def run_module(): module_args = dict( interface=dict(type='str', required=True), description=dict(type='str', required=False), admin_stat=dict(type='bool', required=False), qos_policy=dict(type='str', required=False), qos_direction=dict(type='str', required=False, default='QPPD_INBOUND', choices=['QPPD_INBOUND','QPPD_OUTBOUND']), state=dict(type='str', required=False, default='create', choices=['create','delete']), acl_id=dict(type='str', required=False), acl_type=dict(type='str', required=False, default='AT_STANDARD_IPV4', choices=['AT_STANDARD_IPV4','AT_EXTENDED_IPV4','AT_CONNECTION_RATE_FILTER']), acl_direction=dict(type='str', required=False, choices=['AD_INBOUND', 'AD_OUTBOUND','AD_CRF']), ) module_args.update(arubaoss_argument_spec) result = dict(changed=False,warnings='Not Supported') module = AnsibleModule( argument_spec=module_args, supports_check_mode=True ) if module.check_mode: module.exit_json(**result) port_url = '/ports/' + str(module.params['interface']) check_port = get_config(module,port_url) if not check_port: result = {'msg': 'Port {} not present on device {}'.format(module.params['interface'],port_url), 'changed':False} else: try: if module.params['qos_policy']: result = qos(module) elif module.params['acl_id']: result = acl(module) else: result = config_port(module) except Exception as err: return module.fail_json(msg=err) module.exit_json(**result)
def config_vlan_dhcpHelperAddress(module): params = module.params # Parameters if params['vlan_id'] == "": return { 'msg': "vlan_id cannot be null", 'changed': False, 'failed': True } else: data = {'vlan_id': params['vlan_id']} if params['helper_addresses'] == "": return { 'msg': "DHCP Helper IP Addr cannot be null", 'changed': False, 'failed': True } else: data['dhcp_helper_address'] = { 'version': params['version'], 'octets': params['helper_addresses'] } url = "/vlans/dhcp-relay" del_url = url + '/' + str( params['vlan_id']) + '-' + params['helper_addresses'] # Check if the passed vlan is configured check_presence = get_config(module, "/vlans/" + str(params['vlan_id'])) if not check_presence: return { 'msg': 'Cannot configure Helper Address without Vlan configured', 'changed': False, 'failed': True } else: if params['config'] == "create": method = 'POST' else: url = del_url method = 'DELETE' result = run_commands(module, url, data, method, check=del_url) return result
def config_ntp(module): params = module.params data = {} # Check if timesync is set to NTP check_presence = get_config(module, "/config/timesync") newdata = json.loads(check_presence) if not 'ntp' in newdata: return { 'msg': 'timesync should be set to NTP', 'changed': False, 'failed': False } # Parameters data['broadcast'] = params['broadcast'] #data['unicast'] = params['unicast'] data['max-association'] = { 'cmd_no_form': params['cmd_no_form'], 'max-association_value': params['association_value'] } if params['config'] == "create": data['enable'] = True else: data['enable'] = False if params['trap_cmd_no_form'] == "True" and params['trap_value'] == "": return { 'msg': 'trap-value cannot be null', 'changed': False, 'failed': False } else: data['trap'] = [{'cmd_no_form': params['trap_cmd_no_form'], \ 'trap_value': params['trap_value']}] # URI url = "/config/ntp" method = "PUT" #print data # Config result = run_commands(module, url, data, method, check=url) return result
def authorization_group(module): params = module.params data = {} # URI url = "/authorization_group" get_url = url + "/" + params['group_name'] + "-" + str(params['seq_num']) if params['config'] == "create": method = "POST" else: method = "DELETE" url = get_url data['group_name'] = params['group_name'] data['seq_num'] = params['seq_num'] if method == "POST": if params['match_cmd'] != "": data['match_cmd'] = '\"' + params['match_cmd'] + '\"' else: data['match_cmd'] = "" data['cmd_permission'] = params['cmd_permission'] data['is_log_enabled'] = params['is_log_enabled'] check_presence = get_config(module, get_url) if check_presence: # Sequence exists if method == "POST": return { 'msg': 'The sequence exists.', 'changed': False, 'failed': False } else: # Sequence does not exist if method == "DELETE": return { 'msg': 'The sequence does not exist.', 'changed': False, 'failed': False } # Config result = run_commands(module, url, data, method) return result
def config_vlan(module): params = module.params # Parameters if params['vlan_id'] == "": return { 'msg': "vlan_id cannot be null", 'changed': False, 'failed': False } else: data = {'vlan_id': params['vlan_id']} if params['name'] == "": return { 'msg': "vlan name cannot be null", 'changed': False, 'failed': False } else: data['name'] = params['name'] data['status'] = params['status'] data['type'] = params['vlantype'] data['is_jumbo_enabled'] = params['is_jumbo_enabled'] data['is_voice_enabled'] = params['is_voice_enabled'] data['is_dsnoop_enabled'] = params['is_dsnoop_enabled'] data['is_dhcp_server_enabled'] = params['is_dhcp_server_enabled'] data['is_management_vlan'] = params['is_management_vlan'] config_url = "/vlans/" + str(params['vlan_id']) if params['config'] == "create": check_presence = get_config(module, "/vlans/params['vlan_id']") if not check_presence: url = "/vlans" method = 'POST' else: url = "/vlans/" + str(params['vlan_id']) method = 'PUT' else: url = config_url method = 'DELETE' result = run_commands(module, url, data, method, check=config_url) return result
