From 36c4f4e0b113bffd16d67b0240e6a617ae5454ca Mon Sep 17 00:00:00 2001 From: Divya N3 Date: Wed, 14 May 2025 08:43:33 +0530 Subject: [PATCH 01/10] Update AAA module with Accounting changes --- .../network/sonic/argspec/aaa/aaa.py | 35 +++++ .../network/sonic/config/aaa/aaa.py | 106 +++++++++++++++ .../network/sonic/facts/aaa/aaa.py | 37 +++++ plugins/modules/sonic_aaa.py | 128 +++++++++++++++++- .../roles/sonic_aaa/defaults/main.yml | 63 +++++++++ 5 files changed, 368 insertions(+), 1 deletion(-) diff --git a/plugins/module_utils/network/sonic/argspec/aaa/aaa.py b/plugins/module_utils/network/sonic/argspec/aaa/aaa.py index c93f1a865..4e9e06095 100644 --- a/plugins/module_utils/network/sonic/argspec/aaa/aaa.py +++ b/plugins/module_utils/network/sonic/argspec/aaa/aaa.py @@ -67,6 +67,41 @@ def __init__(self, **kwargs): }, 'type': 'dict' }, + 'accounting': { + 'options': { + 'commands_accounting': { + 'options': { + 'accounting_method': { + 'choices': ['tacacs+', 'logging'], + 'elements': 'str', + 'type': 'list' + }, + 'accounting_record_type': { + 'choices': ['START_STOP', 'STOP_ONLY'], + 'type': 'str' + }, + 'accounting_console_exempt': {'type': 'bool'} + }, + 'type': 'dict' + }, + 'session_accounting': { + 'options': { + 'accounting_method': { + 'choices': ['tacacs+', 'logging'], + 'elements': 'str', + 'type': 'list' + }, + 'accounting_record_type': { + 'choices': ['START_STOP', 'STOP_ONLY'], + 'type': 'str' + }, + 'accounting_console_exempt': {'type': 'bool'} + }, + 'type': 'dict' + } + }, + 'type': 'dict' + }, 'name_service': { 'options': { 'group': { diff --git a/plugins/module_utils/network/sonic/config/aaa/aaa.py b/plugins/module_utils/network/sonic/config/aaa/aaa.py index c031acceb..47197769d 100644 --- a/plugins/module_utils/network/sonic/config/aaa/aaa.py +++ b/plugins/module_utils/network/sonic/config/aaa/aaa.py @@ -38,6 +38,9 @@ AAA_AUTHENTICATION_PATH = '/data/openconfig-system:system/aaa/authentication/config' AAA_AUTHORIZATION_PATH = '/data/openconfig-system:system/aaa/authorization' +AAA_COMMANDS_ACCOUNTING_PATH = '/data/openconfig-system:system/aaa/accounting/openconfig-system-ext:commands/config' +AAA_SESSION_ACCOUNTING_PATH = '/data/openconfig-system:system/aaa/accounting/openconfig-system-ext:session/config' +AA_AUTHORIZATION_PATH = '/data/openconfig-system:system/aaa/authorization' AAA_NAME_SERVICE_PATH = '/data/openconfig-system:system/aaa/openconfig-aaa-ext:name-service/config' PATCH = 'patch' DELETE = 'delete' @@ -280,6 +283,29 @@ def get_modify_aaa_requests(self, commands): payload = {'openconfig-system:config': authentication_cfg_dict} requests.append({'path': AAA_AUTHENTICATION_PATH, 'method': PATCH, 'data': payload}) + # Accounting modification handling + accounting = commands.get('accounting') + if accounting: + for acct_key, path in [ + ('commands_accounting', AAA_COMMANDS_ACCOUNTING_PATH), + ('session_accounting', AAA_SESSION_ACCOUNTING_PATH) + ]: + acct_data = accounting.get(acct_key) + if acct_data: + accounting_cfg_dict = {} + accounting_method = acct_data.get('accounting_method') + accounting_record_type = acct_data.get('accounting_record_type') + accounting_console_exempt = acct_data.get('accounting_console_exempt') + if accounting_method: + accounting_cfg_dict['accounting-method'] = accounting_method + if accounting_record_type: + accounting_cfg_dict['accounting-record-type'] = accounting_record_type + if accounting_console_exempt is not None: + accounting_cfg_dict['accounting-console-exempt'] = accounting_console_exempt + if accounting_cfg_dict: + payload = {'openconfig-system-ext:config': accounting_cfg_dict} + requests.append({'path': path, 'method': PATCH, 'data': payload}) + # Authorization modification handling authorization = commands.get('authorization') if authorization: @@ -331,6 +357,8 @@ def get_delete_aaa_requests(self, commands, is_delete_all): requests.append(self.get_delete_request(AAA_AUTHENTICATION_PATH, None)) requests.append(self.get_delete_request(AAA_AUTHORIZATION_PATH, None)) requests.append(self.get_delete_request(AAA_NAME_SERVICE_PATH, None)) + requests.append(self.get_delete_request(AAA_COMMANDS_ACCOUNTING_PATH, None)) + requests.append(self.get_delete_request(AAA_SESSION_ACCOUNTING_PATH, None)) return requests # Authentication deletion handling @@ -349,6 +377,23 @@ def get_delete_aaa_requests(self, commands, is_delete_all): if failthrough is not None: requests.append(self.get_delete_request(AAA_AUTHENTICATION_PATH, 'failthrough')) + # Accounting deletion handling + accounting = commands.get('accounting') + if accounting: + for acct_key, path in [ + ('commands_accounting', AAA_COMMANDS_ACCOUNTING_PATH), + ('session_accounting', AAA_SESSION_ACCOUNTING_PATH) + ]: + acct_data = accounting.get(acct_key) + if acct_data: + if acct_data.get('accounting_method'): + requests.append(self.get_delete_request(path, 'accounting-method')) + if acct_data.get('accounting_record_type'): + requests.append(self.get_delete_request(path, 'accounting-record-type')) + # Default is false + if acct_data.get('accounting_console_exempt'): + requests.append(self.get_delete_request(path, 'accounting-console-exempt')) + # Authorization deletion handling authorization = commands.get('authorization') if authorization: @@ -422,6 +467,39 @@ def get_diff_aaa(self, base_cfg, compare_cfg): else: cfg_dict['authentication'] = authentication + # Accounting diff handling + accounting = base_cfg.get('accounting') + if accounting: + accounting_dict = {} + for acct_type in ['commands_accounting', 'session_accounting']: + acct = accounting.get(acct_type) + if acct: + accounting_method = acct.get('accounting_method') + accounting_record_type = acct.get('accounting_record_type') + accounting_console_exempt = acct.get('accounting_console_exempt') + compare_accounting = compare_cfg.get('accounting') + if compare_accounting: + compare_acct = compare_accounting.get(acct_type) + if compare_acct: + acct_dict = {} + compare_accounting_method = compare_acct.get('accounting_method') + compare_accounting_record_type = compare_acct.get('accounting_record_type') + compare_accounting_console_exempt = compare_acct.get('accounting_console_exempt') + if accounting_method and accounting_method != compare_accounting_method: + acct_dict['accounting_method'] = accounting_method + if accounting_record_type and accounting_record_type != compare_accounting_record_type: + acct_dict['accounting_record_type'] = accounting_record_type + if accounting_console_exempt is not None and accounting_console_exempt != compare_accounting_console_exempt: + acct_dict['accounting_console_exempt'] = accounting_console_exempt + if acct_dict: + accounting_dict[acct_type] = acct_dict + else: + accounting_dict[acct_type] = acct + else: + accounting_dict[acct_type] = acct + if accounting_dict: + cfg_dict['accounting'] = accounting_dict + # Authorization diff handling authorization = base_cfg.get('authorization') if authorization: @@ -483,15 +561,19 @@ def get_replaced_config(self, want, have): self.remove_default_entries(have) authentication = want.get('authentication') authorization = want.get('authorization') + accounting = want.get('accounting') name_service = want.get('name_service') cfg_authentication = have.get('authentication') cfg_authorization = have.get('authorization') + cfg_accounting = have.get('accounting') cfg_name_service = have.get('name_service') if authentication and cfg_authentication and authentication != cfg_authentication: config_dict['authentication'] = cfg_authentication if authorization and cfg_authorization and authorization != cfg_authorization: config_dict['authorization'] = cfg_authorization + if accounting and cfg_accounting and accounting != cfg_accounting: + config_dict['accounting'] = cfg_accounting if name_service and cfg_name_service and name_service != cfg_name_service: config_dict['name_service'] = cfg_name_service @@ -501,6 +583,7 @@ def post_process_generated_config(self, data): if data: authentication = data.get('authentication') authorization = data.get('authorization') + accounting = data.get('accounting') name_service = data.get('name_service') if authentication: @@ -515,6 +598,19 @@ def post_process_generated_config(self, data): data['authorization'].pop('login_auth_method') if not data['authorization']: data.pop('authorization') + if accounting: + default_entries = {'accounting_console_exempt': False} + for acct_key in ['commands_accounting', 'session_accounting']: + acct_data = accounting.get(acct_key) + if acct_data: + if 'accounting_method' in acct_data and not acct_data['accounting_method']: + acct_data.pop('accounting_method') + for option, value in default_entries.items(): + acct_data.setdefault(option, value) + if acct_data == default_entries: + accounting.pop(acct_key) + if not accounting: + data.pop('accounting') if name_service: for method in ('group', 'netgroup', 'passwd', 'shadow', 'sudoers'): if method in name_service and not name_service[method]: @@ -529,3 +625,13 @@ def remove_default_entries(self, data): authentication.pop('console_auth_local') if not authentication: data.pop('authentication') + accounting = data.get('accounting') + if accounting: + for acct_key in ['commands_accounting', 'session_accounting']: + acct_data = accounting.get(acct_key) + if acct_data and acct_data.get('accounting_console_exempt') is False: + acct_data.pop('accounting_console_exempt') + if not acct_data: + accounting.pop(acct_key) + if not accounting: + data.pop('accounting') diff --git a/plugins/module_utils/network/sonic/facts/aaa/aaa.py b/plugins/module_utils/network/sonic/facts/aaa/aaa.py index 528a34ec8..796c8bde8 100644 --- a/plugins/module_utils/network/sonic/facts/aaa/aaa.py +++ b/plugins/module_utils/network/sonic/facts/aaa/aaa.py @@ -122,6 +122,43 @@ def update_aaa(self, module): if authorization_dict: config_dict['authorization'] = authorization_dict + # Accounting configuration handling + accounting_dict = {} + commands_acct_cfg = self.get_config(module, 'accounting/openconfig-system-ext:commands/config', 'openconfig-system-ext:config') + if commands_acct_cfg: + commands_acct_dict = {} + accounting_method = commands_acct_cfg.get('accounting-method') + accounting_record_type = commands_acct_cfg.get('accounting-record-type') + accounting_console_exempt = commands_acct_cfg.get('accounting-console-exempt') + + if accounting_method: + commands_acct_dict['accounting_method'] = accounting_method + if accounting_record_type: + commands_acct_dict['accounting_record_type'] = accounting_record_type + if accounting_console_exempt is not None: + commands_acct_dict['accounting_console_exempt'] = accounting_console_exempt + if commands_acct_dict: + accounting_dict['commands_accounting'] = commands_acct_dict + + session_acct_cfg = self.get_config(module, 'accounting/openconfig-system-ext:session/config', 'openconfig-system-ext:config') + if session_acct_cfg: + session_acct_dict = {} + accounting_method = session_acct_cfg.get('accounting-method') + accounting_record_type = session_acct_cfg.get('accounting-record-type') + accounting_console_exempt = session_acct_cfg.get('accounting-console-exempt') + + if accounting_method: + session_acct_dict['accounting_method'] = accounting_method + if accounting_record_type: + session_acct_dict['accounting_record_type'] = accounting_record_type + if accounting_console_exempt is not None: + session_acct_dict['accounting_console_exempt'] = accounting_console_exempt + if session_acct_dict: + accounting_dict['session_accounting'] = session_acct_dict + + if accounting_dict: + config_dict['accounting'] = accounting_dict + # Name-service configuration handling name_service_cfg = self.get_config(module, 'openconfig-aaa-ext:name-service/config', 'openconfig-aaa-ext:config') if name_service_cfg: diff --git a/plugins/modules/sonic_aaa.py b/plugins/modules/sonic_aaa.py index a01404d0e..48cb35cf9 100644 --- a/plugins/modules/sonic_aaa.py +++ b/plugins/modules/sonic_aaa.py @@ -70,6 +70,56 @@ type: list elements: str choices: ['ldap', 'local'] + accounting: + description: + - AAA accounting configuration. + type: dict + version_added: 3.1.0 + suboptions: + commands_accounting: + description: + - AAA commands accounting