def check_if_trusted(ip, trusted_list):
try:
_ip = ip_addr(ip)
for trusted in trusted_list:
if _ip in ip_net(trusted):
return True
else:
return False
except:
return False
def main():
"""
Main function
:returns: SNAT exclusion Information
"""
module = AnsibleModule(argument_spec=dict(
auth=dict(type='dict'),
region=dict(default='na', type='str'),
datacenter=dict(required=True, type='str'),
network_domain=dict(required=True, type='str'),
id=dict(default=None, required=False, type='str'),
description=dict(default=None, required=False, type='str'),
cidr=dict(default=None, required=False, type='str'),
new_cidr=dict(default=None, required=False, type='str'),
state=dict(default='present', choices=['present', 'absent',
'restore'])),
supports_check_mode=True)
try:
credentials = get_credentials(module)
except ImportError as e:
module.fail_json(msg='{0}'.format(e))
network_domain_name = module.params.get('network_domain')
datacenter = module.params.get('datacenter')
state = module.params.get('state')
snat = new_network_cidr = network_cidr = None
snats = []
# Check Imports
if not HAS_IPADDRESS:
module.fail_json(msg='Missing Python module: ipaddress')
# Check the region supplied is valid
regions = get_regions()
if module.params.get('region') not in regions:
module.fail_json(
msg='Invalid region. Regions must be one of {0}'.format(regions))
if credentials is False:
module.fail_json(msg='Error: Could not load the user credentials')
client = NTTMCPClient(credentials, module.params['region'])
# Check to see the CIDR provided is valid
if module.params.get('cidr'):
try:
network_cidr = ip_net(unicode(module.params.get('cidr')))
except (AddressValueError, ValueError) as e:
module.fail_json(msg='Invalid network CIDR format {0}: {1}'.format(
module.params.get('cidr'), e))
if network_cidr.version != 4:
module.fail_json(
msg='The cidr argument must be in valid IPv4 CIDR notation')
if module.params.get('new_cidr'):
try:
new_network_cidr = ip_net(unicode(module.params.get('new_cidr')))
except (AddressValueError, ValueError) as e:
module.fail_json(msg='Invalid network CIDR format {0}: {1}'.format(
module.params.get('new_cidr'), e))
if new_network_cidr.version != 4:
module.fail_json(
msg='The new_cidr argument must be in valid IPv4 CIDR notation'
)
# Get the CND
try:
network = client.get_network_domain_by_name(name=network_domain_name,
datacenter=datacenter)
network_domain_id = network.get('id')
except (AttributeError, NTTMCPAPIException) as e:
module.fail_json(msg='Could not find the Cloud Network Domain: {0}'.
format(network_domain_name))
# Check if a SNAT exclusion already exists for this ID
if not state == 'restore':
try:
if module.params.get('id'):
snat = client.get_snat_exclusion(module.params.get('id'))
if not snat and network_cidr:
# If no matching routes were found for the name check to see if the supplied network parameters match a rule with a different name
snats = client.list_snat_exclusion(
network_domain_id=network_domain_id,
network=str(network_cidr.network_address),
prefix=network_cidr.prefixlen)
if len(snats) == 1:
snat = snats[0]
except (IndexError, AttributeError, NTTMCPAPIException) as e:
module.fail_json(
msg='Failed to get a list of existing SNAT exclusions - {0}'.
format(e))
try:
if state == 'present':
if not snat:
# Implement Check Mode
if module.check_mode:
module.exit_json(
msg='A new SNAT exclusion will be created for {0}'.
