예제 #1
0
    def check_params(self):
        """Check all input params"""

        # check session_name
        if not self.session_name:
            self.module.fail_json(msg="Error: Missing required arguments: session_name.")

        if self.session_name:
            if len(self.session_name) < 1 or len(self.session_name) > 15:
                self.module.fail_json(msg="Error: Session name is invalid.")

        # check local_discr
        # check remote_discr

        if self.local_discr:
            if self.local_discr < 1 or self.local_discr > 16384:
                self.module.fail_json(msg="Error: Session local_discr is not ranges from 1 to 16384.")
        if self.remote_discr:
            if self.remote_discr < 1 or self.remote_discr > 4294967295:
                self.module.fail_json(msg="Error: Session remote_discr is not ranges from 1 to 4294967295.")

        if self.state == "present" and self.create_type == "static":
            if not self.local_discr:
                self.module.fail_json(msg="Error: Missing required arguments: local_discr.")
            if not self.remote_discr:
                self.module.fail_json(msg="Error: Missing required arguments: remote_discr.")

        # check out_if_name
        if self.out_if_name:
            if not get_interface_type(self.out_if_name):
                self.module.fail_json(msg="Error: Session out_if_name is invalid.")

        # check dest_addr
        if self.dest_addr:
            if not check_ip_addr(self.dest_addr):
                self.module.fail_json(msg="Error: Session dest_addr is invalid.")

        # check src_addr
        if self.src_addr:
            if not check_ip_addr(self.src_addr):
                self.module.fail_json(msg="Error: Session src_addr is invalid.")

        # check vrf_name
        if self.vrf_name:
            if not is_valid_ip_vpn(self.vrf_name):
                self.module.fail_json(msg="Error: Session vrf_name is invalid.")
            if not self.dest_addr:
                self.module.fail_json(msg="Error: vrf_name and dest_addr must set at the same time.")

        # check use_default_ip
        if self.use_default_ip and not self.out_if_name:
            self.module.fail_json(msg="Error: use_default_ip and out_if_name must set at the same time.")
예제 #2
0
def check_default_ip(ipaddr):
    """check the default multicast IP address"""

    # The value ranges from 224.0.0.107 to 224.0.0.250
    if not check_ip_addr(ipaddr):
        return False

    if ipaddr.count(".") != 3:
        return False

    ips = ipaddr.split(".")
    if ips[0] != "224" or ips[1] != "0" or ips[2] != "0":
        return False

    if not ips[3].isdigit() or int(ips[3]) < 107 or int(ips[3]) > 250:
        return False

    return True
예제 #3
0
    def check_base_rule_args(self):
        """ Check base rule invalid args """

        need_cfg = False
        find_flag = False
        self.cur_base_rule_cfg["base_rule_info"] = []

        if self.acl_name:

            if self.state == "absent":
                if not self.rule_name:
                    self.module.fail_json(
                        msg='Error: Please input rule_name when state is absent.')

            # config rule
            if self.rule_name:
                if len(self.rule_name) < 1 or len(self.rule_name) > 32:
                    self.module.fail_json(
                        msg='Error: The len of rule_name is out of [1 - 32].')

                if self.state != "delete_acl" and not self.rule_id:
                    self.module.fail_json(
                        msg='Error: Please input rule_id.')

                if self.rule_id:
                    if self.rule_id.isdigit():
                        if int(self.rule_id) < 0 or int(self.rule_id) > 4294967294:
                            self.module.fail_json(
                                msg='Error: The value of rule_id is out of [0 - 4294967294].')
                    else:
                        self.module.fail_json(
                            msg='Error: The rule_id is not digit.')

                if self.source_ip:
                    if not check_ip_addr(self.source_ip):
                        self.module.fail_json(
                            msg='Error: The source_ip %s is invalid.' % self.source_ip)
                    if not self.src_mask:
                        self.module.fail_json(
                            msg='Error: Please input src_mask.')

                if self.src_mask:
                    if self.src_mask.isdigit():
                        if int(self.src_mask) < 1 or int(self.src_mask) > 32:
                            self.module.fail_json(
                                msg='Error: The src_mask is out of [1 - 32].')
                        self.src_wild = self.get_wildcard_mask()
                    else:
                        self.module.fail_json(
                            msg='Error: The src_mask is not digit.')

