diff --git a/lib/ansible/modules/network/cloudengine/ce_aaa_server.py b/lib/ansible/modules/network/cloudengine/ce_aaa_server.py
new file mode 100644
index 0000000000..87f26d7398
--- /dev/null
+++ b/lib/ansible/modules/network/cloudengine/ce_aaa_server.py
@@ -0,0 +1,2191 @@
+#!/usr/bin/python
+#
+# This file is part of Ansible
+#
+# Ansible is free software: you can redistribute it and/or modify
+# it under the terms of the GNU General Public License as published by
+# the Free Software Foundation, either version 3 of the License, or
+# (at your option) any later version.
+#
+# Ansible is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with Ansible. If not, see .
+#
+
+ANSIBLE_METADATA = {'status': ['preview'],
+ 'supported_by': 'community',
+ 'metadata_version': '1.0'}
+
+DOCUMENTATION = '''
+---
+module: ce_aaa_server
+version_added: "2.4"
+short_description: Manages AAA server global configuration on HUAWEI CloudEngine switches.
+description:
+ - Manages AAA server global configuration on HUAWEI CloudEngine switches.
+author:
+ - wangdezhuang (@CloudEngine-Ansible)
+options:
+ state:
+ description:
+ - Specify desired state of the resource.
+ required: false
+ default: present
+ choices: ['present', 'absent']
+ authen_scheme_name:
+ description:
+ - Name of an authentication scheme.
+ The value is a string of 1 to 32 characters.
+ required: false
+ default: null
+ first_authen_mode:
+ description:
+ - Preferred authentication mode.
+ required: false
+ default: null
+ choices: ['invalid', 'local', 'hwtacacs', 'radius', 'none']
+ author_scheme_name:
+ description:
+ - Name of an authorization scheme.
+ The value is a string of 1 to 32 characters.
+ required: false
+ default: null
+ first_author_mode:
+ description:
+ - Preferred authorization mode.
+ required: false
+ default: null
+ choices: ['invalid', 'local', 'hwtacacs', 'if-authenticated', 'none']
+ acct_scheme_name:
+ description:
+ - Accounting scheme name.
+ The value is a string of 1 to 32 characters.
+ required: false
+ default: null
+ accounting_mode:
+ description:
+ - Accounting Mode.
+ required: false
+ default: null
+ choices: ['invalid', 'hwtacacs', 'radius', 'none']
+ domain_name:
+ description:
+ - Name of a domain.
+ The value is a string of 1 to 64 characters.
+ required: false
+ default: null
+ radius_server_group:
+ description:
+ - RADIUS server group's name.
+ The value is a string of 1 to 32 case-insensitive characters.
+ required: false
+ default: null
+ hwtacas_template:
+ description:
+ - Name of a HWTACACS template.
+ The value is a string of 1 to 32 case-insensitive characters.
+ required: false
+ default: null
+ local_user_group:
+ description:
+ - Name of the user group where the user belongs. The user inherits all the rights of the user group.
+ The value is a string of 1 to 32 characters.
+ required: false
+ default: null
+'''
+
+EXAMPLES = '''
+
+- name: AAA server test
+ hosts: cloudengine
+ connection: local
+ gather_facts: no
+ vars:
+ cli:
+ host: "{{ inventory_hostname }}"
+ port: "{{ ansible_ssh_port }}"
+ username: "{{ username }}"
+ password: "{{ password }}"
+ transport: cli
+
+ tasks:
+
+ - name: "Radius authentication Server Basic settings"
+ ce_aaa_server:
+ state: present
+ authen_scheme_name: test1
+ first_authen_mode: radius
+ radius_server_group: test2
+ provider: "{{ cli }}"
+
+ - name: "Undo radius authentication Server Basic settings"
+ ce_aaa_server:
+ state: absent
+ authen_scheme_name: test1
+ first_authen_mode: radius
+ radius_server_group: test2
+ provider: "{{ cli }}"
+
+ - name: "Hwtacacs accounting Server Basic settings"
+ ce_aaa_server:
+ state: present
+ acct_scheme_name: test1
+ accounting_mode: hwtacacs
+ hwtacas_template: test2
+ provider: "{{ cli }}"
+
+ - name: "Undo hwtacacs accounting Server Basic settings"
+ ce_aaa_server:
+ state: absent
+ acct_scheme_name: test1
+ accounting_mode: hwtacacs
+ hwtacas_template: test2
+ provider: "{{ cli }}"
+'''
+
+RETURN = '''
+changed:
+ description: check to see if a change was made on the device
+ returned: always
+ type: boolean
+ sample: true
+proposed:
+ description: k/v pairs of parameters passed into module
+ returned: always
+ type: dict
+ sample: {"accounting_mode": "hwtacacs", "acct_scheme_name": "test1",
+ "hwtacas_template": "test2", "state": "present"}
+existing:
+ description: k/v pairs of existing aaa server
+ returned: always
+ type: dict
+ sample: {"accounting scheme": [["hwtacacs"], ["default"]],
+ "hwtacacs template": ["huawei"]}
+end_state:
+ description: k/v pairs of aaa params after module execution
+ returned: always
+ type: dict
+ sample: {"accounting scheme": [["hwtacacs", "test1"]],
+ "hwtacacs template": ["huawei", "test2"]}
+updates:
+ description: command sent to the device
+ returned: always
+ type: list
+ sample: ["accounting-scheme test1",
+ "accounting-mode hwtacacs",
+ "hwtacacs server template test2",
+ "hwtacacs enable"]
+'''
+
+import re
+from ansible.module_utils.basic import AnsibleModule
+from ansible.module_utils.ce import get_nc_config, set_nc_config, ce_argument_spec
+
+
+SUCCESS = """success"""
+FAILED = """failed"""
+
+INVALID_SCHEME_CHAR = [' ', '/', '\\', ':', '*', '?', '"', '|', '<', '>']
+INVALID_DOMAIN_CHAR = [' ', '*', '?', '"', '\'']
+INVALID_GROUP_CHAR = ['/', '\\', ':', '*', '?', '"', '|', '<', '>']
+
+
+# get authentication scheme
+CE_GET_AUTHENTICATION_SCHEME = """
+
+
+
+
+
+
+
+
+
+
+
+"""
+