format(str(network_cidr)))
create_snat_exclusion(module, client, network_domain_id,
network_cidr)
else:
# SNAT exclusions cannot be updated. The old one must be removed and a new one created with the new parameters
if compare_snat_exclusion(module, new_network_cidr, snat):
delete_snat_exclusion(module, client, snat.get('id'))
create_snat_exclusion(module, client, network_domain_id,
new_network_cidr)
module.exit_json(data=snat)
elif state == 'restore':
client.restore_snat_exclusion(network_domain_id)
module.exit_json(
changed=True,
msg='Successfully restored the default SNAT exclusions')
elif state == 'absent':
if snat:
# Implement Check Mode
if module.check_mode:
module.exit_json(
msg=
'An existing SNAT exclusion was found for {0} and will be removed'
.format(snat.get('id')))
delete_snat_exclusion(module, client, snat.get('id'))
module.exit_json(changed=True,
msg='Successfully deleted the SNAT exclusion')
else:
module.exit_json(msg='No existing SNAT exclusion was matched')
except (KeyError, IndexError, NTTMCPAPIException) as e:
module.fail_json(
msg='Could not update the SNAT exclusion - {0}'.format(e))
def main():
"""
Main function
:returns: Static Route Information
"""
module = AnsibleModule(
argument_spec=dict(
auth=dict(type='dict'),
region=dict(default='na', type='str'),
datacenter=dict(required=True, type='str'),
network_domain=dict(required=True, type='str'),
name=dict(default=None, required=False, type='str'),
cidr=dict(default=None, required=False, type='str'),
next_hop=dict(default=None, required=False, type='str'),
version=dict(default=4, required=False, type='int', choices=[4, 6])
),
supports_check_mode=True
)
try:
credentials = get_credentials(module)
except ImportError as e:
module.fail_json(msg='{0}'.format(e))
network_domain_name = module.params.get('network_domain')
datacenter = module.params.get('datacenter')
name = module.params.get('name')
routes = []
route = network_cidr = None
# Check Imports
if not HAS_IPADDRESS:
module.fail_json(msg='Missing Python module: ipaddress')
# Check the region supplied is valid
regions = get_regions()
if module.params.get('region') not in regions:
module.fail_json(msg='Invalid region. Regions must be one of {0}'.format(regions))
if credentials is False:
module.fail_json(msg='Could not load the user credentials')
client = NTTMCPClient(credentials, module.params.get('region'))
# Check to see the CIDR provided is valid
if module.params.get('cidr'):
try:
network_cidr = ip_net(unicode(module.params.get('cidr')))
except (AddressValueError, ValueError) as e:
module.fail_json(msg='Invalid network CIDR format {0}: {1}'.format(module.params.get('cidr'), e))
# Get the CND
try:
network = client.get_network_domain_by_name(name=network_domain_name, datacenter=datacenter)
network_domain_id = network.get('id')
except (KeyError, IndexError, NTTMCPAPIException):
module.fail_json(msg='Could not find the Cloud Network Domain: {0}'.format(network_domain_name))
# Check if a route already exists for this name
try:
if name:
routes = client.list_static_routes(network_domain_id=network_domain_id, name=name)
if not routes and module.params.get('cidr'):
# If no matching routes were found for the name check to see if the supplied
# network parameters match a rule with a different name
routes = client.list_static_routes(network_domain_id=network_domain_id,
name=None,
network=str(network_cidr.network_address),
prefix=network_cidr.prefixlen,
next_hop=module.params.get('next_hop'))
if len(routes) == 1:
route = routes[0]
elif len(routes) == 1:
route = routes[0]
except (KeyError, IndexError, AttributeError, NTTMCPAPIException) as e:
module.fail_json(msg='Failed to get a list of existing Static Routes - {0}'.format(e))
if route:
return_data = return_object('route')
return_data = return_object('route')
return_data['count'] = len(return_data.get('route'))
module.exit_json(data=route)
list_static_routes(module, client, network_domain_id, network_cidr)
def main():
"""
Main function
:returns: Static route Information
"""
module = AnsibleModule(
argument_spec=dict(
auth=dict(type='dict'),
region=dict(default='na', type='str'),
datacenter=dict(required=True, type='str'),
network_domain=dict(required=True, type='str'),
name=dict(default=None, required=False, type='str'),
description=dict(default=None, required=False, type='str'),
cidr=dict(default=None, required=False, type='str'),
next_hop=dict(default=None, required=False, type='str'),
state=dict(default='present', choices=['present', 'absent', 'restore'])
),
supports_check_mode=True
)
try:
credentials = get_credentials(module)
except ImportError as e:
module.fail_json(msg='{0}'.format(e))
name = module.params.get('name')
network_domain_name = module.params.get('network_domain')
