diff --git a/library/mt_radius.py b/library/mt_radius.py index ee7e276..84d127b 100644 --- a/library/mt_radius.py +++ b/library/mt_radius.py @@ -14,252 +14,111 @@ options: hostname: description: - hotstname of mikrotik router - required: True username: description: - username used to connect to mikrotik router - required: True password: description: - password used for authentication to mikrotik router - required: True state: description: - client present or absent - required: True + required: False choices: - present - absent - comment: - description: - - This module only ensures entries that match the comment field. - Thus, you should make unique comments for every entry. - required: True # only if state is present - address: - description: - - IPv4 or IPv6 address of RADIUS server - required: False - secret: - description: - - Shared secret used to access the RADIUS server - required: False - default: null - timeout: - description: - - Timeout after which the request should be resend - required: False - default: null - service: - description: - - Router services that will use this RADIUS server: - choices: - - 'hotspot' # HotSpot authentication service - - 'login' # router's local user authentication - - 'ppp # Point-to-Point clients authentication - - 'wireless # wireless client authentication (client's MAC address is sent as User-Name) - - 'dhcp # DHCP protocol client authentication (client's MAC address is sent as User-Name)IPv4 or IPv6 address of RADIUS server - required: False - default: null - incoming: - accept: - choices: ['true', 'false' ] - port: "3799" - description: - - Whether to accept the unsolicited messages. - Also include the port number to listen for the requests on. - Accept and port values must be strings - required: False - default: null ''' EXAMPLES = ''' # Add a new radius entry -- mt_radius: - hostname: "{{ inventory_hostname }}" - username: "{{ mt_user }}" - password: "{{ mt_pass }}" +- mt_dhcp_server: + hostname: "{{ inventory_hostname }}" + username: "{{ mt_user }}" + password: "{{ mt_pass }}" state: present - address: 192.168.230.1 - comment: ansible_test - secret: 'password' - service: - - login - - hotspot - - wireless - timeout: '2s500ms' + parameter: radius + settings: + address: 192.168.230.1 + comment: ansible_test + timeout: '2s500ms' + secret: 'password' + service: + - login + - hotspot + - wireless ''' -import mt_api from ansible.module_utils.basic import AnsibleModule +from mt_common import MikrotikIdempotent def main(): - module = AnsibleModule( - argument_spec=dict( - hostname= dict(required=True), - username= dict(required=True), - password= dict(required=True), - address = dict(required=False, type='str'), - comment = dict(required=True, type='str'), - secret = dict(required=False, type='str'), - service = dict(required=False, type='list'), - timeout = dict(required=False, type='str'), - incoming= dict(required=False, type='dict'), - state = dict( - required = True, - choices = ['present', 'absent'], - type = 'str' - ), - ), + module = AnsibleModule( + argument_spec = dict( + hostname = dict(required=True), + username = dict(required=True), + password = dict(required=True), + settings = dict(required=False, type='dict'), + parameter = dict( + required = True, + choices = ['radius', 'incoming'], + type = 'str' + ), + state = dict( + required = False, + choices = ['present', 'absent'], + type = 'str' + ), + ), supports_check_mode=True - ) - - hostname = module.params['hostname'] - username = module.params['username'] - password = module.params['password'] - state = module.params['state'] - check_mode = module.check_mode - changed = False - msg = "" - - radius_path = '/radius' - mk = mt_api.Mikrotik(hostname, username, password) - try: - mk.login() - except: - module.fail_json( - msg="Could not log into Mikrotik device." + - " Check the username and password.", ) - response = mk.api_print(radius_path) - radius_params = module.params + idempotent_parameter = None + params = module.params - ######################################################## - # Check if we need to edit the incoming radius settings - ######################################################## - if radius_params['incoming'] is not None: - incoming_path = '/radius/incoming' - incoming_response = mk.api_print(incoming_path) - incoming = radius_params['incoming'] - if incoming_response[0][1]['accept'] == incoming['accept']: - if