diff --git a/plugins/module_utils/network/sonic/argspec/facts/facts.py b/plugins/module_utils/network/sonic/argspec/facts/facts.py index 21c32be3f..7e0e1ffc3 100644 --- a/plugins/module_utils/network/sonic/argspec/facts/facts.py +++ b/plugins/module_utils/network/sonic/argspec/facts/facts.py @@ -80,7 +80,8 @@ def __init__(self, **kwargs): 'login_lockout', 'poe', 'mgmt_servers', - 'ospf_area' + 'ospf_area', + 'password_complexity' ] argument_spec = { diff --git a/plugins/module_utils/network/sonic/argspec/password_complexity/__init__.py b/plugins/module_utils/network/sonic/argspec/password_complexity/__init__.py new file mode 100644 index 000000000..e69de29bb diff --git a/plugins/module_utils/network/sonic/argspec/password_complexity/password_complexity.py b/plugins/module_utils/network/sonic/argspec/password_complexity/password_complexity.py new file mode 100644 index 000000000..25d1fc107 --- /dev/null +++ b/plugins/module_utils/network/sonic/argspec/password_complexity/password_complexity.py @@ -0,0 +1,66 @@ +# +# -*- coding: utf-8 -*- +# Copyright 2023 Dell Inc. or its subsidiaries. All Rights Reserved +# GNU General Public License v3.0+ +# (see COPYING or https://www.gnu.org/licenses/gpl-3.0.txt) + +############################################# +# WARNING # +############################################# +# +# This file is auto generated by the resource +# module builder playbook. +# +# Do not edit this file manually. +# +# Changes to this file will be over written +# by the resource module builder. +# +# Changes should be made in the model used to +# generate this file or in the resource module +# builder template. +# +############################################# + +""" +The arg spec for the sonic_password_complexity module +""" + +from __future__ import absolute_import, division, print_function +__metaclass__ = type + + +class Password_complexityArgs(object): # pylint: disable=R0903 + """The arg spec for the sonic_password_complexity module + """ + + def __init__(self, **kwargs): + pass + + argument_spec = { + 'config': { + 'options': { + 'min_len': { + 'type': 'int' + }, + 'min_lower_case': { + 'type': 'int' + }, + 'min_numerals': { + 'type': 'int' + }, + 'min_spl_char': { + 'type': 'int' + }, + 'min_upper_case': { + 'type': 'int' + } + }, + 'type': 'dict' + }, + 'state': { + 'choices': ['merged', 'deleted', 'overridden', 'replaced'], + 'default': 'merged', + 'type': 'str' + } + } # pylint: disable=C0301 diff --git a/plugins/module_utils/network/sonic/config/password_complexity/__init__.py b/plugins/module_utils/network/sonic/config/password_complexity/__init__.py new file mode 100644 index 000000000..e69de29bb diff --git a/plugins/module_utils/network/sonic/config/password_complexity/password_complexity.py b/plugins/module_utils/network/sonic/config/password_complexity/password_complexity.py new file mode 100644 index 000000000..27690ef4a --- /dev/null +++ b/plugins/module_utils/network/sonic/config/password_complexity/password_complexity.py @@ -0,0 +1,274 @@ +# +# -*- coding: utf-8 -*- +# Copyright 2023 Dell Inc. or its subsidiaries. All Rights Reserved +# GNU General Public License v3.0+ +# (see COPYING or https://www.gnu.org/licenses/gpl-3.0.txt) +""" +The sonic_password_complexity class +It is in this file where the current configuration (as dict) +is compared to the provided configuration (as dict) and the command set +necessary to bring the current configuration to it's desired end-state is +created +""" + +from __future__ import absolute_import, division, print_function +__metaclass__ = type + +from ansible_collections.ansible.netcommon.plugins.module_utils.network.common.cfg.base import ( + ConfigBase, +) +from ansible_collections.ansible.netcommon.plugins.module_utils.network.common.utils import ( + to_list, +) +from ansible_collections.dellemc.enterprise_sonic.plugins.module_utils.network.sonic.facts.facts import Facts +from ansible_collections.dellemc.enterprise_sonic.plugins.module_utils.network.sonic.utils.utils import ( + get_diff, + update_states +) +from ansible_collections.dellemc.enterprise_sonic.plugins.module_utils.network.sonic.sonic import ( + to_request, + edit_config +) +from ansible.module_utils.connection import ConnectionError + + +PATCH = 'patch' +DELETE = 'delete' + + +class Password_complexity(ConfigBase): + """ + The sonic_password_complexity class + """ + + gather_subset = [ + '!all', + '!min', + ] + + gather_network_resources = [ + 'password_complexity', + ] + + password_attribute_path = 'data/openconfig-system:system/openconfig-system-ext:login/password-attributes/config' + password_attribute_config_path = { + 'min_lower_case': password_attribute_path + '/min-lower-case', + 'min_upper_case': password_attribute_path + '/min-upper-case', + 'min_numerals': password_attribute_path + '/min-numerals', + 'min_spl_char': password_attribute_path + '/min-special-char', + 'min_length': password_attribute_path + '/min-len', + } + default_config_dict = {"min_lower_case": 0, "min_upper_case": 0, "min_numerals": 0, "min_spl_char": 0, "min_len": 8} + + def __init__(self, module): + super(Password_complexity, self).