Skip to content

Commit

Permalink
Update AAA module (#382)
Browse files Browse the repository at this point in the history 
* Update AAA module authentication implementation

* Add fragment

* Update new attribute with version_added

* Update sonic_aaa.py

* Update AAA module to align with SONiC functionality

* Update playbook example

* Revert

* Address review comments and add name-service feature

* Update aaa playbook example

* Update get_replaced_config method

* Address review comment

* Update config description
  • Loading branch information
@stalabi1
stalabi1 authored Aug 20, 2024
1 parent 1fdcf25 commit c792f81
Show file tree
Hide file tree
Showing 12 changed files with 1,490 additions and 465 deletions.
2 changes: 2 additions & 0 deletions changelogs/fragments/382-aaa-breaking-change.yaml
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,2 @@
breaking_changes:
- sonic_aaa - Update AAA module to align with SONiC functionality (https://github.com/ansible-collections/dellemc.enterprise_sonic/pull/382)
37 changes: 33 additions & 4 deletions playbooks/common_examples/sonic_aaa.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -38,10 +38,39 @@
sonic_aaa:
config:
authentication:
data:
fail_through: true
group: tacacs+
local: true
auth_method:
- local
- ldap
- radius
- tacacs+
console_auth_local: True
failthrough: True
authorization:
commands_auth_method:
- local
- tacacs+
login_auth_method:
- local
- ldap
name_service:
group:
- ldap
- local
- login
netgroup:
- ldap
- local
passwd:
- ldap
- local
- login
shadow:
- ldap
- local
- login
sudoers:
- ldap
- local
state: merged
- name: Merge tacacs configurations
sonic_tacacs_server:
Expand Down
63 changes: 52 additions & 11 deletions plugins/module_utils/network/sonic/argspec/aaa/aaa.py
View file
Original file line number Diff line number Diff line change
@@ -1,6 +1,6 @@
#
# -*- coding: utf-8 -*-
# Copyright 2023 Dell Inc. or its subsidiaries. All Rights Reserved
# Copyright 2024 Dell Inc. or its subsidiaries. All Rights Reserved
# GNU General Public License v3.0+
# (see COPYING or https://www.gnu.org/licenses/gpl-3.0.txt)

Expand Down Expand Up @@ -42,16 +42,57 @@ def __init__(self, **kwargs):
'options': {
'authentication': {
'options': {
'data': {
'options': {
'fail_through': {'type': 'bool'},
'group': {
'choices': ['ldap', 'radius', 'tacacs+'],
'type': 'str'
},
'local': {'type': 'bool'}
},
'type': 'dict'
'auth_method': {
'choices': ['ldap', 'local', 'radius', 'tacacs+'],
'elements': 'str',
'type': 'list'
},
'console_auth_local': {'type': 'bool'},
'failthrough': {'type': 'bool'},
},
'type': 'dict'
},
'authorization': {
'options': {
'commands_auth_method': {
'choices': ['local', 'tacacs+'],
'elements': 'str',
'type': 'list'
},
'login_auth_method': {
'choices': ['ldap', 'local'],
'elements': 'str',
'type': 'list'
}
},
'type': 'dict'
},
'name_service': {
'options': {
'group': {
'choices': ['ldap', 'local', 'login'],
'elements': 'str',
'type': 'list'
},
'netgroup': {
'choices': ['ldap', 'local'],
'elements': 'str',
'type': 'list'
},
'passwd': {
'choices': ['ldap', 'local', 'login'],
'elements': 'str',
'type': 'list'
},
'shadow': {
'choices': ['ldap', 'local', 'login'],
'elements': 'str',
'type': 'list'
},
'sudoers': {
'choices': ['ldap', 'local'],
'elements': 'str',
'type': 'list'
}
},
'type': 'dict'
Expand Down
Loading

0 comments on commit c792f81

Please sign in to comment.