Ejemplo n.º 1
0
def main():
    helper = get_connection(
        template=True,
        template_stack=True,
        with_state=True,
        with_classic_provider_spec=True,
        argument_spec=setup_args(),
    )

    module = AnsibleModule(
        argument_spec=helper.argument_spec,
        supports_check_mode=True,
        required_one_of=helper.required_one_of,
    )

    parent = helper.get_pandevice_parent(module)

    # TODO(gfreeman) - removed in 2.12
    if module.params['replace'] is not None:
        module.deprecate(
            'Param "replace" is deprecated; please remove it from your playbooks',
            '2.12')

    vr = VirtualRouter(module.params['vr_name'])
    parent.add(vr)
    try:
        vr.refresh()
    except PanDeviceError as e:
        module.fail_json(msg='Failed refresh: {0}'.format(e))

    bgp = vr.find('', Bgp)
    if bgp is None:
        module.fail_json(msg='BGP config not yet added to {0}'.format(vr.name))

    parent = bgp

    state = module.params['state']
    commit = module.params['commit']

    spec = {
        'name': module.params['name'],
        'secret': module.params['secret'],
    }
    obj = BgpAuthProfile(**spec)

    if state == 'present':
        changed = True
        parent.add(obj)
        if not module.check_mode:
            try:
                obj.apply()
            except PanDeviceError as e:
                module.fail_json(msg='Failed apply: {0}'.format(e))
    else:
        cur_obj = parent.find(obj.name, BgpAuthProfile)
        if cur_obj is not None:
            changed = True
            if not module.check_mode:
                try:
                    cur_obj.delete()
                except PanDeviceError as e:
                    module.fail_json(msg='Failed delete: {0}'.format(e))

    if commit and changed:
        helper.commit(module)

    module.exit_json(changed=changed, msg='done')
Ejemplo n.º 2
0
def main():
    helper = get_connection(
        template=True,
        template_stack=True,
        with_classic_provider_spec=True,
        argument_spec=setup_args(),
    )

    module = AnsibleModule(
        argument_spec=helper.argument_spec,
        supports_check_mode=True,
        required_one_of=helper.required_one_of,
    )

    parent = helper.get_pandevice_parent(module)

    vr = VirtualRouter(module.params['vr_name'])
    parent.add(vr)
    try:
        vr.refresh()
    except PanDeviceError as e:
        module.fail_json(msg='Failed refresh: {0}'.format(e))

    bgp = vr.find('', Bgp)
    if bgp is None:
        module.fail_json(
            msg='BGP is not configured for virtual router {0}'.format(vr.name))

    policy = None
    if module.params['policy_type'] == 'conditional-advertisement':
        policy_cls = BgpPolicyConditionalAdvertisement
    else:
        policy_cls = BgpPolicyAggregationAddress
    policy = bgp.find_or_create(module.params['policy_name'], policy_cls)

    obj_type = None
    if module.params['filter_type'] == 'non-exist':
        obj_type = BgpPolicyNonExistFilter
    elif module.params['filter_type'] == 'advertise':
        obj_type = BgpPolicyAdvertiseFilter
    elif module.params['filter_type'] == 'suppress':
        obj_type = BgpPolicySuppressFilter
    else:
        module.fail_json(msg='Unknown filter_type: {0}'.format(
            module.params['filter_type']))
    listing = policy.findall(obj_type)

    spec = {
        'name':
        module.params['name'],
        'enable':
        module.params['enable'],
        'match_afi':
        module.params['match_afi'],
        'match_safi':
        module.params['match_safi'],
        'match_route_table':
        module.params['match_route_table'],
        'match_nexthop':
        module.params['match_nexthop'],
        'match_from_peer':
        module.params['match_from_peer'],
        'match_med':
        module.params['match_med'],
        'match_as_path_regex':
        module.params['match_as_path_regex'],
        'match_community_regex':
        module.params['match_community_regex'],
        'match_extended_community_regex':
        module.params['match_extended_community_regex'],
    }
    obj = obj_type(**spec)
    policy.add(obj)

    # Handle address prefixes.
    for x in module.params['address_prefix']:
        if isinstance(x, dict):
            if 'name' not in x:
                module.fail_json(
                    msg='Address prefix dict requires "name": {0}'.format(x))
            obj.add(
                BgpPolicyAddressPrefix(
                    to_text(x['name'],
                            encoding='utf-8',
                            errors='surrogate_or_strict'),
                    None
                    if x.get('exact') is None else module.boolean(x['exact']),
                ))
        else:
            obj.add(
                BgpPolicyAddressPrefix(
                    to_text(x, encoding='utf-8',
                            errors='surrogate_or_strict')))

    if module.params['state'] == 'return-object':
        module.deprecate('state=return-object is deprecated', '2.12')
        import pickle
        from base64 import b64encode
        obj.parent = None
        panos_obj = b64encode(
            pickle.dumps(obj, protocol=pickle.HIGHEST_PROTOCOL))
        module.exit_json(msg='returning serialized object',
                         panos_obj=panos_obj)

    changed = helper.apply_state(obj, listing, module)
    if changed and module.params['commit']:
        helper.commit(module)

    module.exit_json(changed=changed, msg='done')
Ejemplo n.º 3
0
def main():
    helper = get_connection(
        template=True,
        template_stack=True,
        with_state=True,
        with_classic_provider_spec=True,
        argument_spec=setup_args(),
    )

    module = AnsibleModule(
        argument_spec=helper.argument_spec,
        supports_check_mode=True,
        required_one_of=helper.required_one_of,
    )