__init__(module) + + def get_password_complexity_facts(self): + """ Get the 'facts' (the current configuration) + + :rtype: A dictionary + :returns: The current configuration as a dictionary + """ + facts, _warnings = Facts(self._module).get_facts(self.gather_subset, self.gather_network_resources) + password_complexity_facts = facts['ansible_network_resources'].get('password_complexity') + if not password_complexity_facts: + return [] + return password_complexity_facts + + def execute_module(self): + """ Execute the module + + :rtype: A dictionary + :returns: The result from module execution + """ + result = {'changed': False} + warnings = list() + commands = list() + + existing_password_complexity_facts = self.get_password_complexity_facts() + commands, requests = self.set_config(existing_password_complexity_facts) + + if commands: + if not self._module.check_mode: + try: + edit_config(self._module, to_request(self._module, requests)) + except ConnectionError as exc: + self._module.fail_json(msg=str(exc), code=exc.code) + result['changed'] = True + result['commands'] = commands + + changed_password_complexity_facts = self.get_password_complexity_facts() + + result['before'] = existing_password_complexity_facts + if result['changed']: + result['after'] = changed_password_complexity_facts + + result['warnings'] = warnings + return result + + def set_config(self, existing_password_complexity_facts): + """ Collect the configuration from the args passed to the module, + collect the current configuration (as a dict from facts) + + :rtype: A list + :returns: the commands necessary to migrate the current configuration + to the desired configuration + """ + want = self._module.params['config'] + have = existing_password_complexity_facts + resp = self.set_state(want, have) + return to_list(resp) + + def set_state(self, want, have): + """ Select the appropriate function based on the state provided + + :param want: the desired configuration as a dictionary + :param have: the current configuration as a dictionary + :rtype: A list + :returns: the commands necessary to migrate the current configuration + to the desired configuration + """ + state = self._module.params['state'] + diff = get_diff(want, have) + if state == 'overridden': + commands, requests = self._state_replaced_overridden(want, have, diff) + elif state == 'deleted': + commands, requests = self._state_deleted(want, have, diff) + elif state == 'merged': + commands, requests = self._state_merged(diff) + elif state == 'replaced': + commands, requests = self._state_replaced_overridden(want, have, diff) + return commands, requests + + def _state_replaced_overridden(self, want, have, diff): + """ The command generator when state is replaced or overridden + :rtype: A list + :returns: the commands necessary to migrate the current configuration + to the desired configuration + """ + commands = [] + requests = [] + delete = {} + state = self._module.params['state'] + + for key in have: + if key in want: + if want[key] == have[key]: + continue + if key not in diff and have[key] != self.default_config_dict[key]: + delete[key] = have[key] + if delete: + commands = update_states(delete, 'deleted') + requests.extend(self.get_delete_specific_password_attribute_param_requests(delete)) + if diff: + commands.extend(update_states(diff, state)) + requests.extend(self.get_modify_specific_password_attribute_param_requests(diff)) + + return commands, requests + + def _state_merged(self, diff): + """ The command generator when state is merged + :rtype: A list + :returns: the commands necessary to merge the provided into + the current configuration + """ + commands = [] + requests = [] + + if diff: + requests = self.get_modify_specific_password_attribute_param_requests(diff) + if len(requests) > 0: + commands = update_states(diff, 'merged') + + return commands, requests + + def _state_deleted(self, want, have, diff): + """ The command generator when state is deleted + :rtype: A list + :returns: the commands necessary to remove the current configuration + of the provided objects + """ + commands = [] + requests = [] + delete = {} + + if not want: + delete = have.copy() + delete = {key: value for key, value in delete.items() if key not