def main(): argument_specs = dict( old_password=dict(type='str', required=True, no_log=True), # Flag to specify priority of old/new password while establishing session with controller. # To handle both Saas and conventional (Entire state in playbook) scenario. force_change=dict(type='bool', default=False)) argument_specs.update(avi_common_argument_spec()) module = AnsibleModule(argument_spec=argument_specs) if not HAS_AVI: return module.fail_json( msg=('Avi python API SDK (avisdk) is not installed. ' 'For more details visit https://github.com/avinetworks/sdk.')) api_creds = AviCredentials() api_creds.update_from_ansible_module(module) old_password = module.params.get('old_password') force_change = module.params.get('force_change', False) data = {'old_password': old_password, 'password': api_creds.password} # First try old password if 'force_change' is set to true if force_change: first_pwd = old_password second_pwd = api_creds.password # First try new password if 'force_change' is set to false or not specified in playbook. else: first_pwd = api_creds.password second_pwd = old_password password_changed = False try: api = ApiSession.get_session(api_creds.controller, api_creds.username, password=first_pwd, timeout=api_creds.timeout, tenant=api_creds.tenant, tenant_uuid=api_creds.tenant_uuid, token=api_creds.token, port=api_creds.port) if force_change: rsp = api.put('useraccount', data=data) if rsp: password_changed = True return ansible_return(module, rsp, True, req=data) password_changed = True return module.exit_json(changed=False, obj=data) except: pass if not password_changed: api = ApiSession.get_session(api_creds.controller, api_creds.username, password=second_pwd, timeout=api_creds.timeout, tenant=api_creds.tenant, tenant_uuid=api_creds.tenant_uuid, token=api_creds.token, port=api_creds.port) if not force_change: rsp = api.put('useraccount', data=data) if rsp: return ansible_return(module, rsp, True, req=data) return module.exit_json(changed=False, obj=data)
def main(): argument_specs = dict() argument_specs.update(avi_common_argument_spec()) module = AnsibleModule(argument_spec=argument_specs) if not HAS_AVI: return module.fail_json(msg=( 'Avi python API SDK (avisdk>=17.1) or requests is not installed. ' 'For more details visit https://github.com/avinetworks/sdk.')) try: api_creds = AviCredentials() api_creds.update_from_ansible_module(module) api = ApiSession.get_session(api_creds.controller, api_creds.username, password=api_creds.password, timeout=api_creds.timeout, tenant=api_creds.tenant, tenant_uuid=api_creds.tenant_uuid, token=api_creds.token, port=api_creds.port) remote_api_version = api.remote_api_version remote = {} for key in remote_api_version.keys(): remote[key.lower()] = remote_api_version[key] api.close() module.exit_json(changed=False, obj=remote) except Exception as e: module.fail_json(msg=("Unable to get an AVI session. %s" % e))
def main(): argument_specs = dict( idp_class=dict(type=str, required=True, ), ) argument_specs.update(avi_common_argument_spec()) module = AnsibleModule(argument_spec=argument_specs) if not HAS_AVI: return module.fail_json(msg=( 'Avi python API SDK (avisdk) is not installed. ' 'For more details visit https://github.com/avinetworks/sdk.')) idp_class = module.params.get("idp_class", None) idp = get_idp_class(idp_class) if not idp: msg = "IDP {} not supported yet.".format(idp_class) return module.fail_json(msg=msg) avi_credentials = AviCredentials() avi_credentials.update_from_ansible_module(module) try: api = ApiSession.get_session( avi_credentials.controller, avi_credentials.username, password=avi_credentials.password, timeout=avi_credentials.timeout, tenant=avi_credentials.tenant, tenant_uuid=avi_credentials.tenant_uuid, port=avi_credentials.port, idp_class=idp) changed = True except (ConnectionError, SSLError, ChunkedEncodingError) as e: msg = "Error during get session {}".format(e.message) return module.fail_json(msg=msg) return ansible_return(module, None, changed, None, api_context=api.get_context())
def ansible_return(module, rsp, changed, req=None, existing_obj=None, api_context=None): """ :param module: AnsibleModule :param rsp: ApiResponse from avi_api :param changed: boolean :param req: ApiRequest to avi_api :param existing_obj: object to be passed debug output :param api_context: api login context helper function to return the right ansible based on the error code and changed Returns: specific ansible module exit function """ if rsp is not None and rsp.status_code > 299 and not \ any(error in rsp.text for error in SKIP_DELETE_ERROR): return module.fail_json(msg='Error %d Msg %s req: %s api_context:%s ' % (rsp.status_code, rsp.text, req, api_context)) api_creds = AviCredentials() api_creds.update_from_ansible_module(module) key = '%s:%s:%s' % (api_creds.controller, api_creds.username, api_creds.port) disable_fact = module.params.get('avi_disable_session_cache_as_fact') fact_context = None if not disable_fact: fact_context = module.params.get('api_context', {}) if fact_context: fact_context.update({key: api_context}) else: fact_context = {key: api_context} obj_val = rsp.json() if rsp else existing_obj if (obj_val and module.params.get("obj_username", None) and "username" in obj_val): obj_val["obj_username"] = obj_val["username"] if (obj_val and module.params.get("obj_password", None) and "password" in obj_val): obj_val["obj_password"] = obj_val["password"] if (obj_val and module.params.get("obj_state", None) and "state" in obj_val): obj_val["obj_state"] = obj_val["state"] old_obj_val = existing_obj if changed and existing_obj else None api_context_val = api_context if disable_fact else None ansible_facts_val = dict( avi_api_context=fact_context) if not disable_fact else {} return module.exit_json(changed=changed, obj=obj_val, old_obj=old_obj_val, ansible_facts=ansible_facts_val, api_context=api_context_val)
def main(): argument_specs = dict( full_name=dict(type='str'), email=dict(type='str'), old_password=dict(type='str', required=True, no_log=True), # Flag to specify priority of old/new password while establishing session with controller. # To handle both Saas and conventional (Entire state in playbook) scenario. force_change=dict(type='bool', default=False)) argument_specs.update(avi_common_argument_spec()) module = AnsibleModule(argument_spec=argument_specs) if not HAS_AVI: return module.fail_json(msg=( 'Avi python API SDK (avisdk>=17.1) or requests is not installed. ' 'For more details visit https://github.com/avinetworks/sdk.')) api_creds = AviCredentials() api_creds.update_from_ansible_module(module) full_name = module.params.get('full_name') email = module.params.get('email') old_password = module.params.get('old_password') force_change = module.params.get('force_change', False) data = {'old_password': old_password, 'password': api_creds.password} if full_name: data['full_name'] = full_name if email: data['email'] = email api = None if not force_change: # check if the new password is already set. try: api = ApiSession.get_session(api_creds.controller, api_creds.username, password=api_creds.password, timeout=api_creds.timeout, tenant=api_creds.tenant, tenant_uuid=api_creds.tenant_uuid, token=api_creds.token, port=api_creds.port) data['old_password'] = api_creds.password except Exception: # create a new session using the old password. pass if not api: api = ApiSession.get_session(api_creds.controller, api_creds.username, password=old_password, timeout=api_creds.timeout, tenant=api_creds.tenant, tenant_uuid=api_creds.tenant_uuid, token=api_creds.token, port=api_creds.port) rsp = api.put('useraccount', data=data) return ansible_return(module, rsp, True, req=data)
def main(): argument_specs = dict( data_vnics_config=dict(type='list', ), se_name=dict(type='str', required=True), ) argument_specs.update(avi_common_argument_spec()) module = AnsibleModule( argument_spec=argument_specs, supports_check_mode=True) if not HAS_AVI: return module.fail_json(msg=( 'Avi python API SDK (avisdk>=17.1) or requests is not installed. ' 'For more details visit https://github.com/avinetworks/sdk.')) # Create controller session api_creds = AviCredentials() api_creds.update_from_ansible_module(module) api = ApiSession.get_session( api_creds.controller, api_creds.username, password=api_creds.password, timeout=api_creds.timeout, tenant=api_creds.tenant, tenant_uuid=api_creds.tenant_uuid, token=api_creds.token, port=api_creds.port) path = 'serviceengine' # Get existing SE object se_obj = api.get_object_by_name( path, module.params['se_name'], api_version=api_creds.api_version) data_vnics_config = module.params['data_vnics_config'] for d_vnic in se_obj['data_vnics']: for obj in data_vnics_config: config_for = obj.get('if_name', None) if not config_for: return module.fail_json(msg=( "if_name in a configuration is mandatory. Please provide if_name i.e. vnic's interface name.")) if config_for == d_vnic['if_name']: # modify existing object for key, val in obj.items(): d_vnic[key] = val if config_for == d_vnic['if_name']: for key, val in obj.items(): d_vnic[key] = val module.params.update(se_obj) module.params.update( { 'avi_api_update_method': 'put', 'state': 'present' } ) module.params.pop('data_vnics_config') return avi_ansible_api(module, 'serviceengine', set([]))
