def main():
argument_specs = dict(
old_password=dict(type='str', required=True, no_log=True),
# Flag to specify priority of old/new password while establishing session with controller.
# To handle both Saas and conventional (Entire state in playbook) scenario.
force_change=dict(type='bool', default=False))
argument_specs.update(avi_common_argument_spec())
module = AnsibleModule(argument_spec=argument_specs)
if not HAS_AVI:
return module.fail_json(
msg=('Avi python API SDK (avisdk) is not installed. '
'For more details visit https://github.com/avinetworks/sdk.'))
api_creds = AviCredentials()
api_creds.update_from_ansible_module(module)
old_password = module.params.get('old_password')
force_change = module.params.get('force_change', False)
data = {'old_password': old_password, 'password': api_creds.password}
# First try old password if 'force_change' is set to true
if force_change:
first_pwd = old_password
second_pwd = api_creds.password
# First try new password if 'force_change' is set to false or not specified in playbook.
else:
first_pwd = api_creds.password
second_pwd = old_password
password_changed = False
try:
api = ApiSession.get_session(api_creds.controller,
api_creds.username,
password=first_pwd,
timeout=api_creds.timeout,
tenant=api_creds.tenant,
tenant_uuid=api_creds.tenant_uuid,
token=api_creds.token,
port=api_creds.port)
if force_change:
rsp = api.put('useraccount', data=data)
if rsp:
password_changed = True
return ansible_return(module, rsp, True, req=data)
password_changed = True
return module.exit_json(changed=False, obj=data)
except:
pass
if not password_changed:
api = ApiSession.get_session(api_creds.controller,
api_creds.username,
password=second_pwd,
timeout=api_creds.timeout,
tenant=api_creds.tenant,
tenant_uuid=api_creds.tenant_uuid,
token=api_creds.token,
port=api_creds.port)
if not force_change:
rsp = api.put('useraccount', data=data)
if rsp:
return ansible_return(module, rsp, True, req=data)
return module.exit_json(changed=False, obj=data)
def main():
argument_specs = dict(
idp_class=dict(type=str, required=True, ),
)
argument_specs.update(avi_common_argument_spec())
module = AnsibleModule(argument_spec=argument_specs)
if not HAS_AVI:
return module.fail_json(msg=(
'Avi python API SDK (avisdk) is not installed. '
'For more details visit https://github.com/avinetworks/sdk.'))
idp_class = module.params.get("idp_class", None)
idp = get_idp_class(idp_class)
if not idp:
msg = "IDP {} not supported yet.".format(idp_class)
return module.fail_json(msg=msg)
avi_credentials = AviCredentials()
avi_credentials.update_from_ansible_module(module)
try:
api = ApiSession.get_session(
avi_credentials.controller, avi_credentials.username, password=avi_credentials.password,
timeout=avi_credentials.timeout, tenant=avi_credentials.tenant,
tenant_uuid=avi_credentials.tenant_uuid, port=avi_credentials.port, idp_class=idp)
changed = True
except (ConnectionError, SSLError, ChunkedEncodingError) as e:
msg = "Error during get session {}".format(e.message)
return module.fail_json(msg=msg)
return ansible_return(module, None, changed, None, api_context=api.get_context())
def main():
argument_specs = dict(
full_name=dict(type='str'),
email=dict(type='str'),
old_password=dict(type='str', required=True, no_log=True),
# Flag to specify priority of old/new password while establishing session with controller.
# To handle both Saas and conventional (Entire state in playbook) scenario.
force_change=dict(type='bool', default=False))
argument_specs.update(avi_common_argument_spec())
module = AnsibleModule(argument_spec=argument_specs)
if not HAS_AVI:
return module.fail_json(msg=(
'Avi python API SDK (avisdk>=17.1) or requests is not installed. '
'For more details visit https://github.com/avinetworks/sdk.'))