+# merge authentication scheme
+CE_MERGE_AUTHENTICATION_SCHEME = """
+
+
+
+
+ %s
+ %s
+ invalid
+
+
+
+
+"""
+
+# create authentication scheme
+CE_CREATE_AUTHENTICATION_SCHEME = """
+
+
+
+
+ %s
+ %s
+ invalid
+
+
+
+
+"""
+
+# delete authentication scheme
+CE_DELETE_AUTHENTICATION_SCHEME = """
+
+
+
+
+ %s
+ %s
+ invalid
+
+
+
+
+"""
+
+# get authorization scheme
+CE_GET_AUTHORIZATION_SCHEME = """
+
+
+
+
+
+
+
+
+
+
+
+"""
+
+# merge authorization scheme
+CE_MERGE_AUTHORIZATION_SCHEME = """
+
+
+
+
+ %s
+ %s
+ invalid
+
+
+
+
+"""
+
+# create authorization scheme
+CE_CREATE_AUTHORIZATION_SCHEME = """
+
+
+
+
+ %s
+ %s
+ invalid
+
+
+
+
+"""
+
+# delete authorization scheme
+CE_DELETE_AUTHORIZATION_SCHEME = """
+
+
+
+
+ %s
+ %s
+ invalid
+
+
+
+
+"""
+
+# get accounting scheme
+CE_GET_ACCOUNTING_SCHEME = """
+
+
+
+
+
+
+
+
+
+
+"""
+
+# merge accounting scheme
+CE_MERGE_ACCOUNTING_SCHEME = """
+
+
+
+
+ %s
+ %s
+
+
+
+
+"""
+
+# create accounting scheme
+CE_CREATE_ACCOUNTING_SCHEME = """
+
+
+
+
+ %s
+ %s
+
+
+
+
+"""
+
+# delete accounting scheme
+CE_DELETE_ACCOUNTING_SCHEME = """
+
+
+
+
+ %s
+ %s
+
+
+
+
+"""
+
+# get authentication domain
+CE_GET_AUTHENTICATION_DOMAIN = """
+
+
+
+
+
+
+
+
+
+
+"""
+
+# merge authentication domain
+CE_MERGE_AUTHENTICATION_DOMAIN = """
+
+
+
+
+ %s
+ %s
+
+
+
+
+"""
+
+# create authentication domain
+CE_CREATE_AUTHENTICATION_DOMAIN = """
+
+
+
+
+ %s
+ %s
+
+
+
+
+"""
+
+# delete authentication domain
+CE_DELETE_AUTHENTICATION_DOMAIN = """
+
+
+
+
+ %s
+ %s
+
+
+
+
+"""
+
+# get authorization domain
+CE_GET_AUTHORIZATION_DOMAIN = """
+
+
+
+
+
+
+
+
+
+
+"""
+
+# merge authorization domain
+CE_MERGE_AUTHORIZATION_DOMAIN = """
+
+
+
+
+ %s
+ %s
+
+
+
+
+"""
+
+# create authorization domain
+CE_CREATE_AUTHORIZATION_DOMAIN = """
+
+
+
+
+ %s
+ %s
+
+
+
+
+"""
+
+# delete authorization domain
+CE_DELETE_AUTHORIZATION_DOMAIN = """
+
+
+
+
+ %s
+ %s
+
+
+
+
+"""
+
+# get accounting domain
+CE_GET_ACCOUNTING_DOMAIN = """
+
+
+
+
+
+
+
+
+
+
+"""
+
+# merge accounting domain
+CE_MERGE_ACCOUNTING_DOMAIN = """
+
+
+
+
+ %s
+ %s
+
+
+
+
+"""
+
+# create accounting domain
+CE_CREATE_ACCOUNTING_DOMAIN = """
+
+
+
+
+ %s
+ %s
+
+
+
+
+"""
+
+# delete accounting domain
+CE_DELETE_ACCOUNTING_DOMAIN = """
+
+
+
+
+ %s
+ %s
+
+
+
+
+"""
+
+# get radius template
+CE_GET_RADIUS_TEMPLATE = """
+
+
+
+
+
+
+
+
+
+
+
+"""
+
+# merge radius template
+CE_MERGE_RADIUS_TEMPLATE = """
+
+
+
+
+ %s
+ 3
+ 5
+
+
+
+
+"""
+
+# create radius template
+CE_CREATE_RADIUS_TEMPLATE = """
+
+
+
+
+ %s
+ 3
+ 5
+
+
+
+
+"""
+
+# delete radius template
+CE_DELETE_RADIUS_TEMPLATE = """
+
+
+
+
+ %s
+ 3
+ 5
+
+
+
+
+"""
+
+# get hwtacacs template
+CE_GET_HWTACACS_TEMPLATE = """
+
+
+
+
+
+
+
+
+
+
+
+"""
+
+# merge hwtacacs template
+CE_MERGE_HWTACACS_TEMPLATE = """
+
+
+
+
+ %s
+ true
+ 5
+
+
+
+
+"""
+
+# create hwtacacs template
+CE_CREATE_HWTACACS_TEMPLATE = """
+
+
+
+
+ %s
+ true
+ 5
+
+
+
+
+"""
+
+# delete hwtacacs template
+CE_DELETE_HWTACACS_TEMPLATE = """
+
+
+
+
+ %s
+
+
+
+
+"""
+
+# get radius client
+CE_GET_RADIUS_CLIENT = """
+
+
+
+
+
+
+
+
+
+"""
+
+# merge radius client
+CE_MERGE_RADIUS_CLIENT = """
+
+
+
+ %s
+
+
+
+"""
+
+# get hwtacacs global config
+CE_GET_HWTACACS_GLOBAL_CFG = """
+
+
+
+
+
+
+
+
+
+"""
+
+# merge hwtacacs global config
+CE_MERGE_HWTACACS_GLOBAL_CFG = """
+
+
+
+ %s
+
+
+
+"""
+
+# get local user group
+CE_GET_LOCAL_USER_GROUP = """
+
+
+
+
+
+
+
+
+
+"""
+# merge local user group
+CE_MERGE_LOCAL_USER_GROUP = """
+
+
+
+
+ %s
+
+
+
+
+"""
+# delete local user group
+CE_DELETE_LOCAL_USER_GROUP = """
+
+
+
+
+ %s
+
+
+
+
+"""
+
+
+class AaaServer(object):
+ """ Manages aaa configuration """
+
+ def netconf_get_config(self, **kwargs):
+ """ Get configure by netconf """
+
+ module = kwargs["module"]
+ conf_str = kwargs["conf_str"]
+
+ xml_str = get_nc_config(module, conf_str)
+
+ return xml_str
+
+ def netconf_set_config(self, **kwargs):
+ """ Set configure by netconf """
+
+ module = kwargs["module"]
+ conf_str = kwargs["conf_str"]
+
+ recv_xml = set_nc_config(module, conf_str)
+
+ return recv_xml
+
+ def get_authentication_scheme(self, **kwargs):
+ """ Get scheme of authentication """
+
+ module = kwargs["module"]
+ conf_str = CE_GET_AUTHENTICATION_SCHEME
+
+ xml_str = self.netconf_get_config(module=module, conf_str=conf_str)
+
+ result = list()
+
+ if "" in xml_str:
+ return result
+ else:
+ re_find = re.findall(
+ r'.*(.*).*\s*'
+ r'(.*).*\s*'
+ r'(.*).*', xml_str)
+
+ if re_find:
+ return re_find
+ else:
+ return result
+
+ def get_authentication_domain(self, **kwargs):
+ """ Get domain of authentication """
+
+ module = kwargs["module"]
+ conf_str = CE_GET_AUTHENTICATION_DOMAIN
+
+ xml_str = self.netconf_get_config(module=module, conf_str=conf_str)
+
+ result = list()
+
+ if "" in xml_str:
+ return result
+ else:
+ re_find = re.findall(
+ r'.*(.*).*\s*'
+ r'(.*).*', xml_str)
+
+ if re_find:
+ return re_find
+ else:
+ return result
+
+ def merge_authentication_scheme(self, **kwargs):
+ """ Merge scheme of authentication """
+
+ authen_scheme_name = kwargs["authen_scheme_name"]
+ first_authen_mode = kwargs["first_authen_mode"]
+ module = kwargs["module"]
+ conf_str = CE_MERGE_AUTHENTICATION_SCHEME % (
+ authen_scheme_name, first_authen_mode)
+
+ xml = self.netconf_set_config(module=module, conf_str=conf_str)
+
+ if "" not in xml:
+ module.fail_json(msg='Error: Merge authentication scheme failed.')
