def main():
    module = AnsibleModule(
        argument_spec=dict(
            host=dict(required=True),
            username=dict(required=True),
            password=dict(required=True),
            validate_certs=dict(required=False, choices=['no', 'yes'], default='yes')),
        supports_check_mode=False)

    m_args = module.params

    if not has_rasa:
        module.fail_json(msg='Missing required rasa module (check docs)')


    if m_args['validate_certs'] == 'yes':
        validate_certs = True
    else:
        validate_certs = False

    dev = ASA(
        device=m_args['host'],
        username=m_args['username'],
        password=m_args['password'],
        verify_cert=validate_certs
    )

    try:
        data = dev.write_mem()
    except:
        err = sys.exc_info()[0]
        module.fail_json(msg='Unable to connect to device: %s' % err)

    if data.status_code == 200:
        return_status = True
    else:
        module.fail_json(msg='Unable to save configuration: - %s' % data.status_code)

    return_msg = { 'changed': return_status } 
    module.exit_json(**return_msg)
def main():
    module = AnsibleModule(argument_spec=dict(
        host=dict(required=True),
        username=dict(required=True),
        password=dict(required=True),
        name=dict(required=True),
        description=dict(required=False),
        state=dict(required=True, choices=['absent', 'present']),
        category=dict(required=False,
                      choices=[
                          'ipv4_address', 'ipv6_address', 'ipv4_subnet',
                          'ipv6_subnet', 'ipv4_range', 'ipv6_range',
                          'ipv4_fqdn', 'ipv6_fqdn'
                      ]),
        validate_certs=dict(required=False,
                            choices=['no', 'yes'],
                            default='yes'),
        value=dict(required=False)),
                           required_together=(['category', 'value'], ),
                           supports_check_mode=False)

    m_args = module.params

    if not has_rasa:
        module.fail_json(msg='Missing required rasa module (check docs)')

    if m_args['state'] == "present":
        if m_args['category'] == False:
            module.fail_json(msg='Category not defined')
    if m_args['validate_certs'] == 'yes':
        validate_certs = True
    else:
        validate_certs = False

    dev = ASA(device=m_args['host'],
              username=m_args['username'],
              password=m_args['password'],
              verify_cert=validate_certs)

    desired_data = {}
    desired_data['name'] = m_args['name']
    desired_data['objectId'] = m_args['name']
    desired_data['kind'] = 'object#NetworkObj'
    if m_args['category']:
        kind = object_kind[m_args['category']]
        desired_data['host'] = {'kind': kind, 'value': m_args['value']}

    if m_args['description']:
        desired_data['description'] = m_args['description']

    try:
        data = dev.get_networkobject(m_args['name'])
    except:
        err = sys.exc_info()[0]
        module.fail_json(msg='Unable to connect to device: %s' % err)

    if data.status_code == 200:
        if m_args['state'] == 'absent':
            changed_status = delete_object(dev, module, m_args['name'])
        elif m_args['state'] == 'present':

            matched = match_objects(data.json(), desired_data, module)
            if matched:
                changed_status = False
            else:
                changed_status = update_object(dev, module, desired_data)

    elif data.status_code == 401:
        module.fail_json(msg='Authentication error')

    elif data.status_code == 404:
        if m_args['state'] == 'absent':
            changed_status = False
        elif m_args['state'] == 'present':
            changed_status = create_object(dev, module, desired_data)
    else:
        module.fail_json(msg="Unsupported return code %s" % data.status_code)

    return_msg = {}
    return_msg['changed'] = changed_status

    module.exit_json(**return_msg)
def main():
    module = AnsibleModule(
        argument_spec=dict(
            host=dict(required=True),
            username=dict(required=True),
            password=dict(required=True),
            name=dict(required=True),
            description=dict(required=False),
            state=dict(required=True, choices=['absent', 'present']),
            category=dict(required=False, choices=[ 'ipv4_address', 'ipv6_address', 'ipv4_subnet', 'ipv6_subnet', 'ipv4_range', 'ipv6_range', 'ipv4_fqdn', 'ipv6_fqdn' ]),
            validate_certs=dict(required=False, choices=['no', 'yes'], default='yes'),
            value=dict(required=False)),
            required_together = ( ['category','value'],),
        supports_check_mode=False)

    m_args = module.params

    if not has_rasa:
        module.fail_json(msg='Missing required rasa module (check docs)')

