def main(): argument_spec = vca_argument_spec() argument_spec.update( dict( fw_rules = dict(required=True, type='list'), gateway_name = dict(default='gateway'), state = dict(default='present', choices=['present', 'absent']) ) ) module = AnsibleModule(argument_spec, supports_check_mode=True) fw_rules = module.params.get('fw_rules') gateway_name = module.params.get('gateway_name') vdc_name = module.params['vdc_name'] vca = vca_login(module) gateway = vca.get_gateway(vdc_name, gateway_name) if not gateway: module.fail_json(msg="Not able to find the gateway %s, please check " "the gateway_name param" % gateway_name) fwservice = gateway._getFirewallService() rules = gateway.get_fw_rules() current_rules = fw_rules_to_dict(rules) try: desired_rules = validate_fw_rules(fw_rules) except VcaError as e: module.fail_json(msg=e.message) result = dict(changed=False) result['current_rules'] = current_rules result['desired_rules'] = desired_rules updates = list() additions = list() deletions = list() for (index, rule) in enumerate(desired_rules): try: if rule != current_rules[index]: updates.append((index, rule)) except IndexError: additions.append(rule) eol = len(current_rules) - len(desired_rules) if eol > 0: for rule in current_rules[eol:]: deletions.append(rule) for rule in additions: if not module.check_mode: rule['protocol'] = rule['protocol'].capitalize() gateway.add_fw_rule(**rule) result['changed'] = True for index, rule in updates: if not module.check_mode: rule = create_fw_rule(**rule) fwservice.replace_FirewallRule_at(index, rule) result['changed'] = True keys = ['protocol', 'dest_port', 'dest_ip', 'source_port', 'source_ip'] for rule in deletions: if not module.check_mode: kwargs = dict([(k, v) for k, v in rule.items() if k in keys]) kwargs['protocol'] = protocol_to_string(kwargs['protocol']) gateway.delete_fw_rule(**kwargs) result['changed'] = True if not module.check_mode and result['changed'] is True: task = gateway.save_services_configuration() if task: vca.block_until_completed(task) result['rules_updated'] = len(updates) result['rules_added'] = len(additions) result['rules_deleted'] = len(deletions) return module.exit_json(**result)
def main(): argument_spec = vca_argument_spec() argument_spec.update( dict(nat_rules=dict(type='list', default=[]), gateway_name=dict(default='gateway'), purge_rules=dict(default=False, type='bool'), state=dict(default='present', choices=['present', 'absent']))) module = AnsibleModule(argument_spec, supports_check_mode=True) vdc_name = module.params.get('vdc_name') nat_rules = module.params['nat_rules'] gateway_name = module.params['gateway_name'] purge_rules = module.params['purge_rules'] if not purge_rules and not nat_rules: module.fail_json(msg='Must define purge_rules or nat_rules') vca = vca_login(module) gateway = vca.get_gateway(vdc_name, gateway_name) if not gateway: module.fail_json(msg="Not able to find the gateway %s, please check " "the gateway_name param" % gateway_name) try: desired_rules = validate_nat_rules(nat_rules) except VcaError as e: module.fail_json(msg=e.message) rules = gateway.get_nat_rules() result = dict(changed=False, rules_purged=0) deletions = 0 additions = 0 if purge_rules is True and len(rules) > 0: result['rules_purged'] = len(rules) deletions = result['rules_purged'] rules = list() if not module.check_mode: gateway.del_all_nat_rules() task = gateway.save_services_configuration() vca.block_until_completed(task) rules = gateway.get_nat_rules() result['changed'] = True current_rules = nat_rules_to_dict(rules) result['current_rules'] = current_rules result['desired_rules'] = desired_rules for rule in desired_rules: if rule not in current_rules: additions += 1 if not module.check_mode: gateway.add_nat_rule(**rule) result['changed'] = True result['rules_added'] = additions result['delete_rule'] = list() result['delete_rule_rc'] = list() for rule in current_rules: if rule not in desired_rules: deletions += 1 if not module.check_mode: result['delete_rule'].append(rule) rc = gateway.del_nat_rule(**rule) result['delete_rule_rc'].append(rc) result['changed'] = True result['rules_deleted'] = deletions if not module.check_mode and (additions > 0 or deletions > 0): task = gateway.save_services_configuration() vca.block_until_completed(task) module.exit_json(**result)
def main(): argument_spec = vca_argument_spec() argument_spec.update( dict( nat_rules = dict(type='list', default=[]), gateway_name = dict(default='gateway'), purge_rules = dict(default=False, type='bool'), state = dict(default='present', choices=['present', 'absent']) ) ) module = AnsibleModule(argument_spec, supports_check_mode=True) vdc_name = module.params.get('vdc_name') nat_rules = module.params['nat_rules'] gateway_name = module.params['gateway_name'] purge_rules = module.params['purge_rules'] if not purge_rules and not nat_rules: module.fail_json(msg='Must define purge_rules or nat_rules') vca = vca_login(module) gateway = vca.get_gateway(vdc_name, gateway_name) if not gateway: module.fail_json(msg="Not able to find the gateway %s, please check " "the gateway_name param" % gateway_name) try: desired_rules = validate_nat_rules(nat_rules) except VcaError as e: module.fail_json(msg=e.message) rules = gateway.get_nat_rules() result = dict(changed=False, rules_purged=0) deletions = 0 additions = 0 if purge_rules is True and len(rules) > 0: result['rules_purged'] = len(rules) deletions = result['rules_purged'] rules = list() if not module.check_mode: gateway.del_all_nat_rules() task = gateway.save_services_configuration() vca.block_until_completed(task) rules = gateway.get_nat_rules() result['changed'] = True current_rules = nat_rules_to_dict(rules) result['current_rules'] = current_rules result['desired_rules'] = desired_rules for rule in desired_rules: if rule not in current_rules: additions += 1 if not module.check_mode: gateway.add_nat_rule(**rule) result['changed'] = True result['rules_added'] = additions result['delete_rule'] = list() result['delete_rule_rc'] = list() for rule in current_rules: if rule not in desired_rules: deletions += 1 if not module.check_mode: result['delete_rule'].append(rule) rc = gateway.del_nat_rule(**rule) result['delete_rule_rc'].append(rc) result['changed'] = True result['rules_deleted'] = deletions if not module.check_mode and (additions > 0 or deletions > 0): task = gateway.save_services_configuration() vca.block_until_completed(task) module.exit_json(**result)