def main():
argument_spec = setup_args()
module = AnsibleModule(argument_spec=argument_spec,
supports_check_mode=False,
required_one_of=[['api_key', 'password']])
if not HAS_LIB:
module.fail_json(msg='Missing required libraries.')
# Get the firewall / panorama auth.
auth = [
module.params[x]
for x in ('ip_address', 'username', 'password', 'api_key')
]
# exclude the default items from kwargs passed to the object
exclude_list = [
'ip_address', 'username', 'password', 'api_key', 'state', 'commit'
]
# exclude these items from the kwargs passed to the object
exclude_list += ['vr_name', 'type']
# generate the kwargs for network.BgpPolicyRule
obj_spec = dict((k, module.params[k]) for k in argument_spec.keys()
if k not in exclude_list)
name = module.params['name']
state = module.params['state']
vr_name = module.params['vr_name']
commit = module.params['commit']
filter_type = module.params['type']
changed = False
try:
# Create the device with the appropriate pandevice type
device = base.PanDevice.create_from_device(*auth)
network.VirtualRouter.refreshall(device)
# grab the virtual router
vr = device.find(vr_name, network.VirtualRouter)
if vr is None:
raise ValueError(
'Virtual router {0} does not exist'.format(vr_name))
# fetch the current settings
bgp = vr.find('', network.Bgp) or network.Bgp()
if filter_type == 'ipv4':
new_obj = network.RedistributionProfile(**obj_spec)
cur_obj = vr.find(name,
network.RedistributionProfile,
recursive=True)
elif filter_type == 'ipv6':
new_obj = network.RedistributionProfileIPv6(**obj_spec)
cur_obj = vr.find(name,
network.RedistributionProfileIPv6,
recursive=True)
else:
raise ValueError(
"Filter type '{0}' is unsupported".format(filter_type))
# compare differences between the current state vs desired state
if state == 'present':
# it seems all is well, preceed with update
if cur_obj is None or not new_obj.equal(cur_obj,
compare_children=True):
vr.add(new_obj)
new_obj.apply()
changed = True
elif state == 'absent':
if cur_obj is not None:
cur_obj.delete()
changed = True
else:
module.fail_json(msg='[%s] state is not implemented yet' % state)
except (PanDeviceError, KeyError):
exc = get_exception()
module.fail_json(msg=exc.message)
if commit and changed:
device.commit(sync=True, exception=True)
if changed:
module.exit_json(msg='Redistribution policy rule update successful.',
changed=changed)
else:
module.exit_json(msg='no changes required.', changed=changed)
def main():
argument_spec = setup_args()
module = AnsibleModule(argument_spec=argument_spec,
supports_check_mode=False,
required_one_of=[['api_key', 'password']])
if not HAS_LIB:
module.fail_json(msg='Missing required libraries.')
# Get the firewall / panorama auth.
auth = [
module.params[x]
for x in ('ip_address', 'username', 'password', 'api_key')
]
# generate the kwargs for network.Bgp
bgp_params = [
'enable', 'router_id', 'reject_default_route',
'allow_redist_default_route', 'install_route', 'ecmp_multi_as',
'enforce_first_as', 'local_as'
]
bgp_spec = dict((k, module.params[k]) for k in bgp_params)
# generate the kwargs for network.BgpRoutingOptions
bgp_routing_options_params = [
'as_format',
'always_compare_med',
'deterministic_med_comparison',
'default_local_preference',
'graceful_restart_enable',
'gr_stale_route_time',
'gr_local_restart_time',
'gr_max_peer_restart_time',
'reflector_cluster_id',
'confederation_member_as',
'aggregate_med',
]
bgp_routing_options_spec = dict(
(k, module.params[k]) for k in bgp_routing_options_params)
state = module.params['state']
vr_name = module.params['vr_name']
commit = module.params['commit']
bgp = network.Bgp(**bgp_spec)
bgp_routing_options = network.BgpRoutingOptions(**bgp_routing_options_spec)
changed = False
try:
# Create the device with the appropriate pandevice type
device = base.PanDevice.create_from_device(*auth)
network.VirtualRouter.refreshall(device)
# grab the virtual router
vr = device.find(vr_name, network.VirtualRouter)
if vr is None:
raise ValueError(
'Virtual router {0} does not exist'.format(vr_name))
# fetch the current settings
current_bgp = vr.find('', network.Bgp) or network.Bgp()
current_options = current_bgp.find(
'', network.BgpRoutingOptions) or network.BgpRoutingOptions()
# compare differences between the current state vs desired state
changed |= not bgp.equal(current_bgp, compare_children=False)
changed |= not bgp_routing_options.equal(current_options,
compare_children=False)
if state == 'present':
if changed:
bgp.add(bgp_routing_options)
vr.add(bgp)
bgp.create()
else:
module.exit_json(msg='no changes required.', changed=changed)
elif state == 'absent':
current_bgp.delete()
else:
module.fail_json(msg='[%s] state is not implemented yet' % state)
except (PanDeviceError, KeyError):
exc = get_exception()
module.fail_json(msg=exc.message)
if commit and changed:
device.commit(sync=True, exception=True)
module.exit_json(msg='BGP configuration successful.', changed=changed)
def main():
argument_spec = setup_args()
module = AnsibleModule(argument_spec=argument_spec, supports_check_mode=False,
required_one_of=[['api_key', 'password']])
if not HAS_LIB:
module.fail_json(msg='Missing required libraries.')