datacenter = module.params.get('datacenter')
state = module.params.get('state')
route = network_cidr = None
routes = []
# Check Imports
if not HAS_IPADDRESS:
module.fail_json(msg='Missing Python module: ipaddress')
# Check the region supplied is valid
regions = get_regions()
if module.params.get('region') not in regions:
module.fail_json(msg='Invalid region. Regions must be one of {0}'.format(regions))
if credentials is False:
module.fail_json(msg='Error: Could not load the user credentials')
try:
client = NTTMCPClient(credentials, module.params.get('region'))
except NTTMCPAPIException as e:
module.fail_json(msg=e.msg)
# Check to see the CIDR provided is valid
if module.params.get('cidr'):
try:
network_cidr = ip_net(unicode(module.params.get('cidr')))
except (AddressValueError, ValueError) as e:
module.fail_json(msg='Invalid network CIDR format {0}: {1}'.format(module.params.get('cidr'), e))
# Get a list of existing CNDs and check if the name already exists
try:
network = client.get_network_domain_by_name(name=network_domain_name, datacenter=datacenter)
network_domain_id = network.get('id')
except (KeyError, IndexError, AttributeError, NTTMCPAPIException) as e:
module.fail_json(msg='Failed to get a list of Cloud Network Domains - {0}'.format(e))
# Check if a route already exists for this name
if state != 'restore':
try:
if name:
routes = client.list_static_routes(network_domain_id=network_domain_id, name=name)
if not routes and network_cidr:
# If no matching routes were found for the name check to see if the supplied
# network parameters match a rule with a different name
routes = client.list_static_routes(network_domain_id=network_domain_id,
name=None,
network=str(network_cidr.network_address),
prefix=network_cidr.prefixlen,
next_hop=module.params.get('next_hop'))
if len(routes) == 1:
route = routes[0]
elif len(routes) == 1:
route = routes[0]
except (KeyError, IndexError, AttributeError, NTTMCPAPIException) as e:
module.fail_json(msg='Failed to get a list of existing Static Routes - {0}'.format(e))
try:
if state == 'present':
if not route:
# Implement Check Mode
if module.check_mode:
module.exit_json(msg='A new static route will be created for {0}'.format(str(network_cidr)))
create_static_route(module, client, network_domain_id, network_cidr)
else:
# Static Routes cannot be updated. The old one must be removed and a new one created with the new parameters
if compare_static_route(module, network_cidr, route):
delete_static_route(module, client, route.get('id'))
create_static_route(module, client, network_domain_id, network_cidr)
module.exit_json(data=route)
elif state == 'restore':
# Implement Check Mode
if module.check_mode:
module.exit_json(msg='The routes for Network Domain {0} will be restored to defaults'.format(
module.params.get('network_domain')))
client.restore_static_routes(network_domain_id)
module.exit_json(changed=True, msg='Successfully restored the default Static Routes')
elif state == 'absent':
if route:
# Implement Check Mode
if module.check_mode:
module.exit_json(msg='An existing static route was found for {0} and will be removed'.format(
route.get('name')))
delete_static_route(module, client, route.get('id'))
module.exit_json(changed=True, msg='Successfully deleted the Static Route rule')
else:
module.exit_json(msg='No existing static route was matched')
except (KeyError, IndexError, AttributeError, NTTMCPAPIException) as e:
module.fail_json(msg='Could not update the static route - {0}'.format(e))
def main():
"""
Main function
:returns: Firewall rule Information
"""
module = AnsibleModule(argument_spec=dict(
auth=dict(type='dict'),
region=dict(default='na', type='str'),
datacenter=dict(required=True, type='str'),
name=dict(required=False, type='str'),
network_domain=dict(required=True, type='str'),
action=dict(default='ACCEPT_DECISIVELY',
choices=['ACCEPT_DECISIVELY', 'DROP']),
version=dict(required=False, default='IPV4', choices=['IPV4', 'IPV6']),
protocol=dict(default='TCP', choices=['TCP', 'UDP', 'IP', 'ICMP']),
src_cidr=dict(required=False, type='str'),
src_ip_list=dict(required=False, type='str'),
dst_cidr=dict(required=False, type='str'),
dst_ip_list=dict(required=False, type='str'),
src_port_start=dict(required=False, default=None, type='str'),
src_port_end=dict(required=False, default=None, type='str'),
src_port_list=dict(required=False, default=None, type='str'),
dst_port_start=dict(required=False, default=None, type='str'),
dst_port_end=dict(required=False, default=None, type='str'),
dst_port_list=dict(required=False, default=None, type='str'),
enabled=dict(default=True, type='bool'),
position=dict(default='LAST',
choices=['FIRST', 'LAST', 'BEFORE', 'AFTER']),