    if m_args['state'] == "present":
        if m_args['category'] == False:
            module.fail_json(msg='Category not defined')
    if m_args['validate_certs'] == 'yes':
        validate_certs = True
    else:
        validate_certs = False

    dev = ASA(
        device=m_args['host'],
        username=m_args['username'],
        password=m_args['password'],
        verify_cert=validate_certs
    )

    desired_data = {}
    desired_data['name'] = m_args['name']
    desired_data['objectId'] = m_args['name']
    desired_data['kind'] = 'object#NetworkObj'
    if m_args['category']:
        kind = object_kind[m_args['category']]
        desired_data['host'] = {
            'kind': kind,
            'value': m_args['value']
        }

    if m_args['description']:
        desired_data['description'] = m_args['description']

    try:
        data = dev.get_networkobject(m_args['name'])
    except:
        err = sys.exc_info()[0]
        module.fail_json(msg='Unable to connect to device: %s' % err)

    if data.status_code == 200:
        if m_args['state'] == 'absent':
            changed_status = delete_object(dev, module, m_args['name'])
        elif m_args['state'] == 'present':

            matched = match_objects(data.json(), desired_data, module)
            if matched:
                changed_status = False
            else:
                changed_status = update_object(dev, module, desired_data)

    elif data.status_code == 401:
        module.fail_json(msg='Authentication error')

    elif data.status_code == 404:
        if m_args['state'] == 'absent':
            changed_status = False
        elif m_args['state'] == 'present':
            changed_status = create_object(dev, module, desired_data)
    else:
        module.fail_json(msg="Unsupported return code %s" % data.status_code)

    return_msg = {}
    return_msg['changed'] = changed_status

    module.exit_json(**return_msg)
def main():
    module = AnsibleModule(
        argument_spec=dict(
            host=dict(required=True),
            username=dict(required=True),
            password=dict(required=True),
            members=dict(required=False),
            name=dict(required=True),
            entry_state=dict(required=False, choices=['absent', 'present']),
            description=dict(required=False),
            state=dict(required=True, choices=['absent', 'present']),
            category=dict(required=False, choices=[ 'ipv4_address', 'ipv6_address', 'ipv4_subnet', 'ipv6_subnet', 'ipv4_range', 'ipv6_range', 'ipv4_fqdn', 'ipv6_fqdn', 'object', 'object_group' ]),
            validate_certs=dict(required=False, choices=['no', 'yes'], default='yes'),
            value=dict(required=False)
            ),
        required_together = (
                ['category','entry_state','value'],
            ),
        mutually_exclusive=(['category', 'members'],),
        supports_check_mode=False)

    m_args = module.params

    if not has_rasa:
        module.fail_json(msg='Missing required rasa module (check docs)')

    if m_args['validate_certs'] == 'yes':
        validate_certs = True
    else:
        validate_certs = False

    dev = ASA(
        device=m_args['host'],
        username=m_args['username'],
        password=m_args['password'],
        verify_cert=validate_certs
    )

    desired_data = {}
    desired_data['name'] = m_args['name']
    if m_args['description']:
        desired_data['description'] = m_args['description']

    member_data = {}
    if m_args['entry_state']:
        member_data['kind'] = object_kind[m_args['category']]
        kind_type = object_kind_type[m_args['category']]
        member_data[kind_type] = m_args['value']
        if kind_type == 'objectId':
            if m_args['category'] == 'object_group':
                ref_link = 'https://%s/api/objects/networkobjectgroups/%s' % (m_args['host'], m_args['value'])
            else:
                ref_link = 'https://%s/api/objects/networkobjects/%s' % (m_args['host'], m_args['value'])
            member_data['refLink'] = ref_link

        desired_data['members'] = [member_data]

    if m_args['members']:
        pass

    try:
        data = dev.get_networkobjectgroup(m_args['name'])
    except:
        err = sys.exc_info()[0]
        module.fail_json(msg='Unable to connect to device: %s' % err)

    if data.status_code == 200:
        if m_args['state'] == 'absent':
            changed_status = delete_object(dev, module, m_args['name'])

        elif m_args['state'] == 'present' and m_args['entry_state']:

            change_description = False
            if m_args['description']:
                current_data = data.json()
                try:
                    if m_args['description'] == current_data['description']:

                        change_description = False
                    else:
                        change_description = True
                except:
                    change_description = True

            found = find_member(data.json(), member_data, module)

            if found and m_args['entry_state'] == 'present':
                changed_status = False
            elif found and m_args['entry_state'] == 'absent':
                changed_status = remove_object(dev, module, m_args['name'], member_data)

            elif m_args['entry_state'] == 'present':
                changed_status = add_object(dev, module, m_args['name'], member_data)

            elif m_args['entry_state'] == 'absent':
                changed_status = False                

            if change_description:
                changed_status = modify_description(dev, module, m_args['name'],m_args['description'])

        elif m_args['state'] == 'present' and m_args['members']:
            module.fail_json(msg='This feature is eagerly awaiting to be developed')

        else:
           #Remove after members are implemented
           module.fail_json(msg='Unknown error check arguments') 

    elif data.status_code == 401:
        module.fail_json(msg='Authentication error')

    elif data.status_code == 404:
        if m_args['state'] == 'absent':
            changed_status = False
        elif m_args['state'] == 'present':
            changed_status = create_object(dev, module, desired_data)
    else:
        module.fail_json(msg="Unsupported return code %s" % data.status_code)

    return_msg = {}
    return_msg['changed'] = changed_status

    module.exit_json(**return_msg)
Ejemplo n.º 5
0
def main():
    module = AnsibleModule(argument_spec=dict(
        host=dict(required=True),
        username=dict(required=True),
        password=dict(required=True),
        name=dict(required=True),
        description=dict(required=False),
        dst_port=dict(required=False),
        src_port=dict(required=False),
        icmp_type=dict(required=False),
        icmp_code=dict(required=False),
        state=dict(required=True, choices=['absent', 'present']),
        protocol=dict(required=False,
                      choices=[
                          'ah',
                          'eigrp',
                          'esp',
                          'gre',
                          'icmp',
                          'icmp6',
                          'igmp',
                          'igrp',
                          'ip',
                          'ipinip',
                          'ipsec',
                          'nos',
                          'ospf',
                          'pcp',
                          'pim',
                          'pptp',
                          'snp',
                          'tcp',
                          'udp',
                          '0',
                          '1',
                          '2',
                          '3',
                          '4',
                          '5',
                          '6',
                          '7',
                          '8',
                          '9',
                          '10',
                          '11',
                          '12',
                          '13',
                          '14',
                          '15',
                          '16',
                          '17',
                          '18',
                          '19',
                          '20',
                          '21',
                          '22',
                          '23',
                          '24',
                          '25',
                          '26',
                          '27',
                          '28',
                          '29',
                          '30',
                          '31',
                          '32',
                          '33',
                          '34',
                          '35',
                          '36',
                          '37',
                          '38',
                          '39',
                          '40',
                          '41',
                          '42',
                          '43',
                          '44',
                          '45',
                          '46',
                          '47',
                          '48',
                          '49',
                          '50',
                          '51',
                          '52',
                          '53',
                          '54',
                          '55',
                          '56',
                          '57',
                          '58',
                          '59',
                          '60',
                          '61',
                          '62',
                          '63',
                          '64',
                          '65',
                          '66',
                          '67',
                          '68',
                          '69',
                          '70',
                          '71',
                          '72',
                          '73',
                          '74',
                          '75',
                          '76',
                          '77',
                          '78',
                          '79',
                          '80',
                          '81',
                          '82',
                          '83',
                          '84',
                          '85',
                          '86',
                          '87',
                          '88',
                          '89',
                          '90',
                          '91',
                          '92',
                          '93',
                          '94',
                          '95',
                          '96',
                          '97',
                          '98',
                          '99',
                          '100',
                          '101',
                          '102',
                          '103',
                          '104',
                          '105',
                          '106',
                          '107',
                          '108',
                          '109',
                          '110',
                          '111',
                          '112',
                          '113',
                          '114',
                          '115',
                          '116',
                          '117',
                          '118',
                          '119',
                          '120',
                          '121',
                          '122',
                          '123',
                          '124',
                          '125',
                          '126',
                          '127',
                          '128',
                          '129',
                          '130',
                          '131',
                          '132',
                          '133',
                          '134',
                          '135',
                          '136',
                          '137',
                          '138',
                          '139',
                          '140',
                          '141',
                          '142',
                          '143',
                          '144',
                          '145',
                          '146',
                          '147',
                          '148',
                          '149',
                          '150',
                          '151',
                          '152',
                          '153',
                          '154',
                          '155',
                          '156',
                          '157',
                          '158',
                          '159',
                          '160',
                          '161',
                          '162',
                          '163',
                          '164',
                          '165',
                          '166',
                          '167',
                          '168',
                          '169',
                          '170',
                          '171',
                          '172',
                          '173',
                          '174',
                          '175',
                          '176',
                          '177',
                          '178',
                          '179',
                          '180',
                          '181',
                          '182',
                          '183',
                          '184',
                          '185',
                          '186',
                          '187',
                          '188',
                          '189',
                          '190',
                          '191',
                          '192',
                          '193',
                          '194',
                          '195',
                          '196',
                          '197',
                          '198',
                          '199',
                          '200',
                          '201',
                          '202',
                          '203',
                          '204',
                          '205',
                          '206',
                          '207',
                          '208',
                          '209',
                          '210',
                          '211',
                          '212',
                          '213',
                          '214',
                          '215',
                          '216',
                          '217',
                          '218',
                          '219',
                          '220',
                          '221',
                          '222',
                          '223',
                          '224',
                          '225',
                          '226',
                          '227',
                          '228',
                          '229',
                          '230',
                          '231',
                          '232',
                          '233',
                          '234',
                          '235',
                          '236',
                          '237',
                          '238',
                          '239',
                          '240',
                          '241',
                          '242',
                          '243',
                          '244',
                          '245',
                          '246',
                          '247',
                          '248',
                          '249',
                          '250',
                          '251',
                          '252',
                          '253',
                          '254',
                          '255',
                      ]),
        validate_certs=dict(required=False,
                            choices=['no', 'yes'],
                            default='yes'),
        value=dict(required=False)),
                           required_together=(['category', 'value'], ),
                           supports_check_mode=False)