    # Verify libs, setup pandevice object tree.
    parent = helper.get_pandevice_parent(module)

    vr = VirtualRouter(module.params['vr_name'])
    parent.add(vr)
    try:
        vr.refresh()
    except PanDeviceError as e:
        module.fail_json(msg='Failed refresh: {0}'.format(e))

    bgp = vr.find('', Bgp)
    if bgp is None:
        module.fail_json(
            msg='BGP is not configured for "{0}".'.format(vr.name))

    group = bgp.find(module.params['peer_group'], BgpPeerGroup)
    if group is None:
        module.fail_json(msg='BGP peer group does not exist: {0}.'.format(
            module.params['peer_group']))

    listing = group.findall(BgpPeer)
    spec = {
        'name':
        module.params['name'],
        'enable':
        module.params['enable'],
        'peer_as':
        module.params['peer_as'],
        'enable_mp_bgp':
        module.params['enable_mp_bgp'],
        'address_family_identifier':
        module.params['address_family_identifier'],
        'subsequent_address_unicast':
        module.params['subsequent_address_unicast'],
        'subsequent_address_multicast':
        module.params['subsequent_address_multicast'],
        'local_interface':
        module.params['local_interface'],
        'local_interface_ip':
        module.params['local_interface_ip'],
        'peer_address_ip':
        module.params['peer_address_ip'],
        'connection_authentication':
        module.params['connection_authentication'],
        'connection_keep_alive_interval':
        module.params['connection_keep_alive_interval'],
        'connection_min_route_adv_interval':
        module.params['connection_min_route_adv_interval'],
        'connection_multihop':
        module.params['connection_multihop'],
        'connection_open_delay_time':
        module.params['connection_open_delay_time'],
        'connection_hold_time':
        module.params['connection_hold_time'],
        'connection_idle_hold_time':
        module.params['connection_idle_hold_time'],
        'connection_incoming_allow':
        module.params['connection_incoming_allow'],
        'connection_outgoing_allow':
        module.params['connection_outgoing_allow'],
        'connection_incoming_remote_port':
        module.params['connection_incoming_remote_port'],
        'connection_outgoing_local_port':
        module.params['connection_outgoing_local_port'],
        'enable_sender_side_loop_detection':
        module.params['enable_sender_side_loop_detection'],
        'reflector_client':
        module.params['reflector_client'],
        'peering_type':
        module.params['peering_type'],
        'max_prefixes':
        module.params['max_prefixes'],
        'bfd_profile':
        module.params['bfd_profile'],
    }
    obj = BgpPeer(**spec)
    group.add(obj)

    changed = helper.apply_state(obj, listing, module)

    if changed and module.params['commit']:
        helper.commit(module)

    module.exit_json(changed=changed, msg='done')
Ejemplo n.º 4
0
def main():
    helper = get_connection(
        template=True,
        template_stack=True,
        with_state=True,
        with_classic_provider_spec=True,
        argument_spec=setup_args(),
    )

    module = AnsibleModule(
        argument_spec=helper.argument_spec,
        supports_check_mode=True,
        required_one_of=helper.required_one_of,
    )

    parent = helper.get_pandevice_parent(module)

    spec = {
        'name':
        module.params['name'],
        'enable':
        module.params['enable'],
        'prefix':
        module.params['prefix'],
        'summary':
        module.params['summary'],
        'as_set':
        module.params['as_set'],
        'attr_local_preference':
        module.params['attr_local_preference'],
        'attr_med':
        module.params['attr_med'],
        'attr_weight':
        module.params['attr_weight'],
        'attr_nexthop':
        module.params['attr_nexthop'],
        'attr_origin':
        module.params['attr_origin'],
        'attr_as_path_limit':
        module.params['attr_as_path_limit'],
        'attr_as_path_type':
        module.params['attr_as_path_type'],
        'attr_as_path_prepend_times':
        module.params['attr_as_path_prepend_times'],
        'attr_community_type':
        module.params['attr_community_type'],
        'attr_community_argument':
        module.params['attr_community_argument'],
        'attr_extended_community_type':
        module.params['attr_extended_community_type'],
        'attr_extended_community_argument':
        module.params['attr_extended_community_argument'],
    }
    obj = BgpPolicyAggregationAddress(**spec)

    vr_name = module.params['vr_name']
    commit = module.params['commit']

    vr = VirtualRouter(vr_name)
    parent.add(vr)

    try:
        vr.refresh()
    except PanDeviceError as e:
        module.fail_json(msg='Failed refresh: {0}'.format(e))

    bgp = vr.find('', Bgp)
    if bgp is None:
        module.fail_json(msg='BGP is not configured for "{0}"'.format(vr.name))

    listing = bgp.findall(BgpPolicyAggregationAddress)
    bgp.add(obj)

    # Apply the desired state.
    changed = helper.apply_state(obj, listing, module)

    # Optional: commit.
    if changed and commit:
        helper.commit(module)

    module.exit_json(changed=changed, msg='done')