def main(): argument_specs = dict(file_path=dict(type='str', required=True), params=dict(type='dict'), timeout=dict(type='int', default=300)) argument_specs.update(avi_common_argument_spec()) module = AnsibleModule(argument_spec=argument_specs) if not HAS_AVI: return module.fail_json(msg=( 'Avi python API SDK (avisdk>=17.1) or requests is not installed. ' 'For more details visit https://github.com/avinetworks/sdk.')) if not HAS_LIB: return module.fail_json( msg='avi_api_image, requests_toolbelt is required for this module') api_creds = AviCredentials() api_creds.update_from_ansible_module(module) api = ApiSession.get_session(api_creds.controller, api_creds.username, password=api_creds.password, timeout=api_creds.timeout, tenant=api_creds.tenant, tenant_uuid=api_creds.tenant_uuid, token=api_creds.token, port=api_creds.port) tenant_uuid = api_creds.tenant_uuid tenant = api_creds.tenant timeout = int(module.params.get('timeout')) params = module.params.get('params', None) # Get the api_version from module. api_version = api_creds.api_version file_path = module.params['file_path'] if not os.path.exists(file_path): return module.fail_json(msg=('File not found : %s' % file_path)) file_name = os.path.basename(file_path) with open(file_path, "rb") as f: f_data = {"file": (file_name, f, "application/octet-stream")} m = MultipartEncoder(fields=f_data) headers = {'Content-Type': m.content_type} rsp = api.post("image", data=m, headers=headers, verify=False) if rsp.status_code > 300: return module.fail_json(msg='Fail to upload file: %s' % rsp.text) else: return module.exit_json(changed=True, msg="File uploaded successfully")
def avi_ansible_api(module, obj_type, sensitive_fields): """ This converts the Ansible module into AVI object and invokes APIs :param module: Ansible module :param obj_type: string representing Avi object type :param sensitive_fields: sensitive fields to be excluded for comparison purposes. Returns: success: module.exit_json with obj=avi object faliure: module.fail_json """ api_creds = AviCredentials() api_creds.update_from_ansible_module(module) api_context = get_api_context(module, api_creds) if api_context: api = ApiSession.get_session(api_creds.controller, api_creds.username, password=api_creds.password, timeout=api_creds.timeout, tenant=api_creds.tenant, tenant_uuid=api_creds.tenant_uuid, token=api_context['csrftoken'], port=api_creds.port, session_id=api_context['session_id'], csrftoken=api_context['csrftoken']) else: api = ApiSession.get_session(api_creds.controller, api_creds.username, password=api_creds.password, timeout=api_creds.timeout, tenant=api_creds.tenant, tenant_uuid=api_creds.tenant_uuid, token=api_creds.token, port=api_creds.port) state = module.params['state'] # Get the api version. avi_update_method = module.params.get('avi_api_update_method', 'put') avi_patch_op = module.params.get('avi_api_patch_op', 'add') api_version = api_creds.api_version name = module.params.get('name', None) # Added Support to get uuid uuid = module.params.get('uuid', None) check_mode = module.check_mode if uuid: obj_path = '%s/%s' % (obj_type, uuid) else: obj_path = '%s/' % obj_type obj = deepcopy(module.params) # Special code to handle situation where object has a field # named username. This is used in case of api/user # The following code copies the username and password # from the obj_username and obj_password fields. if 'obj_username' in obj: obj['username'] = obj['obj_username'] obj.pop('obj_username') if 'obj_password' in obj: obj['password'] = obj['obj_password'] obj.pop('obj_password') tenant = obj.pop('tenant', '') tenant_uuid = obj.pop('tenant_uuid', '') # obj.pop('cloud_ref', None) for k in POP_FIELDS: obj.pop(k, None) purge_optional_fields(obj, module) log.info('passed object %s ', obj) if uuid: # Get the object based on uuid. try: existing_obj = api.get(obj_path, tenant=tenant, tenant_uuid=tenant_uuid, params={ 'include_refs': '', 'include_name': '' }, api_version=api_version) existing_obj = existing_obj.json() except ObjectNotFound: existing_obj = None elif name: params = {'include_refs': '', 'include_name': ''} if obj.get('cloud_ref', None): # this is the case when gets have to be scoped with cloud cloud = obj['cloud_ref'].split('name=')[1] params['cloud_ref.name'] = cloud existing_obj = api.get_object_by_name(obj_type, name, tenant=tenant, tenant_uuid=tenant_uuid, params=params, api_version=api_version) # Need to check if tenant_ref was provided and the object returned # is actually in admin tenant. if existing_obj and 'tenant_ref' in obj and 'tenant_ref' in existing_obj: # https://10.10.25.42/api/tenant/admin#admin existing_obj_tenant = existing_obj['tenant_ref'].split('#')[1] obj_tenant = obj['tenant_ref'].split('name=')[1] if obj_tenant != existing_obj_tenant: existing_obj = None else: # added api version to avi api call. existing_obj = api.get(obj_path, tenant=tenant, tenant_uuid=tenant_uuid, params={ 'include_refs': '', 'include_name': '' }, api_version=api_version).json() if state == 'absent': rsp = None changed = False err = False if not check_mode and existing_obj: try: if name is not None: # added api version to avi api call. rsp = api.delete_by_name(obj_type, name, tenant=tenant, tenant_uuid=tenant_uuid, api_version=api_version) else: # added