Junos yaml compliance check : how to construct conditional statements in a yaml file
eddie eakemu
---------------------------------------------------------
name: SECURITY CONTROL 101: Approved AAA servers
junos_config:
lines:
- show configuration system tacplus-server -- command to check AAA servers
src: files/aaa_config
comment: All devices should be configured with the appropriate AAA servers
---------------------------------------------------------------------------------------------
The file/aaa_config contains the following lines
output
===============
set system tacplus-server 1.2.3.4 port 49
set system tacplus-server 1.2.3.4 secret ""
set system tacplus-server 1.2.3.4 timeout 3 --- 1st AAA server
set system tacplus-server 1.2.3.5 port 49
set system tacplus-server 1.2.3.5 secret ""
set system tacplus-server 1.2.3.5 timeout 3 ---- 2nd AAA server
What additional conditional statement can be constructed alongside the above to meet the following requirements ?
1.If the command is run and the output is similar to the contents of the aaa_config file , then a pass message is delivered . Can the
msg parameter do this ?
2. If the command is run and the output produces 1 or no AAA server , then a fail message is delivered.
3. If the command is run and the output produces more than 2 AAA server , then a pass is delivered but with an additional statement " Appropriate number of AAA servers exceeded "
4. Would Splunk captured these messages ?
I have taken my example from these links and wondered if they will satisfy and be possible
Conditionals
https://docs.ansible.com/ansible/latest/user_guide/playbooks_conditionals.html?highlight=register
Assert
https://docs.ansible.com/ansible/latest/modules/assert_module.html?highlight=assert