    m_args = module.params

    if not has_rasa:
        module.fail_json(msg='Missing required rasa module (check docs)')

    if m_args['state'] == "present":
        if m_args['protocol'] == False:
            module.fail_json(msg='Protocol not defined')
    if m_args['validate_certs'] == 'yes':
        validate_certs = True
    else:
        validate_certs = False

    dev = ASA(device=m_args['host'],
              username=m_args['username'],
              password=m_args['password'],
              verify_cert=validate_certs)

    if m_args['src_port'] and m_args['protocol'] not in protocols_using_ports:
        module.fail_json(msg="Can't use source port with %s" %
                         m_args['protocol'])

    if m_args['dst_port'] and m_args['protocol'] not in protocols_using_ports:
        module.fail_json(msg="Can't use destination port with %s" %
                         m_args['protocol'])

    # icmp -> ICMPServiceObj
    # icmp6 -> object#ICMP6ServiceObj
    if m_args['dst_port'] or m_args['src_port']:
        kind = 'object#TcpUdpServiceObj'
    elif m_args['protocol']:
        kind = 'object#NetworkProtocolObj'

        protocol = m_args['protocol']
        try:
            protocol = int(m_args['protocol'])
        except:
            pass
        if isinstance(protocol, int):
            protocol = ip_protocol_name[str(protocol)]
    else:
        kind = 'object#NetworkProtocolObj'

    # Change to function to target source dest udp and tcp
    if m_args['dst_port'] and m_args['protocol'] == 'tcp':
        try:
            int(m_args['dst_port'])
        except:
            if m_args['dst_port'] not in tcp_services.itervalues():
                module.fail_json(msg='%s is not valid using tcp' %
                                 m_args['dst_port'])

        if isinstance(m_args['dst_port'], int):
            if 1 <= m_args['dst_port'] <= 65535:
                m_args['dst_port'] = str(m_args['dst_port'])
            else:
                module.fail_json(msg='%s is not a valid tcp port' %
                                 m_args['dst_port'])

    desired_data = {}
    desired_data['name'] = m_args['name']
    desired_data['objectId'] = m_args['name']
    desired_data['kind'] = kind

    if kind == 'object#NetworkProtocolObj':
        desired_data['value'] = protocol
    elif kind == 'object#TcpUdpServiceObj':
        # Fix for source ports too
        desired_data['value'] = '%s/%s' % (m_args['protocol'],
                                           m_args['dst_port'])

    if m_args['description']:
        desired_data['description'] = m_args['description']

    try:
        data = dev.get_serviceobject(m_args['name'])
    except:
        err = sys.exc_info()[0]
        module.fail_json(msg='Unable to connect to device: %s' % err)

    if data.status_code == 200:
        if m_args['state'] == 'absent':
            changed_status = delete_object(dev, module, m_args['name'])
        elif m_args['state'] == 'present':

