diff --git a/changelogs/fragments/snmp_server.yml b/changelogs/fragments/snmp_server.yml new file mode 100644 index 00000000..b771a440 --- /dev/null +++ b/changelogs/fragments/snmp_server.yml @@ -0,0 +1,10 @@ +--- +minor_changes: + - 192.0.2.1/24 (TEST-NET-1) is used on eth1 for testing to accomodate services that check + valid configurations (such as SNMP) + - use encrypted passwords for SNMPv3 tests as VyOS now converts those "when next reloaded" + - fixed integration tests for 1.3+ for `vyos_hostname` +breaking_changes: + - parameter `engine_id` is no longer a `user` or `trap_target` parameter and is now a `snmp_v3` parameter + - parameters `encrypted-key` and `plaintext-key` are now `encrypted-password` and `puplaintext-password` + which is a breaking change with 1.2 and prior diff --git a/docs/vyos.vyos.vyos_snmp_server_module.rst b/docs/vyos.vyos.vyos_snmp_server_module.rst index 9e15b8f5..d11afaae 100644 --- a/docs/vyos.vyos.vyos_snmp_server_module.rst +++ b/docs/vyos.vyos.vyos_snmp_server_module.rst @@ -1,2133 +1,2043 @@ .. _vyos.vyos.vyos_snmp_server_module: ************************** vyos.vyos.vyos_snmp_server ************************** **Manages snmp_server resource module** Version added: 1.0.0 .. contents:: :local: :depth: 1 Synopsis -------- - This module manages the snmp server attributes of Vyos network devices Parameters ---------- .. raw:: html - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Parameter Choices/Defaults Comments
config
dictionary
SNMP server configuration.
communities
list / elements=dictionary
Community name configuration.
authorization_type
string
    Choices:
  • ro
  • rw
Authorization type (rw or ro)
clients
list / elements=string
IP address of SNMP client allowed to contact system
name
string
Community name
networks
list / elements=string
Subnet of SNMP client(s) allowed to contact system
contact
string
Person to contact about the system.
description
string
Description information
listen_addresses
list / elements=dictionary
IP address to listen for incoming SNMP requests
address
string
IP address to listen for incoming SNMP requests.
port
integer
Port for SNMP service
location
string
Location information
smux_peer
string
Register a subtree for SMUX-based processing.
snmp_v3
dictionary
Simple Network Management Protocol (SNMP) v3
engine_id
string
Specifies the EngineID as a hex value
groups
list / elements=dictionary
Specifies the group with name groupname
group
string
Specifies the group with name groupname
mode
string
    Choices:
  • ro
  • rw
Defines the read/write access
seclevel
string
    Choices:
  • auth
  • priv
Defines security level
view
string
Defines the name of view
trap_targets
list / elements=dictionary
Defines SNMP target for inform or traps for IP
address
string
IP/IPv6 address of trap target
authentication
dictionary
Defines the authentication
encrypted_key
string
Defines the encrypted password for authentication
plaintext_key
string
Defines the clear text password for authentication
type
string
    Choices:
  • md5
  • sha
Defines the protocol using for authentication
-
- engine_id - -
- string -
- 		- -
Defines the engineID.
-
port
integer
Specifies the TCP/UDP port of a destination for SNMP traps/informs.
privacy
dictionary
Defines the privacy
encrypted_key
string
Defines the encrypted password for privacy
plaintext_key
string
Defines the clear text password for privacy
type
string
    Choices:
  • des
  • aes
Defines the protocol using for privacy
protocol
string
    Choices:
  • tcp
  • udp
Defines protocol for notification between TCP and UDP
type
string
    Choices:
  • inform
  • trap
Specifies the type of notification between inform and trap
-
- tsm - -
- dictionary -
- 		- -
Specifies that the snmpd uses encryption
-
-
- local_key - -
- string -
- 		- -
Defines the server certificate fingerprint or key-file name.
-
-
- port - -
- integer -
- 		- -
Defines the port for tsm.
-
users
list / elements=dictionary
Defines username for authentication
authentication
dictionary
Defines the authentication
encrypted_key
string
Defines the encrypted password for authentication
plaintext_key
string
Defines the clear text password for authentication
type
string
    Choices:
  • md5
  • sha
Defines the protocol using for authentication
-
- engine_id - -
- string -
- 		- -
Defines the engineID.
-
group
string
Specifies group for user name
mode
string
    Choices:
  • ro
  • rw
Specifies the mode for access rights of user, read only or write
privacy
dictionary
Defines the privacy
encrypted_key
string
Defines the encrypted password for privacy
plaintext_key
string
Defines the clear text password for privacy
type
string
    Choices:
  • des
  • aes
Defines the protocol using for privacy
tsm_key
string
Specifies finger print or file name of TSM certificate.
user
string
Specifies the user with name username
views
list / elements=dictionary
Specifies the view with name viewname
exclude
string
Exclude is optional argument.
mask
string
Defines a bit-mask that is indicating which subidentifiers of the associated subtree OID should be regarded as significant.
oid
string
Specify oid
view
string
view name
trap_source
string
SNMP trap source address
trap_target
dictionary
Address of trap target
address
string
Address of trap target
community
string
Community used when sending trap information
port
integer
Destination port used for trap notification
running_config
string
The state the configuration should be left in.
The states replaced and overridden have identical behaviour for this module.
Please refer to examples for more details.
state
string
    Choices:
  • merged ←
  • replaced
  • overridden
  • deleted
  • gathered
  • parsed
  • rendered
The state the configuration should be left in

Notes ----- .. note:: - - Tested against vyos 1.3.8 + - Tested against vyos 1.3.8, 1.4.1 - This module works with connection ``network_cli``. - The Configuration defaults of the Vyos network devices are supposed to hinder idempotent behavior of plays Examples -------- .. code-block:: yaml # Using merged # Before State: # vyos@vyos:~$ show configuration commands | grep snmp # vyos@vyos:~$ - name: Merge provided configuration with device configuration vyos.vyos.vyos_snmp_server: config: communities: - name: "switches" authorization_type: "rw" - name: "bridges" clients: ["1.1.1.1", "12.1.1.10"] contact: "admin2@ex.com" listen_addresses: - address: "20.1.1.1" - address: "100.1.2.1" port: 33 snmp_v3: users: - user: admin_user authentication: plaintext_key: "abc1234567" type: "sha" privacy: plaintext_key: "abc1234567" type: "aes" state: merged # After State: # vyos@vyos:~$ show configuration commands | grep snmp # set service snmp community bridges client '1.1.1.1' # set service snmp community bridges client '12.1.1.10' # set service snmp community switches authorization 'rw' # set service snmp contact 'admin2@ex.com' # set service snmp listen-address 20.1.1.1 # set service snmp listen-address 100.1.2.1 port '33' # set service snmp v3 user admin_user auth plaintext-key 'abc1234567' # set service snmp v3 user admin_user auth type 'sha' # set service snmp v3 user admin_user privacy plaintext-key 'abc1234567' # set service snmp v3 user admin_user privacy type 'aes' # vyos@vyos:~$ # # Module Execution: # # "after": { # "communities": [ # { # "clients": [ # "1.1.1.1", # "12.1.1.10" # ], # "name": "bridges" # }, # { # "authorization_type": "rw", # "name": "switches" # } # ], # "contact": "admin2@ex.com", # "listen_addresses": [ # { # "address": "100.1.2.1", # "port": 33 # }, # { # "address": "20.1.1.1" # } # ], # "snmp_v3": { # "users": [ # { # "authentication": { # "plaintext_key": "VALUE_SPECIFIED_IN_NO_LOG_PARAMETER", # "type": "sha" # }, # "privacy": { # "plaintext_key": "VALUE_SPECIFIED_IN_NO_LOG_PARAMETER", # "type": "aes" # }, # "user": "admin_user" # } # ] # } # }, # "before": {}, # "changed": true, # "commands": [ # "set service snmp community switches authorization rw", # "set service snmp community bridges client 1.1.1.1", # "set service snmp community bridges client 12.1.1.10", # "set service snmp listen-address 20.1.1.1", # "set service snmp listen-address 100.1.2.1 port 33", # "set service snmp v3 user admin_user auth type sha", # "set service snmp v3 user admin_user auth plaintext-key ********", # "set service snmp v3 user admin_user privacy type aes", # "set service snmp v3 user admin_user privacy plaintext-key ********", # "set service snmp contact admin2@ex.com" # ], # # Using replaced # Before State # ------------- # vyos@vyos:~$ show configuration commands | grep snmp # set service snmp community bridges client '1.1.1.1' # set service snmp community bridges client '12.1.1.10' # set service snmp community switches authorization 'rw' # set service snmp contact 'admin2@ex.com' # set service snmp listen-address 20.1.1.1 # set service snmp listen-address 100.1.2.1 port '33' # set service snmp v3 user admin_user auth plaintext-key 'abc1234567' # set service snmp v3 user admin_user auth type 'sha' # set service snmp v3 user admin_user privacy plaintext-key 'abc1234567' # set service snmp v3 user admin_user privacy type 'aes' - name: Replace SNMP Server configuration vyos.vyos.vyos_snmp_server: config: communities: - name: "bridges" networks: ["1.1.1.0/24", "12.1.1.0/24"] location: "RDU, NC" listen_addresses: - address: "100.1.2.1" port: 33 snmp_v3: groups: - group: "default" view: "default" users: - user: admin_user authentication: plaintext_key: "abc1234567" type: "sha" privacy: plaintext_key: "abc1234567" type: "aes" group: "default" - user: guest_user2 authentication: plaintext_key: "opq1234567" type: "sha" privacy: plaintext_key: "opq1234567" type: "aes" views: - view: "default" oid: 1 state: replaced # After State: # vyos@vyos:~$ show configuration commands | grep snmp # set service snmp community bridges network '1.1.1.0/24' # set service snmp community bridges network '12.1.1.0/24' # set service snmp community switches # set service snmp listen-address 100.1.2.1 port '33' # set service snmp location 'RDU, NC' # set service snmp v3 group default view 'default' # set service snmp v3 user admin_user auth plaintext-key 'abc1234567' # set service snmp v3 user admin_user auth type 'sha' # set service snmp v3 user admin_user group 'default' # set service snmp v3 user admin_user privacy plaintext-key 'abc1234567' # set service snmp v3 user admin_user privacy type 'aes' # set service snmp v3 user guest_user2 auth plaintext-key 'opq1234567' # set service snmp v3 user guest_user2 auth type 'sha' # set service snmp v3 user guest_user2 privacy plaintext-key 'opq1234567' # set service snmp v3 user guest_user2 privacy type 'aes' # set service snmp v3 view default oid 1 # vyos@vyos:~$ # # # Module Execution: # "after": { # "communities": [ # { # "name": "bridges", # "networks": [ # "1.1.1.0/24", # "12.1.1.0/24" # ] # }, # { # "name": "switches" # } # ], # "listen_addresses": [ # { # "address": "100.1.2.1", # "port": 33 # } # ], # "location": "RDU, NC", # "snmp_v3": { # "groups": [ # { # "group": "default", # "view": "default" # } # ], # "users": [ # { # "authentication": { # "plaintext_key": "VALUE_SPECIFIED_IN_NO_LOG_PARAMETER", # "type": "sha" # }, # "group": "default", # "privacy": { # "plaintext_key": "VALUE_SPECIFIED_IN_NO_LOG_PARAMETER", # "type": "aes" # }, # "user": "admin_user" # }, # { # "authentication": { # "plaintext_key": "VALUE_SPECIFIED_IN_NO_LOG_PARAMETER", # "type": "sha" # }, # "privacy": { # "plaintext_key": "VALUE_SPECIFIED_IN_NO_LOG_PARAMETER", # "type": "aes" # }, # "user": "guest_user2" # } # ], # "views": [ # { # "oid": "1", # "view": "default" # } # ] # } # }, # "before": { # "communities": [ # { # "clients": [ # "1.1.1.1", # "12.1.1.10" # ], # "name": "bridges" # }, # { # "authorization_type": "rw", # "name": "switches" # } # ], # "contact": "admin2@ex.com", # "listen_addresses": [ # { # "address": "100.1.2.1", # "port": 33 # }, # { # "address": "20.1.1.1" # } # ], # "snmp_v3": { # "users": [ # { # "authentication": { # "plaintext_key": "VALUE_SPECIFIED_IN_NO_LOG_PARAMETER", # "type": "sha" # }, # "privacy": { # "plaintext_key": "VALUE_SPECIFIED_IN_NO_LOG_PARAMETER", # "type": "aes" # }, # "user": "admin_user" # } # ] # } # }, # "changed": true, # "commands": [ # "delete service snmp contact admin2@ex.com", # "delete service snmp listen-address 20.1.1.1", # "delete service snmp community switches authorization rw", # "delete service snmp community bridges client 12.1.1.10", # "delete service snmp community bridges client 1.1.1.1", # "set service snmp community bridges network 1.1.1.0/24", # "set service snmp community bridges network 12.1.1.0/24", # "set service snmp v3 group default view default", # "set service snmp v3 user admin_user group default", # "set service snmp v3 user guest_user2 auth type sha", # "set service snmp v3 user guest_user2 auth plaintext-key ********", # "set service snmp v3 user guest_user2 privacy type aes", # "set service snmp v3 user guest_user2 privacy plaintext-key ********", # "set service snmp v3 view default oid 1", # "set service snmp location 'RDU, NC'" # ], # Using overridden: # Before State # vyos@vyos:~$ show configuration commands | grep snmp # set service snmp community bridges client '1.1.1.1' # set service snmp community bridges client '12.1.1.10' # set service snmp community switches authorization 'rw' # set service snmp contact 'admin2@ex.com' # set service snmp listen-address 20.1.1.1 # set service snmp listen-address 100.1.2.1 port '33' # set service snmp v3 user admin_user auth plaintext-key 'abc1234567' # set service snmp v3 user admin_user auth type 'sha' # set service snmp v3 user admin_user privacy plaintext-key 'abc1234567' # set service snmp v3 user admin_user privacy type 'aes' - name: Override SNMP server config vyos.vyos.vyos_snmp_server: config: communities: - name: "bridges" networks: ["1.1.1.0/24", "12.1.1.0/24"] location: "RDU, NC" listen_addresses: - address: "100.1.2.1" port: 33 snmp_v3: groups: - group: "default" view: "default" users: - user: admin_user authentication: plaintext_key: "abc1234567" type: "sha" privacy: plaintext_key: "abc1234567" type: "aes" group: "default" - user: guest_user2 authentication: plaintext_key: "opq1234567" type: "sha" privacy: plaintext_key: "opq1234567" type: "aes" views: - view: "default" oid: 1 state: overridden # After State: # vyos@vyos:~$ show configuration commands | grep snmp # set service snmp community bridges network '1.1.1.0/24' # set service snmp community bridges network '12.1.1.0/24' # set service snmp community switches # set service snmp listen-address 100.1.2.1 port '33' # set service snmp location 'RDU, NC' # set service snmp v3 group default view 'default' # set service snmp v3 user admin_user auth plaintext-key 'abc1234567' # set service snmp v3 user admin_user auth type 'sha' # set service snmp v3 user admin_user group 'default' # set service snmp v3 user admin_user privacy plaintext-key 'abc1234567' # set service snmp v3 user admin_user privacy type 'aes' # set service snmp v3 user guest_user2 auth plaintext-key 'opq1234567' # set service snmp v3 user guest_user2 auth type 'sha' # set service snmp v3 user guest_user2 privacy plaintext-key 'opq1234567' # set service snmp v3 user guest_user2 privacy type 'aes' # set service snmp v3 view default oid 1 # vyos@vyos:~$ # # # Module Execution: # "after": { # "communities": [ # { # "name": "bridges", # "networks": [ # "1.1.1.0/24", # "12.1.1.0/24" # ] # }, # { # "name": "switches" # } # ], # "listen_addresses": [ # { # "address": "100.1.2.1", # "port": 33 # } # ], # "location": "RDU, NC", # "snmp_v3": { # "groups": [ # { # "group": "default", # "view": "default" # } # ], # "users": [ # { # "authentication": { # "plaintext_key": "VALUE_SPECIFIED_IN_NO_LOG_PARAMETER", # "type": "sha" # }, # "group": "default", # "privacy": { # "plaintext_key": "VALUE_SPECIFIED_IN_NO_LOG_PARAMETER", # "type": "aes" # }, # "user": "admin_user" # }, # { # "authentication": { # "plaintext_key": "VALUE_SPECIFIED_IN_NO_LOG_PARAMETER", # "type": "sha" # }, # "privacy": { # "plaintext_key": "VALUE_SPECIFIED_IN_NO_LOG_PARAMETER", # "type": "aes" # }, # "user": "guest_user2" # } # ], # "views": [ # { # "oid": "1", # "view": "default" # } # ] # } # }, # "before": { # "communities": [ # { # "clients": [ # "1.1.1.1", # "12.1.1.10" # ], # "name": "bridges" # }, # { # "authorization_type": "rw", # "name": "switches" # } # ], # "contact": "admin2@ex.com", # "listen_addresses": [ # { # "address": "100.1.2.1", # "port": 33 # }, # { # "address": "20.1.1.1" # } # ], # "snmp_v3": { # "users": [ # { # "authentication": { # "plaintext_key": "VALUE_SPECIFIED_IN_NO_LOG_PARAMETER", # "type": "sha" # }, # "privacy": { # "plaintext_key": "VALUE_SPECIFIED_IN_NO_LOG_PARAMETER", # "type": "aes" # }, # "user": "admin_user" # } # ] # } # }, # "changed": true, # "commands": [ # "delete service snmp contact admin2@ex.com", # "delete service snmp listen-address 20.1.1.1", # "delete service snmp community switches authorization rw", # "delete service snmp community bridges client 12.1.1.10", # "delete service snmp community bridges client 1.1.1.1", # "set service snmp community bridges network 1.1.1.0/24", # "set service snmp community bridges network 12.1.1.0/24", # "set service snmp v3 group default view default", # "set service snmp v3 user admin_user group default", # "set service snmp v3 user guest_user2 auth type sha", # "set service snmp v3 user guest_user2 auth plaintext-key ********", # "set service snmp v3 user guest_user2 privacy type aes", # "set service snmp v3 user guest_user2 privacy plaintext-key ********", # "set service snmp v3 view default oid 1", # "set service snmp location 'RDU, NC'" # ], # Using deleted: # Before State: # vyos@vyos:~$ show configuration commands | grep snmp # set service snmp community bridges network '1.1.1.0/24' # set service snmp community bridges network '12.1.1.0/24' # set service snmp community switches # set service snmp listen-address 100.1.2.1 port '33' # set service snmp location 'RDU, NC' # set service snmp v3 group default view 'default' # set service snmp v3 user admin_user auth plaintext-key 'abc1234567' # set service snmp v3 user admin_user auth type 'sha' # set service snmp v3 user admin_user group 'default' # set service snmp v3 user admin_user privacy plaintext-key 'abc1234567' # set service snmp v3 user admin_user privacy type 'aes' # set service snmp v3 user guest_user2 auth plaintext-key 'opq1234567' # set service snmp v3 user guest_user2 auth type 'sha' # set service snmp v3 user guest_user2 privacy plaintext-key 'opq1234567' # set service snmp v3 user guest_user2 privacy type 'aes' # set service snmp v3 view default oid 1 - name: Delete Config vyos.vyos.vyos_snmp_server: state: deleted # After State: # vyos@vyos:~$ show configuration commands | grep snmp # vyos@vyos:~$ # # Module Execution: # "after": {}, # "before": { # "communities": [ # { # "name": "bridges", # "networks": [ # "1.1.1.0/24", # "12.1.1.0/24" # ] # }, # { # "name": "switches" # } # ], # "listen_addresses": [ # { # "address": "100.1.2.1", # "port": 33 # } # ], # "location": "RDU, NC", # "snmp_v3": { # "groups": [ # { # "group": "default", # "view": "default" # } # ], # "users": [ # { # "authentication": { # "plaintext_key": "VALUE_SPECIFIED_IN_NO_LOG_PARAMETER", # "type": "sha" # }, # "group": "default", # "privacy": { # "plaintext_key": "VALUE_SPECIFIED_IN_NO_LOG_PARAMETER", # "type": "aes" # }, # "user": "admin_user" # }, # { # "authentication": { # "plaintext_key": "VALUE_SPECIFIED_IN_NO_LOG_PARAMETER", # "type": "sha" # }, # "privacy": { # "plaintext_key": "VALUE_SPECIFIED_IN_NO_LOG_PARAMETER", # "type": "aes" # }, # "user": "guest_user2" # } # ], # "views": [ # { # "oid": "1", # "view": "default" # } # ] # } # }, # "changed": true, # "commands": [ # "delete service snmp" # ], # Using rendered: - name: Render provided configuration vyos.vyos.vyos_snmp_server: config: communities: - name: "switches" authorization_type: "rw" - name: "bridges" clients: ["1.1.1.1", "12.1.1.10"] contact: "admin2@ex.com" listen_addresses: - address: "20.1.1.1" - address: "100.1.2.1" port: 33 snmp_v3: users: - user: admin_user authentication: plaintext_key: "abc1234567" type: "sha" privacy: plaintext_key: "abc1234567" type: "aes" state: rendered # Module Execution: # "rendered": [ # "set service snmp community switches authorization rw", # "set service snmp community bridges client 1.1.1.1", # "set service snmp community bridges client 12.1.1.10", # "set service snmp listen-address 20.1.1.1", # "set service snmp listen-address 100.1.2.1 port 33", # "set service snmp v3 user admin_user auth type sha", # "set service snmp v3 user admin_user auth plaintext-key ********", # "set service snmp v3 user admin_user privacy type aes", # "set service snmp v3 user admin_user privacy plaintext-key ********", # "set service snmp contact admin2@ex.com" # ] # # Using Gathered: # Before State: # vyos@vyos:~$ show configuration commands | grep snmp # set service snmp community bridges client '1.1.1.1' # set service snmp community bridges client '12.1.1.10' # set service snmp community switches authorization 'rw' # set service snmp contact 'admin2@ex.com' # set service snmp listen-address 20.1.1.1 # set service snmp listen-address 100.1.2.1 port '33' # set service snmp v3 user admin_user auth plaintext-key 'abc1234567' # set service snmp v3 user admin_user auth type 'sha' # set service snmp v3 user admin_user privacy plaintext-key 'abc1234567' # set service snmp v3 user admin_user privacy type 'aes' - name: Gather SNMP server config vyos.vyos.vyos_snmp_server: state: gathered # Module Execution: # "gathered": { # "communities": [ # { # "clients": [ # "1.1.1.1", # "12.1.1.10" # ], # "name": "bridges" # }, # { # "authorization_type": "rw", # "name": "switches" # } # ], # "contact": "admin2@ex.com", # "listen_addresses": [ # { # "address": "100.1.2.1", # "port": 33 # }, # { # "address": "20.1.1.1" # } # ], # "snmp_v3": { # "users": [ # { # "authentication": { # "plaintext_key": "VALUE_SPECIFIED_IN_NO_LOG_PARAMETER", # "type": "sha" # }, # "privacy": { # "plaintext_key": "VALUE_SPECIFIED_IN_NO_LOG_PARAMETER", # "type": "aes" # }, # "user": "admin_user" # } # ] # } # }, # Using parsed: # _parsed_snmp.cfg # set service snmp community routers authorization 'ro' # set service snmp community routers client '203.0.113.10' # set service snmp community routers client '203.0.113.20' # set service snmp community routers network '192.0.2.0/24' # set service snmp community routers network '2001::/64' # set service snmp contact 'admin@example.com' # set service snmp listen-address 172.16.254.36 port '161' # set service snmp listen-address 2001::1 # set service snmp location 'UK, London' # set service snmp trap-target 203.0.113.10 # set service snmp v3 engineid '000000000000000000000002' # set service snmp v3 group default mode 'ro' # set service snmp v3 group default view 'default' # set service snmp v3 user vyos auth plaintext-key 'vyos12345678' # set service snmp v3 user vyos auth type 'sha' # set service snmp v3 user vyos group 'default' # set service snmp v3 user vyos privacy plaintext-key 'vyos12345678' # set service snmp v3 user vyos privacy type 'aes' # set service snmp v3 view default oid 1 - name: Parse SNMP server config vyos.vyos.vyos_snmp_server: running_config: "{{ lookup('file', './_parsed_snmp.cfg') }}" state: parsed # Module Execution: # "parsed": { # "communities": [ # { # "authorization_type": "ro", # "clients": [ # "203.0.113.10", # "203.0.113.20" # ], # "name": "routers", # "networks": [ # "192.0.2.0/24", # "2001::/64" # ] # } # ], # "contact": "admin@example.com", # "listen_addresses": [ # { # "address": "172.16.254.36", # "port": 161 # }, # { # "address": "2001::1" # } # ], # "location": "UK, London", # "snmp_v3": { # "engine_id": "000000000000000000000002", # "groups": [ # { # "group": "default", # "mode": "ro", # "view": "default" # } # ], # "users": [ # { # "authentication": { # "plaintext_key": "VALUE_SPECIFIED_IN_NO_LOG_PARAMETER", # "type": "sha" # }, # "group": "default", # "privacy": { # "plaintext_key": "VALUE_SPECIFIED_IN_NO_LOG_PARAMETER", # "type": "aes" # }, # "user": "vyos" # } # ], # "views": [ # { # "oid": "1", # "view": "default" # } # ] # }, # "trap_target": { # "address": "203.0.113.10" # } # } # Return Values ------------- Common return values are documented `here `_, the following are the fields unique to this module: .. raw:: html
Key Returned Description
after
dictionary
when changed
The resulting configuration after module execution.

Sample:
This output will always be in the same format as the module argspec.
before
dictionary
when state is merged, replaced, overridden, deleted or purged
The configuration prior to the module execution.

Sample:
This output will always be in the same format as the module argspec.
commands
list
when state is merged, replaced, overridden, deleted or purged
The set of commands pushed to the remote device.

Sample:
["set service snmp community routers authorization 'ro'", "set service snmp community routers client '203.0.113.10'", "set service snmp community routers network '192.0.2.0/24'"]
gathered
list
when state is gathered
Facts about the network resource gathered from the remote device as structured data.

Sample:
This output will always be in the same format as the module argspec.
parsed
list
when state is parsed
The device native config provided in running_config option parsed into structured data as per module argspec.

Sample:
This output will always be in the same format as the module argspec.
rendered
list
when state is rendered
The provided configuration in the task rendered in device-native format (offline).