+
+ cmds = []
+ cmd = "authentication-scheme %s" % authen_scheme_name
+ cmds.append(cmd)
+ cmd = "authentication-mode %s" % first_authen_mode
+ cmds.append(cmd)
+
+ return cmds
+
+ def merge_authentication_domain(self, **kwargs):
+ """ Merge domain of authentication """
+
+ domain_name = kwargs["domain_name"]
+ authen_scheme_name = kwargs["authen_scheme_name"]
+ module = kwargs["module"]
+ conf_str = CE_MERGE_AUTHENTICATION_DOMAIN % (
+ domain_name, authen_scheme_name)
+
+ xml = self.netconf_set_config(module=module, conf_str=conf_str)
+
+ if "" not in xml:
+ module.fail_json(msg='Error: Merge authentication domain failed.')
+
+ cmds = []
+ cmd = "domain %s" % domain_name
+ cmds.append(cmd)
+ cmd = "authentication-scheme %s" % authen_scheme_name
+ cmds.append(cmd)
+
+ return cmds
+
+ def create_authentication_scheme(self, **kwargs):
+ """ Create scheme of authentication """
+
+ authen_scheme_name = kwargs["authen_scheme_name"]
+ first_authen_mode = kwargs["first_authen_mode"]
+ module = kwargs["module"]
+ conf_str = CE_CREATE_AUTHENTICATION_SCHEME % (
+ authen_scheme_name, first_authen_mode)
+
+ xml = self.netconf_set_config(module=module, conf_str=conf_str)
+
+ if "" not in xml:
+ module.fail_json(msg='Error: Create authentication scheme failed.')
+
+ cmds = []
+ cmd = "authentication-scheme %s" % authen_scheme_name
+ cmds.append(cmd)
+ cmd = "authentication-mode %s" % first_authen_mode
+ cmds.append(cmd)
+
+ return cmds
+
+ def create_authentication_domain(self, **kwargs):
+ """ Create domain of authentication """
+
+ domain_name = kwargs["domain_name"]
+ authen_scheme_name = kwargs["authen_scheme_name"]
+ module = kwargs["module"]
+ conf_str = CE_CREATE_AUTHENTICATION_DOMAIN % (
+ domain_name, authen_scheme_name)
+
+ xml = self.netconf_set_config(module=module, conf_str=conf_str)
+
+ if "" not in xml:
+ module.fail_json(msg='Error: Create authentication domain failed.')
+
+ cmds = []
+ cmd = "domain %s" % domain_name
+ cmds.append(cmd)
+ cmd = "authentication-scheme %s" % authen_scheme_name
+ cmds.append(cmd)
+
+ return cmds
+
+ def delete_authentication_scheme(self, **kwargs):
+ """ Delete scheme of authentication """
+
+ authen_scheme_name = kwargs["authen_scheme_name"]
+ first_authen_mode = kwargs["first_authen_mode"]
+ module = kwargs["module"]
+
+ if authen_scheme_name == "default":
+ return SUCCESS
+
+ conf_str = CE_DELETE_AUTHENTICATION_SCHEME % (
+ authen_scheme_name, first_authen_mode)
+
+ xml = self.netconf_set_config(module=module, conf_str=conf_str)
+
+ if "" not in xml:
+ module.fail_json(msg='Error: Delete authentication scheme failed.')
+
+ cmds = []
+ cmd = "undo authentication-scheme %s" % authen_scheme_name
+ cmds.append(cmd)
+ cmd = "authentication-mode none"
+ cmds.append(cmd)
+
+ return cmds
+
+ def delete_authentication_domain(self, **kwargs):
+ """ Delete domain of authentication """
+
+ domain_name = kwargs["domain_name"]
+ authen_scheme_name = kwargs["authen_scheme_name"]
+ module = kwargs["module"]
+
+ if domain_name == "default":
+ return SUCCESS
+
+ conf_str = CE_DELETE_AUTHENTICATION_DOMAIN % (
+ domain_name, authen_scheme_name)
+
+ xml = self.netconf_set_config(module=module, conf_str=conf_str)
+
+ if "" not in xml:
+ module.fail_json(msg='Error: Delete authentication domain failed.')
+
+ cmds = []
+ cmd = "undo authentication-scheme"
+ cmds.append(cmd)
+ cmd = "undo domain %s" % domain_name
+ cmds.append(cmd)
+
+ return cmds
+
+ def get_authorization_scheme(self, **kwargs):
+ """ Get scheme of authorization """
+
+ module = kwargs["module"]
+ conf_str = CE_GET_AUTHORIZATION_SCHEME
+
+ xml_str = self.netconf_get_config(module=module, conf_str=conf_str)
+
+ result = list()
+
+ if "" in xml_str:
+ return result
+ else:
+ re_find = re.findall(
+ r'.*(.*).*\s*'
+ r'(.*).*\s*'
+ r'(.*).*', xml_str)
+
+ if re_find:
+ return re_find
+ else:
+ return result
+
+ def get_authorization_domain(self, **kwargs):
+ """ Get domain of authorization """
+
+ module = kwargs["module"]
+ conf_str = CE_GET_AUTHORIZATION_DOMAIN
+
+ xml_str = self.netconf_get_config(module=module, conf_str=conf_str)
+
+ result = list()
+
+ if "" in xml_str:
+ return result
+ else:
+ re_find = re.findall(
+ r'.*(.*).*\s*'
+ r'(.*).*', xml_str)
+
+ if re_find:
+ return re_find
+ else:
+ return result
+
+ def merge_authorization_scheme(self, **kwargs):
+ """ Merge scheme of authorization """
+
+ author_scheme_name = kwargs["author_scheme_name"]
+ first_author_mode = kwargs["first_author_mode"]
+ module = kwargs["module"]
+ conf_str = CE_MERGE_AUTHORIZATION_SCHEME % (
+ author_scheme_name, first_author_mode)
+
+ xml = self.netconf_set_config(module=module, conf_str=conf_str)
+
+ if "" not in xml:
+ module.fail_json(msg='Error: Merge authorization scheme failed.')
+
+ cmds = []
+ cmd = "authorization-scheme %s" % author_scheme_name
+ cmds.append(cmd)
+ cmd = "authorization-mode %s" % first_author_mode
+ cmds.append(cmd)
+
+ return cmds
+
+ def merge_authorization_domain(self, **kwargs):
+ """ Merge domain of authorization """
+
+ domain_name = kwargs["domain_name"]
+ author_scheme_name = kwargs["author_scheme_name"]
+ module = kwargs["module"]
+ conf_str = CE_MERGE_AUTHORIZATION_DOMAIN % (
+ domain_name, author_scheme_name)
+
+ xml = self.netconf_set_config(module=module, conf_str=conf_str)
+
+ if "" not in xml:
+ module.fail_json(msg='Error: Merge authorization domain failed.')
+
+ cmds = []
+ cmd = "domain %s" % domain_name
+ cmds.append(cmd)
+ cmd = "authorization-scheme %s" % author_scheme_name
+ cmds.append(cmd)
+
+ return cmds
+
+ def create_authorization_scheme(self, **kwargs):
+ """ Create scheme of authorization """
+
+ author_scheme_name = kwargs["author_scheme_name"]
+ first_author_mode = kwargs["first_author_mode"]
+ module = kwargs["module"]
+ conf_str = CE_CREATE_AUTHORIZATION_SCHEME % (
+ author_scheme_name, first_author_mode)
+
+ xml = self.netconf_set_config(module=module, conf_str=conf_str)
+
+ if "" not in xml:
+ module.fail_json(msg='Error: Create authorization scheme failed.')