def host(module): params = module.params url = '/snmp-server/hosts' for key in ['host_ip', 'version']: if not params[key]: return { 'msg': 'Missing {} in parameter list'.format(key), 'changed': False } check_url = url + '/' + params['host_ip'] + '-' + params['community_name'] if params['state'] == 'create': check_host = get_config(module, check_url) if check_host: method = 'PUT' url = check_url else: method = 'POST' data = { 'host_ip': { 'octets': params['host_ip'], 'version': params['version'] }, 'community': params['community_name'], 'trap_level': params['trap_level'], 'informs': params['informs'], 'use_oobm': params['use_oobm'], } if params['informs']: data.update({ 'informs': params['informs'], 'inform_timeout': params['inform_timeout'], 'inform_retries': params['inform_retries'] }) else: data = {} method = 'DELETE' url = check_url result = run_commands(module, url, data, method, check=check_url) return result
def authenticator_port_config(module): params = module.params data = {} data['port_id'] = params['port_id'] if params['port_id'] == "": return { 'msg': 'Port_id cannot be null', 'changed': False, 'failed': False } data['is_authenticator_enabled'] = params['is_authenticator_enabled'] data['control'] = params['control'] data['unauthorized_vlan_id'] = params['unauthorized_vlan_id'] data['client_limit'] = params['client_limit'] data['quiet_period'] = params['quiet_period'] data['tx_period'] = params['tx_period'] data['supplicant_timeout'] = params['supplicant_timeout'] data['server_timeout'] = params['server_timeout'] data['max_requests'] = params['max_requests'] data['reauth_period'] = params['reauth_period'] data['authorized_vlan_id'] = params['authorized_vlan_id'] data['logoff_period'] = params['logoff_period'] data['unauth_period'] = params['unauth_period'] data['cached_reauth_period'] = params['cached_reauth_period'] data['enforce_cache_reauth'] = params['enforce_cache_reauth'] url = '/dot1x/authenticator/' + params['port_id'] method = 'PUT' # Check if authentication is enabled check_presence = get_config(module, "/dot1x") if check_presence: newdata = json.loads(check_presence) if not newdata["is_dot1x_enabled"]: return { 'msg': 'Cannot enable port authentication unless dot1x is enabled', 'changed': False, 'failed': False } result = run_commands(module, url, data, method, check=url) return result
def config_syslog(module): params = module.params url = '/syslog/servers' check_url = url + '/' + params['server_address'] if params['state'] == 'delete': result = run_commands(module, check_url, method='DELETE', check=check_url) return result else: check_syslog = get_config(module, check_url) if check_syslog: method = 'PUT' url = check_url else: method = 'POST' data = { 'ip_address': { 'octets': params['server_address'], 'version': params['version'] }, 'transport_protocol': params['protocol'], } protocol = params['protocol'] if params['server_port'] == 0: if protocol == 'TP_UDP': port = 514 elif protocol == 'TP_TCP': port = 1470 elif protocol == 'TP_TLS': port = 6514 data.update({'port': port}) else: data.update({'port': params['server_port']}) if params['description']: data.update({'control_description': params['description']}) result = run_commands(module, url, data, method, check=check_url) return result
def config_timesync(module): params = module.params data = {} # Parameters timesyncType = params['timesyncType'] data[timesyncType] = True # URI url = "/config/timesync" method = "PUT" # Check if timesync is set already check_presence = get_config(module, "/config/timesync") newdata = json.loads(check_presence) if timesyncType == 'ntp' and 'ntp' in newdata: return { 'msg': 'timesync already set to NTP', 'changed': False, 'failed': False } elif timesyncType == 'timep' and 'timep' in newdata: return { 'msg': 'timesync already set to Timep', 'changed': False, 'failed': False } elif timesyncType == 'sntp' and 'sntp' in newdata: return { 'msg': 'timesync already set to SNTP', 'changed': False, 'failed': False } elif timesyncType == 'timep-or-sntp' and 'timep-or-sntp' in newdata: return { 'msg': 'timesync already set to timep or SNTP', 'changed': False, 'failed': False } else: # Config result = run_commands(module, url, data, method) return result
def config_radius_server(module): params = module.params data = {} data["radius_server_id"] = params['radius_server_id'] if params['server_ip'] == "" or params['version'] == "": return {'msg': "IP Address or version cannot be null", 'changed': False, 'failed': False} else: data["address"] = {'version': params['version'], 'octets': params['server_ip']} if params['shared_secret'] == "": return {'msg': "Shared secret cannot be null", 'changed': False, 'failed': False} else: data["shared_secret"] = params['shared_secret'] data["authentication_port"] = params['authentication_port'] data["accounting_port"] = params['accounting_port'] data["is_dyn_authorization_enabled"] = params['is_dyn_authorization_enabled'] data["time_window_type"] = params['time_window_type'] data["time_window"] = params['time_window'] data["is_oobm"] = params['is_oobm'] create_url = '/radius_servers' check_url = '/radius_servers/' + str(params['radius_server_id']) if params['config'] == "create": # Check if it already exists check_presence = get_config(module, check_url) if not check_presence: url = create_url method = 'POST' else: url = check_url method = 'PUT' else: url = check_url method = 'DELETE' result = run_commands(module, url, data, method,check=check_url) return result