Sample:
["set service snmp community routers authorization 'ro'", "set service snmp community routers client '203.0.113.10'", "set service snmp community routers network '192.0.2.0/24'"]


Status ------ Authors ~~~~~~~ - Gomathi Selvi Srinivasan (@GomathiselviS) diff --git a/plugins/module_utils/network/vyos/argspec/snmp_server/snmp_server.py b/plugins/module_utils/network/vyos/argspec/snmp_server/snmp_server.py index 7d0fefec..b94c2639 100644 --- a/plugins/module_utils/network/vyos/argspec/snmp_server/snmp_server.py +++ b/plugins/module_utils/network/vyos/argspec/snmp_server/snmp_server.py @@ -1,220 +1,211 @@ # -*- coding: utf-8 -*- # Copyright 2024 Red Hat # GNU General Public License v3.0+ # (see COPYING or https://www.gnu.org/licenses/gpl-3.0.txt) from __future__ import absolute_import, division, print_function __metaclass__ = type ############################################# # WARNING # ############################################# # # This file is auto generated by the # cli_rm_builder. # # Manually editing this file is not advised. # # To update the argspec make the desired changes # in the module docstring and re-run # cli_rm_builder. # ############################################# """ The arg spec for the vyos_snmp_server module """ class Snmp_serverArgs(object): # pylint: disable=R0903 """The arg spec for the vyos_snmp_server module""" argument_spec = { "config": { "type": "dict", "options": { "communities": { "type": "list", "elements": "dict", "options": { "name": {"type": "str"}, "clients": {"type": "list", "elements": "str"}, "networks": {"type": "list", "elements": "str"}, "authorization_type": { "type": "str", "choices": ["ro", "rw"], }, }, }, "contact": {"type": "str"}, "description": {"type": "str"}, "listen_addresses": { "type": "list", "elements": "dict", "options": { "address": {"type": "str"}, "port": {"type": "int"}, }, }, "location": {"type": "str"}, "smux_peer": {"type": "str"}, "trap_source": {"type": "str"}, "trap_target": { "type": "dict", "options": { "address": {"type": "str"}, "community": {"type": "str"}, "port": {"type": "int"}, }, }, "snmp_v3": { "type": "dict", "options": { "engine_id": {"type": "str"}, "groups": { "type": "list", "elements": "dict", "options": { "group": {"type": "str"}, "mode": {"type": "str", "choices": ["ro", "rw"]}, "seclevel": { "type": "str", "choices": ["auth", "priv"], }, "view": {"type": "str"}, }, }, "trap_targets": { "type": "list", "elements": "dict", "options": { "address": {"type": "str"}, "authentication": { "type": "dict", "options": { "type": { "type": "str", "choices": ["md5", "sha"], }, "encrypted_key": { "type": "str", "no_log": True, }, "plaintext_key": { "type": "str", "no_log": True, }, }, }, - "engine_id": {"type": "str"}, "port": {"type": "int"}, "privacy": { "type": "dict", "options": { "type": { "type": "str", "choices": ["des", "aes"], }, "encrypted_key": { "type": "str", "no_log": True, }, "plaintext_key": { "type": "str", "no_log": True, }, }, }, "protocol": { "type": "str", "choices": ["tcp", "udp"], }, "type": { "type": "str", "choices": ["inform", "trap"], }, }, }, - "tsm": { - "type": "dict", - "options": { - "local_key": {"type": "str", "no_log": True}, - "port": {"type": "int"}, - }, - }, "users": { "type": "list", "elements": "dict", "options": { "user": {"type": "str"}, "authentication": { "type": "dict", "options": { "type": { "type": "str", "choices": ["md5", "sha"], }, "encrypted_key": { "type": "str", "no_log": True, }, "plaintext_key": { "type": "str", "no_log": True, }, }, }, - "engine_id": {"type": "str"}, "group": {"type": "str"}, "mode": {"type": "str", "choices": ["ro", "rw"]}, "privacy": { "type": "dict", "options": { "type": { "type": "str", "choices": ["des", "aes"], }, "encrypted_key": { "type": "str", "no_log": True, }, "plaintext_key": { "type": "str", "no_log": True, }, }, }, "tsm_key": {"type": "str", "no_log": True}, }, }, "views": { "type": "list", "elements": "dict", "options": { "view": {"type": "str"}, "oid": {"type": "str"}, "exclude": {"type": "str"}, "mask": {"type": "str"}, }, }, }, }, }, }, "running_config": {"type": "str"}, "state": { "choices": [ "merged", "replaced", "overridden", "deleted", "gathered", "parsed", "rendered", ], "default": "merged", "type": "str", }, } # pylint: disable=C0301 diff --git a/plugins/module_utils/network/vyos/rm_templates/snmp_server.py b/plugins/module_utils/network/vyos/rm_templates/snmp_server.py index 724be228..71753083 100644 --- a/plugins/module_utils/network/vyos/rm_templates/snmp_server.py +++ b/plugins/module_utils/network/vyos/rm_templates/snmp_server.py @@ -1,610 +1,610 @@ # -*- coding: utf-8 -*- # Copyright 2022 Red Hat # GNU General Public License v3.0+ # (see COPYING or https://www.gnu.org/licenses/gpl-3.0.txt) from __future__ import absolute_import, division, print_function __metaclass__ = type """ The Snmp_server parser templates file. This contains a list of parser definitions and associated functions that facilitates both facts gathering and native command generation for the given network resource. """ import re from ansible_collections.ansible.netcommon.plugins.module_utils.network.common.rm_base.network_template import ( NetworkTemplate, ) def _tmplt_snmp_server_communities(config_data): config_data = config_data["communities"] command = [] cmd = "service snmp community {name}".format(**config_data) if "authorization_type" in config_data: auth_cmd = cmd + " authorization {authorization_type}".format(**config_data) command.append(auth_cmd) if "clients" in config_data: for c in config_data["clients"]: client_cmd = cmd + " client " + c command.append(client_cmd) if "networks" in config_data: for n in config_data["networks"]: network_command = cmd + " network " + n command.append(network_command) if not command: command.append(cmd) return command def _tmplt_snmp_server_trap_target(config_data): config_data = config_data["trap_target"] command = "service snmp trap-target {address}".format(**config_data) if "authorization_type" in config_data: command += " authorization {authorization_type}".format(**config_data) if "client" in config_data: command += " client {client}".format(**config_data) if "network" in config_data: command += " network {network}".format(**config_data) return command def _tmplt_snmp_server_v3_groups(config_data): config_data = config_data["snmp_v3"]["groups"] command = [] cmd = "service snmp v3 group {group}".format(**config_data) if "mode" in config_data: mode_cmd = cmd + " mode {mode}".format(**config_data) command.append(mode_cmd) if "seclevel" in config_data: sec_cmd = cmd + " seclevel {seclevel}".format(**config_data) command.append(sec_cmd) if "view" in config_data: view_cmd = cmd + " view {view}".format(**config_data) command.append(view_cmd) return command def _tmplt_snmp_server_v3_trap_target(config_data): config_data = config_data["snmp_v3"]["trap_targets"] command = "service snmp v3 trap-target {address} ".format(**config_data) if "authentication" in config_data: command += " auth" config_data = config_data["authentication"] if "privacy" in config_data: command += " privacy" config_data = config_data["privacy"] if "type" in config_data: command += " type {mode}".format(**config_data) if "encrypted_key" in config_data: - command += " encrypted-key {encrypted_key}".format(**config_data) + command += " encrypted-password {encrypted_key}".format(**config_data) if "plaintext_key" in config_data: - command += " plaintext-key {plaintext_key}".format(**config_data) + command += " plaintext-password {plaintext_key}".format(**config_data) return command def _tmplt_snmp_server_v3_user(config_data): config_data = config_data["snmp_v3"]["users"] command = [] cmd = "service snmp v3 user {user}".format(**config_data) for k in ["authentication", "privacy"]: if config_data.get(k): config = config_data[k] if k == "authentication": val = " auth" else: val = " privacy" if "type" in config: type_cmd = cmd + val + " type {type}".format(**config) command.append(type_cmd) if "encrypted_key" in config: - enc_cmd = cmd + val + " encrypted-key {encrypted_key}".format(**config) + enc_cmd = cmd + val + " encrypted-password {encrypted_key}".format(**config) command.append(enc_cmd) if "plaintext_key" in config: - plain_cmd = cmd + val + " plaintext-key {plaintext_key}".format(**config) + plain_cmd = cmd + val + " plaintext-password {plaintext_key}".format(**config) command.append(plain_cmd) return command def _tmplt_snmp_server_v3_views(config_data): config_data = config_data["snmp_v3"]["views"] command = "service snmp v3 view {view} oid {oid}".format(**config_data) if "exclude" in config_data: command += " exclude {exclude}".format(**config_data) if "mask" in config_data: command += " mask {mask}".format(**config_data) return command class Snmp_serverTemplate(NetworkTemplate): def __init__(self, lines=None, module=None): prefix = {"set": "set", "remove": "delete"} super(Snmp_serverTemplate, self).__init__( lines=lines, tmplt=self, prefix=prefix, module=module, ) # fmt: off PARSERS = [ # service snmp community <> { "name": "communities", "getval": re.compile( r""" ^set\sservice\ssnmp\scommunity \s+(?P\S+) \s*(?Pauthorization\srw|authorization\sro)* \s*(client\s(?P\S+))* \s*(network\s(?P\S+))* $""", re.VERBOSE, ), "setval": _tmplt_snmp_server_communities, "result": { "communities": { "{{ name }}": { "name": "{{ name }}", "clients": ['{{ client if client is defined else "None" }}'], "networks": ['{{ network if network is defined else "None" }}'], "authorization_type": '{{ auth.split(" ")[1] if auth is defined else None }}', }, }, }, }, # service snmp contact <> { "name": "contact", "getval": re.compile( r""" ^set\sservice\ssnmp\scontact \s+(?P\S+) *$""", re.VERBOSE, ), "setval": "service snmp contact {{ contact }}", "result": { "contact": "{{ name }}", }, }, # service snmp description <> { "name": "description", "getval": re.compile( r""" ^set\sservice\ssnmp\sdescription \s+(?P\S+) *$""", re.VERBOSE, ), "setval": "service snmp description {{ description }}", "result": { "description": "{{ name }}", }, }, # service snmp listen-address <> port <> { "name": "listen_addresses", "getval": re.compile( r""" ^set\sservice\ssnmp\slisten-address \s+(?P\S+) \s*(port)* \s*(?P\d+)* $""", re.VERBOSE, ), "setval": "service snmp listen-address {{ listen_addresses.address }}" "{{ (' port ' + listen_addresses.port|string) if listen_addresses.port is defined else '' }}", "result": { "listen_addresses": { "{{ addr }}": { "address": "{{ addr }}", "port": "{{ port }}", }, }, }, }, # service snmp location <> { "name": "location", "getval": re.compile( r""" ^set\sservice\ssnmp\slocation \s(?P.*) $""", re.VERBOSE, ), "setval": "service snmp location {{ '\\'' + location + '\\''}}", "result": { "location": "{{ name }}", }, }, # service snmp smux-peer <> { "name": "smux_peer", "getval": re.compile( r""" ^set\sservice\ssnmp\ssmux-peer \s+(?P\S+) *$""", re.VERBOSE, ), "setval": "service snmp smux-peer {{ smux_peer }}", "result": { "smux_peer": "{{ name }}", }, }, # service snmp trap-source <> { "name": "trap_source", "getval": re.compile( r""" ^set\sservice\ssnmp\strap-source \s+(?P\S+) *$""", re.VERBOSE, ), "setval": "service snmp trap-source {{ trap_source }}", "result": { "trap_source": "{{ name }}", }, }, # service snmp trap-target <> { "name": "trap_target", "getval": re.compile( r""" ^set\sservice\ssnmp\strap-target \s+(?P\S+) \s*(?Pcommunity\s\S+)* \s*(?Pport\s\d+)* $""", re.VERBOSE, ), "setval": _tmplt_snmp_server_trap_target, "result": { "trap_target": { "address": "{{ name }}", "community": "{{ comm.split(" ")[1] if comm is defined else None }}", "port": "{{ port.split(" ")[1] if port is defined else None }}", }, }, }, # service snmp v3 engineid <> { "name": "snmp_v3.engine_id", "getval": re.compile( r""" ^set\sservice\ssnmp\sv3\sengineid \s+(?P\S+) *$""", re.VERBOSE, ), "setval": "service snmp v3 engineid {{ snmp_v3.engine_id }}", "result": { "snmp_v3": { "engine_id": "{{ name }}", }, }, }, # service snmp v3 group <> { "name": "snmp_v3.groups", "getval": re.compile( r""" ^set\sservice\ssnmp\sv3\sgroup \s+(?P\S+) \s*(?Pmode\s\S+)* \s*(?Pseclevel\s\S+)* \s*(?Pview\s\S+)* $""", re.VERBOSE, ), "setval": _tmplt_snmp_server_v3_groups, "result": { "snmp_v3": { "groups": { "{{ name }}": { "group": "{{ name }}", "mode": '{{ mode.split(" ")[1] if mode is defined else None }}', "seclevel": '{{ sec.split(" ")[1] if sec is defined else None }}', "view": '{{ view.split(" ")[1] if view is defined else None }}', }, }, }, }, }, # service snmp v3 trap-target <> auth <> { "name": "snmp_v3.trap_targets.authentication", "getval": re.compile( r""" ^set\sservice\ssnmp\sv3\strap-target \s+(?P\S+) \s+auth - \s*(?Pencrypted-key\s\S+)* - \s*(?Pplaintext-key\s\S+)* + \s*(?Pencrypted-password\s\S+)* + \s*(?Pplaintext-password\s\S+)* \s*(?Ptype\s\S+)* $""", re.VERBOSE, ), "setval": _tmplt_snmp_server_v3_trap_target, "result": { "snmp_v3": { "trap_targets": { "{{ name }}": { "address": "{{ name }}", "authentication": { "encrypted_key": '{{ enc.split(" ")[1] if enc is defined else None }}', "plaintext_key": '{{ plain.split(" ")[1] if plain is defined else None }}', "type": '{{ type.split(" ")[1] if type is defined else None }}', }, }, }, }, }, }, # service snmp v3 trap-target <> port <> { "name": "snmp_v3.trap_targets.port", "getval": re.compile( r""" ^set\sservice\ssnmp\sv3\strap-target \s+(?P\S+) \s+(?Pport\s\d+)* $""", re.VERBOSE, ), "setval": "service snmp v3 trap-target port {{ snmp_v3.trap_targets.port }}", "result": { "snmp_v3": { "trap_targets": { "{{ name }}": { "address": "{{ name }}", "port": "{{ port }}", }, }, }, }, }, # service snmp v3 trap-target <> protocol <> { "name": "snmp_v3.trap_targets.protocol", "getval": re.compile( r""" ^set\sservice\ssnmp\sv3\strap-target \s+(?P\S+) \s+(?Pprotocol\s\S+)* $""", re.VERBOSE, ), "setval": "service snmp v3 trap-target protocol {{ snmp_v3.trap_targets.protocol }}", "result": { "snmp_v3": { "trap_targets": { "{{ name }}": { "address": "{{ name }}", "protocol": "{{ protocol }}", }, }, }, }, }, # service snmp v3 trap-target <> type <> { "name": "snmp_v3.trap_targets.type", "getval": re.compile( r""" ^set\sservice\ssnmp\sv3\strap-target \s+(?P\S+) \s+(?Ptype\s\S+)* $""", re.VERBOSE, ), "setval": "service snmp v3 trap-target type {{ snmp_v3.trap_targets.type }}", "result": { "snmp_v3": { "trap_targets": { "{{ name }}": { "address": "{{ name }}", "type": "{{ type }}", }, }, }, }, }, # service snmp v3 trap-target <> user <> { "name": "snmp_v3.trap_targets.user", "getval": re.compile( r""" ^set\sservice\ssnmp\sv3\strap-target \s+(?P\S+) \s+(?Puser\s\S+)* $""", re.VERBOSE, ), "setval": "service snmp v3 trap-target user {{ snmp_v3.trap_targets.user }}", "result": { "snmp_v3": { "trap_targets": { "{{ name }}": { "address": "{{ name }}", "user": "{{ user }}", }, }, }, }, }, # service snmp v3 trap-target <> privacy <> { "name": "snmp_v3.trap_targets.privacy", "getval": re.compile( r""" ^set\sservice\ssnmp\sv3\strap-target \s+(?P\S+) \s+privacy - \s*(?Pencrypted-key\s\S+)* - \s*(?Pplaintext-key\s\S+)* + \s*(?Pencrypted-password\s\S+)* + \s*(?Pplaintext-password\s\S+)* \s*(?Ptype\s\S+)* $""", re.VERBOSE, ), "setval": _tmplt_snmp_server_v3_trap_target, "result": { "snmp_v3": { "trap_targets": { "{{ name }}": { "address": "{{ name }}", "privacy": { "encrypted_key": '{{ enc.split(" ")[1] if enc is defined else None }}', "plaintext_key": '{{ plain.split(" ")[1] if plain is defined else None }}', "type": '{{ type.split(" ")[1] if type is defined else None }}', }, }, }, }, }, }, # service snmp v3 user <> auth <> { "name": "snmp_v3.users.authentication", "getval": re.compile( r""" ^set\sservice\ssnmp\sv3\suser \s+(?P\S+) \s+auth - \s*(?Pencrypted-key\s\S+)* - \s*(?Pplaintext-key\s\S+)* + \s*(?Pencrypted-password\s\S+)* + \s*(?Pplaintext-password\s\S+)* \s*(?Ptype\s\S+)* $""", re.VERBOSE, ), "setval": _tmplt_snmp_server_v3_user, "result": { "snmp_v3": { "users": { "{{ name }}": { "user": "{{ name }}", "authentication": { "encrypted_key": '{{ enc.split(" ")[1] if enc is defined else None }}', "plaintext_key": '{{ plain.split(" ")[1] if plain is defined else None }}', "type": '{{ type.split(" ")[1] if type is defined else None }}', }, }, }, }, }, }, # service snmp v3 user <> privacy <> { "name": "snmp_v3.users.privacy", "getval": re.compile( r""" ^set\sservice\ssnmp\sv3\suser \s+(?P\S+) \s+privacy - \s*(?Pencrypted-key\s\S+)* - \s*(?Pplaintext-key\s\S+)* + \s*(?Pencrypted-password\s\S+)* + \s*(?Pplaintext-password\s\S+)* \s*(?Ptype\s\S+)* $""", re.VERBOSE, ), "setval": _tmplt_snmp_server_v3_user, "result": { "snmp_v3": { "users": { "{{ name }}": { "user": "{{ name }}", "privacy": { "encrypted_key": '{{ enc.split(" ")[1] if enc is defined else None }}', "plaintext_key": '{{ plain.split(" ")[1] if plain is defined else None }}', "type": '{{ type.split(" ")[1] if type is defined else None }}', }, }, }, }, }, }, # service snmp v3 user <> group <> { "name": "snmp_v3.users.group", "getval": re.compile( r""" ^set\sservice\ssnmp\sv3\suser \s+(?P\S+) \s+(?Pgroup\s.+)* $""", re.VERBOSE, ), "setval": "service snmp v3 user {{ snmp_v3.users.user }} group {{ snmp_v3.users.group }}", "result": { "snmp_v3": { "users": { "{{ name }}": { "user": "{{ name }}", "group": "{{ group.split(" ")[1] if group is defined else None }}", }, }, }, }, }, # service snmp v3 user <> mode <> { "name": "snmp_v3.users.mode", "getval": re.compile( r""" ^set\sservice\ssnmp\sv3\suser \s+(?P\S+) \s+(?Pmode\s\S+)* $""", re.VERBOSE, ), "setval": "service snmp v3 user {{ snmp_v3.users.user }} mode {{ snmp_v3.users.mode }}", "result": { "snmp_v3": { "users": { "{{ name }}": { "user": "{{ name }}", "mode": "{{ mode }}", }, }, }, }, }, # service snmp v3 view <> { "name": "snmp_v3.views", "getval": re.compile( r""" ^set\sservice\ssnmp\sv3\sview \s+(?P\S+) \s+(?Poid\s\S+) \s*(?Pexclude\s\S+)* \s*(?Pmask\s\S+)* $""", re.VERBOSE, ), "setval": _tmplt_snmp_server_v3_views, "result": { "snmp_v3": { "views": { "{{ name }}": { "view": "{{ name }}", "oid": '{{ oid.split(" ")[1] if oid is defined else None }}', "exclude": '{{ ex.split(" ")[1] if ex is defined else None }}', "mask": '{{ mask.split(" ")[1] if mask is defined else None }}', }, }, }, }, }, ] # fmt: on diff --git a/plugins/modules/vyos_snmp_server.py b/plugins/modules/vyos_snmp_server.py index 87ddb794..f574919a 100644 --- a/plugins/modules/vyos_snmp_server.py +++ b/plugins/modules/vyos_snmp_server.py @@ -1,1122 +1,1106 @@ #!/usr/bin/python # -*- coding: utf-8 -*- # Copyright 2024 Red Hat # GNU General Public License v3.0+ # (see COPYING or https://www.gnu.org/licenses/gpl-3.0.txt) """ The module file for vyos_snmp_server """ from __future__ import absolute_import, division, print_function __metaclass__ = type DOCUMENTATION = """ module: vyos_snmp_server version_added: "1.0.0" short_description: Manages snmp_server resource module description: This module manages the snmp server attributes of Vyos network devices author: Gomathi Selvi Srinivasan (@GomathiselviS) notes: - - Tested against vyos 1.3.8 + - Tested against vyos 1.3.8, 1.4.1 - This module works with connection C(network_cli). - The Configuration defaults of the Vyos network devices are supposed to hinder idempotent behavior of plays options: config: description: SNMP server configuration. type: dict suboptions: communities: description: Community name configuration. type: list elements: dict suboptions: name: description: Community name type: str clients: description: IP address of SNMP client allowed to contact system type: list elements: str networks: description: Subnet of SNMP client(s) allowed to contact system type: list elements: str authorization_type: description: Authorization type (rw or ro) type: str choices: ['ro', 'rw'] contact: description: Person to contact about the system. type: str description: description: Description information type: str listen_addresses: description: IP address to listen for incoming SNMP requests type: list elements: dict suboptions: address: description: IP address to listen for incoming SNMP requests. type: str port: description: Port for SNMP service type: int location: description: Location information type: str smux_peer: description: Register a subtree for SMUX-based processing. type: str trap_source: description: SNMP trap source address type: str trap_target: description: Address of trap target type: dict suboptions: address: description: Address of trap target type: str community: description: Community used when sending trap information type: str port: description: Destination port used for trap notification type: int snmp_v3: description: Simple Network Management Protocol (SNMP) v3 type: dict suboptions: engine_id: description: Specifies the EngineID as a hex value type: str groups: description: Specifies the group with name groupname type: list elements: dict suboptions: group: description: Specifies the group with name groupname type: str mode: description: Defines the read/write access type: str choices: ['ro', 'rw'] seclevel: description: Defines security level type: str choices: ['auth', 'priv'] view: description: Defines the name of view type: str trap_targets: description: Defines SNMP target for inform or traps for IP type: list elements: dict suboptions: address: description: IP/IPv6 address of trap target type: str authentication: description: Defines the authentication type: dict suboptions: type: description: Defines the protocol using for authentication type: str choices: ['md5', 'sha'] encrypted_key: description: Defines the encrypted password for authentication type: str plaintext_key: description: Defines the clear text password for authentication type: str - engine_id: - description: Defines the engineID. - type: str port: description: Specifies the TCP/UDP port of a destination for SNMP traps/informs. type: int privacy: description: Defines the privacy type: dict suboptions: type: description: Defines the protocol using for privacy type: str choices: ['des', 'aes'] encrypted_key: description: Defines the encrypted password for privacy type: str plaintext_key: description: Defines the clear text password for privacy type: str protocol: description: Defines protocol for notification between TCP and UDP type: str choices: ['tcp', 'udp'] type: description: Specifies the type of notification between inform and trap type: str choices: ['inform', 'trap'] - tsm: - description: Specifies that the snmpd uses encryption - type: dict - suboptions: - local_key: - description: Defines the server certificate fingerprint or key-file name. - type: str - port: - description: Defines the port for tsm. - type: int users: description: Defines username for authentication type: list elements: dict suboptions: user: description: Specifies the user with name username type: str authentication: description: Defines the authentication type: dict suboptions: type: description: Defines the protocol using for authentication type: str choices: ['md5', 'sha'] encrypted_key: description: Defines the encrypted password for authentication type: str plaintext_key: description: Defines the clear text password for authentication type: str - engine_id: - description: Defines the engineID. - type: str group: description: Specifies group for user name type: str mode: description: Specifies the mode for access rights of user, read only or write type: str choices: ['ro', 'rw'] privacy: description: Defines the privacy type: dict suboptions: type: description: Defines the protocol using for privacy type: str choices: ['des', 'aes'] encrypted_key: description: Defines the encrypted password for privacy type: str plaintext_key: description: Defines the clear text password for privacy type: str tsm_key: description: Specifies finger print or file name of TSM certificate. type: str views: description: Specifies the view with name viewname type: list elements: dict suboptions: view: description: view name type: str oid: description: Specify oid type: str exclude: description: Exclude is optional argument. type: str mask: description: Defines a bit-mask that is indicating which subidentifiers of the associated subtree OID should be regarded as significant. type: str running_config: description: - The state the configuration should be left in. - The states I(replaced) and I(overridden) have identical behaviour for this module. - Please refer to examples for more details. type: str state: choices: - merged - replaced - overridden - deleted - gathered - parsed - rendered default: merged description: - The state the configuration should be left in type: str """ EXAMPLES = """ # Using merged # Before State: # vyos@vyos:~$ show configuration commands | grep snmp # vyos@vyos:~$ - name: Merge provided configuration with device configuration vyos.vyos.vyos_snmp_server: config: communities: - name: "switches" authorization_type: "rw" - name: "bridges" clients: ["1.1.1.1", "12.1.1.10"] contact: "admin2@ex.com" listen_addresses: - address: "20.1.1.1" - address: "100.1.2.1" port: 33 snmp_v3: users: - user: admin_user authentication: plaintext_key: "abc1234567" type: "sha" privacy: plaintext_key: "abc1234567" type: "aes" state: merged # After State: # vyos@vyos:~$ show configuration commands | grep snmp # set service snmp community bridges client '1.1.1.1' # set service snmp community bridges client '12.1.1.10' # set service snmp community switches authorization 'rw' # set service snmp contact 'admin2@ex.com' # set service snmp listen-address 20.1.1.1 # set service snmp listen-address 100.1.2.1 port '33' # set service snmp v3 user admin_user auth plaintext-key 'abc1234567' # set service snmp v3 user admin_user auth type 'sha' # set service snmp v3 user admin_user privacy plaintext-key 'abc1234567' # set service snmp v3 user