incoming_response[0][1]['port'] == incoming['port']: - # nothing to do - pass - else: - # edit port - if not check_mode: - mk.api_edit(base_path=incoming_path, params=incoming) - else: - # edit the accept and the port - if not check_mode: - mk.api_edit(base_path=incoming_path, params=incoming) - ####################################### - # Since we are grabbing all the parameters passed by the module - # We need to remove the one that won't be used - # as mikrotik parameters - remove_params = ['hostname', 'username', 'password', 'state', 'incoming'] - for i in remove_params: - radius_params.pop(i) - ####################################### - # remove keys with empty values - # convert service list to stings - ###################################### - for key in radius_params.keys(): - if radius_params[key] is None: - radius_params.pop(key) + if params['parameter'] == 'radius': + idempotent_parameter = 'comment' + params['parameter'] = "/radius" + + if params['parameter'] == 'incoming': + params['parameter'] = "/radius/incoming" - ################################################# - # Convert service list to comma separated string - ################################################# - list_to_string = "" - if 'service' in radius_params: - list_to_string = ','.join(map(str, radius_params['service'])) - radius_params['service'] = list_to_string + mt_obj = MikrotikIdempotent( + hostname = params['hostname'], + username = params['username'], + password = params['password'], + state = params['state'], + desired_params = params['settings'], + idempotent_param = idempotent_parameter, + api_path = str(params['parameter']), + check_mode = module.check_mode, - ################################################ - # mikrotik_radius is the dictionary with the parameters - # we get from mikrotik - ################################# - # We grab the first radius item to - # match the comment - ################################# - mikrotik_radius = {} - for i in response: - if 'comment' in i[1]: - if i[1]['comment'] == radius_params['comment']: - mikrotik_radius = i[1] - break + ) - ########################################################## - # Define radius_id to be used by remove and edit function - ########################################################## - if '.id' in mikrotik_radius: - radius_id = mikrotik_radius['.id'] - else: - radius_id = False + mt_obj.sync_state() - ###################################################### - # If the state is present and we can't find matching - # radius comment we add a new item with all the parameters - # from Ansible - ####################################################### - if state == "present": - if mikrotik_radius == {}: - if not check_mode: - mk.api_add(base_path=radius_path, params=radius_params) - module.exit_json( - failed=False, - changed=True, - msg="Added radius item", - ) - ################################################### - # If an item exists we check if all the parameters - # match what we have in ansible - ###################################### - else: - radius_diff_keys = {} - for key in radius_params: - if radius_params[key] != mikrotik_radius[key]: - radius_diff_keys[key] = radius_params[key] - if radius_diff_keys != {}: - radius_diff_keys['numbers'] = radius_id - if not check_mode: - mk.api_edit(base_path=radius_path, params=radius_diff_keys) + if mt_obj.failed: + module.fail_json( + msg = mt_obj.failed_msg + ) + elif mt_obj.changed: module.exit_json( failed=False, changed=True, - msg="Changed radius item: " + radius_params['comment'] + msg=mt_obj.changed_msg, + diff={ "prepared": { + "old": mt_obj.old_params, + "new": mt_obj.new_params, + }}, ) - else: - #################### - # Already up date + else: module.exit_json( failed=False, changed=False, + #msg='', + msg=params['settings'], ) - elif state == "absent": - if radius_id: - if not check_mode: - mk.api_remove(base_path=radius_path, remove_id=radius_id) - module.exit_json( - failed=False, - changed=True, - msg=radius_params['comment'] + " removed" - ) - ##################################################### - # if radius_id is not set there is nothing to remove - ##################################################### - else: - module.exit_json( - failed=False, - changed=False, - ) - else: - module.exit_json( - failed=True, - changed=False, - ) + if __name__ == '__main__': main() diff --git a/library/mt_radius_backup.py b/library/mt_radius_backup.py new file