            matched = match_objects(data.json(), desired_data, module)
            if matched:
                changed_status = False
            else:
                changed_status = update_object(dev, module, desired_data)

    elif data.status_code == 401:
        module.fail_json(msg='Authentication error')

    elif data.status_code == 404:
        if m_args['state'] == 'absent':
            changed_status = False
        elif m_args['state'] == 'present':
            changed_status = create_object(dev, module, desired_data)
    else:
        module.fail_json(msg="Unsupported return code %s" % data.status_code)

    return_msg = {}
    return_msg['changed'] = changed_status

    module.exit_json(**return_msg)
def main():
    module = AnsibleModule(
        argument_spec=dict(
            host=dict(required=True),
            username=dict(required=True),
            password=dict(required=True),
            priority=dict(required=True),
            state=dict(required=True, choices=['absent', 'present']),
            authentication=dict(required=False, choices=['pre-share', 'rsa-sig']),
            encryption=dict(required=False, choices=['des', '3des', 'aes-128', 'aes-192', 'aes-256']),
            hash=dict(required=False, choices=['md5', 'sha']),
            group=dict(required=False, choices=['1', '2', '5']),
            validate_certs=dict(required=False, choices=['no', 'yes'], default='yes'),
            lifetime=dict(required=False),
            ),
            required_together = ( ['authentication', 'encryption', 'hash', 'group', 'lifetime'],),
        supports_check_mode=False)

    m_args = module.params

    if not has_rasa:
        module.fail_json(msg='Missing required rasa module (check docs)')

    if m_args['state'] == "present" and m_args['authentication'] == False:
        module.fail_json(msg='Authentication mode not defined')

    if m_args['validate_certs'] == 'yes':
        validate_certs = True
    else:
        validate_certs = False

    dev = ASA(
        device=m_args['host'],
        username=m_args['username'],
        password=m_args['password'],
        verify_cert=validate_certs
    )

    desired_data = {}

    try:
        priority = int(m_args['priority'])
    except:
        module.fail_json(msg='Priority has to be a number')

    if 1 <= priority <= 65535:
        #desired_data['priority'] = m_args['priority']
        desired_data['priority'] = priority
        desired_data['objectId'] = m_args['priority']
    else:
        module.fail_json(msg='Priority must be between 1 and 65535')

    if m_args['state'] == "present":

        try:
            lifetime = int(m_args['lifetime'])
        except:
            module.fail_json(msg='Lifetime has to be a number')

        if 120 <= lifetime <= 2147483647:
            desired_data['lifetimeInSecs'] = lifetime
        else:
            module.fail_json(msg='Lifetime must be between 120 and 2147483647')

        desired_data['authentication'] = m_args['authentication']
        desired_data['encryption'] = m_args['encryption']
        desired_data['hash'] = m_args['hash']
        desired_data['dhgroup'] = int(m_args['group'])
        desired_data['kind'] = 'object#ikev1policy'
        desired_data['objectId'] = m_args['priority']
        desired_data['selfLink'] = 'https://%s/api/vpn/ikev1policy/%s' % (m_args['host'], m_args['priority'])

    try:
        data = dev.get_ikev1_policy(m_args['priority'])
    except:
        err = sys.exc_info()[0]
        module.fail_json(msg='Unable to connect to device: %s' % err)

    if data.status_code == 200:
        
        if m_args['state'] == 'absent':

            changed_status = delete_object(dev, module, m_args['priority'])

        elif m_args['state'] == 'present':
         
            matched = match_objects(data.json(), desired_data, module)
            if matched:
                changed_status = False
            else:
                changed_status = update_object(dev, module, desired_data)

    elif data.status_code == 401:
        module.fail_json(msg='Authentication error')

    elif data.status_code == 404:
        if m_args['state'] == 'absent':
            changed_status = False
        elif m_args['state'] == 'present':
            changed_status = create_object(dev, module, desired_data)
    else:
        module.fail_json(msg="Unsupported return code %s" % data.status_code)

    return_msg = {}
    return_msg['changed'] = changed_status

    module.exit_json(**return_msg)
Ejemplo n.º 7
0
def main():
    module = AnsibleModule(
        argument_spec=dict(
            host=dict(required=True),
            username=dict(required=True),
            password=dict(required=True),
            members=dict(required=False),
            name=dict(required=True),
            entry_state=dict(required=False, choices=['absent', 'present']),
            description=dict(required=False),
            state=dict(required=True, choices=['absent', 'present']),
            category=dict(required=False, choices=[ 'ipv4_address', 'ipv6_address', 'ipv4_subnet', 'ipv6_subnet', 'ipv4_range', 'ipv6_range', 'ipv4_fqdn', 'ipv6_fqdn', 'object', 'object_group' ]),
            validate_certs=dict(required=False, choices=['no', 'yes'], default='yes'),
            value=dict(required=False)
            ),
        required_together = (
                ['category','entry_state','value'],
            ),
        mutually_exclusive=(['category', 'members'],),
        supports_check_mode=False)

