def check_params(self): """Check all input params""" # check session_name if not self.session_name: self.module.fail_json( msg="Error: Missing required arguments: session_name.") if self.session_name: if len(self.session_name) < 1 or len(self.session_name) > 15: self.module.fail_json(msg="Error: Session name is invalid.") # check out_if_name if self.out_if_name: if not get_interface_type(self.out_if_name): self.module.fail_json( msg="Error: Session out_if_name is invalid.") # check dest_addr if self.dest_addr: if not check_ip_addr(self.dest_addr): self.module.fail_json( msg="Error: Session dest_addr is invalid.") # check src_addr if self.src_addr: if not check_ip_addr(self.src_addr): self.module.fail_json( msg="Error: Session src_addr is invalid.") # check vrf_name if self.vrf_name: if not is_valid_ip_vpn(self.vrf_name): self.module.fail_json( msg="Error: Session vrf_name is invalid.") if not self.dest_addr: self.module.fail_json( msg= "Error: vrf_name and dest_addr must set at the same time.") # check use_default_ip if self.use_default_ip and not self.out_if_name: self.module.fail_json( msg= "Error: use_default_ip and out_if_name must set at the same time." )
def check_default_ip(ipaddr): """check the default multicast IP address""" # The value ranges from 224.0.0.107 to 224.0.0.250 if not check_ip_addr(ipaddr): return False if ipaddr.count(".") != 3: return False ips = ipaddr.split(".") if ips[0] != "224" or ips[1] != "0" or ips[2] != "0": return False if not ips[3].isdigit() or int(ips[3]) < 107 or int(ips[3]) > 250: return False return True
def check_default_ip(ipaddr): """check the default multicast IP address""" # The value ranges from 224.0.0.107 to 224.0.0.250 if not check_ip_addr(ipaddr): return False if ipaddr.count(".") != 3: return False ips = ipaddr.split(".") if ips[0] != "224" or ips[1] != "0" or ips[2] != "0": return False if not ips[3].isdigit() or int(ips[3]) < 107 or int(ips[3]) > 250: return False return True
def check_params(self): """Check all input params""" # check agent_ip if self.agent_ip: self.agent_ip = self.agent_ip.upper() if not check_ip_addr(self.agent_ip): self.module.fail_json(msg="Error: agent_ip is invalid.") # check source_ip if self.source_ip: self.source_ip = self.source_ip.upper() if not check_ip_addr(self.source_ip): self.module.fail_json(msg="Error: source_ip is invalid.") # check collector if self.collector_id: # check collector_ip and collector_ip_vpn if self.collector_ip: self.collector_ip = self.collector_ip.upper() if not check_ip_addr(self.collector_ip): self.module.fail_json( msg="Error: collector_ip is invalid.") if self.collector_ip_vpn and not is_valid_ip_vpn( self.collector_ip_vpn): self.module.fail_json( msg="Error: collector_ip_vpn is invalid.") # check collector_datagram_size ranges from 1024 to 8100 if self.collector_datagram_size: if not self.collector_datagram_size.isdigit(): self.module.fail_json( msg="Error: collector_datagram_size is not digit.") if int(self.collector_datagram_size) < 1024 or int( self.collector_datagram_size) > 8100: self.module.fail_json( msg= "Error: collector_datagram_size is not ranges from 1024 to 8100." ) # check collector_udp_port ranges from 1 to 65535 if self.collector_udp_port: if not self.collector_udp_port.isdigit(): self.module.fail_json( msg="Error: collector_udp_port is not digit.") if int(self.collector_udp_port) < 1 or int( self.collector_udp_port) > 65535: self.module.fail_json( msg= "Error: collector_udp_port is not ranges from 1 to 65535." ) # check collector_description 1 to 255 case-sensitive characters if self.collector_description: if self.collector_description.count(" "): self.module.fail_json( msg= "Error: collector_description should without spaces.") if len(self.collector_description) < 1 or len( self.collector_description) > 