mode 100644 index 0000000..ee7e276 --- /dev/null +++ b/library/mt_radius_backup.py @@ -0,0 +1,265 @@ +# -*- coding: utf-8 -*- +DOCUMENTATION = ''' +module: mt_radius +author: + - "Valentin Gurmeza" + - "Shaun Smiley" +version_added: "2.3" +short_description: Manage mikrotik radius client +requirements: + - mt_api +description: + - Add or remove a radius client +options: + hostname: + description: + - hotstname of mikrotik router + required: True + username: + description: + - username used to connect to mikrotik router + required: True + password: + description: + - password used for authentication to mikrotik router + required: True + state: + description: + - client present or absent + required: True + choices: + - present + - absent + comment: + description: + - This module only ensures entries that match the comment field. + Thus, you should make unique comments for every entry. + required: True # only if state is present + address: + description: + - IPv4 or IPv6 address of RADIUS server + required: False + secret: + description: + - Shared secret used to access the RADIUS server + required: False + default: null + timeout: + description: + - Timeout after which the request should be resend + required: False + default: null + service: + description: + - Router services that will use this RADIUS server: + choices: + - 'hotspot' # HotSpot authentication service + - 'login' # router's local user authentication + - 'ppp # Point-to-Point clients authentication + - 'wireless # wireless client authentication (client's MAC address is sent as User-Name) + - 'dhcp # DHCP protocol client authentication (client's MAC address is sent as User-Name)IPv4 or IPv6 address of RADIUS server + required: False + default: null + incoming: + accept: + choices: ['true', 'false' ] + port: "3799" + description: + - Whether to accept the unsolicited messages. + Also include the port number to listen for the requests on. + Accept and port values must be strings + required: False + default: null +''' + +EXAMPLES = ''' +# Add a new radius entry +- mt_radius: + hostname: "{{ inventory_hostname }}" + username: "{{ mt_user }}" + password: "{{ mt_pass }}" + state: present + address: 192.168.230.1 + comment: ansible_test + secret: 'password' + service: + - login + - hotspot + - wireless + timeout: '2s500ms' +''' + +import mt_api +from ansible.module_utils.basic import AnsibleModule + + +def main(): + module = AnsibleModule( + argument_spec=dict( + hostname= dict(required=True), + username= dict(required=True), + password= dict(required=True), + address = dict(required=False, type='str'), + comment = dict(required=True, type='str'), + secret = dict(required=False, type='str'), + service = dict(required=False, type='list'), + timeout = dict(required=False, type='str'), + incoming= dict(required=False, type='dict'), + state = dict( + required = True, + choices = ['present', 'absent'], + type = 'str' + ), + ), + supports_check_mode=True + ) + + hostname = module.params['hostname'] + username = module.params['username'] + password = module.params['password'] + state = module.params['state'] + check_mode = module.check_mode + changed = False + msg = "" + + radius_path = '/radius' + mk = mt_api.Mikrotik(hostname, username, password) + try: + mk.login() + except: + module.fail_json( + msg="Could not log into Mikrotik device." + + " Check the username and password.", + ) + + response = mk.api_print(radius_path) + radius_params = module.params + + ######################################################## + # Check if we need to edit the incoming radius settings + ######################################################## + if radius_params['incoming'] is not None: + incoming_path = '/radius/incoming' + incoming_response = mk.api_print(incoming_path) + incoming = radius_params['incoming'] + if incoming_response[0][1]['accept'] == incoming['accept']: + if incoming_response[0][1]['port'] == incoming['port']: + # nothing to do + pass + else: + # edit port + if not check_mode: + mk.api_edit(base_path=incoming_path, params=incoming) + else: + # edit the accept and the port + if not check_mode: + mk.api_edit(base_path=incoming_path, params=incoming) + ####################################### + # Since we are grabbing all the parameters passed by the module + # We need to remove the one that won't be used + # as mikrotik parameters + remove_params = ['hostname', 'username', 'password', 'state', 