in self.default_config_dict or self.default_config_dict[key] != value} + commands = delete + requests.extend(self.get_delete_specific_password_attribute_param_requests(commands)) + else: + delete = get_diff(want, diff) + delete = {key: value for key, value in delete.items() if key not in self.default_config_dict or self.default_config_dict[key] != value} + commands = delete + requests.extend(self.get_delete_specific_password_attribute_param_requests(commands)) + + if len(requests) == 0: + commands = [] + + if commands: + commands = update_states(commands, "deleted") + + return commands, requests + + def get_modify_specific_password_attribute_param_requests(self, command): + """Get requests to modify specific password attribute configurations + based on the command specified + """ + requests = [] + config_dict = {} + + if not command: + return requests + + if 'min_lower_case' in command and command['min_lower_case'] is not None: + config_dict['min-lower-case'] = int(command['min_lower_case']) + + if 'min_upper_case' in command and command['min_upper_case'] is not None: + config_dict['min-upper-case'] = int(command['min_upper_case']) + + if 'min_numerals' in command and command['min_numerals'] is not None: + config_dict['min-numerals'] = int(command['min_numerals']) + + if 'min_spl_char' in command and command['min_spl_char'] is not None: + config_dict['min-special-char'] = int(command['min_spl_char']) + + if 'min_len' in command and command['min_len'] is not None: + config_dict['min-len'] = int(command['min_len']) + + payload = {"openconfig-system-ext:config": config_dict} + + requests.append({'path': self.password_attribute_path, 'method': PATCH, 'data': payload}) + + return requests + + def get_delete_specific_password_attribute_param_requests(self, command): + """Get requests to delete specific password attribute configurations + based on the command specified + """ + requests = [] + + if not command: + return requests + + if 'min_lower_case' in command: + url = self.password_attribute_config_path['min_lower_case'] + requests.append({'path': url, 'method': DELETE}) + + if 'min_upper_case' in command: + url = self.password_attribute_config_path['min_upper_case'] + requests.append({'path': url, 'method': DELETE}) + + if 'min_numerals' in command: + url = self.password_attribute_config_path['min_numerals'] + requests.append({'path': url, 'method': DELETE}) + + if 'min_spl_char' in command: + url = self.password_attribute_config_path['min_spl_char'] + requests.append({'path': url, 'method': DELETE}) + + if 'min_len' in command: + url = self.password_attribute_config_path['min_length'] + requests.append({'path': url, 'method': DELETE}) + + return requests diff --git a/plugins/module_utils/network/sonic/facts/facts.py b/plugins/module_utils/network/sonic/facts/facts.py index 2aacd4988..a2d578f98 100644 --- a/plugins/module_utils/network/sonic/facts/facts.py +++ b/plugins/module_utils/network/sonic/facts/facts.py @@ -78,6 +78,10 @@ from ansible_collections.dellemc.enterprise_sonic.plugins.module_utils.network.sonic.facts.poe.poe import PoeFacts from ansible_collections.dellemc.enterprise_sonic.plugins.module_utils.network.sonic.facts.mgmt_servers.mgmt_servers import Mgmt_serversFacts from ansible_collections.dellemc.enterprise_sonic.plugins.module_utils.network.sonic.facts.ospf_area.ospf_area import Ospf_areaFacts +from ansible_collections.dellemc.enterprise_sonic.plugins.module_utils.network.sonic.facts.password_complexity.password_complexity import ( + Password_complexityFacts, +) + FACT_LEGACY_SUBSETS = {} FACT_RESOURCE_SUBSETS = dict( @@ -140,7 +144,9 @@ login_lockout=Login_lockoutFacts, poe=PoeFacts, mgmt_servers=Mgmt_serversFacts, - ospf_area=Ospf_areaFacts + ospf_area=Ospf_areaFacts, + password_complexity=Password_complexityFacts + ) diff --git a/plugins/module_utils/network/sonic/facts/password_complexity/__init__.py b/plugins/module_utils/network/sonic/facts/password_complexity/__init__.py new file mode 100644 index 000000000..e69de29bb diff --git a/plugins/module_utils/network/sonic/facts/password_complexity/password_complexity.py b/plugins/module_utils/network/sonic/facts/password_complexity/password_complexity.py new file mode 100644 index 000000000..eabf1cfac --- /dev/null +++ b/plugins/module_utils/network/sonic/facts/password_complexity/password_complexity.py @@ -0,0 +1,117 @@ +# +# -*- coding: utf-8 -*- +# Copyright 2023 Dell Inc. or its subsidiaries. All Rights Reserved +# GNU General Public License v3.0+ +# (see COPYING or https://www.gnu.org/licenses/gpl-3.0.txt) +""" +The sonic password_complexity fact class +It is in this file the configuration is collected from the device +for a given