def update_rate_limit_attributes_onPort(module): params = module.params data = {} data['port_id'] = params['port_id'] data['traffic_type'] = params['traffic_type'] data['direction'] = params['direction'] data['rate_limit'] = params['rate_limit'] # Rate limit should be in kbps or percent if params['rate_limit_in_kbps'] == 0: data['rate_limit'] = { 'rate_limit_in_percent': params['rate_limit_in_percent'] } else: data['rate_limit'] = { 'rate_limit_in_kbps': params['rate_limit_in_kbps'] } url = '/ports/rate_limit/' + str(params['port_id']) + "-" + str( params['traffic_type']) + "-" + str(params['direction']) method = 'PUT' # Idempotency check: Check if already configured diffSeen = False check_presence = get_config(module, url) newdata = json.loads(check_presence) for key in data: if not newdata[key] == data[key]: diffSeen = True if params['rate_limit_in_percent'] == 0 and newdata[key][ 'rate_limit_in_percent'] == None: diffSeen = False if params['rate_limit_in_kbps'] == 0 and newdata[key][ 'rate_limit_in_kbps'] == None: diffSeen = False break if diffSeen: result = run_commands(module, url, data, method) return result else: return {'msg': 'Already configured', 'changed': False, 'failed': False}
def update_vlan(module): params = module.params url = '/loop_protect/vlans/' + str(params['vlan']) vlan_url = '/vlans/' + str(params['vlan']) check_vlan = get_config(module,vlan_url) if not check_vlan: return {'msg': 'Vlan {} not configured'.format(params['vlan']), 'changed':False} data = { 'vlan_id': params['vlan'], 'is_vlan_loop_protected': params['loop_protected'], } result = run_commands(module, url, data, 'PUT',check=url) return result
def config_radius_profile(module): params = module.params data = {} data['retry_interval'] = params['retry_interval'] data['retransmit_attempts'] = params['retransmit_attempts'] data['dyn_autz_port'] = params['dyn_autz_port'] data['key'] = params['key'] data['tracking_uname'] = params['tracking_uname'] data['is_tracking_enabled'] = params['is_tracking_enabled'] check_presence = get_config(module, '/radius_profile') if check_presence: newdata = json.loads(check_presence) if params['dead_time'] == 0: data['dead_time'] = None else: data['dead_time'] = params['dead_time'] if params['is_tracking_enabled'] == True: if params['dead_time'] != 0: return { 'msg': "dead_time should be set to 0 when is_tracking_enabled to be changed to true", 'changed': False, 'failed': False } else: if newdata['is_tracking_enabled'] == True and params['dead_time'] != 0: return { 'msg': "dead_time should be set to 0 to disable is_tracking_enabled", 'changed': False, 'failed': False } data['cppm_details'] = params['cppm_details'] url = '/radius_profile' method = 'PUT' result = run_commands(module, url, data, method, check=url) return result
def update_port(module): params = module.params url = '/loop_protect/ports/' + params['interface'] port_url = '/ports/' + str(params['interface']) check_port = get_config(module,port_url) if not check_port: return {'msg': 'Port {} not present on device'.format(params['interface']), 'changed':False} data = { 'port_id': params['interface'], 'is_loop_protection_enabled': params['loop_protected'], 'receiver_action': params['receiver_action'] } result = run_commands(module, url, data, 'PUT',check=url) return result
def wait_to_copy(module): params = module.params file_url = params['file_url'].split('/') file_name = file_url[len(file_url) - 1] final_result = "" wait = 1 while wait <= params['copy_iter']: check_presence = get_config(module, "/file-transfer/status") if not check_presence: final_result = 'FILE TRANSFER CHECK FAILED' else: newdata = json.loads(check_presence) final_result = newdata['status'] if newdata['status'] == 'FTS_IN_PROGRESS': sleep(10) wait += 1 continue else: break return final_result
def config_poe_port(module): params = module.params data = {} data['port_id'] = params['port_id'] data['is_poe_enabled'] = params['is_poe_enabled'] data['poe_priority'] = params['poe_priority'] data['poe_allocation_method'] = params['poe_allocation_method'] data['port_configured_type'] = params['port_configured_type'] data['pre_standard_detect_enabled'] = params['pre_standard_detect_enabled'] # allocated_power_in_watts can be set only when poe_allocation_method is PPAM_VALUE if params['poe_allocation_method'] == "PPAM_VALUE": data['allocated_power_in_watts'] = params['allocated_power_in_watts'] # Check if port_id is null if params['port_id'] == "": return { 'msg': 'port_id cannot be null', 'changed': False, 'failed': False } url = '/ports/' + str(params['port_id']) + '/poe' method = 'PUT' diffSeen = False check_presence = get_config(module, url) newdata = json.loads(check_presence) for key in data: if not newdata[key] == data[key]: diffSeen = True break if diffSeen: result = run_commands(module, url, data, method, check=url) return result else: return {'msg': 'Already Configured', 'changed': False, 'failed': False}
def configMacAuthOnPort(module): params = module.params data = {} if params['port_id'] == "": return { 'msg': "Port Id cannot be null", 'changed': False, 'failed': False } else: data['port_id'] = params['port_id'] data['reauthenticate'] = params['reauthenticate'] data['mac_address_limit'] = params['mac_address_limit'] data['is_mac_authentication_enabled'] = params[ 'is_mac_authentication_enabled'] # Verify if the vlans are already present if params['unauthorized_vlan_id']: check_presence = get_config( module, "/vlans/" + str(params['unauthorized_vlan_id'])) if not check_presence: return { 'msg': 'Cannot unauthorize the vlan without Vlan configured', 'changed': False, 'failed': False } else: data['unauthorized_vlan_id'] = params['unauthorized_vlan_id'] url = '/mac-authentication/port/' + str(params['port_id']) method = 'PUT' result = run_commands(module, url, data, method, check=url) return result
