diff --git a/plugins/modules/ndo_l3out_node_group_policy.py b/plugins/modules/ndo_l3out_node_group_policy.py index bf4d878e..0bf1b27d 100644 --- a/plugins/modules/ndo_l3out_node_group_policy.py +++ b/plugins/modules/ndo_l3out_node_group_policy.py @@ -14,9 +14,9 @@ DOCUMENTATION = r""" --- module: ndo_l3out_node_group_policy -short_description: Manage L3Out Node/Interface Group Policy on Cisco Nexus Dashboard Orchestrator (NDO). +short_description: Manage L3Out Node Group Policy on Cisco Nexus Dashboard Orchestrator (NDO). description: -- Manage L3Out Node/Interface Group Policy on Cisco Nexus Dashboard Orchestrator (NDO). +- Manage L3Out Node Group Policy on Cisco Nexus Dashboard Orchestrator (NDO). - This module is only supported on ND v3.1 (NDO v4.3) and later. author: - Sabari Jaganathan (@sajagana) @@ -26,19 +26,22 @@ - The name of the template. - The template must be a L3Out template. type: str + aliases: [ l3out_template ] required: true l3out: description: - The name of the L3Out. type: str + aliases: [ l3out_name ] required: true name: description: - - The name of the L3Out Node/Interface Group Policy. + - The name of the L3Out Node Group Policy. type: str + aliases: [ l3out_node_group_policy ] description: description: - - The description of the L3Out Node/Interface Group Policy. + - The description of the L3Out Node Group Policy. type: str node_routing_policy: description: @@ -46,21 +49,21 @@ type: str bfd_multi_hop_authentication: description: - - The bidirectional forwarding detection (BFD) multi-hop authentication of the L3Out Node/Interface Group Policy. + - The bidirectional forwarding detection (BFD) multi-hop authentication of the L3Out Node Group Policy. - To enable the O(bfd_multi_hop_authentication) BGP routing protocol must be configured on the L3Out. type: str choices: [ enabled, disabled ] bfd_multi_hop_key_id: description: - - The BFD multi-hop key ID of the L3Out Node/Interface Group Policy. + - The BFD multi-hop key ID of the L3Out Node Group Policy. type: int bfd_multi_hop_key: description: - - The BFD multi-hop key of the L3Out Node/Interface Group Policy. + - The BFD multi-hop key of the L3Out Node Group Policy. type: str target_dscp: description: - - The DSCP Level of the L3Out Node/Interface Group Policy. + - The DSCP Level of the L3Out Node Group Policy. type: str choices: - af11 @@ -112,7 +115,7 @@ password: SomeSecretPassword template: l3out_template l3out: l3out - name: "node_group_policy_1" + name: node_group_policy_1 state: present - name: Update an existing L3Out node group policy @@ -122,7 +125,7 @@ password: SomeSecretPassword template: l3out_template l3out: l3out - name: "node_group_policy_1" + name: node_group_policy_1 description: "Updated description" node_routing_policy: ans_node_policy_group_1 bfd_multi_hop_authentication: enabled @@ -138,7 +141,7 @@ password: SomeSecretPassword template: l3out_template l3out: l3out - name: "node_group_policy_1" + name: node_group_policy_1 state: query register: query_with_name @@ -149,7 +152,7 @@ password: SomeSecretPassword template: l3out_template l3out: l3out - name: "node_group_policy_1" + name: node_group_policy_1 state: absent """ @@ -168,9 +171,9 @@ def main(): argument_spec = mso_argument_spec() argument_spec.update( - template=dict(type="str", required=True), # L3Out template name - l3out=dict(type="str", required=True), # L3Out name - name=dict(type="str"), # L3Out Node/Interface Group Policy name + template=dict(type="str", required=True, aliases=["l3out_template"]), + l3out=dict(type="str", required=True, aliases=["l3out_name"]), + name=dict(type="str", aliases=["l3out_node_group_policy"]), description=dict(type="str"), node_routing_policy=dict(type="str"), bfd_multi_hop_authentication=dict(type="str", choices=["enabled", "disabled"]), @@ -186,7 +189,6 @@ def main(): required_if=[ ["state", "absent", ["name"]], ["state", "present", ["name"]], - ["bfd_multi_hop_authentication", "enabled", ["bfd_multi_hop_key_id", "bfd_multi_hop_key"]], ], ) @@ -252,21 +254,30 @@ def main(): ops.append(dict(op="remove", path=node_group_policy_path + "/nodeRoutingPolicyRef")) proposed_payload.pop("nodeRoutingPolicyRef", None) - if bfd_multi_hop_authentication == "enabled": - if not mso.existing.get("bfdMultiHop"): - proposed_payload["bfdMultiHop"] = dict() - ops.append(dict(op="replace", path=node_group_policy_path + "/bfdMultiHop", value=dict())) + if (bfd_multi_hop_authentication or bfd_multi_hop_key or bfd_multi_hop_key_id) and not mso.existing.get("bfdMultiHop"): + ops.append(dict(op="replace", path=node_group_policy_path + "/bfdMultiHop", value=dict())) + proposed_payload["bfdMultiHop"] = dict() - if mso.existing.get("bfdMultiHop", {}).get("keyID") != bfd_multi_hop_key_id: - ops.append(dict(op="replace", path=node_group_policy_path + "/bfdMultiHop/keyID", value=bfd_multi_hop_key_id)) - proposed_payload["bfdMultiHop"]["keyID"] = bfd_multi_hop_key_id + if bfd_multi_hop_authentication is not None and mso.existing.get("bfdMultiHop", {}).get("authEnabled") is not ( + True if bfd_multi_hop_authentication == "enabled" else False + ): + ops.append( + dict( + op="replace", + path=node_group_policy_path + "/bfdMultiHop/authEnabled", + value=True if bfd_multi_hop_authentication == "enabled" else False, + ) + ) + proposed_payload["bfdMultiHop"]["authEnabled"] = True if bfd_multi_hop_authentication == "enabled" else False - ops.append(dict(op="replace", path=node_group_policy_path + "/bfdMultiHop/value", value=bfd_multi_hop_key)) - proposed_payload["bfdMultiHop"]["value"] = bfd_multi_hop_key + if bfd_multi_hop_key_id is not None and mso.existing.get("bfdMultiHop", {}).get("keyID") != bfd_multi_hop_key_id: + ops.append(dict(op="replace", path=node_group_policy_path + "/bfdMultiHop/keyID", value=bfd_multi_hop_key_id)) + proposed_payload["bfdMultiHop"]["keyID"] = bfd_multi_hop_key_id - elif bfd_multi_hop_authentication == "disabled" and mso.existing.get("bfdMultiHop"): - proposed_payload.pop("bfdMultiHop", None) - ops.append(dict(op="remove", path=node_group_policy_path + "/bfdMultiHop")) + if bfd_multi_hop_key is not None: + ops.append(dict(op="replace", path=node_group_policy_path + "/bfdMultiHop/key", value=dict())) + ops.append(dict(op="replace", path=node_group_policy_path + "/bfdMultiHop/key/value", value=bfd_multi_hop_key)) + proposed_payload["bfdMultiHop"]["key"] = dict(value=bfd_multi_hop_key) if target_dscp is not None and mso.existing.get("targetDscp") != target_dscp: ops.append(dict(op="replace", path=node_group_policy_path + "/targetDscp", value=target_dscp)) @@ -283,8 +294,19 @@ def main(): if node_routing_policy and l3out_node_routing_policy_object: payload["nodeRoutingPolicyRef"] = l3out_node_routing_policy_object.details.get("uuid") - if bfd_multi_hop_authentication == "enabled": - payload["bfdMultiHop"] = dict(authEnabled=True, keyID=bfd_multi_hop_key_id, key=dict(value=bfd_multi_hop_key)) + bfd_multi_hop = dict() + + if bfd_multi_hop_authentication is not None: + bfd_multi_hop["authEnabled"] = True if bfd_multi_hop_authentication == "enabled" else False + + if bfd_multi_hop_key_id: + bfd_multi_hop["keyID"] = bfd_multi_hop_key_id + + if bfd_multi_hop_key: + bfd_multi_hop["key"] = dict(value=bfd_multi_hop_key) + + if bfd_multi_hop: + payload["bfdMultiHop"] = bfd_multi_hop if target_dscp: payload["targetDscp"] = target_dscp diff --git a/tests/integration/targets/ndo_l3out_node_group_policy/tasks/main.yml b/tests/integration/targets/ndo_l3out_node_group_policy/tasks/main.yml index 6b7ac110..eae463ab 100644 --- a/tests/integration/targets/ndo_l3out_node_group_policy/tasks/main.yml +++ b/tests/integration/targets/ndo_l3out_node_group_policy/tasks/main.yml @@ -31,6 +31,37 @@ when: version.current.version is version('4.2', '>') block: # Setup Part + - name: Ensure ansible_test site exist + cisco.mso.mso_site: + <<: *mso_info + site: '{{ mso_site | default("ansible_test") }}' + state: query + register: ansible_test_site + + - name: Ensure ansible_test tenant exist + cisco.mso.mso_tenant: + <<: *mso_info + tenant: '{{ ansible_tenant | default("ansible_test") }}' + users: + - "{{ mso_username }}" + sites: + - '{{ mso_site | default("ansible_test") }}' + state: present + register: ansible_test_tenant + when: ansible_test_site.current.common.name == 'ansible_test' + + - name: Ensure common tenant exist + cisco.mso.mso_tenant: + <<: *mso_info + tenant: common + users: + - "{{ mso_username }}" + sites: + - '{{ mso_site | default("ansible_test") }}' + state: present + register: ansible_test_tenant + when: ansible_test_site.current.common.name == 'ansible_test' + - name: Ensure l3out template not exist cisco.mso.ndo_template: &ndo_l3out_template_absent <<: *mso_info @@ -64,37 +95,6 @@ template: "Template1" state: absent - - name: Ensure ansible_test site exist - cisco.mso.mso_site: - <<: *mso_info - site: '{{ mso_site | default("ansible_test") }}' - state: query - register: ansible_test_site - - - name: Ensure ansible_test tenant exist - cisco.mso.mso_tenant: - <<: *mso_info - tenant: '{{ ansible_tenant | default("ansible_test") }}' - users: - - "{{ mso_username }}" - sites: - - '{{ mso_site | default("ansible_test") }}' - state: present - register: ansible_test_tenant - when: ansible_test_site.current.common.name == 'ansible_test' - - - name: Ensure common tenant exist - cisco.mso.mso_tenant: - <<: *mso_info - tenant: common - users: - - "{{ mso_username }}" - sites: - - '{{ mso_site | default("ansible_test") }}' - state: present - register: ansible_test_tenant - when: ansible_test_site.current.common.name == 'ansible_test' - # Schema Template Setup for the VRF - name: Add an ansible_test schema template cisco.mso.mso_schema_template: @@ -214,7 +214,6 @@ state: present check_mode: true register: cm_node_group_policy_1_present - ignore_errors: true - name: Assertion check for create L3Out node group policy object with default values - check mode ansible.builtin.assert: @@ -227,7 +226,6 @@ cisco.mso.ndo_l3out_node_group_policy: &nm_node_group_policy_1_present <<: *cm_node_group_policy_1_present register: nm_node_group_policy_1_present - ignore_errors: true - name: Assertion check for create L3Out node group policy object with default values - normal mode ansible.builtin.assert: @@ -242,7 +240,6 @@ cisco.mso.ndo_l3out_node_group_policy: <<: *nm_node_group_policy_1_present register: nm_node_group_policy_1_present_again - ignore_errors: true - name: Assertion check for create L3Out node group policy object with default values - normal mode again ansible.builtin.assert: @@ -267,14 +264,13 @@ state: present check_mode: true register: cm_update_node_group_policy_1 - ignore_errors: true - name: Assertion check for update L3Out node group policy object with check mode ansible.builtin.assert: that: - cm_update_node_group_policy_1 is changed - cm_update_node_group_policy_1.current.bfdMultiHop.keyID == 1 - - cm_update_node_group_policy_1.current.bfdMultiHop.value == "TestKey" + - cm_update_node_group_policy_1.current.bfdMultiHop.key.value == "TestKey" - cm_update_node_group_policy_1.current.description == "Test description" - cm_update_node_group_policy_1.current.name == "node_group_policy_1" - cm_update_node_group_policy_1.current.nodeRoutingPolicyRef != "" @@ -287,13 +283,12 @@ cisco.mso.ndo_l3out_node_group_policy: &nm_update_node_group_policy_1 <<: *cm_update_node_group_policy_1 register: nm_update_node_group_policy_1 - ignore_errors: true - name: Assertion check for update L3Out node group policy object with normal mode ansible.builtin.assert: that: - nm_update_node_group_policy_1 is changed - - nm_update_node_group_policy_1.current.bfdMultiHop.authEnabled == false + - nm_update_node_group_policy_1.current.bfdMultiHop.authEnabled == true - nm_update_node_group_policy_1.current.bfdMultiHop.keyID == 1 - nm_update_node_group_policy_1.current.description == "Test description" - nm_update_node_group_policy_1.current.name == "node_group_policy_1" @@ -303,23 +298,23 @@ - nm_update_node_group_policy_1.previous.nodeRoutingPolicyRef == "" - nm_update_node_group_policy_1.previous.targetDscp == "unspecified" - - name: Update L3Out node group policy object with normal mode again + - name: Update L3Out node group policy object with normal mode again - task status should be changed because of the auth key ref change cisco.mso.ndo_l3out_node_group_policy: <<: *nm_update_node_group_policy_1 register: nm_update_node_group_policy_1_again - ignore_errors: true - name: Assertion check for update L3Out node group policy object with normal mode again ansible.builtin.assert: that: - - nm_update_node_group_policy_1_again is not changed - - nm_update_node_group_policy_1_again.current.bfdMultiHop.authEnabled == false + - nm_update_node_group_policy_1_again is changed + - nm_update_node_group_policy_1_again.current.bfdMultiHop.authEnabled == true - nm_update_node_group_policy_1_again.current.bfdMultiHop.keyID == 1 + - nm_update_node_group_policy_1_again.current.bfdMultiHop.key.ref != nm_update_node_group_policy_1_again.previous.bfdMultiHop.key.ref - nm_update_node_group_policy_1_again.current.description == "Test description" - nm_update_node_group_policy_1_again.current.name == "node_group_policy_1" - nm_update_node_group_policy_1_again.current.nodeRoutingPolicyRef != "" - nm_update_node_group_policy_1_again.current.targetDscp == "af11" - - nm_update_node_group_policy_1_again.previous.bfdMultiHop.authEnabled == false + - nm_update_node_group_policy_1_again.previous.bfdMultiHop.authEnabled == true - nm_update_node_group_policy_1_again.previous.bfdMultiHop.keyID == 1 - nm_update_node_group_policy_1_again.previous.description == "Test description" - nm_update_node_group_policy_1_again.previous.name == "node_group_policy_1" @@ -340,19 +335,18 @@ target_dscp: af12 state: present register: update_node_group_policy_attrs - ignore_errors: true - name: Assertion check for update node_group_policy_1 - bfd_multi_hop_key id, value, target_dscp and node_routing_policy values ansible.builtin.assert: that: - update_node_group_policy_attrs is changed - - update_node_group_policy_attrs.current.bfdMultiHop.authEnabled == false + - update_node_group_policy_attrs.current.bfdMultiHop.authEnabled == true - update_node_group_policy_attrs.current.bfdMultiHop.keyID == 2 - update_node_group_policy_attrs.current.description == "Test description