1
0
Fork 0
mirror of https://github.com/ansible-collections/community.general.git synced 2024-09-14 20:13:21 +02:00
community.general/plugins/modules/network/onyx/onyx_snmp_users.py

278 lines
12 KiB
Python
Raw Normal View History

2020-03-09 10:11:07 +01:00
#!/usr/bin/python
#
# Copyright: Ansible Project
# GNU General Public License v3.0+ (see COPYING or https://www.gnu.org/licenses/gpl-3.0.txt)
from __future__ import absolute_import, division, print_function
__metaclass__ = type
ANSIBLE_METADATA = {'metadata_version': '1.1',
'status': ['preview'],
'supported_by': 'community'}
DOCUMENTATION = '''
---
module: onyx_snmp_users
author: "Sara Touqan (@sarato)"
short_description: Configures SNMP User parameters
description:
- This module provides declarative management of SNMP Users protocol params
on Mellanox ONYX network devices.
options:
users:
type: list
description:
- List of snmp users
suboptions:
name:
description:
- Specifies the name of the user.
required: true
type: str
enabled:
description:
- Enables/Disables SNMP v3 access for the user.
type: bool
set_access_enabled:
description:
- Enables/Disables SNMP SET requests for the user.
type: bool
require_privacy:
description:
- Enables/Disables the Require privacy (encryption) for requests from this user
type: bool
auth_type:
description:
- Configures the hash type used to configure SNMP v3 security parameters.
choices: ['md5', 'sha', 'sha224', 'sha256', 'sha384', 'sha512']
type: str
auth_password:
description:
- The password needed to configure the hash type.
type: str
capability_level:
description:
- Sets capability level for SET requests.
choices: ['admin','monitor','unpriv','v_admin']
type: str
'''
EXAMPLES = """
- name: enables snmp user
onyx_snmp_users:
users:
- name: sara
enabled: true
- name: enables snmp set requests
onyx_snmp_users:
users:
- name: sara
set_access_enabled: yes
- name: enables user require privacy
onyx_snmp_users:
users:
- name: sara
require_privacy: true
- name: configures user hash type
onyx_snmp_users:
users:
- auth_type: md5
auth_password: 1297sara1234sara
- name: configures user capability_level
onyx_snmp_users:
users:
- name: sara
capability_level: admin
"""
RETURN = """
commands:
description: The list of configuration mode commands to send to the device.
returned: always
type: list
sample:
- snmp-server user <user_name> v3 enable
- no snmp-server user <user_name> v3 enable
- snmp-server user <user_name> v3 enable sets
- no snmp-server user <user_name> v3 enable sets
- snmp-server user <user_name> v3 require-privacy
- no snmp-server user <user_name> v3 require-privacy
- snmp-server user <user_name> v3 capability <capability_level>
- snmp-server user <user_name> v3 auth <hash_type> <password>
"""
import re
from ansible.module_utils.basic import AnsibleModule
from ansible_collections.community.general.plugins.module_utils.network.onyx.onyx import show_cmd
from ansible_collections.community.general.plugins.module_utils.network.onyx.onyx import BaseOnyxModule
class OnyxSNMPUsersModule(BaseOnyxModule):
def init_module(self):
""" initialize module
"""
user_spec = dict(name=dict(required=True),
enabled=dict(type='bool'),
set_access_enabled=dict(type='bool'),
require_privacy=dict(type='bool'),
auth_type=dict(type='str', choices=['md5', 'sha', 'sha224', 'sha256', 'sha384', 'sha512']),
auth_password=dict(type='str'),
capability_level=dict(type='str', choices=['admin', 'monitor', 'unpriv', 'v_admin']),
)
element_spec = dict(
users=dict(type='list', elements='dict', options=user_spec),
)
argument_spec = dict()
argument_spec.update(element_spec)
self._module = AnsibleModule(
argument_spec=argument_spec,
supports_check_mode=True)
def get_required_config(self):
module_params = self._module.params
self._required_config = dict(module_params)
self.validate_param_values(self._required_config)
def _set_snmp_config(self, users_config):
if users_config[0]:
if users_config[0].get('Lines'):
return
current_users = []
count = 0
enabled = True
set_access_enabled = True
require_privacy = True
auth_type = ''
capability_level = ''
name = ''
all_users_names = []
for user in users_config:
user_dict = {}
entry_dict = {}
for entry in user:
name = entry.split()[2]