def config_tacacs_server(module): params = module.params data = {} if params['ip_address'] == "" or params['version'] == "": return { 'msg': "IP Address or version cannot be null", 'changed': False, 'failed': False } else: data["server_ip"] = { "version": params['version'], "octets": params['ip_address'] } data["auth_key"] = params['auth_key'] data["is_oobm"] = params['is_oobm'] create_url = '/tacacs_profile/server' check_url = '/tacacs_profile/server/' + str(params['ip_address']) if params['config'] == "create": check_presence = get_config( module, '/tacacs_profile/server/' + str(params['ip_address'])) if not check_presence: url = create_url method = 'POST' else: url = check_url method = 'PUT' else: url = check_url method = 'DELETE' result = run_commands(module, url, data, method, check=check_url) return result
def config_captive_portal(module): params = module.params url = '/captive_portal' if params['state'] == 'create': data = {'is_captive_portal_enabled': params['enable_captive_portal']} if params.get('url_hash_key') != None: data['url_hash_key'] = params['url_hash_key'] if params['profile_name']: data['custom_profile'] = { 'profile': params['profile_name'], 'url': params['server_url'] } result = run_commands(module, url, data, 'PUT', url) else: result = get_config(module, url) return result
def config_spanning_tree_port(module): params = module.params data = {} if params['port_id'] == "": return { 'msg': 'Port Id cannot be null', 'changed': False, 'failed': False } else: data['port_id'] = params['port_id'] data['priority'] = params['priority'] data['is_enable_admin_edge_port'] = params['is_enable_admin_edge_port'] data['is_enable_bpdu_protection'] = params['is_enable_bpdu_protection'] data['is_enable_bpdu_filter'] = params['is_enable_bpdu_filter'] data['is_enable_root_guard'] = params['is_enable_root_guard'] url = "/stp/ports/" + str(params['port_id']) # Check if spanning tree is enabled check_presence = get_config(module, '/stp') if check_presence: method = 'PUT' else: return { 'msg': 'Cannot configure MST on port without spanning tree enabled', 'changed': False, 'failed': False } result = run_commands(module, url, data, method, check=url) return result
def check_acl_rule_exists(module): result = False params = module.params acl_id = params['acl_name'] + '~' + params['acl_type'] url = '/acls/' + acl_id + '/rules' acl_rule = get_config(module, url) if acl_rule: check_config = module.from_json(to_text(acl_rule)) if check_config['collection_result']['total_elements_count'] == 0: return result for ele in check_config['acl_rule_element']: if ele['acl_action'] != params['acl_action']: continue if params['acl_type'] == 'AT_EXTENDED_IPV4': print("!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!") protocol_type = ele['traffic_match']['protocol_type'] source_ip_address = ele['traffic_match']['source_ip_address'][ 'octets'] source_ip_mask = ele['traffic_match']['source_ip_mask'][ 'octets'] destination_ip_address = ele['traffic_match'][ 'destination_ip_address']['octets'] destination_ip_mask = ele['traffic_match'][ 'destination_ip_mask']['octets'] if protocol_type != params['protocol_type'] or \ source_ip_address != params['source_ip_address'] or \ source_ip_mask != params['source_ip_mask'] or \ destination_ip_address != params['destination_ip_address'] or \ destination_ip_mask != params['destination_ip_mask']: continue if params['protocol_type'] == 'PT_ICMP': if params['icmp_type'] > -1 and ele['traffic_match'][ 'icmp_type']: if ele['traffic_match']['icmp_type'] != params[ 'icmp_type']: continue if params['icmp_code'] > -1 and ele['traffic_match'][ 'icmp_code']: if ele['traffic_match']['icmp_code'] != params[ 'icmp_code']: continue elif params['protocol_type'] == 'PT_IGMP': if params['igmp_type'] and ele['traffic_match'][ 'igmp_type']: if ele['traffic_match']['igmp_type'] != params[ 'igmp_type']: continue elif params['protocol_type'] == 'PT_TCP': if params['is_connection_established'] and ele[ 'traffic_match']['is_connection_established']: if ele['traffic_match'][ 'is_connection_established'] != params[ 'is_connection_established']: continue if params['match_bit'] and ele['traffic_match'][ 'match_bit']: if ele['traffic_match']['match_bit'] != params[ 'match_bit']: continue elif params['protocol_type'] in ('PT_SCTP', 'PT_TCP', 'PT_UDP'): if params['source_port'] and ele['traffic_match'][ 'source_port']: if ele['traffic_match']['source_port'] != params[ 'source_port']: continue if params['destination_port'] and ele['traffic_match'][ 'destination_port']: if ele['traffic_match']['destination_port'] != params[ 'destination_port']: continue if params['precedence'] and ele['traffic_match']['precedence']: if ele['traffic_match']['precedence'] != params[ 'precedence']: continue if params['tos'] and ele['traffic_match']['tos']: if ele['traffic_match']['tos'] != params['tos']: continue if params['is_log'] is not None and ele['is_log']: if ele['is_log'] != params['is_log']: continue else: if params['acl_source_address'] == 'host': source_ip_mask = '255.255.255.255' source_ip_address = '0.0.0.0' else: source_ip_address = params['acl_source_address'] source_ip_mask = params['acl_source_mask'] if source_ip_address != ele['std_source_address'][ 'source_ip_address']['octets']: continue if source_ip_mask != ele['std_source_address'][ 'source_ip_mask']['octets']: continue #Return True as we checked all values found to be matching. return True #End of for loop, Searched all entries no match found. return result