# Get the firewall / panorama auth.
auth = [module.params[x] for x in
('ip_address', 'username', 'password', 'api_key')]
# exclude the default items from kwargs passed to the object
exclude_list = ['ip_address', 'username', 'password', 'api_key', 'state', 'commit']
# exclude these items from the kwargs passed to the object
exclude_list += ['vr_name']
# generate the kwargs for network.BgpPeer
obj_spec = dict((k, module.params[k]) for k in argument_spec.keys() if k not in exclude_list)
# # generate the kwargs for network.BgpPeerGroup
# group_params = [
# 'name', 'enable', 'aggregated_confed_as_path', 'soft_reset_with_stored_info',
# 'type', 'export_nexthop', 'import_nexthop', 'remove_private_as'
# ]
# group_spec = dict((k, module.params[k]) for k in group_params)
name = module.params['name']
state = module.params['state']
vr_name = module.params['vr_name']
commit = module.params['commit']
# create the new state object
group = network.BgpPeerGroup(**obj_spec)
changed = False
try:
# Create the device with the appropriate pandevice type
device = base.PanDevice.create_from_device(*auth)
network.VirtualRouter.refreshall(device)
# grab the virtual router
vr = device.find(vr_name, network.VirtualRouter)
if vr is None:
raise ValueError('Virtual router {0} does not exist'.format(vr_name))
# fetch the current settings
bgp = vr.find('', network.Bgp) or network.Bgp()
current_group = vr.find(name, network.BgpPeerGroup, recursive=True)
# compare differences between the current state vs desired state
if not group.equal(current_group, compare_children=False):
changed = True
if state == 'present':
if current_group is None or not group.equal(current_group, compare_children=False):
bgp.add(group)
vr.add(bgp)
group.create()
changed = True
elif state == 'absent':
if current_group is not None:
current_group.delete()
changed = True
else:
module.fail_json(msg='[%s] state is not implemented yet' % state)
except (PanDeviceError, KeyError):
exc = get_exception()
module.fail_json(msg=exc.message)
if commit and changed:
device.commit(sync=True, exception=True)
if changed:
module.exit_json(msg='BGP peer group update successful.', changed=changed)
else:
module.exit_json(msg='no changes required.', changed=changed)
def main():
argument_spec = setup_args()
module = AnsibleModule(argument_spec=argument_spec,
supports_check_mode=False,
required_one_of=[['api_key', 'password']])
if not HAS_LIB:
module.fail_json(msg='Missing required libraries.')
