add md5 configuration support for bgp routers
Change-Id: I1e6bbc3ebd47bb9b4186e7891e6ab2b8a08af53a
diff --git a/README.rst b/README.rst
index 5f09362..a940cc6 100644
--- a/README.rst
+++ b/README.rst
@@ -984,6 +984,8 @@
type: router
ip_address: 172.16.0.22
asn: 64512
+ key_type: md5
+ key: password
Enforcing config nodes
diff --git a/_modules/contrail.py b/_modules/contrail.py
index 38281b2..ae691a2 100644
--- a/_modules/contrail.py
+++ b/_modules/contrail.py
@@ -26,7 +26,8 @@
from vnc_api.gen.resource_client import VirtualRouter, AnalyticsNode, \
ConfigNode, DatabaseNode, BgpRouter
from vnc_api.gen.resource_xsd import AddressFamilies, BgpSessionAttributes, \
- BgpSession, BgpPeeringAttributes, BgpRouterParams
+ BgpSession, BgpPeeringAttributes, BgpRouterParams, AuthenticationData, \
+ AuthenticationKeyItem
HAS_CONTRAIL = True
except ImportError:
@@ -1014,7 +1015,7 @@
return ret
-def bgp_router_create(name, type, ip_address, asn=64512, **kwargs):
+def bgp_router_create(name, type, ip_address, asn=64512, key_type=None, key=None, **kwargs):
'''
Create specific Contrail control node
@@ -1036,6 +1037,9 @@
if type != 'control-node':
address_families.remove('erm-vpn')
+ key_type = None if key_type == 'None' else key_type
+ key = None if key == 'None' else key
+
bgp_addr_fams = AddressFamilies(address_families)
bgp_sess_attrs = [
BgpSessionAttributes(address_families=bgp_addr_fams)]
@@ -1043,10 +1047,16 @@
bgp_peering_attrs = BgpPeeringAttributes(session=bgp_sessions)
rt_inst_obj = _get_rt_inst_obj(vnc_client)
+ bgp_auth_data = None
+
if type == 'control-node':
vendor = 'contrail'
elif type == 'router':
vendor = 'mx'
+ if key_type == 'md5':
+ key_id = 0
+ key_items = AuthenticationKeyItem(key_id, key)
+ bgp_auth_data = AuthenticationData(key_type, [key_items])
else:
vendor = 'unknown'
@@ -1054,7 +1064,8 @@
vendor=vendor, autonomous_system=int(asn),
identifier=_get_ip(ip_address),
address=_get_ip(ip_address),
- port=179, address_families=bgp_addr_fams)
+ port=179, address_families=bgp_addr_fams,
+ auth_data=bgp_auth_data)
bgp_router_objs = bgp_router_list(**kwargs)
if name in bgp_router_objs:
@@ -1066,6 +1077,18 @@
ret['changes'].update({"vendor": {'old': bgp_router_obj.bgp_router_parameters.vendor, 'new': vendor}})
if bgp_router_obj.bgp_router_parameters.address != ip_address:
ret['changes'].update({"ip_address": {'old': bgp_router_obj.bgp_router_parameters.address, 'new': ip_address}})
+ try:
+ if bgp_router_obj.bgp_router_parameters.auth_data.key_type != key_type:
+ ret['changes'].update({"key_type": {'old': bgp_router_obj.bgp_router_parameters.auth_data.key_type, 'new': key_type}})
+ except:
+ if key_type != None:
+ ret['changes'].update({"key_type": {'old': None, 'new': key_type}})
+ if key_type == 'md5':
+ try:
+ if bgp_router_obj.bgp_router_parameters.auth_data.key_items[0].key != key:
+ ret['changes'].update({"key_type": {'old': bgp_router_obj.bgp_router_parameters.auth_data.key_items[0].key, 'new': key}})
+ except:
+ ret['changes'].update({"key_type": {'old': None, 'new': key}})
if len(ret['changes']) == 0:
return ret
diff --git a/_states/contrail.py b/_states/contrail.py
index ea74ce3..4632370 100644
--- a/_states/contrail.py
+++ b/_states/contrail.py
@@ -251,6 +251,8 @@
- ip_address: 10.0.0.133
- type: mx
- asn: 64512
+ - key_type: md5
+ - key: password
Enforce the BGP router absence
@@ -623,7 +625,7 @@
return ret
-def bgp_router_present(name, type, ip_address, asn=64512, **kwargs):
+def bgp_router_present(name, type, ip_address, asn=64512, key_type=None, key=None, **kwargs):
'''
Ensures that the Contrail BGP router exists.
@@ -634,7 +636,7 @@
'result': True,
'comment': 'BGP router {0} already exists'.format(name)}
- ret = __salt__['contrail.bgp_router_create'](name, type, ip_address, asn, **kwargs)
+ ret = __salt__['contrail.bgp_router_create'](name, type, ip_address, asn, key_type, key, **kwargs)
if len(ret['changes']) == 0:
pass
return ret
diff --git a/opencontrail/client.sls b/opencontrail/client.sls
index 24370ac..02761c5 100644
--- a/opencontrail/client.sls
+++ b/opencontrail/client.sls
@@ -95,6 +95,8 @@
- ip_address: {{ bgp_router.ip_address }}
- type: {{ bgp_router.type }}
- asn: {{ bgp_router.get('asn', 64512) }}
+ - key_type: {{ bgp_router.get('key_type') }}
+ - key: {{ bgp_router.get('key') }}
- user: {{ client.identity.user }}
- password: {{ client.identity.password }}
- project: {{ client.identity.tenant }}