From 3becd39f22e0d29badc809444550b580b22eaa5f Mon Sep 17 00:00:00 2001 From: anvitha-jain Date: Mon, 7 Oct 2024 19:24:28 -0700 Subject: [PATCH] [ignore_changes] Renaming parameters and fixing documentation. --- plugins/module_utils/constants.py | 2 +- plugins/modules/ndo_interface_setting.py | 471 ++++++++++-------- .../ndo_interface_setting/tasks/main.yml | 204 ++++---- 3 files changed, 367 insertions(+), 310 deletions(-) diff --git a/plugins/module_utils/constants.py b/plugins/module_utils/constants.py index 9fbbb55f..25f4b1db 100644 --- a/plugins/module_utils/constants.py +++ b/plugins/module_utils/constants.py @@ -105,7 +105,7 @@ "disable_fec": "disable-fec", } -L2_INTERFACE_QIN_Q_MAP = { +L2_INTERFACE_QINQ_MAP = { "double_q_tag_port": "doubleQtagPort", "core_port": "corePort", "edge_port": "edgePort", diff --git a/plugins/modules/ndo_interface_setting.py b/plugins/modules/ndo_interface_setting.py index a1dc6c99..201128b2 100644 --- a/plugins/modules/ndo_interface_setting.py +++ b/plugins/modules/ndo_interface_setting.py @@ -47,7 +47,7 @@ - The type of the interface policy group. - The default value is C(physical). type: str - choices: [ physical, pc_vpc ] + choices: [ physical, port_channel ] speed: description: - The data transfer rate for the port in interface policy group. @@ -62,32 +62,29 @@ choices: [ 'on', 'off', on_enforce ] vlan_scope: description: - - The VLAN VLAN encapsulation value to map to EPG. - - The default value is C(local). + - The VLAN encapsulation value to map to EPG. + - The default value is C(global). type: str - choices: [ local, global, port_local ] + choices: [ global, port_local ] cdp_admin_state: description: - The CDP admin state enables Cisco Discovery Protocol (CDP) on the interface. - The default value is C(disabled). type: str choices: [ enabled, disabled ] - lldp: - description: - - The LLDP enables Link Layer Discovery Protocol (LLDP) on the interface. - - The default value is C(enabled). - type: str - choices: [ enabled, disabled ] domains: description: - The domains with which you want to associate this interface policy. + - The domains must be defined in the same fabric policy template. + - The old O(domains) will be replaced by the new entries during an update. + - Providing an empty list will remove the O(domains) from the interface policy. type: list elements: str port_channel_mode: description: - The port channel mode of the interface policy group. - The default value is C(static_channel_mode_on). - - The value is available only when the interface_type is C(pc_vpc). + - The value is available only when the interface_type is C(port_channel). type: str choices: [ static_channel_mode_on, lacp_passive, lacp_active, mac_pinning, mac_pinning_physical_nic_load, use_explicit_failover_order ] min_links: @@ -95,32 +92,35 @@ - The minimum links of the interface policy group. - The default value is 1. - The value must be between 1 and 16. - - The value is available only when the interface_type is C(pc_vpc). + - The value is available only when the interface_type is C(port_channel). type: int max_links: description: - The maximum links of the interface policy group. - The default value is 16. - The value must be between 1 and 64. - - The value is available only when the interface_type is C(pc_vpc). + - The value is available only when the interface_type is C(port_channel). type: int control: description: - The control of the interface policy group. - The default value is C(fast_sel_hot_stdby), C(graceful_conv), C(susp_individual). - - The value is available only when the interface_type is C(pc_vpc). + - The value is available only when the interface_type is C(port_channel). + - Providing an empty list will remove the O(control) from the interface policy. + - The old O(control) will be replaced by the new entries during an update. type: list elements: str choices: [ fast_sel_hot_stdby, graceful_conv, susp_individual, load_defer, symmetric_hash ] load_balance_hashing: description: - The load balance hashing of the interface policy group. - - The value is available only when the interface_type is C(pc_vpc). + - The value is available only when the interface_type is C(port_channel). type: str choices: [ destination_ip, layer_4_destination_ip, layer_4_source_ip, source_ip ] sync_e: description: - The syncE policy assigned to the interface policy group. + - The syncE policy must be defined in the same fabric policy template. type: str link_level_debounce_interval: description: @@ -140,30 +140,41 @@ - The default value is C(inherit). type: str choices: [ inherit, cl74_fc_fec, cl91_rs_fec, cons16_rs_fec, ieee_rs_fec, kp_fec, disable_fec ] - l2_interface_qin_q: + l2_interface_qinq: description: - - The QinQ enables mapping double-tagged VLAN traffic. + - The QinQ enables mapping double-tagged VLAN traffic. - The default value is C(disabled). type: str choices: [ core_port, double_q_tag_port, edge_port, disabled ] l2_interface_reflective_relay: description: - - The reflective relay enabled forwarding trafic. + - The reflective relay enabled forwarding traffic. - The default value is C(disabled). type: str choices: [ enabled, disabled ] - lldp_transmit_state: - description: - - The LLDP transmit state allows Link Layer Discovery Protocol (LLDP) packets to be sent from the interface. - - The default value is C(enabled). - type: str - choices: [ enabled, disabled ] - lldp_receive_state: + lldp: description: - - The LLDP receive state allows LLDP packets to be received by the interface. - - The default value is C(enabled). - type: str - choices: [ enabled, disabled ] + - The Link Layer Discovery Protocol (LLDP) on the interface. + type: dict + suboptions: + status: + description: + - The LLDP status enables Link Layer Discovery Protocol (LLDP) on the interface. + - The default value is C(enabled). + type: str + choices: [ enabled, disabled ] + transmit_state: + description: + - The LLDP transmit state allows Link Layer Discovery Protocol (LLDP) packets to be sent from the interface. + - The default value is C(enabled). + type: str + choices: [ enabled, disabled ] + receive_state: + description: + - The LLDP receive state allows LLDP packets to be received by the interface. + - The default value is C(enabled). + type: str + choices: [ enabled, disabled ] stp_bpdu_filter: description: - The STP Bridge Protocol Data Unit (BPDU) filter filters out any BPDUs on the port. @@ -178,7 +189,7 @@ choices: [ enabled, disabled ] llfc_transmit_state: description: - - The LLFC transmit state alows Link Level Flow Control (LLFC) packets to be sent from the interface. + - The LLFC transmit state allows Link Level Flow Control (LLFC) packets to be sent from the interface. - The default value is C(disabled). type: str choices: [ enabled, disabled ] @@ -188,63 +199,71 @@ - The default value is C(disabled). type: str choices: [ enabled, disabled ] - mcp_admin_state: - description: - - The MCP admin state enables MisCabling Protocol (MCP) on the interface. - - The default value is C(enabled). - type: str - choices: [ enabled, disabled ] - mcp_strict_mode: - description: - - The MCP strict mode. - - The default value is C(off). - type: str - choices: [ 'on', 'off' ] - mcp_initial_delay_time: - description: - - The MCP initial delay time in seconds. - - The default value is 180. - - The value must be between 0 and 1800. - - The value is available only when the mcp_strict_mode is C(on). - type: int - mcp_transmission_frequency_sec: - description: - - The MCP transmission frequency in seconds. - - The default value is 2. - - The value must be between 0 and 300. - - The value is available only when the mcp_strict_mode is C(on). - type: int - mcp_transmission_frequency_msec: - description: - - The MCP transmission frequency in milliseconds. - - The default value is 0. - - The value must be between 0 and 999. - - The value is available only when the mcp_strict_mode is C(on). - type: int - mcp_grace_period_sec: - description: - - The MCP grace period in seconds. - - The default value is 3. - - The value must be between 0 and 300. - - The value is available only when the mcp_strict_mode is C(on). - type: int - mcp_grace_period_msec: - description: - - The MCP grace period in milliseconds. - - The default value is 0. - - The value must be between 0 and 999. - - The value is available only when the mcp_strict_mode is C(on). - type: int + mcp: + description: + - The MisCabling Protocol (MCP) settings. + type: dict + suboptions: + admin_state: + description: + - The MCP admin state enables MisCabling Protocol (MCP) on the interface. + - The default value is C(enabled). + type: str + choices: [ enabled, disabled ] + strict_mode: + description: + - The MCP strict mode. + - The value is available only when the MCP admin_state is C(enabled). + - The default value is C(off). + type: str + choices: [ 'on', 'off' ] + aliases: [ mcp_mode ] + initial_delay_time: + description: + - The MCP initial delay time in seconds. + - The default value is 180. + - The value must be between 0 and 1800. + - The value is available only when the MCP strict_mode is C(on). + type: int + transmission_frequency_sec: + description: + - The MCP transmission frequency in seconds. + - The default value is 2. + - The value must be between 0 and 300. + - The value is available only when the MCP strict_mode is C(on). + type: int + transmission_frequency_msec: + description: + - The MCP transmission frequency in milliseconds. + - The default value is 0. + - The value must be between 0 and 999. + - The value is available only when the MCP strict_mode is C(on). + type: int + grace_period_sec: + description: + - The MCP grace period in seconds. + - The default value is 3. + - The value must be between 0 and 300. + - The value is available only when the MCP strict_mode is C(on). + type: int + grace_period_msec: + description: + - The MCP grace period in milliseconds. + - The default value is 0. + - The value must be between 0 and 999. + - The value is available only when the MCP strict_mode is C(on). + type: int pfc_admin_state: description: - The PFC admin state. - The default value is C(auto). type: str choices: [ 'on', 'off', auto ] - access_mac_sec_policy: + access_macsec_policy: description: - The access MACsec policy. - The value is available only when the mcp_admin_state is C(enabled). + - The MACsec policy must be defined in the same fabric policy template. type: str state: description: @@ -254,6 +273,11 @@ type: str choices: [ absent, query, present ] default: query +notes: +- The O(template) must exist before using this module in your playbook. + Use M(cisco.mso.ndo_template) to create the Tenant template. +seealso: +- module: cisco.mso.ndo_template extends_documentation_fragment: cisco.mso.modules """ @@ -269,15 +293,15 @@ interface_type: physical state: present -- name: Create an Interface policy group of interface_type pc_vpc +- name: Create an Interface policy group of interface_type port_channel cisco.mso.ndo_interface_setting: host: mso_host username: admin password: SomeSecretPassword template: ansible_test_template - interface_policy_group: ansible_test_interface_policy_group_pc_vpc + interface_policy_group: ansible_test_interface_policy_group_port_channel description: "Interface Policy Group for Ansible Test" - interface_type: pc_vpc + interface_type: port_channel state: present - name: Query all Interface policy groups @@ -339,7 +363,7 @@ PORT_CHANNEL_MODE_MAP, CONTROL_MAP, LINK_LEVEL_FEC_MAP, - L2_INTERFACE_QIN_Q_MAP, + L2_INTERFACE_QINQ_MAP, LOAD_BALANCE_HASHING_MAP, ) import copy @@ -353,39 +377,49 @@ def main(): interface_policy_group=dict(type="str", aliases=["name"]), interface_policy_group_uuid=dict(type="str", aliases=["uuid"]), description=dict(type="str"), - interface_type=dict(type="str", choices=["physical", "pc_vpc"]), # pc_vpc = portchannel + interface_type=dict(type="str", choices=["physical", "port_channel"]), speed=dict(type="str", choices=["100M", "1G", "10G", "25G", "40G", "50G", "100G", "200G", "400G", "inherit"]), - auto_negotiation=dict(type="str", choices=["on", "off", "on_enforce"]), # on_enforce = on-enforce - vlan_scope=dict(type="str", choices=["local", "global", "port_local"]), # port_local = portlocal + auto_negotiation=dict(type="str", choices=["on", "off", "on_enforce"]), + vlan_scope=dict(type="str", choices=["global", "port_local"]), cdp_admin_state=dict(type="str", choices=["enabled", "disabled"]), - lldp=dict(type="str", choices=["enabled", "disabled"]), + lldp=dict( + type="dict", + options=dict( + status=dict(type="str", choices=["enabled", "disabled"]), + transmit_state=dict(type="str", choices=["enabled", "disabled"]), + receive_state=dict(type="str", choices=["enabled", "disabled"]), + ), + ), domains=dict(type="list", elements="str"), - port_channel_mode=dict(type="str", choices=list(PORT_CHANNEL_MODE_MAP.keys())), + port_channel_mode=dict(type="str", choices=list(PORT_CHANNEL_MODE_MAP)), min_links=dict(type="int"), max_links=dict(type="int"), - control=dict(type="list", elements="str", choices=list(CONTROL_MAP.keys())), - load_balance_hashing=dict(type="str", choices=list(LOAD_BALANCE_HASHING_MAP.keys())), + control=dict(type="list", elements="str", choices=list(CONTROL_MAP)), + load_balance_hashing=dict(type="str", choices=list(LOAD_BALANCE_HASHING_MAP)), sync_e=dict(type="str"), link_level_debounce_interval=dict(type="int"), link_level_bring_up_delay=dict(type="int"), - link_level_fec=dict(type="str", choices=list(LINK_LEVEL_FEC_MAP.keys())), - l2_interface_qin_q=dict(type="str", choices=list(L2_INTERFACE_QIN_Q_MAP.keys())), + link_level_fec=dict(type="str", choices=list(LINK_LEVEL_FEC_MAP)), + l2_interface_qinq=dict(type="str", choices=list(L2_INTERFACE_QINQ_MAP)), l2_interface_reflective_relay=dict(type="str", choices=["enabled", "disabled"]), - lldp_transmit_state=dict(type="str", choices=["enabled", "disabled"]), - lldp_receive_state=dict(type="str", choices=["enabled", "disabled"]), stp_bpdu_filter=dict(type="str", choices=["enabled", "disabled"]), stp_bpdu_guard=dict(type="str", choices=["enabled", "disabled"]), llfc_transmit_state=dict(type="str", choices=["enabled", "disabled"]), llfc_receive_state=dict(type="str", choices=["enabled", "disabled"]), - mcp_admin_state=dict(type="str", choices=["enabled", "disabled"]), - mcp_strict_mode=dict(type="str", choices=["on", "off"]), - mcp_initial_delay_time=dict(type="int"), - mcp_transmission_frequency_sec=dict(type="int"), - mcp_transmission_frequency_msec=dict(type="int"), - mcp_grace_period_sec=dict(type="int"), - mcp_grace_period_msec=dict(type="int"), + mcp=dict( + type="dict", + options=dict( + admin_state=dict(type="str", choices=["enabled", "disabled"]), + strict_mode=dict(type="str", choices=["on", "off"], aliases=["mcp_mode"]), + initial_delay_time=dict(type="int"), + transmission_frequency_sec=dict(type="int"), + transmission_frequency_msec=dict(type="int"), + grace_period_sec=dict(type="int"), + grace_period_msec=dict(type="int"), + ), + ), pfc_admin_state=dict(type="str", choices=["on", "off", "auto"]), - access_mac_sec_policy=dict(type="str"), + access_macsec_policy=dict(type="str"), state=dict(type="str", choices=["absent", "query", "present"], default="query"), ) ) @@ -394,7 +428,7 @@ def main(): argument_spec=argument_spec, supports_check_mode=True, required_if=[ - ["state", "present", ["interface_policy_group", "interface_type"]], + ["state", "present", ["interface_policy_group", "interface_policy_group_uuid", "interface_type"], True], ["state", "absent", ["interface_policy_group", "interface_policy_group_uuid"], True], ], ) @@ -405,14 +439,14 @@ def main(): interface_policy_group = module.params.get("interface_policy_group") interface_policy_group_uuid = module.params.get("interface_policy_group_uuid") description = module.params.get("description") - interface_type = module.params.get("interface_type") # .replace("_", "") - if interface_type == "pc_vpc": + interface_type = module.params.get("interface_type") + if interface_type == "port_channel": interface_type = "portchannel" speed = module.params.get("speed") - auto_negotiation = module.params.get("auto_negotiation") # .replace("_", "-") + auto_negotiation = module.params.get("auto_negotiation") if auto_negotiation == "on_enforce": auto_negotiation = "on-enforce" - vlan_scope = module.params.get("vlan_scope") # .replace("_", "") + vlan_scope = module.params.get("vlan_scope") if vlan_scope == "port_local": vlan_scope = "portlocal" cdp_admin_state = module.params.get("cdp_admin_state") @@ -421,29 +455,24 @@ def main(): port_channel_mode = PORT_CHANNEL_MODE_MAP.get(module.params.get("port_channel_mode")) min_links = module.params.get("min_links") max_links = module.params.get("max_links") - control = CONTROL_MAP.get(module.params.get("control")) + if module.params.get("control") is not None: + control = sorted(CONTROL_MAP.get(v) for v in module.params.get("control")) + else: + control = None load_balance_hashing = LOAD_BALANCE_HASHING_MAP.get(module.params.get("load_balance_hashing")) sync_e = module.params.get("sync_e") link_level_debounce_interval = module.params.get("link_level_debounce_interval") link_level_bring_up_delay = module.params.get("link_level_bring_up_delay") link_level_fec = LINK_LEVEL_FEC_MAP.get(module.params.get("link_level_fec")) - l2_interface_qin_q = L2_INTERFACE_QIN_Q_MAP.get(module.params.get("l2_interface_qin_q")) + l2_interface_qinq = L2_INTERFACE_QINQ_MAP.get(module.params.get("l2_interface_qinq")) l2_interface_reflective_relay = module.params.get("l2_interface_reflective_relay") - lldp_transmit_state = module.params.get("lldp_transmit_state") - lldp_receive_state = module.params.get("lldp_receive_state") stp_bpdu_filter = module.params.get("stp_bpdu_filter") stp_bpdu_guard = module.params.get("stp_bpdu_guard") llfc_transmit_state = module.params.get("llfc_transmit_state") llfc_receive_state = module.params.get("llfc_receive_state") - mcp_admin_state = module.params.get("mcp_admin_state") - mcp_strict_mode = module.params.get("mcp_strict_mode") - mcp_initial_delay_time = module.params.get("mcp_initial_delay_time") - mcp_transmission_frequency_sec = module.params.get("mcp_transmission_frequency_sec") - mcp_transmission_frequency_msec = module.params.get("mcp_transmission_frequency_msec") - mcp_grace_period_sec = module.params.get("mcp_grace_period_sec") - mcp_grace_period_msec = module.params.get("mcp_grace_period_msec") + mcp = module.params.get("mcp") pfc_admin_state = module.params.get("pfc_admin_state") - access_mac_sec_policy = module.params.get("access_mac_sec_policy") + access_macsec_policy = module.params.get("access_macsec_policy") state = module.params.get("state") ops = [] @@ -481,52 +510,56 @@ def main(): match.details["description"] = description if interface_type and match.details.get("type") != interface_type: - mso.fail_json(msg="Interface type cannot be changed") + mso.fail_json(msg="Interface type cannot be changed.") if domains: # the existing domain list is updated by the new domain list - domain_list = [] + domain_uuid = [] # get names and uuids of existing domains existing_physical_domains = {domain["name"]: domain["uuid"] for domain in template_info.get("domains", [])} existing_l3_domains = {domain["name"]: domain["uuid"] for domain in template_info.get("l3Domains", [])} for item in domains: if item in existing_physical_domains: - domain_list.append(existing_physical_domains[item]) + domain_uuid.append(existing_physical_domains[item]) elif item in existing_l3_domains: - domain_list.append(existing_l3_domains[item]) + domain_uuid.append(existing_l3_domains[item]) else: - mso.fail_json(msg="Domain '{0}' not found in the template '{1}'".format(item, template)) - ops.append(dict(op="replace", path="{0}/{1}/domains".format(path, match.index), value=domain_list)) - match.details["domains"] = domain_list + mso.fail_json(msg="Domain '{0}' not found in the template '{1}'.".format(item, template)) + if set(domain_uuid) != set(match.details.get("domains")): + ops.append(dict(op="replace", path="{0}/{1}/domains".format(path, match.index), value=domain_uuid)) + match.details["domains"] = domain_uuid + elif domains == []: + # remove domains from the interface policy group if the list is empty + ops.append(dict(op="remove", path="{0}/{1}/domains".format(path, match.index))) + match.details.pop("domains", None) if sync_e: + # existing_sync_e contains names and uuids of existing SyncE policies existing_sync_e = {sync_e["name"]: sync_e["uuid"] for sync_e in template_info.get("syncEthIntfPolicies", [])} - if sync_e in existing_sync_e and existing_sync_e[sync_e] != sync_e: - ops.append(dict(op="replace", path="{0}/{1}/syncEthPolicy".format(path, match.index), value=existing_sync_e[sync_e])) - match.details["syncEthPolicy"] = existing_sync_e[sync_e] + if sync_e not in existing_sync_e: + mso.fail_json(msg="SyncE policy '{0}' not found in the template '{1}'.".format(sync_e, template)) else: - mso.fail_json(msg="SyncE policy '{0}' not found in the template '{1}'".format(sync_e, template)) + if existing_sync_e[sync_e] != match.details.get("syncEthPolicy"): + ops.append(dict(op="replace", path="{0}/{1}/syncEthPolicy".format(path, match.index), value=existing_sync_e[sync_e])) + match.details["syncEthPolicy"] = existing_sync_e[sync_e] - if access_mac_sec_policy: - if mcp_admin_state and (mcp_admin_state == "disabled" or match.details.get("mcp", {}).get("adminState") == "disabled"): - mso.fail_json(msg="Access MACsec policy can only be set when mcp_admin_state is enabled") + if access_macsec_policy: + if mcp and mcp["admin_state"] and (mcp["admin_state"] == "disabled" or match.details.get("mcp", {}).get("adminState") == "disabled"): + mso.fail_json(msg="Access MACsec policy can only be set when MCP admin state is enabled.") else: - existing_access_mac_sec_policy = { - mac_sec_policy["name"]: mac_sec_policy["uuid"] for mac_sec_policy in template_info.get("macsecPolicies", []) - } - if access_mac_sec_policy in existing_access_mac_sec_policy and ( - existing_access_mac_sec_policy[access_mac_sec_policy] != access_mac_sec_policy - ): + # existing_access_macsec_policy contains names and uuids of existing MACsec policies + existing_access_macsec_policy = {macsec_policy["name"]: macsec_policy["uuid"] for macsec_policy in