def acl_rule(module): params = module.params acl_id = params['acl_name'] + '~' + params['acl_type'] url = '/acls/' + acl_id + '/rules' # Create acl if not to apply actions if params['state'] == 'create': acl(module) data = {} if params['state'] == 'create': data.update({ 'acl_id': acl_id, 'acl_action': params['acl_action'], }) if params['remark']: data['remark'] = params['remark'] if params['is_log'] != None: data['is_log'] = params['is_log'] if params['acl_type'] == 'AT_EXTENDED_IPV4': for key in [ 'source_ip_address', 'source_ip_mask', 'destination_ip_address', 'destination_ip_mask' ]: if params.get(key) == None: return { 'msg': '{} is required for extended acl policy'.format(key), 'changed': False } protocol = params.get('protocol_type') if not protocol: return {'msg': 'protocol_type is required', 'changed': False} version = 'IAV_IP_V4' data.update({ "traffic_match": { "protocol_type": params['protocol_type'], "source_ip_address": { "version": version, "octets": params['source_ip_address'] }, "source_ip_mask": { "version": version, "octets": params['source_ip_mask'] }, "destination_ip_address": { "version": version, "octets": params['destination_ip_address'] }, "destination_ip_mask": { "version": version, "octets": params['destination_ip_mask'] } } }) if protocol == 'PT_ICMP': if params['icmp_type'] > -1: data['traffic_match']['icmp_type'] = params['icmp_type'] if params['icmp_code'] > -1: data['traffic_match']['icmp_code'] = params['icmp_code'] if protocol == 'PT_IGMP': if params['igmp_type']: data['traffic_match']['igmp_type'] = params['igmp_type'] if protocol == 'PT_TCP': if params['is_connection_established']: data['traffic_match'][ 'is_connection_established'] = params[ 'is_connection_established'] if params['match_bit']: data['traffic_match']['match_bit'] = params['match_bit'] if protocol in ('PT_SCTP', 'PT_TCP', 'PT_UDP'): if params['source_port']: data['traffic_match']['source_port'] = params[ 'source_port'] if params['destination_port']: data['traffic_match']['destination_port'] = params[ 'destination_port'] if params['precedence']: data['traffic_match']['precedence'] = params['precedence'] if params['tos']: data['traffic_match']['tos'] = params['tos'] if params['is_log'] != None: data['is_log'] = params['is_log'] else: if params['acl_source_address'] == 'host': source_mask = '255.255.255.255' source_ip = '0.0.0.0' else: source_ip = params['acl_source_address'] source_mask = params['acl_source_mask'] data.update({ 'std_source_address': { 'source_ip_address': { 'version': 'IAV_IP_V4', 'octets': source_ip, }, 'source_ip_mask': { 'version': 'IAV_IP_V4', 'octets': source_mask, } } }) #Check idempotency for duplicate ip values if check_acl_rule_exists(module) == True: return {'msg': 'ACL Rule entry already present', 'changed': False} # Without sequence_no configuration if params['sequence_no'] == 0: result = run_commands(module, url, data, 'POST') return result # With sequence_no configuration else: get_url = url + '/' + str(params['sequence_no']) acl_rule_config = get_config(module, get_url) if acl_rule_config: check_config = module.from_json(to_text(acl_rule_config)) if params['sequence_no'] == check_config['sequence_no']: result = run_commands(module, get_url, data, 'PUT', check=get_url) return result else: data.update({'sequence_no': params['sequence_no']}) result = run_commands(module, url, data, 'POST') return result else: if params['sequence_no'] == 0: return {'msg': 'sequence_no is required', 'changed': False} url = url + '/' + str(params['sequence_no']) result = run_commands(module, url, {}, 'DELETE', check=url) return result
def acl(module): params = module.params url = '/acls' acl_id = params['acl_name'] + '~' + params['acl_type'] check_url = url + '/' + acl_id if params['state'] == 'create': data = { 'acl_name': params['acl_name'], 'acl_type': params['acl_type'], } check_list = set(['AT_EXTENDED_IPV4','AT_STANDARD_IPV4','AT_CONNECTION_RATE_FILTER'])\ - set([params['acl_type']]) for temp in check_list: temp_url = url + '/' + params['acl_name'] + '~' + temp check_acl = get_config(module, temp_url) if check_acl: result = { 'msg': '{} already exists for type {}.'.format( params['acl_name'], temp), 'changed': False } module.exit_json(**result) method = 'POST' else: # Check if acl is applied to any port port_url = '/ports-access-groups' port_acl = get_config(module, port_url) if port_acl: check_config = module.from_json(to_text(port_acl)) for ele in check_config['acl_port_policy_element']: if ele['acl_id'] == acl_id: return { 'msg': 'ACL {} applied to port {}'.format( params['acl_name'], ele['port_id']), 'changed': False } # Check if acl is applied to any vlan vlan_url = '/vlans-access-groups' vlan_acl = get_config(module, vlan_url) if vlan_acl: check_config = module.from_json(to_text(vlan_acl)) for ele in check_config['acl_vlan_policy_element']: if ele['acl_id'] == acl_id: result = { 'msg': 'ACL {} applied to vlan {}'.format( params['acl_name'], ele['vlan_id']), 'changed': False } module.exit_json(**result) data = {} method = 'DELETE' url = check_url result = run_commands(module, url, data, method, check=check_url) return result