255: self.module.fail_json( msg= "Error: collector_description is not ranges from 1 to 255." ) # check sflow_interface if self.sflow_interface: intf_type = get_interface_type(self.sflow_interface) if not intf_type: self.module.fail_json(msg="Error: intf_type is invalid.") if intf_type not in [ 'ge', '10ge', '25ge', '4x10ge', '40ge', '100ge', 'eth-trunk' ]: self.module.fail_json( msg="Error: interface %s is not support sFlow." % self.sflow_interface) # check sample_collector if self.sample_collector: self.sample_collector.sort() if self.sample_collector not in [["1"], ["2"], ["1", "2"]]: self.module.fail_json( msg="Error: sample_collector is invalid.") # check sample_rate ranges from 1 to 4294967295 if self.sample_rate: if not self.sample_rate.isdigit(): self.module.fail_json( msg="Error: sample_rate is not digit.") if int(self.sample_rate) < 1 or int( self.sample_rate) > 4294967295: self.module.fail_json( msg= "Error: sample_rate is not ranges from 1 to 4294967295." ) # check sample_length ranges from 18 to 512 if self.sample_length: if not self.sample_length.isdigit(): self.module.fail_json( msg="Error: sample_rate is not digit.") if int(self.sample_length) < 18 or int( self.sample_length) > 512: self.module.fail_json( msg="Error: sample_length is not ranges from 18 to 512." ) # check counter_collector if self.counter_collector: self.counter_collector.sort() if self.counter_collector not in [["1"], ["2"], ["1", "2"]]: self.module.fail_json( msg="Error: counter_collector is invalid.") # counter_interval ranges from 10 to 4294967295 if self.counter_interval: if not self.counter_interval.isdigit(): self.module.fail_json( msg="Error: counter_interval is not digit.") if int(self.counter_interval) < 10 or int( self.counter_interval) > 4294967295: self.module.fail_json( msg= "Error: sample_length is not ranges from 10 to 4294967295." ) if self.rate_limit or self.rate_limit_slot or self.forward_enp_slot: self.module.fail_json( msg="Error: The following parameters cannot be configured" "because XML mode is not supported:rate_limit,rate_limit_slot,forward_enp_slot." )
def check_base_rule_args(self): """ Check base rule invalid args """ need_cfg = False find_flag = False self.cur_base_rule_cfg["base_rule_info"] = [] if self.acl_name: if self.state == "absent": if not self.rule_name: self.module.fail_json( msg= 'Error: Please input rule_name when state is absent.') # config rule if self.rule_name: if len(self.rule_name) < 1 or len(self.rule_name) > 32: self.module.fail_json( msg='Error: The len of rule_name is out of [1 - 32].') if self.state != "delete_acl" and not self.rule_id: self.module.fail_json(msg='Error: Please input rule_id.') if self.rule_id: if self.rule_id.isdigit(): if int(self.rule_id) < 0 or int( self.rule_id) > 4294967294: self.module.fail_json( msg= 'Error: The value of rule_id is out of [0 - 4294967294].' ) else: self.module.fail_json( msg='Error: The rule_id is not digit.') if self.source_ip: if not check_ip_addr(self.source_ip): self.module.fail_json( msg='Error: The source_ip %s is invalid.' % self.source_ip) if not self.src_mask: self.module.fail_json( msg='Error: Please input src_mask.') if self.src_mask: if self.src_mask.isdigit(): if int(self.src_mask) < 1 or int(self.src_mask) > 32: self.module.fail_json( msg='Error: The src_mask is out of [1 - 32].') self.src_wild = self.get_wildcard_mask() else: self.module.fail_json( msg='Error: The src_mask is not digit.') if self.vrf_name: if len(self.vrf_name) < 1 or len(self.vrf_name) > 31: self.module.fail_json( msg='Error: The len of vrf_name is out of [1 - 31].' ) if self.time_range: if len(self.time_range) < 1 or len(self.time_range) > 32: self.module.fail_json( msg= 'Error: The len of time_range is out of [1 - 32].') if self.rule_description: if