if user.get(entry):
if user.get(entry)[0]:
enabled = user.get(entry)[0].get('Enabled overall')
if enabled == 'no':
enabled = False
else:
enabled = True
set_access_enabled = user.get(entry)[1].get('SET access')[0].get('Enabled')
if set_access_enabled == 'no':
set_access_enabled = False
else:
set_access_enabled = True
require_privacy = user.get(entry)[0].get('Require privacy')
if require_privacy == 'yes':
require_privacy = True
else:
require_privacy = False
capability_level = user.get(entry)[1].get('SET access')[0].get('Capability level')
auth_type = user.get(entry)[0].get('Authentication type')
user_dict['enabled'] = enabled
user_dict['set_access_enabled'] = set_access_enabled
user_dict['auth_type'] = auth_type
user_dict['capability_level'] = capability_level
user_dict['require_privacy'] = require_privacy
entry_dict[name] = user_dict
all_users_names.append(name)
current_users.append(entry_dict)
self._current_config['users'] = current_users
self._current_config['current_names'] = all_users_names
def _show_users(self):
cmd = "show snmp user"
return show_cmd(self._module, cmd, json_fmt=True, fail_on_error=False)
def load_current_config(self):
self._current_config = dict()
users_config = self._show_users()
if users_config:
self._set_snmp_config(users_config)
def generate_commands(self):
req_uers = self._required_config.get("users")
current_users = self._current_config.get("users")
current_names = self._current_config.get("current_names")
if req_uers:
for user in req_uers:
user_id = user.get('name')
if user_id:
if current_names and (user_id in current_names):
for user_entry in current_users:
for user_name in user_entry:
if user_name == user_id:
user_state = user.get("enabled")
user_entry_name = user_entry.get(user_name)
if user_state is not None:
if user_state != user_entry_name.get("enabled"):
if user_state is True:
self._commands.append('snmp-server user {0} v3 enable' .format(user_id))
else:
self._commands.append('no snmp-server user {0} v3 enable' .format(user_id))
set_state = user.get("set_access_enabled")
if set_state is not None:
if set_state != user_entry_name.get("set_access_enabled"):
if set_state is True:
self._commands.append('snmp-server user {0} v3 enable sets' .format(user_id))
else:
self._commands.append('no snmp-server user {0} v3 enable sets' .format(user_id))
auth_type = user.get("auth_type")
if auth_type is not None:
if user.get("auth_password") is not None:
if auth_type != user_entry_name.get("auth_type"):
self._commands.append('snmp-server user {0} v3 auth {1} {2}'
.format(user_id, user.get('auth_type'), user.get('auth_password')))
cap_level = user.get("capability_level")
if cap_level is not None:
if cap_level != user_entry_name.get("capability_level"):
self._commands.append('snmp-server user {0} v3 capability {1}'
.format(user_id, user.get('capability_level')))
req_priv = user.get("require_privacy")
if req_priv is not None:
if req_priv != user_entry_name.get("require_privacy"):
if req_priv is True:
self._commands.append('snmp-server user {0} v3 require-privacy' .format(user_id))
else:
self._commands.append('no snmp-server user {0} v3 require-privacy' .format(user_id))
else:
user_state = user.get("enabled")
if user_state is not None:
if user_state is True:
self._commands.append('snmp-server user {0} v3 enable' .format(user_id))
else:
self._commands.append('no snmp-server user {0} v3 enable' .format(user_id))
set_state = user.get("set_access_enabled")
if set_state is not None:
if set_state is True:
self._commands.append('snmp-server user {0} v3 enable sets' .format(user_id))
else:
self._commands.append('no snmp-server user {0} v3 enable sets' .format(user_id))
if user.get("capability_level") is not None:
self._commands.append('snmp-server user {0} v3 capability {1}' .format(user_id, user.get('capability_level')))
req_priv = user.get("require_privacy")
if req_priv is not None:
if req_priv is True:
self._commands.append('snmp-server user {0} v3 require-privacy' .format(user_id))
else:
self._commands.append('no snmp-server user {0} v3 require-privacy' .format(user_id))
def main():
""" main entry point for module execution
"""
OnyxSNMPUsersModule.main()
if __name__ == '__main__':
main()