+
+ cmds = []
+ cmd = "authorization-scheme %s" % author_scheme_name
+ cmds.append(cmd)
+ cmd = "authorization-mode %s" % first_author_mode
+ cmds.append(cmd)
+
+ return cmds
+
+ def create_authorization_domain(self, **kwargs):
+ """ Create domain of authorization """
+
+ domain_name = kwargs["domain_name"]
+ author_scheme_name = kwargs["author_scheme_name"]
+ module = kwargs["module"]
+ conf_str = CE_CREATE_AUTHORIZATION_DOMAIN % (
+ domain_name, author_scheme_name)
+
+ xml = self.netconf_set_config(module=module, conf_str=conf_str)
+
+ if "" not in xml:
+ module.fail_json(msg='Error: Create authorization domain failed.')
+
+ cmds = []
+ cmd = "domain %s" % domain_name
+ cmds.append(cmd)
+ cmd = "authorization-scheme %s" % author_scheme_name
+ cmds.append(cmd)
+
+ return cmds
+
+ def delete_authorization_scheme(self, **kwargs):
+ """ Delete scheme of authorization """
+
+ author_scheme_name = kwargs["author_scheme_name"]
+ first_author_mode = kwargs["first_author_mode"]
+ module = kwargs["module"]
+
+ if author_scheme_name == "default":
+ return SUCCESS
+
+ conf_str = CE_DELETE_AUTHORIZATION_SCHEME % (
+ author_scheme_name, first_author_mode)
+
+ xml = self.netconf_set_config(module=module, conf_str=conf_str)
+
+ if "" not in xml:
+ module.fail_json(msg='Error: Delete authorization scheme failed.')
+
+ cmds = []
+ cmd = "undo authorization-scheme %s" % author_scheme_name
+ cmds.append(cmd)
+ cmd = "authorization-mode none"
+ cmds.append(cmd)
+
+ return cmds
+
+ def delete_authorization_domain(self, **kwargs):
+ """ Delete domain of authorization """
+
+ domain_name = kwargs["domain_name"]
+ author_scheme_name = kwargs["author_scheme_name"]
+ module = kwargs["module"]
+
+ if domain_name == "default":
+ return SUCCESS
+
+ conf_str = CE_DELETE_AUTHORIZATION_DOMAIN % (
+ domain_name, author_scheme_name)
+
+ xml = self.netconf_set_config(module=module, conf_str=conf_str)
+
+ if "" not in xml:
+ module.fail_json(msg='Error: Delete authorization domian failed.')
+
+ cmds = []
+ cmd = "undo authorization-scheme"
+ cmds.append(cmd)
+ cmd = "undo domain %s" % domain_name
+ cmds.append(cmd)
+
+ return cmds
+
+ def get_accounting_scheme(self, **kwargs):
+ """ Get scheme of accounting """
+
+ module = kwargs["module"]
+ conf_str = CE_GET_ACCOUNTING_SCHEME
+
+ xml_str = self.netconf_get_config(module=module, conf_str=conf_str)
+
+ result = list()
+
+ if "" in xml_str:
+ return result
+ else:
+ re_find = re.findall(
+ r'.*(.*).*\s*'
+ r'(.*).*', xml_str)
+
+ if re_find:
+ return re_find
+ else:
+ return result
+
+ def get_accounting_domain(self, **kwargs):
+ """ Get domain of accounting """
+
+ module = kwargs["module"]
+ conf_str = CE_GET_ACCOUNTING_DOMAIN
+
+ xml_str = self.netconf_get_config(module=module, conf_str=conf_str)
+
+ result = list()
+
+ if "" in xml_str:
+ return result
+ else:
+ re_find = re.findall(
+ r'.*(.*).*\s*'
+ r'(.*).*', xml_str)
+
+ if re_find:
+ return re_find
+ else:
+ return result
+
+ def merge_accounting_scheme(self, **kwargs):
+ """ Merge scheme of accounting """
+
+ acct_scheme_name = kwargs["acct_scheme_name"]
+ accounting_mode = kwargs["accounting_mode"]
+ module = kwargs["module"]
+ conf_str = CE_MERGE_ACCOUNTING_SCHEME % (
+ acct_scheme_name, accounting_mode)
+
+ xml = self.netconf_set_config(module=module, conf_str=conf_str)
+
+ if "" not in xml:
+ module.fail_json(msg='Error: Merge accounting scheme failed.')
+
+ cmds = []
+ cmd = "accounting-scheme %s" % acct_scheme_name
+ cmds.append(cmd)
+ cmd = "accounting-mode %s" % accounting_mode
+ cmds.append(cmd)
+
+ return cmds
+
+ def merge_accounting_domain(self, **kwargs):
+ """ Merge domain of accounting """
+
+ domain_name = kwargs["domain_name"]
+ acct_scheme_name = kwargs["acct_scheme_name"]
+ module = kwargs["module"]
+ conf_str = CE_MERGE_ACCOUNTING_DOMAIN % (domain_name, acct_scheme_name)
+
+ xml = self.netconf_set_config(module=module, conf_str=conf_str)
+
+ if "" not in xml:
+ module.fail_json(msg='Error: Merge accounting domain failed.')
+
+ cmds = []
+ cmd = "domain %s" % domain_name
+ cmds.append(cmd)
+ cmd = "accounting-scheme %s" % acct_scheme_name
+ cmds.append(cmd)
+
+ return cmds
+
+ def create_accounting_scheme(self, **kwargs):
+ """ Create scheme of accounting """
+
+ acct_scheme_name = kwargs["acct_scheme_name"]
+ accounting_mode = kwargs["accounting_mode"]
+ module = kwargs["module"]
+ conf_str = CE_CREATE_ACCOUNTING_SCHEME % (
+ acct_scheme_name, accounting_mode)
+
+ xml = self.netconf_set_config(module=module, conf_str=conf_str)
+
+ if "" not in xml:
+ module.fail_json(msg='Error: Create accounting scheme failed.')
+
+ cmds = []
+ cmd = "accounting-scheme %s" % acct_scheme_name
+ cmds.append(cmd)
+ cmd = "accounting-mode %s" % accounting_mode
+ cmds.append(cmd)
+
+ return cmds
+
+ def create_accounting_domain(self, **kwargs):
+ """ Create domain of accounting """
+
+ domain_name = kwargs["domain_name"]
+ acct_scheme_name = kwargs["acct_scheme_name"]
+ module = kwargs["module"]
+ conf_str = CE_CREATE_ACCOUNTING_DOMAIN % (
+ domain_name, acct_scheme_name)
+
+ xml = self.netconf_set_config(module=module, conf_str=conf_str)
+
+ if "" not in xml:
+ module.fail_json(msg='Error: Create accounting domain failed.')
+
+ cmds = []
+ cmd = "domain %s" % domain_name
+ cmds.append(cmd)
+ cmd = "accounting-scheme %s" % acct_scheme_name
+ cmds.append(cmd)
+
+ return cmds
+
+ def delete_accounting_scheme(self, **kwargs):
+ """ Delete scheme of accounting """
+
+ acct_scheme_name = kwargs["acct_scheme_name"]
+ accounting_mode = kwargs["accounting_mode"]
+ module = kwargs["module"]
+
+ if acct_scheme_name == "default":
+ return SUCCESS
+
+ conf_str = CE_DELETE_ACCOUNTING_SCHEME % (
+ acct_scheme_name, accounting_mode)
+
+ xml = self.netconf_set_config(module=module, conf_str=conf_str)
+
+ if "" not in xml:
+ module.fail_json(msg='Error: Delete accounting scheme failed.')