len(self.rule_description) < 1 or len( self.rule_description) > 127: self.module.fail_json( msg= 'Error: The len of rule_description is out of [1 - 127].' ) if self.state != "delete_acl" and not self.rule_id: self.module.fail_json( msg='Error: Please input rule_id.') conf_str = CE_GET_ACL_BASE_RULE_HEADER % self.acl_name if self.rule_id: conf_str += "<aclRuleID></aclRuleID>" if self.rule_action: conf_str += "<aclAction></aclAction>" if self.source_ip: conf_str += "<aclSourceIp></aclSourceIp>" if self.src_wild: conf_str += "<aclSrcWild></aclSrcWild>" if self.frag_type: conf_str += "<aclFragType></aclFragType>" if self.vrf_name: conf_str += "<vrfName></vrfName>" if self.time_range: conf_str += "<aclTimeName></aclTimeName>" if self.rule_description: conf_str += "<aclRuleDescription></aclRuleDescription>" conf_str += "<aclLogFlag></aclLogFlag>" conf_str += CE_GET_ACL_BASE_RULE_TAIL recv_xml = self.netconf_get_config(conf_str=conf_str) if "<data/>" in recv_xml: find_flag = False else: xml_str = recv_xml.replace('\r', '').replace('\n', '').\ replace('xmlns="urn:ietf:params:xml:ns:netconf:base:1.0"', "").\ replace('xmlns="http://www.huawei.com/netconf/vrp"', "") root = ElementTree.fromstring(xml_str) # parse base rule base_rule_info = root.findall( "data/acl/aclGroups/aclGroup/aclRuleBas4s/aclRuleBas4") if base_rule_info: for tmp in base_rule_info: tmp_dict = dict() for site in tmp: if site.tag in [ "aclRuleName", "aclRuleID", "aclAction", "aclSourceIp", "aclSrcWild", "aclFragType", "vrfName", "aclTimeName", "aclRuleDescription", "aclLogFlag" ]: tmp_dict[site.tag] = site.text self.cur_base_rule_cfg["base_rule_info"].append( tmp_dict) if self.cur_base_rule_cfg["base_rule_info"]: for tmp in self.cur_base_rule_cfg["base_rule_info"]: find_flag = True if self.rule_name and tmp.get( "aclRuleName") != self.rule_name: find_flag = False if self.rule_id and tmp.get( "aclRuleID") != self.rule_id: find_flag = False if self.rule_action and tmp.get( "aclAction") != self.rule_action: find_flag = False if self.source_ip: tmp_src_ip = self.source_ip.split(".") tmp_src_wild = self.src_wild.split(".") tmp_addr_item = [] for idx in range(4): item1 = 255 - int(tmp_src_wild[idx]) item2 = item1 & int(tmp_src_ip[idx]) tmp_addr_item.append(item2) tmp_addr = "%s.%s.%s.%s" % ( tmp_addr_item[0], tmp_addr_item[1], tmp_addr_item[2], tmp_addr_item[3]) if tmp_addr != tmp.get("aclSourceIp"): find_flag = False if self.src_wild and tmp.get( "aclSrcWild") != self.src_wild: find_flag = False if self.frag_type and tmp.get( "aclFragType") != self.frag_type: find_flag = False if self.vrf_name and tmp.get( "vrfName") != self.vrf_name: find_flag = False if self.time_range and tmp.get( "aclTimeName") != self.time_range: find_flag = False if self.rule_description and tmp.get( "aclRuleDescription" ) != self.rule_description: find_flag = False if tmp.get("aclLogFlag") != str( self.log_flag).lower(): find_flag = False if find_flag: break else: find_flag = False if self.state == "present": need_cfg = bool(not find_flag) elif self.state == "absent": need_cfg = bool(find_flag) else: need_cfg = False self.cur_base_rule_cfg["need_cfg"] = need_cfg
def check_params(self): """Check all input params""" # check session_name if not self.session_name: self.module.fail_json( msg="Error: Missing required arguments: session_name.") if self.session_name: if len(self.session_name) < 1 or len(self.session_name) > 15: self.module.fail_json(msg="Error: Session name is invalid.") # check local_discr # check remote_discr if self.local_discr: if self.local_discr < 1 or self.local_discr > 16384: self.module.fail_json( msg= "Error: Session local_discr is not ranges from 1 to 16384." ) if self.remote_discr: if self.remote_discr < 1 or self.remote_discr > 4294967295: self.module.fail_json( msg= "Error: Session