    m_args = module.params

    if not has_rasa:
        module.fail_json(msg='Missing required rasa module (check docs)')

    if m_args['validate_certs'] == 'yes':
        validate_certs = True
    else:
        validate_certs = False

    dev = ASA(
        device=m_args['host'],
        username=m_args['username'],
        password=m_args['password'],
        verify_cert=validate_certs
    )

    desired_data = {}
    desired_data['name'] = m_args['name']
    if m_args['description']:
        desired_data['description'] = m_args['description']

    member_data = {}
    if m_args['entry_state']:
        member_data['kind'] = object_kind[m_args['category']]
        kind_type = object_kind_type[m_args['category']]
        member_data[kind_type] = m_args['value']
        if kind_type == 'objectId':
            if m_args['category'] == 'object_group':
                ref_link = 'https://%s/api/objects/networkobjectgroups/%s' % (m_args['host'], m_args['value'])
            else:
                ref_link = 'https://%s/api/objects/networkobjects/%s' % (m_args['host'], m_args['value'])
            member_data['refLink'] = ref_link

        desired_data['members'] = [member_data]

    if m_args['members']:
        pass

    try:
        data = dev.get_networkobjectgroup(m_args['name'])
    except:
        err = sys.exc_info()[0]
        module.fail_json(msg='Unable to connect to device: %s' % err)

    if data.status_code == 200:
        if m_args['state'] == 'absent':
            changed_status = delete_object(dev, module, m_args['name'])

        elif m_args['state'] == 'present' and m_args['entry_state']:

            change_description = False
            if m_args['description']:
                current_data = data.json()
                try:
                    if m_args['description'] == current_data['description']:

                        change_description = False
                    else:
                        change_description = True
                except:
                    change_description = True

            found = find_member(data.json(), member_data, module)

            if found and m_args['entry_state'] == 'present':
                changed_status = False
            elif found and m_args['entry_state'] == 'absent':
                changed_status = remove_object(dev, module, m_args['name'], member_data)

            elif m_args['entry_state'] == 'present':
                changed_status = add_object(dev, module, m_args['name'], member_data)

            elif m_args['entry_state'] == 'absent':
                changed_status = False                

            if change_description:
                changed_status = modify_description(dev, module, m_args['name'],m_args['description'])

        elif m_args['state'] == 'present' and m_args['members']:
            module.fail_json(msg='This feature is eagerly awaiting to be developed')

        else:
           #Remove after members are implemented
           module.fail_json(msg='Unknown error check arguments') 

    elif data.status_code == 401:
        module.fail_json(msg='Authentication error')

    elif data.status_code == 404:
        if m_args['state'] == 'absent':
            changed_status = False
        elif m_args['state'] == 'present':
            changed_status = create_object(dev, module, desired_data)
    else:
        module.fail_json(msg="Unsupported return code %s" % data.status_code)