position_to=dict(required=False, default=None, type='str'),
state=dict(default='present', choices=['present', 'absent'])),
supports_check_mode=True)
try:
credentials = get_credentials(module)
except ImportError as e:
module.fail_json(msg='{0}'.format(e))
fw_rule_exists = None
name = module.params['name']
network_domain_name = module.params['network_domain']
datacenter = module.params['datacenter']
state = module.params['state']
src_cidr = dst_cidr = None
# Check Imports
if not HAS_IPADDRESS:
module.fail_json(msg='Missing Python module: ipaddress')
# Check the region supplied is valid
regions = get_regions()
if module.params.get('region') not in regions:
module.fail_json(
msg='Invalid region. Regions must be one of {0}'.format(regions))
if credentials is False:
module.fail_json(msg='Error: Could not load the user credentials')
try:
client = NTTMCPClient(credentials, module.params.get('region'))
except NTTMCPAPIException as e:
module.fail_json(msg=e.msg)
# Check to see the CIDR provided is valid
if module.params.get('src_cidr'):
try:
src_cidr = ip_net(unicode(module.params.get('src_cidr')))
except (AddressValueError, ValueError) as e:
module.fail_json(msg='Invalid source CIDR format {0}: {1}'.format(
module.params.get('src_cidr'), e))
if module.params.get('dst_cidr'):
try:
dst_cidr = ip_net(unicode(module.params.get('dst_cidr')))
except (AddressValueError, ValueError) as e:
module.fail_json(
msg='Invalid destination CIDR format {0}: {1}'.format(
module.params.get('dst_cidr'), e))
# Get the CND object based on the supplied name
try:
network = client.get_network_domain_by_name(datacenter=datacenter,
name=network_domain_name)
network_domain_id = network.get('id')
except (KeyError, IndexError, AttributeError, NTTMCPAPIException) as e:
module.fail_json(
msg='Failed to find the Cloud Network Domains - {0}'.format(e),
exception=traceback.format_exc())
# If a firewall rule name is provided try and locate the rule
if name:
try:
fw_rule_exists = client.get_fw_rule_by_name(
network_domain_id, name)
except NTTMCPAPIException as e:
module.fail_json(
msg='Could not locate the existing firewall rule - {0}'.format(
e),
exception=traceback.format_exc())
try:
if state == 'present':
if fw_rule_exists:
update_fw_rule(module, client, network_domain_id,
fw_rule_exists, src_cidr, dst_cidr)
else:
# Implement check_mode
if module.check_mode:
module.exit_json(msg='This firewall rule will be created',
data=module.params)
create_fw_rule(module, client, network_domain_id, src_cidr,
dst_cidr)
elif state == 'absent':
if not fw_rule_exists:
module.exit_json(
msg='The firewall rule {0} was not found'.format(name))
# Implement check_mode
if module.check_mode:
module.exit_json(msg='This firewall rule will be removed',
data=fw_rule_exists)
delete_fw_rule(module, client, network_domain_id, name)
except NTTMCPAPIException as e:
module.fail_json(
msg='Could not operate on the firewall rule - {0}'.format(e),
exception=traceback.format_exc())
def main():
"""
Main function
:returns: SNAT Information
"""
module = AnsibleModule(argument_spec=dict(auth=dict(type='dict'),
region=dict(default='na',
type='str'),
datacenter=dict(required=True,
type='str'),
network_domain=dict(
required=True, type='str'),
id=dict(default=None,
required=False,
type='str'),
cidr=dict(default=None,
required=False,
type='str')),
supports_check_mode=True)
try:
credentials = get_credentials(module)
except ImportError as e:
module.fail_json(msg='{0}'.format(e))
network_domain_name = module.params.get('network_domain')
datacenter = module.params.get('datacenter')
snat_id = module.params.get('id')
network_cidr = None
# Check Imports
if not HAS_IPADDRESS:
module.fail_json(msg='Missing Python module: ipaddress')
# Check the region supplied is valid
regions = get_regions()
if module.params.get('region') not in regions:
module.fail_json(
msg='Invalid region. Regions must be one of {0}'.format(regions))
if credentials is False:
module.fail_json(msg='Could not load the user credentials')
client = NTTMCPClient(credentials, module.params.get('region'))
# Check to see the CIDR provided is valid
if module.params.get('cidr'):
try:
network_cidr = ip_net(unicode(module.params.get('cidr')))
except (AddressValueError, ValueError) as e:
module.fail_json(msg='Invalid network CIDR format {0}: {1}'.format(
module.params.get('cidr'), e))
if network_cidr.version != 4:
module.fail_json(
msg='The cidr argument must be in valid IPv4 CIDR notation')
# Get the CND
try:
network = client.get_network_domain_by_name(name=network_domain_name,
datacenter=datacenter)
network_domain_id = network.get('id')
except (KeyError, IndexError, AttributeError, NTTMCPAPIException):
module.fail_json(msg='Could not find the Cloud Network Domain: {0}'.