admin_user privacy type 'aes' # vyos@vyos:~$ # # Module Execution: # # "after": { # "communities": [ # { # "clients": [ # "1.1.1.1", # "12.1.1.10" # ], # "name": "bridges" # }, # { # "authorization_type": "rw", # "name": "switches" # } # ], # "contact": "admin2@ex.com", # "listen_addresses": [ # { # "address": "100.1.2.1", # "port": 33 # }, # { # "address": "20.1.1.1" # } # ], # "snmp_v3": { # "users": [ # { # "authentication": { # "plaintext_key": "VALUE_SPECIFIED_IN_NO_LOG_PARAMETER", # "type": "sha" # }, # "privacy": { # "plaintext_key": "VALUE_SPECIFIED_IN_NO_LOG_PARAMETER", # "type": "aes" # }, # "user": "admin_user" # } # ] # } # }, # "before": {}, # "changed": true, # "commands": [ # "set service snmp community switches authorization rw", # "set service snmp community bridges client 1.1.1.1", # "set service snmp community bridges client 12.1.1.10", # "set service snmp listen-address 20.1.1.1", # "set service snmp listen-address 100.1.2.1 port 33", # "set service snmp v3 user admin_user auth type sha", # "set service snmp v3 user admin_user auth plaintext-key ********", # "set service snmp v3 user admin_user privacy type aes", # "set service snmp v3 user admin_user privacy plaintext-key ********", # "set service snmp contact admin2@ex.com" # ], # # Using replaced # Before State # ------------- # vyos@vyos:~$ show configuration commands | grep snmp # set service snmp community bridges client '1.1.1.1' # set service snmp community bridges client '12.1.1.10' # set service snmp community switches authorization 'rw' # set service snmp contact 'admin2@ex.com' # set service snmp listen-address 20.1.1.1 # set service snmp listen-address 100.1.2.1 port '33' # set service snmp v3 user admin_user auth plaintext-key 'abc1234567' # set service snmp v3 user admin_user auth type 'sha' # set service snmp v3 user admin_user privacy plaintext-key 'abc1234567' # set service snmp v3 user admin_user privacy type 'aes' - name: Replace SNMP Server configuration vyos.vyos.vyos_snmp_server: config: communities: - name: "bridges" networks: ["1.1.1.0/24", "12.1.1.0/24"] location: "RDU, NC" listen_addresses: - address: "100.1.2.1" port: 33 snmp_v3: groups: - group: "default" view: "default" users: - user: admin_user authentication: plaintext_key: "abc1234567" type: "sha" privacy: plaintext_key: "abc1234567" type: "aes" group: "default" - user: guest_user2 authentication: plaintext_key: "opq1234567" type: "sha" privacy: plaintext_key: "opq1234567" type: "aes" views: - view: "default" oid: 1 state: replaced # After State: # vyos@vyos:~$ show configuration commands | grep snmp # set service snmp community bridges network '1.1.1.0/24' # set service snmp community bridges network '12.1.1.0/24' # set service snmp community switches # set service snmp listen-address 100.1.2.1 port '33' # set service snmp location 'RDU, NC' # set service snmp v3 group default view 'default' # set service snmp v3 user admin_user auth plaintext-key 'abc1234567' # set service snmp v3 user admin_user auth type 'sha' # set service snmp v3 user admin_user group 'default' # set service snmp v3 user admin_user privacy plaintext-key 'abc1234567' # set service snmp v3 user admin_user privacy type 'aes' # set service snmp v3 user guest_user2 auth plaintext-key 'opq1234567' # set service snmp v3 user guest_user2 auth type 'sha' # set service snmp v3 user guest_user2 privacy plaintext-key 'opq1234567' # set service snmp v3 user guest_user2 privacy type 'aes' # set service snmp v3 view default oid 1 # vyos@vyos:~$ # # # Module Execution: # "after": { # "communities": [ # { # "name": "bridges", # "networks": [ # "1.1.1.0/24", # "12.1.1.0/24" # ] # }, # { # "name": "switches" # } # ], # "listen_addresses": [ # { # "address": "100.1.2.1", # "port": 33 # } # ], # "location": "RDU, NC", # "snmp_v3": { # "groups": [ # { # "group": "default", # "view": "default" # } # ], # "users": [ # { # "authentication": { # "plaintext_key": "VALUE_SPECIFIED_IN_NO_LOG_PARAMETER", # "type": "sha" # }, # "group": "default", # "privacy": { # "plaintext_key": "VALUE_SPECIFIED_IN_NO_LOG_PARAMETER", # "type": "aes" # }, # "user": "admin_user" # }, # { # "authentication": { # "plaintext_key": "VALUE_SPECIFIED_IN_NO_LOG_PARAMETER", # "type": "sha" # }, # "privacy": { # "plaintext_key": "VALUE_SPECIFIED_IN_NO_LOG_PARAMETER", # "type": "aes" # }, # "user": "guest_user2" # } # ], # "views": [ # { # "oid": "1", # "view": "default" # } # ] # } # }, # "before": { # "communities": [ # { # "clients": [ # "1.1.1.1", # "12.1.1.10" # ], # "name": "bridges" # }, # { # "authorization_type": "rw", # "name": "switches" # } # ], # "contact": "admin2@ex.com", # "listen_addresses": [ # { # "address": "100.1.2.1", # "port": 33 # }, # { # "address": "20.1.1.1" # } # ], # "snmp_v3": { # "users": [ # { # "authentication": { # "plaintext_key": "VALUE_SPECIFIED_IN_NO_LOG_PARAMETER", # "type": "sha" # }, # "privacy": { # "plaintext_key": "VALUE_SPECIFIED_IN_NO_LOG_PARAMETER", # "type": "aes" # }, # "user": "admin_user" # } # ] # } # }, # "changed": true, # "commands": [ # "delete service snmp contact admin2@ex.com", # "delete service snmp listen-address 20.1.1.1", # "delete service snmp community switches authorization rw", # "delete service snmp community bridges client 12.1.1.10", # "delete service snmp community bridges client 1.1.1.1", # "set service snmp community bridges network 1.1.1.0/24", # "set service snmp community bridges network 12.1.1.0/24", # "set service snmp v3 group default view default", # "set service snmp v3 user admin_user group default", # "set service snmp v3 user guest_user2 auth type sha", # "set service snmp v3 user guest_user2 auth plaintext-key ********", # "set service snmp v3 user guest_user2 privacy type aes", # "set service snmp v3 user guest_user2 privacy plaintext-key ********", # "set service snmp v3 view default oid 1", # "set service snmp location 'RDU, NC'" # ], # Using overridden: # Before State # vyos@vyos:~$ show configuration commands | grep snmp # set service snmp community bridges client '1.1.1.1' # set service snmp community bridges client '12.1.1.10' # set service snmp community switches authorization 'rw' # set service snmp contact 'admin2@ex.com' # set service snmp listen-address 20.1.1.1 # set service snmp listen-address 100.1.2.1 port '33' # set service snmp v3 user admin_user auth plaintext-key 'abc1234567' # set service snmp v3 user admin_user auth type 'sha' # set service snmp v3 user admin_user privacy plaintext-key 'abc1234567' # set service snmp v3 user admin_user privacy type 'aes' - name: Override SNMP server config vyos.vyos.vyos_snmp_server: config: communities: - name: "bridges" networks: ["1.1.1.0/24", "12.1.1.0/24"] location: "RDU, NC" listen_addresses: - address: "100.1.2.1" port: 33 snmp_v3: groups: - group: "default" view: "default" users: - user: admin_user authentication: plaintext_key: "abc1234567" type: "sha" privacy: plaintext_key: "abc1234567" type: "aes" group: "default" - user: guest_user2 authentication: plaintext_key: "opq1234567" type: "sha" privacy: plaintext_key: "opq1234567" type: "aes" views: - view: "default" oid: 1 state: overridden # After State: # vyos@vyos:~$ show configuration commands | grep snmp # set service snmp community bridges network '1.1.1.0/24' # set service snmp community bridges network '12.1.1.0/24' # set service snmp community switches # set service snmp listen-address 100.1.2.1 port '33' # set service snmp location 'RDU, NC' # set service snmp v3 group default view 'default' # set service snmp v3 user admin_user auth plaintext-key 'abc1234567' # set service snmp v3 user admin_user auth type 'sha' # set service snmp v3 user admin_user group 'default' # set service snmp v3 user admin_user privacy plaintext-key 'abc1234567' # set service snmp v3 user admin_user privacy type 'aes' # set service snmp v3 user guest_user2 auth plaintext-key 'opq1234567' # set service snmp v3 user guest_user2 auth type 'sha' # set service snmp v3 user guest_user2 privacy plaintext-key 'opq1234567' # set service snmp v3 user guest_user2 privacy type 'aes' # set service snmp v3 view default oid 1 # vyos@vyos:~$ # # # Module Execution: # "after": { # "communities": [ # { # "name": "bridges", # "networks": [ # "1.1.1.0/24", # "12.1.1.0/24" # ] # }, # { # "name": "switches" # } # ], # "listen_addresses": [ # { # "address": "100.1.2.1", # "port": 33 # } # ], # "location": "RDU, NC", # "snmp_v3": { # "groups": [ # { # "group": "default", # "view": "default" # } # ], # "users": [ # { # "authentication": { # "plaintext_key": "VALUE_SPECIFIED_IN_NO_LOG_PARAMETER", # "type": "sha" # }, # "group": "default", # "privacy": { # "plaintext_key": "VALUE_SPECIFIED_IN_NO_LOG_PARAMETER", # "type": "aes" # }, # "user": "admin_user" # }, # { # "authentication": { # "plaintext_key": "VALUE_SPECIFIED_IN_NO_LOG_PARAMETER", # "type": "sha" # }, # "privacy": { # "plaintext_key": "VALUE_SPECIFIED_IN_NO_LOG_PARAMETER", # "type": "aes" # }, # "user": "guest_user2" # } # ], # "views": [ # { # "oid": "1", # "view": "default" # } # ] # } # }, # "before": { # "communities": [ # { # "clients": [ # "1.1.1.1", # "12.1.1.10" # ], # "name": "bridges" # }, # { # "authorization_type": "rw", # "name": "switches" # } # ], # "contact": "admin2@ex.com", # "listen_addresses": [ # { # "address": "100.1.2.1", # "port": 33 # }, # { # "address": "20.1.1.1" # } # ], # "snmp_v3": { # "users": [ # { # "authentication": { # "plaintext_key": "VALUE_SPECIFIED_IN_NO_LOG_PARAMETER", # "type": "sha" # }, # "privacy": { # "plaintext_key": "VALUE_SPECIFIED_IN_NO_LOG_PARAMETER", # "type": "aes" # }, # "user": "admin_user" # } # ] # } # }, # "changed": true, # "commands": [ # "delete service snmp contact admin2@ex.com", # "delete service snmp listen-address 20.1.1.1", # "delete service snmp community switches authorization rw", # "delete service snmp community bridges client 12.1.1.10", # "delete service snmp community bridges client 1.1.1.1", # "set service snmp community bridges network 1.1.1.0/24", # "set service snmp community bridges network 12.1.1.0/24", # "set service snmp v3 group default view default", # "set service snmp v3 user admin_user group default", # "set service snmp v3 user guest_user2 auth type sha", # "set service snmp v3 user guest_user2 auth plaintext-key ********", # "set service snmp v3 user guest_user2 privacy type aes", # "set service snmp v3 user guest_user2 privacy plaintext-key ********", # "set service snmp v3 view default oid 1", # "set service snmp location 'RDU, NC'" # ], # Using deleted: # Before State: # vyos@vyos:~$ show configuration commands | grep snmp # set service snmp community bridges network '1.1.1.0/24' # set service snmp community bridges network '12.1.1.0/24' # set service snmp community switches # set service snmp listen-address 100.1.2.1 port '33' # set service snmp location 'RDU, NC' # set service snmp v3 group default view 'default' # set service snmp v3 user admin_user auth plaintext-key 'abc1234567' # set service snmp v3 user admin_user auth type 'sha' # set service snmp v3 user admin_user group 'default' # set service snmp v3 user admin_user privacy plaintext-key 'abc1234567' # set service snmp v3 user admin_user privacy type 'aes' # set service snmp v3 user guest_user2 auth plaintext-key 'opq1234567' # set service snmp v3 user guest_user2 auth type 'sha' # set service snmp v3 user guest_user2 privacy plaintext-key 'opq1234567' # set service snmp v3 user guest_user2 privacy type 'aes' # set service snmp v3 view default oid 1 - name: Delete Config vyos.vyos.vyos_snmp_server: state: deleted # After State: # vyos@vyos:~$ show configuration commands | grep snmp # vyos@vyos:~$ # # Module Execution: # "after": {}, # "before": { # "communities": [ # { # "name": "bridges", # "networks": [ # "1.1.1.0/24", # "12.1.1.0/24" # ] # }, # { # "name": "switches" # } # ], # "listen_addresses": [ # { # "address": "100.1.2.1", # "port": 33 # } # ], # "location": "RDU, NC", # "snmp_v3": { # "groups": [ # { # "group": "default", # "view": "default" # } # ], # "users": [ # { # "authentication": { # "plaintext_key": "VALUE_SPECIFIED_IN_NO_LOG_PARAMETER", # "type": "sha" # }, # "group": "default", # "privacy": { # "plaintext_key": "VALUE_SPECIFIED_IN_NO_LOG_PARAMETER", # "type": "aes" # }, # "user": "admin_user" # }, # { # "authentication": { # "plaintext_key": "VALUE_SPECIFIED_IN_NO_LOG_PARAMETER", # "type": "sha" # }, # "privacy": { # "plaintext_key": "VALUE_SPECIFIED_IN_NO_LOG_PARAMETER", # "type": "aes" # }, # "user": "guest_user2" # } # ], # "views": [ # { # "oid": "1", # "view": "default" # } # ] # } # }, # "changed": true, # "commands": [ # "delete service snmp" # ], # Using rendered: - name: Render provided configuration vyos.vyos.vyos_snmp_server: config: communities: - name: "switches" authorization_type: "rw" - name: "bridges" clients: ["1.1.1.1", "12.1.1.10"] contact: "admin2@ex.com" listen_addresses: - address: "20.1.1.1" - address: "100.1.2.1" port: 33 snmp_v3: users: - user: admin_user authentication: plaintext_key: "abc1234567" type: "sha" privacy: plaintext_key: "abc1234567" type: "aes" state: rendered # Module Execution: # "rendered": [ # "set service snmp community switches authorization rw", # "set service snmp community bridges client 1.1.1.1", # "set service snmp community bridges client 12.1.1.10", # "set service snmp listen-address 20.1.1.1", # "set service snmp listen-address 100.1.2.1 port 33", # "set service snmp v3 user admin_user auth type sha", # "set service snmp v3 user admin_user auth plaintext-key ********", # "set service snmp v3 user admin_user privacy type aes", # "set service snmp v3 user admin_user privacy plaintext-key ********", # "set service snmp contact admin2@ex.com" # ] # # Using Gathered: # Before State: # vyos@vyos:~$ show configuration commands | grep snmp # set service snmp community bridges client '1.1.1.1' # set service snmp community bridges client '12.1.1.10' # set service snmp community switches authorization 'rw' # set service snmp contact 'admin2@ex.com' # set service snmp listen-address 20.1.1.1 # set service snmp listen-address 100.1.2.1 port '33' # set service snmp v3 user admin_user auth plaintext-key 'abc1234567' # set service snmp v3 user admin_user auth type 'sha' # set service snmp v3 user admin_user privacy plaintext-key 'abc1234567' # set service snmp v3 user admin_user privacy type 'aes' - name: Gather SNMP server config vyos.vyos.vyos_snmp_server: state: gathered # Module Execution: # "gathered": { # "communities": [ # { # "clients": [ # "1.1.1.1", # "12.1.1.10" # ], # "name": "bridges" # }, # { # "authorization_type": "rw", # "name": "switches" # } # ], # "contact": "admin2@ex.com", # "listen_addresses": [ # { # "address": "100.1.2.1", # "port": 33 # }, # { # "address": "20.1.1.1" # } # ], # "snmp_v3": { # "users": [ # { # "authentication": { # "plaintext_key": "VALUE_SPECIFIED_IN_NO_LOG_PARAMETER", # "type": "sha" # }, # "privacy": { # "plaintext_key": "VALUE_SPECIFIED_IN_NO_LOG_PARAMETER", # "type": "aes" # }, # "user": "admin_user" # } # ] # } # }, # Using parsed: # _parsed_snmp.cfg # set service snmp community routers authorization 'ro' # set service snmp community routers client '203.0.113.10' # set service snmp community routers client '203.0.113.20' # set service snmp community routers network '192.0.2.0/24' # set service snmp community routers network '2001::/64' # set service snmp contact 'admin@example.com' # set service snmp listen-address 172.16.254.36 port '161' # set service snmp listen-address 2001::1 # set service snmp location 'UK, London' # set service snmp trap-target 203.0.113.10 # set service snmp v3 engineid '000000000000000000000002' # set service snmp v3 group default mode 'ro' # set service snmp v3 group default view 'default' # set service snmp v3 user vyos auth plaintext-key 'vyos12345678' # set service snmp v3 user vyos auth type 'sha' # set service snmp v3 user vyos group 'default' # set service snmp v3 user vyos privacy plaintext-key 'vyos12345678' # set service snmp v3 user vyos privacy type 'aes' # set service snmp v3 view default oid 1 - name: Parse SNMP server config vyos.vyos.vyos_snmp_server: running_config: "{{ lookup('file', './_parsed_snmp.cfg') }}" state: parsed # Module Execution: # "parsed": { # "communities": [ # { # "authorization_type": "ro", # "clients": [ # "203.0.113.10", # "203.0.113.20" # ], # "name": "routers", # "networks": [ # "192.0.2.0/24", # "2001::/64" # ] # } # ], # "contact": "admin@example.com", # "listen_addresses": [ # { # "address": "172.16.254.36", # "port": 161 # }, # { # "address": "2001::1" # } # ], # "location": "UK, London", # "snmp_v3": { # "engine_id": "000000000000000000000002", # "groups": [ # { # "group": "default", # "mode": "ro", # "view": "default" # } # ], # "users": [ # { # "authentication": { # "plaintext_key": "VALUE_SPECIFIED_IN_NO_LOG_PARAMETER", # "type": "sha" # }, # "group": "default", # "privacy": { # "plaintext_key": "VALUE_SPECIFIED_IN_NO_LOG_PARAMETER", # "type": "aes" # }, # "user": "vyos" # } # ], # "views": [ # { # "oid": "1", # "view": "default" # } # ] # }, # "trap_target": { # "address": "203.0.113.10" # } # } # """ RETURN = """ before: description: The configuration prior to the module execution. returned: when I(state) is C(merged), C(replaced), C(overridden), C(deleted) or C(purged) type: dict sample: > This output will always be in the same format as the module argspec. after: description: The resulting configuration after module execution. returned: when changed type: dict sample: > This output will always be in the same format as the module argspec. commands: description: The set of commands pushed to the remote device. returned: when I(state) is C(merged), C(replaced), C(overridden), C(deleted) or C(purged) type: list sample: - "set service snmp community routers authorization 'ro'" - "set service snmp community routers client '203.0.113.10'" - "set service snmp community routers network '192.0.2.0/24'" rendered: description: The provided configuration in the task rendered in device-native format (offline). returned: when I(state) is C(rendered) type: list sample: - "set service snmp community routers authorization 'ro'" - "set service snmp community routers client '203.0.113.10'" - "set service snmp community routers network '192.0.2.0/24'" gathered: description: Facts about the network resource gathered from the remote device as structured data. returned: when I(state) is C(gathered) type: list sample: > This output will always be in the same format as the module argspec. parsed: description: The device native config provided in I(running_config) option parsed into structured data as per module argspec. returned: when I(state) is C(parsed) type: list sample: > This output will always be in the same format as the module argspec. """ from ansible.module_utils.basic import AnsibleModule from ansible_collections.vyos.vyos.plugins.module_utils.network.vyos.argspec.snmp_server.snmp_server import ( Snmp_serverArgs, ) from ansible_collections.vyos.vyos.plugins.module_utils.network.vyos.config.snmp_server.snmp_server import ( Snmp_server, ) def main(): """ Main entry point for module execution :returns: the result form module invocation """ module = AnsibleModule( argument_spec=Snmp_serverArgs.argument_spec, mutually_exclusive=[["config", "running_config"]], required_if=[ ["state", "merged", ["config"]], ["state", "replaced", ["config"]], ["state", "overridden", ["config"]], ["state", "rendered", ["config"]], ["state", "parsed", ["running_config"]], ], supports_check_mode=True, ) result = Snmp_server(module).execute_module() module.exit_json(**result) if __name__ == "__main__": main() diff --git a/tests/integration/targets/prepare_vyos_tests/tasks/main.yaml b/tests/integration/targets/prepare_vyos_tests/tasks/main.yaml index 2ed8d8cf..5800a582 100644 --- a/tests/integration/targets/prepare_vyos_tests/tasks/main.yaml +++ b/tests/integration/targets/prepare_vyos_tests/tasks/main.yaml @@ -1,14 +1,14 @@ --- - name: Ensure required interfaces are present in running-config vars: lines: |- set interfaces ethernet eth0 address dhcp set interfaces ethernet eth0 speed auto set interfaces ethernet eth0 duplex auto - set interfaces ethernet eth1 + set interfaces ethernet eth1 address 192.0.2.1/24 set interfaces ethernet eth2 delete interfaces loopback lo ignore_errors: "{{ result.failed }}" register: result ansible.netcommon.cli_config: config: "{{ lines }}" diff --git a/tests/integration/targets/vyos_hostname/tests/cli/_remove_config.yaml b/tests/integration/targets/vyos_hostname/tests/cli/_remove_config.yaml index 9850e2f3..3c1bf09b 100644 --- a/tests/integration/targets/vyos_hostname/tests/cli/_remove_config.yaml +++ b/tests/integration/targets/vyos_hostname/tests/cli/_remove_config.yaml @@ -1,8 +1,8 @@ --- -- name: Delete Hostname vyosuser +- name: Delete Hostname vyos.vyos.vyos_config: lines: - - delete system host-name 'vyosuser' + - delete system host-name ignore_errors: true vars: ansible_connection: ansible.netcommon.network_cli diff --git a/tests/integration/targets/vyos_snmp_server/tests/cli/_parsed.cfg b/tests/integration/targets/vyos_snmp_server/tests/cli/_parsed.cfg index 9750253c..493842df 100644 --- a/tests/integration/targets/vyos_snmp_server/tests/cli/_parsed.cfg +++ b/tests/integration/targets/vyos_snmp_server/tests/cli/_parsed.cfg @@ -1,19 +1,19 @@ set service snmp community routers authorization 'ro' set service snmp community routers client '203.0.113.10' set service snmp community routers client '203.0.113.20' set service snmp community routers network '192.0.2.0/24' set service snmp community routers network '2001::/64' set service snmp contact 'admin@example.com' set service snmp listen-address 172.16.254.36 port '161' set service snmp listen-address 2001::1 set service snmp location 'UK, London' set service snmp trap-target 203.0.113.10 set service snmp v3 engineid '000000000000000000000002' set service snmp v3 group default mode 'ro' set service snmp v3 group default view 'default' -set service snmp v3 user vyos auth plaintext-key 'vyos12345678' +set service snmp v3 user vyos auth plaintext-password 'vyos12345678' set service snmp v3 user vyos auth type 'sha' set service snmp v3 user vyos group 'default' -set service snmp v3 user vyos privacy plaintext-key 'vyos12345678' +set service snmp v3 user vyos privacy plaintext-password 'vyos12345678' set service snmp v3 user vyos privacy type 'aes' set service snmp v3 view default oid 1 diff --git a/tests/integration/targets/vyos_snmp_server/tests/cli/_populate_config.yaml b/tests/integration/targets/vyos_snmp_server/tests/cli/_populate_config.yaml index f4d89f55..f8aa82e8 100644 --- a/tests/integration/targets/vyos_snmp_server/tests/cli/_populate_config.yaml +++ b/tests/integration/targets/vyos_snmp_server/tests/cli/_populate_config.yaml @@ -1,18 +1,23 @@ --- - name: setup vyos.vyos.vyos_config: lines: + - set interface ethernet eth2 address 20.1.1.1/24 - set service snmp community switches authorization rw - set service snmp community bridges client 1.1.1.1 - set service snmp community bridges client 12.1.1.10 - set service snmp listen-address 20.1.1.1 - - set service snmp listen-address 100.1.2.1 port 33 - - set service snmp v3 user adminuser engineid 33 + - set service snmp listen-address 192.0.2.1 port 33 + - set service snmp v3 engineid 33 + - set service snmp v3 group testgroup mode ro + - set service snmp v3 group testgroup view default + - set service snmp v3 view default oid 1 - set service snmp v3 user adminuser auth type sha - - set service snmp v3 user adminuser auth plaintext-key abc1234567 + - set service snmp v3 user adminuser auth plaintext-password abc1234567 - set service snmp v3 user adminuser privacy type aes - - set service snmp v3 user adminuser privacy plaintext-key abc1234567 + - set service snmp v3 user adminuser privacy plaintext-password abc1234567 + - set service snmp v3 user adminuser group testgroup - set service snmp contact admin2@ex.com ignore_errors: true vars: ansible_connection: ansible.netcommon.network_cli diff --git a/tests/integration/targets/vyos_snmp_server/tests/cli/merged.yaml b/tests/integration/targets/vyos_snmp_server/tests/cli/merged.yaml index 7f8139d0..991cb42d 100644 --- a/tests/integration/targets/vyos_snmp_server/tests/cli/merged.yaml +++ b/tests/integration/targets/vyos_snmp_server/tests/cli/merged.yaml @@ -1,59 +1,70 @@ --- - debug: msg: START vyos_snmp_server merged integration tests on connection={{ ansible_connection }} - include_tasks: _remove_config.yaml - block: - name: Merge the provided configuration with the existing running configuration register: result vyos.vyos.vyos_snmp_server: &id001 config: communities: - name: switches authorization_type: rw - name: bridges clients: [1.1.1.1, 12.1.1.10] contact: admin2@ex.com listen_addresses: - address: 20.1.1.1 - - address: 100.1.2.1 + - address: 192.0.2.1 port: 33 snmp_v3: + views: + - view: default + oid: 1 + groups: + - group: testgroup + mode: ro + view: default users: - user: adminuser authentication: - plaintext_key: abc1234567 + encrypted_key: 33f8bfd6b69ee03a184818a4daea503c9e579633 type: sha privacy: - plaintext_key: abc1234567 + encrypted_key: 33f8bfd6b69ee03a184818a4daea503c9e579633 type: aes + group: testgroup state: merged - vyos.vyos.vyos_facts: gather_network_resources: snmp_server + - debug: + var: result.commands|symmetric_difference(merged.commands) + - assert: that: - - result.commands|length == 10 + - result.commands|length == merged.commands|length - result.changed == true - result.commands|symmetric_difference(merged.commands) == [] - result.after == ansible_facts['network_resources']['snmp_server'] - result.after == merged.after - name: Assert that before