+
+ cmds = []
+ cmd = "undo accounting-scheme %s" % acct_scheme_name
+ cmds.append(cmd)
+ cmd = "accounting-mode none"
+ cmds.append(cmd)
+
+ return cmds
+
+ def delete_accounting_domain(self, **kwargs):
+ """ Delete domain of accounting """
+
+ domain_name = kwargs["domain_name"]
+ acct_scheme_name = kwargs["acct_scheme_name"]
+ module = kwargs["module"]
+
+ if domain_name == "default":
+ return SUCCESS
+
+ conf_str = CE_DELETE_ACCOUNTING_DOMAIN % (
+ domain_name, acct_scheme_name)
+
+ xml = self.netconf_set_config(module=module, conf_str=conf_str)
+
+ if "" not in xml:
+ module.fail_json(msg='Error: Delete accounting domain failed.')
+
+ cmds = []
+ cmd = "undo domain %s" % domain_name
+ cmds.append(cmd)
+ cmd = "undo accounting-scheme"
+ cmds.append(cmd)
+
+ return cmds
+
+ def get_radius_template(self, **kwargs):
+ """ Get radius template """
+
+ module = kwargs["module"]
+ conf_str = CE_GET_RADIUS_TEMPLATE
+
+ xml_str = self.netconf_get_config(module=module, conf_str=conf_str)
+
+ result = list()
+
+ if "" in xml_str:
+ return result
+ else:
+ re_find = re.findall(
+ r'.*(.*).*', xml_str)
+
+ if re_find:
+ return re_find
+ else:
+ return result
+
+ def merge_radius_template(self, **kwargs):
+ """ Merge radius template """
+
+ radius_server_group = kwargs["radius_server_group"]
+ module = kwargs["module"]
+ conf_str = CE_MERGE_RADIUS_TEMPLATE % radius_server_group
+
+ xml = self.netconf_set_config(module=module, conf_str=conf_str)
+
+ if "" not in xml:
+ module.fail_json(msg='Error: Merge radius template failed.')
+
+ cmds = []
+ cmd = "radius server group %s" % radius_server_group
+ cmds.append(cmd)
+
+ return cmds
+
+ def create_radius_template(self, **kwargs):
+ """ Create radius template """
+
+ radius_server_group = kwargs["radius_server_group"]
+ module = kwargs["module"]
+ conf_str = CE_CREATE_RADIUS_TEMPLATE % radius_server_group
+
+ xml = self.netconf_set_config(module=module, conf_str=conf_str)
+
+ if "" not in xml:
+ module.fail_json(msg='Error: Create radius template failed.')
+
+ cmds = []
+ cmd = "radius server group %s" % radius_server_group
+ cmds.append(cmd)
+
+ return cmds
+
+ def delete_radius_template(self, **kwargs):
+ """ Delete radius template """
+
+ radius_server_group = kwargs["radius_server_group"]
+ module = kwargs["module"]
+ conf_str = CE_DELETE_RADIUS_TEMPLATE % radius_server_group
+
+ xml = self.netconf_set_config(module=module, conf_str=conf_str)
+
+ if "" not in xml:
+ module.fail_json(msg='Error: Delete radius template failed.')
+
+ cmds = []
+ cmd = "undo radius server group %s" % radius_server_group
+ cmds.append(cmd)
+
+ return cmds
+
+ def get_radius_client(self, **kwargs):
+ """ Get radius client """
+
+ module = kwargs["module"]
+ conf_str = CE_GET_RADIUS_CLIENT
+
+ xml_str = self.netconf_get_config(module=module, conf_str=conf_str)
+
+ result = list()
+
+ if "" in xml_str:
+ return result
+ else:
+ re_find = re.findall(
+ r'.*(.*).*', xml_str)
+
+ if re_find:
+ return re_find
+ else:
+ return result
+
+ def merge_radius_client(self, **kwargs):
+ """ Merge radius client """
+
+ enable = kwargs["isEnable"]
+ module = kwargs["module"]
+ conf_str = CE_MERGE_RADIUS_CLIENT % enable
+
+ xml = self.netconf_set_config(module=module, conf_str=conf_str)
+
+ if "" not in xml:
+ module.fail_json(msg='Error: Merge radius client failed.')
+
+ cmds = []
+ if enable == "true":
+ cmd = "radius enable"
+ else:
+ cmd = "undo radius enable"
+ cmds.append(cmd)
+
+ return cmds
+
+ def get_hwtacacs_template(self, **kwargs):
+ """ Get hwtacacs template """
+
+ module = kwargs["module"]
+ conf_str = CE_GET_HWTACACS_TEMPLATE
+
+ xml_str = self.netconf_get_config(module=module, conf_str=conf_str)
+
+ result = list()
+
+ if "" in xml_str:
+ return result
+ else:
+ re_find = re.findall(
+ r'.*(.*).*', xml_str)
+
+ if re_find:
+ return re_find
+ else:
+ return result
+
+ def merge_hwtacacs_template(self, **kwargs):
+ """ Merge hwtacacs template """
+
+ hwtacas_template = kwargs["hwtacas_template"]
+ module = kwargs["module"]
+ conf_str = CE_MERGE_HWTACACS_TEMPLATE % hwtacas_template
+
+ xml = self.netconf_set_config(module=module, conf_str=conf_str)
+
+ if "" not in xml:
+ module.fail_json(msg='Error: Merge hwtacacs template failed.')
+
+ cmds = []
+ cmd = "hwtacacs server template %s" % hwtacas_template
+ cmds.append(cmd)
+
+ return cmds
+
+ def create_hwtacacs_template(self, **kwargs):
+ """ Create hwtacacs template """
+
+ hwtacas_template = kwargs["hwtacas_template"]
+ module = kwargs["module"]
+ conf_str = CE_CREATE_HWTACACS_TEMPLATE % hwtacas_template
+
+ xml = self.netconf_set_config(module=module, conf_str=conf_str)
+
+ if "" not in xml:
+ module.fail_json(msg='Error: Create hwtacacs template failed.')
+
+ cmds = []
+ cmd = "hwtacacs server template %s" % hwtacas_template
+ cmds.append(cmd)
+
+ return cmds
+
+ def delete_hwtacacs_template(self, **kwargs):
+ """ Delete hwtacacs template """
+
+ hwtacas_template = kwargs["hwtacas_template"]
+ module = kwargs["module"]
+ conf_str = CE_DELETE_HWTACACS_TEMPLATE % hwtacas_template
+
+ xml = self.netconf_set_config(module=module, conf_str=conf_str)
+
+ if "" not in xml:
+ module.fail_json(msg='Error: Delete hwtacacs template failed.')
+
+ cmds = []
+ cmd = "undo hwtacacs server template %s" % hwtacas_template
+ cmds.append(cmd)
+
+ return cmds
+
+ def get_hwtacacs_global_cfg(self, **kwargs):
+ """ Get hwtacacs global configure """
+
+ module = kwargs["module"]
+ conf_str = CE_GET_HWTACACS_GLOBAL_CFG
+
+ xml_str = self.netconf_get_config(module=module, conf_str=conf_str)
+
+ result = list()
+
+ if "" in xml_str:
+ return result
+ else:
+ re_find = re.findall(
+ r'.*(.*).*', xml_str)
+
+ if re_find:
+ return re_find
+ else:
+ return result
+
+ def merge_hwtacacs_global_cfg(self, **kwargs):
+ """ Merge hwtacacs global configure """
+
+ enable = kwargs["isEnable"]
+ module = kwargs["module"]
+ conf_str = CE_MERGE_HWTACACS_GLOBAL_CFG % enable
+
+ xml = self.netconf_set_config(module=module, conf_str=conf_str)
+
+ if "" not in xml:
+ module.fail_json(msg='Error: Merge hwtacacs global config failed.')