configuration. + type: dict + suboptions: + accounting_method: + description: + - Specifies the order of methods in which to perform accounting. + type: list + elements: str + choices: ['tacacs+', 'logging'] + accounting_record_type: + description: + - Specifies the type of record to be sent to the accounting server. + type: str + choices: + - START_STOP + - STOP_ONLY + accounting_console_exempt: + description: + - Exempts accounting of events from console. + type: bool + session_accounting: + description: + - AAA session accounting configuration. + type: dict + suboptions: + accounting_method: + description: + - Specifies the order of methods in which to perform accounting. + type: list + elements: str + choices: ['tacacs+', 'logging'] + accounting_record_type: + description: + - Specifies the type of record to be sent to the accounting server. + type: str + choices: + - START_STOP + - STOP_ONLY + accounting_console_exempt: + description: + - Exempts accounting of events from console. + type: bool name_service: description: - AAA name-service configuration @@ -139,6 +189,18 @@ login_auth_method: - local - ldap + accounting: + commands_accounting: + accounting_method: + - tacacs+ + - logging + accounting_record_type: 'START_STOP' + accounting_console_exempt: true + session_accounting: + accounting_method: + - logging + accounting_record_type: 'STOP_ONLY' + accounting_console_exempt: true name_service: group: - ldap @@ -168,6 +230,11 @@ # login : local, ldap # commands : local, tacacs+ # --------------------------------------------------------- +# AAA Accounting Information +# --------------------------------------------------------- +# commands : tacacs+, logging (start-stop, console-disabled) +# session : logging (stop-only, console-disabled) +# --------------------------------------------------------- # AAA Name-Service Information # --------------------------------------------------------- # group-method : ldap @@ -195,6 +262,11 @@ # login : local, ldap # commands : local, tacacs+ # --------------------------------------------------------- +# AAA Accounting Information +# --------------------------------------------------------- +# commands : tacacs+, logging (start-stop, console-disabled) +# session : logging (stop-only, console-disabled) +# --------------------------------------------------------- # AAA Name-Service Information # --------------------------------------------------------- # group-method : ldap @@ -212,6 +284,12 @@ authorization: commands_auth_method: - local + accounting: + commands_accounting: + accounting_method: + - tacacs+ + session_accounting: + accounting_record_type: 'START_STOP' name_service: group: - ldap @@ -232,6 +310,11 @@ # --------------------------------------------------------- # login : local # --------------------------------------------------------- +# AAA Accounting Information +# --------------------------------------------------------- +# commands : tacacs+ (start-stop, console-disabled) +# session : logging (start-stop, console-disabled) +# --------------------------------------------------------- # AAA Name-Service Information # --------------------------------------------------------- # group-method : ldap @@ -255,6 +338,11 @@ # login : local, ldap # commands : local, tacacs+ # --------------------------------------------------------- +# AAA Accounting Information +# --------------------------------------------------------- +# commands : tacacs+ (start-stop, console-disabled) +# session : logging (start-stop, console-disabled) +# --------------------------------------------------------- # AAA Name-Service Information # --------------------------------------------------------- # group-method : ldap @@ -271,6 +359,18 @@ - tacacs+ console_auth_local: true failthrough: true + accounting: + commands_accounting: + accounting_method: + - tacacs+ + - logging + accounting_record_type: 'STOP_ONLY' + accounting_console_exempt: true + session_accounting: + accounting_method: + - logging + accounting_record_type: 'STOP_ONLY' + accounting_console_exempt: true state: overridden # After state: @@ -283,7 +383,11 @@ # failthrough : True # login-method : tacacs+ # console authentication : local - +# --------------------------------------------------------- +# AAA Accounting Information +# --------------------------------------------------------- +# commands : tacacs+, logging (stop-only, console-disabled) +# session : logging (stop-only, console-disabled) # Using "deleted" state # @@ -303,6 +407,11 @@ # login : local, ldap # commands : local, tacacs+ # --------------------------------------------------------- +# AAA Accounting Information +# --------------------------------------------------------- +# commands : tacacs+, logging (stop-only, console-disabled) +# session : logging (stop-only, console-disabled) +# --------------------------------------------------------- # AAA Name-Service Information # --------------------------------------------------------- # group-method : ldap @@ -327,6 +436,18 @@ login_auth_method: - local - ldap + accounting: + commands_accounting: + accounting_method: + - tacacs+ + - logging + accounting_record_type: 'STOP_ONLY' + accounting_console_exempt: true + session_accounting: + accounting_method: + - logging + accounting_record_type: 'STOP_ONLY' + accounting_console_exempt: true name_service: group: - ldap @@ -365,6 +486,11 @@ # login : local, ldap # commands : local, tacacs+ # --------------------------------------------------------- +# AAA Accounting Information +# --------------------------------------------------------- +# commands : tacacs+, logging (stop-only, console-disabled) +# session : logging (stop-only, console-disabled) +# --------------------------------------------------------- # AAA Name-Service Information # --------------------------------------------------------- # group-method : ldap diff --git a/tests/regression/roles/sonic_aaa/defaults/main.yml b/tests/regression/roles/sonic_aaa/defaults/main.yml index 9655b7f7c..a53705f62 100644 --- a/tests/regression/roles/sonic_aaa/defaults/main.yml +++ b/tests/regression/roles/sonic_aaa/defaults/main.yml @@ -12,6 +12,18 @@ sonic_aaa_tests: - ldap console_auth_local: true failthrough: true + accounting: + commands_accounting: + accounting_method: + - tacacs+ + - logging + accounting_record_type: 'START_STOP' + accounting_console_exempt: true + session_accounting: + accounting_method: + - logging + accounting_record_type: 'STOP_ONLY' + accounting_console_exempt: true authorization: commands_auth_method: - local @@ -49,6 +61,15 @@ sonic_aaa_tests: - tacacs+ console_auth_local: false failthrough: false + accounting: + commands_accounting: + accounting_method: + - logging + accounting_record_type: 'STOP_ONLY' + session_accounting: + accounting_method: + - tacacs+ + - logging authorization: commands_auth_method: - tacacs+ @@ -77,6 +98,15 @@ sonic_aaa_tests: input: authentication: console_auth_local: true + accounting: + commands_accounting: + accounting_method: + - tacacs+ + accounting_console_exempt: True + session_accounting: + accounting_method: + - logging + accounting_record_type: 'STOP_ONLY' authorization: login_auth_method: - local @@ -94,6 +124,17 @@ sonic_aaa_tests: - radius console_auth_local: true failthrough: true + accounting: + commands_accounting: + accounting_method: + - tacacs+ + accounting_record_type: 'START_STOP' + accounting_console_exempt: true + session_accounting: + accounting_method: + - logging + accounting_record_type: 'START_STOP' + accounting_console_exempt: true authorization: commands_auth_method: - local @@ -131,6 +172,15 @@ sonic_aaa_tests: - radius console_auth_local: true failthrough: true + accounting: + commands_accounting: + accounting_method: + - tacacs+ + accounting_record_type: 'START_STOP' + session_accounting: + accounting_method: + - logging + accounting_console_exempt: true authorization: commands_auth_method: - local @@ -168,6 +218,19 @@ sonic_aaa_tests: - tacacs+ console_auth_local: false failthrough: false + accounting: + commands_accounting: + accounting_method: + - logging + - tacacs+ + accounting_record_type: 'START_STOP' + accounting_console_exempt: true + session_accounting: + accounting_method: + - logging + - tacacs+ + accounting_record_type: 'STOP_ONLY' + accounting_console_exempt: true authorization: commands_auth_method: - tacacs+ From 1ac17588228dbb1e9d31ea60a107d5bc5c59411c Mon Sep 17 00:00:00 2001 From: Divya N3 Date: Thu, 15 May 2025 07:26:18 +0530 Subject: [PATCH 02/10] Added fragment --- changelogs/fragments/559-aaa-accounting-support.yaml | 3 +++ 1 file changed, 3 insertions(+) create mode 100644 changelogs/fragments/559-aaa-accounting-support.yaml diff --git a/changelogs/fragments/559-aaa-accounting-support.yaml b/changelogs/fragments/559-aaa-accounting-support.yaml new file mode 100644 index 000000000..79c809bdf --- /dev/null +++ b/changelogs/fragments/559-aaa-accounting-support.yaml @@ -0,0 +1,3 @@ +--- +minor_changes: + - sonic_aaa - Add Accounting support for AAA module (https://github.com/ansible-collections/dellemc.enterprise_sonic/pull/559). From bd41333b4240e56b4739964f3ac29f440a971479 Mon Sep 17 00:00:00 2001 From: Divya N3 Date: Thu, 15 May 2025 15:51:34 +0530 Subject: [PATCH 03/10] UT for AAA accounting --- .../network/sonic/fixtures/sonic_aaa.yaml | 194 +++++++++++++++++- 1 file changed, 192 insertions(+), 2 deletions(-) diff --git a/tests/unit/modules/network/sonic/fixtures/sonic_aaa.yaml b/tests/unit/modules/network/sonic/fixtures/sonic_aaa.yaml index 46c194b43..5745d8d71 100644 --- a/tests/unit/modules/network/sonic/fixtures/sonic_aaa.yaml +++ b/tests/unit/modules/network/sonic/fixtures/sonic_aaa.yaml @@ -17,6 +17,18 @@ merged_01: login_auth_method: - local - ldap + accounting: + commands_accounting: + accounting_method: + - logging + accounting_record_type: 'START_STOP' + accounting_console_exempt: true + session_accounting: + accounting_method: + - logging + - tacacs+ + accounting_record_type: 'STOP_ONLY' + accounting_console_exempt: true name_service: group: - ldap @@ -46,6 +58,12 @@ merged_01: - path: '/data/openconfig-system:system/aaa/authorization/openconfig-aaa-ext:login/config/authorization-method' response: code: 200 + - path: '/data/openconfig-system:system/aaa/accounting/openconfig-system-ext:commands/config' + response: + code: 200 + - path: '/data/openconfig-system:system/aaa/accounting/openconfig-system-ext:session/config' + response: + code: 200 - path: '/data/openconfig-system:system/aaa/openconfig-aaa-ext:name-service/config' response: code: 200 @@ -75,6 +93,23 @@ merged_01: authorization-method: - local - ldap + - path: '/data/openconfig-system:system/aaa/accounting/openconfig-system-ext:commands/config' + method: 'patch' + data: + openconfig-system-ext:config: + accounting-method: + - logging + accounting-record-type: 'START_STOP' + accounting-console-exempt: true + - path: '/data/openconfig-system:system/aaa/accounting/openconfig-system-ext:session/config' + method: 'patch' + data: + openconfig-system-ext:config: + accounting-method: + - logging + - tacacs+ + accounting-record-type: 'STOP_ONLY' + accounting-console-exempt: true - path: '/data/openconfig-system:system/aaa/openconfig-aaa-ext:name-service/config' method: 'patch' data: @@ -109,6 +144,11 @@ replaced_01: authorization: commands_auth_method: - local + accounting: + commands_accounting: + accounting_record_type: 'STOP_ONLY' + session_accounting: + accounting_record_type: 'START_STOP' name_service: group: - local @@ -133,7 +173,6 @@ replaced_01: openconfig-aaa-tacacsplus-ext:authorization-method: - local - tacacs+ - - path: '/data/openconfig-system:system/aaa/authorization/openconfig-aaa-ext:login/config/authorization-method' response: code: 200 @@ -141,6 +180,25 @@ replaced_01: openconfig-aaa-ext:authorization-method: - local - ldap + - path: '/data/openconfig-system:system/aaa/accounting/openconfig-system-ext:commands/config' + response: + code: 200 + value: + openconfig-system-ext:config: + accounting-method: + - logging + accounting-record-type: 'START_STOP' + accounting-console-exempt: true + - path: '/data/openconfig-system:system/aaa/accounting/openconfig-system-ext:session/config' + response: + code: 200 + value: + openconfig-system-ext:config: + accounting-method: + - logging + - tacacs+ + accounting-record-type: 'STOP_ONLY' + accounting-console-exempt: true - path: '/data/openconfig-system:system/aaa/openconfig-aaa-ext:name-service/config' response: code: 200 @@ -171,6 +229,12 @@ replaced_01: - path: '/data/openconfig-system:system/aaa/authorization' method: 'delete' data: + - path: '/data/openconfig-system:system/aaa/accounting/openconfig-system-ext:commands/config' + method: 'delete' + data: + - path: '/data/openconfig-system:system/aaa/accounting/openconfig-system-ext:session/config' + method: 'delete' + data: - path: '/data/openconfig-system:system/aaa/openconfig-aaa-ext:name-service/config' method: 'delete' data: @@ -190,6 +254,16 @@ replaced_01: config: authorization-method: - local + - path: '/data/openconfig-system:system/aaa/accounting/openconfig-system-ext:commands/config' + method: 'patch' + data: + openconfig-system-ext:config: + accounting-record-type: 'STOP_ONLY' + - path: '/data/openconfig-system:system/aaa/accounting/openconfig-system-ext:session/config' + method: 'patch' + data: + openconfig-system-ext:config: + accounting-record-type: 'START_STOP' - path: '/data/openconfig-system:system/aaa/openconfig-aaa-ext:name-service/config' method: 'patch' data: @@ -215,6 +289,17 @@ overridden_01: login_auth_method: - local - ldap + accounting: + commands_accounting: + accounting_method: + - tacacs+ + accounting_record_type: 'START_STOP' + accounting_console_exempt: true + session_accounting: + accounting_method: + - logging + accounting_record_type: 'STOP_ONLY' + accounting_console_exempt: true name_service: group: - ldap @@ -251,6 +336,18 @@ overridden_01: - path: '/data/openconfig-system:system/aaa/authorization/openconfig-aaa-ext:login/config/authorization-method' response: code: 200 + - path: '/data/openconfig-system:system/aaa/accounting/openconfig-system-ext:commands/config' + response: + code: + value: + openconfig-system-ext:config: + accounting-record-type: 'STOP_ONLY' + - path: '/data/openconfig-system:system/aaa/accounting/openconfig-system-ext:session/config' + response: + code: + value: + openconfig-system-ext:config: + accounting-record-type: 'START_STOP' - path: '/data/openconfig-system:system/aaa/openconfig-aaa-ext:name-service/config' response: code: @@ -265,6 +362,12 @@ overridden_01: - path: '/data/openconfig-system:system/aaa/authorization' method: 'delete' data: + - path: '/data/openconfig-system:system/aaa/accounting/openconfig-system-ext:commands/config' + method: 'delete' + data: + - path: '/data/openconfig-system:system/aaa/accounting/openconfig-system-ext:session/config' + method: 'delete' + data: - path: '/data/openconfig-system:system/aaa/openconfig-aaa-ext:name-service/config' method: 'delete' data: @@ -293,6 +396,22 @@ overridden_01: authorization-method: - local - ldap + - path: '/data/openconfig-system:system/aaa/accounting/openconfig-system-ext:commands/config' + method: 'patch' + data: + openconfig-system-ext:config: + accounting-method: + - tacacs+ + accounting-record-type: 'START_STOP' + accounting-console-exempt: true + - path: '/data/openconfig-system:system/aaa/accounting/openconfig-system-ext:session/config' + method: 'patch' + data: + openconfig-system-ext:config: + accounting-method: + - logging + accounting-record-type: 'STOP_ONLY' + accounting-console-exempt: true - path: '/data/openconfig-system:system/aaa/openconfig-aaa-ext:name-service/config' method: 'patch' data: @@ -334,6 +453,17 @@ deleted_01: login_auth_method: - local - ldap + accounting: + commands_accounting: + accounting_method: + - tacacs+ + accounting_record_type: 'START_STOP' + accounting_console_exempt: true + session_accounting: + accounting_method: + - logging + accounting_record_type: 'STOP_ONLY' + accounting_console_exempt: true name_service: group: - ldap @@ -374,7 +504,24 @@ deleted_01: openconfig-aaa-tacacsplus-ext:authorization-method: - local - tacacs+ - + - path: '/data/openconfig-system:system/aaa/accounting/openconfig-system-ext:commands/config' + response: + code: 200 + value: + openconfig-system-ext:config: + accounting-method: + - tacacs+ + accounting-record-type: 'START_STOP' + accounting-console-exempt: true + - path: '/data/openconfig-system:system/aaa/accounting/openconfig-system-ext:session/config' + response: + code: 200 + value: + openconfig-system-ext:config: + accounting-method: + - logging + accounting-record-type: 'STOP_ONLY' + accounting-console-exempt: true - path: '/data/openconfig-system:system/aaa/authorization/openconfig-aaa-ext:login/config/authorization-method' response: code: 200 @@ -427,6 +574,24 @@ deleted_01: - path: '/data/openconfig-system:system/aaa/authorization/openconfig-aaa-ext:login/config/authorization-method' method: 'delete' data: + - path: '/data/openconfig-system:system/aaa/accounting/openconfig-system-ext:commands/config/accounting-method' + method: 'delete' + data: + - path: '/data/openconfig-system:system/aaa/accounting/openconfig-system-ext:commands/config/accounting-record-type' + method: 'delete' + data: + - path: '/data/openconfig-system:system/aaa/accounting/openconfig-system-ext:commands/config/accounting-console-exempt' + method: 'delete' + data: + - path: '/data/openconfig-system:system/aaa/accounting/openconfig-system-ext:session/config/accounting-method' + method: 'delete' + data: + - path: '/data/openconfig-system:system/aaa/accounting/openconfig-system-ext:session/config/accounting-record-type' + method: 'delete' + data: + - path: '/data/openconfig-system:system/aaa/accounting/openconfig-system-ext:session/config/accounting-console-exempt' + method: 'delete' + data: - path: '/data/openconfig-system:system/aaa/openconfig-aaa-ext:name-service/config/group-method' method: 'delete' data: @@ -474,6 +639,25 @@ deleted_02: openconfig-aaa-ext:authorization-method: - local - ldap + - path: '/data/openconfig-system:system/aaa/accounting/openconfig-system-ext:commands/config' + response: + code: 200 + value: + openconfig-system-ext:config: + accounting-method: + - tacacs+ + - logging + accounting-record-type: 'START_STOP' + accounting-console-exempt: true + - path: '/data/openconfig-system:system/aaa/accounting/openconfig-system-ext:session/config' + response: + code: 200 + value: + openconfig-system-ext:config: + accounting-method: + - tacacs+ + accounting-record-type: 'START_STOP' + accounting-console-exempt: true - path: '/data/openconfig-system:system/aaa/openconfig-aaa-ext:name-service/config' response: code: 200 @@ -504,6 +688,12 @@ deleted_02: - path: '/data/openconfig-system:system/aaa/authorization' method: 'delete' data: + - path: '/data/openconfig-system:system/aaa/accounting/openconfig-system-ext:commands/config' + method: 'delete' + data: + - path: '/data/openconfig-system:system/aaa/accounting/openconfig-system-ext:session/config' + method: 'delete' + data: - path: '/data/openconfig-system:system/aaa/openconfig-aaa-ext:name-service/config' method: 'delete' data: From 33468dfc906bbf9ebf1dd4cc652889538a44e40d Mon Sep 17 00:00:00 2001 From: Divya N3 Date: Fri, 6 Jun 2025 16:00:05 +0530 Subject: [PATCH 04/10] Addressing review comments --- .../fragments/559-aaa-accounting-support.yaml | 2 +- .../network/sonic/config/aaa/aaa.py | 16 ++++++++-------- plugins/modules/sonic_aaa.py | 18 +++++++++--------- 3 files changed, 18 insertions(+), 18 deletions(-) diff --git a/changelogs/fragments/559-aaa-accounting-support.yaml b/changelogs/fragments/559-aaa-accounting-support.yaml index 79c809bdf..131577cbe 100644 --- a/changelogs/fragments/559-aaa-accounting-support.yaml +++ b/changelogs/fragments/559-aaa-accounting-support.yaml @@ -1,3 +1,3 @@ --- minor_changes: - - sonic_aaa - Add Accounting support for AAA module (https://github.com/ansible-collections/dellemc.enterprise_sonic/pull/559). + - sonic_aaa - Add support for accounting options (https://github.com/ansible-collections/dellemc.enterprise_sonic/pull/559). diff --git a/plugins/module_utils/network/sonic/config/aaa/aaa.py b/plugins/module_utils/network/sonic/config/aaa/aaa.py index e7eb0509c..49cf67db5 100644 --- a/plugins/module_utils/network/sonic/config/aaa/aaa.py +++ b/plugins/module_utils/network/sonic/config/aaa/aaa.py @@ -41,7 +41,6 @@ AAA_AUTHORIZATION_PATH = '/data/openconfig-system:system/aaa/authorization' AAA_COMMANDS_ACCOUNTING_PATH = '/data/openconfig-system:system/aaa/accounting/openconfig-system-ext:commands/config' AAA_SESSION_ACCOUNTING_PATH = '/data/openconfig-system:system/aaa/accounting/openconfig-system-ext:session/config' -AA_AUTHORIZATION_PATH = '/data/openconfig-system:system/aaa/authorization' AAA_NAME_SERVICE_PATH = '/data/openconfig-system:system/aaa/openconfig-aaa-ext:name-service/config' PATCH = 'patch' DELETE = 'delete' @@ -367,8 +366,9 @@ def get_delete_aaa_requests(self, commands, is_delete_all): requests.append(self.get_delete_request(AAA_AUTHENTICATION_PATH, None)) requests.append(self.get_delete_request(AAA_AUTHORIZATION_PATH, None)) requests.append(self.get_delete_request(AAA_NAME_SERVICE_PATH, None)) - requests.append(self.get_delete_request(AAA_COMMANDS_ACCOUNTING_PATH, None)) - requests.append(self.get_delete_request(AAA_SESSION_ACCOUNTING_PATH, None)) + if commands.get('accounting'): + requests.append(self.get_delete_request(AAA_COMMANDS_ACCOUNTING_PATH, None)) + requests.append(self.get_delete_request(AAA_SESSION_ACCOUNTING_PATH, None)) return requests # Authentication deletion handling @@ -495,7 +495,7 @@ def get_diff_aaa(self, base_cfg, compare_cfg): accounting = base_cfg.get('accounting') if accounting: accounting_dict = {} - for acct_type in ['commands_accounting', 'session_accounting']: + for acct_type in ('commands_accounting', 'session_accounting'): acct = accounting.get(acct_type) if acct: accounting_method = acct.get('accounting_method') @@ -628,7 +628,7 @@ def post_process_generated_config(self, data): data.pop('authorization') if accounting: default_entries = {'accounting_console_exempt': False} - for acct_key in ['commands_accounting', 'session_accounting']: + for acct_key in ('commands_accounting', 'session_accounting'): acct_data = accounting.get(acct_key) if acct_data: if 'accounting_method' in acct_data and not acct_data['accounting_method']: @@ -658,11 +658,11 @@ def remove_default_entries(self, data): data.pop('authentication') accounting = data.get('accounting') if accounting: - for acct_key in ['commands_accounting', 'session_accounting']: + for acct_key in ('commands_accounting', 'session_accounting'): acct_data = accounting.get(acct_key) if acct_data and acct_data.get('accounting_console_exempt') is False: acct_data.pop('accounting_console_exempt') if not acct_data: accounting.pop(acct_key) - if not accounting: - data.pop('accounting') + if not accounting: + data.pop('accounting') diff --git a/plugins/modules/sonic_aaa.py b/plugins/modules/sonic_aaa.py index d2da806a4..8a0b94a23 100644 --- a/plugins/modules/sonic_aaa.py +++ b/plugins/modules/sonic_aaa.py @@ -87,7 +87,7 @@ description: - AAA accounting configuration. type: dict - version_added: 3.1.0 + version_added: 3.2.0 suboptions: commands_accounting: description: @@ -96,7 +96,7 @@ suboptions: accounting_method: description: - - Specifies the order of methods in which to perform accounting. + - Specifies the methods in which to perform accounting. type: list elements: str choices: ['tacacs+', 'logging'] @@ -105,11 +105,11 @@ - Specifies the type of record to be sent to the accounting server. type: str choices: - - START_STOP - - STOP_ONLY + - start-stop + - stop-only accounting_console_exempt: description: - - Exempts accounting of events from console. + - Exempt accounting of events from console. type: bool session_accounting: description: @@ -118,7 +118,7 @@ suboptions: accounting_method: description: - - Specifies the order of methods in which to perform accounting. + - Specifies the methods in which to perform accounting. type: list elements: str choices: ['tacacs+', 'logging'] @@ -127,11 +127,11 @@ - Specifies the type of record to be sent to the accounting server. type: str choices: - - START_STOP - - STOP_ONLY + - start-stop + - stop-only accounting_console_exempt: description: - - Exempts accounting of events from console. + - Exempt accounting of events from console. type: bool name_service: description: From 64c4326575a181a53d9e9e8a6beeb5b53cd70259 Mon Sep 17 00:00:00 2001 From: Divya N3 Date: Fri, 6 Jun 2025 16:20:15 +0530 Subject: [PATCH 05/10] Resolved sanity failure --- plugins/module_utils/network/sonic/argspec/aaa/aaa.py | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/plugins/module_utils/network/sonic/argspec/aaa/aaa.py b/plugins/module_utils/network/sonic/argspec/aaa/aaa.py index ef3718771..c10a681d3 100644 --- a/plugins/module_utils/network/sonic/argspec/aaa/aaa.py +++ b/plugins/module_utils/network/sonic/argspec/aaa/aaa.py @@ -82,7 +82,7 @@ def __init__(self, **kwargs): 'type': 'list' }, 'accounting_record_type': { - 'choices': ['START_STOP', 'STOP_ONLY'], + 'choices': ['start-stop', 'stop-only'], 'type': 'str' }, 'accounting_console_exempt': {'type': 'bool'} @@ -97,7 +97,7 @@ def __init__(self, **kwargs): 'type': 'list' }, 'accounting_record_type': { - 'choices': ['START_STOP', 'STOP_ONLY'], + 'choices': ['start-stop', 'stop-only'], 'type': 'str' }, 'accounting_console_exempt': {'type': 'bool'} From 30cf2e9435f5ca62fbd98ba0f9823806e8f576ce Mon Sep 17 00:00:00 2001 From: Divya N3 Date: Fri, 6 Jun 2025 18:10:51 +0530 Subject: [PATCH 06/10] Addressing review comments --- .../network/sonic/config/aaa/aaa.py | 14 +++++--------- .../network/sonic/facts/aaa/aaa.py | 4 ++-- .../roles/sonic_aaa/defaults/main.yml | 18 +++++++++--------- .../network/sonic/fixtures/sonic_aaa.yaml | 16 ++++++++-------- 4 files changed, 24 insertions(+), 28 deletions(-) diff --git a/plugins/module_utils/network/sonic/config/aaa/aaa.py b/plugins/module_utils/network/sonic/config/aaa/aaa.py index 49cf67db5..2bb68288a 100644 --- a/plugins/module_utils/network/sonic/config/aaa/aaa.py +++ b/plugins/module_utils/network/sonic/config/aaa/aaa.py @@ -44,6 +44,8 @@ AAA_NAME_SERVICE_PATH = '/data/openconfig-system:system/aaa/openconfig-aaa-ext:name-service/config' PATCH = 'patch' DELETE = 'delete' +ACCOUNTING_PATHS = {'commands_accounting': AAA_COMMANDS_ACCOUNTING_PATH, + 'session_accounting': AAA_SESSION_ACCOUNTING_PATH} class Aaa(ConfigBase): @@ -295,10 +297,7 @@ def get_modify_aaa_requests(self, commands): # Accounting modification handling accounting = commands.get('accounting') if accounting: - for acct_key, path in [ - ('commands_accounting', AAA_COMMANDS_ACCOUNTING_PATH), - ('session_accounting', AAA_SESSION_ACCOUNTING_PATH) - ]: + for acct_key, path in ACCOUNTING_PATHS.items(): acct_data = accounting.get(acct_key) if acct_data: accounting_cfg_dict = {} @@ -308,7 +307,7 @@ def get_modify_aaa_requests(self, commands): if accounting_method: accounting_cfg_dict['accounting-method'] = accounting_method if accounting_record_type: - accounting_cfg_dict['accounting-record-type'] = accounting_record_type + accounting_cfg_dict['accounting-record-type'] = accounting_record_type.upper().replace('-', '_') if accounting_console_exempt is not None: accounting_cfg_dict['accounting-console-exempt'] = accounting_console_exempt if accounting_cfg_dict: @@ -396,10 +395,7 @@ def get_delete_aaa_requests(self, commands, is_delete_all): # Accounting deletion handling accounting = commands.get('accounting') if accounting: - for acct_key, path in [ - ('commands_accounting', AAA_COMMANDS_ACCOUNTING_PATH), - ('session_accounting', AAA_SESSION_ACCOUNTING_PATH) - ]: + for acct_key, path in ACCOUNTING_PATHS.items(): acct_data = accounting.get(acct_key) if acct_data: if acct_data.get('accounting_method'): diff --git a/plugins/module_utils/network/sonic/facts/aaa/aaa.py b/plugins/module_utils/network/sonic/facts/aaa/aaa.py index 518f001c8..ab34a9be2 100644 --- a/plugins/module_utils/network/sonic/facts/aaa/aaa.py +++ b/plugins/module_utils/network/sonic/facts/aaa/aaa.py @@ -140,7 +140,7 @@ def update_aaa(self, module): if accounting_method: commands_acct_dict['accounting_method'] = accounting_method if accounting_record_type: - commands_acct_dict['accounting_record_type'] = accounting_record_type + commands_acct_dict['accounting_record_type'] = accounting_record_type.lower().replace('_', '-') if accounting_console_exempt is not None: commands_acct_dict['accounting_console_exempt'] = accounting_console_exempt if commands_acct_dict: @@ -156,7 +156,7 @@ def update_aaa(self, module): if accounting_method: session_acct_dict['accounting_method'] = accounting_method if accounting_record_type: - session_acct_dict['accounting_record_type'] = accounting_record_type + session_acct_dict['accounting_record_type'] = accounting_record_type.lower().replace('_', '-') if accounting_console_exempt is not None: session_acct_dict['accounting_console_exempt'] = accounting_console_exempt if session_acct_dict: diff --git a/tests/regression/roles/sonic_aaa/defaults/main.yml b/tests/regression/roles/sonic_aaa/defaults/main.yml index 000b135c7..2e356b45d 100644 --- a/tests/regression/roles/sonic_aaa/defaults/main.yml +++ b/tests/regression/roles/sonic_aaa/defaults/main.yml @@ -18,12 +18,12 @@ sonic_aaa_tests: accounting_method: - tacacs+ - logging - accounting_record_type: 'START_STOP' + accounting_record_type: 'start-stop' accounting_console_exempt: true session_accounting: accounting_method: - logging - accounting_record_type: 'STOP_ONLY' + accounting_record_type: 'stop-only' accounting_console_exempt: true authorization: commands_auth_method: @@ -67,7 +67,7 @@ sonic_aaa_tests: commands_accounting: accounting_method: - logging - accounting_record_type: 'STOP_ONLY' + accounting_record_type: 'stop-only' session_accounting: accounting_method: - tacacs+ @@ -111,7 +111,7 @@ sonic_aaa_tests: session_accounting: accounting_method: - logging - accounting_record_type: 'STOP_ONLY' + accounting_record_type: 'stop-only' authorization: login_auth_method: - local @@ -135,12 +135,12 @@ sonic_aaa_tests: commands_accounting: accounting_method: - tacacs+ - accounting_record_type: 'START_STOP' + accounting_record_type: 'start-stop' accounting_console_exempt: true session_accounting: accounting_method: - logging - accounting_record_type: 