    return_msg = {}
    return_msg['changed'] = changed_status

    module.exit_json(**return_msg)
def main():
    module = AnsibleModule(
        argument_spec=dict(
            host=dict(required=True),
            username=dict(required=True),
            password=dict(required=True),
            name=dict(required=True),
            description=dict(required=False),
            dst_port=dict(required=False),
            src_port=dict(required=False),
            icmp_type=dict(required=False),
            icmp_code=dict(required=False),
            state=dict(required=True, choices=['absent', 'present']),
            protocol=dict(required=False, choices=[
                'ah', 'eigrp','esp','gre','icmp','icmp6','igmp', 'igrp',
                'ip', 'ipinip', 'ipsec', 'nos', 'ospf', 'pcp', 'pim',
                'pptp', 'snp', 'tcp', 'udp',
                '0', '1', '2', '3', '4', '5', '6', '7', '8', '9', '10', '11',
                '12', '13', '14', '15', '16', '17', '18', '19', '20', '21',
                '22', '23', '24', '25', '26', '27', '28', '29', '30', '31',
                '32', '33', '34', '35', '36', '37', '38', '39', '40', '41',
                '42', '43', '44', '45', '46', '47', '48', '49', '50', '51',
                '52', '53', '54', '55', '56', '57', '58', '59', '60', '61',
                '62', '63', '64', '65', '66', '67', '68', '69', '70', '71',
                '72', '73', '74', '75', '76', '77', '78', '79', '80', '81',
                '82', '83', '84', '85', '86', '87', '88', '89', '90', '91',
                '92', '93', '94', '95', '96', '97', '98', '99', '100', '101',
                '102', '103', '104', '105', '106', '107', '108', '109', '110',
                '111', '112', '113', '114', '115', '116', '117', '118', '119',
                '120', '121', '122', '123', '124', '125', '126', '127', '128',
                '129', '130', '131', '132', '133', '134', '135', '136', '137',
                '138', '139', '140', '141', '142', '143', '144', '145', '146',
                '147', '148', '149', '150', '151', '152', '153', '154', '155',
                '156', '157', '158', '159', '160', '161', '162', '163', '164',
                '165', '166', '167', '168', '169', '170', '171', '172', '173',
                '174', '175', '176', '177', '178', '179', '180', '181', '182',
                '183', '184', '185', '186', '187', '188', '189', '190', '191',
                '192', '193', '194', '195', '196', '197', '198', '199', '200',
                '201', '202', '203', '204', '205', '206', '207', '208', '209',
                '210', '211', '212', '213', '214', '215', '216', '217', '218',
                '219', '220', '221', '222', '223', '224', '225', '226', '227',
                '228', '229', '230', '231', '232', '233', '234', '235', '236',
                '237', '238', '239', '240', '241', '242', '243', '244', '245',
                '246', '247', '248', '249', '250', '251', '252', '253', '254',
                '255',]),
            validate_certs=dict(required=False, choices=['no', 'yes'], default='yes'),
            value=dict(required=False)),
            required_together = ( ['category','value'],),
        supports_check_mode=False)

    m_args = module.params

    if not has_rasa:
        module.fail_json(msg='Missing required rasa module (check docs)')

    if m_args['state'] == "present":
        if m_args['protocol'] == False:
            module.fail_json(msg='Protocol not defined')
    if m_args['validate_certs'] == 'yes':
        validate_certs = True
    else:
        validate_certs = False

    dev = ASA(
        device=m_args['host'],
        username=m_args['username'],
        password=m_args['password'],
        verify_cert=validate_certs
    )

    if m_args['src_port'] and m_args['protocol'] not in protocols_using_ports:
        module.fail_json(msg="Can't use source port with %s" % m_args['protocol'])

    if m_args['dst_port'] and m_args['protocol'] not in protocols_using_ports:
        module.fail_json(msg="Can't use destination port with %s" % m_args['protocol'])


    # icmp -> ICMPServiceObj
    # icmp6 -> object#ICMP6ServiceObj
    if m_args['dst_port'] or m_args['src_port']:
        kind = 'object#TcpUdpServiceObj'
    elif m_args['protocol']:
        kind = 'object#NetworkProtocolObj'

        protocol = m_args['protocol']
        try:
            protocol = int(m_args['protocol'])
        except:
            pass
        if isinstance(protocol, int):
            protocol = ip_protocol_name[str(protocol)]
    else:
        kind = 'object#NetworkProtocolObj'

    # Change to function to target source dest udp and tcp
    if m_args['dst_port'] and m_args['protocol'] == 'tcp':
        try:
            int(m_args['dst_port'])
        except:
            if m_args['dst_port'] not in tcp_services.itervalues():
                module.fail_json(msg='%s is not valid using tcp' % m_args['dst_port'])

        if isinstance(m_args['dst_port'], int):
            if 1 <= m_args['dst_port'] <= 65535:
                m_args['dst_port'] = str(m_args['dst_port'])
            else:
                module.fail_json(msg='%s is not a valid tcp port' % m_args['dst_port'])


    desired_data = {}
    desired_data['name'] = m_args['name']
    desired_data['objectId'] = m_args['name']
    desired_data['kind'] = kind

    if kind == 'object#NetworkProtocolObj':
        desired_data['value'] = protocol
    elif kind == 'object#TcpUdpServiceObj':
        # Fix for source ports too
        desired_data['value'] = '%s/%s' % (m_args['protocol'], m_args['dst_port'])

    if m_args['description']:
        desired_data['description'] = m_args['description']