def traffic_class_match(module): params = module.params class_id = params['class_name'] + '~' + params['class_type'] url = '/qos/traffic-classes/' + class_id # Create traffic class if not present traffic_class(module) if params['class_type'] == 'QCT_IP_V4': version = 'IAV_IP_V4' else: version = 'IAV_IP_V6' match_url = url + '/matches' if params['sequence_no'] > 0: url = match_url + '/' + str(params['sequence_no']) method = 'PUT' else: url = match_url method = 'POST' if params['state'] == 'create': protocol = params.get('protocol_type') if not protocol: return {'msg': 'protocol_type is required', 'changed': False} data = { 'traffic_class_id': class_id, 'entry_type': params['entry_type'], } if params['dscp_value']: data['dscp_value'] = params['dscp_value'] data.update({ "traffic_match": { "protocol_type": params['protocol_type'], "source_ip_address": { "version": version, "octets": params['source_ip_address'] }, "source_ip_mask": { "version": version, "octets": params['source_ip_mask'] }, "destination_ip_address": { "version": version, "octets": params['destination_ip_address'] }, "destination_ip_mask": { "version": version, "octets": params['destination_ip_mask'] } } }) if protocol == 'PT_ICMP': if params['icmp_type'] > -1: data['traffic_match']['icmp_type'] = params['icmp_type'] if params['icmp_code'] > -1: data['traffic_match']['icmp_code'] = params['icmp_code'] if protocol == 'PT_IGMP': if params['igmp_type']: data['traffic_match']['igmp_type'] = params['igmp_type'] if protocol == 'PT_TCP': if params['match_bit']: data['traffic_match']['match_bit'] = params['match_bit'] if protocol in ('PT_SCTP', 'PT_TCP', 'PT_UDP'): if params['source_port']: data['traffic_match']['source_port'] = params['source_port'] if params['destination_port']: data['traffic_match']['destination_port'] = params[ 'destination_port'] if params['precedence']: data['traffic_match']['precedence'] = params['precedence'] if params['tos']: data['traffic_match']['tos'] = params['tos'] qos_config = get_config(module, match_url) if qos_config: print("HERE") check_config = module.from_json(to_text(qos_config)) print("CHECK", check_config) for config in check_config['qos_class_match_element']: if config['traffic_match']['protocol_type'] == 'PT_TCP': config['traffic_match'].pop('is_connection_established') if params['entry_type'] == config['entry_type'] and \ config['traffic_match'] == data['traffic_match']: ret = {'changed': False} ret.update(config) return ret result = run_commands(module, url, data, method) message = result.get('body') or None if message: if 'Duplicate' in message or 'Configuration Failed' in message: result = {'changed': False} result['failed'] = False result['message'] = message result.update(data) return result else: result = run_commands(module, url, {}, 'DELETE', check=url) return result
def ip_auth(module): params = module.params url = '/ip_auth' if params['auth_id']: url = url + '/' + str(params['auth_id']) if params['state'] == 'create': if not params['mask'] or not params['auth_ip']: return {'msg': 'Required args: auth_ip, mask', 'changed': False} data = { 'auth_ip': { 'octets': params['auth_ip'], 'version': 'IAV_IP_V4' }, 'auth_ip_mask': { 'octets': params['mask'], 'version': 'IAV_IP_V4', }, 'access_role': params['access_role'], 'access_method': params['access_method'] } if not params['auth_id']: auth_check = get_config(module, url) if auth_check: check_config = module.from_json(to_text(auth_check)) total = 0 check = 0 for ele in check_config['ip_auth_element']: for key in data: if key in ele: if ele[key] != data[key]: check += 1 break total = check_config['collection_result'][ 'total_elements_count'] print("COUNT", total, check) diff = total - check if (total > 1 and diff == 1) or (total == 1 and check == 0): return { 'msg': 'Ip auth rule already exists.', 'changed': False } result = run_commands(module, url, data, 'POST') else: result = run_commands(module, url, data, 'PUT', check=url) else: if not params['auth_id']: return { 'msg': 'auth_id is required for deletion', 'changed': False } result = run_commands(module, url, {}, 'DELETE', check=url) return result
def qos_class(module): params = module.params policy_id = params['policy_name'] + '~' + params['policy_type'] url = '/qos/policies/' + policy_id + '/policy-actions' # Create qos if not to apply actions if params['state'] == 'create': qos(module) method = 'POST' if params['sequence_no'] > 0: temp = url + '/' + str(params['sequence_no']) if get_config(module, temp): url = url + '/' + str(params['sequence_no']) method = 'PUT' if params['state'] == 'create': class_id = params['class_name'] + '~' + params['class_type'] class_url = '/qos/traffic-classes/' + class_id if not get_config(module, class_url): return {'msg': 'class does not exist', 'changed': False} if params['action_value'] == -1 or not params['action']: return { 'msg': 'action and action_type are required', 'changed': False } action = params['action'] action_value = params['action_value'] data = { 'policy_id': policy_id, 'traffic_class_id': class_id, 'first_action': { 'action_type': action, }, } if params['sequence_no'] > 0: data['sequence_no'] = params['sequence_no'] if action == 'QPAT_RATE_LIMIT': data['first_action']['rate_limit_in_kbps'] = action_value elif action == 'QPAT_DSCP_VALUE': data['first_action']['new_dscp_value'] = action_value else: data['first_action']['new_priority'] = action_value qos_config = get_config(module, url) if qos_config: check_config = module.from_json(to_text(qos_config)) if params['sequence_no'] == 0: for config in check_config['qos_policy_action_element']: if class_id == config['traffic_class_id']: return config elif params['sequence_no'] > 0: if check_config.get( 'traffic_class_id' ) and class_id == check_config['traffic_class_id']: return check_config result = run_commands(module, url, data, method) else: if params['sequence_no'] == 0: return {'msg': 'sequence_no is required', 'changed': False} else: url = url + '/' + str(params['sequence_no']) result = run_commands(module, url, {}, 'DELETE', check=url) return result