resource, parsed, and the facts tree is populated +based on the configuration. +""" +from __future__ import absolute_import, division, print_function +__metaclass__ = type + +from copy import deepcopy + +from ansible_collections.ansible.netcommon.plugins.module_utils.network.common import ( + utils, +) +from ansible_collections.dellemc.enterprise_sonic.plugins.module_utils.network.sonic.argspec.password_complexity.password_complexity import ( + Password_complexityArgs, +) + +from ansible_collections.dellemc.enterprise_sonic.plugins.module_utils.network.sonic.sonic import ( + to_request, + edit_config +) + +from ansible.module_utils.connection import ConnectionError + + +GET = "get" + + +class Password_complexityFacts(object): + """ The sonic password_complexity fact class + """ + + def __init__(self, module, subspec='config', options='options'): + self._module = module + self.argument_spec = Password_complexityArgs.argument_spec + spec = deepcopy(self.argument_spec) + if subspec: + if options: + facts_argument_spec = spec[subspec][options] + else: + facts_argument_spec = spec[subspec] + else: + facts_argument_spec = spec + + self.generated_spec = utils.generate_dict(facts_argument_spec) + + def populate_facts(self, connection, ansible_facts, data=None): + """ Populate the facts for password_complexity + :param connection: the device connection + :param ansible_facts: Facts dictionary + :param data: previously collected conf + :rtype: dictionary + :returns: facts + """ + if connection: # just for linting purposes, remove + pass + + objs = self.get_all_password_attribute_configs() + + ansible_facts['ansible_network_resources'].pop('password_complexity', None) + facts = {} + if objs: + params = utils.validate_config(self.argument_spec, {'config': objs}) + facts['password_complexity'] = utils.remove_empties(params['config']) + + ansible_facts['ansible_network_resources'].update(facts) + return ansible_facts + + def render_config(self, spec, conf): + """ + Render config as dictionary structure and delete keys + from spec for null values + + :param spec: The facts tree, generated from the argspec + :param conf: The configuration + :rtype: dictionary + :returns: The generated config + """ + + return conf + + def get_all_password_attribute_configs(self): + """Get all the password attribute configured in the device""" + request = [{"path": "data/openconfig-system:system/openconfig-system-ext:login/password-attributes/config", "method": GET}] + password_attribute_data = {} + raw_password_attribute_data = {} + try: + response = edit_config(self._module, to_request(self._module, request)) + except ConnectionError as exc: + self._module.fail_json(msg=str(exc), code=exc.code) + password_attribute_data['min_lower_case'] = 0 + password_attribute_data['min_upper_case'] = 0 + password_attribute_data['min_numerals'] = 0 + password_attribute_data['min_spl_char'] = 0 + password_attribute_data['min_len'] = 8 + + if 'openconfig-system-ext:config' in response[0][1]: + raw_password_attribute_data = response[0][1]['openconfig-system-ext:config'] + + if 'min-lower-case' in raw_password_attribute_data: + password_attribute_data['min_lower_case'] = raw_password_attribute_data['min-lower-case'] + if 'min-upper-case' in raw_password_attribute_data: + password_attribute_data['min_upper_case'] = raw_password_attribute_data['min-upper-case'] + if 'min-numerals' in raw_password_attribute_data: + password_attribute_data['min_numerals'] = raw_password_attribute_data['min-numerals'] + if 'min-special-char' in raw_password_attribute_data: + password_attribute_data['min_spl_char'] = raw_password_attribute_data['min-special-char'] + if 'min-len' in raw_password_attribute_data: + password_attribute_data['min_len'] = raw_password_attribute_data['min-len'] + + return password_attribute_data diff --git a/plugins/modules/sonic_facts.py b/plugins/modules/sonic_facts.py index 7e15383f2..97abff169 100644 --- a/plugins/modules/sonic_facts.py +++ b/plugins/modules/sonic_facts.py @@ -113,6 +113,7 @@ - login_lockout - mgmt_servers - ospf_area + - password_complexity """ EXAMPLES = """ diff --git a/plugins/modules/sonic_password_complexity.py b/plugins/modules/sonic_password_complexity.py new file mode 100644 index 000000000..9c59d3f18 --- /dev/null +++ b/plugins/modules/sonic_password_complexity.py @@ -0,0 +1,248 @@ +#!