api_creds = AviCredentials()
api_creds.update_from_ansible_module(module)
full_name = module.params.get('full_name')
email = module.params.get('email')
old_password = module.params.get('old_password')
force_change = module.params.get('force_change', False)
data = {'old_password': old_password, 'password': api_creds.password}
if full_name:
data['full_name'] = full_name
if email:
data['email'] = email
api = None
if not force_change:
# check if the new password is already set.
try:
api = ApiSession.get_session(api_creds.controller,
api_creds.username,
password=api_creds.password,
timeout=api_creds.timeout,
tenant=api_creds.tenant,
tenant_uuid=api_creds.tenant_uuid,
token=api_creds.token,
port=api_creds.port)
data['old_password'] = api_creds.password
except Exception:
# create a new session using the old password.
pass
if not api:
api = ApiSession.get_session(api_creds.controller,
api_creds.username,
password=old_password,
timeout=api_creds.timeout,
tenant=api_creds.tenant,
tenant_uuid=api_creds.tenant_uuid,
token=api_creds.token,
port=api_creds.port)
rsp = api.put('useraccount', data=data)
return ansible_return(module, rsp, True, req=data)
def main():
argument_specs = dict(params=dict(type='dict'),
data=dict(type='dict'),
name=dict(type='str', required=True),
state=dict(default='present',
choices=['absent', 'present']))
argument_specs.update(avi_common_argument_spec())
module = AnsibleModule(argument_spec=argument_specs)
if not HAS_AVI:
return module.fail_json(
msg=('Avi python API SDK (avisdk) is not installed. '
'For more details visit https://github.com/avinetworks/sdk.'))
api_creds = AviCredentials()
api_creds.update_from_ansible_module(module)
api = ApiSession.get_session(api_creds.controller,
api_creds.username,
password=api_creds.password,
timeout=api_creds.timeout,
tenant=api_creds.tenant,
tenant_uuid=api_creds.tenant_uuid,
token=api_creds.token,
port=api_creds.port)
tenant = api_creds.tenant
tenant_uuid = api_creds.tenant_uuid
params = module.params.get('params', None)
data = module.params.get('data', None)
gparams = deepcopy(params) if params else {}
gparams.update({'include_refs': '', 'include_name': ''})
name = module.params.get('name', '')
state = module.params['state']
# Get the api version from module.
api_version = api_creds.api_version
"""
state: present
1. Check if the GSLB service is present
2. If not then create the GSLB service with the member
3. Check if the group exists
4. if not then create the group with the member
5. Check if the member is present
if not then add the member
state: absent
1. check if GSLB service is present if not then exit
2. check if group is present. if not then exit
3. check if member is present. if present then remove it.
"""
obj_type = 'gslbservice'
# Added api version to call
existing_obj = api.get_object_by_name(obj_type,
name,
tenant=tenant,
tenant_uuid=tenant_uuid,
params={
'include_refs': '',
'include_name': ''
},
api_version=api_version)
check_mode = module.check_mode
if state == 'absent':
# Added api version to call
changed, rsp = delete_member(module, check_mode, api, tenant,
tenant_uuid, existing_obj, data,
api_version)
else:
# Added api version to call
changed, rsp = add_member(module, check_mode, api, tenant, tenant_uuid,
existing_obj, data, name, api_version)
if check_mode or not changed:
return module.exit_json(changed=changed, obj=existing_obj)
return ansible_return(module, rsp, changed, req=data)
def main():
argument_specs = dict(http_method=dict(
required=True, choices=['get', 'put', 'post', 'patch', 'delete']),
path=dict(type='str', required=True),
params=dict(type='dict'),
data=dict(type='jsonarg'),
timeout=dict(type='int', default=60))
argument_specs.update(avi_common_argument_spec())
module = AnsibleModule(argument_spec=argument_specs)
if not HAS_AVI:
return module.fail_json(msg=(
'Avi python API SDK (avisdk>=17.1) or requests is not installed. '
'For more details visit https://github.com/avinetworks/sdk.'))