def config_ntp_keyId(module): params = module.params data = {} include_cred = False encrypt_cred = False # Verify ntp is enabled if config_present(module, "/config/ntp", "enable", True) is False: return { 'msg': 'NTP should be enabled', 'changed': False, 'failed': True } # Verify include credentials is enabled if config_present(module, "/system/include-credentials", "include_credentials_in_response", "ICS_DISABLED") is False: include_cred = True # Verify include credentials is enabled if config_present(module, "/system/encrypt-credentials", "encryption", "ECS_DISABLED") is False: encrypt_cred = True if not (encrypt_cred or include_cred): return { 'msg': 'Enable Encrypt Credentials or Include Credentials to' ' use or configure key-id authentication', 'changed': False, 'failed': True } # URI check_url = "/config/ntp/authentication/key-id/int/" + str(params['keyId']) url = "/config/ntp/authentication/key-id/int" if params['config'] == "delete": check_presence = get_config(module, "/config/ntp/server/ip4addr") if check_presence: newdata = json.loads(check_presence) if len(newdata['ntpServerIp4addr_element']) != 0: for ipadd_ele in newdata['ntpServerIp4addr_element']: if ipadd_ele['ip4addr']['ip4addr_reference']['key-id'][ 'key-id_value'] == params['keyId']: return { 'msg': 'NTP Server IP should be cleared befere deleting NTP Key ID', 'changed': False, 'failed': True } url = check_url method = "DELETE" data = "" result = run_commands(module, url, data, method) return result # This returns an empty list if encrypt credentials is not enabled # This does not properly check if the key-id exists # Verify if key is already a trusted entry check_presence = get_config(module, check_url) if check_presence: newdata = json.loads(check_presence) if params['authenticationMode'] in newdata['int']['int_reference'][ 'authentication-mode'].keys(): return { 'msg': 'Key-ID {} exists'.format(params['keyId']), 'changed': False, 'failed': False } if params['keyValue'] == "": return { 'msg': 'KeyValue parameter is mandatory', 'changed': False, 'failed': True } # Parameters data["int"] = { "int_value": int(params['keyId']), "int_reference": { "authentication-mode": { params['authenticationMode']: { "key-value": { "key": { "key_reference": { "trusted": params['trusted'] }, "key_value": params['keyValue'] } } } } } } # Config if params['config'] == "create": # check if already present check_presence = get_config(module, check_url) if not check_presence: method = "POST" else: url = check_url method = "PUT" # This will fail if key-id exists already, looking into a try/except result = run_commands(module, url, data, method, check=check_url) return result
def config_ntp_ipv4addr(module): params = module.params ip4_addr = "ip4addr" ip4_addr_val = "ip4addr_value" ip4_addr_ref = "ip4addr_reference" server = "server" address = str(params['ntp_ip4addr']) try: socket.inet_aton(params['ntp_ip4addr']) except: check_presence = get_config(module, "/dns") newdata = json.loads(check_presence) value = [ newdata["server_1"], newdata["server_2"], newdata["server_3"], newdata["server_4"] ] if value.count(None) == 4: return { 'msg': 'A DNS server must be configured before configuring NTP unicast server name', 'changed': False, 'failed': True } ip4_addr = "ASCII-STR" ip4_addr_ref = "ASCII-STR_reference" ip4_addr_val = "ASCII-STR_value" server = "server-name" address = "%22" + str(params['ntp_ip4addr']) + "%22" # Verify ntp is enabled if (config_present(module, "/config/ntp", "enable", True) == False): return { 'msg': 'NTP should be enabled', 'changed': False, 'failed': True } data = {} if params['ntp_ip4addr'] is "": return { 'msg': 'IP Address cannot be null', 'changed': False, 'failed': True } else: data[ip4_addr] = { ip4_addr_ref: { 'max-poll': { 'max-poll_value': params['maxpoll_value'] }, 'min-poll': { 'min-poll_value': params['minpoll_value'] }, }, ip4_addr_val: params['ntp_ip4addr'] } if params['keyId'] and params['keyId'] is not 0: # This returns an empty list if encrypt credentials is not enabled # Verify the key is trusted check_presence = get_config( module, "/config/ntp/authentication/key-id/int/" + str(params['keyId'])) if not check_presence: return { 'msg': 'Authentication key-id {} needs to be configured to configure ipv4 server' .format(params['keyId']), 'changed': False, 'failed': True } keyVal = {} keyVal = {'key-id': {'key-id_value': params['keyId']}} data[ip4_addr][ip4_addr_ref].update(keyVal) # Configuring burst ot iburst if params['mode'] == "burst" or params['mode'] == "iburst": mode = {} mode = {params['mode']: True} data[ip4_addr][ip4_addr_ref].update(mode) # Configuring OOBM if params['use_oobm'] is True: use_oobm = {} use_oobm = {'oobm': params['use_oobm']} data[ip4_addr][ip4_addr_ref].update(use_oobm) # URIs url = "/config/ntp/" + server + "/" + ip4_addr check_url = url + "/" + address # idempotency check for ipv4addr addition diffseen = False check_presence = get_config(module, check_url) if check_presence: newdata = json.loads(check_presence) for