/usr/bin/python +# -*- coding: utf-8 -*- +# Copyright 2023 Dell Inc. or its subsidiaries. All Rights Reserved +# GNU General Public License v3.0+ +# (see COPYING or https://www.gnu.org/licenses/gpl-3.0.txt) + +############################################# +# WARNING # +############################################# +# +# This file is auto generated by the resource +# module builder playbook. +# +# Do not edit this file manually. +# +# Changes to this file will be over written +# by the resource module builder. +# +# Changes should be made in the model used to +# generate this file or in the resource module +# builder template. +# +############################################# + +""" +The module file for sonic_password_complexity +""" + +from __future__ import absolute_import, division, print_function +__metaclass__ = type + +ANSIBLE_METADATA = { + 'metadata_version': '1.1', + 'status': ['preview'], + 'supported_by': 'community', + 'license': 'Apache 2.0' +} + +DOCUMENTATION = """ +--- +module: sonic_password_complexity +version_added: '2.5.0' +short_description: Manage Global Login Password Attribute configurations on SONiC +description: + - This module provides configuration management of login password parameters. + - Password Complexity is used to configure the user password attributes. + The password attributes include the number of lower-case characters, + upper-case characters, numeric characters, special characters, and + the minimum length of the password. +author: 'Arul Kumar Shankara Narayanan(@arulkumar9690)' +options: + config: + description: The set of login password attribute configurations + type: dict + suboptions: + min_upper_case: + description: + - Minimum number of uppercase characters required + - The range is from 0 to 31 + type: int + min_lower_case: + description: + - Minimum number of lowercase characters required + - The range is from 0 to 31 + type: int + min_numerals: + description: + - Minimum number of numeric characters required + - The range is from 0 to 31 + type: int + min_spl_char: + description: + - Minimum number of special characters required + - The range is from 0 to 31 + type: int + min_len: + description: + - Minimum number of required alphanumeric characters + - The range is from 6 to 32 + type: int + state: + description: + - Specifies the operation to be performed on the login password attributes configured on the device. + - If the state is "merged", merge specified attributes with existing configured login password attributes. + - For "deleted", delete the specified login password attributes from the existing configuration. + - For "overridden", Overrides all on-device login password attribute configurations with the provided configuration. + - For "replaced", Replaces on-device login password attribute configurations with the provided configuration. + type: str + choices: + - merged + - deleted + - overridden + - replaced + default: merged +""" +EXAMPLES = """ +# Using deleted +# +# Before State: +# ------------- +# +# sonic# show running-configuration | grep password-attribute +# ! +# login password-attribute character-restriction numeric 2 +# login password-attribute min-length 9 +# ! +# sonic# + + - name: Delete Login Password attribute configurations + dellemc.enterprise_sonic.sonic_password_complexity: + config: + min_numerals: 2 + state: deleted + +# After State: +# ------------ +# sonic# show running-configuration | grep password-attribute +# ! +# login password-attribute min-length 9 +# ! + + +# Using Merged +# +# Before State: +# ------------- +# +# sonic# show running-configuration | grep password-attribute +# sonic# + + - name: Modify Login Password Attribute configurations + dellemc.enterprise_sonic.sonic_password_complexity: + config: + min_length: 9 + min_lower_case: 2 + state: merged + +# After State: +# ------------ +# sonic# show running-configuration | grep password-attribute +# ! +# login password-attribute character-restriction lower 2 +# login password-attribute min-length 9 +# ! + + +# Using overridden +# +# Before State: +# ------------- +# +# sonic# show running-configuration | grep password-attribute +# ! +# login password-attribute character-restriction lower 2 +# login password-attribute min-length 9 +# ! +# sonic# + + - name: Modify Login Password attribute configurations + dellemc.enterprise_sonic.sonic_password_complexity: + config: + min_length: 10 + min_upper_case: 2 + min_lower_case: 3 + state: overridden + +# After State: +# ------------ +# sonic# show running-configuration | grep password-attribute +# ! +# login password-attribute character-restriction lower 3 +# login password-attribute character-restriction upper 2 +# login password-attribute min-length 10 +# ! + + +# Using replaced +# +# Before State: +# ------------- +# +# sonic# show running-configuration | grep password-attribute +# ! +# login password-attribute character-restriction numeric 2 +# login password-attribute min-length 9 +# ! +# sonic# + + - name: Modify Login Password attribute