api_creds = AviCredentials()
api_creds.update_from_ansible_module(module)
api = ApiSession.get_session(api_creds.controller,
api_creds.username,
password=api_creds.password,
timeout=api_creds.timeout,
tenant=api_creds.tenant,
tenant_uuid=api_creds.tenant_uuid,
token=api_creds.token,
port=api_creds.port)
tenant_uuid = api_creds.tenant_uuid
tenant = api_creds.tenant
timeout = int(module.params.get('timeout'))
# path is a required argument
path = module.params.get('path', '')
params = module.params.get('params', None)
data = module.params.get('data', None)
# Get the api_version from module.
api_version = api_creds.api_version
if data is not None:
data = json.loads(data)
method = module.params['http_method']
existing_obj = None
changed = method != 'get'
gparams = deepcopy(params) if params else {}
gparams.update({'include_refs': '', 'include_name': ''})
# API methods not allowed
api_get_not_allowed = ["cluster", "gslbsiteops", "server", "nsxt"]
sub_api_get_not_allowed = ["scaleout", "scalein", "upgrade", "rollback"]
api_post_not_allowed = ["alert", "fileservice"]
api_put_not_allowed = ["backup"]
if method == 'post' and not any(
path.startswith(uri) for uri in api_post_not_allowed):
# TODO: Above condition should be updated after AV-38981 is fixed
# need to check if object already exists. In that case
# change the method to be put
try:
using_collection = False
if (not any(path.startswith(uri) for uri in api_get_not_allowed)
and not any(
path.endswith(uri)
for uri in sub_api_get_not_allowed)):
if 'name' in data:
gparams['name'] = data['name']
using_collection = True
if (not any(path.startswith(uri) for uri in api_get_not_allowed)
and not any(
path.endswith(uri)
for uri in sub_api_get_not_allowed)):
rsp = api.get(path,
tenant=tenant,
tenant_uuid=tenant_uuid,
params=gparams,
api_version=api_version)
existing_obj = rsp.json()
if using_collection:
existing_obj = existing_obj['results'][0]
except (IndexError, KeyError):
# object is not found
pass
else:
if (not any(path.startswith(uri) for uri in api_get_not_allowed)
and not any(
path.endswith(uri)
for uri in sub_api_get_not_allowed)):
# object is present
method = 'put'
path += '/' + existing_obj['uuid']
if method == 'put' and not any(
path.startswith(uri) for uri in api_put_not_allowed):
# put can happen with when full path is specified or it is put + post
get_path = path
data_for_cmp = data
if existing_obj is None:
using_collection = False
if ((len(path.split('/')) == 1) and ('name' in data) and
(not any(path.startswith(uri)
for uri in api_get_not_allowed))):
gparams['name'] = data['name']
using_collection = True
if path.startswith('wafpolicy') and path.endswith(
'update-crs-rules'):
get_path = path.rstrip('/update-crs-rules')
data_for_cmp = deepcopy(data) if data else {}
_ = data_for_cmp.pop("commit", None)
rsp = api.get(get_path,
tenant=tenant,
tenant_uuid=tenant_uuid,
params=gparams,
api_version=api_version)
rsp_data = rsp.json()
if using_collection:
if rsp_data['results']:
existing_obj = rsp_data['results'][0]
path += '/' + existing_obj['uuid']
else:
method = 'post'
else:
if rsp.status_code == 404:
method = 'post'
else:
existing_obj = rsp_data
if existing_obj:
changed = not avi_obj_cmp(data_for_cmp, existing_obj)
cleanup_absent_fields(data)
if method == 'patch':
rsp = api.get(path,
tenant=tenant,
tenant_uuid=tenant_uuid,
params=gparams,
api_version=api_version)
existing_obj = rsp.json()
if (method == 'put' and changed) or (method != 'put'):
fn = getattr(api, method)
rsp = fn(path,
tenant=tenant,
tenant_uuid=tenant,
timeout=timeout,
params=params,
data=data,
api_version=api_version)
else:
rsp = None
if method == 'delete' and rsp.status_code == 404:
changed = False
rsp.status_code = 200
if method == 'patch' and existing_obj and rsp.status_code < 299:
# Ideally the comparison should happen with the return values
# from the patch API call. However, currently Avi API are
# returning different hostname when GET is used vs Patch.
# tracked as AV-12561
if path.startswith('pool'):
time.sleep(1)
gparams = deepcopy(params) if params else {}
gparams.update({'include_refs': '', 'include_name': ''})
rsp = api.get(path,
tenant=tenant,
tenant_uuid=tenant_uuid,
params=gparams,
api_version=api_version)
new_obj = rsp.json()
changed = not avi_obj_cmp(new_obj, existing_obj)
if rsp is None:
return module.exit_json(changed=changed, obj=existing_obj)
return ansible_return(module, rsp, changed, req=data)
def main():
try:
module = AnsibleModule(argument_spec=dict(
controller=dict(required=True),
username=dict(required=True),
password=dict(required=True),
tenant=dict(default='admin'),
tenant_uuid=dict(default=''),
state=dict(default='present', choices=['absent', 'present']),
clear_on_max_retries=dict(type='int', ),
dns_configs=dict(type='list', ),
name=dict(type='str', ),
owner_controller_cluster_uuid=dict(type='str', ),
send_interval=dict(type='int', ),
site_controller_clusters=dict(type='list', ),
tenant_ref=dict(type='str', ),
url=dict(type='str', ),
uuid=dict(type='str', ),
view_id=dict(type='int', ),
), )
api = ApiSession.get_session(module.params['controller'],
module.params['username'],
module.params['password'],
tenant=module.params['tenant'])
state = module.params['state']
name = module.params['name']
obj = deepcopy(module.params)
obj.pop('state', None)
obj.pop('controller', None)
obj.pop('username', None)
obj.pop('password', None)
tenant = obj.pop('tenant', '')
tenant_uuid = obj.pop('tenant_uuid', '')
obj.pop('cloud_ref', None)
purge_optional_fields(obj, module)
if state == 'absent':
try:
rsp = api.delete_by_name('globallb',
name,
tenant=tenant,
tenant_uuid=tenant_uuid)
except ObjectNotFound:
return module.exit_json(changed=False)
if rsp.status_code == 204:
return module.exit_json(changed=True)
return module.fail_json(msg=rsp.text)
existing_obj = api.get_object_by_name('globallb',
name,
tenant=tenant,
tenant_uuid=tenant_uuid,
params={
'include_refs': '',
'include_name': ''
})
changed = False
rsp = None
if existing_obj:
# this is case of modify as object exists. should find out
# if changed is true or not
changed = not avi_obj_cmp(obj, existing_obj)
cleanup_absent_fields(obj)
if changed:
obj_uuid = existing_obj['uuid']
rsp = api.put('globallb/%s' % obj_uuid,
data=obj,
tenant=tenant,
tenant_uuid=tenant_uuid)
else:
changed = True
rsp = api.post('globallb',
data=obj,
tenant=tenant,
tenant_uuid=tenant_uuid)
if rsp is None:
return module.exit_json(changed=changed, obj=existing_obj)
else:
return ansible_return(module, rsp, changed)
except:
raise
def main():
argument_specs = dict(
state=dict(default='present', choices=['absent', 'present']),
avi_api_update_method=dict(default='put', choices=['put', 'patch']),
avi_api_patch_op=dict(choices=['add', 'replace', 'delete']),
allow_mode_delegation=dict(type='bool', ),
created_by=dict(type='str', ),
crs_groups=dict(type='list', ),
description=dict(type='str', ),
enable_app_learning=dict(type='bool', ),
failure_mode=dict(type='str', ),
learning=dict(type='dict', ),
mode=dict(type='str'),
name=dict(type='str', required=True),
paranoia_level=dict(type='str', ),
positive_security_model=dict(type='dict', ),
post_crs_groups=dict(type='list', ),
pre_crs_groups=dict(type='list', ),
tenant_ref=dict(type='str', ),
url=dict(type='str', ),
uuid=dict(type='str', ),
waf_crs_ref=dict(type='str', ),
waf_profile_ref=dict(type='str'),
whitelist=dict(type='dict', ),
base_waf_policy=dict(type='str', required=True),
patch_file=dict(type='str', required=True),
)
argument_specs.update(avi_common_argument_spec())
module = AnsibleModule(argument_spec=argument_specs,
supports_check_mode=True)
if not HAS_AVI:
return module.fail_json(msg=(
'Avi python API SDK (avisdk>=17.1) or requests is not installed. '
'For more details visit https://github.com/avinetworks/sdk.'))