api version to avi api call. rsp = api.delete(obj_path, tenant=tenant, tenant_uuid=tenant_uuid, api_version=api_version) except ObjectNotFound: pass if check_mode and existing_obj: changed = True if rsp: if rsp.status_code == 204: changed = True else: err = True if not err: return ansible_return(module, rsp, changed, existing_obj=existing_obj, api_context=api.get_context()) elif rsp: return module.fail_json(msg=rsp.text) rsp = None req = None if existing_obj: # this is case of modify as object exists. should find out # if changed is true or not if name is not None: obj_uuid = existing_obj['uuid'] obj_path = '%s/%s' % (obj_type, obj_uuid) if avi_update_method == 'put': changed = not avi_obj_cmp(obj, existing_obj, sensitive_fields) obj = cleanup_absent_fields(obj) if changed: req = obj if check_mode: # No need to process any further. rsp = AviCheckModeResponse(obj=existing_obj) else: rsp = api.put(obj_path, data=req, tenant=tenant, tenant_uuid=tenant_uuid, api_version=api_version) elif check_mode: rsp = AviCheckModeResponse(obj=existing_obj) else: if check_mode: # No need to process any further. rsp = AviCheckModeResponse(obj=existing_obj) changed = True else: obj.pop('name', None) patch_data = {avi_patch_op: obj} rsp = api.patch(obj_path, data=patch_data, tenant=tenant, tenant_uuid=tenant_uuid, api_version=api_version) obj = rsp.json() changed = not avi_obj_cmp(obj, existing_obj) if changed: log.debug('EXISTING OBJ %s', existing_obj) log.debug('NEW OBJ %s', obj) else: changed = True req = obj if check_mode: rsp = AviCheckModeResponse(obj=None) else: rsp = api.post(obj_type, data=obj, tenant=tenant, tenant_uuid=tenant_uuid, api_version=api_version) return ansible_return(module, rsp, changed, req, existing_obj=existing_obj, api_context=api.get_context())
def main(): argument_specs = dict(params=dict(type='dict'), data=dict(type='dict'), name=dict(type='str', required=True), state=dict(default='present', choices=['absent', 'present'])) argument_specs.update(avi_common_argument_spec()) module = AnsibleModule(argument_spec=argument_specs) if not HAS_AVI: return module.fail_json(msg=( 'Avi python API SDK (avisdk>=17.1) or ansible>=2.8 is not installed. ' 'For more details visit https://github.com/avinetworks/sdk.')) api_creds = AviCredentials() api_creds.update_from_ansible_module(module) api = ApiSession.get_session(api_creds.controller, api_creds.username, password=api_creds.password, timeout=api_creds.timeout, tenant=api_creds.tenant, tenant_uuid=api_creds.tenant_uuid, token=api_creds.token, port=api_creds.port) tenant = api_creds.tenant tenant_uuid = api_creds.tenant_uuid params = module.params.get('params', None) data = module.params.get('data', None) gparams = deepcopy(params) if params else {} gparams.update({'include_refs': '', 'include_name': ''}) name = module.params.get('name', '') state = module.params['state'] # Get the api version from module. api_version = api_creds.api_version """ state: present 1. Check if the GSLB service is present 2. If not then create the GSLB service with the member 3. Check if the group exists 4. if not then create the group with the member 5. Check if the member is present if not then add the member state: absent 1. check if GSLB service is present if not then exit 2. check if group is present. if not then exit 3. check if member is present. if present then remove it. """ obj_type = 'gslbservice' # Added api version to call existing_obj = api.get_object_by_name(obj_type, name, tenant=tenant, tenant_uuid=tenant_uuid, params={ 'include_refs': '', 'include_name': '' }, api_version=api_version) check_mode = module.check_mode if state == 'absent': # Added api version to call changed, rsp = delete_member(module, check_mode, api, tenant, tenant_uuid, existing_obj, data, api_version) else: # Added api version to call changed, rsp = add_member(module, check_mode, api, tenant, tenant_uuid, existing_obj, data, name, api_version) if check_mode or not changed: return module.exit_json(changed=changed, obj=existing_obj) return ansible_return(module, rsp, changed, req=data)
def main(): argument_specs = dict(http_method=dict( required=True, choices=['get', 'put', 'post', 'patch', 'delete']), path=dict(type='str', required=True), params=dict(type='dict'), data=dict(type='jsonarg'), timeout=dict(type='int', default=60)) argument_specs.update(avi_common_argument_spec()) module = AnsibleModule(argument_spec=argument_specs) if not HAS_AVI: return module.fail_json(msg=( 'Avi python API SDK (avisdk>=17.1) or requests is not installed. ' 'For more details visit https://github.com/avinetworks/sdk.')) api_creds = AviCredentials() api_creds.update_from_ansible_module(module) api = ApiSession.get_session(api_creds.controller, api_creds.username, password=api_creds.password, timeout=api_creds.timeout, tenant=api_creds.tenant, tenant_uuid=api_creds.tenant_uuid, token=api_creds.token, port=api_creds.port) tenant_uuid = api_creds.tenant_uuid tenant = api_creds.tenant timeout = int(module.params.get('timeout')) # path is a required argument path = module.params.get('path', '') params = module.params.get('params', None) data = module.params.get('data', None) # Get the api_version from module. api_version = api_creds.api_version if data is not None: data = json.loads(data) method = module.params['http_method'] existing_obj = None changed = method != 'get' gparams = deepcopy(params) if params else {} gparams.update({'include_refs': '', 'include_name': ''}) # API methods not allowed api_get_not_allowed = ["cluster", "gslbsiteops", "server", "nsxt"] sub_api_get_not_allowed = ["scaleout", "scalein", "upgrade", "rollback"] api_post_not_allowed = ["alert", "fileservice"] api_put_not_allowed = ["backup"] if method == 'post' and not any( path.startswith(uri) for uri in api_post_not_allowed): # TODO: Above condition should be updated after AV-38981 is fixed # need to check if object already exists. In that case # change the method to be put try: using_collection = False if (not any(path.startswith(uri) for uri in api_get_not_allowed) and not any( path.endswith(uri) for uri in sub_api_get_not_allowed)): if 'name' in data: gparams['name'] = data['name'] using_collection = True if (not any(path.startswith(uri) for uri in api_get_not_allowed) and not any( path.endswith(uri) for uri in sub_api_get_not_allowed)): rsp = api.get(path, tenant=tenant, tenant_uuid=tenant_uuid, params=gparams, api_version=api_version) existing_obj = rsp.json() if using_collection: existing_obj = existing_obj['results'][0] except (IndexError, KeyError): # object is not found pass else: if (not any(path.startswith(uri) for uri in api_get_not_allowed) and not any( path.endswith(uri) for uri in sub_api_get_not_allowed)): # object is present method = 'put' path += '/' + existing_obj['uuid'] if method == 'put' and not any( path.startswith(uri) for uri in api_put_not_allowed): # put can happen with when full path is specified or it is put + post get_path = path data_for_cmp = data if existing_obj is None: using_collection = False if ((len(path.split('/')) == 1) and ('name' in data) and (not any(path.startswith(uri) for uri in api_get_not_allowed))): gparams['name'] = data['name'] using_collection = True if path.startswith('wafpolicy') and path.endswith( 'update-crs-rules'): get_path = path.rstrip('/update-crs-rules') data_for_cmp = deepcopy(data) if data else {} _ = data_for_cmp.pop("commit", None) rsp = api.get(get_path, tenant=tenant, tenant_uuid=tenant_uuid, params=gparams, api_version=api_version) rsp_data = rsp.json() if using_collection: if rsp_data['results']: existing_obj = rsp_data['results'][0] path += '/' + existing_obj['uuid'] else: method = 'post' else: if rsp.status_code == 404: method = 'post' else: existing_obj = rsp_data if existing_obj: changed = not avi_obj_cmp(data_for_cmp, existing_obj) cleanup_absent_fields(data) if method == 'patch': rsp = api.get(path, tenant=tenant, tenant_uuid=tenant_uuid, params=gparams, api_version=api_version) existing_obj = rsp.json() if (method == 'put' and changed) or (method != 'put'): fn = getattr(api, method) rsp = fn(path, tenant=tenant, tenant_uuid=tenant, timeout=timeout, params=params, data=data, api_version=api_version) else: rsp = None if method == 'delete' and rsp.status_code == 404: changed = False rsp.status_code = 200 if method == 'patch' and existing_obj and rsp.status_code < 299: # Ideally the comparison should happen with the return values # from the patch API call. However, currently Avi API are # returning different hostname when GET is used vs Patch. # tracked as AV-12561 if path.startswith('pool'): time.sleep(1) gparams = deepcopy(params) if params else {} gparams.update({'include_refs': '', 'include_name': ''}) rsp = api.get(path, tenant=tenant, tenant_uuid=tenant_uuid, params=gparams, api_version=api_version) new_obj = rsp.json() changed = not avi_obj_cmp(new_obj, existing_obj) if rsp is None: return module.exit_json(changed=changed, obj=existing_obj) return ansible_return(module, rsp, changed, req=data)