remote_discr is not ranges from 1 to 4294967295." ) if self.state == "present" and self.create_type == "static": if not self.local_discr: self.module.fail_json( msg="Error: Missing required arguments: local_discr.") if not self.remote_discr: self.module.fail_json( msg="Error: Missing required arguments: remote_discr.") # check out_if_name if self.out_if_name: if not get_interface_type(self.out_if_name): self.module.fail_json( msg="Error: Session out_if_name is invalid.") # check dest_addr if self.dest_addr: if not check_ip_addr(self.dest_addr): self.module.fail_json( msg="Error: Session dest_addr is invalid.") # check src_addr if self.src_addr: if not check_ip_addr(self.src_addr): self.module.fail_json( msg="Error: Session src_addr is invalid.") # check vrf_name if self.vrf_name: if not is_valid_ip_vpn(self.vrf_name): self.module.fail_json( msg="Error: Session vrf_name is invalid.") if not self.dest_addr: self.module.fail_json( msg= "Error: vrf_name and dest_addr must set at the same time.") # check use_default_ip if self.use_default_ip and not self.out_if_name: self.module.fail_json( msg= "Error: use_default_ip and out_if_name must set at the same time." )
def check_netconf_args(self, result): """ Check invalid netconf args """ need_cfg = True same_flag = True delete_flag = False result["target_host_info"] = [] if self.host_name: if len(self.host_name) > 32 or len(self.host_name) < 1: self.module.fail_json( msg='Error: The len of host_name is out of [1 - 32].') if self.vpn_name and self.is_public_net != 'no_use': if self.is_public_net == "true": self.module.fail_json( msg='Error: Do not support vpn_name and is_public_net at the same time.') conf_str = CE_GET_SNMP_TARGET_HOST_HEADER if self.domain: conf_str += "<domain></domain>" if self.address: if not check_ip_addr(ipaddr=self.address): self.module.fail_json( msg='Error: The host address [%s] is invalid.' % self.address) conf_str += "<address></address>" if self.notify_type: conf_str += "<notifyType></notifyType>" if self.vpn_name: if len(self.vpn_name) > 31 or len(self.vpn_name) < 1: self.module.fail_json( msg='Error: The len of vpn_name is out of [1 - 31].') conf_str += "<vpnInstanceName></vpnInstanceName>" if self.recv_port: if int(self.recv_port) > 65535 or int(self.recv_port) < 0: self.module.fail_json( msg='Error: The value of recv_port is out of [0 - 65535].') conf_str += "<portNumber></portNumber>" if self.security_model: conf_str += "<securityModel></securityModel>" if self.security_name: if len(self.security_name) > 32 or len(self.security_name) < 1: self.module.fail_json( msg='Error: The len of security_name is out of [1 - 32].') conf_str += "<securityName></securityName>" if self.security_name_v3: if len(self.security_name_v3) > 32 or len(self.security_name_v3) < 1: self.module.fail_json( msg='Error: The len of security_name_v3 is out of [1 - 32].') conf_str += "<securityNameV3></securityNameV3>" if self.security_level: conf_str += "<securityLevel></securityLevel>" if self.is_public_net != 'no_use': conf_str += "<isPublicNet></isPublicNet>" if self.interface_name: if len(self.interface_name) > 63 or len(self.interface_name) < 1: self.module.fail_json( msg='Error: The len of interface_name is out of [1 - 63].') find_flag = False for item in INTERFACE_TYPE: if item in self.interface_name.lower(): find_flag = True break if not find_flag: self.module.fail_json( msg='Error: Please input full name of interface_name.') conf_str += "<interface-name></interface-name>" conf_str += CE_GET_SNMP_TARGET_HOST_TAIL recv_xml = self.netconf_get_config(conf_str=conf_str) if "<data/>" in recv_xml: if self.state == "present": same_flag = False else: delete_flag = False else: xml_str = recv_xml.replace('\r', '').replace('\n', '').\ replace('xmlns="urn:ietf:params:xml:ns:netconf:base:1.0"', "").