template_info.get("macsecPolicies", [])} + if access_macsec_policy in existing_access_macsec_policy and (existing_access_macsec_policy[access_macsec_policy] != access_macsec_policy): ops.append( dict( op="replace", path="{0}/{1}/accessMACsecPolicy".format(path, match.index), - value=existing_access_mac_sec_policy[access_mac_sec_policy], + value=existing_access_macsec_policy[access_macsec_policy], ) ) - match.details["accessMACsecPolicy"] = existing_access_mac_sec_policy[access_mac_sec_policy] + match.details["accessMACsecPolicy"] = existing_access_macsec_policy[access_macsec_policy] else: - mso.fail_json(msg="Access MACsec policy '{0}' not found in the template '{1}'".format(access_mac_sec_policy, template)) + mso.fail_json(msg="Access MACsec policy '{0}' not found in the template '{1}'.".format(access_macsec_policy, template)) # dictionaries if cdp_admin_state and match.details.get("cdp", {}).get("adminState") != cdp_admin_state: @@ -553,9 +586,9 @@ def main(): ops.append(dict(op="replace", path="{0}/{1}/stp/bpduGuardEnabled".format(path, match.index), value=stp_bpdu_guard)) match.details["stp"]["bpduGuardEnabled"] = stp_bpdu_guard - if l2_interface_qin_q and match.details.get("l2Interface", {}).get("qinq") != l2_interface_qin_q: - ops.append(dict(op="replace", path="{0}/{1}/l2Interface/qinq".format(path, match.index), value=l2_interface_qin_q)) - match.details["l2Interface"]["qinq"] = l2_interface_qin_q + if l2_interface_qinq and match.details.get("l2Interface", {}).get("qinq") != l2_interface_qinq: + ops.append(dict(op="replace", path="{0}/{1}/l2Interface/qinq".format(path, match.index), value=l2_interface_qinq)) + match.details["l2Interface"]["qinq"] = l2_interface_qinq if l2_interface_reflective_relay and match.details.get("l2Interface", {}).get("reflectiveRelay") != l2_interface_reflective_relay: ops.append(dict(op="replace", path="{0}/{1}/l2Interface/reflectiveRelay".format(path, match.index), value=l2_interface_reflective_relay)) @@ -566,15 +599,16 @@ def main(): match.details["l2Interface"]["vlanScope"] = vlan_scope if lldp: - if lldp == "disabled": - if not (lldp_receive_state == "disabled" and lldp_transmit_state == "disabled"): - mso.fail_json(msg="lldp_receive_state and lldp_transmit_state must be 'disabled' when LLDP is disabled") - if lldp_receive_state and match.details.get("lldp", {}).get("receiveState") != lldp_receive_state: - ops.append(dict(op="replace", path="{0}/{1}/lldp/receiveState".format(path, match.index), value=lldp_receive_state)) - match.details["lldp"]["receiveState"] = lldp_receive_state - if lldp_transmit_state and match.details.get("lldp", {}).get("transmitState") != lldp_transmit_state: - ops.append(dict(op="replace", path="{0}/{1}/lldp/transmitState".format(path, match.index), value=lldp_transmit_state)) - match.details["lldp"]["transmitState"] = lldp_transmit_state + # if LLDP status is disabled, then receive_state and transmit_state must be disabled + if lldp["status"] and lldp["status"] == "disabled": + if not (lldp["receive_state"] == "disabled" and lldp["transmit_state"] == "disabled"): + mso.fail_json(msg="LLDP receive_state and transmit_state must be 'disabled' when LLDP status is disabled.") + if lldp["receive_state"] and match.details.get("lldp", {}).get("receiveState") != lldp["receive_state"]: + ops.append(dict(op="replace", path="{0}/{1}/lldp/receiveState".format(path, match.index), value=lldp["receive_state"])) + match.details["lldp"]["receiveState"] = lldp["receive_state"] + if lldp["transmit_state"] and match.details.get("lldp", {}).get("transmitState") != lldp["transmit_state"]: + ops.append(dict(op="replace", path="{0}/{1}/lldp/transmitState".format(path, match.index), value=lldp["transmit_state"])) + match.details["lldp"]["transmitState"] = lldp["transmit_state"] if link_level_debounce_interval and match.details.get("linkLevel", {}).get("debounceInterval") != link_level_debounce_interval: ops.append(dict(op="replace", path="{0}/{1}/linkLevel/debounceInterval".format(path, match.index), value=link_level_debounce_interval)) @@ -596,33 +630,28 @@ def main(): ops.append(dict(op="replace", path="{0}/{1}/linkLevel/autoNegotiation".format(path, match.index), value=auto_negotiation)) match.details["linkLevel"]["autoNegotiation"] = auto_negotiation - if mcp_admin_state and match.details.get("mcp", {}).get("adminState") != mcp_admin_state: - ops.append(dict(op="replace", path="{0}/{1}/mcp/adminState".format(path, match.index), value=mcp_admin_state)) - match.details["mcp"]["adminState"] = mcp_admin_state - - if mcp_strict_mode and match.details.get("mcp", {}).get("mcpMode") != mcp_strict_mode: - ops.append(dict(op="replace", path="{0}/{1}/mcp/mcpMode".format(path, match.index), value=mcp_strict_mode)) - match.details["mcp"]["mcpMode"] = mcp_strict_mode - - if mcp_initial_delay_time and match.details.get("mcp", {}).get("initialDelayTime") != mcp_initial_delay_time: - ops.append(dict(op="replace", path="{0}/{1}/mcp/initialDelayTime".format(path, match.index), value=mcp_initial_delay_time)) - match.details["mcp"]["initialDelayTime"] = mcp_initial_delay_time - - if mcp_transmission_frequency_sec and match.details.get("mcp", {}).get("txFreq") != mcp_transmission_frequency_sec: - ops.append(dict(op="replace", path="{0}/{1}/mcp/txFreq".format(path, match.index), value=mcp_transmission_frequency_sec)) - match.details["mcp"]["txFreq"] = mcp_transmission_frequency_sec - - if mcp_transmission_frequency_msec and match.details.get("mcp", {}).get("txFreqMsec") != mcp_transmission_frequency_msec: - ops.append(dict(op="replace", path="{0}/{1}/mcp/txFreqMsec".format(path, match.index), value=mcp_transmission_frequency_msec)) - match.details["mcp"]["txFreqMsec"] = mcp_transmission_frequency_msec - - if mcp_grace_period_sec and match.details.get("mcp", {}).get("gracePeriod") != mcp_grace_period_sec: - ops.append(dict(op="replace", path="{0}/{1}/mcp/gracePeriod".format(path, match.index), value=mcp_grace_period_sec)) - match.details["mcp"]["gracePeriod"] = mcp_grace_period_sec - - if mcp_grace_period_msec and match.details.get("mcp", {}).get("gracePeriodMsec") != mcp_grace_period_msec: - ops.append(dict(op="replace", path="{0}/{1}/mcp/gracePeriodMsec".format(path, match.index), value=mcp_grace_period_msec)) - match.details["mcp"]["gracePeriodMsec"] = mcp_grace_period_msec + if mcp: + if mcp["admin_state"] and match.details.get("mcp", {}).get("adminState") != mcp["admin_state"]: + ops.append(dict(op="replace", path="{0}/{1}/mcp/adminState".format(path, match.index), value=mcp["admin_state"])) + match.details["mcp"]["adminState"] = mcp["admin_state"] + if mcp["strict_mode"] and match.details.get("mcp", {}).get("mcpMode") != mcp["strict_mode"]: + ops.append(dict(op="replace", path="{0}/{1}/mcp/mcpMode".format(path, match.index), value=mcp["strict_mode"])) + match.details["mcp"]["mcpMode"] = mcp["strict_mode"] + if mcp["initial_delay_time"] and match.details.get("mcp", {}).get("initialDelayTime") != mcp["initial_delay_time"]: + ops.append(dict(op="replace", path="{0}/{1}/mcp/initialDelayTime".format(path, match.index), value=mcp["initial_delay_time"])) + match.details["mcp"]["initialDelayTime"] = mcp["initial_delay_time"] + if mcp["transmission_frequency_sec"] and match.details.get("mcp", {}).get("txFreq") != mcp["transmission_frequency_sec"]: + ops.append(dict(op="replace", path="{0}/{1}/mcp/txFreq".format(path, match.index), value=mcp["transmission_frequency_sec"])) + match.details["mcp"]["txFreq"] = mcp["transmission_frequency_sec"] + if