ntp auth module revisions'

abhinavmodi · Jun 25, 2015 · 17598e7 · 17598e7
1 parent 1b03b1a
commit 17598e7
Show file tree

Hide file tree

Showing 3 changed files with 90 additions and 10 deletions.
diff --git a/example-playbooks/how-to/examples-ntp_auth.yml b/example-playbooks/how-to/examples-ntp_auth.yml
@@ -8,4 +8,4 @@
   tasks:
 
     # Basic NTP authentication configuration
-    - nxos_ntp_auth: key_id=32 md5string=hello auth_type=text host={{ inventory_hostname }}
+    - nxos_ntp_auth: state=present key_id=32 md5string=hello trusted_key=true auth_type=encrypt host={{ inventory_hostname }}
diff --git a/library/nxos_ntp_auth b/library/nxos_ntp_auth
@@ -30,8 +30,10 @@ requirements:
 notes:
     - NTP authentication configuration changes are not idempotent.
       If state=present, the configuration will be updated on the device.
-    - If state=absent, the module will attempt to remove NTP authentication configuration.
-      If a matching configuration isn't found on the device, the module will fail. 
+    - If state=absent, the moudle will attempt to remove the given key configuration.
+      If a matching key configuration isn't found on the device, the module will fail.
+    - If state=absent and authentication=on, authentication will be turned off.
+    - If state=absent and authentication=off, authentication will be turned on.
     - While username and password are not required params, they are
       if you are not using the .netauth file.  .netauth file is recommended
       as it will clean up the each task in the playbook by not requiring
@@ -53,13 +55,28 @@ options:
         choices: []
         aliases: []
     auth_type:
-        description: 
+        description:
             - Whether the given md5string is in cleartext or has been encrypted.
               If in cleartext, the device will encrypt it before storing it.
         required: false
         default: 'text'
         choices: ['text', 'encrypt']
         aliases: []
+    trusted_key:
+        description:
+            - Whether the given key is required to be supplied by a time source
+            for the device to synchronize to the time source.
+        required: false
+        default: 'false'
+        choices: ['true', 'false']
+        aliases: []
+    authentication:
+        description:
+            - Turns NTP authenication on or off.
+        required: false
+        default: null
+        choices: ['on', 'off']
+        aliases: []
     state:
         description:
             - Manage the state of the resource
@@ -121,6 +138,8 @@ def main():
             key_id=dict(required=True, type='str'),
             md5string=dict(required=True, type='str'),
             auth_type=dict(choices=['text', 'encrypt'], default='text'),
+            trusted_key=dict(choices=['true', 'false'], default='false'),
+            authentication=dict(choices=['on', 'off']),
             state=dict(choices=['absent', 'present'],
                        default='present'),
             host=dict(required=True),
@@ -156,21 +175,28 @@ def main():
     key_id = proposed.get('key_id')
     md5string = proposed.get('md5string')
     auth_type = proposed.get('auth_type')
+    trusted_key = proposed.get('trusted_key')
+    authentication = proposed.get('authentication')
 
     try:
-        existing = ntp.get_ntp_auth_key(device, key_id)
+        existing = ntp.get_ntp_auth_info(device, key_id)
     except CLIError as e:
         module.fail_json(msg=str(e))
 
+    delta = dict(set(proposed.iteritems()).difference(existing.iteritems()))
     if module.params['state'] == 'present':
-        delta = dict(set(proposed.iteritems()).difference(existing.iteritems()))
         if delta:
-            command = ntp.set_ntp_auth_key(key_id, md5string, auth_type)
+            command = ntp.set_ntp_auth_key(
+                key_id, md5string, auth_type, trusted_key, delta.get('authentication'))
             if command:
                 commands.append(command)
     elif module.params['state'] == 'absent':
         if existing:
-            command = ntp.remove_ntp_auth_key(key_id, md5string, auth_type)
+            auth_toggle = None
+            if authentication == existing.get('authentication'):
+                auth_toggle = authentication
+            command = ntp.remove_ntp_auth_key(
+                key_id, md5string, auth_type, trusted_key, auth_toggle)
             if command:
                 commands.append(command)
 
@@ -184,7 +210,7 @@ def main():
             try:
                 device.config(cmds)
             except CLIError as e:
-                module.fail_json(msg=str(e))
+                module.fail_json(msg=str(e) + ": " + cmds)
 
     results = {}
     results['proposed'] = proposed
@@ -193,7 +219,7 @@ def main():
     results['commands'] = cmds
     results['changed'] = changed
     if changed:
-        results['final'] = ntp.get_ntp_auth_key(device, key_id)
+        results['final'] = ntp.get_ntp_auth_info(device, key_id)
     else:
         results['final'] = existing
 

diff --git a/test-playbooks/test-nxos_ntp_auth.yml b/test-playbooks/test-nxos_ntp_auth.yml
@@ -0,0 +1,54 @@
+---
+
+- name: ntp authentication example
+  hosts: n9k1
+  connection: local
+  gather_facts: no
+
+  tasks:
+
+    # Basic NTP authentication configuration
+    - name: "Basic NTP authentication configuration"
+      nxos_ntp_auth: state=present key_id=32 md5string=hello trusted_key=true auth_type=encrypt authentication=on host={{ inventory_hostname }}
+      register: returned
+
+    - assert:
+        that:
+        - "returned.final.key_id == '32'"
+        - "returned.final.md5string == 'hello'"
+        - "returned.final.trusted_key == 'true'"
+        - "returned.final.authentication == 'on'"
+
+    # Turn off trusted key
+    - name: "Turn off trusted key"
+      nxos_ntp_auth: state=present key_id=32 md5string=hello auth_type=encrypt trusted_key=false host={{ inventory_hostname }}
+      register: returned
+
+    - assert:
+        that:
+        - "returned.final.key_id == '32'"
+        - "returned.final.md5string == 'hello'"
+        - "returned.final.trusted_key == 'false'"
+        - "returned.final.authentication == 'on'"
+
+    # Turn off authentication
+    - name: "Turn off authentication"
+      nxos_ntp_auth: key_id=32 md5string=hello auth_type=encrypt authentication=off host={{ inventory_hostname }}
+      register: returned
+
+    - assert:
+        that:
+        - "returned.final.key_id == '32'"
+        - "returned.final.md5string == 'hello'"
+        - "returned.final.trusted_key == 'false'"
+        - "returned.final.authentication == 'off'"
+
+    # Remove key with state=absent
+    - name: "Remove key with state=absent"
+      nxos_ntp_auth: state=absent key_id=32 md5string=hello auth_type=encrypt host={{ inventory_hostname }}
+      register: returned
+
+    - assert:
+        that:
+        - "'key_id' not in returned.final"
+        - "'md5string' not in returned.final"