# Get the firewall / panorama auth.
auth = [
module.params[x]
for x in ('ip_address', 'username', 'password', 'api_key')
]
# exclude the default items from kwargs passed to the object
exclude_list = [
'ip_address', 'username', 'password', 'api_key', 'state', 'commit'
]
# exclude these items from the kwargs passed to the object
exclude_list += ['vr_name', 'replace']
# generate the kwargs for the object
obj_spec = dict((k, module.params[k]) for k in argument_spec.keys()
if k not in exclude_list)
name = module.params['name']
state = module.params['state']
vr_name = module.params['vr_name']
commit = module.params['commit']
replace = module.params['replace']
# create the new state object
new_obj = network.BgpAuthProfile(**obj_spec)
changed = False
try:
# Create the device with the appropriate pandevice type
device = base.PanDevice.create_from_device(*auth)
network.VirtualRouter.refreshall(device)
# grab the virtual router
vr = device.find(vr_name, network.VirtualRouter)
if vr is None:
raise ValueError(
'Virtual router {0} does not exist'.format(vr_name))
# fetch the current settings
bgp = vr.find('', network.Bgp) or network.Bgp()
cur_obj = vr.find(name, network.BgpAuthProfile, recursive=True)
if state == 'present':
if replace or cur_obj is None:
# if replace and cur_obj is not None:
# cur_obj.delete()
bgp.add(new_obj)
new_obj.apply()
changed = True
# elif cur_obj is not None:
# # cannot add another profile of the same name
# module.fail_json(msg="BGP Auth Profile '{0}' exists; to update pass 'replace: true'".format(name))
elif state == 'absent':
if cur_obj is not None:
cur_obj.delete()
changed = True
else:
module.fail_json(msg='[%s] state is not implemented yet' % state)
except (PanDeviceError, KeyError):
exc = get_exception()
module.fail_json(msg=exc.message)
if commit and changed:
device.commit(sync=True, exception=True)
if changed:
module.exit_json(msg='BGP authentication profile update successful.',
changed=changed)
else:
module.exit_json(msg='no changes required.', changed=changed)
def main():
argument_spec = setup_args()
module = AnsibleModule(argument_spec=argument_spec,
supports_check_mode=False,
required_one_of=[['api_key', 'password']])
if not HAS_LIB:
module.fail_json(msg='Missing required libraries.')
# Get the firewall / panorama auth.
auth = [
module.params[x]
for x in ('ip_address', 'username', 'password', 'api_key')
]
# exclude the default items from kwargs passed to the object
exclude_list = [
'ip_address', 'username', 'password', 'api_key', 'state', 'commit'
]
# exclude these items from the kwargs passed to the object
exclude_list += ['type', 'vr_name', 'address_prefix']
# export rules don't support action_weight or action_dampening
if module.params['type'] == 'export':
exclude_list += ['action_weight', 'action_dampening']
# generate the kwargs for network.BgpPolicyRule
obj_spec = dict((k, module.params[k]) for k in argument_spec.keys()
if k not in exclude_list)
prefixes = module.params['address_prefix']
rule_type = module.params['type']
name = module.params['name']
state = module.params['state']
vr_name = module.params['vr_name']
commit = module.params['commit']
action_as_path_type = module.params['action_as_path_type']
action_as_path_prepend_times = module.params[
'action_as_path_prepend_times']
action_community_type = module.params['action_community_type']
action_community_argument = module.params['action_community_argument']
action_extended_community_type = module.params[
'action_extended_community_type']
action_extended_community_argument = module.params[
'action_extended_community_argument']
changed = False
try:
# Create the device with the appropriate pandevice type
device = base.PanDevice.create_from_device(*auth)
network.VirtualRouter.refreshall(device)
# grab the virtual router
vr = device.find(vr_name, network.VirtualRouter)
if vr is None:
raise ValueError(
'Virtual router {0} does not exist'.format(vr_name))
# fetch the current settings
bgp = vr.find('', network.Bgp) or network.Bgp()
# create the new state object
if rule_type == 'import':
new_obj = network.BgpPolicyImportRule(**obj_spec)
cur_obj = vr.find(name,
network.BgpPolicyImportRule,
recursive=True)
elif rule_type == 'export':
new_obj = network.BgpPolicyExportRule(**obj_spec)
cur_obj = vr.find(name,
network.BgpPolicyExportRule,
recursive=True)
else:
raise ValueError(
'Policy rule type {0} is not supported'.format(rule_type))
# add the prefix children
if isinstance(prefixes, list):