api_creds = AviCredentials()
api_creds.update_from_ansible_module(module)
api = ApiSession.get_session(api_creds.controller,
api_creds.username,
password=api_creds.password,
timeout=api_creds.timeout,
tenant=api_creds.tenant,
tenant_uuid=api_creds.tenant_uuid,
token=api_creds.token,
port=api_creds.port,
api_version=api_creds.api_version)
obj_uuid = None
existing_obj = api.get_object_by_name('wafpolicy',
module.params.get('name'),
params={"include_name": True})
if existing_obj:
obj_uuid = existing_obj.pop('uuid', None)
changed = False
# Delete call if state is absent
if module.params.get('state') == 'absent':
if obj_uuid:
changed = True
if changed and not module.check_mode:
api.delete_by_name('wafpolicy', module.params.get('name'))
ansible_return(module,
None,
changed,
existing_obj=existing_obj,
api_context=api.get_context())
if not existing_obj:
existing_obj = api.get_object_by_name(
'wafpolicy',
module.params.get('base_waf_policy'),
params={"include_name": True})
with open(module.params.get('patch_file'), "r+") as f:
waf_patch = json.loads(f.read())
waf_patch.update((k, v) for k, v in module.params.items()
if v and k not in waf_patch)
new_obj = deepcopy(existing_obj)
update_patch(new_obj, waf_patch)
changed = not avi_obj_cmp(new_obj, existing_obj)
if module.check_mode:
ansible_return(module,
None,
changed,
existing_obj=existing_obj,
api_context=api.get_context())
rsp = None
if changed:
if obj_uuid:
new_obj['uuid'] = obj_uuid
rsp = api.put('wafpolicy/%s' % obj_uuid, data=new_obj)
else:
rsp = api.post('wafpolicy', data=new_obj)
ansible_return(module, rsp, changed, req=new_obj)
def main():
argument_specs = dict(
params=dict(type='dict'),
data=dict(type='dict'),
name=dict(type='str', required=True),
state=dict(default='present',
choices=['absent', 'present'])
)
argument_specs.update(avi_common_argument_spec())
module = AnsibleModule(argument_spec=argument_specs)
if not HAS_AVI:
return module.fail_json(msg=(
'Avi python API SDK (avisdk) is not installed. '
'For more details visit https://github.com/avinetworks/sdk.'))
api_creds = AviCredentials()
api_creds.update_from_ansible_module(module)
api = ApiSession.get_session(
api_creds.controller, api_creds.username, password=api_creds.password,
timeout=api_creds.timeout, tenant=api_creds.tenant,
tenant_uuid=api_creds.tenant_uuid, token=api_creds.token,
port=api_creds.port)
tenant = api_creds.tenant
tenant_uuid = api_creds.tenant_uuid
params = module.params.get('params', None)
data = module.params.get('data', None)
gparams = deepcopy(params) if params else {}
gparams.update({'include_refs': '', 'include_name': ''})
name = module.params.get('name', '')
state = module.params['state']
# Get the api version from module.
api_version = api_creds.api_version
"""
state: present
1. Check if the GSLB service is present
2. If not then create the GSLB service with the member
3. Check if the group exists
4. if not then create the group with the member
5. Check if the member is present
if not then add the member
state: absent
1. check if GSLB service is present if not then exit
2. check if group is present. if not then exit
3. check if member is present. if present then remove it.
