HEX

File: //lib/python3.9/site-packages/ansible_collections/dellemc/os10/roles/os10_aaa/templates/os10_aaa.j2
#jinja2: trim_blocks: True,lstrip_blocks: True
{#############################################
Purpose:
Configure AAA commands for os10 Devices

os10_aaa:
  radius_server:
        retransmit: 5
        timeout: 10
        host:
          - ip: 2001:4898:f0:f09b::1001
            key: 0
            value: "abc"
            auth_port: 3
        state: present
  tacacs_server:
        host:
          - ip: 2001:4898:f0:f09b::1001
            key: 0
            value: "abc"
            auth_port: 3
        state: present
        timeout: 6
  aaa_authentication:
        login:
          - console: true
            type: group radius group tacacs+ local
            state: present
        re_authenticate: true
  aaa_accounting:
        accounting:
          - accounting_type: commands
            connection_type: console
            account_mode: start-stop
            server_group: group tacacs+
            state: present

##################################################}
{% if os10_aaa is defined and os10_aaa %}
  {% if os10_aaa.radius_server is defined and os10_aaa.radius_server %} 
    {% set item = os10_aaa.radius_server %}
      {% if item.retransmit is defined and item.retransmit %}
radius-server retransmit {{ item.retransmit }}
      {% else %}
no radius-server retransmit 
      {% endif %}
      {% if item.timeout is defined and item.timeout %}
radius-server timeout {{ item.timeout }}
      {% else %}
no radius-server timeout
      {% endif %}
      {% if item.host is defined and item.host %}
        {% for it in item.host %}
          {% if it.ip is defined and it.ip %}
            {% if it.state is defined and it.state == "absent" %}
no radius-server host {{ it.ip }}
            {% else %}
              {% if it.auth_port is defined and it.auth_port %}
radius-server host {{ it.ip }} auth-port {{ it.auth_port }} key {{ it.key }} {{ it.value }}
              {% else  %}
radius-server host {{ it.ip }} key {{ it.key }} {{ it.value }}
              {% endif %}
            {% endif %}
          {% endif %}
        {% endfor %}
      {% endif %}
  {% endif %}
  {% if os10_aaa.tacacs_server is defined and os10_aaa.tacacs_server %}
    {% set item = os10_aaa.tacacs_server %}
      {% if item.timeout is defined and item.timeout %}
tacacs-server timeout {{ item.timeout }}
      {% else %}
no tacacs-server timeout
      {% endif %}
      {% if item.host is defined and item.host %}
        {% for it in item.host %}
          {% if it.ip is defined and it.ip %}
            {% if item.state is defined and item.state == "absent"%}
no tacacs-server host {{it.ip}}
            {% else %}
              {% if it.auth_port is defined and it.auth_port %}
tacacs-server host {{it.ip}} auth-port {{it.auth_port}} key {{it.key}} {{it.value}}
              {% else %}
tacacs-server host {{it.ip}} key {{it.key}} {{it.value}}
              {% endif %} 
            {% endif %}    
          {% endif %}
        {% endfor %}
      {% endif %}
  {% endif %} 
  {% if os10_aaa.aaa_authentication is defined and os10_aaa.aaa_authentication %}
    {% set aaa_list = os10_aaa.aaa_authentication %}
      {% if aaa_list.login is defined and aaa_list.login %}
        {% for aaa_vars in aaa_list.login %}
          {% if aaa_vars.console is defined and aaa_vars.console %}
            {% if aaa_vars.state is defined and aaa_vars.state == "absent"%}
no aaa authentication login console
            {% else %}
              {% if aaa_vars.type is defined and aaa_vars.type %}
aaa authentication login console {{aaa_vars.type}}
              {% endif %}
            {% endif %}
          {% else %}
            {% if aaa_vars.state is defined and aaa_vars.state == "absent"%}
no aaa authentication login default
            {% else %}
              {% if aaa_vars.type is defined and aaa_vars.type %}
aaa authentication login default {{aaa_vars.type}}
              {% endif %}
            {% endif %}
          {% endif %}
        {% endfor %}
      {% endif %}  
    {% set aaa_vars = os10_aaa.aaa_authentication %}
    {% if aaa_vars.re_authenticate is defined %}
      {% if aaa_vars.re_authenticate %}
aaa re-authenticate enable
      {% else %}
no aaa re-authenticate enable
      {% endif %}
    {% endif %}
  {% endif %}
  {% if os10_aaa.aaa_accounting is defined and os10_aaa.aaa_accounting %}
    {% set acc_list = os10_aaa.aaa_accounting %}
      {% if acc_list.accounting is defined and acc_list.accounting %}
        {% for aaa_vars in acc_list.accounting %}
          {% if aaa_vars.accounting_type is defined and aaa_vars.accounting_type %}
            {% if aaa_vars.accounting_type == "commands" %}
            {% set accounting_type = aaa_vars.accounting_type + " all" %}
            {% endif %}
            {% if aaa_vars.connection_type is defined and aaa_vars.connection_type %}
              {% if aaa_vars.state is defined and aaa_vars.state == "absent"%}
no aaa accounting {{accounting_type}} {{aaa_vars.connection_type}}  
              {% else %}
                {% if aaa_vars.account_mode is defined and aaa_vars.account_mode == "none" %}
aaa accounting {{accounting_type}} {{aaa_vars.connection_type}} {{aaa_vars.account_mode}}
                {% else %}
                  {% if aaa_vars.server_group is defined and aaa_vars.server_group %}
aaa accounting {{accounting_type}} {{aaa_vars.connection_type}} {{aaa_vars.account_mode}} {{aaa_vars.server_group}}
                  {% endif %}
                {% endif %}
              {% endif %}
            {% endif %}
          {% endif %}
        {% endfor %}
      {% endif %}
  {% endif %}
{% endif %}