\ replace('xmlns="http://www.huawei.com/netconf/vrp"', "") root = ElementTree.fromstring(xml_str) target_host_info = root.findall( "snmp/targetHosts/targetHost") if target_host_info: for tmp in target_host_info: tmp_dict = dict() for site in tmp: if site.tag in ["nmsName", "domain", "address", "notifyType", "vpnInstanceName", "portNumber", "securityModel", "securityName", "securityNameV3", "securityLevel", "isPublicNet", "interface-name"]: tmp_dict[site.tag] = site.text result["target_host_info"].append(tmp_dict) if result["target_host_info"]: for tmp in result["target_host_info"]: same_flag = True if "nmsName" in tmp.keys(): if tmp["nmsName"] != self.host_name: same_flag = False else: delete_flag = True if "domain" in tmp.keys(): if tmp["domain"] != self.domain: same_flag = False if "address" in tmp.keys(): if tmp["address"] != self.address: same_flag = False if "notifyType" in tmp.keys(): if tmp["notifyType"] != self.notify_type: same_flag = False if "vpnInstanceName" in tmp.keys(): if tmp["vpnInstanceName"] != self.vpn_name: same_flag = False if "portNumber" in tmp.keys(): if tmp["portNumber"] != self.recv_port: same_flag = False if "securityModel" in tmp.keys(): if tmp["securityModel"] != self.security_model: same_flag = False if "securityName" in tmp.keys(): if tmp["securityName"] != self.security_name: same_flag = False if "securityNameV3" in tmp.keys(): if tmp["securityNameV3"] != self.security_name_v3: same_flag = False if "securityLevel" in tmp.keys(): if tmp["securityLevel"] != self.security_level: same_flag = False if "isPublicNet" in tmp.keys(): if tmp["isPublicNet"] != self.is_public_net: same_flag = False if "interface-name" in tmp.keys(): if tmp.get("interface-name") is not None: if tmp["interface-name"].lower() != self.interface_name.lower(): same_flag = False else: same_flag = False if same_flag: break if self.state == "present": need_cfg = True if same_flag: need_cfg = False else: need_cfg = False if delete_flag: need_cfg = True result["need_cfg"] = need_cfg
def check_netconf_args(self, result): """ Check invalid netconf args """ need_cfg = True same_flag = True delete_flag = False result["target_host_info"] = [] if self.host_name: if len(self.host_name) > 32 or len(self.host_name) < 1: self.module.fail_json( msg='Error: The len of host_name is out of [1 - 32].') if self.vpn_name and self.is_public_net != 'no_use': if self.is_public_net == "true": self.module.fail_json( msg='Error: Do not support vpn_name and is_public_net at the same time.') conf_str = CE_GET_SNMP_TARGET_HOST_HEADER if self.domain: conf_str += "<domain></domain>" if self.address: if not check_ip_addr(ipaddr=self.address): self.module.fail_json( msg='Error: The host address [%s] is invalid.' % self.address) conf_str += "<address></address>" if self.notify_type: conf_str += "<notifyType></notifyType>" if self.vpn_name: if len(self.vpn_name) > 31 or len(self.vpn_name) < 1: self.module.fail_json( msg='Error: The len of vpn_name is out of [1 - 31].') conf_str += "<vpnInstanceName></vpnInstanceName>" if self.recv_port: if int(self.recv_port) > 65535 or int(self.recv_port) < 0: self.module.fail_json( msg='Error: The value of recv_port is out of [0 - 65535].') conf_str += "<portNumber></portNumber>" if self.security_model: conf_str += "<securityModel></securityModel>" if self.security_name: if len(self.security_name) > 32 or len(self.security_name) < 1: self.module.fail_json( msg='Error: The len of security_name is out of [1 - 32].') conf_str += "<securityName></securityName>" if self.security_name_v3: if len(self.security_name_v3) > 32 or len(self.security_name_v3) < 1: self.module.fail_json( msg='Error: The len of security_name_v3 is out of [1 - 32].') conf_str += "<securityNameV3></securityNameV3>" if self.security_level: conf_str += "<securityLevel></securityLevel>" if self.is_public_net != 'no_use': conf_str += "<isPublicNet></isPublicNet>" if self.interface_name: if len(self.interface_name) > 63 or len(self.interface_name) < 1: self.module.fail_json( msg='Error: The len of interface_name is out of [1 - 63].') find_flag = False for item in INTERFACE_TYPE: if item in self.interface_name: find_flag = True break if not find_flag: self.module.fail_json( msg='Error: Please input full name of interface_name.') conf_str += "<interface-name></interface-name>" conf_str += CE_GET_SNMP_TARGET_HOST_TAIL recv_xml = self.netconf_get_config(conf_str=conf_str) if "<data/>" in recv_xml: if self.state == "present": same_flag = False else: delete_flag = False else: xml_str = recv_xml.replace('\r', '').replace('\n', '').\ replace('xmlns="urn:ietf:params:xml:ns:netconf:base:1.0"', "").\ replace('xmlns="http://www.huawei.com/netconf/vrp"', "") root = ElementTree.fromstring(xml_str) target_host_info = root.findall( "data/snmp/targetHosts/targetHost") if target_host_info: for tmp in target_host_info: tmp_dict = dict() for site in tmp: if site.tag in ["nmsName", "domain", "address", "notifyType", "vpnInstanceName", "portNumber", "securityModel", "securityName", "securityNameV3", "securityLevel", "isPublicNet", "interface-name"]: tmp_dict[site.tag] = site.text result["target_host_info"].append(tmp_dict) if result["target_host_info"]: for tmp in result["target_host_info"]: same_flag = True if "nmsName" in tmp.keys(): if tmp["nmsName"] != self.host_name: same_flag = False else: delete_flag = True if "domain" in tmp.keys(): if tmp["domain"] != self.domain: same_flag = False if "address" in tmp.keys(): if tmp["address"] != self.address: same_flag = False if "notifyType" in tmp.keys(): if tmp["notifyType"] != self.notify_type: same_flag = False if "vpnInstanceName" in tmp.keys(): if tmp["vpnInstanceName"] != self.vpn_name: same_flag = False if "portNumber" in tmp.keys(): if tmp["portNumber"] != self.recv_port: same_flag = False if "securityModel" in tmp.keys(): if tmp["securityModel"] != self.security_model: same_flag = False if "securityName" in tmp.keys(): if tmp["securityName"] != self.security_name: same_flag = False if "securityNameV3" in tmp.keys(): if tmp["securityNameV3"] != self.security_name_v3: same_flag = False if "securityLevel" in tmp.keys(): if tmp["securityLevel"] != self.security_level: same_flag = False if "isPublicNet" in tmp.keys(): if tmp["isPublicNet"] != self.is_public_net: same_flag = False if "interface-name" in tmp.keys(): if tmp["interface-name"] != self.interface_name: same_flag = False if same_flag: break if self.state == "present": need_cfg = True if same_flag: need_cfg = False else: need_cfg = False if delete_flag: need_cfg = True result["need_cfg"] = need_cfg
def check_base_rule_args(self): """ Check base rule invalid args """ need_cfg = False find_flag = False self.cur_base_rule_cfg["base_rule_info"] = [] if self.acl_name: if self.state == "absent": if not self.rule_name: self.module.fail_json( msg='Error: Please input rule_name when state is absent.') # config rule if self.rule_name: if len(self.rule_name) < 1 or len(self.rule_name) > 32: self.module.fail_json( msg='Error: The len of rule_name is out of [1 - 32].') if self.state != "delete_acl" and not self.rule_id: self.module.fail_json( msg='Error: Please input rule_id.') if self.rule_id: if self.rule_id.isdigit(): if int(self.rule_id) < 0 or int(self.rule_id) > 4294967294: self.module.fail_json( msg='Error: The value of rule_id is out of [0 - 4294967294].') else: self.module.fail_json( msg='Error: The rule_id is not digit.') if self.source_ip: if not check_ip_addr(self.source_ip): self.module.fail_json( msg='Error: The source_ip %s is invalid.' % self.source_ip) if not self.src_mask: self.module.fail_json( msg='Error: Please input src_mask.') if self.src_mask: if self.src_mask.isdigit(): if int(self.src_mask) < 1 or int(self.src_mask) > 32: self.module.fail_json( msg='Error: The src_mask is out of [1 - 32].') self.src_wild = self.get_wildcard_mask() else: self.module.fail_json( msg='Error: The src_mask is not digit.') if self.vrf_name: if len(self.vrf_name) < 1 or len(self.vrf_name) > 31: self.module.fail_json( msg='Error: The len of vrf_name is out of [1 - 31].') if self.time_range: if len(self.time_range) < 1 or len(self.time_range) > 32: self.module.fail_json( msg='Error: The len of time_range is out of [1 - 32].') if self.rule_description: if len(self.rule_description) < 1 or len(self.rule_description) > 127: self.module.fail_json( msg='Error: The len of rule_description is out of [1 - 127].') if self.state != "delete_acl" and not self.rule_id: self.module.fail_json( msg='Error: Please input rule_id.') conf_str = CE_GET_ACL_BASE_RULE_HEADER % self.acl_name if self.rule_id: conf_str += "<aclRuleID></aclRuleID>" if self.rule_action: conf_str += "<aclAction></aclAction>" if self.source_ip: conf_str += "<aclSourceIp></aclSourceIp>" if self.src_wild: conf_str += "<aclSrcWild></aclSrcWild>" if self.frag_type: conf_str += "<aclFragType></aclFragType>" if self.vrf_name: conf_str += "<vrfName></vrfName>" if self.time_range: conf_str += "<aclTimeName></aclTimeName>" if self.rule_description: conf_str += "<aclRuleDescription></aclRuleDescription>" conf_str += "<aclLogFlag></aclLogFlag>" conf_str += CE_GET_ACL_BASE_RULE_TAIL recv_xml = self.netconf_get_config(conf_str=conf_str) if "<data/>" in recv_xml: find_flag = False else: xml_str = recv_xml.replace('\r', '').replace('\n', '').\ replace('xmlns="urn:ietf:params:xml:ns:netconf:base:1.0"', "").\ replace('xmlns="http://www.huawei.com/netconf/vrp"', "") root = ElementTree.fromstring(xml_str) # parse base rule base_rule_info = root.findall( "data/acl/aclGroups/aclGroup/aclRuleBas4s/aclRuleBas4") if base_rule_info: for tmp in base_rule_info: tmp_dict = dict() for site in tmp: if site.tag in ["aclRuleName", "aclRuleID", "aclAction", "aclSourceIp", "aclSrcWild", "aclFragType", "vrfName", "aclTimeName", "aclRuleDescription", "aclLogFlag"]: tmp_dict[site.tag] = site.text self.cur_base_rule_cfg[ "base_rule_info"].append(tmp_dict) if self.cur_base_rule_cfg["base_rule_info"]: for tmp in self.cur_base_rule_cfg["base_rule_info"]: find_flag = True if self.rule_name and tmp.get("aclRuleName") != self.rule_name: find_flag = False if self.rule_id and tmp.get("aclRuleID") != self.rule_id: find_flag = False if self.rule_action and tmp.get("aclAction") != self.rule_action: find_flag = False if self.source_ip: tmp_src_ip = self.source_ip.split(".") tmp_src_wild = self.src_wild.split(".") tmp_addr_item = [] for idx in range(4): item1 = 255 - int(tmp_src_wild[idx]) item2 = item1 & int(tmp_src_ip[idx]) tmp_addr_item.append(item2) tmp_addr = "%s.%s.%s.%s" % (tmp_addr_item[0], tmp_addr_item[1], tmp_addr_item[2], tmp_addr_item[3]) if tmp_addr != tmp.get("aclSourceIp"): find_flag = False if self.src_wild and tmp.get("aclSrcWild") != self.src_wild: find_flag = False if self.frag_type and tmp.get("aclFragType") != self.frag_type: find_flag = False if self.vrf_name and tmp.get("vrfName") != self.vrf_name: find_flag = False if self.time_range and tmp.get("aclTimeName") != self.time_range: find_flag = False if self.rule_description and tmp.get("aclRuleDescription") != self.rule_description: find_flag = False if tmp.get("aclLogFlag") != str(self.log_flag).lower(): find_flag = False if find_flag: break else: find_flag = False if self.state == "present": need_cfg = bool(not find_flag) elif self.state == "absent": need_cfg = bool(find_flag) else: need_cfg = False self.cur_base_rule_cfg["need_cfg"] = need_cfg