for prefix in prefixes:
if prefix.get('name'):
pfx = network.BgpPolicyAddressPrefix(**prefix)
new_obj.add(pfx)
# compare differences between the current state vs desired state
if state == 'present':
# confirm values are set as needed
if action_as_path_type in ['prepend', 'remove-and-prepend']:
if action_as_path_prepend_times is None:
raise ValueError(
"An action_as_path_type of 'prepend'|'remove-and-prepend' "
+ 'requires action_as_path_prepend_times be set')
if action_community_type in [
'remove-regex', 'append', 'overwrite'
]:
if action_community_argument is None:
raise ValueError(
"An action_community_type of 'remove-regex'|'append'|'overwrite' "
+ 'requires action_community_argument be set')
if action_extended_community_type in [
'remove-regex', 'append', 'overwrite'
]:
if action_extended_community_argument is None:
raise ValueError(
"An action_extended_community_type of 'remove-regex'|'append'|'overwrite' "
+ 'requires action_extended_community_argument be set')
# it seems all is well, preceed with update
if cur_obj is None or not new_obj.equal(cur_obj,
compare_children=True):
bgp.add(new_obj)
vr.add(bgp)
new_obj.apply()
changed = True
elif state == 'absent':
if cur_obj is not None:
cur_obj.delete()
changed = True
else:
module.fail_json(msg='[%s] state is not implemented yet' % state)
except (PanDeviceError, KeyError):
exc = get_exception()
module.fail_json(msg=exc.message)
if commit and changed:
device.commit(sync=True, exception=True)
if changed:
module.exit_json(msg='BGP policy rule update successful.',
changed=changed)
else:
module.exit_json(msg='no changes required.', changed=changed)
def main():
argument_spec = setup_args()
module = AnsibleModule(argument_spec=argument_spec,
supports_check_mode=False,
required_one_of=[['api_key', 'password']])
if not HAS_LIB:
module.fail_json(msg='Missing required libraries.')
# Get the firewall / panorama auth.
auth = [
module.params[x]
for x in ('ip_address', 'username', 'password', 'api_key')
]
# exclude the default items from kwargs passed to the object
exclude_list = [
'ip_address', 'username', 'password', 'api_key', 'state', 'commit'
]
# exclude these items from the kwargs passed to the object
exclude_list += ['vr_name', 'non_exist_filter', 'advertise_filter']
# generate the kwargs for the object
obj_spec = dict((k, module.params[k]) for k in argument_spec.keys()
if k not in exclude_list)
name = module.params['name']
state = module.params['state']
vr_name = module.params['vr_name']
commit = module.params['commit']
ne_filter = module.params['non_exist_filter']
ad_filter = module.params['advertise_filter']
# create the new state object
new_obj = network.BgpPolicyConditionalAdvertisement(**obj_spec)
changed = False
try:
# Create the device with the appropriate pandevice type
device = base.PanDevice.create_from_device(*auth)
network.VirtualRouter.refreshall(device)
# grab the virtual router
vr = device.find(vr_name, network.VirtualRouter)
if vr is None:
raise ValueError(
'Virtual router {0} does not exist'.format(vr_name))
# fetch the current settings
bgp = vr.find('', network.Bgp) or network.Bgp()
cur_obj = vr.find(name,
network.BgpPolicyConditionalAdvertisement,
recursive=True)
if state == 'present':
if cur_obj is None or not new_obj.equal(cur_obj,
compare_children=False):
if cur_obj is None and (ne_filter is None
or ad_filter is None):
raise ValueError(
'Creating a new Conditional Advertisement policy requires: '
+ 'non_exist_filter and advertise_filter')
elif cur_obj is None:
import pickle
from base64 import b64decode
# deserialize BgpPolicyNonExistFilter object
ne_filter_obj = pickle.loads(b64decode(ne_filter))
# deserialize BgpPolicyAdvertisementFilter object
ad_filter_obj = pickle.loads(b64decode(ad_filter))
# add them both to the new policy
new_obj.add(ne_filter_obj)
new_obj.add(ad_filter_obj)
bgp.add(new_obj)
# use create() here instead of apply because the children are required
new_obj.create()
changed = True
elif state == 'absent':
if cur_obj is not None:
cur_obj.delete()
changed = True
else:
module.fail_json(msg='[%s] state is not implemented yet' % state)
except (PanDeviceError, KeyError):
exc = get_exception()
module.fail_json(msg=exc.message)
if commit and changed:
device.commit(sync=True, exception=True)
if changed:
module.exit_json(
msg='BGP conditional advertisement policy update successful.',
changed=changed)
else:
module.exit_json(msg='no changes required.', changed=changed)