def check_params(self):
rules_by_host = {}
for host in self.hosts:
rules_by_host[host.name] = self.firewall_facts[host.name].keys()
for rule_option in self.rule_options:
rule_name = rule_option.get("name")
if rule_name is None:
self.module.fail_json(
msg="Please specify rule.name for rule set"
" as it is required parameter."
)
hosts_with_rule_name = [
h for h, r in rules_by_host.items() if rule_name in r
]
hosts_without_rule_name = set([i.name for i in self.hosts]) - set(
hosts_with_rule_name
)
if hosts_without_rule_name:
self.module.fail_json(
msg="rule named '%s' wasn't found on hosts: %s"
% (rule_name, hosts_without_rule_name)
)
if "enabled" not in rule_option:
self.module.fail_json(
msg="Please specify rules.enabled for rule set"
" %s as it is required parameter." % rule_name
)
allowed_hosts = rule_option.get("allowed_hosts", {})
ip_addresses = allowed_hosts.get("ip_address", [])
ip_networks = allowed_hosts.get("ip_network", [])
for ip_address in ip_addresses:
try:
ipaddress.ip_address(ip_address)
except ValueError:
self.module.fail_json(
msg="The provided IP address %s is not a valid IP"
" for the rule %s" % (ip_address, rule_name)
)
for ip_network in ip_networks:
try:
ipaddress.ip_network(ip_network)
except ValueError:
self.module.fail_json(
msg="The provided IP network %s is not a valid network"
" for the rule %s" % (ip_network, rule_name)
)
def build_inventory_groups_network_range(self, group_name):
"""check if IP is in network-class
Args:
str(group_name): Group name
Kwargs:
None
Raises:
None
Returns:
None"""
# maybe we just want to expand one group
if group_name not in self.inventory.groups:
self.inventory.add_group(group_name)
try:
network = ipaddress.ip_network(to_text(self.groupby[group_name].get('attribute')))
except ValueError as err:
raise AnsibleParserError(
'Error while parsing network range {0}: {1}'.format(self.groupby[group_name].get('attribute'), to_native(err)))
for container_name in self.inventory.hosts:
if self.data['inventory'][container_name].get('network_interfaces') is not None:
for interface in self.data['inventory'][container_name].get('network_interfaces'):
for interface_family in self.data['inventory'][container_name].get('network_interfaces')[interface]:
try:
address = ipaddress.ip_address(to_text(interface_family['address']))
if address.version == network.version and address in network:
self.inventory.add_child(group_name, container_name)
except ValueError:
# Ignore invalid IP addresses returned by lxd
pass
def normalize_ip(ip, ip_version):
if ip is None:
return ip
if '/' in ip:
ip, range = ip.split('/')
else:
ip, range = ip, ''
ip_addr = to_native(compat_ipaddress.ip_address(to_text(ip)).compressed)
if range == '':
range = '32' if ip_version.lower() == 'ipv4' else '128'
return ip_addr + '/' + range