mcp["transmission_frequency_msec"] and match.details.get("mcp", {}).get("txFreqMsec") != mcp["transmission_frequency_msec"]: + ops.append(dict(op="replace", path="{0}/{1}/mcp/txFreqMsec".format(path, match.index), value=mcp["transmission_frequency_msec"])) + match.details["mcp"]["txFreqMsec"] = mcp["transmission_frequency_msec"] + if mcp["grace_period_sec"] and match.details.get("mcp", {}).get("gracePeriod") != mcp["grace_period_sec"]: + ops.append(dict(op="replace", path="{0}/{1}/mcp/gracePeriod".format(path, match.index), value=mcp["grace_period_sec"])) + match.details["mcp"]["gracePeriod"] = mcp["grace_period_sec"] + if mcp["grace_period_msec"] and match.details.get("mcp", {}).get("gracePeriodMsec") != mcp["grace_period_msec"]: + ops.append(dict(op="replace", path="{0}/{1}/mcp/gracePeriodMsec".format(path, match.index), value=mcp["grace_period_msec"])) + match.details["mcp"]["gracePeriodMsec"] = mcp["grace_period_msec"] if port_channel_mode and match.details.get("portChannelPolicy", {}).get("mode") != port_channel_mode: ops.append(dict(op="replace", path="{0}/{1}/portChannelPolicy/mode".format(path, match.index), value=port_channel_mode)) @@ -648,6 +677,10 @@ def main(): if match.details.get("portChannelPolicy", {}).get("control") != control_list: ops.append(dict(op="replace", path="{0}/{1}/portChannelPolicy/control".format(path, match.index), value=control_list)) match.details["portChannelPolicy"]["control"] = control_list + elif control == []: + # remove existing control list + ops.append(dict(op="remove", path="{0}/{1}/portChannelPolicy/control".format(path, match.index))) + match.details.pop("control", None) mso.sanitize(match.details) @@ -663,37 +696,39 @@ def main(): payload["description"] = description if domains: # domains is a list - domain_list = [] + domain_uuid = [] # get names and uuids of existing domains existing_physical_domains = {domain["name"]: domain["uuid"] for domain in template_info.get("domains", [])} existing_l3_domains = {domain["name"]: domain["uuid"] for domain in template_info.get("l3Domains", [])} for item in domains: if item in existing_physical_domains: - domain_list.append(existing_physical_domains[item]) + domain_uuid.append(existing_physical_domains[item]) elif item in existing_l3_domains: - domain_list.append(existing_l3_domains[item]) + domain_uuid.append(existing_l3_domains[item]) else: - mso.fail_json(msg="Domain '{0}' not found in the template '{1}'".format(item, template)) - payload["domains"] = domain_list + mso.fail_json(msg="Domain '{0}' not found in the template '{1}'.".format(item, template)) + payload["domains"] = domain_uuid if sync_e: + # existing_sync_e contains names and uuids of existing SyncE policies existing_sync_e = {sync_e["name"]: sync_e["uuid"] for sync_e in template_info.get("syncEthIntfPolicies", [])} if sync_e in existing_sync_e: payload["syncEthPolicy"] = existing_sync_e[sync_e] else: - mso.fail_json(msg="SyncE policy '{0}' not found in the template '{1}'".format(sync_e, template)) - - if mcp_admin_state and mcp_admin_state == "disabled": - mso.fail_json(msg="Access MACsec policy can only be set when mcp_admin_state is enabled") - else: - if access_mac_sec_policy: - existing_access_mac_sec_policy = { - access_mac_sec_policy["name"]: access_mac_sec_policy["uuid"] for access_mac_sec_policy in template_info.get("macsecPolicies", []) + mso.fail_json(msg="SyncE policy '{0}' not found in the template '{1}'.".format(sync_e, template)) + + if access_macsec_policy: + if mcp and mcp["admin_state"] and mcp["admin_state"] == "disabled": + mso.fail_json(msg="Access MACsec policy can only be set when MCP admin state is enabled.") + else: + # existing_access_macsec_policy contains names and uuids of existing SyncE policies + existing_access_macsec_policy = { + access_macsec_policy["name"]: access_macsec_policy["uuid"] for access_macsec_policy in template_info.get("macsecPolicies", []) } - if access_mac_sec_policy in existing_access_mac_sec_policy: - payload["accessMACsecPolicy"] = existing_access_mac_sec_policy[access_mac_sec_policy] + if access_macsec_policy in existing_access_macsec_policy: + payload["accessMACsecPolicy"] = existing_access_macsec_policy[access_macsec_policy] else: - mso.fail_json(msg="Access MACsec policy '{0}' not found in the template '{1}'".format(access_mac_sec_policy, template)) + mso.fail_json(msg="Access MACsec policy '{0}' not found in the template '{1}'.".format(access_macsec_policy, template)) # dictionaries # cdp @@ -716,8 +751,8 @@ def main(): payload["stp"]["bpduGuardEnabled"] = stp_bpdu_guard # l2Interface payload["l2Interface"] = {} - if l2_interface_qin_q: - payload["l2Interface"]["qinq"] = l2_interface_qin_q + if l2_interface_qinq: + payload["l2Interface"]["qinq"] = l2_interface_qinq if l2_interface_reflective_relay: payload["l2Interface"]["reflectiveRelay"] = l2_interface_reflective_relay if vlan_scope: @@ -725,12 +760,12 @@ def main(): # lldp payload["lldp"] = {} if lldp: - if lldp == "disabled": - if not (lldp_receive_state == "disabled" and lldp_transmit_state == "disabled"): - mso.fail_json(msg="lldp_receive_state and lldp_transmit_state must be 'disabled' when LLDP is disabled") + if lldp["status"] and lldp["status"] == "disabled": + if not (lldp["receive_state"] == "disabled" and lldp["transmit_state"] == "disabled"): + mso.fail_json(msg="LLDP receive_state and transmit_state must be 'disabled' when LLDP status is disabled.") - payload["lldp"]["receiveState"] = lldp_receive_state - payload["lldp"]["transmitState"] = lldp_transmit_state + payload["lldp"]["receiveState"] = lldp["receive_state"] + payload["lldp"]["transmitState"] = lldp["transmit_state"] # linkLevel payload["linkLevel"] = {} @@ -746,20 +781,22 @@ def main(): payload["linkLevel"]["autoNegotiation"] = auto_negotiation # mcp payload["mcp"] = {} - if mcp_admin_state: - payload["mcp"]["adminState"] = mcp_admin_state - if mcp_strict_mode: - payload["mcp"]["mcpMode"] = mcp_strict_mode - if mcp_initial_delay_time: - payload["mcp"]["initialDelayTime"] = mcp_initial_delay_time - if mcp_transmission_frequency_sec: - payload["mcp"]["txFreq"] = mcp_transmission_frequency_sec - if mcp_transmission_frequency_msec: - payload["mcp"]["txFreqMsec"] = mcp_transmission_frequency_msec - if mcp_grace_period_sec: - payload["mcp"]["gracePeriod"] = mcp_grace_period_sec - if mcp_grace_period_msec: - payload["mcp"]["gracePeriodMsec"] = mcp_grace_period_msec + if mcp: + if mcp["admin_state"]: + payload["mcp"]["adminState"] = mcp["admin_state"] + if mcp["strict_mode"]: + payload["mcp"]["mcpMode"] = mcp["strict_mode"] + if mcp["initial_delay_time"]: + payload["mcp"]["initialDelayTime"] = mcp["initial_delay_time"] + if mcp["transmission_frequency_sec"]: + payload["mcp"]["txFreq"] = mcp["transmission_frequency_sec"] + if mcp["transmission_frequency_msec"]: + payload["mcp"]["txFreqMsec"] = mcp["transmission_frequency_msec"] + if mcp["grace_period_sec"]: + payload["mcp"]["gracePeriod"] = mcp["grace_period_sec"] + if mcp["grace_period_msec"]: + payload["mcp"]["gracePeriodMsec"] = mcp["grace_period_msec"] + # portChannelPolicy payload["portChannelPolicy"] = {} if port_channel_mode: diff --git a/tests/integration/targets/ndo_interface_setting/tasks/main.yml b/tests/integration/targets/ndo_interface_setting/tasks/main.yml index 975dcc24..f62d94db 100644 --- a/tests/integration/targets/ndo_interface_setting/tasks/main.yml +++ b/tests/integration/targets/ndo_interface_setting/tasks/main.yml @@ -77,15 +77,15 @@ # # Create MACSec Policy # - name: Create a MACSec Policy - # cisco.mso.ndo_mac_sec_policy: + # cisco.mso.ndo_macsec_policy: # <<: *mso_info # template: ansible_fabric_policy_template - # mac_sec_policy: '{{ item }}' + # macsec_policy: '{{ item }}' # interface_type: access # state: present # loop: - # - 'ansible_mac_sec_policy' - # - 'ansible_mac_sec_policy_2' + # - 'ansible_macsec_policy' + # - 'ansible_macsec_policy_2' # CREATE @@ -180,17 +180,16 @@ # Interface Policy group interface_type PC/VPC - - name: Create a Interface Policy group of interface_type 'pc_vpc' (check mode) + - name: Create a Interface Policy group of interface_type 'port_channel' (check mode) cisco.mso.ndo_interface_setting: &add_interface_policy_group_pc <<: *mso_info template: ansible_fabric_policy_template interface_policy_group: ansible_interface_policy_group_pc - interface_type: pc_vpc + interface_type: port_channel speed: 100G auto_negotiation: on_enforce vlan_scope: port_local cdp_admin_state: enabled - lldp: disabled port_channel_mode: lacp_active min_links: 5 max_links: 50 @@ -199,36 +198,33 @@ link_level_debounce_interval: 200 link_level_bring_up_delay: 500 link_level_fec: ieee_rs_fec - l2_interface_qin_q: edge_port + l2_interface_qinq: edge_port l2_interface_reflective_relay: enabled - lldp_transmit_state: disabled - lldp_receive_state: disabled + lldp: + status: disabled + transmit_state: disabled + receive_state: disabled stp_bpdu_filter: enabled stp_bpdu_guard: enabled llfc_transmit_state: enabled llfc_receive_state: enabled - mcp_admin_state: enabled - mcp_strict_mode: on - mcp_initial_delay_time: 250 - mcp_transmission_frequency_sec: 4 - mcp_transmission_frequency_msec: 4 - mcp_grace_period_sec: 6 - mcp_grace_period_msec: 6 + mcp: + admin_state: disabled pfc_admin_state: off # required UUIDs sync_e: ansible_synce_interface_policy - # access_mac_sec_policy: ansible_mac_sec_policy + # access_macsec_policy: ansible_macsec_policy domains: ["ansible_physical_domain", "ansible_l3_domain"] state: present check_mode: true register: cm_add_interface_policy_group_pc - - name: Create a Interface Policy group of interface_type 'pc_vpc' + - name: Create a Interface Policy group of interface_type 'port_channel' cisco.mso.ndo_interface_setting: <<: *add_interface_policy_group_pc register: nm_add_interface_policy_group_pc - - name: Assert Interface Policy group of interface_type 'pc_vpc' was created + - name: Assert Interface Policy group of interface_type 'port_channel' was created assert: that: - cm_add_interface_policy_group_pc is changed @@ -253,13 +249,7 @@ - cm_add_interface_policy_group_pc.current.linkLevel.bringUpDelay == nm_add_interface_policy_group_pc.current.linkLevel.bringUpDelay == 500 - cm_add_interface_policy_group_pc.current.linkLevel.debounceInterval == nm_add_interface_policy_group_pc.current.linkLevel.debounceInterval == 200 - cm_add_interface_policy_group_pc.current.linkLevel.fec == nm_add_interface_policy_group_pc.current.linkLevel.fec == "ieee-rs-fec" - - cm_add_interface_policy_group_pc.current.mcp.adminState == nm_add_interface_policy_group_pc.current.mcp.adminState == "enabled" - - cm_add_interface_policy_group_pc.current.mcp.mcpMode == nm_add_interface_policy_group_pc.current.mcp.mcpMode == "on" - - cm_add_interface_policy_group_pc.current.mcp.initialDelayTime == nm_add_interface_policy_group_pc.current.mcp.initialDelayTime == 250 - - cm_add_interface_policy_group_pc.current.mcp.txFreq == nm_add_interface_policy_group_pc.current.mcp.txFreq == 4 - - cm_add_interface_policy_group_pc.current.mcp.txFreqMsec == nm_add_interface_policy_group_pc.current.mcp.txFreqMsec == 4 - - cm_add_interface_policy_group_pc.current.mcp.gracePeriod == nm_add_interface_policy_group_pc.current.mcp.gracePeriod == 6 - - cm_add_interface_policy_group_pc.current.mcp.gracePeriodMsec == nm_add_interface_policy_group_pc.current.mcp.gracePeriodMsec == 6 + - cm_add_interface_policy_group_pc.current.mcp.adminState == nm_add_interface_policy_group_pc.current.mcp.adminState == "disabled" - cm_add_interface_policy_group_pc.current.portChannelPolicy.minLinks == nm_add_interface_policy_group_pc.current.portChannelPolicy.minLinks == 5 - cm_add_interface_policy_group_pc.current.portChannelPolicy.maxLinks == nm_add_interface_policy_group_pc.current.portChannelPolicy.maxLinks == 50 - cm_add_interface_policy_group_pc.current.portChannelPolicy.hashFields == nm_add_interface_policy_group_pc.current.portChannelPolicy.hashFields == "dst-ip" @@ -278,7 +268,6 @@ auto_negotiation: on vlan_scope: global cdp_admin_state: disabled - lldp: enabled port_channel_mode: mac_pinning min_links: 6 max_links: 60 @@ -287,25 +276,28 @@ link_level_debounce_interval: 300 link_level_bring_up_delay: 600 link_level_fec: cl91_rs_fec - l2_interface_qin_q: double_q_tag_port + l2_interface_qinq: double_q_tag_port l2_interface_reflective_relay: disabled - lldp_transmit_state: enabled - lldp_receive_state: enabled + lldp: + status: enabled + transmit_state: enabled + receive_state: enabled stp_bpdu_filter: disabled stp_bpdu_guard: disabled llfc_transmit_state: disabled llfc_receive_state: disabled - mcp_admin_state: disabled - mcp_strict_mode: on # change in next task - mcp_initial_delay_time: 255 - mcp_transmission_frequency_sec: 40 - mcp_transmission_frequency_msec: 40 - mcp_grace_period_sec: 60 - mcp_grace_period_msec: 60 + mcp: + admin_state: enabled + strict_mode: on + initial_delay_time: 255 + transmission_frequency_sec: 40 + transmission_frequency_msec: 40 + grace_period_sec: 60 + grace_period_msec: 60 pfc_admin_state: on # required UUIDs sync_e: ansible_synce_interface_policy_2 - # access_mac_sec_policy: ansible_mac_sec_policy_2 + # access_macsec_policy: ansible_macsec_policy_2 domains: ["ansible_physical_domain_2", "ansible_l3_domain_2"] state: present check_mode: true @@ -362,19 +354,19 @@ - cm_update_interface_policy_group.current.linkLevel.debounceInterval == nm_update_interface_policy_group.current.linkLevel.debounceInterval == 300 - cm_update_interface_policy_group.previous.linkLevel.fec == nm_update_interface_policy_group.previous.linkLevel.fec == "ieee-rs-fec" - cm_update_interface_policy_group.current.linkLevel.fec == nm_update_interface_policy_group.current.linkLevel.fec == "cl91-rs-fec" - - cm_update_interface_policy_group.previous.mcp.adminState == nm_update_interface_policy_group.previous.mcp.adminState == "enabled" - - cm_update_interface_policy_group.current.mcp.adminState == nm_update_interface_policy_group.current.mcp.adminState == "disabled" - - cm_update_interface_policy_group.previous.mcp.mcpMode == nm_update_interface_policy_group.previous.mcp.mcpMode == "on" + - cm_update_interface_policy_group.previous.mcp.adminState == nm_update_interface_policy_group.previous.mcp.adminState == "disabled" + - cm_update_interface_policy_group.current.mcp.adminState == nm_update_interface_policy_group.current.mcp.adminState == "enabled" + - cm_update_interface_policy_group.previous.mcp.mcpMode == nm_update_interface_policy_group.previous.mcp.mcpMode == "off" - cm_update_interface_policy_group.current.mcp.mcpMode == nm_update_interface_policy_group.current.mcp.mcpMode == "on" - - cm_update_interface_policy_group.previous.mcp.initialDelayTime == nm_update_interface_policy_group.previous.mcp.initialDelayTime == 250 + - cm_update_interface_policy_group.previous.mcp.initialDelayTime == nm_update_interface_policy_group.previous.mcp.initialDelayTime == 0 - cm_update_interface_policy_group.current.mcp.initialDelayTime == nm_update_interface_policy_group.current.mcp.initialDelayTime == 255 - - cm_update_interface_policy_group.previous.mcp.txFreq == nm_update_interface_policy_group.previous.mcp.txFreq == 4 + - cm_update_interface_policy_group.previous.mcp.txFreq == nm_update_interface_policy_group.previous.mcp.txFreq == 0 - cm_update_interface_policy_group.current.mcp.txFreq == nm_update_interface_policy_group.current.mcp.txFreq == 40 - - cm_update_interface_policy_group.previous.mcp.txFreqMsec == nm_update_interface_policy_group.previous.mcp.txFreqMsec == 4 + - cm_update_interface_policy_group.previous.mcp.txFreqMsec == nm_update_interface_policy_group.previous.mcp.txFreqMsec == 500 - cm_update_interface_policy_group.current.mcp.txFreqMsec == nm_update_interface_policy_group.current.mcp.txFreqMsec == 40 - - cm_update_interface_policy_group.previous.mcp.gracePeriod == nm_update_interface_policy_group.previous.mcp.gracePeriod == 6 + - cm_update_interface_policy_group.previous.mcp.gracePeriod == nm_update_interface_policy_group.previous.mcp.gracePeriod == 3 - cm_update_interface_policy_group.current.mcp.gracePeriod == nm_update_interface_policy_group.current.mcp.gracePeriod == 60 - - cm_update_interface_policy_group.previous.mcp.gracePeriodMsec == nm_update_interface_policy_group.previous.mcp.gracePeriodMsec == 6 + - cm_update_interface_policy_group.previous.mcp.gracePeriodMsec == nm_update_interface_policy_group.previous.mcp.gracePeriodMsec == 0 - cm_update_interface_policy_group.current.mcp.gracePeriodMsec == nm_update_interface_policy_group.current.mcp.gracePeriodMsec == 60 - cm_update_interface_policy_group.previous.portChannelPolicy.minLinks == nm_update_interface_policy_group.previous.portChannelPolicy.minLinks == 5 - cm_update_interface_policy_group.current.portChannelPolicy.minLinks == nm_update_interface_policy_group.current.portChannelPolicy.minLinks == 6 @@ -394,15 +386,25 @@ - update_interface_policy_group_again is not changed # Update Interface Policy group name with mcp_strict_mode off - - name: Update a Interface Policy group of interface_type 'physical' with mcp_strict_mode off - cisco.mso.ndo_interface_setting: + - name: Update a Interface Policy group of interface_type 'physical' with MCP strict_mode off + cisco.mso.ndo_interface_setting: &update_mcp <<: *update_interface_policy_group interface_policy_group_uuid: '{{ nm_update_interface_policy_group.current.uuid }}' interface_policy_group: ansible_interface_policy_group_changed - mcp_strict_mode: off + domains: [] + mcp: + strict_mode: off register: nm_update_interface_policy_name - - name: Assert Interface Policy group name was updated with UUID + - name: Updated a Interface Policy group of interface_type 'physical' with MCP adminState enabled and remove control + cisco.mso.ndo_interface_setting: + <<: *update_mcp + control: [] + mcp: + admin_state: disabled + register: nm_update_interface_policy_mcp + + - name: Assert Interface Policy group name was updated with UUID updated control and MCP values assert: that: - nm_update_interface_policy_name is changed @@ -413,13 +415,20 @@ - nm_update_interface_policy_name.previous.type == nm_update_interface_policy_name.current.type == "portchannel" - nm_update_interface_policy_name.previous.mcp.mcpMode == "on" - nm_update_interface_policy_name.current.mcp.mcpMode == "off" - - nm_update_interface_policy_name.previous.mcp.adminState == nm_update_interface_policy_name.current.mcp.adminState == "disabled" + - nm_update_interface_policy_name.previous.mcp.adminState == nm_update_interface_policy_name.current.mcp.adminState == "enabled" - nm_update_interface_policy_name.previous.mcp.initialDelayTime == nm_update_interface_policy_name.current.mcp.initialDelayTime == 255 - nm_update_interface_policy_name.previous.mcp.txFreq == nm_update_interface_policy_name.current.mcp.txFreq == 40 - nm_update_interface_policy_name.previous.mcp.txFreqMsec == nm_update_interface_policy_name.current.mcp.txFreqMsec == 40 - nm_update_interface_policy_name.previous.mcp.gracePeriod == nm_update_interface_policy_name.current.mcp.gracePeriod == 60 - nm_update_interface_policy_name.previous.mcp.gracePeriodMsec == nm_update_interface_policy_name.current.mcp.gracePeriodMsec == 60 - + - nm_update_interface_policy_name.previous.domains | length == 2 + - nm_update_interface_policy_name.current.domains is not defined + - nm_update_interface_policy_mcp is changed + - nm_update_interface_policy_mcp.previous.name == nm_update_interface_policy_mcp.current.name == "ansible_interface_policy_group_changed" + - nm_update_interface_policy_mcp.previous.mcp.adminState == "enabled" + - nm_update_interface_policy_mcp.current.mcp.adminState == "disabled" + - nm_update_interface_policy_mcp.previous.portChannelPolicy.control | length == 5 + - nm_update_interface_policy_mcp.current.portChannelPolicy.control is not defined # QUERY - name: Query all Interface Policy groups in a template @@ -465,9 +474,10 @@ template: ansible_fabric_policy_template interface_policy_group: ansible_interface_policy_group_2 interface_type: physical - lldp: disabled - lldp_receive_state: enabled - lldp_transmit_state: disabled + lldp: + status: disabled + receive_state: enabled + transmit_state: disabled description: "This is a test interface policy group" state: present ignore_errors: true @@ -477,7 +487,7 @@ assert: that: - nm_add_interface_policy_lldp is failed - - nm_add_interface_policy_lldp.msg == "lldp_receive_state and lldp_transmit_state must be 'disabled' when LLDP is disabled" + - nm_add_interface_policy_lldp.msg == "LLDP receive_state and transmit_state must be 'disabled' when LLDP status is disabled." # domain not found - name: Create a Interface Policy group with non-existing domain @@ -495,7 +505,7 @@ assert: that: - nm_add_interface_policy_domain is failed - - nm_add_interface_policy_domain.msg == "Domain 'non_existing_domain' not found in the template 'ansible_fabric_policy_template'" + - nm_add_interface_policy_domain.msg == "Domain 'non_existing_domain' not found in the template 'ansible_fabric_policy_template'." # non-existing syncE policy - name: Create a Interface Policy group with non-existing syncE policy @@ -513,25 +523,25 @@ assert: that: - nm_add_interface_policy_synce is failed - - nm_add_interface_policy_synce.msg == "SyncE policy 'non_existing_synce_interface_policy' not found in the template 'ansible_fabric_policy_template'" + - nm_add_interface_policy_synce.msg == "SyncE policy 'non_existing_synce_interface_policy' not found in the template 'ansible_fabric_policy_template'." - # non-existing access_mac_sec_policy - - name: Create a Interface Policy group with non-existing access_mac_sec_policy + # non-existing access_macsec_policy + - name: Create a Interface Policy group with non-existing access_macsec_policy cisco.mso.ndo_interface_setting: <<: *mso_info template: ansible_fabric_policy_template interface_policy_group: ansible_interface_policy_group_2 interface_type: physical - access_mac_sec_policy: non_existing_mac_sec_policy + access_macsec_policy: non_existing_macsec_policy state: present ignore_errors: true - register: nm_add_interface_policy_mac_sec + register: nm_add_interface_policy_macsec - - name: Assert adding the Interface Policy group with non-existing access_mac_sec_policy + - name: Assert