+
+ cmds = []
+
+ if enable == "true":
+ cmd = "hwtacacs enable"
+ else:
+ cmd = "undo hwtacacs enable"
+ cmds.append(cmd)
+
+ return cmds
+
+ def get_local_user_group(self, **kwargs):
+ """ Get local user group """
+
+ module = kwargs["module"]
+ conf_str = CE_GET_LOCAL_USER_GROUP
+
+ xml_str = self.netconf_get_config(module=module, conf_str=conf_str)
+
+ result = list()
+
+ if "" in xml_str:
+ return result
+ else:
+ re_find = re.findall(
+ r'.*(.*).*', xml_str)
+
+ if re_find:
+ return re_find
+ else:
+ return result
+
+ def merge_local_user_group(self, **kwargs):
+ """ Merge local user group """
+
+ local_user_group = kwargs["local_user_group"]
+ module = kwargs["module"]
+ conf_str = CE_MERGE_LOCAL_USER_GROUP % local_user_group
+
+ xml = self.netconf_set_config(module=module, conf_str=conf_str)
+
+ if "" not in xml:
+ module.fail_json(msg='Error: Merge local user group failed.')
+
+ cmds = []
+ cmd = "user-group %s" % local_user_group
+ cmds.append(cmd)
+
+ return cmds
+
+ def delete_local_user_group(self, **kwargs):
+ """ Delete local user group """
+
+ local_user_group = kwargs["local_user_group"]
+ module = kwargs["module"]
+ conf_str = CE_DELETE_LOCAL_USER_GROUP % local_user_group
+
+ xml = self.netconf_set_config(module=module, conf_str=conf_str)
+
+ if "" not in xml:
+ module.fail_json(msg='Error: Delete local user group failed.')
+
+ cmds = []
+ cmd = "undo user-group %s" % local_user_group
+ cmds.append(cmd)
+
+ return cmds
+
+
+def check_name(**kwargs):
+ """ Check invalid name """
+
+ module = kwargs["module"]
+ name = kwargs["name"]
+ invalid_char = kwargs["invalid_char"]
+
+ for item in invalid_char:
+ if item in name:
+ module.fail_json(
+ msg='Error: invalid char %s is in the name %s.' % (item, name))
+
+
+def check_module_argument(**kwargs):
+ """ Check module argument """
+
+ module = kwargs["module"]
+
+ authen_scheme_name = module.params['authen_scheme_name']
+ author_scheme_name = module.params['author_scheme_name']
+ acct_scheme_name = module.params['acct_scheme_name']
+ domain_name = module.params['domain_name']
+ radius_server_group = module.params['radius_server_group']
+ hwtacas_template = module.params['hwtacas_template']
+ local_user_group = module.params['local_user_group']
+
+ if authen_scheme_name:
+ if len(authen_scheme_name) > 32:
+ module.fail_json(
+ msg='Error: authen_scheme_name %s '
+ 'is large than 32.' % authen_scheme_name)
+ check_name(module=module, name=authen_scheme_name,
+ invalid_char=INVALID_SCHEME_CHAR)
+
+ if author_scheme_name:
+ if len(author_scheme_name) > 32:
+ module.fail_json(
+ msg='Error: author_scheme_name %s '
+ 'is large than 32.' % author_scheme_name)
+ check_name(module=module, name=author_scheme_name,
+ invalid_char=INVALID_SCHEME_CHAR)
+
+ if acct_scheme_name:
+ if len(acct_scheme_name) > 32:
+ module.fail_json(
+ msg='Error: acct_scheme_name %s '
+ 'is large than 32.' % acct_scheme_name)
+ check_name(module=module, name=acct_scheme_name,
+ invalid_char=INVALID_SCHEME_CHAR)
+
+ if domain_name:
+ if len(domain_name) > 64:
+ module.fail_json(
+ msg='Error: domain_name %s '
+ 'is large than 64.' % domain_name)
+ check_name(module=module, name=domain_name,
+ invalid_char=INVALID_DOMAIN_CHAR)
+ if domain_name == "-" or domain_name == "--":
+ module.fail_json(msg='domain_name %s '
+ 'is invalid.' % domain_name)
+
+ if radius_server_group and len(radius_server_group) > 32:
+ module.fail_json(msg='Error: radius_server_group %s '
+ 'is large than 32.' % radius_server_group)
+
+ if hwtacas_template and len(hwtacas_template) > 32:
+ module.fail_json(
+ msg='Error: hwtacas_template %s '
+ 'is large than 32.' % hwtacas_template)
+
+ if local_user_group:
+ if len(local_user_group) > 32:
+ module.fail_json(
+ msg='Error: local_user_group %s '
+ 'is large than 32.' % local_user_group)
+ check_name(module=module, name=local_user_group,
+ invalid_char=INVALID_GROUP_CHAR)
+
+
+def main():
+ """ Module main """
+
+ argument_spec = dict(
+ state=dict(choices=['present', 'absent'],
+ default='present'),
+ authen_scheme_name=dict(type='str'),
+ first_authen_mode=dict(choices=['invalid', 'local',
+ 'hwtacacs', 'radius', 'none']),
+ author_scheme_name=dict(type='str'),
+ first_author_mode=dict(choices=['invalid', 'local',
+ 'hwtacacs', 'if-authenticated', 'none']),
+ acct_scheme_name=dict(type='str'),
+ accounting_mode=dict(choices=['invalid', 'hwtacacs',
+ 'radius', 'none']),
+ domain_name=dict(type='str'),
+ radius_server_group=dict(type='str'),
+ hwtacas_template=dict(type='str'),
+ local_user_group=dict(type='str')
+ )
+
+ argument_spec.update(ce_argument_spec)
+
+ module = AnsibleModule(argument_spec=argument_spec,
+ supports_check_mode=True)
+
+ check_module_argument(module=module)
+
+ changed = False
+ proposed = dict()
+ existing = dict()
+ end_state = dict()
+ updates = []
+
+ state = module.params['state']
+ authen_scheme_name = module.params['authen_scheme_name']
+ first_authen_mode = module.params['first_authen_mode']
+ author_scheme_name = module.params['author_scheme_name']
+ first_author_mode = module.params['first_author_mode']
+ acct_scheme_name = module.params['acct_scheme_name']
+ accounting_mode = module.params['accounting_mode']
+ domain_name = module.params['domain_name']
+ radius_server_group = module.params['radius_server_group']
+ hwtacas_template = module.params['hwtacas_template']
+ local_user_group = module.params['local_user_group']
+
+ ce_aaa_server = AaaServer()
+
+ if not ce_aaa_server:
+ module.fail_json(msg='Error: init module failed.')