updated" - update_node_group_policy_attrs.current.name == "node_group_policy_1" - update_node_group_policy_attrs.current.nodeRoutingPolicyRef != "" - update_node_group_policy_attrs.current.targetDscp == "af12" - - update_node_group_policy_attrs.previous.bfdMultiHop.authEnabled == false + - update_node_group_policy_attrs.previous.bfdMultiHop.authEnabled == true - update_node_group_policy_attrs.previous.bfdMultiHop.keyID == 1 - update_node_group_policy_attrs.previous.description == "Test description" - update_node_group_policy_attrs.previous.name == "node_group_policy_1" @@ -370,8 +364,8 @@ bfd_multi_hop_authentication: disabled target_dscp: "unspecified" state: present + output_level: debug register: clear_node_group_policy_attrs - ignore_errors: true - name: Assertion check for clear node_group_policy_1 - bfd_multi_hop_key id, value, target_dscp and node_routing_policy values ansible.builtin.assert: @@ -379,8 +373,9 @@ - clear_node_group_policy_attrs is changed - clear_node_group_policy_attrs.current.name == "node_group_policy_1" - clear_node_group_policy_attrs.current.nodeRoutingPolicyRef == "" + - clear_node_group_policy_attrs.current.bfdMultiHop.authEnabled == false - clear_node_group_policy_attrs.current.targetDscp == "unspecified" - - clear_node_group_policy_attrs.previous.bfdMultiHop.authEnabled == false + - clear_node_group_policy_attrs.previous.bfdMultiHop.authEnabled == true - clear_node_group_policy_attrs.previous.bfdMultiHop.keyID == 2 - clear_node_group_policy_attrs.previous.description == "Test description updated" - clear_node_group_policy_attrs.previous.name == "node_group_policy_1" @@ -395,7 +390,6 @@ name: "node_group_policy_1" state: query register: query_node_group_policy_1 - ignore_errors: true - name: Assertion check for query node_group_policy_1 ansible.builtin.assert: @@ -404,6 +398,7 @@ - query_node_group_policy_1.current.name == "node_group_policy_1" - query_node_group_policy_1.current.nodeRoutingPolicyRef == "" - query_node_group_policy_1.current.targetDscp == "unspecified" + - query_node_group_policy_1.current.bfdMultiHop.authEnabled == false - name: Add node_group_policy_2 with common tenant node_routing_policy object cisco.mso.ndo_l3out_node_group_policy: &add_node_group_policy_2 @@ -416,7 +411,6 @@ node_routing_policy: "ans_node_policy_group_common" state: present register: add_node_group_policy_2 - ignore_errors: true - name: Assertion check for add node_group_policy_2 with common tenant node_routing_policy object ansible.builtin.assert: @@ -436,7 +430,6 @@ name: "node_group_policy_2" state: query register: query_node_group_policy_2 - ignore_errors: true - name: Assertion check for query node_group_policy_2 ansible.builtin.assert: @@ -454,7 +447,6 @@ l3out: "l3out_2" state: query register: query_all_node_group_policies - ignore_errors: true - name: Assertion check for query all node_group_policies ansible.builtin.assert: @@ -462,6 +454,220 @@ - query_all_node_group_policies is not changed - query_all_node_group_policies.current | length == 2 + - name: Create node_group_policy_30 with bfd_multi_hop_authentication enabled, key id and value + cisco.mso.ndo_l3out_node_group_policy: + <<: *mso_info + template: '{{ ansible_l3out_template | default("ansible_test") }}' + l3out: "l3out_2" + name: "node_group_policy_30" + node_routing_policy: ans_node_policy_group_2 + bfd_multi_hop_authentication: enabled + bfd_multi_hop_key_id: 2 + bfd_multi_hop_key: TestKeyUpdated + target_dscp: af12 + state: present + register: add_ngp_3_auth_disabled + + - name: Assertion check for create node_group_policy_30 with