adding the Interface Policy group with non-existing access_macsec_policy assert: that: - - nm_add_interface_policy_mac_sec is failed - - nm_add_interface_policy_mac_sec.msg == "Access MACsec policy 'non_existing_mac_sec_policy' not found in the template 'ansible_fabric_policy_template'" + - nm_add_interface_policy_macsec is failed + - nm_add_interface_policy_macsec.msg == "Access MACsec policy 'non_existing_macsec_policy' not found in the template 'ansible_fabric_policy_template'." # Add MACSec policy when MCP admin state is disabled - name: Create a Interface Policy group with MACSec policy when MCP admin state is disabled @@ -540,17 +550,18 @@ template: ansible_fabric_policy_template interface_policy_group: ansible_interface_policy_group_2 interface_type: physical - access_mac_sec_policy: ansible_mac_sec_policy - mcp_admin_state: disabled + access_macsec_policy: ansible_macsec_policy + mcp: + admin_state: disabled state: present ignore_errors: true - register: nm_add_interface_policy_mac_sec_mcp + register: nm_add_interface_policy_macsec_mcp - name: Assert adding the Interface Policy group with MACSec policy when MCP admin state is disabled assert: that: - - nm_add_interface_policy_mac_sec_mcp is failed - - nm_add_interface_policy_mac_sec_mcp.msg == "Access MACsec policy can only be set when mcp_admin_state is enabled" + - nm_add_interface_policy_macsec_mcp is failed + - nm_add_interface_policy_macsec_mcp.msg == "Access MACsec policy can only be set when MCP admin state is enabled." # errors on update - name: Create another Interface Policy group of interface_type 'physical' @@ -560,14 +571,22 @@ description: "Ansible test interface policy group" domains: ["ansible_physical_domain", "ansible_l3_domain"] sync_e: ansible_synce_interface_policy - # access_mac_sec_policy: ansible_mac_sec_policy + # access_macsec_policy: ansible_macsec_policy + mcp: + admin_state: enabled + strict_mode: on + initial_delay_time: 250 + transmission_frequency_sec: 4 + transmission_frequency_msec: 4 + grace_period_sec: 6 + grace_period_msec: 6 register: nm_add_interface_policy_2 # updating interface_type of the interface policy group - - name: Update Interface Policy group ansible_interface_policy_group_2 with interface_type 'pc_vpc' + - name: Update Interface Policy group ansible_interface_policy_group_2 with interface_type 'port_channel' cisco.mso.ndo_interface_setting: <<: *add_interface_policy_group_2 - interface_type: pc_vpc + interface_type: port_channel ignore_errors: true register: nm_update_interface_policy_type @@ -578,15 +597,16 @@ - nm_add_interface_policy_2.current.name == nm_update_interface_policy_type.previous.name == "ansible_interface_policy_group_2" - nm_add_interface_policy_2.current.type == nm_update_interface_policy_type.previous.type == "physical" - nm_update_interface_policy_type is failed - - nm_update_interface_policy_type.msg == "Interface type cannot be changed" + - nm_update_interface_policy_type.msg == "Interface type cannot be changed." - # updating non-existing lldp + # updating lldp when status is disabled - name: Update Interface Policy group ansible_interface_policy_group_2 with LLDP cisco.mso.ndo_interface_setting: <<: *add_interface_policy_group_2 - lldp: disabled - lldp_receive_state: enabled - lldp_transmit_state: disabled + lldp: + status: disabled + transmit_state: disabled + receive_state: enabled ignore_errors: true register: nm_update_interface_policy_lldp @@ -594,7 +614,7 @@ assert: that: - nm_update_interface_policy_lldp is failed - - nm_update_interface_policy_lldp.msg == "lldp_receive_state and lldp_transmit_state must be 'disabled' when LLDP is disabled" + - nm_update_interface_policy_lldp.msg == "LLDP receive_state and transmit_state must be 'disabled' when LLDP status is disabled." # updating non-existing domain - name: Update Interface Policy group ansible_interface_policy_group_2 with non-existing domain @@ -613,7 +633,7 @@ - nm_add_interface_policy_2.current.description == nm_update_interface_policy_domain.previous.description == "Ansible test interface policy group" - nm_add_interface_policy_2.current.domains | length == nm_update_interface_policy_domain.previous.domains | length == 2 - nm_update_interface_policy_domain is failed - - nm_update_interface_policy_domain.msg == "Domain 'non_existing_domain' not found in the template 'ansible_fabric_policy_template'" + - nm_update_interface_policy_domain.msg == "Domain 'non_existing_domain' not found in the template 'ansible_fabric_policy_template'." # updating non-existing syncE policy - name: Update Interface Policy group ansible_interface_policy_group_2 with non-existing syncE policy @@ -631,25 +651,25 @@ - nm_add_interface_policy_2.current.type == nm_update_interface_policy_synce.previous.type == "physical" - nm_add_interface_policy_2.current.description == nm_update_interface_policy_synce.previous.description == "Ansible test interface policy group" - nm_update_interface_policy_synce is failed - - nm_update_interface_policy_synce.msg == "SyncE policy 'non_existing_synce_interface_policy' not found in the template 'ansible_fabric_policy_template'" + - nm_update_interface_policy_synce.msg == "SyncE policy 'non_existing_synce_interface_policy' not found in the template 'ansible_fabric_policy_template'." - # # updating non-existing access_mac_sec_policy - # - name: Update Interface Policy group ansible_interface_policy_group_2 with non-existing access_mac_sec_policy + # # updating non-existing access_macsec_policy + # - name: Update Interface Policy group ansible_interface_policy_group_2 with non-existing access_macsec_policy # cisco.mso.ndo_interface_setting: # <<: *add_interface_policy_group_2 - # access_mac_sec_policy: non_existing_mac_sec_policy + # access_macsec_policy: non_existing_macsec_policy # ignore_errors: true - # register: nm_update_interface_policy_mac_sec + # register: nm_update_interface_policy_macsec - # - name: Assert updating the Interface Policy group with non-existing access_mac_sec_policy + # - name: Assert updating the Interface Policy group with non-existing access_macsec_policy # assert: # that: # - nm_add_interface_policy_2 is changed - # - nm_add_interface_policy_2.current.name == nm_update_interface_policy_mac_sec.previous.name == "ansible_interface_policy_group_2" - # - nm_add_interface_policy_2.current.type == nm_update_interface_policy_mac_sec.previous.type == "physical" - # - nm_add_interface_policy_2.current.description == nm_update_interface_policy_mac_sec.previous.description == "Ansible test interface policy group" - # - nm_update_interface_policy_mac_sec is failed - # - nm_update_interface_policy_mac_sec.msg == "Access MACsec policy 'non_existing_mac_sec_policy' not found in the template 'ansible_fabric_policy_template'" + # - nm_add_interface_policy_2.current.name == nm_update_interface_policy_macsec.previous.name == "ansible_interface_policy_group_2" + # - nm_add_interface_policy_2.current.type == nm_update_interface_policy_macsec.previous.type == "physical" + # - nm_add_interface_policy_2.current.description == nm_update_interface_policy_macsec.previous.description == "Ansible test interface policy group" + # - nm_update_interface_policy_macsec is failed + # - nm_update_interface_policy_macsec.msg == "Access MACsec policy 'non_existing_macsec_policy' not found in the template 'ansible_fabric_policy_template'." # DELETE - name: Delete a Interface Policy group with name (check mode)