dicts were correctly generated assert: that: - result.before == {} - name: Merge the provided configuration with the existing running configuration (IDEMPOTENT) register: result vyos.vyos.vyos_snmp_server: *id001 - name: Assert that the previous task was idempotent assert: that: - result['changed'] == false always: - include_tasks: _remove_config.yaml diff --git a/tests/integration/targets/vyos_snmp_server/tests/cli/overridden.yaml b/tests/integration/targets/vyos_snmp_server/tests/cli/overridden.yaml index 2dc6edae..83536ad4 100644 --- a/tests/integration/targets/vyos_snmp_server/tests/cli/overridden.yaml +++ b/tests/integration/targets/vyos_snmp_server/tests/cli/overridden.yaml @@ -1,62 +1,68 @@ --- - debug: msg: START vyos_snmp_server overridden integration tests on connection={{ ansible_connection }} - include_tasks: _remove_config.yaml - include_tasks: _populate_config.yaml - block: - name: Override the existing configuration with the provided running configuration register: result vyos.vyos.vyos_snmp_server: &id001 config: communities: - name: bridges networks: [1.1.1.0/24, 12.1.1.0/24] location: RDU listen_addresses: - - address: 100.1.2.1 + - address: 192.0.2.1 port: 33 snmp_v3: + engine_id: "33" + groups: + - group: testgroup + mode: ro + view: default users: - user: adminuser - engine_id: "33" authentication: - plaintext_key: abc1234567 + encrypted_key: 33f8bfd6b69ee03a184818a4daea503c9e579633 type: sha privacy: - plaintext_key: abc1234567 + encrypted_key: 33f8bfd6b69ee03a184818a4daea503c9e579633 type: aes + group: testgroup - user: guestuser2 authentication: - plaintext_key: opq1234567 + encrypted_key: a1aadc2ed9912c6176939ce995367861012450a3 type: sha privacy: - plaintext_key: opq1234567 + encrypted_key: a1aadc2ed9912c6176939ce995367861012450a3 type: aes + group: testgroup views: - view: default oid: 1 state: overridden - vyos.vyos.vyos_facts: gather_network_resources: snmp_server - assert: that: - result.changed == true - result.after == ansible_facts['network_resources']['snmp_server'] - result.commands|length == 13 - name: Override the existing configuration with the provided running configuration (IDEMPOTENT) register: result vyos.vyos.vyos_snmp_server: *id001 - name: Assert that the previous task was idempotent assert: that: - result['changed'] == false always: - include_tasks: _remove_config.yaml diff --git a/tests/integration/targets/vyos_snmp_server/tests/cli/rendered.yaml b/tests/integration/targets/vyos_snmp_server/tests/cli/rendered.yaml index f3d92546..17334e4e 100644 --- a/tests/integration/targets/vyos_snmp_server/tests/cli/rendered.yaml +++ b/tests/integration/targets/vyos_snmp_server/tests/cli/rendered.yaml @@ -1,38 +1,46 @@ --- - debug: msg: START vyos_snmp_server rendered integration tests on connection={{ ansible_connection }} - include_tasks: _remove_config.yaml - block: - name: Render the given configuration in the form of native commands register: result vyos.vyos.vyos_snmp_server: config: communities: - name: switches authorization_type: rw - name: bridges clients: [1.1.1.1, 12.1.1.10] contact: admin2@ex.com listen_addresses: - address: 20.1.1.1 - - address: 100.1.2.1 + - address: 192.0.2.1 port: 33 snmp_v3: + views: + - view: default + oid: 1 + groups: + - group: testgroup + mode: ro + view: default users: - user: adminuser authentication: - plaintext_key: abc1234567 + encrypted_key: 33f8bfd6b69ee03a184818a4daea503c9e579633 type: sha privacy: - plaintext_key: abc1234567 + encrypted_key: 33f8bfd6b69ee03a184818a4daea503c9e579633 type: aes + group: testgroup state: rendered - assert: that: - result.changed == false - result.rendered|symmetric_difference(merged.commands) == [] always: - include_tasks: _remove_config.yaml diff --git a/tests/integration/targets/vyos_snmp_server/tests/cli/replaced.yaml b/tests/integration/targets/vyos_snmp_server/tests/cli/replaced.yaml index 3b759922..e4270c53 100644 --- a/tests/integration/targets/vyos_snmp_server/tests/cli/replaced.yaml +++ b/tests/integration/targets/vyos_snmp_server/tests/cli/replaced.yaml @@ -1,62 +1,68 @@ --- - debug: msg: START vyos_snmp_server replaced integration tests on connection={{ ansible_connection }} - include_tasks: _remove_config.yaml - include_tasks: _populate_config.yaml - block: - name: Replace the existing configuration with the provided running configuration register: result vyos.vyos.vyos_snmp_server: &id001 config: communities: - name: bridges networks: [1.1.1.0/24, 12.1.1.0/24] location: RDU listen_addresses: - - address: 100.1.2.1 + - address: 192.0.2.1 port: 33 snmp_v3: + engine_id: "33" + groups: + - group: testgroup + mode: ro + view: default users: - user: adminuser - engine_id: "33" authentication: - plaintext_key: abc1234567 + encrypted_key: 33f8bfd6b69ee03a184818a4daea503c9e579633 type: sha privacy: - plaintext_key: abc1234567 + encrypted_key: 33f8bfd6b69ee03a184818a4daea503c9e579633 type: aes + group: testgroup - user: guestuser2 authentication: - plaintext_key: opq1234567 + encrypted_key: a1aadc2ed9912c6176939ce995367861012450a3 type: sha privacy: - plaintext_key: opq1234567 + encrypted_key: a1aadc2ed9912c6176939ce995367861012450a3 type: aes + group: testgroup views: - view: default oid: 1 state: replaced - vyos.vyos.vyos_facts: gather_network_resources: snmp_server - assert: that: - result.changed == true - result.after == ansible_facts['network_resources']['snmp_server'] - result.commands|length == 13 - name: Replace the existing configuration with the provided running configuration (IDEMPOTENT) register: result vyos.vyos.vyos_snmp_server: *id001 - name: Assert that the previous task was idempotent assert: that: - result['changed'] == false always: - include_tasks: _remove_config.yaml diff --git a/tests/integration/targets/vyos_snmp_server/vars/main.yaml b/tests/integration/targets/vyos_snmp_server/vars/main.yaml index 3034390f..4560271f 100644 --- a/tests/integration/targets/vyos_snmp_server/vars/main.yaml +++ b/tests/integration/targets/vyos_snmp_server/vars/main.yaml @@ -1,125 +1,137 @@ --- merged: before: {} commands: - set service snmp community switches authorization rw - set service snmp community bridges client 1.1.1.1 - set service snmp community bridges client 12.1.1.10 - set service snmp listen-address 20.1.1.1 - - set service snmp listen-address 100.1.2.1 port 33 + - set service snmp listen-address 192.0.2.1 port 33 + - set service snmp v3 group testgroup mode ro + - set service snmp v3 group testgroup view default - set service snmp v3 user adminuser auth type sha - - set service snmp v3 user adminuser auth plaintext-key ******** + - set service snmp v3 user adminuser auth encrypted-password ******** - set service snmp v3 user adminuser privacy type aes - - set service snmp v3 user adminuser privacy plaintext-key ******** + - set service snmp v3 user adminuser privacy encrypted-password ******** + - set service snmp v3 user adminuser group testgroup + - set service snmp v3 view default oid 1 - set service snmp contact admin2@ex.com after: communities: - clients: - 1.1.1.1 - 12.1.1.10 name: bridges - authorization_type: rw name: switches contact: admin2@ex.com listen_addresses: - - address: 100.1.2.1 + - address: 192.0.2.1 port: 33 - address: 20.1.1.1 snmp_v3: + groups: + - group: testgroup + mode: ro + view: default users: - - authentication: - plaintext_key: VALUE_SPECIFIED_IN_NO_LOG_PARAMETER + - user: adminuser + authentication: + encrypted_key: VALUE_SPECIFIED_IN_NO_LOG_PARAMETER type: sha privacy: - plaintext_key: VALUE_SPECIFIED_IN_NO_LOG_PARAMETER + encrypted_key: VALUE_SPECIFIED_IN_NO_LOG_PARAMETER type: aes - user: adminuser + group: testgroup + views: + - view: default + oid: "1" overridden: commands: - delete service snmp contact admin2@ex.com - delete service snmp listen-address 20.1.1.1 - delete service snmp community switches authorization rw - delete service snmp community bridges client 12.1.1.10 - delete service snmp community bridges client 1.1.1.1 - set service snmp community bridges network 1.1.1.0/24 - set service snmp community bridges network 12.1.1.0/24 - set service snmp v3 user guestuser2 auth type sha - - set service snmp v3 user guestuser2 auth plaintext-key ******** + - set service snmp v3 user guestuser2 auth encrypted-password ******** - set service snmp v3 user guestuser2 privacy type aes - - set service snmp v3 user guestuser2 privacy plaintext-key ******** + - set service snmp v3 user guestuser2 privacy encrypted-password ******** - set service snmp v3 view default oid 1 - set service snmp location \'RDU\' after: communities: - name: bridges networks: - 1.1.1.0/24 - 12.1.1.0/24 - name: switches listen_addresses: - address: 100.1.2.1 port: 33 location: RDU, NC snmp_v3: users: - authentication: - plaintext_key: VALUE_SPECIFIED_IN_NO_LOG_PARAMETER + encrypted_key: VALUE_SPECIFIED_IN_NO_LOG_PARAMETER type: sha privacy: - plaintext_key: VALUE_SPECIFIED_IN_NO_LOG_PARAMETER + encrypted_key: VALUE_SPECIFIED_IN_NO_LOG_PARAMETER type: aes user: adminuser - authentication: - plaintext_key: VALUE_SPECIFIED_IN_NO_LOG_PARAMETER + encrypted_key: VALUE_SPECIFIED_IN_NO_LOG_PARAMETER type: sha privacy: - plaintext_key: VALUE_SPECIFIED_IN_NO_LOG_PARAMETER + encrypted_key: VALUE_SPECIFIED_IN_NO_LOG_PARAMETER type: aes user: guestuser2 views: - oid: 1 view: default deleted: commands: - delete service snmp after: {} parsed: after: communities: - authorization_type: ro clients: - 203.0.113.10 - 203.0.113.20 name: routers networks: - 192.0.2.0/24 - 2001::/64 contact: admin@example.com listen_addresses: - address: 172.16.254.36 port: 161 - address: 2001::1 location: UK, London snmp_v3: engine_id: "000000000000000000000002" groups: - group: default mode: ro view: default users: - authentication: plaintext_key: VALUE_SPECIFIED_IN_NO_LOG_PARAMETER type: sha group: default privacy: plaintext_key: VALUE_SPECIFIED_IN_NO_LOG_PARAMETER type: aes user: vyos views: - oid: "1" view: default trap_target: address: 203.0.113.10 diff --git a/tests/unit/modules/network/vyos/fixtures/vyos_snmp_server_config.cfg b/tests/unit/modules/network/vyos/fixtures/vyos_snmp_server_config.cfg index 689b18e2..957af9d4 100644 --- a/tests/unit/modules/network/vyos/fixtures/vyos_snmp_server_config.cfg +++ b/tests/unit/modules/network/vyos/fixtures/vyos_snmp_server_config.cfg @@ -1,12 +1,12 @@ set service snmp community bridges network 1.1.1.0/24 set service snmp community bridges network 12.1.1.0/24 set service snmp listen-address 100.1.2.1 port 33 set service snmp location RDU, NC -set service snmp v3 user admin_user auth plaintext-key abc1234567 +set service snmp v3 user admin_user auth plaintext-password abc1234567 set service snmp v3 user admin_user auth type sha -set service snmp v3 user admin_user privacy plaintext-key abc1234567 +set service snmp v3 user admin_user privacy plaintext-password abc1234567 set service snmp v3 user admin_user privacy type aes -set service snmp v3 user guest_user auth plaintext-key opq1234567 +set service snmp v3 user guest_user auth plaintext-password opq1234567 set service snmp v3 user guest_user auth type sha -set service snmp v3 user guest_user privacy plaintext-key opq1234567 +set service snmp v3 user guest_user privacy plaintext-password opq1234567 set service snmp v3 user guest_user privacy type aes diff --git a/tests/unit/modules/network/vyos/test_vyos_snmp_server.py b/tests/unit/modules/network/vyos/test_vyos_snmp_server.py index 43144653..9ac650bf 100644 --- a/tests/unit/modules/network/vyos/test_vyos_snmp_server.py +++ b/tests/unit/modules/network/vyos/test_vyos_snmp_server.py @@ -1,519 +1,519 @@ # (c) 2021 Red Hat Inc. # # This file is part of Ansible # # Ansible is free software: you can redistribute it and/or modify # it under the terms of the GNU General Public License as published by # the Free Software Foundation, either version 3 of the License, or # (at your option) any later version. # # Ansible is distributed in the hope that it will be useful, # but WITHOUT ANY WARRANTY; without even the implied warranty of # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the # GNU General Public License for more details. # # You should have received a copy of the GNU General Public License # along with Ansible. If not, see . # Make coding more python3-ish from __future__ import absolute_import, division, print_function __metaclass__ = type from unittest.mock import patch from ansible_collections.vyos.vyos.plugins.modules import vyos_snmp_server from ansible_collections.vyos.vyos.tests.unit.modules.utils import set_module_args from .vyos_module import TestVyosModule, load_fixture class TestVyosSnmpServerModule(TestVyosModule): module = vyos_snmp_server def setUp(self): super(TestVyosSnmpServerModule, self).setUp() self.mock_get_resource_connection_config = patch( "ansible_collections.ansible.netcommon.plugins.module_utils.network.common.rm_base.resource_module_base.get_resource_connection", ) self.get_resource_connection_config = self.mock_get_resource_connection_config.start() self.mock_get_resource_connection_facts = patch( "ansible_collections.ansible.netcommon.plugins.module_utils.network.common.facts.facts.get_resource_connection", ) self.get_resource_connection_facts = self.mock_get_resource_connection_facts.start() self.mock_execute_show_command = patch( "ansible_collections.vyos.vyos.plugins.module_utils.network.vyos.facts.snmp_server.snmp_server.Snmp_serverFacts.get_config", ) self.execute_show_command = self.mock_execute_show_command.start() def tearDown(self): super(TestVyosSnmpServerModule, self).tearDown() self.mock_get_resource_connection_config.stop() self.mock_get_resource_connection_facts.stop() self.mock_execute_show_command.stop() def load_fixtures(self, commands=None, filename=None): if filename is None: filename = "vyos_snmp_server_config.cfg" def load_from_file(*args, **kwargs): output = load_fixture(filename) return output self.execute_show_command.side_effect = load_from_file def test_snmp_server_merged_idempotent(self): set_module_args( dict( config=dict( communities=[ dict( name="bridges", networks=["12.1.1.0/24", "1.1.1.0/24"], ), ], listen_addresses=[ dict(address="100.1.2.1", port=33), ], location="RDU, NC", snmp_v3=dict( users=[ dict( user="admin_user", authentication=dict(type="sha", plaintext_key="abc1234567"), privacy=dict(type="aes", plaintext_key="abc1234567"), ), dict( user="guest_user", authentication=dict(type="sha", plaintext_key="opq1234567"), privacy=dict(type="aes", plaintext_key="opq1234567"), ), ], ), ), state="merged", ), ) self.execute_module(changed=False, commands=[]) def test_snmp_server_replaced_idempotent(self): set_module_args( dict( config=dict( communities=[ dict( name="bridges", networks=["12.1.1.0/24", "1.1.1.0/24"], ), ], listen_addresses=[ dict(address="100.1.2.1", port=33), ], location="RDU, NC", snmp_v3=dict( users=[ dict( user="admin_user", authentication=dict(type="sha", plaintext_key="abc1234567"), privacy=dict(type="aes", plaintext_key="abc1234567"), ), dict( user="guest_user", authentication=dict(type="sha", plaintext_key="opq1234567"), privacy=dict(type="aes", plaintext_key="opq1234567"), ), ], ), ), state="replaced", ), ) self.execute_module(changed=False, commands=[]) def test_snmp_server_overridden_idempotent(self): set_module_args( dict( config=dict( communities=[ dict( name="bridges", networks=["12.1.1.0/24", "1.1.1.0/24"], ), ], listen_addresses=[ dict(address="100.1.2.1", port=33), ], location="RDU, NC", snmp_v3=dict( users=[ dict( user="admin_user", authentication=dict(type="sha", plaintext_key="abc1234567"), privacy=dict(type="aes", plaintext_key="abc1234567"), ), dict( user="guest_user", authentication=dict(type="sha", plaintext_key="opq1234567"), privacy=dict(type="aes", plaintext_key="opq1234567"), ), ], ), ), state="overridden", ), ) self.execute_module(changed=False, commands=[]) def test_snmp_server_merged(self): set_module_args( dict( config=dict( communities=[ dict( name="routers", clients=["12.1.1.0/24", "1.1.1.0/24"], authorization_type="rw", ), dict(name="switches", authorization_type="ro"), ], contact="admin@example.com", description="snmp_config", smux_peer="peer1", trap_source="1.1.1.1", trap_target=dict(address="10.10.1.1", community="switches", port="80"), snmp_v3=dict( engine_id="34", groups=[ dict( group="default", mode="rw", seclevel="priv", view="view1", ), ], trap_targets=[ dict( address="20.12.1.1", authentication=dict(type="sha", plaintext_key="abc1234567"), privacy=dict(type="aes", plaintext_key="abc1234567"), ), ], ), ), state="merged", ), ) commands = [ "set service snmp community routers client 1.1.1.0/24", "set service snmp community routers client 12.1.1.0/24", "set service snmp community routers authorization rw", "set service snmp community switches authorization ro", "set service snmp v3 group default mode rw", "set service snmp v3 group default seclevel priv", "set service snmp v3 group default view view1", "set service snmp v3 engineid 34", "set service snmp contact admin@example.com", "set service snmp description snmp_config", "set service snmp smux-peer peer1", "set service snmp trap-source 1.1.1.1", "set service snmp trap-target 10.10.1.1", ] self.execute_module(changed=True, commands=commands) def test_snmp_server_replaced(self): set_module_args( dict( config=dict( communities=[ dict( name="routers", clients=["12.1.1.0/24", "1.1.1.0/24"], authorization_type="rw", ), dict(name="switches", authorization_type="ro"), ], contact="admin@example.com", description="snmp_config", smux_peer="peer1", trap_source="1.1.1.1", trap_target=dict(address="10.10.1.1", community="switches", port="80"), snmp_v3=dict( engine_id="34", groups=[ dict( group="default", mode="rw", seclevel="priv", view="view1", ), ], trap_targets=[ dict( address="20.12.1.1", authentication=dict(type="sha", plaintext_key="abc1234567"), privacy=dict(type="aes", plaintext_key="abc1234567"), ), ], ), ), state="replaced", ), ) commands = [ "set service snmp community routers client 1.1.1.0/24", "set service snmp community routers client 12.1.1.0/24", "set service snmp community routers authorization rw", "set service snmp community switches authorization ro", "delete service snmp community bridges network 1.1.1.0/24", "delete service snmp community bridges network 12.1.1.0/24", "delete service snmp listen-address 100.1.2.1 port 33", "set service snmp v3 group default mode rw", "set service snmp v3 group default seclevel priv", "set service snmp v3 group default view view1", "delete service snmp v3 user admin_user auth type sha", - "delete service snmp v3 user admin_user auth plaintext-key abc1234567", + "delete service snmp v3 user admin_user auth plaintext-password abc1234567", "delete service snmp v3 user admin_user privacy type aes", - "delete service snmp v3 user admin_user privacy plaintext-key abc1234567", + "delete service snmp v3 user admin_user privacy plaintext-password abc1234567", "delete service snmp v3 user guest_user auth type sha", - "delete service snmp v3 user guest_user auth plaintext-key opq1234567", + "delete service snmp v3 user guest_user auth plaintext-password opq1234567", "delete service snmp v3 user guest_user privacy type aes", - "delete service snmp v3 user guest_user privacy plaintext-key opq1234567", + "delete service snmp v3 user guest_user privacy plaintext-password opq1234567", "set service snmp v3 engineid 34", "set service snmp contact admin@example.com", "set service snmp description snmp_config", "set service snmp smux-peer peer1", "set service snmp trap-source 1.1.1.1", "set service snmp trap-target 10.10.1.1", "delete service snmp location 'RDU, NC'", ] self.execute_module(changed=True, commands=commands) def test_snmp_server_overridden(self): set_module_args( dict( config=dict( communities=[ dict( name="routers", clients=["12.1.1.0/24", "1.1.1.0/24"], authorization_type="rw", ), dict(name="switches", authorization_type="ro"), ], contact="admin@example.com", description="snmp_config", smux_peer="peer1", trap_source="1.1.1.1", trap_target=dict(address="10.10.1.1", community="switches", port="80"), snmp_v3=dict( engine_id="34", groups=[ dict( group="default", mode="rw", seclevel="priv", view="view1", ), ], trap_targets=[ dict( address="20.12.1.1", authentication=dict(type="sha", plaintext_key="abc1234567"), privacy=dict(type="aes", plaintext_key="abc1234567"), ), ], ), ), state="overridden", ), ) commands = [ "set service snmp community routers client 1.1.1.0/24", "set service snmp community routers client 12.1.1.0/24", "set service snmp community routers authorization rw", "set service snmp community switches authorization ro", "delete service snmp community bridges network 1.1.1.0/24", "delete service snmp community bridges network 12.1.1.0/24", "delete service snmp listen-address 100.1.2.1 port 33", "set service snmp v3 group default mode rw", "set service snmp v3 group default seclevel priv", "set service snmp v3 group default view view1", "delete service snmp v3 user admin_user auth type sha", - "delete service snmp v3 user admin_user auth plaintext-key abc1234567", + "delete service snmp v3 user admin_user auth plaintext-password abc1234567", "delete service snmp v3 user admin_user privacy type aes", - "delete service snmp v3 user admin_user privacy plaintext-key abc1234567", + "delete service snmp v3 user admin_user privacy plaintext-password abc1234567", "delete service snmp v3 user guest_user auth type sha", - "delete service snmp v3 user guest_user auth plaintext-key opq1234567", + "delete service snmp v3 user guest_user auth plaintext-password opq1234567", "delete service snmp v3 user guest_user privacy type aes", - "delete service snmp v3 user guest_user privacy plaintext-key opq1234567", + "delete service snmp v3 user guest_user privacy plaintext-password opq1234567", "set service snmp v3 engineid 34", "set service snmp contact admin@example.com", "set service snmp description snmp_config", "set service snmp smux-peer peer1", "set service snmp trap-source 1.1.1.1", "set service snmp trap-target 10.10.1.1", "delete service snmp location 'RDU, NC'", ] self.execute_module(changed=True, commands=commands) def test_snmp_server_deleted(self): set_module_args( dict( state="deleted", ), ) commands = ["delete service snmp"] self.execute_module(changed=True, commands=commands) def test_snmp_server_rendered(self): set_module_args( dict( config=dict( communities=[ dict( name="routers", clients=["12.1.1.0/24", "1.1.1.0/24"], authorization_type="rw", ), dict(name="switches", authorization_type="ro"), ], contact="admin@example.com", description="snmp_config", smux_peer="peer1", trap_source="1.1.1.1", trap_target=dict(address="10.10.1.1", community="switches", port="80"), snmp_v3=dict( engine_id="34", groups=[ dict( group="default", mode="rw", seclevel="priv", view="view1", ), ], trap_targets=[ dict( address="20.12.1.1", authentication=dict(type="sha", plaintext_key="abc1234567"), privacy=dict(type="aes", plaintext_key="abc1234567"), ), ], ), ), state="rendered", ), ) commands = [ "set service snmp community routers client 1.1.1.0/24", "set service snmp community routers client 12.1.1.0/24", "set service snmp community routers authorization rw", "set service snmp community switches authorization ro", "set service snmp v3 group default mode rw", "set service snmp v3 group default seclevel priv", "set service snmp v3 group default view view1", "set service snmp v3 engineid 34", "set service snmp contact admin@example.com", "set service snmp description snmp_config", "set service snmp smux-peer peer1", "set service snmp trap-source 1.1.1.1", "set service snmp trap-target 10.10.1.1", ] result = self.execute_module(changed=False) self.assertEqual( sorted(result["rendered"]), sorted(commands), result["rendered"], ) def test_snmp_server_parsed(self): commands = [ "set service snmp community routers client 1.1.1.0/24", "set service snmp community routers client 12.1.1.0/24", "set service snmp community routers authorization rw", "set service snmp community switches authorization ro", "set service snmp v3 group default mode rw", "set service snmp v3 group default seclevel priv", "set service snmp v3 group default view view1", "set service snmp v3 engineid 34", "set service snmp contact admin@example.com", "set service snmp description snmp_config", "set service snmp smux-peer peer1", "set service snmp trap-source 1.1.1.1", "set service snmp trap-target 10.10.1.1", ] parsed_str = "\n".join(commands) set_module_args(dict(running_config=parsed_str, state="parsed")) result = self.execute_module(changed=False) parsed_list = { "communities": [ { "authorization_type": "rw", "clients": ["1.1.1.0/24", "12.1.1.0/24"], "name": "routers", }, {"authorization_type": "ro", "name": "switches"}, ], "contact": "admin@example.com", "description": "snmp_config", "smux_peer": "peer1", "snmp_v3": { "engine_id": "34", "groups": [ { "group": "default", "mode": "rw", "seclevel": "priv", "view": "view1", }, ], }, "trap_source": "1.1.1.1", "trap_target": {"address": "10.10.1.1"}, } self.assertEqual(parsed_list, result["parsed"]) def test_snmp_server_gathered(self): set_module_args(dict(state="gathered")) result = self.execute_module(changed=False) gathered_list = { "communities": [ {"name": "bridges", "networks": ["1.1.1.0/24", "12.1.1.0/24"]}, ], "listen_addresses": [{"address": "100.1.2.1", "port": 33}], "location": "RDU, NC", "snmp_v3": { "users": [ { "authentication": { "plaintext_key": "abc1234567", "type": "sha", }, "privacy": { "plaintext_key": "abc1234567", "type": "aes", }, "user": "admin_user", }, { "authentication": { "plaintext_key": "opq1234567", "type": "sha", }, "privacy": { "plaintext_key": "opq1234567", "type": "aes", }, "user": "guest_user", }, ], }, } self.assertEqual(gathered_list, result["gathered"])