configurations + dellemc.enterprise_sonic.sonic_password_complexity: + config: + min_spl_char: 1 + state: replaced + +# After State: +# ------------ +# sonic# show running-configuration | grep password-attribute +# ! +# login password-attribute character-restriction special-char 1 +# ! + + +""" +RETURN = """ +before: + description: The configuration prior to the model invocation. + returned: always + type: dict + sample: > + The configuration returned will always be in the same format + of the parameters above. +after: + description: The resulting configuration model invocation. + returned: when changed + type: dict + sample: > + The configuration returned will always be in the same format + of the parameters above. +commands: + description: The set of commands pushed to the remote device. + returned: always + type: list + sample: ['command 1', 'command 2', 'command 3'] +""" + + +from ansible.module_utils.basic import AnsibleModule +from ansible_collections.dellemc.enterprise_sonic.plugins.module_utils.network.sonic.argspec.password_complexity.password_complexity import ( + Password_complexityArgs, +) +from ansible_collections.dellemc.enterprise_sonic.plugins.module_utils.network.sonic.config.password_complexity.password_complexity import Password_complexity + + +def main(): + """ + Main entry point for module execution + + :returns: the result form module invocation + """ + module = AnsibleModule(argument_spec=Password_complexityArgs.argument_spec, + supports_check_mode=True) + + result = Password_complexity(module).execute_module() + module.exit_json(**result) + + +if __name__ == '__main__': + main() diff --git a/tests/regression/roles/sonic_password_complexity/defaults/main.yml b/tests/regression/roles/sonic_password_complexity/defaults/main.yml new file mode 100644 index 000000000..0cc11fb5a --- /dev/null +++ b/tests/regression/roles/sonic_password_complexity/defaults/main.yml @@ -0,0 +1,38 @@ +--- +ansible_connection: httpapi +module_name: password_complexity + + +tests: + - name: test_case_01 + description: Add Password Attribute configuration + state: merged + input: + min_len: 10 + min_numerals: 2 + + - name: test_case_02 + description: Update Password Attribute configuration + state: merged + input: + min_spl_char: 2 + min_lower_case: 1 + + - name: test_case_03 + description: Add Password Attribute configuration + state: replaced + input: + min_len: 9 + min_upper_case: 3 + + - name: test_case_04 + description: Update Password Attribute configuration + state: overridden + input: + min_len: 12 + + - name: test_case_05 + description: Delete specific Password Attribute configurations + state: deleted + input: + min_len: 12 diff --git a/tests/regression/roles/sonic_password_complexity/meta/main.yml b/tests/regression/roles/sonic_password_complexity/meta/main.yml new file mode 100644 index 000000000..d0ceaf6f5 --- /dev/null +++ b/tests/regression/roles/sonic_password_complexity/meta/main.yml @@ -0,0 +1,5 @@ +--- +collections: + - dellemc.enterprise_sonic +dependencies: + - { role: common } diff --git a/tests/regression/roles/sonic_password_complexity/tasks/cleanup_tests.yaml b/tests/regression/roles/sonic_password_complexity/tasks/cleanup_tests.yaml new file mode 100644 index 000000000..35e3d5a91 --- /dev/null +++ b/tests/regression/roles/sonic_password_complexity/tasks/cleanup_tests.yaml @@ -0,0 +1,5 @@ +- name: Delete Password Attribute configurations + dellemc.enterprise_sonic.sonic_password_complexity: + config: + state: deleted + ignore_errors: yes diff --git a/tests/regression/roles/sonic_password_complexity/tasks/main.yml b/tests/regression/roles/sonic_password_complexity/tasks/main.yml new file mode 100644 index 000000000..95bce581a --- /dev/null +++ b/tests/regression/roles/sonic_password_complexity/tasks/main.yml @@ -0,0 +1,22 @@ +--- +- ansible.builtin.debug: + msg: "sonic_password_complexity Test started ..." + +- name: "Preparations for {{ module_name }}" + ansible.builtin.include_tasks: preparation_tests.yaml + +- name: "Test {{ module_name }} started" + ansible.builtin.include_tasks: tasks_template.yaml + loop: "{{ tests }}" + +- name: "test_delete_all {{ module_name }} stated ..." + ansible.builtin.include_tasks: tasks_template_del.yaml + loop: "{{ test_delete_all }}" + when: test_delete_all is defined + +- name: "Cleanup of {{ module_name }}" + ansible.builtin.include_tasks: cleanup_tests.yaml + +- name: Display all variables/facts known for a host + ansible.builtin.debug: + var: hostvars[inventory_hostname].ansible_facts.test_reports diff --git a/tests/regression/roles/sonic_password_complexity/tasks/preparation_tests.yaml b/tests/regression/roles/sonic_password_complexity/tasks/preparation_tests.yaml