bfd_multi_hop_authentication enabled, key id and value + ansible.builtin.assert: + that: + - add_ngp_3_auth_disabled is changed + - add_ngp_3_auth_disabled.current.bfdMultiHop.authEnabled == true + - add_ngp_3_auth_disabled.current.bfdMultiHop.key.ref is defined + - add_ngp_3_auth_disabled.current.bfdMultiHop.keyID == 2 + - add_ngp_3_auth_disabled.current.name == "node_group_policy_30" + - add_ngp_3_auth_disabled.current.nodeRoutingPolicyRef != "" + - add_ngp_3_auth_disabled.current.targetDscp == "af12" + - add_ngp_3_auth_disabled.previous == {} + + - name: Create node_group_policy_3 with bfd_multi_hop_authentication disabled, key id and value + cisco.mso.ndo_l3out_node_group_policy: + <<: *mso_info + template: '{{ ansible_l3out_template | default("ansible_test") }}' + l3out: "l3out_2" + name: "node_group_policy_3" + node_routing_policy: ans_node_policy_group_2 + bfd_multi_hop_authentication: disabled + bfd_multi_hop_key_id: 2 + bfd_multi_hop_key: TestKeyUpdated + target_dscp: af12 + state: present + register: add_ngp_3_auth_disabled + + - name: Assertion check for create node_group_policy_3 with bfd_multi_hop_authentication disabled, key id and value + ansible.builtin.assert: + that: + - add_ngp_3_auth_disabled is changed + - add_ngp_3_auth_disabled.current.bfdMultiHop.authEnabled == false + - add_ngp_3_auth_disabled.current.bfdMultiHop.keyID == 2 + - add_ngp_3_auth_disabled.current.bfdMultiHop.key.ref is not defined + - add_ngp_3_auth_disabled.current.name == "node_group_policy_3" + - add_ngp_3_auth_disabled.current.nodeRoutingPolicyRef != "" + - add_ngp_3_auth_disabled.current.targetDscp == "af12" + - add_ngp_3_auth_disabled.previous == {} + + - name: Update node_group_policy_3 with only bfd_multi_hop_key_id + cisco.mso.ndo_l3out_node_group_policy: + <<: *mso_info + template: '{{ ansible_l3out_template | default("ansible_test") }}' + l3out: "l3out_2" + name: "node_group_policy_3" + bfd_multi_hop_key_id: 3 + state: present + register: update_ngp_3_with_key_id + + - name: Assertion check for update node_group_policy_3 with only bfd_multi_hop_key_id + ansible.builtin.assert: + that: + - update_ngp_3_with_key_id is changed + - update_ngp_3_with_key_id.current.bfdMultiHop.authEnabled == false + - update_ngp_3_with_key_id.current.bfdMultiHop.keyID == 3 + - update_ngp_3_with_key_id.current.name == "node_group_policy_3" + - update_ngp_3_with_key_id.current.nodeRoutingPolicyRef != "" + - update_ngp_3_with_key_id.current.targetDscp == "af12" + - update_ngp_3_with_key_id.previous.bfdMultiHop.authEnabled == false + - update_ngp_3_with_key_id.previous.bfdMultiHop.keyID == 2 + - update_ngp_3_with_key_id.previous.name == "node_group_policy_3" + - update_ngp_3_with_key_id.previous.nodeRoutingPolicyRef != "" + - update_ngp_3_with_key_id.previous.targetDscp == "af12" + + - name: Update node_group_policy_3 with only bfd_multi_hop_key - task flag changed should be false wth authentication is disabled + cisco.mso.ndo_l3out_node_group_policy: + <<: *mso_info + template: '{{ ansible_l3out_template | default("ansible_test") }}' + l3out: "l3out_2" + name: "node_group_policy_3" + bfd_multi_hop_key: TestKeyUpdated1 + state: present + register: update_ngp_3_with_key + + - name: Assertion check for update node_group_policy_3 with only bfd_multi_hop_key - task flag changed should be false wth authentication is disabled + ansible.builtin.assert: + that: + - update_ngp_3_with_key is not changed + - update_ngp_3_with_key.current.bfdMultiHop.authEnabled == false + - update_ngp_3_with_key.current.bfdMultiHop.keyID == 3 + - update_ngp_3_with_key.current.name == "node_group_policy_3" + - update_ngp_3_with_key.current.nodeRoutingPolicyRef != "" + - update_ngp_3_with_key.current.targetDscp == "af12" + - update_ngp_3_with_key.previous.bfdMultiHop.authEnabled == false + - update_ngp_3_with_key.previous.bfdMultiHop.keyID == 3 + - update_ngp_3_with_key.previous.name == "node_group_policy_3" + - update_ngp_3_with_key.previous.nodeRoutingPolicyRef != "" + - update_ngp_3_with_key.previous.targetDscp == "af12" + + - name: Create node_group_policy_4 with bfd_multi_hop_authentication disabled without bfd_multi_hop_key_id and bfd_multi_hop_key + cisco.mso.ndo_l3out_node_group_policy: + <<: *mso_info + template: '{{ ansible_l3out_template | default("ansible_test") }}' + l3out: "l3out_2" + name: "node_group_policy_4" + node_routing_policy: ans_node_policy_group_2 + bfd_multi_hop_authentication: disabled + target_dscp: af12 + state: present + register: add_ngp_4_auth_disabled + + - name: Assertion check for create node_group_policy_4 with bfd_multi_hop_authentication disabled without bfd_multi_hop_key_id and bfd_multi_hop_key + ansible.builtin.assert: + that: + - add_ngp_4_auth_disabled is changed + - add_ngp_4_auth_disabled.current.bfdMultiHop.authEnabled == false + - add_ngp_4_auth_disabled.current.name == "node_group_policy_4" + - add_ngp_4_auth_disabled.current.nodeRoutingPolicyRef != "" + - add_ngp_4_auth_disabled.current.targetDscp == "af12" + - add_ngp_4_auth_disabled.previous == {} + + - name: Create node_group_policy_5 without bfd config + cisco.mso.ndo_l3out_node_group_policy: + <<: *mso_info + template: '{{ ansible_l3out_template | default("ansible_test") }}' + l3out: "l3out_2" + name: "node_group_policy_5" + node_routing_policy: ans_node_policy_group_2 + state: present + register: add_ngp_5 + + - name: Assertion check for create node_group_policy_5 without bfd config + ansible.builtin.assert: + that: + - add_ngp_5 is changed + - add_ngp_5.current.name == "node_group_policy_5" + - add_ngp_5.current.nodeRoutingPolicyRef != "" + - add_ngp_5.current.targetDscp == "unspecified" + - add_ngp_5.previous == {} + + - name: Update node_group_policy_5 with only bfd_multi_hop_key_id and bfd_multi_hop_key + cisco.mso.ndo_l3out_node_group_policy: + <<: *mso_info + template: '{{ ansible_l3out_template | default("ansible_test") }}' + l3out: "l3out_2" + name: "node_group_policy_5" + node_routing_policy: ans_node_policy_group_2 + bfd_multi_hop_key_id: 3 + bfd_multi_hop_key: TestKeyUpdated1 + state: present + register: update_ngp_5_only_id_value + + - name: Assertion check for update node_group_policy_5 with only bfd_multi_hop_key_id and bfd_multi_hop_key + ansible.builtin.assert: + that: + - update_ngp_5_only_id_value is changed + - update_ngp_5_only_id_value.current.bfdMultiHop.authEnabled == false + - update_ngp_5_only_id_value.current.bfdMultiHop.keyID == 3 + - update_ngp_5_only_id_value.current.name == "node_group_policy_5" + - update_ngp_5_only_id_value.current.nodeRoutingPolicyRef != "" + - update_ngp_5_only_id_value.current.targetDscp == "unspecified" + - update_ngp_5_only_id_value.previous.name == "node_group_policy_5" + - update_ngp_5_only_id_value.previous.nodeRoutingPolicyRef != "" + - update_ngp_5_only_id_value.previous.targetDscp == "unspecified" + + - name: Enable bfd_multi_hop_authentication without bfd_multi_hop_key on node_group_policy_5 + cisco.mso.ndo_l3out_node_group_policy: + <<: *mso_info + template: '{{ ansible_l3out_template | default("ansible_test") }}' + l3out: "l3out_2" + name: "node_group_policy_5" + node_routing_policy: ans_node_policy_group_2 + bfd_multi_hop_authentication: enabled + state: present + register: enable_ngp_5_auth_without_key + ignore_errors: true + + - name: Assertion check for enable bfd_multi_hop_authentication without bfd_multi_hop_key on node_group_policy_5 + ansible.builtin.assert: + that: + - enable_ngp_5_auth_without_key is changed + - enable_ngp_5_auth_without_key.msg == "MSO Error 400{{':'}} Invalid configuration in L3Out 'l3out_2'{{':'}} node group 'node_group_policy_5'{{':'}} bfdMultiHop Key must be specified when auth is enabled" + + - name: Update node_group_policy_5 with bfd config + cisco.mso.ndo_l3out_node_group_policy: + <<: *mso_info + template: '{{ ansible_l3out_template | default("ansible_test") }}' + l3out: "l3out_2" + name: "node_group_policy_5" + node_routing_policy: ans_node_policy_group_2 + bfd_multi_hop_authentication: enabled + bfd_multi_hop_key: TestKeyUpdated4 + state: present + register: update_ngp_5_bfd_config + + - name: Assertion check for update node_group_policy_5 with bfd config + ansible.builtin.assert: + that: + - update_ngp_5_bfd_config is changed + - update_ngp_5_bfd_config.current.bfdMultiHop.authEnabled == true + - update_ngp_5_bfd_config.current.bfdMultiHop.key.ref is defined + - update_ngp_5_bfd_config.current.bfdMultiHop.keyID == 3 + - update_ngp_5_bfd_config.current.name == "node_group_policy_5" + - update_ngp_5_bfd_config.current.nodeRoutingPolicyRef != "" + - update_ngp_5_bfd_config.current.targetDscp == "unspecified" + - update_ngp_5_bfd_config.previous.bfdMultiHop.authEnabled == false + - update_ngp_5_bfd_config.previous.bfdMultiHop.keyID == 3 + - update_ngp_5_bfd_config.previous.name == "node_group_policy_5" + - update_ngp_5_bfd_config.previous.nodeRoutingPolicyRef != "" + - update_ngp_5_bfd_config.previous.targetDscp == "unspecified" + - name: Remove node_group_policy_2 with check mode cisco.mso.ndo_l3out_node_group_policy: &cm_rm_node_group_policy_2 <<: *add_node_group_policy_2 @@ -543,31 +749,7 @@ ansible.builtin.assert: that: - node_group_policy_nt_with_l3out_1 is changed - - node_group_policy_nt_with_l3out_1.current.bfdMultiHop.authEnabled == true - - node_group_policy_nt_with_l3out_1.current.bfdMultiHop.key.value == "test" - - node_group_policy_nt_with_l3out_1.current.bfdMultiHop.keyID == 12 - - node_group_policy_nt_with_l3out_1.current.name == "node_group_policy_nt" - - node_group_policy_nt_with_l3out_1.current.nodeRoutingPolicyRef != "" - node_group_policy_nt_with_l3out_1.msg == "MSO Error 400{{':'}} Invalid configuration in L3Out 'l3out_1'{{':'}} node group 'node_group_policy_nt'{{':'}} BFD Multihop is not supported with non-BGP routing protocols. Current protocol{{':'}} none" - - node_group_policy_nt_with_l3out_1.previous == {} - - - name: Create L3Out node group policy object without key and id when bfd_multi_hop_authentication is enabled - cisco.mso.ndo_l3out_node_group_policy: - <<: *mso_info - template: '{{ ansible_l3out_template | default("ansible_test") }}' - l3out: "l3out_1" - name: "node_group_policy_nt" - bfd_multi_hop_authentication: enabled - state: present - register: node_group_policy_nt_without_key - ignore_errors: true - - - name: Assertion check for create L3Out node group policy object without key and id when bfd_multi_hop_authentication is enabled - ansible.builtin.assert: - that: - - node_group_policy_nt_without_key is not changed - - node_group_policy_nt_without_key.msg == "bfd_multi_hop_authentication is enabled but all of the following are missing{{':'}} bfd_multi_hop_key_id, bfd_multi_hop_key" - # Negative test part ends # Cleanup Part - name: Remove l3out tenant template