+
+ # get proposed
+ proposed["state"] = state
+ if authen_scheme_name:
+ proposed["authen_scheme_name"] = authen_scheme_name
+ if first_authen_mode:
+ proposed["first_authen_mode"] = first_authen_mode
+ if author_scheme_name:
+ proposed["author_scheme_name"] = author_scheme_name
+ if first_author_mode:
+ proposed["first_author_mode"] = first_author_mode
+ if acct_scheme_name:
+ proposed["acct_scheme_name"] = acct_scheme_name
+ if accounting_mode:
+ proposed["accounting_mode"] = accounting_mode
+ if domain_name:
+ proposed["domain_name"] = domain_name
+ if radius_server_group:
+ proposed["radius_server_group"] = radius_server_group
+ if hwtacas_template:
+ proposed["hwtacas_template"] = hwtacas_template
+ if local_user_group:
+ proposed["local_user_group"] = local_user_group
+
+ # authentication
+ if authen_scheme_name:
+
+ scheme_exist = ce_aaa_server.get_authentication_scheme(module=module)
+ scheme_new = (first_authen_mode.lower(), "invalid",
+ authen_scheme_name.lower())
+
+ existing["authentication scheme"] = scheme_exist
+
+ if state == "present":
+ # present authentication scheme
+ if len(scheme_exist) == 0:
+ cmd = ce_aaa_server.create_authentication_scheme(
+ module=module,
+ authen_scheme_name=authen_scheme_name,
+ first_authen_mode=first_authen_mode)
+
+ updates.append(cmd)
+ changed = True
+
+ elif scheme_new not in scheme_exist:
+ cmd = ce_aaa_server.merge_authentication_scheme(
+ module=module,
+ authen_scheme_name=authen_scheme_name,
+ first_authen_mode=first_authen_mode)
+ updates.append(cmd)
+ changed = True
+
+ # present authentication domain
+ if domain_name:
+ domain_exist = ce_aaa_server.get_authentication_domain(
+ module=module)
+ domain_new = (domain_name.lower(), authen_scheme_name.lower())
+
+ if len(domain_exist) == 0:
+ cmd = ce_aaa_server.create_authentication_domain(
+ module=module,
+ domain_name=domain_name,
+ authen_scheme_name=authen_scheme_name)
+ updates.append(cmd)
+ changed = True
+
+ elif domain_new not in domain_exist:
+ cmd = ce_aaa_server.merge_authentication_domain(
+ module=module,
+ domain_name=domain_name,
+ authen_scheme_name=authen_scheme_name)
+ updates.append(cmd)
+ changed = True
+
+ else:
+ # absent authentication scheme
+ if len(scheme_exist) == 0:
+ pass
+ elif scheme_new not in scheme_exist:
+ pass
+ else:
+ cmd = ce_aaa_server.delete_authentication_scheme(
+ module=module,
+ authen_scheme_name=authen_scheme_name,
+ first_authen_mode=first_authen_mode)
+ updates.append(cmd)
+ changed = True
+
+ # absent authentication domain
+ if domain_name:
+ domain_exist = ce_aaa_server.get_authentication_domain(
+ module=module)
+ domain_new = (domain_name.lower(), authen_scheme_name.lower())
+
+ if len(domain_exist) == 0:
+ pass
+ elif domain_new not in domain_exist:
+ pass
+ else:
+ cmd = ce_aaa_server.delete_authentication_domain(
+ module=module,
+ domain_name=domain_name,
+ authen_scheme_name=authen_scheme_name)
+ updates.append(cmd)
+ changed = True
+
+ scheme_end = ce_aaa_server.get_authentication_scheme(module=module)
+ end_state["authentication scheme"] = scheme_end
+
+ # authorization
+ if author_scheme_name:
+
+ scheme_exist = ce_aaa_server.get_authorization_scheme(module=module)
+ scheme_new = (first_author_mode.lower(), "invalid",
+ author_scheme_name.lower())
+
+ existing["authorization scheme"] = scheme_exist
+
+ if state == "present":
+ # present authorization scheme
+ if len(scheme_exist) == 0:
+ cmd = ce_aaa_server.create_authorization_scheme(
+ module=module,
+ author_scheme_name=author_scheme_name,
+ first_author_mode=first_author_mode)
+ updates.append(cmd)
+ changed = True
+ elif scheme_new not in scheme_exist:
+ cmd = ce_aaa_server.merge_authorization_scheme(
+ module=module,
+ author_scheme_name=author_scheme_name,
+ first_author_mode=first_author_mode)
+ updates.append(cmd)
+ changed = True
+
+ # present authorization domain
+ if domain_name:
+ domain_exist = ce_aaa_server.get_authorization_domain(
+ module=module)
+ domain_new = (domain_name.lower(), author_scheme_name.lower())
+
+ if len(domain_exist) == 0:
+ cmd = ce_aaa_server.create_authorization_domain(
+ module=module,
+ domain_name=domain_name,
+ author_scheme_name=author_scheme_name)
+ updates.append(cmd)
+ changed = True
+ elif domain_new not in domain_exist:
+ cmd = ce_aaa_server.merge_authorization_domain(
+ module=module,
+ domain_name=domain_name,
+ author_scheme_name=author_scheme_name)
+ updates.append(cmd)
+ changed = True
+
+ else:
+ # absent authorization scheme
+ if len(scheme_exist) == 0:
+ pass
+ elif scheme_new not in scheme_exist:
+ pass
+ else:
+ cmd = ce_aaa_server.delete_authorization_scheme(
+ module=module,
+ author_scheme_name=author_scheme_name,
+ first_author_mode=first_author_mode)
+ updates.append(cmd)
+ changed = True
+
+ # absent authorization domain
+ if domain_name:
+ domain_exist = ce_aaa_server.get_authorization_domain(
+ module=module)
+ domain_new = (domain_name.lower(), author_scheme_name.lower())
+
+ if len(domain_exist) == 0:
+ pass
+ elif domain_new not in domain_exist:
+ pass
+ else:
+ cmd = ce_aaa_server.delete_authorization_domain(
+ module=module,
+ domain_name=domain_name,
+ author_scheme_name=author_scheme_name)
+ updates.append(cmd)
+ changed = True
+
+ scheme_end = ce_aaa_server.get_authorization_scheme(module=module)
+ end_state["authorization scheme"] = scheme_end
+
+ # accounting
+ if acct_scheme_name:
+
+ scheme_exist = ce_aaa_server.get_accounting_scheme(module=module)
+ scheme_new = (accounting_mode.lower(), acct_scheme_name.lower())
+
+ existing["accounting scheme"] = scheme_exist
+
+ if state == "present":
+ # present accounting scheme
+ if len(scheme_exist) == 0:
+ cmd = ce_aaa_server.create_accounting_scheme(
+ module=module,
+ acct_scheme_name=acct_scheme_name,
+ accounting_mode=accounting_mode)
+ updates.append(cmd)
+ changed = True
+ elif scheme_new not in scheme_exist:
+ cmd = ce_aaa_server.merge_accounting_scheme(
+ module=module,
+ acct_scheme_name=acct_scheme_name,
+ accounting_mode=accounting_mode)
+ updates.append(cmd)
+ changed = True
+
+ # present accounting domain
+ if domain_name:
+ domain_exist = ce_aaa_server.get_accounting_domain(
+ module=module)
+ domain_new = (domain_name.lower(), acct_scheme_name.lower())
+
+ if len(domain_exist) == 0:
+ cmd = ce_aaa_server.create_accounting_domain(
+ module=module,
+ domain_name=domain_name,
+ acct_scheme_name=acct_scheme_name)
+ updates.append(cmd)
+ changed = True
+ elif domain_new not in domain_exist:
+ cmd = ce_aaa_server.merge_accounting_domain(
+ module=module,
+ domain_name=domain_name,
+ acct_scheme_name=acct_scheme_name)
+ updates.append(cmd)
+ changed = True
+
+ else:
+ # absent accounting scheme
+ if len(scheme_exist) == 0:
+ pass
+ elif scheme_new not in scheme_exist:
+ pass
+ else:
+ cmd = ce_aaa_server.delete_accounting_scheme(
+ module=module,
+ acct_scheme_name=acct_scheme_name,
+ accounting_mode=accounting_mode)
+ updates.append(cmd)
+ changed = True
+
+ # absent accounting domain
+ if domain_name:
+ domain_exist = ce_aaa_server.get_accounting_domain(
+ module=module)
+ domain_new = (domain_name.lower(), acct_scheme_name.lower())
+ if len(domain_exist) == 0:
+ pass
+ elif domain_new not in domain_exist:
+ pass
+ else:
+ cmd = ce_aaa_server.delete_accounting_domain(
+ module=module,
+ domain_name=domain_name,
+ acct_scheme_name=acct_scheme_name)
+ updates.append(cmd)
+ changed = True
+
+ scheme_end = ce_aaa_server.get_accounting_scheme(module=module)
+ end_state["accounting scheme"] = scheme_end
+
+ # radius group name
+ if (authen_scheme_name and first_authen_mode.lower() == "radius") \
+ or (acct_scheme_name and accounting_mode.lower() == "radius"):
+
+ if not radius_server_group:
+ module.fail_json(msg='please input radius_server_group when use radius.')
