). + description: IP address for NTP server under a specific site (eg 1.1.1.2). elements: str type: list timezone: - description: Input for time zone (eg Africa/Abidjan). + description: Time zone of a specific site. (eg Africa/Abidjan/GMT). type: str message_of_the_day: - description: Network V2's messageOfTheday. + description: Banner details under a specific site. suboptions: banner_message: - description: Massage for Banner message (eg; Good day). + description: Message for the banner (eg; Good day). type: str retain_existing_banner: - description: Retain existing Banner Message (eg "true" or "false"). - type: str + description: Retain existing banner message. + type: bool type: dict netflow_collector: - description: Network V2's netflowcollector. + description: Netflow collector details under a specific site. suboptions: ip_address: description: IP Address for NetFlow collector (eg 3.3.3.1). @@ -313,7 +340,7 @@ type: int type: dict snmp_server: - description: Network V2's snmpServer. + description: Snmp Server details under a specific site. suboptions: configure_dnac_ip: description: Configuration Cisco Catalyst Center IP for SNMP Server (eg true). @@ -324,7 +351,7 @@ type: list type: dict syslog_server: - description: Network V2's syslogServer. + description: syslog Server details under a specific site. suboptions: configure_dnac_ip: description: Configuration Cisco Catalyst Center IP for syslog server (eg true). @@ -478,13 +505,13 @@ site_name: string settings: network_aaa: + servers: string network: string protocol: string - servers: string client_and_endpoint_aaa: + servers: string network: string protocol: string - servers: string dhcp_server: list dns_server: domain_name: string @@ -494,7 +521,7 @@ timezone: string message_of_the_day: banner_message: string - retain_existing_banner: string + retain_existing_banner: bool netflow_collector: ip_address: string port: 443 @@ -1235,7 +1262,7 @@ def get_have_global_pool(self, global_pool_details): for pool_details in global_pool_ippool: name = pool_details.get("name") if name is None: - self.msg = "Mandatory Parameter name '{0}' required for global pool".format(name) + self.msg = "Missing required parameter 'name' in global_pool_details" self.status = "failed" return self @@ -1277,7 +1304,7 @@ def get_have_reserve_pool(self, reserve_pool_details): for item in reserve_pool_details: name = item.get("name") if name is None: - self.msg = "Mandatory Parameter name required in reserve_pool_details." + self.msg = "Missing required parameter 'name' in reserve_pool_details." self.status = "failed" return self site_name = item.get("site_name") @@ -1405,7 +1432,7 @@ def get_global_pool_cidr(self, global_pool_cidr, global_pool_name): return global_pool_cidr if not global_pool_name: - self.msg = "Missing parameter 'Global Pool CIDR' or 'Global Pool name' is mandatory under reserve_pool_details." + self.msg = "Missing parameter 'Global Pool CIDR' or 'Global Pool name' is required under reserve_pool_details." self.status = "failed" return self.check_return_status() @@ -1544,14 +1571,14 @@ def get_want_reserve_pool(self, reserve_pool): "ipv6TotalHost": item.get("ipv6_total_host"), "slaacSupport": item.get("slaac_support") } - # Check for missing mandatory parameters in the playbook + # Check for missing required parameters in the playbook if pool_values.get("ipv6AddressSpace") is True: pool_values.update({ "ipv6GlobalPool": self.get_global_pool_cidr(item.get("ipv6_global_pool"), item.get("ipv6_global_pool_name"))}) if not pool_values.get("name"): - self.msg = "Missing mandatory parameter 'name' in reserve_pool_details '{0}' element" \ + self.msg = "Missing required parameter 'name' in reserve_pool_details '{0}' element" \ .format(reserve_pool_index + 1) self.status = "failed" return self @@ -1757,14 +1784,21 @@ def get_want_network(self, network_management_details): "bannerMessage": messageOfTheday.get("banner_message") }) - if messageOfTheday.get("retain_existing_banner") is not None: - want_network_settings.get("messageOfTheday").update({ - "retainExistingBanner": - messageOfTheday.get("retain_existing_banner") - }) + retain_existing_banner = messageOfTheday.get("retain_existing_banner") + if retain_existing_banner is not None: + if retain_existing_banner is True: + want_network_settings.get("messageOfTheday").update({ + "retainExistingBanner": "true" + }) + else: + want_network_settings.get("messageOfTheday").update({ + "retainExistingBanner": "false" + }) else: del want_network_settings["messageOfTheday"] + server_types = ["AAA", "ISE"] + protocol_types = ["RADIUS", "TACACS"] network_aaa = network_management_details.get("network_aaa") if network_aaa: if network_aaa.get("ip_address"): @@ -1787,23 +1821,33 @@ def get_want_network(self, network_management_details): self.status = "failed" return self - if network_aaa.get("protocol"): + protocol = network_aaa.get("protocol") + if protocol: want_network_settings.get("network_aaa").update({ - "protocol": - network_aaa.get("protocol") + "protocol": protocol }) else: - self.msg = "missing parameter protocol in network_aaa" + want_network_settings.get("network_aaa").update({ + "protocol": "RADIUS" + }) + + if protocol not in protocol_types: + self.msg = "The 'protocol' in the network_aaa should be in {0}".format(protocol_types) self.status = "failed" return self - if network_aaa.get("servers"): + servers = network_aaa.get("servers") + if servers: want_network_settings.get("network_aaa").update({ - "servers": - network_aaa.get("servers") + "servers": servers }) else: - self.msg = "missing parameter servers in network_aaa" + want_network_settings.get("network_aaa").update({ + "servers": "ISE" + }) + + if servers not in server_types: + self.msg = "The 'servers' in the network_aaa should be in {0}".format(server_types) self.status = "failed" return self @@ -1817,13 +1861,28 @@ def get_want_network(self, network_management_details): clientAndEndpoint_aaa = network_management_details.get("client_and_endpoint_aaa") if clientAndEndpoint_aaa: + servers = clientAndEndpoint_aaa.get("servers") + if servers: + want_network_settings.get("clientAndEndpoint_aaa").update({ + "servers": servers + }) + else: + want_network_settings.get("clientAndEndpoint_aaa").update({ + "servers": "ISE" + }) + + if servers not in server_types: + self.msg = "The 'servers' in the client_and_endpoint_aaa should be in {0}".format(server_types) + self.status = "failed" + return self + if clientAndEndpoint_aaa.get("ip_address"): want_network_settings.get("clientAndEndpoint_aaa").update({ "ipAddress": clientAndEndpoint_aaa.get("ip_address") }) else: - if clientAndEndpoint_aaa.get("servers") == "ISE": + if servers == "ISE": self.msg = "Failed to process client_and_endpoint_aaa due to missing 'ip_address' parameter. ISE server is configured." self.status = "failed" return self @@ -1838,23 +1897,18 @@ def get_want_network(self, network_management_details): self.status = "failed" return self - if clientAndEndpoint_aaa.get("protocol"): + protocol = clientAndEndpoint_aaa.get("protocol") + if protocol: want_network_settings.get("clientAndEndpoint_aaa").update({ - "protocol": - clientAndEndpoint_aaa.get("protocol") + "protocol": protocol }) else: - self.msg = "Failed to process client_and_endpoint_aaa due to missing parameter 'protocol' in the playbook." - self.status = "failed" - return self - - if clientAndEndpoint_aaa.get("servers"): want_network_settings.get("clientAndEndpoint_aaa").update({ - "servers": - clientAndEndpoint_aaa.get("servers") + "protocol": "RADIUS" }) - else: - self.msg = "Failed to process client_and_endpoint_aaa due to missing parameter 'servers' in the playbook." + + if protocol not in protocol_types: + self.msg = "The 'protocol' in the client_and_endpoint_aaa should be in {0}".format(protocol_types) self.status = "failed" return self From 7da9a36f2dbe7a52c9fe86f401be50bb552be694 Mon Sep 17 00:00:00 2001 From: MUTHU-RAKESH-27 <19cs127@psgitech.ac.in> Date: Thu, 16 May 2024 13:29:31 +0530 Subject: [PATCH 2/4] Addressed the review comments --- .../network_settings_workflow_manager.yml | 4 +- .../network_settings_workflow_manager.py | 112 +++++++++--------- 2 files changed, 60 insertions(+), 56 deletions(-) diff --git a/playbooks/network_settings_workflow_manager.yml b/playbooks/network_settings_workflow_manager.yml index 877b7849ca..b60cc7c30d 100644 --- a/playbooks/network_settings_workflow_manager.yml +++ b/playbooks/network_settings_workflow_manager.yml @@ -62,13 +62,13 @@ settings: network_aaa: #works only if we system settigns is set ip_address: 10.0.0.21 #Mandatory for ISE, sec ip for AAA - network: 10.0.0.20 + network_address: 10.0.0.20 protocol: TACACS servers: AAA # shared_secret: string #ISE client_and_endpoint_aaa: #works only if we system settigns is set ip_address: 10.197.156.42 #Mandatory for ISE, sec ip for AAA - network: 10.0.0.20 + network_address: 10.0.0.20 protocol: RADIUS servers: AAA # shared_secret: string #ISE diff --git a/plugins/modules/network_settings_workflow_manager.py b/plugins/modules/network_settings_workflow_manager.py index 2d7be3c585..f213b2f197 100644 --- a/plugins/modules/network_settings_workflow_manager.py +++ b/plugins/modules/network_settings_workflow_manager.py @@ -241,13 +241,13 @@ ip_address: description: - Primary IP address for the ISE server. - - Secondary IP address for the AAA server. + - Primary IP address for the AAA server. - For example, 1.1.1.11. type: str - network: + network_address: description: - PAN IP address for the ISE server. - - Primary IP address for the AAA server. + - Secondary IP address for the AAA server. - For example, 1.1.1.10. type: str protocol: @@ -274,13 +274,13 @@ ip_address: description: - Primary IP address for the ISE server. - - Secondary IP address for the AAA server. + - Primary IP address for the AAA server. - For example, 1.1.1.1. type: str - network: + network_address: description: - PAN IP address for the ISE server. - - Primary IP address for the AAA server. + - Secondary IP address for the AAA server. - For example, 1.1.1.2. type: str protocol: @@ -506,11 +506,13 @@ settings: network_aaa: servers: string - network: string + ip_address: string + network_address: string protocol: string client_and_endpoint_aaa: servers: string - network: string + ip_address: string + network_address: string protocol: string dhcp_server: list dns_server: @@ -700,7 +702,7 @@ def validate_input(self): "type": 'dict', "servers": {"type": 'string', "choices": ["ISE", "AAA"]}, "ip_address": {"type": 'string'}, - "network": {"type": 'string'}, + "network_address": {"type": 'string'}, "protocol": {"type": 'string', "choices": ["RADIUS", "TACACS"]}, "shared_secret": {"type": 'string'} @@ -709,7 +711,7 @@ def validate_input(self): "type": 'dict', "servers": {"type": 'string', "choices": ["ISE", "AAA"]}, "ip_address": {"type": 'string'}, - "network": {"type": 'string'}, + "network_address": {"type": 'string'}, "protocol": {"type": 'string', "choices": ["RADIUS", "TACACS"]}, "shared_secret": {"type": 'string'} } @@ -1801,25 +1803,41 @@ def get_want_network(self, network_management_details): protocol_types = ["RADIUS", "TACACS"] network_aaa = network_management_details.get("network_aaa") if network_aaa: - if network_aaa.get("ip_address"): + servers = network_aaa.get("servers") + if servers: want_network_settings.get("network_aaa").update({ - "ipAddress": - network_aaa.get("ip_address") + "servers": servers }) else: - if network_aaa.get("servers") == "ISE": - self.msg = "missing parameter ip_address in network_aaa, server ISE is set" - self.status = "failed" - return self + want_network_settings.get("network_aaa").update({ + "servers": "ISE" + }) + + if servers not in server_types: + self.msg = "The 'servers' in the network_aaa should be in {0}".format(server_types) + self.status = "failed" + return self - if network_aaa.get("network"): + ip_address = network_aaa.get("ip_address") + if ip_address: want_network_settings.get("network_aaa").update({ - "network": network_aaa.get("network") + "ipAddress": ip_address }) else: - self.msg = "missing parameter network in network_aaa" + self.msg = "Missing required parameter 'ip_address' which is the 'primary address' in network_aaa." self.status = "failed" return self + network_address = network_aaa.get("network_address") + if network_address: + want_network_settings.get("network_aaa").update({ + "network": network_address + }) + else: + if servers == "ISE": + self.msg = "Missing required parameter 'network_address' for ISE " + \ + "which is 'PAN address' in network_aaa." + self.status = "failed" + return self protocol = network_aaa.get("protocol") if protocol: @@ -1836,25 +1854,10 @@ def get_want_network(self, network_management_details): self.status = "failed" return self - servers = network_aaa.get("servers") - if servers: - want_network_settings.get("network_aaa").update({ - "servers": servers - }) - else: - want_network_settings.get("network_aaa").update({ - "servers": "ISE" - }) - - if servers not in server_types: - self.msg = "The 'servers' in the network_aaa should be in {0}".format(server_types) - self.status = "failed" - return self - - if network_aaa.get("shared_secret"): + shared_secret = network_aaa.get("shared_secret") + if shared_secret: want_network_settings.get("network_aaa").update({ - "sharedSecret": - network_aaa.get("shared_secret") + "sharedSecret": shared_secret }) else: del want_network_settings["network_aaa"] @@ -1876,26 +1879,27 @@ def get_want_network(self, network_management_details): self.status = "failed" return self - if clientAndEndpoint_aaa.get("ip_address"): + ip_address = clientAndEndpoint_aaa.get("ip_address") + if ip_address: want_network_settings.get("clientAndEndpoint_aaa").update({ - "ipAddress": - clientAndEndpoint_aaa.get("ip_address") + "ipAddress": ip_address }) else: - if servers == "ISE": - self.msg = "Failed to process client_and_endpoint_aaa due to missing 'ip_address' parameter. ISE server is configured." - self.status = "failed" - return self + self.msg = "Missing required parameter 'ip_address' which is the 'primary address' in client_and_endpoint_aaa." + self.status = "failed" + return self - if clientAndEndpoint_aaa.get("network"): + network_address = clientAndEndpoint_aaa.get("network_address") + if network_address: want_network_settings.get("clientAndEndpoint_aaa").update({ - "network": - clientAndEndpoint_aaa.get("network") + "network": network_address }) else: - self.msg = "Failed to process client_and_endpoint_aaa due to missing parameter 'network' in the playbook." - self.status = "failed" - return self + if servers == "ISE": + self.msg = "Missing required parameter 'network_address' for ISE " + \ + "which is 'PAN address' in client_and_endpoint_aaa." + self.status = "failed" + return self protocol = clientAndEndpoint_aaa.get("protocol") if protocol: @@ -1912,10 +1916,10 @@ def get_want_network(self, network_management_details): self.status = "failed" return self - if clientAndEndpoint_aaa.get("shared_secret"): + shared_secret = clientAndEndpoint_aaa.get("shared_secret") + if shared_secret: want_network_settings.get("clientAndEndpoint_aaa").update({ - "sharedSecret": - clientAndEndpoint_aaa.get("shared_secret") + "sharedSecret": shared_secret }) else: del want_network_settings["clientAndEndpoint_aaa"] From 6223a5e7cfb0e68fa3633c9d62969841263ebdf0 Mon Sep 17 00:00:00 2001 From: MUTHU-RAKESH-27 <19cs127@psgitech.ac.in> Date: Fri, 17 May 2024 12:33:33 +0530 Subject: [PATCH 3/4] Addressed the review comments --- .../network_settings_workflow_manager.yml | 10 +- .../network_settings_workflow_manager.py | 185 +++++++++++++----- 2 files changed, 138 insertions(+), 57 deletions(-) diff --git a/playbooks/network_settings_workflow_manager.yml b/playbooks/network_settings_workflow_manager.yml index b60cc7c30d..5b0fee2a75 100644 --- a/playbooks/network_settings_workflow_manager.yml +++ b/playbooks/network_settings_workflow_manager.yml @@ -61,14 +61,14 @@ site_name: Global/Chennai settings: network_aaa: #works only if we system settigns is set - ip_address: 10.0.0.21 #Mandatory for ISE, sec ip for AAA - network_address: 10.0.0.20 + primary_server_address: 10.0.0.20 #Mandatory for ISE, sec ip for AAA + secondary_server_address: 10.0.0.21 protocol: TACACS servers: AAA # shared_secret: string #ISE client_and_endpoint_aaa: #works only if we system settigns is set - ip_address: 10.197.156.42 #Mandatory for ISE, sec ip for AAA - network_address: 10.0.0.20 + primary_server_address: 10.197.156.42 #Mandatory for ISE, sec ip for AAA + secondary_server_address: 10.0.0.21 protocol: RADIUS servers: AAA # shared_secret: string #ISE @@ -83,7 +83,7 @@ timezone: GMT message_of_the_day: banner_message: hello - retain_existing_banner: 'true' + retain_existing_banner: True netflow_collector: ip_address: 10.0.0.4 port: 443 diff --git a/plugins/modules/network_settings_workflow_manager.py b/plugins/modules/network_settings_workflow_manager.py index f213b2f197..dd9aeb36ed 100644 --- a/plugins/modules/network_settings_workflow_manager.py +++ b/plugins/modules/network_settings_workflow_manager.py @@ -238,23 +238,29 @@ choices: [AAA, ISE] default: ISE type: str - ip_address: - description: - - Primary IP address for the ISE server. - - Primary IP address for the AAA server. - - For example, 1.1.1.11. - type: str - network_address: - description: - - PAN IP address for the ISE server. - - Secondary IP address for the AAA server. - - For example, 1.1.1.10. - type: str protocol: description: Protocol for AAA or ISE server. choices: [RADIUS, TACACS] default: RADIUS type: str + pan_address: + description: + - PAN IP address for the ISE server. + - For example, 1.1.1.1. + type: str + version_added: 6.15.0 + primary_server_address: + description: + - Primary IP address for the ISE/AAA server. + - For example, 1.1.1.2. + type: str + version_added: 6.15.0 + secondary_server_address: + description: + - Secondary IP address for the AAA server. + - For example, 1.1.1.3. + type: str + version_added: 6.15.0 shared_secret: description: - Shared secret for ISE Server. @@ -271,23 +277,29 @@ choices: [AAA, ISE] default: ISE type: str - ip_address: + protocol: + description: Protocol for AAA or ISE server. + choices: [RADIUS, TACACS] + default: RADIUS + type: str + pan_address: description: - - Primary IP address for the ISE server. - - Primary IP address for the AAA server. + - PAN IP address for the ISE server. - For example, 1.1.1.1. type: str - network_address: + version_added: 6.15.0 + primary_server_address: description: - - PAN IP address for the ISE server. - - Secondary IP address for the AAA server. + - Primary IP address for the ISE/AAA server. - For example, 1.1.1.2. type: str - protocol: - description: Protocol for AAA or ISE server. - choices: [RADIUS, TACACS] - default: RADIUS + version_added: 6.15.0 + secondary_server_address: + description: + - Secondary IP address for the AAA server. + - For example, 1.1.1.3. type: str + version_added: 6.15.0 shared_secret: description: - Shared secret for ISE Server. @@ -533,6 +545,62 @@ syslog_server: configure_dnac_ip: True ip_addresses: list + +- name: Adding the network_aaa and client_and_endpoint_aaa AAA server + cisco.dnac.network_settings_workflow_manager: + dnac_host: "{{dnac_host}}" + dnac_username: "{{dnac_username}}" + dnac_password: "{{dnac_password}}" + dnac_verify: "{{dnac_verify}}" + dnac_port: "{{dnac_port}}" + dnac_version: "{{dnac_version}}" + dnac_debug: "{{dnac_debug}}" + dnac_log: True + dnac_log_level: "{{ dnac_log_level }}" + state: merged + config_verify: True + config: + - network_management_details: + site_name: string + settings: + network_aaa: + servers: AAA + primary_server_address: string + secondary_server_address: string + protocol: string + client_and_endpoint_aaa: + servers: AAA + primary_server_address: string + secondary_server_address: string + protocol: string + +- name: Adding the network_aaa and client_and_endpoint_aaa ISE server + cisco.dnac.network_settings_workflow_manager: + dnac_host: "{{dnac_host}}" + dnac_username: "{{dnac_username}}" + dnac_password: "{{dnac_password}}" + dnac_verify: "{{dnac_verify}}" + dnac_port: "{{dnac_port}}" + dnac_version: "{{dnac_version}}" + dnac_debug: "{{dnac_debug}}" + dnac_log: True + dnac_log_level: "{{ dnac_log_level }}" + state: merged + config_verify: True + config: + - network_management_details: + site_name: string + settings: + network_aaa: + servers: ISE + pan_address: string + primary_server_address: string + protocol: string + client_and_endpoint_aaa: + servers: ISE + pan_address: string + primary_server_address: string + protocol: string """ RETURN = r""" @@ -701,8 +769,9 @@ def validate_input(self): "network_aaa": { "type": 'dict', "servers": {"type": 'string', "choices": ["ISE", "AAA"]}, - "ip_address": {"type": 'string'}, - "network_address": {"type": 'string'}, + "pan_address": {"type": 'string'}, + "primary_server_address": {"type": 'string'}, + "secondary_server_address": {"type": 'string'}, "protocol": {"type": 'string', "choices": ["RADIUS", "TACACS"]}, "shared_secret": {"type": 'string'} @@ -710,8 +779,9 @@ def validate_input(self): "client_and_endpoint_aaa": { "type": 'dict', "servers": {"type": 'string', "choices": ["ISE", "AAA"]}, - "ip_address": {"type": 'string'}, - "network_address": {"type": 'string'}, + "pan_address": {"type": 'string'}, + "primary_server_address": {"type": 'string'}, + "secondary_server_address": {"type": 'string'}, "protocol": {"type": 'string', "choices": ["RADIUS", "TACACS"]}, "shared_secret": {"type": 'string'} } @@ -1818,26 +1888,32 @@ def get_want_network(self, network_management_details): self.status = "failed" return self - ip_address = network_aaa.get("ip_address") - if ip_address: + primary_server_address = network_aaa.get("primary_server_address") + if primary_server_address: want_network_settings.get("network_aaa").update({ - "ipAddress": ip_address + "network": primary_server_address }) else: - self.msg = "Missing required parameter 'ip_address' which is the 'primary address' in network_aaa." + self.msg = "Missing required parameter 'primary_server_address' in network_aaa." self.status = "failed" return self - network_address = network_aaa.get("network_address") - if network_address: - want_network_settings.get("network_aaa").update({ - "network": network_address - }) - else: - if servers == "ISE": - self.msg = "Missing required parameter 'network_address' for ISE " + \ - "which is 'PAN address' in network_aaa." + + if servers == "ISE": + pan_address = network_aaa.get("pan_address") + if pan_address: + want_network_settings.get("network_aaa").update({ + "ipAddress": pan_address + }) + else: + self.msg = "Missing required parameter 'pan_address' for ISE server in network_aaa." self.status = "failed" return self + else: + secondary_server_address = network_aaa.get("secondary_server_address") + if secondary_server_address: + want_network_settings.get("network_aaa").update({ + "ipAddress": secondary_server_address + }) protocol = network_aaa.get("protocol") if protocol: @@ -1879,27 +1955,32 @@ def get_want_network(self, network_management_details): self.status = "failed" return self - ip_address = clientAndEndpoint_aaa.get("ip_address") - if ip_address: + primary_server_address = clientAndEndpoint_aaa.get("primary_server_address") + if primary_server_address: want_network_settings.get("clientAndEndpoint_aaa").update({ - "ipAddress": ip_address + "network": primary_server_address }) else: - self.msg = "Missing required parameter 'ip_address' which is the 'primary address' in client_and_endpoint_aaa." + self.msg = "Missing required parameter 'primary_server_address' in client_and_endpoint_aaa." self.status = "failed" return self - network_address = clientAndEndpoint_aaa.get("network_address") - if network_address: - want_network_settings.get("clientAndEndpoint_aaa").update({ - "network": network_address - }) - else: - if servers == "ISE": - self.msg = "Missing required parameter 'network_address' for ISE " + \ - "which is 'PAN address' in client_and_endpoint_aaa." + if servers == "ISE": + pan_address = clientAndEndpoint_aaa.get("pan_address") + if pan_address: + want_network_settings.get("clientAndEndpoint_aaa").update({ + "ipAddress": pan_address + }) + else: + self.msg = "Missing required parameter 'pan_address' for ISE server in client_and_endpoint_aaa." self.status = "failed" return self + else: + secondary_server_address = clientAndEndpoint_aaa.get("secondary_server_address") + if secondary_server_address: + want_network_settings.get("clientAndEndpoint_aaa").update({ + "ipAddress": secondary_server_address + }) protocol = clientAndEndpoint_aaa.get("protocol") if protocol: From f2b36f474849da8f4adc43798dac334f02d5463f Mon Sep 17 00:00:00 2001 From: MUTHU-RAKESH-27 <19cs127@psgitech.ac.in> Date: Fri, 17 May 2024 23:39:42 +0530 Subject: [PATCH 4/4] Addressed the review comments --- .../network_settings_workflow_manager.yml | 8 +-- .../network_settings_workflow_manager.py | 66 ++++++++----------- 2 files changed, 32 insertions(+), 42 deletions(-) diff --git a/playbooks/network_settings_workflow_manager.yml b/playbooks/network_settings_workflow_manager.yml index 5b0fee2a75..11ddde205a 100644 --- a/playbooks/network_settings_workflow_manager.yml +++ b/playbooks/network_settings_workflow_manager.yml @@ -61,16 +61,16 @@ site_name: Global/Chennai settings: network_aaa: #works only if we system settigns is set - primary_server_address: 10.0.0.20 #Mandatory for ISE, sec ip for AAA + primary_server_address: 10.0.0.20 #Mandatory for AAA and ISE secondary_server_address: 10.0.0.21 protocol: TACACS - servers: AAA + server_type: AAA # shared_secret: string #ISE client_and_endpoint_aaa: #works only if we system settigns is set - primary_server_address: 10.197.156.42 #Mandatory for ISE, sec ip for AAA + primary_server_address: 10.197.156.42 #Mandatory for AAA and ISE secondary_server_address: 10.0.0.21 protocol: RADIUS - servers: AAA + server_type: AAA # shared_secret: string #ISE dhcp_server: - 10.0.0.1 diff --git a/plugins/modules/network_settings_workflow_manager.py b/plugins/modules/network_settings_workflow_manager.py index dd9aeb36ed..034a59808f 100644 --- a/plugins/modules/network_settings_workflow_manager.py +++ b/plugins/modules/network_settings_workflow_manager.py @@ -233,7 +233,7 @@ network_aaa: description: Manages AAA (Authentication Authorization Accounting) for network devices. suboptions: - servers: + server_type: description: Server type for managing AAA for network devices. choices: [AAA, ISE] default: ISE @@ -248,30 +248,30 @@ - PAN IP address for the ISE server. - For example, 1.1.1.1. type: str - version_added: 6.15.0 + version_added: 6.14.0 primary_server_address: description: - Primary IP address for the ISE/AAA server. - For example, 1.1.1.2. type: str - version_added: 6.15.0 + version_added: 6.14.0 secondary_server_address: description: - Secondary IP address for the AAA server. - For example, 1.1.1.3. type: str - version_added: 6.15.0 + version_added: 6.14.0 shared_secret: description: - Shared secret for ISE Server. - - Required when the servers is set to ISE. + - Required when the server_type is set to ISE. - Length of the shared secret should be atleast 4 characters. type: str type: dict client_and_endpoint_aaa: description: Manages AAA (Authentication Authorization Accounting) for clients and endpoints. suboptions: - servers: + server_type: description: - Server type for managing AAA for client and endpoints. choices: [AAA, ISE] @@ -287,23 +287,23 @@ - PAN IP address for the ISE server. - For example, 1.1.1.1. type: str - version_added: 6.15.0 + version_added: 6.14.0 primary_server_address: description: - Primary IP address for the ISE/AAA server. - For example, 1.1.1.2. type: str - version_added: 6.15.0 + version_added: 6.14.0 secondary_server_address: description: - Secondary IP address for the AAA server. - For example, 1.1.1.3. type: str - version_added: 6.15.0 + version_added: 6.14.0 shared_secret: description: - Shared secret for ISE Server. - - Required when the servers is set to ISE. + - Required when the server_type is set to ISE. - Length of the shared secret should be atleast 4 characters. type: str type: dict @@ -516,16 +516,6 @@ - network_management_details: site_name: string settings: - network_aaa: - servers: string - ip_address: string - network_address: string - protocol: string - client_and_endpoint_aaa: - servers: string - ip_address: string - network_address: string - protocol: string dhcp_server: list dns_server: domain_name: string @@ -564,12 +554,12 @@ site_name: string settings: network_aaa: - servers: AAA + server_type: AAA primary_server_address: string secondary_server_address: string protocol: string client_and_endpoint_aaa: - servers: AAA + server_type: AAA primary_server_address: string secondary_server_address: string protocol: string @@ -592,12 +582,12 @@ site_name: string settings: network_aaa: - servers: ISE + server_type: ISE pan_address: string primary_server_address: string protocol: string client_and_endpoint_aaa: - servers: ISE + server_type: ISE pan_address: string primary_server_address: string protocol: string @@ -768,7 +758,7 @@ def validate_input(self): }, "network_aaa": { "type": 'dict', - "servers": {"type": 'string', "choices": ["ISE", "AAA"]}, + "server_type": {"type": 'string', "choices": ["ISE", "AAA"]}, "pan_address": {"type": 'string'}, "primary_server_address": {"type": 'string'}, "secondary_server_address": {"type": 'string'}, @@ -778,7 +768,7 @@ def validate_input(self): }, "client_and_endpoint_aaa": { "type": 'dict', - "servers": {"type": 'string', "choices": ["ISE", "AAA"]}, + "server_type": {"type": 'string', "choices": ["ISE", "AAA"]}, "pan_address": {"type": 'string'}, "primary_server_address": {"type": 'string'}, "secondary_server_address": {"type": 'string'}, @@ -1873,18 +1863,18 @@ def get_want_network(self, network_management_details): protocol_types = ["RADIUS", "TACACS"] network_aaa = network_management_details.get("network_aaa") if network_aaa: - servers = network_aaa.get("servers") - if servers: + server_type = network_aaa.get("server_type") + if server_type: want_network_settings.get("network_aaa").update({ - "servers": servers + "servers": server_type }) else: want_network_settings.get("network_aaa").update({ "servers": "ISE" }) - if servers not in server_types: - self.msg = "The 'servers' in the network_aaa should be in {0}".format(server_types) + if server_type not in server_types: + self.msg = "The 'server_type' in the network_aaa should be in {0}".format(server_types) self.status = "failed" return self @@ -1898,7 +1888,7 @@ def get_want_network(self, network_management_details): self.status = "failed" return self - if servers == "ISE": + if server_type == "ISE": pan_address = network_aaa.get("pan_address") if pan_address: want_network_settings.get("network_aaa").update({ @@ -1940,18 +1930,18 @@ def get_want_network(self, network_management_details): clientAndEndpoint_aaa = network_management_details.get("client_and_endpoint_aaa") if clientAndEndpoint_aaa: - servers = clientAndEndpoint_aaa.get("servers") - if servers: + server_type = clientAndEndpoint_aaa.get("server_type") + if server_type: want_network_settings.get("clientAndEndpoint_aaa").update({ - "servers": servers + "servers": server_type }) else: want_network_settings.get("clientAndEndpoint_aaa").update({ "servers": "ISE" }) - if servers not in server_types: - self.msg = "The 'servers' in the client_and_endpoint_aaa should be in {0}".format(server_types) + if server_type not in server_types: + self.msg = "The 'server_type' in the client_and_endpoint_aaa should be in {0}".format(server_types) self.status = "failed" return self @@ -1965,7 +1955,7 @@ def get_want_network(self, network_management_details): self.status = "failed" return self - if servers == "ISE": + if server_type == "ISE": pan_address = clientAndEndpoint_aaa.get("pan_address") if pan_address: want_network_settings.get("clientAndEndpoint_aaa").update({