'incoming'] + for i in remove_params: + radius_params.pop(i) + ####################################### + # remove keys with empty values + # convert service list to stings + ###################################### + for key in radius_params.keys(): + if radius_params[key] is None: + radius_params.pop(key) + + + ################################################# + # Convert service list to comma separated string + ################################################# + list_to_string = "" + if 'service' in radius_params: + list_to_string = ','.join(map(str, radius_params['service'])) + radius_params['service'] = list_to_string + + ################################################ + # mikrotik_radius is the dictionary with the parameters + # we get from mikrotik + ################################# + # We grab the first radius item to + # match the comment + ################################# + mikrotik_radius = {} + for i in response: + if 'comment' in i[1]: + if i[1]['comment'] == radius_params['comment']: + mikrotik_radius = i[1] + break + + ########################################################## + # Define radius_id to be used by remove and edit function + ########################################################## + if '.id' in mikrotik_radius: + radius_id = mikrotik_radius['.id'] + else: + radius_id = False + + ###################################################### + # If the state is present and we can't find matching + # radius comment we add a new item with all the parameters + # from Ansible + ####################################################### + if state == "present": + if mikrotik_radius == {}: + if not check_mode: + mk.api_add(base_path=radius_path, params=radius_params) + module.exit_json( + failed=False, + changed=True, + msg="Added radius item", + ) + ################################################### + # If an item exists we check if all the parameters + # match what we have in ansible + ###################################### + else: + radius_diff_keys = {} + for key in radius_params: + if radius_params[key] != mikrotik_radius[key]: + radius_diff_keys[key] = radius_params[key] + if radius_diff_keys != {}: + radius_diff_keys['numbers'] = radius_id + if not check_mode: + mk.api_edit(base_path=radius_path, params=radius_diff_keys) + module.exit_json( + failed=False, + changed=True, + msg="Changed radius item: " + radius_params['comment'] + ) + else: + #################### + # Already up date + module.exit_json( + failed=False, + changed=False, + ) + elif state == "absent": + if radius_id: + if not check_mode: + mk.api_remove(base_path=radius_path, remove_id=radius_id) + module.exit_json( + failed=False, + changed=True, + msg=radius_params['comment'] + " removed" + ) + ##################################################### + # if radius_id is not set there is nothing to remove + ##################################################### + else: + module.exit_json( + failed=False, + changed=False, + ) + else: + module.exit_json( + failed=True, + changed=False, + ) +if __name__ == '__main__': + main() diff --git a/pythonlibs/mt_common.py b/pythonlibs/mt_common.py index 1380e06..b804f76 100644 --- a/pythonlibs/mt_common.py +++ b/pythonlibs/mt_common.py @@ -1,39 +1,13 @@ #!/usr/bin/env python import mt_api import re - - if 'policy' in ansible_scheduler_params: - dif_list = [] - if 'policy' in mikrotik_scheduler_task: - policy = mikrotik_scheduler_task['policy'].split(',') - dif_list = set(ansible_scheduler_params['policy']) & set(policy) - - if dif_list == []: - list_to_string = "" - list_to_string = ','.join(map(str, ansible_scheduler_params['policy'])) - scheduler_diff_keys['policy'] = list_to_string - - for key in ansible_scheduler_params: - if key != 'policy': - if key in mikrotik_scheduler_task: - if ansible_scheduler_params[key] != mikrotik_scheduler_task[key]: - scheduler_diff_keys[key] = ansible_scheduler_params[key] - else: - scheduler_diff_keys[key] = ansible_scheduler_params[key] - if scheduler_diff_keys != {}: - scheduler_diff_keys['numbers'] = client_id - if not check_mode: - mk.api_edit(base_path=api_path, params=scheduler_diff_keys) - changed = True - changed_message.append( - "Changed scheduler task : " + ansible_scheduler_params['name'] - ) +import sys -def list_string(ansible_list, mikrotik_string): - list_to_string = "" - list_to_string = ','.join(map(str, ansible_scheduler_params['policy'])) - scheduler_diff_keys['policy'] = list_to_string +def list_to_string(list): + list_string = "" + list_string = ','.join(map(str, list)) + return list_string def clean_params(params): @@ -150,6 +124,11 @@ class MikrotikIdempotent(): # When current_param is empty we need to call api_add method to add # all the parameters in the desired_params if self.current_param is None: + # check if we have a list within the dictionary + # convert the list to string to pass to mikrotik + for i in self.desired_params: + if isinstance(self.desired_params[i], list): + self.desired_params[i] = list_to_string(self.desired_params[i]) self.new_params = self.desired_params self.old_params = "" if not self.check_mode: @@ -179,18 +158,32 @@ class MikrotikIdempotent(): def edit(self): out_params = {} - old_params = {} #used to store values of params we change + old_params = {} # used to store values of params we change # iterate over items in desired params and match against items in current_param # to figure out the difference for desired_param in self.desired_params: - self.desired_params[desired_param] = str(self.desired_params[desired_param]) if desired_param in self.current_param: - if self.current_param[desired_param] != self.desired_params[desired_param]: - out_params[desired_param] = self.desired_params[desired_param] - old_params[desired_param] = self.current_param[desired_param] + # check if we have a list within the dictionary + # convert mikrotik string to list to get a diff + if isinstance(self.desired_params[desired_param], list): + dif_list = [] + if desired_param in self.current_param: + current_param_list = self.current_param[desired_param].split(',') + dif_list = set(self.desired_params[desired_param]) - set(current_param_list) + else: + out_params[desired_param] = list_to_string(self.desired_params[desired_param]) + if dif_list: + out_params[desired_param] = list_to_string(self.desired_params[desired_param]) + old_params[desired_param] = self.current_param[desired_param] + continue + if self.current_param[desired_param] != str(self.desired_params[desired_param]): + out_params[desired_param] = str(self.desired_params[desired_param]) + old_params[desired_param] = str(self.current_param[desired_param]) else: - out_params[desired_param] = self.desired_params[desired_param] + if isinstance(desired_param, list): + out_params[desired_param] = list_to_string(self.desired_params[desired_param]) + out_params[desired_param] = str(self.desired_params[desired_param]) if desired_param in self.current_param: old_params[desired_param] = self.current_param[desired_param] diff --git a/tests/integration/tasks/hotspot-tests.yml b/tests/integration/tasks/hotspot-tests.yml new file mode 100644 index 0000000..84f6704 --- /dev/null +++ b/tests/integration/tasks/hotspot-tests.yml @@ -0,0 +1,197 @@ +- name: add a hotspot profile + mt_hotspot: + hostname: "{{ mt_hostname }}" + username: "{{ mt_user }}" + password: "{{ mt_pass }}" + state: present + parameter: profile + settings: + dns-name: internet.com + login-by: http-pap + name: Hotspot1 + radius-interim-update: 3m + use-radius: "yes" + +- name: NEVER_CHANGES add a hotspot profile, check idempotency + mt_hotspot: + hostname: "{{ mt_hostname }}" + username: "{{ mt_user }}" + password: "{{ mt_pass }}" + parameter: profile + state: present + settings: + dns-name: internet.com + login-by: http-pap + name: Hotspot1 + radius-interim-update: 3m + use-radius: "yes" + register: profile_add + failed_when: ( + not ansible_check_mode + ) and ( + ( profile_add | changed ) + ) + +- name: ALWAYS_CHANGES edit a hotspot profile, check changes + mt_hotspot: + hostname: "{{ mt_hostname }}" + username: "{{ mt_user }}" + password: "{{ mt_pass }}" + parameter: profile + state: present + settings: + dns-name: internet.com + login-by: http-pap + name: Hotspot1 + radius-interim-update: 4m + use-radius: "yes" + register: profile_edit + failed_when: not ( profile_edit | changed ) + +- name: add a hotspot + mt_hotspot: + hostname: "{{ mt_hostname }}" + username: "{{ mt_user }}" + password: "{{ mt_pass }}" + parameter: hotspot + state: present + settings: + address-pool: pool1 + disabled: "no" + interface: ether2 + name: NETACCESS1 + profile: Hotspot1 + idle-timeout: 3s + +- name: NEVER_CHANGES add a hotspot again, check idempotency + mt_hotspot: + hostname: "{{ mt_hostname }}" + username: "{{ mt_user }}" + password: "{{ mt_pass }}" + state: present + parameter: hotspot + settings: + address-pool: pool1 + disabled: "no" + interface: ether2 + name: NETACCESS1 + profile: Hotspot1 + idle-timeout: 3s + register: hotspot_add + failed_when: ( + not ansible_check_mode + ) and ( + ( hotspot_add | changed ) + ) + +- name: ALWAYS_CHANGES edit a hotspot, check changes + mt_hotspot: + hostname: "{{ mt_hostname }}" + username: "{{ mt_user }}" + password: "{{ mt_pass }}" + state: present + parameter: hotspot + settings: + address-pool: pool1 + disabled: "no" + interface: ether2 + name: NETACCESS1 + profile: Hotspot1 + idle-timeout: 4s + register: hotspot_edit + failed_when: not ( hotspot_edit | changed ) + +- name: add a walled-garden + mt_hotspot: + hostname: "{{ mt_hostname }}" + username: "{{ mt_user }}" + password: "{{ mt_pass }}" + state: present + parameter: walled-garden + settings: + comment: "Allow Personal Web Portal" + dst-host: google.com + server: NETACCESS1 + method: PUT + +- name: NEVER_CHANGES add a walled-garden, check idempotency + mt_hotspot: + hostname: "{{ mt_hostname }}" + username: "{{ mt_user }}" + password: "{{ mt_pass }}" + state: present + parameter: walled-garden + settings: + comment: "Allow Personal Web Portal" + dst-host: google.com + server: NETACCESS1 + method: PUT + register: walled_garden_add + failed_when: ( + not ansible_check_mode + ) and ( + ( walled_garden_add | changed ) + ) + +- name: ALWAYS_CHANGES edit walled-garden settings, check changes + mt_hotspot: + hostname: "{{ mt_hostname }}" + username: "{{ mt_user }}" + password: "{{ mt_pass }}" + state: present + parameter: walled-garden + settings: + comment: "Allow Personal Web Portal" + dst-host: google.com + server: NETACCESS1 + method: TRACE + register: walled_garden_edit + failed_when: not ( walled_garden_edit | changed ) + +- name: ALWAYS_CHANGES remove walled-garden + mt_hotspot: + hostname: "{{ mt_hostname }}" + username: "{{ mt_user }}" + password: "{{ mt_pass }}" + state: absent + parameter: walled-garden + settings: + comment: "Allow Personal Web Portal" + register: walled_garden_rem + failed_when: ( + not ansible_check_mode + ) and ( + not ( walled_garden_rem | changed ) + ) + +- name: ALWAYS_CHANGES remove a hotspot + mt_hotspot: + hostname: "{{ mt_hostname }}" + username: "{{ mt_user }}" + password: "{{ mt_pass }}" + parameter: hotspot + state: absent + settings: + name: NETACCESS1 + register: hotspot_rem + failed_when: ( + not ansible_check_mode + ) and ( + not ( hotspot_rem | changed ) + ) + +- name: ALWAYS_CHANGES remove a hotspot profile + mt_hotspot: + hostname: "{{ mt_hostname }}" + username: "{{ mt_user }}" + password: "{{ mt_pass }}" + parameter: profile + state: absent + settings: + name: Hotspot1 + register: profile_rem + failed_when: ( + not ansible_check_mode + ) and ( + not ( profile_rem | changed ) + ) diff --git a/tests/integration/tasks/radius-tests.yml b/tests/integration/tasks/radius-tests.yml new file mode 100644 index 0000000..ed2788b --- /dev/null +++ b/tests/integration/tasks/radius-tests.yml @@ -0,0 +1,129 @@ +- name: Test adding a radius item + mt_radius: + hostname: "{{ mt_hostname }}" + username: "{{ mt_user }}" + password: "{{ mt_pass }}" + state: "present" + parameter: radius + settings: + address: "192.168.12.2" + comment: 'Ansible - radius test 1' + secret: 'password' + service: + - login + - hotspot + - wireless + timeout: '2s500ms' + +- name: ALWAYS_CHANGES Test editing an existing radius item (change address) + mt_radius: + hostname: "{{ mt_hostname }}" + username: "{{ mt_user }}" + password: "{{ mt_pass }}" + state: "present" + parameter: radius + settings: + address: "192.168.12.19" + comment: 'Ansible - radius test 1' + secret: 'password' + service: + - login + - hotspot + - wireless + - dhcp + timeout: '2s500ms' + register: radius_test_1_edit + failed_when: ( + not ansible_check_mode + ) and ( + not ( radius_test_1_edit | changed ) + ) + +- name: ALWAYS_CHANGES Test editing an existing radius item (change address back) + mt_radius: + hostname: "{{ mt_hostname }}" + username: "{{ mt_user }}" + password: "{{ mt_pass }}" + state: "present" + parameter: radius + settings: + address: "192.168.12.2" + comment: 'Ansible - radius test 1' + secret: 'password' + service: + - login + - hotspot + - wireless + timeout: '2s500ms' + register: radius_test_1_edit + failed_when: ( + not ansible_check_mode + ) and ( + not ( radius_test_1_edit | changed ) + ) + +- name: Test adding a duplicate of the first radius item + mt_radius: + hostname: "{{ mt_hostname }}" + username: "{{ mt_user }}" + password: "{{ mt_pass }}" + state: "present" + parameter: radius + settings: + address: "192.168.12.2" + comment: 'Ansible - radius test 1' + secret: 'password' + service: + - login + - hotspot + - wireless + timeout: '2s500ms' + register: radius_test_1_duplicate + failed_when: ( + not ansible_check_mode + ) and ( + ( radius_test_1_duplicate|changed ) + ) + +- name: ALWAYS_CHANGES Test adding another radius item to later remove + mt_radius: + hostname: "{{ mt_hostname }}" + username: "{{ mt_user }}" + password: "{{ mt_pass }}" + state: "present" + parameter: radius + settings: + address: "192.168.12.2" + comment: 'Ansible - radius test 2' + secret: 'password' + service: + - login + - hotspot + - wireless + timeout: '2s500ms' + register: radius_test_2 + failed_when: ( + not ansible_check_mode + ) and ( + not ( radius_test_2 | changed ) + ) + +- name: ALWAYS_CHANGES Test removing a radius item + mt_radius: + hostname: "{{ mt_hostname }}" + username: "{{ mt_user }}" + password: "{{ mt_pass }}" + state: "absent" + parameter: radius + settings: + comment: 'Ansible - radius test 2' + register: radius_test_2_rem + failed_when: ( + not ansible_check_mode + ) and ( + not ( radius_test_2_rem | changed ) + ) + +# incoming: +# accept: "true" +# port: "37988" diff --git a/tests/integration/tests.yml b/tests/integration/tests.yml index 2be763b..78fb250 100644 --- a/tests/integration/tests.yml +++ b/tests/integration/tests.yml @@ -548,125 +548,7 @@ ################### ### radius ################### - - block: - - name: Test adding a radius item - mt_radius: - hostname: "{{ mt_hostname }}" - username: "{{ mt_user }}" - password: "{{ mt_pass }}" - state: "present" - address: "192.168.12.2" - comment: 'Ansible - radius test 1' - secret: 'password' - service: - - login - - hotspot - - wireless - timeout: '2s500ms' - - - name: ALWAYS_CHANGES Test editing an existing radius item (change address) - mt_radius: - hostname: "{{ mt_hostname }}" - username: "{{ mt_user }}" - password: "{{ mt_pass }}" - state: "present" - address: "192.168.12.19" - comment: 'Ansible - radius test 1' - secret: 'password' - service: - - login - - hotspot - - wireless - timeout: '2s500ms' - register: radius_test_1_edit - failed_when: ( - not ansible_check_mode - ) and ( - not ( radius_test_1_edit | changed ) - ) - #changed_when: False - - - name: ALWAYS_CHANGES Test editing an existing radius item (change address back) - mt_radius: - hostname: "{{ mt_hostname }}" - username: "{{ mt_user }}" - password: "{{ mt_pass }}" - state: "present" - address: "192.168.12.2" - comment: 'Ansible - radius test 1' - secret: 'password' - service: - - login - - hotspot - - wireless - timeout: '2s500ms' - register: radius_test_1_edit - failed_when: ( - not ansible_check_mode - ) and ( - not ( radius_test_1_edit | changed ) - ) - #changed_when: False - - - name: Test adding a duplicate of the first radius item - mt_radius: - hostname: "{{ mt_hostname }}" - username: "{{ mt_user }}" - password: "{{ mt_pass }}" - state: "present" - address: "192.168.12.2" - comment: 'Ansible - radius test 1' - secret: 'password' - service: - - login - - hotspot - - wireless - timeout: '2s500ms' - register: radius_test_1_duplicate - failed_when: ( - not ansible_check_mode - ) and ( - ( radius_test_1_duplicate|changed ) - ) - - - name: ALWAYS_CHANGES Test adding another radius item to later remove - mt_radius: - hostname: "{{ mt_hostname }}" - username: "{{ mt_user }}" - password: "{{ mt_pass }}" - state: "present" - address: "192.168.12.2" - comment: 'Ansible - radius test 2' - secret: 'password' - service: - - login - - hotspot - - wireless - timeout: '2s500ms' - register: radius_test_2 - failed_when: ( - not ansible_check_mode - ) and ( - not ( radius_test_2 | changed ) - ) - - - name: ALWAYS_CHANGES Test removing a radius item - mt_radius: - hostname: "{{ mt_hostname }}" - username: "{{ mt_user }}" - password: "{{ mt_pass }}" - state: "absent" - comment: 'Ansible - radius test 2' - incoming: - accept: "true" - port: "37988" - register: radius_test_2_rem - failed_when: ( - not ansible_check_mode - ) and ( - not ( radius_test_2_rem | changed ) - ) - + - include: tasks/radius-tests.yml tags: radius @@ -1902,204 +1784,7 @@ ################### ### hotspot ################### - - block: - - name: add a hotspot profile - mt_hotspot: - hostname: "{{ mt_hostname }}" - username: "{{ mt_user }}" - password: "{{ mt_pass }}" - state: present - parameter: profile - settings: - dns-name: internet.com - login-by: http-pap - name: Hotspot1 - radius-interim-update: 3m - use-radius: "yes" - - - name: NEVER_CHANGES add a hotspot profile, check idempotency - mt_hotspot: - hostname: "{{ mt_hostname }}" - username: "{{ mt_user }}" - password: "{{ mt_pass }}" - parameter: profile - state: present - settings: - dns-name: internet.com - login-by: http-pap - name: Hotspot1 - radius-interim-update: 3m - use-radius: "yes" - register: profile_add - failed_when: ( - not ansible_check_mode - ) and ( - ( profile_add | changed ) - ) - - - name: ALWAYS_CHANGES edit a hotspot profile, check changes - mt_hotspot: - hostname: "{{ mt_hostname }}" - username: "{{ mt_user }}" - password: "{{ mt_pass }}" - parameter: profile - state: present - settings: - dns-name: internet.com - login-by: http-pap - name: Hotspot1 - radius-interim-update: 4m - use-radius: "yes" - register: profile_edit - failed_when: not ( profile_edit | changed ) - - - name: add a hotspot - mt_hotspot: - hostname: "{{ mt_hostname }}" - username: "{{ mt_user }}" - password: "{{ mt_pass }}" - parameter: hotspot - state: present - settings: - address-pool: pool1 - disabled: "no" - interface: ether2 - name: NETACCESS1 - profile: Hotspot1 - idle-timeout: 3s - - - name: NEVER_CHANGES add a hotspot again, check idempotency - mt_hotspot: - hostname: "{{ mt_hostname }}" - username: "{{ mt_user }}" - password: "{{ mt_pass }}" - state: present - parameter: hotspot - settings: - address-pool: pool1 - disabled: "no" - interface: ether2 - name: NETACCESS1 - profile: Hotspot1 - idle-timeout: 3s - register: hotspot_add - failed_when: ( - not ansible_check_mode - ) and ( - ( hotspot_add | changed ) - ) - - - name: ALWAYS_CHANGES edit a hotspot, check changes - mt_hotspot: - hostname: "{{ mt_hostname }}" - username: "{{ mt_user }}" - password: "{{ mt_pass }}" - state: present - parameter: hotspot - settings: - address-pool: pool1 - disabled: "no" - interface: ether2 - name: NETACCESS1 - profile: Hotspot1 - idle-timeout: 4s - register: hotspot_edit - failed_when: not ( hotspot_edit | changed ) - - - name: add a walled-garden - mt_hotspot: - hostname: "{{ mt_hostname }}" - username: "{{ mt_user }}" - password: "{{ mt_pass }}" - state: present - parameter: walled-garden - settings: - comment: "Allow Personal Web Portal" - dst-host: google.com - server: NETACCESS1 - method: PUT - - - name: NEVER_CHANGES add a walled-garden, check idempotency - mt_hotspot: - hostname: "{{ mt_hostname }}" - username: "{{ mt_user }}" - password: "{{ mt_pass }}" - state: present - parameter: walled-garden - settings: - comment: "Allow Personal Web Portal" - dst-host: google.com - server: NETACCESS1 - method: PUT - register: walled_garden_add - failed_when: ( - not ansible_check_mode - ) and ( - ( walled_garden_add | changed ) - ) - - - name: ALWAYS_CHANGES edit walled-garden settings, check changes - mt_hotspot: - hostname: "{{ mt_hostname }}" - username: "{{ mt_user }}" - password: "{{ mt_pass }}" - state: present - parameter: walled-garden - settings: - comment: "Allow Personal Web Portal" - dst-host: google.com - server: NETACCESS1 - method: TRACE - register: walled_garden_edit - failed_when: not ( walled_garden_edit | changed ) - - - name: ALWAYS_CHANGES remove walled-garden - mt_hotspot: - hostname: "{{ mt_hostname }}" - username: "{{ mt_user }}" - password: "{{ mt_pass }}" - state: absent - parameter: walled-garden - settings: - comment: "Allow Personal Web Portal" - register: walled_garden_rem - failed_when: ( - not ansible_check_mode - ) and ( - not ( walled_garden_rem | changed ) - ) - - - name: ALWAYS_CHANGES remove a hotspot - mt_hotspot: - hostname: "{{ mt_hostname }}" - username: "{{ mt_user }}" - password: "{{ mt_pass }}" - parameter: hotspot - state: absent - settings: - name: NETACCESS1 - register: hotspot_rem - failed_when: ( - not ansible_check_mode - ) and ( - not ( hotspot_rem | changed ) - ) - - - name: ALWAYS_CHANGES remove a hotspot profile - mt_hotspot: - hostname: "{{ mt_hostname }}" - username: "{{ mt_user }}" - password: "{{ mt_pass }}" - parameter: profile - state: absent - settings: - name: Hotspot1 - register: profile_rem - failed_when: ( - not ansible_check_mode - ) and ( - not ( profile_rem | changed ) - ) + - include: tasks/hotspot-tests.yml tags: hotspot ###################