key in data: if key == "ASCII-STR": # host name comes in the format "\"time2.google.com\"". # So removing '\"' to compare. newdata[key][ip4_addr_val] = newdata[key][ip4_addr_val].strip( '\"') if not newdata[key] == data[key]: diffseen = True break else: diffseen = True if params['config'] == "create": # If a difference in desired state delete old configuration if diffseen: run_commands(module, check_url, data, method='DELETE') # Check if a server ip is already configured check_presence = get_config(module, check_url) if not check_presence: method = 'POST' else: method = 'PUT' url = check_url elif params['config'] == "delete": url = check_url method = 'DELETE' else: return { 'msg': 'Valid config options are : create and delete', 'changed': False, 'failed': True } # When address is in host name format, "check" in run_commands will not work. # so adding the additional check to verify idempotency if ip4_addr == "ASCII-STR" and diffseen == False and method != 'DELETE': return { 'msg': 'Configuration already exists', 'changed': False, 'failed': False } result = run_commands(module, url, data, method, check=check_url) try: if result['status'] == 400: newdata = json.loads(result['body']) return { 'msg': newdata['config_error'][0]['error'], 'changed': False, 'failed': True } else: return result except: return result
def config_vlan_ipaddress(module): params = module.params data = {} # Parameters if params['vlan_id'] == "": return { 'msg': "vlan_id cannot be null", 'changed': False, 'failed': True } else: data = {'vlan_id': params['vlan_id']} if params['ip_address_mode'] == "IAAM_STATIC" and params[ 'config'] == "create": if params['version'] == "" or params['vlan_ip_address'] == "": return { 'msg': "IP Address or version cannot be null", 'changed': False, 'failed': True } else: data['ip_address'] = { 'version': params['version'], 'octets': params['vlan_ip_address'] } if params['version'] == "" or params['vlan_ip_mask'] == "": return { 'msg': "Subnet mask or version cannot be null", 'changed': False, 'failed': True } else: data['ip_mask'] = { 'version': params['version'], 'octets': params['vlan_ip_mask'] } data['ip_address_mode'] = params['ip_address_mode'] # URLs url = "/vlans/" + str(params['vlan_id']) + "/ipaddresses" # Check if the passed vlan is configured check_presence_vlan = get_config(module, url) if not check_presence_vlan: return { 'msg': 'Cannot configure IP Address without Vlan configured', 'changed': False, 'failed': True } else: if params['config'] == "create": check_presence = get_config(module, url) newdata = json.loads(check_presence) # Check if IP already configured if params['ip_address_mode'] == "IAAM_STATIC": if newdata['collection_result']['total_elements_count'] == 1: if newdata['ip_address_subnet_element'][0]['ip_address'][ 'octets'] == params['vlan_ip_address']: return { 'msg': 'The ip address is already present on switch', 'changed': False, 'failed': False } else: method = 'DELETE' result = run_commands(module, url, data, method) # Create the ip address on vlan method = 'POST' result = run_commands(module, url, data, method) elif params['config'] == "delete": check_dhcp_url = "/vlans/" + str(params['vlan_id']) check_dhcp_enabled = get_config(module, check_dhcp_url) check_dhcp_enabled = json.loads(check_dhcp_enabled) if "is_dhcp_server_enabled" in check_dhcp_enabled.keys(): if check_dhcp_enabled["is_dhcp_server_enabled"]: return { 'msg': 'DHCP server must be disabled on this ' 'VLAN {}'.format(params['vlan_id']), 'changed': False, 'failed': True } method = 'DELETE' result = run_commands(module, url, data, method) else: return { 'msg': 'Valid config options are : create and delete', 'changed': False, 'failed': True } return result
def traffic_class(module): params = module.params url = '/qos/traffic-classes' class_id = params['class_name'] + '~' + params['class_type'] check_url = url + '/' + class_id if params['state'] == 'create': data = { 'class_name': params['class_name'], 'class_type': params['class_type'] } method = 'POST' elif params['state'] == 'delete': qos_url = '/qos/policies' qos_config = get_config(module, qos_url) if qos_config: check_config = module.from_json(to_text(qos_config)) port_url = '/qos/ports-policies' port_config = get_config(module, port_url) if port_config: port_config = module.from_json(to_text(port_config)) # Check if qos is applied to any vlan vlan_url = '/qos/vlans-policies' vlan_config = get_config(module, vlan_url) if vlan_config: vlan_config = module.from_json(to_text(vlan_config)) for qos in check_config['qos_policy_element']: # Check if qos is applied to any port class_url = qos_url + '/' + qos['id'] + '/policy-actions' class_config = get_config(module, class_url) check_class = module.from_json(to_text(class_config)) if check_class: for qos_action in check_class['qos_policy_action_element']: if qos_action['traffic_class_id'] == class_id: for port in port_config['qos_port_policy_element']: if qos['id'] == port['policy_id']: return { 'msg': 'Class {} is active in qos policy {} for port {}.\ Remove qos policy first'.format( class_id, qos['id'], port['port_id']), 'changed': False } for vlan in vlan_config['qos_vlan_policy_element']: if qos['id'] == vlan['policy_id']: return { 'msg': 'Class {} is active in qos policy {} for vlan {}.\ Remove qos policy first'.format( class_id, qos['id'], vlan['vlan_id']), 'changed': False } url = check_url data = {} method = 'DELETE' result = run_commands(module, url, data, method, check=check_url) return result