    try:
        data = dev.get_serviceobject(m_args['name'])
    except:
        err = sys.exc_info()[0]
        module.fail_json(msg='Unable to connect to device: %s' % err)

    if data.status_code == 200:
        if m_args['state'] == 'absent':
            changed_status = delete_object(dev, module, m_args['name'])
        elif m_args['state'] == 'present':

            matched = match_objects(data.json(), desired_data, module)
            if matched:
                changed_status = False
            else:
                changed_status = update_object(dev, module, desired_data)

    elif data.status_code == 401:
        module.fail_json(msg='Authentication error')

    elif data.status_code == 404:
        if m_args['state'] == 'absent':
            changed_status = False
        elif m_args['state'] == 'present':
            changed_status = create_object(dev, module, desired_data)
    else:
        module.fail_json(msg="Unsupported return code %s" % data.status_code)

    return_msg = {}
    return_msg['changed'] = changed_status

    module.exit_json(**return_msg)
def main():
    module = AnsibleModule(argument_spec=dict(
        host=dict(required=True),
        username=dict(required=True),
        password=dict(required=True),
        priority=dict(required=True),
        state=dict(required=True, choices=['absent', 'present']),
        authentication=dict(required=False, choices=['pre-share', 'rsa-sig']),
        encryption=dict(
            required=False,
            choices=['des', '3des', 'aes-128', 'aes-192', 'aes-256']),
        hash=dict(required=False, choices=['md5', 'sha']),
        group=dict(required=False, choices=['1', '2', '5']),
        validate_certs=dict(required=False,
                            choices=['no', 'yes'],
                            default='yes'),
        lifetime=dict(required=False),
    ),
                           required_together=([
                               'authentication', 'encryption', 'hash', 'group',
                               'lifetime'
                           ], ),
                           supports_check_mode=False)

    m_args = module.params

    if not has_rasa:
        module.fail_json(msg='Missing required rasa module (check docs)')

    if m_args['state'] == "present" and m_args['authentication'] == False:
        module.fail_json(msg='Authentication mode not defined')

    if m_args['validate_certs'] == 'yes':
        validate_certs = True
    else:
        validate_certs = False

    dev = ASA(device=m_args['host'],
              username=m_args['username'],
              password=m_args['password'],
              verify_cert=validate_certs)

    desired_data = {}

    try:
        priority = int(m_args['priority'])
    except:
        module.fail_json(msg='Priority has to be a number')

    if 1 <= priority <= 65535:
        #desired_data['priority'] = m_args['priority']
        desired_data['priority'] = priority
        desired_data['objectId'] = m_args['priority']
    else:
        module.fail_json(msg='Priority must be between 1 and 65535')

    if m_args['state'] == "present":

        try:
            lifetime = int(m_args['lifetime'])
        except:
            module.fail_json(msg='Lifetime has to be a number')

        if 120 <= lifetime <= 2147483647:
            desired_data['lifetimeInSecs'] = lifetime
        else:
            module.fail_json(msg='Lifetime must be between 120 and 2147483647')

        desired_data['authentication'] = m_args['authentication']
        desired_data['encryption'] = m_args['encryption']
        desired_data['hash'] = m_args['hash']
        desired_data['dhgroup'] = int(m_args['group'])
        desired_data['kind'] = 'object#ikev1policy'
        desired_data['objectId'] = m_args['priority']
        desired_data['selfLink'] = 'https://%s/api/vpn/ikev1policy/%s' % (
            m_args['host'], m_args['priority'])

    try:
        data = dev.get_ikev1_policy(m_args['priority'])
    except:
        err = sys.exc_info()[0]
        module.fail_json(msg='Unable to connect to device: %s' % err)

    if data.status_code == 200:

        if m_args['state'] == 'absent':

            changed_status = delete_object(dev, module, m_args['priority'])

        elif m_args['state'] == 'present':

            matched = match_objects(data.json(), desired_data, module)
            if matched:
                changed_status = False
            else:
                changed_status = update_object(dev, module, desired_data)

    elif data.status_code == 401:
        module.fail_json(msg='Authentication error')

    elif data.status_code == 404:
        if m_args['state'] == 'absent':
            changed_status = False
        elif m_args['state'] == 'present':
            changed_status = create_object(dev, module, desired_data)
    else:
        module.fail_json(msg="Unsupported return code %s" % data.status_code)

    return_msg = {}
    return_msg['changed'] = changed_status

    module.exit_json(**return_msg)