new file mode 100644 index 000000000..b23792afd --- /dev/null +++ b/tests/regression/roles/sonic_password_complexity/tasks/preparation_tests.yaml @@ -0,0 +1,6 @@ +--- +- name: Delete old Password Complexity configurations + dellemc.enterprise_sonic.sonic_password_complexity: + config: {} + state: deleted + ignore_errors: yes diff --git a/tests/regression/roles/sonic_password_complexity/tasks/tasks_template.yaml b/tests/regression/roles/sonic_password_complexity/tasks/tasks_template.yaml new file mode 100644 index 000000000..2cbbc1168 --- /dev/null +++ b/tests/regression/roles/sonic_password_complexity/tasks/tasks_template.yaml @@ -0,0 +1,22 @@ +--- +- name: "{{ item.name }} , {{ item.description }}" + dellemc.enterprise_sonic.sonic_password_complexity: + config: "{{ item.input }}" + state: "{{ item.state }}" + register: action_task_output + ignore_errors: yes + +- ansible.builtin.import_role: + name: common + tasks_from: action.facts.report.yaml + +- name: "{{ item.name }} , {{ item.description }} Idempotent" + dellemc.enterprise_sonic.sonic_password_complexity: + config: "{{ item.input }}" + state: "{{ item.state }}" + register: idempotent_task_output + ignore_errors: yes + +- ansible.builtin.import_role: + name: common + tasks_from: idempotent.facts.report.yaml diff --git a/tests/regression/roles/sonic_password_complexity/tasks/tasks_template_del.yaml b/tests/regression/roles/sonic_password_complexity/tasks/tasks_template_del.yaml new file mode 100644 index 000000000..4ad13e9ee --- /dev/null +++ b/tests/regression/roles/sonic_password_complexity/tasks/tasks_template_del.yaml @@ -0,0 +1,21 @@ +- name: "{{ item.name }} , {{ item.description }}" + dellemc.enterprise_sonic.sonic_password_complexity: + config: + state: "{{ item.state }}" + register: action_task_output + ignore_errors: yes + +- ansible.builtin.import_role: + name: common + tasks_from: action.facts.report.yaml + +- name: "{{ item.name }} , {{ item.description }} Idempotent" + dellemc.enterprise_sonic.sonic_password_complexity: + config: + state: "{{ item.state }}" + register: idempotent_task_output + ignore_errors: yes + +- ansible.builtin.import_role: + name: common + tasks_from: idempotent.facts.report.yaml diff --git a/tests/regression/test.yaml b/tests/regression/test.yaml index 87c657c77..c11026e10 100644 --- a/tests/regression/test.yaml +++ b/tests/regression/test.yaml @@ -71,4 +71,5 @@ - sonic_ospf_area - sonic_poe - sonic_mgmt_servers + - sonic_password_complexity - test_reports diff --git a/tests/unit/modules/network/sonic/fixtures/sonic_password_complexity.yaml b/tests/unit/modules/network/sonic/fixtures/sonic_password_complexity.yaml new file mode 100644 index 000000000..b87709962 --- /dev/null +++ b/tests/unit/modules/network/sonic/fixtures/sonic_password_complexity.yaml @@ -0,0 +1,95 @@ +--- +merged_01: + module_args: + config: + min_lower_case: 1 + min_upper_case: 1 + min_len: 10 + existing_system_config: + - path: "data/openconfig-system:system/openconfig-system-ext:login/password-attributes/config" + response: + code: 200 + value: + openconfig-system-ext:config: + min-lower-case: 2 + min-upper-case: 2 + min-len: 9 + expected_config_requests: + - path: "data/openconfig-system:system/openconfig-system-ext:login/password-attributes/config" + method: "patch" + data: + openconfig-system-ext:config: + min-lower-case: 1 + min-upper-case: 1 + min-len: 10 +deleted_01: + module_args: + state: deleted + existing_system_config: + - path: "data/openconfig-system:system/openconfig-system-ext:login/password-attributes/config" + response: + code: 200 + value: + openconfig-system-ext:config: + min-lower-case: 1 + min-upper-case: 1 + min-len: 10 + expected_config_requests: + - path: "data/openconfig-system:system/openconfig-system-ext:login/password-attributes/config/min-lower-case" + method: "delete" + - path: "data/openconfig-system:system/openconfig-system-ext:login/password-attributes/config/min-upper-case" + method: "delete" + - path: "data/openconfig-system:system/openconfig-system-ext:login/password-attributes/config/min-len" + method: "delete" +replaced_01: + module_args: + config: + min_numerals: 4 + min_spl_char: 2 + state: replaced + existing_system_config: + - path: "data/openconfig-system:system/openconfig-system-ext:login/password-attributes/config" + response: + code: 200 + value: + openconfig-system-ext:config: + min-lower-case: 1 + min-upper-case: 2 + min-len: 10 + expected_config_requests: + - path: "data/openconfig-system:system/openconfig-system-ext:login/password-attributes/config" + method: "patch" + data: + openconfig-system-ext:config: + min-numerals: 4 + min-special-char: 2 + - path: "data/openconfig-system:system/openconfig-system-ext:login/password-attributes/config/min-len" + method: "delete" + - path: "data/openconfig-system:system/openconfig-system-ext:login/password-attributes/config/min-lower-case" + method: "delete" + - path: "data/openconfig-system:system/openconfig-system-ext:login/password-attributes/config/min-upper-case" + method: "delete" +overridden_01: + module_args: + config: + min_lower_case: 2 + min_spl_char: 1 + min_len: 10 + state: overridden + existing_system_config: + - path: "data/openconfig-system:system/openconfig-system-ext:login/password-attributes/config" + response: + code: 200 + value: + openconfig-system-ext:config: + min-lower-case: 1 + min-special-char: 2 + min-len: 9 + expected_config_requests: + - path: "data/openconfig-system:system/openconfig-system-ext:login/password-attributes/config" + method: "patch" + data: + openconfig-system-ext:config: + min-lower-case: 2 + min-special-char: 1 + min-len: 10 diff --git a/tests/unit/modules/network/sonic/test_sonic_password_complexity.py b/tests/unit/modules/network/sonic/test_sonic_password_complexity.py new file mode 100644 index 000000000..d8bdae4b0 --- /dev/null +++ b/tests/unit/modules/network/sonic/test_sonic_password_complexity.py @@ -0,0 +1,79 @@ +from __future__ import absolute_import, division, print_function + +__metaclass__ = type + +from ansible_collections.dellemc.enterprise_sonic.tests.unit.compat.mock import ( + patch, +) +from ansible_collections.dellemc.enterprise_sonic.plugins.modules import ( + sonic_password_complexity, +) +from ansible_collections.dellemc.enterprise_sonic.tests.unit.modules.utils import ( + set_module_args, +) +from .sonic_module import TestSonicModule + + +class TestSonicPasswordComplexityModule(TestSonicModule): + module = sonic_password_complexity + + @classmethod + def setUpClass(cls): + cls.mock_facts_edit_config = patch( + "ansible_collections.dellemc.enterprise_sonic.plugins.module_utils.network.sonic.facts.password_complexity.password_complexity.edit_config" + ) + cls.mock_config_edit_config = patch( + "ansible_collections.dellemc.enterprise_sonic.plugins.module_utils.network.sonic.config.password_complexity.password_complexity.edit_config" + ) + cls.mock_utils_edit_config = patch( + "ansible_collections.dellemc.enterprise_sonic.plugins.module_utils.network.sonic.utils.utils.edit_config" + ) + cls.fixture_data = cls.load_fixtures('sonic_password_complexity.yaml') + + def setUp(self): + super(TestSonicPasswordComplexityModule, self).setUp() + self.facts_edit_config = self.mock_facts_edit_config.start() + self.config_edit_config = self.mock_config_edit_config.start() + self.utils_edit_config = self.mock_utils_edit_config.start() + + self.utils_edit_config.side_effect = self.config_side_effect + self.facts_edit_config.side_effect = self.facts_side_effect + self.config_edit_config.side_effect = self.config_side_effect + + def tearDown(self): + super(TestSonicPasswordComplexityModule, self).tearDown() + self.mock_facts_edit_config.stop() + self.mock_config_edit_config.stop() + self.mock_utils_edit_config.stop() + + def test_sonic_password_complexity_merged_01(self): + set_module_args(self.fixture_data['merged_01']['module_args']) + self.initialize_facts_get_requests(self.fixture_data['merged_01']['existing_system_config']) + self.initialize_config_requests(self.fixture_data['merged_01']['expected_config_requests']) + + result = self.execute_module(changed=True) + self.validate_config_requests() + + def test_sonic_password_complexity_deleted_01(self): + set_module_args(self.fixture_data['deleted_01']['module_args']) + self.initialize_facts_get_requests(self.fixture_data['deleted_01']['existing_system_config']) + self.initialize_config_requests(self.fixture_data['deleted_01']['expected_config_requests']) + + result = self.execute_module(changed=True) + self.validate_config_requests() + + def test_sonic_password_complexity_replaced_01(self): + set_module_args(self.fixture_data['replaced_01']['module_args']) + self.initialize_facts_get_requests(self.fixture_data['replaced_01']['existing_system_config']) + self.initialize_config_requests(self.fixture_data['replaced_01']['expected_config_requests']) + + result = self.execute_module(changed=True) + self.validate_config_requests() + + def test_sonic_password_complexity_overridden_01(self): + set_module_args(self.fixture_data['overridden_01']['module_args']) + self.initialize_facts_get_requests(self.fixture_data['overridden_01']['existing_system_config']) + self.initialize_config_requests(self.fixture_data['overridden_01']['expected_config_requests']) + + result = self.execute_module(changed=True) + self.validate_config_requests()