format(network_domain_name))
if snat_id or network_cidr:
get_snat_exclusion(module, client, network_domain_id, snat_id,
network_cidr)
else:
list_snat_exclusion(module, client, network_domain_id)
def create_vlan(module, client, network_domain_id):
"""
Create a VLAN
:arg module: The Ansible module instance
:arg client: The CC API client instance
:arg network_domain_id: The UUID of the network domain
:arg ipv4_cidr: The IPv4 network address and mask represented as an ipaddress object
:returns: VLAN Object
"""
return_data = return_object('vlan')
ipv4_cidr = None
# Determine the IPv4 network and mask
try:
ipv4_cidr = ip_net(unicode(module.params.get('ipv4_cidr')))
except (AddressValueError, ValueError) as e:
module.fail_json(msg='Invalid IPv4 CIDR format {0}: {1}'.format(module.params.get('ipv4_cidr'), e))
datacenter = module.params['datacenter']
name = module.params['name']
vlan_type = module.params['vlan_type']
ipv4_network = str(ipv4_cidr.network_address)
ipv4_prefix = str(ipv4_cidr.prefixlen)
wait = module.params['wait']
if vlan_type == 'attachedVlan':
if not module.params.get('attached_vlan_gw'):
module.fail_json(msg='An attached_vlan_gw value [LOW/HIGH] is required for a new Attached VLAN.')
elif vlan_type == 'detachedVlan':
if not module.params.get('detached_vlan_gw'):
module.fail_json(msg='A detached_vlan_gw value (e.g. 10.0.0.1) is reuiqred for a new Detached VLAN.')
try:
if vlan_type == 'attachedVlan':
gateway = module.params['attached_vlan_gw']
result = client.create_vlan(
networkDomainId=network_domain_id,
name=name,
description=module.params['description'],
privateIpv4NetworkAddress=ipv4_network,
privateIpv4PrefixSize=ipv4_prefix,
attachedVlan=True,
attachedVlan_gatewayAddressing=gateway)
new_vlan_id = result['info'][0]['value']
elif vlan_type == 'detachedVlan':
gateway = module.params['detached_vlan_gw']
result = client.create_vlan(
networkDomainId=network_domain_id,
name=name,
description=module.params['description'],
privateIpv4NetworkAddress=ipv4_network,
privateIpv4PrefixSize=ipv4_prefix,
detachedVlan=True,
detachedVlan_ipv4GatewayAddress=gateway)
new_vlan_id = result['info'][0]['value']
except (KeyError, IndexError, NTTMCPAPIException) as exc:
module.fail_json(msg='Could not create the VLAN - {0}'.format(exc), exception=traceback.format_exc())
if wait:
wait_result = wait_for_vlan(module, client, name, datacenter, network_domain_id, 'NORMAL')
if wait_result is None:
module.fail_json(msg='Could not verify the VLAN creation was successful. Check the UI.')
return_data['vlan'] = wait_result
else:
return_data['vlan'] = {'id': new_vlan_id}
module.exit_json(changed=True, data=return_data['vlan'])