def main(): argument_specs = dict( state=dict(default='present', choices=['absent', 'present']), avi_api_update_method=dict(default='put', choices=['put', 'patch']), avi_api_patch_op=dict(choices=['add', 'replace', 'delete']), patch_level=dict(type='str', default='/site/dns_vses', choices=['/site/dns_vses', '/site']), async_interval=dict(type='int',), clear_on_max_retries=dict(type='int',), client_ip_addr_group=dict(type='dict',), description=dict(type='str',), dns_configs=dict(type='list',), error_resync_interval=dict(type='int',), is_federated=dict(type='bool',), leader_cluster_uuid=dict(type='str', required=True), maintenance_mode=dict(type='bool',), name=dict(type='str', required=True), send_interval=dict(type='int',), send_interval_prior_to_maintenance_mode=dict(type='int',), sites=dict(type='list',), tenant_ref=dict(type='str',), third_party_sites=dict(type='list',), url=dict(type='str',), uuid=dict(type='str',), view_id=dict(type='int',), ) argument_specs.update(avi_common_argument_spec()) module = AnsibleModule( argument_spec=argument_specs, supports_check_mode=True) if not HAS_AVI: return module.fail_json(msg=( 'Avi python API SDK (avisdk>=17.1) or requests is not installed. ' 'For more details visit https://github.com/avinetworks/sdk.')) api_method = module.params['avi_api_update_method'] if str(api_method).lower() == 'patch': patch_op = module.params['avi_api_patch_op'] # Create controller session api_creds = AviCredentials() api_creds.update_from_ansible_module(module) api = ApiSession.get_session( api_creds.controller, api_creds.username, password=api_creds.password, timeout=api_creds.timeout, tenant=api_creds.tenant, tenant_uuid=api_creds.tenant_uuid, token=api_creds.token, port=api_creds.port) # Get existing gslb objects rsp = api.get('gslb', api_version=api_creds.api_version) existing_gslb = rsp.json() gslb = existing_gslb['results'] for gslb_obj in gslb: if (gslb_obj['leader_cluster_uuid'] == module.params['leader_cluster_uuid']): if str(patch_op).lower() == 'add': patch_add_gslb(module, gslb_obj) elif str(patch_op).lower() == 'replace': patch_replace_gslb(module, gslb_obj) elif str(patch_op).lower() == 'delete': patch_delete_gslb(module, gslb_obj) module.params.update(gslb_obj) module.params.pop("patch_level") module.params.update( { 'avi_api_update_method': 'put', 'state': 'present' } ) return avi_ansible_api(module, 'gslb', set([]))
def main(): argument_specs = dict(force_mode=dict(type='bool', default=True), upload=dict(required=True, type='bool'), path=dict(type='str', required=True), file_path=dict(type='str', required=True), params=dict(type='dict'), timeout=dict(type='int', default=60)) argument_specs.update(avi_common_argument_spec()) module = AnsibleModule(argument_spec=argument_specs) if not HAS_AVI: return module.fail_json( msg=('Avi python API SDK (avisdk) is not installed. ' 'For more details visit https://github.com/avinetworks/sdk.')) if not HAS_LIB: return module.fail_json( msg= 'avi_api_fileservice, requests_toolbelt is required for this module' ) api_creds = AviCredentials() api_creds.update_from_ansible_module(module) api = ApiSession.get_session(api_creds.controller, api_creds.username, password=api_creds.password, timeout=api_creds.timeout, tenant=api_creds.tenant, tenant_uuid=api_creds.tenant_uuid, token=api_creds.token, port=api_creds.port) tenant_uuid = api_creds.tenant_uuid tenant = api_creds.tenant timeout = int(module.params.get('timeout')) # path is a required argument path = 'fileservice/%s' % module.params.get('path', '') params = module.params.get('params', None) data = module.params.get('data', None) # Get the api_version from module. api_version = api_creds.api_version if data is not None: data = json.loads(data) upload = module.params['upload'] file_path = module.params['file_path'] force_mode = module.params['force_mode'] if upload: if not os.path.exists(file_path): return module.fail_json('File not found : %s' % file_path) file_name = os.path.basename(file_path) #Handle special case of upgrade controller using .pkg file which will be uploaded to upgrade_pkgs directory if file_name.lower().endswith('.pkg'): uri = 'controller://upgrade_pkgs' path = 'fileservice/uploads' else: uri = 'controller://%s' % module.params.get('path', '').split('?')[0] changed = False file_uri = 'fileservice?uri=%s' % uri rsp = api.post(file_uri, tenant=tenant, tenant_uuid=tenant_uuid, timeout=timeout) with open(file_path, "rb") as f: f_data = { "file": (file_name, f, "application/octet-stream"), "uri": uri } m = MultipartEncoder(fields=f_data) headers = {'Content-Type': m.content_type} rsp = api.post(path, data=m, headers=headers, verify=False) if rsp.status_code > 300: return module.fail_json(msg='Fail to upload file: %s' % rsp.text) else: return module.exit_json(changed=True, msg="File uploaded successfully") elif not upload: # Removing existing file. if force_mode and os.path.exists(file_path): os.remove(file_path) rsp = api.get(path, params=params, stream=True) if rsp.status_code > 300: return module.fail_json(msg='Fail to download file: %s' % rsp.text) with open(file_path, 'wb') as f: for chunk in rsp.iter_content(chunk_size=1024): if chunk: f.write(chunk) return module.exit_json(msg='File downloaded successfully', changed=True)