+
+ rds_template_exist = ce_aaa_server.get_radius_template(module=module)
+ rds_template_new = (radius_server_group)
+
+ rds_enable_exist = ce_aaa_server.get_radius_client(module=module)
+
+ existing["radius template"] = rds_template_exist
+ existing["radius enable"] = rds_enable_exist
+
+ if state == "present":
+ # present radius group name
+ if len(rds_template_exist) == 0:
+ cmd = ce_aaa_server.create_radius_template(
+ module=module, radius_server_group=radius_server_group)
+ updates.append(cmd)
+ changed = True
+ elif rds_template_new not in rds_template_exist:
+ cmd = ce_aaa_server.merge_radius_template(
+ module=module, radius_server_group=radius_server_group)
+ updates.append(cmd)
+ changed = True
+
+ rds_enable_new = ("true")
+ if rds_enable_new not in rds_enable_exist:
+ cmd = ce_aaa_server.merge_radius_client(
+ module=module, isEnable="true")
+ updates.append(cmd)
+ changed = True
+
+ else:
+ # absent radius group name
+ if len(rds_template_exist) == 0:
+ pass
+ elif rds_template_new not in rds_template_exist:
+ pass
+ else:
+ cmd = ce_aaa_server.delete_radius_template(
+ module=module, radius_server_group=radius_server_group)
+ updates.append(cmd)
+ changed = True
+
+ rds_enable_new = ("false")
+ if rds_enable_new not in rds_enable_exist:
+ cmd = ce_aaa_server.merge_radius_client(
+ module=module, isEnable="false")
+ updates.append(cmd)
+ changed = True
+ else:
+ pass
+
+ rds_template_end = ce_aaa_server.get_radius_template(module=module)
+ end_state["radius template"] = rds_template_end
+
+ rds_enable_end = ce_aaa_server.get_radius_client(module=module)
+ end_state["radius enable"] = rds_enable_end
+
+ tmp_scheme = author_scheme_name
+
+ # hwtacas template
+ if (authen_scheme_name and first_authen_mode.lower() == "hwtacacs") \
+ or (tmp_scheme and first_author_mode.lower() == "hwtacacs") \
+ or (acct_scheme_name and accounting_mode.lower() == "hwtacacs"):
+
+ if not hwtacas_template:
+ module.fail_json(
+ msg='please input hwtacas_template when use hwtacas.')
+
+ hwtacacs_exist = ce_aaa_server.get_hwtacacs_template(module=module)
+ hwtacacs_new = (hwtacas_template)
+
+ hwtacacs_enbale_exist = ce_aaa_server.get_hwtacacs_global_cfg(
+ module=module)
+
+ existing["hwtacacs template"] = hwtacacs_exist
+ existing["hwtacacs enable"] = hwtacacs_enbale_exist
+
+ if state == "present":
+ # present hwtacas template
+ if len(hwtacacs_exist) == 0:
+ cmd = ce_aaa_server.create_hwtacacs_template(
+ module=module, hwtacas_template=hwtacas_template)
+ updates.append(cmd)
+ changed = True
+ elif hwtacacs_new not in hwtacacs_exist:
+ cmd = ce_aaa_server.merge_hwtacacs_template(
+ module=module, hwtacas_template=hwtacas_template)
+ updates.append(cmd)
+ changed = True
+
+ hwtacacs_enbale_new = ("true")
+ if hwtacacs_enbale_new not in hwtacacs_enbale_exist:
+ cmd = ce_aaa_server.merge_hwtacacs_global_cfg(
+ module=module, isEnable="true")
+ updates.append(cmd)
+ changed = True
+
+ else:
+ # absent hwtacas template
+ if len(hwtacacs_exist) == 0:
+ pass
+ elif hwtacacs_new not in hwtacacs_exist:
+ pass
+ else:
+ cmd = ce_aaa_server.delete_hwtacacs_template(
+ module=module, hwtacas_template=hwtacas_template)
+ updates.append(cmd)
+ changed = True
+
+ hwtacacs_enbale_new = ("false")
+ if hwtacacs_enbale_new not in hwtacacs_enbale_exist:
+ cmd = ce_aaa_server.merge_hwtacacs_global_cfg(
+ module=module, isEnable="false")
+ updates.append(cmd)
+ changed = True
+ else:
+ pass
+
+ hwtacacs_end = ce_aaa_server.get_hwtacacs_template(module=module)
+ end_state["hwtacacs template"] = hwtacacs_end
+
+ hwtacacs_enable_end = ce_aaa_server.get_hwtacacs_global_cfg(
+ module=module)
+ end_state["hwtacacs enable"] = hwtacacs_enable_end
+
+ # local user group
+ if local_user_group:
+
+ user_group_exist = ce_aaa_server.get_local_user_group(module=module)
+ user_group_new = (local_user_group)
+
+ existing["local user group"] = user_group_exist
+
+ if state == "present":
+ # present local user group
+ if len(user_group_exist) == 0:
+ cmd = ce_aaa_server.merge_local_user_group(
+ module=module, local_user_group=local_user_group)
+ updates.append(cmd)
+ changed = True
+ elif user_group_new not in user_group_exist:
+ cmd = ce_aaa_server.merge_local_user_group(
+ module=module, local_user_group=local_user_group)
+ updates.append(cmd)
+ changed = True
+
+ else:
+ # absent local user group
+ if len(user_group_exist) == 0:
+ pass
+ elif user_group_new not in user_group_exist:
+ pass
+ else:
+ cmd = ce_aaa_server.delete_local_user_group(
+ module=module, local_user_group=local_user_group)
+ updates.append(cmd)
+ changed = True
+
+ user_group_end = ce_aaa_server.get_local_user_group(module=module)
+ end_state["local user group"] = user_group_end
+
+ results = dict()
+ results['proposed'] = proposed
+ results['existing'] = existing
+ results['changed'] = changed
+ results['end_state'] = end_state
+ results['updates'] = updates
+
+ module.exit_json(**results)
+
+
+if __name__ == '__main__':
+ main()