'START_STOP' + accounting_record_type: 'start-stop' accounting_console_exempt: true authorization: commands_auth_method: @@ -185,7 +185,7 @@ sonic_aaa_tests: commands_accounting: accounting_method: - tacacs+ - accounting_record_type: 'START_STOP' + accounting_record_type: 'start-stop' session_accounting: accounting_method: - logging @@ -234,13 +234,13 @@ sonic_aaa_tests: accounting_method: - logging - tacacs+ - accounting_record_type: 'START_STOP' + accounting_record_type: 'start-stop' accounting_console_exempt: true session_accounting: accounting_method: - logging - tacacs+ - accounting_record_type: 'STOP_ONLY' + accounting_record_type: 'stop-only' accounting_console_exempt: true authorization: commands_auth_method: diff --git a/tests/unit/modules/network/sonic/fixtures/sonic_aaa.yaml b/tests/unit/modules/network/sonic/fixtures/sonic_aaa.yaml index 5745d8d71..14ae0377e 100644 --- a/tests/unit/modules/network/sonic/fixtures/sonic_aaa.yaml +++ b/tests/unit/modules/network/sonic/fixtures/sonic_aaa.yaml @@ -21,13 +21,13 @@ merged_01: commands_accounting: accounting_method: - logging - accounting_record_type: 'START_STOP' + accounting_record_type: 'start-stop' accounting_console_exempt: true session_accounting: accounting_method: - logging - tacacs+ - accounting_record_type: 'STOP_ONLY' + accounting_record_type: 'stop-only' accounting_console_exempt: true name_service: group: @@ -146,9 +146,9 @@ replaced_01: - local accounting: commands_accounting: - accounting_record_type: 'STOP_ONLY' + accounting_record_type: 'stop-only' session_accounting: - accounting_record_type: 'START_STOP' + accounting_record_type: 'start-stop' name_service: group: - local @@ -293,12 +293,12 @@ overridden_01: commands_accounting: accounting_method: - tacacs+ - accounting_record_type: 'START_STOP' + accounting_record_type: 'start-stop' accounting_console_exempt: true session_accounting: accounting_method: - logging - accounting_record_type: 'STOP_ONLY' + accounting_record_type: 'stop-only' accounting_console_exempt: true name_service: group: @@ -457,12 +457,12 @@ deleted_01: commands_accounting: accounting_method: - tacacs+ - accounting_record_type: 'START_STOP' + accounting_record_type: 'start-stop' accounting_console_exempt: true session_accounting: accounting_method: - logging - accounting_record_type: 'STOP_ONLY' + accounting_record_type: 'stop-only' accounting_console_exempt: true name_service: group: From d110cd8f83dce79984147acd16ec80ceb86dbbbe Mon Sep 17 00:00:00 2001 From: Divya N3 Date: Mon, 9 Jun 2025 13:05:40 +0530 Subject: [PATCH 07/10] Addressing review comment --- plugins/modules/sonic_aaa.py | 14 +++++++------- 1 file changed, 7 insertions(+), 7 deletions(-) diff --git a/plugins/modules/sonic_aaa.py b/plugins/modules/sonic_aaa.py index 8a0b94a23..b79fa05fc 100644 --- a/plugins/modules/sonic_aaa.py +++ b/plugins/modules/sonic_aaa.py @@ -218,12 +218,12 @@ accounting_method: - tacacs+ - logging - accounting_record_type: 'START_STOP' + accounting_record_type: 'start-stop' accounting_console_exempt: true session_accounting: accounting_method: - logging - accounting_record_type: 'STOP_ONLY' + accounting_record_type: 'stop-only' accounting_console_exempt: true name_service: group: @@ -336,7 +336,7 @@ accounting_method: - tacacs+ session_accounting: - accounting_record_type: 'START_STOP' + accounting_record_type: 'start-stop' name_service: group: - ldap @@ -433,12 +433,12 @@ accounting_method: - tacacs+ - logging - accounting_record_type: 'STOP_ONLY' + accounting_record_type: 'stop-only' accounting_console_exempt: true session_accounting: accounting_method: - logging - accounting_record_type: 'STOP_ONLY' + accounting_record_type: 'stop-only' accounting_console_exempt: true state: overridden @@ -532,12 +532,12 @@ accounting_method: - tacacs+ - logging - accounting_record_type: 'STOP_ONLY' + accounting_record_type: 'stop-only' accounting_console_exempt: true session_accounting: accounting_method: - logging - accounting_record_type: 'STOP_ONLY' + accounting_record_type: 'stop-only' accounting_console_exempt: true name_service: group: From b16bea7379bea81e1b7c05d5fa91f1cf306d79ff Mon Sep 17 00:00:00 2001 From: Divya N3 Date: Tue, 11 Nov 2025 16:15:31 +0530 Subject: [PATCH 08/10] Updating version --- plugins/modules/sonic_aaa.py | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/plugins/modules/sonic_aaa.py b/plugins/modules/sonic_aaa.py index b79fa05fc..d26d61cfe 100644 --- a/plugins/modules/sonic_aaa.py +++ b/plugins/modules/sonic_aaa.py @@ -87,7 +87,7 @@ description: - AAA accounting configuration. type: dict - version_added: 3.2.0 + version_added: 4.0.0 suboptions: commands_accounting: description: From a42293c3f9d6ccaa335dc0b5480dc1f259dc783e Mon Sep 17 00:00:00 2001 From: Divya N3 Date: Tue, 11 Nov 2025 16:31:45 +0530 Subject: [PATCH 09/10] Addressing lint issue --- tests/regression/roles/sonic_aaa/defaults/main.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/tests/regression/roles/sonic_aaa/defaults/main.yml b/tests/regression/roles/sonic_aaa/defaults/main.yml index 2e356b45d..90f687006 100644 --- a/tests/regression/roles/sonic_aaa/defaults/main.yml +++ b/tests/regression/roles/sonic_aaa/defaults/main.yml @@ -107,7 +107,7 @@ sonic_aaa_tests: commands_accounting: accounting_method: - tacacs+ - accounting_console_exempt: True + accounting_console_exempt: true session_accounting: accounting_method: - logging From f8f5d02207076aefed22d9a9f2d58b981a7cd9a4 Mon Sep 17 00:00:00 2001 From: Divya N3 Date: Wed, 12 Nov 2025 12:29:33 +0530 Subject: [PATCH 10/10] Fix invalid return key in RETURN section --- plugins/modules/sonic_aaa.py | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/plugins/modules/sonic_aaa.py b/plugins/modules/sonic_aaa.py index 0c715c138..07b5bd5d8 100644 --- a/plugins/modules/sonic_aaa.py +++ b/plugins/modules/sonic_aaa.py @@ -639,7 +639,7 @@ description: The resulting configuration module invocation. returned: when changed type: dict -after(generated): +after_generated: description: The generated configuration module invocation. returned: when C(check_mode) type: dict