def main(): argument_specs = dict(http_method=dict(required=True, choices=['get', 'post']), path=dict(type='str', required=True), file_path=dict(type='str', required=True), params=dict(type='dict'), timeout=dict(type='int', default=60)) argument_specs.update(avi_common_argument_spec()) module = AnsibleModule(argument_spec=argument_specs) if not HAS_AVI: return module.fail_json( msg=('Avi python API SDK (avisdk) is not installed. ' 'For more details visit https://github.com/avinetworks/sdk.')) api_creds = AviCredentials() api_creds.update_from_ansible_module(module) api = ApiSession.get_session(api_creds.controller, api_creds.username, password=api_creds.password, timeout=api_creds.timeout, tenant=api_creds.tenant, tenant_uuid=api_creds.tenant_uuid, token=api_creds.token, port=api_creds.port) tenant_uuid = api_creds.tenant_uuid tenant = api_creds.tenant timeout = int(module.params.get('timeout')) # path is a required argument path = 'fileservice/%s' % module.params.get('path', '') params = module.params.get('params', None) data = module.params.get('data', None) # Get the api_version from module. api_version = api_creds.api_version if data is not None: data = json.loads(data) method = module.params['http_method'] file_path = module.params['file_path'] if method == 'post': if not os.path.exists(file_path): return module.fail_json('File not found : %s' % file_path) file_name = os.path.basename(file_path) uri = 'controller://%s' % module.params.get('path', '').split('?')[0] changed = False file_uri = 'fileservice?uri=%s' % uri rsp = api.post(file_uri, tenant=tenant, tenant_uuid=tenant_uuid, timeout=timeout) with open(file_path, "rb") as f: f_data = { "file": (file_name, f, "application/octet-stream"), "uri": uri } m = MultipartEncoder(fields=f_data) headers = {'Content-Type': m.content_type} rsp = api.post(path, data=m, headers=headers, verify=False) if rsp.status_code > 300: return module.fail_json(msg='Fail to upload file: %s' % rsp.text) else: return module.exit_json(changed=True, msg="File uploaded successfully") elif method == 'get': rsp = api.get(path, params=params, stream=True) if rsp.status_code > 300: return module.fail_json(msg='Fail to download file: %s' % rsp.text) with open(file_path, 'wb') as f: for chunk in rsp.iter_content(chunk_size=1024): if chunk: f.write(chunk) return module.exit_json(msg='File downloaded successfully', changed=True)
def main(): argument_specs = dict( state=dict(default='present', choices=['absent', 'present']), avi_api_update_method=dict(default='put', choices=['put', 'patch']), avi_api_patch_op=dict(choices=['add', 'replace', 'delete']), allow_mode_delegation=dict(type='bool', ), created_by=dict(type='str', ), crs_groups=dict(type='list', ), description=dict(type='str', ), enable_app_learning=dict(type='bool', ), failure_mode=dict(type='str', ), learning=dict(type='dict', ), mode=dict(type='str'), name=dict(type='str', required=True), paranoia_level=dict(type='str', ), positive_security_model=dict(type='dict', ), post_crs_groups=dict(type='list', ), pre_crs_groups=dict(type='list', ), tenant_ref=dict(type='str', ), url=dict(type='str', ), uuid=dict(type='str', ), waf_crs_ref=dict(type='str', ), waf_profile_ref=dict(type='str'), whitelist=dict(type='dict', ), base_waf_policy=dict(type='str', required=True), patch_file=dict(type='str', required=True), ) argument_specs.update(avi_common_argument_spec()) module = AnsibleModule(argument_spec=argument_specs, supports_check_mode=True) if not HAS_AVI: return module.fail_json(msg=( 'Avi python API SDK (avisdk>=17.1) or requests is not installed. ' 'For more details visit https://github.com/avinetworks/sdk.')) api_creds = AviCredentials() api_creds.update_from_ansible_module(module) api = ApiSession.get_session(api_creds.controller, api_creds.username, password=api_creds.password, timeout=api_creds.timeout, tenant=api_creds.tenant, tenant_uuid=api_creds.tenant_uuid, token=api_creds.token, port=api_creds.port, api_version=api_creds.api_version) obj_uuid = None existing_obj = api.get_object_by_name('wafpolicy', module.params.get('name'), params={"include_name": True}) if existing_obj: obj_uuid = existing_obj.pop('uuid', None) changed = False # Delete call if state is absent if module.params.get('state') == 'absent': if obj_uuid: changed = True if changed and not module.check_mode: api.delete_by_name('wafpolicy', module.params.get('name')) ansible_return(module, None, changed, existing_obj=existing_obj, api_context=api.get_context()) if not existing_obj: existing_obj = api.get_object_by_name( 'wafpolicy', module.params.get('base_waf_policy'), params={"include_name": True}) with open(module.params.get('patch_file'), "r+") as f: waf_patch = json.loads(f.read()) waf_patch.update((k, v) for k, v in module.params.items() if v and k not in waf_patch) new_obj = deepcopy(existing_obj) update_patch(new_obj, waf_patch) changed = not avi_obj_cmp(new_obj, existing_obj) if module.check_mode: ansible_return(module, None, changed, existing_obj=existing_obj, api_context=api.get_context()) rsp = None if changed: if obj_uuid: new_obj['uuid'] = obj_uuid rsp = api.put('wafpolicy/%s' % obj_uuid, data=new_obj) else: rsp = api.post('wafpolicy', data=new_obj) ansible_return(module, rsp, changed, req=new_obj)