"""
obj_type = 'gslbservice'
# Added api version to call
existing_obj = api.get_object_by_name(
obj_type, name, tenant=tenant, tenant_uuid=tenant_uuid,
params={'include_refs': '', 'include_name': ''}, api_version=api_version)
check_mode = module.check_mode
if state == 'absent':
# Added api version to call
changed, rsp = delete_member(module, check_mode, api, tenant,
tenant_uuid, existing_obj, data, api_version)
else:
# Added api version to call
changed, rsp = add_member(module, check_mode, api, tenant, tenant_uuid,
existing_obj, data, name, api_version)
if check_mode or not changed:
return module.exit_json(changed=changed, obj=existing_obj)
return ansible_return(module, rsp, changed, req=data)
def main():
argument_specs = dict(http_method=dict(
required=True, choices=['get', 'put', 'post', 'patch', 'delete']),
path=dict(type='str', required=True),
params=dict(type='dict'),
data=dict(type='jsonarg'),
timeout=dict(type='int', default=60))
argument_specs.update(avi_common_argument_spec())
module = AnsibleModule(argument_spec=argument_specs)
if not HAS_AVI:
return module.fail_json(
msg=('Avi python API SDK (avisdk) is not installed. '
'For more details visit https://github.com/avinetworks/sdk.'))
tenant_uuid = module.params.get('tenant_uuid', None)
api = ApiSession.get_session(module.params['controller'],
module.params['username'],
module.params['password'],
tenant=module.params['tenant'],
tenant_uuid=tenant_uuid)
tenant = module.params.get('tenant', '')
timeout = int(module.params.get('timeout'))
# path is a required argument
path = module.params.get('path', '')
params = module.params.get('params', None)
data = module.params.get('data', None)
# Get the api_version from module.
api_version = module.params.get('api_version', '16.4')
if data is not None:
data = json.loads(data)
method = module.params['http_method']
existing_obj = None
changed = method != 'get'
gparams = deepcopy(params) if params else {}
gparams.update({'include_refs': '', 'include_name': ''})
if method == 'post':
# need to check if object already exists. In that case
# change the method to be put
gparams['name'] = data['name']
rsp = api.get(path,
tenant=tenant,
tenant_uuid=tenant_uuid,
params=gparams,
api_version=api_version)
try:
existing_obj = rsp.json()['results'][0]
except IndexError:
# object is not found
pass
else:
# object is present
method = 'put'
path += '/' + existing_obj['uuid']
if method == 'put':
# put can happen with when full path is specified or it is put + post
if existing_obj is None:
using_collection = False
if ((len(path.split('/')) == 1) and ('name' in data)
and (not path.startswith('cluster'))):
gparams['name'] = data['name']
using_collection = True
rsp = api.get(path,
tenant=tenant,
tenant_uuid=tenant_uuid,
params=gparams,
api_version=api_version)
rsp_data = rsp.json()
if using_collection:
if rsp_data['results']:
existing_obj = rsp_data['results'][0]
path += '/' + existing_obj['uuid']
else:
method = 'post'
else:
if rsp.status_code == 404:
method = 'post'
else:
existing_obj = rsp_data
if existing_obj:
changed = not avi_obj_cmp(data, existing_obj)
cleanup_absent_fields(data)
if method == 'patch':
rsp = api.get(path,
tenant=tenant,
tenant_uuid=tenant_uuid,
params=gparams,
api_version=api_version)
existing_obj = rsp.json()
if (method == 'put' and changed) or (method != 'put'):
fn = getattr(api, method)
rsp = fn(path,
tenant=tenant,
tenant_uuid=tenant,
timeout=timeout,
params=params,
data=data,
api_version=api_version)
else:
rsp = None
if method == 'delete' and rsp.status_code == 404:
changed = False
rsp.status_code = 200
if method == 'patch' and existing_obj and rsp.status_code < 299:
# Ideally the comparison should happen with the return values
# from the patch API call. However, currently Avi API are
# returning different hostname when GET is used vs Patch.
# tracked as AV-12561
if path.startswith('pool'):
time.sleep(1)
gparams = deepcopy(params) if params else {}
gparams.update({'include_refs': '', 'include_name': ''})
rsp = api.get(path,
tenant=tenant,
tenant_uuid=tenant_uuid,
params=gparams,
api_version=api_version)
new_obj = rsp.json()
changed = not avi_obj_cmp(new_obj, existing_obj)
if rsp is None:
return module.exit_json(changed=changed, obj=existing_obj)
return ansible_return(module, rsp, changed, req=data)
