def _parse_service_xml(self, xml):
"""parse the xml into actual objects and store them in the dicts"""
for elm in xml:
obj = objects.ServiceObject()
obj.refresh(xml=elm)
self.service_objects[obj.name] = obj
def create_object(**kwargs):
if kwargs['addressobject']:
newobject = objects.AddressObject(
name=kwargs['addressobject'],
value=kwargs['address'],
type=kwargs['address_type'],
description=kwargs['description'],
tag=kwargs['tag_name']
)
if newobject.type and newobject.value:
return newobject
else:
return False
elif kwargs['addressgroup']:
newobject = objects.AddressGroup(
name=kwargs['addressgroup'],
static_value=kwargs['static_value'],
dynamic_value=kwargs['dynamic_value'],
description=kwargs['description'],
tag=kwargs['tag_name']
)
if newobject.static_value or newobject.dynamic_value:
return newobject
else:
return False
elif kwargs['serviceobject']:
newobject = objects.ServiceObject(
name=kwargs['serviceobject'],
protocol=kwargs['protocol'],
source_port=kwargs['source_port'],
destination_port=kwargs['destination_port'],
tag=kwargs['tag_name']
)
if newobject.protocol and newobject.destination_port:
return newobject
else:
return False
elif kwargs['servicegroup']:
newobject = objects.ServiceGroup(
name=kwargs['servicegroup'],
value=kwargs['services'],
tag=kwargs['tag_name']
)
if newobject.value:
return newobject
else:
return False
elif kwargs['tag_name']:
newobject = objects.Tag(
name=kwargs['tag_name'],
color=kwargs['color'],
comments=kwargs['description']
)
if newobject.name:
return newobject
else:
return False
else:
return False
def setup_state_obj(self, dev, state):
state.obj = objects.ServiceObject(
testlib.random_name(),
protocol='tcp',
source_port='1025-65535',
destination_port='80,443,8080',
description='My service object',
)
dev.add(state.obj)
def from_criteria(cls, criteria):
"""Create an instance from the provided criteria
"""
pandevice_object = objects.ServiceObject()
pandevice_object.name = criteria['name']
pandevice_object.protocol = criteria['protocol']
pandevice_object.destination_port = criteria['port']
return cls(pandevice_object)
def _parse_services(self):
"""retrieve all the pandevice.objects.ServiceObject's and parse them and store in the dg node"""
# create the "any" object
any_service_pandevice_obj = objects.ServiceObject()
any_service_pandevice_obj.name = 'any'
any_service_pandevice_obj.protocol = 'any'
any_service_pandevice_obj.destination_port = 'any'
any_service = PaloAltoService(any_service_pandevice_obj)
# create the "application-default" object
app_default_service_pan_obj = objects.ServiceObject()
app_default_service_pan_obj.name = 'application-default'
app_default_service = PaloAltoService(app_default_service_pan_obj)
for dg_node in self.dg_hierarchy.get_all_nodes():
for s in dg_node.device_group.findall(objects.ServiceObject):
dg_node.insert(PaloAltoService(s))
# add the "any" object
dg_node.insert(any_service)
# add the "application-default" object
dg_node.insert(app_default_service)
def create_dependencies(self, dev, state):
state.tag = None
state.services = [
objects.ServiceObject(
testlib.random_name(),
'tcp' if x % 2 == 0 else 'udp',
destination_port=2000 + x,
description='Service {0}'.format(x))
for x in range(4)
]
for x in state.services:
dev.add(x)
x.create()
state.tag = objects.Tag(testlib.random_name(), 'color5')
dev.add(state.tag)
state.tag.create()
def main():
argument_spec = dict(ip_address=dict(required=True),
username=dict(default='admin'),
password=dict(no_log=True),
api_key=dict(no_log=True),
name=dict(type='str', required=True),
protocol=dict(default='tcp', choices=['tcp', 'udp']),
source_port=dict(type='str'),
destination_port=dict(type='str'),
description=dict(type='str'),
tag=dict(type='list'),
device_group=dict(type='str'),
vsys=dict(type='str', default='vsys1'),
state=dict(default='present',
choices=['present', 'absent']),
commit=dict(type='bool', default=False))
module = AnsibleModule(argument_spec=argument_spec,
supports_check_mode=False)
if not HAS_LIB:
module.fail_json(
msg='pan-python and pandevice are required for this module.')
ip_address = module.params['ip_address']
username = module.params['username']
password = module.params['password']
api_key = module.params['api_key']
name = module.params['name']
protocol = module.params['protocol']
source_port = module.params['source_port']
destination_port = module.params['destination_port']
description = module.params['description']
tag = module.params['tag']
device_group = module.params['device_group']
vsys = module.params['vsys']
state = module.params['state']
commit = module.params['commit']
changed = False
try:
device = base.PanDevice.create_from_device(ip_address,
username,
password,
api_key=api_key)
if isinstance(device, firewall.Firewall):
device.vsys = vsys
if device_group:
if device_group.lower() == 'shared':
device_group = None
else:
if not get_devicegroup(device, device_group):
module.fail_json(msg='Could not find {} device group.'.
format(device_group))
if state == 'present':
if not destination_port:
module.fail_json(
msg='Must specify \'destination_port\' if \'state\' is '
'\'present\'.')
existing_obj = find_object(device, name, objects.ServiceObject,
device_group)
new_obj = objects.ServiceObject(name=name,
protocol=protocol,
source_port=source_port,
destination_port=destination_port,
description=description,
tag=tag)
if not existing_obj:
add_object(device, new_obj, device_group)
new_obj.create()
changed = True
elif not existing_obj.equal(new_obj):
existing_obj.protocol = protocol
existing_obj.source_port = source_port
existing_obj.destination_port = destination_port
existing_obj.description = description
existing_obj.tag = tag
existing_obj.apply()
changed = True
elif state == 'absent':
existing_obj = find_object(device, name, objects.ServiceObject,
device_group)
if existing_obj:
existing_obj.delete()
changed = True
if commit and changed:
perform_commit(module, device, device_group)
except PanDeviceError as e:
module.fail_json(msg=e.message)
module.exit_json(changed=changed)
