Merge branch 'INFRA-2127' into 'master'

inherit_mac_from_main_interface and only_vlan_id filters

See merge request !2

README.md

@@ -26,9 +26,13 @@ radius_users: []
 The `radius_users` list can be populated from CSEntry inventory by using the `csentry_inventory_to_mac_vlan_id` filter plugin:
 ```
 radius_users: "{{ hostvars | csentry_inventory_to_mac_vlan_id(domain='cslab.esss.lu.se' }}"
+# OR
+radius_users: "{{ hostvars | csentry_inventory_to_mac_vlan_id(only_vlan_id=1901, inherit_mac_from_main_interface=true) }}"
 ```
 
 The `domain` argument is used to filter the interfaces. Only interfaces part of the *cslab.esss.lu.se* domain will be returned in this case.
+The `only_vlan_id` argument is used to filter the interfaces. Only interfaces with vlan with id 1901 will be returned.
+Setting `inherit_mac_from_main_interface` to `true` will use the mac address of the main interface to render secondary interfaces without a mac address assigned in CSEntry.
 
 ## Example Playbook
 

filter_plugins/radius.py

-def csentry_inventory_to_mac_vlan_id(hostvars, domain=None):
+def csentry_inventory_to_mac_vlan_id(hostvars, domain=None, only_vlan_id=None,
+                                     inherit_mac_from_main_interface=False):
     """
     This function returns a list of mac/vlan_id from CSEntry inventory hostvars
 
@@ -8,9 +9,13 @@ def csentry_inventory_to_mac_vlan_id(hostvars, domain=None):
     for hostvar in hostvars.values():
         for interface in hostvar.get("csentry_interfaces", []):
             mac = interface.get("mac", None)
+            if mac is None and inherit_mac_from_main_interface:
+                mac = hostvar["csentry_interfaces"][0].get("mac", None)
             network = interface.get("network", {})
             interface_domain = network.get("domain", None)
             vlan_id = network.get("vlan_id", None)
+            if only_vlan_id is not None and vlan_id != only_vlan_id:
+                continue
             if domain is not None and interface_domain != domain:
                 continue
             if mac is None or vlan_id is None:

molecule/default/inventory/group_vars/molecule_group

-radius_users: "{{ hostvars | csentry_inventory_to_mac_vlan_id(domain='tn.esss.lu.se') }}"
 radius_network_clients:
   - name: cslab-mgmt-clients
     ipaddr: 172.30.0.0/23
   - name: cslab-routenet-clients
     ipaddr: 172.30.255.0/27
-

molecule/default/inventory/group_vars/molecule_group_default

+radius_users: "{{ hostvars | csentry_inventory_to_mac_vlan_id(domain='tn.esss.lu.se') }}"

molecule/default/inventory/group_vars/molecule_group_pnp

+radius_users: "{{ hostvars | csentry_inventory_to_mac_vlan_id(only_vlan_id=1901, inherit_mac_from_main_interface=true) }}"

molecule/default/inventory/host_vars/dummy-host-03

@@ -3,3 +3,6 @@ csentry_interfaces:
     network:
       domain: cslab.esss.lu.se
       vlan_id: 1900
+  - network:
+      domain: cslab.esss.lu.se
+      vlan_id: 1901

molecule/default/molecule.yml

@@ -33,3 +33,17 @@ platforms:
     command: /sbin/init
     groups:
       - molecule_group
+      - molecule_group_default
+  - name: ics-ans-role-radius-pnp
+    image: registry.esss.lu.se/ics-docker/centos-systemd:7
+    # SYS_ADMIN required to run systemctl
+    capabilities:
+      - SYS_ADMIN
+    volumes:
+      - /sys/fs/cgroup:/sys/fs/cgroup:ro
+    tmpfs:
+      - /run
+    command: /sbin/init
+    groups:
+      - molecule_group_pnp
+      - molecule_group

molecule/default/tests/test_default.py

@@ -37,14 +37,3 @@ client cslab-routenet-clients {
     secret = testing123
 }
 """.strip()
-
-
-def test_radius_authorize(host):
-    assert host.file("/etc/raddb/mods-config/files/authorize").content_string.strip() == """
-0242428a5dd9 Cleartext-Password := "0242428a5dd9",  Auth-Type := "EAP"
-        Tunnel-Type = "VLAN", Tunnel-Medium-Type = "IEEE-802", Tunnel-Private-Group-id = "1910"
-484d7ee4c7f1 Cleartext-Password := "484d7ee4c7f1",  Auth-Type := "EAP"
-        Tunnel-Type = "VLAN", Tunnel-Medium-Type = "IEEE-802", Tunnel-Private-Group-id = "1614"
-024242dc31bc Cleartext-Password := "024242dc31bc",  Auth-Type := "EAP"
-        Tunnel-Type = "VLAN", Tunnel-Medium-Type = "IEEE-802", Tunnel-Private-Group-id = "1710"
-""".strip()

molecule/default/tests/test_default_nonpnp.py

+import os
+import testinfra.utils.ansible_runner
+
+
+testinfra_hosts = testinfra.utils.ansible_runner.AnsibleRunner(
+    os.environ['MOLECULE_INVENTORY_FILE']).get_hosts('molecule_group_default')
+
+
+def test_radius_authorize(host):
+    assert host.file("/etc/raddb/mods-config/files/authorize").content_string.strip() == """
+0242428a5dd9 Cleartext-Password := "0242428a5dd9",  Auth-Type := "EAP"
+        Tunnel-Type = "VLAN", Tunnel-Medium-Type = "IEEE-802", Tunnel-Private-Group-id = "1910"
+484d7ee4c7f1 Cleartext-Password := "484d7ee4c7f1",  Auth-Type := "EAP"
+        Tunnel-Type = "VLAN", Tunnel-Medium-Type = "IEEE-802", Tunnel-Private-Group-id = "1614"
+024242dc31bc Cleartext-Password := "024242dc31bc",  Auth-Type := "EAP"
+        Tunnel-Type = "VLAN", Tunnel-Medium-Type = "IEEE-802", Tunnel-Private-Group-id = "1710"
+""".strip()

molecule/default/tests/test_default_pnp.py

+import os
+import testinfra.utils.ansible_runner
+
+
+testinfra_hosts = testinfra.utils.ansible_runner.AnsibleRunner(
+    os.environ['MOLECULE_INVENTORY_FILE']).get_hosts('molecule_group_pnp')
+
+
+def test_radiusd_running(host):
+    service = host.service("radiusd")
+    assert service.is_running
+    assert service.is_enabled
+
+
+def test_radius_authorize(host):
+    assert host.file("/etc/raddb/mods-config/files/authorize").content_string.strip() == """
+0242428a00ab Cleartext-Password := "0242428a00ab",  Auth-Type := "EAP"
+        Tunnel-Type = "VLAN", Tunnel-Medium-Type = "IEEE-802", Tunnel-Private-Group-id = "1901"
+""".strip()