def main(): argument_specs = dict( password=dict(type='str', required=True, no_log=True), ssh_key_pair=dict(type='str', required=True), force_mode=dict(type='bool', default=False), # Max time to wait for controller up state con_wait_time=dict(type='int', default=3600), # Retry after every rount_wait time to check for controller state. round_wait=dict(type='int', default=10), ) argument_specs.update(avi_common_argument_spec()) module = AnsibleModule(argument_spec=argument_specs) if not HAS_AVI: return module.fail_json( msg=('Avi python API SDK (avisdk) is not installed. ' 'For more details visit https://github.com/avinetworks/sdk.')) api_creds = AviCredentials() api_creds.update_from_ansible_module(module) new_password = module.params.get('password') key_pair = module.params.get('ssh_key_pair') force_mode = module.params.get('force_mode') # Wait for controller to come up for given con_wait_time controller_up = controller_wait(api_creds.controller, api_creds.port, module.params['round_wait'], module.params['con_wait_time']) if not controller_up: return module.fail_json( msg= 'Something wrong with the controller. The Controller is not in the up state.' ) if not force_mode: # Check for admin login with new password before initializing controller password. try: ApiSession.get_session(api_creds.controller, "admin", password=new_password, timeout=api_creds.timeout, tenant=api_creds.tenant, tenant_uuid=api_creds.tenant_uuid, token=api_creds.token, port=api_creds.port) module.exit_json( msg= "Already initialized controller password with a given password.", changed=False) except Exception as e: pass cmd = "ssh -o \"StrictHostKeyChecking no\" -t -i " + key_pair + " admin@" + \ api_creds.controller + " \"ls /opt/avi/scripts/initialize_admin_user.py && echo -e '" + \ api_creds.controller + "\\n" + new_password + "' | sudo /opt/avi/scripts/initialize_admin_user.py\"" process = subprocess.Popen(cmd, stderr=subprocess.PIPE, stdout=subprocess.PIPE, shell=True) stdout, stderr = process.communicate() cmd_status = process.returncode if cmd_status == 0: return module.exit_json( changed=True, msg="Successfully initialized controller with new password. " "return_code: %s output: %s error: %s" % (cmd_status, stdout, stderr)) else: return module.fail_json( msg='Fail to initialize password for controllers return_code: %s ' 'output: %s error: %s' % (cmd_status, stdout, stderr))
def main(): argument_specs = dict( state=dict(default='present', choices=['absent', 'present']), avi_api_update_method=dict(default='put', choices=['put', 'patch']), avi_api_patch_op=dict(choices=['add', 'replace', 'delete']), clear_on_max_retries=dict(type='int',), client_ip_addr_group=dict(type='dict',), description=dict(type='str',), dns_configs=dict(type='list',), gslb_sites_config=dict(type='list', ), is_federated=dict(type='bool',), leader_cluster_uuid=dict(type='str', required=True), maintenance_mode=dict(type='bool',), name=dict(type='str', required=True), send_interval=dict(type='int',), sites=dict(type='list',), tenant_ref=dict(type='str',), third_party_sites=dict(type='list',), url=dict(type='str',), uuid=dict(type='str',), view_id=dict(type='int',), ) argument_specs.update(avi_common_argument_spec()) module = AnsibleModule( argument_spec=argument_specs, supports_check_mode=True) if not HAS_AVI: return module.fail_json(msg=( 'Avi python API SDK (avisdk>=17.1) is not installed. ' 'For more details visit https://github.com/avinetworks/sdk.')) api_method = module.params['avi_api_update_method'] if str(api_method).lower() == "patch": # Create controller session api_creds = AviCredentials() api_creds.update_from_ansible_module(module) api = ApiSession.get_session( api_creds.controller, api_creds.username, password=api_creds.password, timeout=api_creds.timeout, tenant=api_creds.tenant, tenant_uuid=api_creds.tenant_uuid, token=api_creds.token, port=api_creds.port) # Get existing gslb objects rsp = api.get('gslb', api_version=api_creds.api_version) existing_gslb = rsp.json() gslb = existing_gslb['results'] sites = module.params['gslb_sites_config'] state = module.params['state'] for gslb_obj in gslb: for site_obj in gslb_obj['sites']: for obj in sites: config_for = obj.get('ip_addr', None) if not config_for: return module.fail_json(msg=( "ip_addr of site in a configuration is mandatory. " "Please provide ip_addr i.e. gslb site's ip.")) if config_for == site_obj['ip_addresses'][0]['addr']: if state == 'absent': site_obj['dns_vses'] = [] else: # Modify existing gslb sites object for key, val in obj.iteritems(): site_obj[key] = val module.params.update(gslb_obj) module.params.update( { 'avi_api_update_method': 'put', 'state': 'present' } ) return avi_ansible_api(module, 'gslb', set([]))