                if self.vrf_name:
                    if len(self.vrf_name) < 1 or len(self.vrf_name) > 31:
                        self.module.fail_json(
                            msg='Error: The len of vrf_name is out of [1 - 31].')

                if self.time_range:
                    if len(self.time_range) < 1 or len(self.time_range) > 32:
                        self.module.fail_json(
                            msg='Error: The len of time_range is out of [1 - 32].')

                if self.rule_description:
                    if len(self.rule_description) < 1 or len(self.rule_description) > 127:
                        self.module.fail_json(
                            msg='Error: The len of rule_description is out of [1 - 127].')

                    if self.state != "delete_acl" and not self.rule_id:
                        self.module.fail_json(
                            msg='Error: Please input rule_id.')

                conf_str = CE_GET_ACL_BASE_RULE_HEADER % self.acl_name

                if self.rule_id:
                    conf_str += "<aclRuleID></aclRuleID>"
                if self.rule_action:
                    conf_str += "<aclAction></aclAction>"
                if self.source_ip:
                    conf_str += "<aclSourceIp></aclSourceIp>"
                if self.src_wild:
                    conf_str += "<aclSrcWild></aclSrcWild>"
                if self.frag_type:
                    conf_str += "<aclFragType></aclFragType>"
                if self.vrf_name:
                    conf_str += "<vrfName></vrfName>"
                if self.time_range:
                    conf_str += "<aclTimeName></aclTimeName>"
                if self.rule_description:
                    conf_str += "<aclRuleDescription></aclRuleDescription>"
                conf_str += "<aclLogFlag></aclLogFlag>"

                conf_str += CE_GET_ACL_BASE_RULE_TAIL
                recv_xml = self.netconf_get_config(conf_str=conf_str)

                if "<data/>" in recv_xml:
                    find_flag = False

                else:
                    xml_str = recv_xml.replace('\r', '').replace('\n', '').\
                        replace('xmlns="urn:ietf:params:xml:ns:netconf:base:1.0"', "").\
                        replace('xmlns="http://www.huawei.com/netconf/vrp"', "")

                    root = ElementTree.fromstring(xml_str)

                    # parse base rule
                    base_rule_info = root.findall(
                        "acl/aclGroups/aclGroup/aclRuleBas4s/aclRuleBas4")
                    if base_rule_info:
                        for tmp in base_rule_info:
                            tmp_dict = dict()
                            for site in tmp:
                                if site.tag in ["aclRuleName", "aclRuleID", "aclAction", "aclSourceIp", "aclSrcWild",
                                                "aclFragType", "vrfName", "aclTimeName", "aclRuleDescription",
                                                "aclLogFlag"]:
                                    tmp_dict[site.tag] = site.text

                            self.cur_base_rule_cfg[
                                "base_rule_info"].append(tmp_dict)

                    if self.cur_base_rule_cfg["base_rule_info"]:
                        for tmp in self.cur_base_rule_cfg["base_rule_info"]:
                            find_flag = True

                            if self.rule_name and tmp.get("aclRuleName") != self.rule_name:
                                find_flag = False
                            if self.rule_id and tmp.get("aclRuleID") != self.rule_id:
                                find_flag = False
                            if self.rule_action and tmp.get("aclAction") != self.rule_action:
                                find_flag = False
                            if self.source_ip:
                                tmp_src_ip = self.source_ip.split(".")
                                tmp_src_wild = self.src_wild.split(".")
                                tmp_addr_item = []
                                for idx in range(4):
                                    item1 = 255 - int(tmp_src_wild[idx])
                                    item2 = item1 & int(tmp_src_ip[idx])
                                    tmp_addr_item.append(item2)
                                tmp_addr = "%s.%s.%s.%s" % (tmp_addr_item[0], tmp_addr_item[1],
                                                            tmp_addr_item[2], tmp_addr_item[3])
                                if tmp_addr != tmp.get("aclSourceIp"):
                                    find_flag = False
                            if self.src_wild and tmp.get("aclSrcWild") != self.src_wild:
                                find_flag = False
                            frag_type = "clear_fragment" if tmp.get("aclFragType") is None else tmp.get("aclFragType")
                            if self.frag_type and frag_type != self.frag_type:
                                find_flag = False
                            if self.vrf_name and tmp.get("vrfName") != self.vrf_name:
                                find_flag = False
                            if self.time_range and tmp.get("aclTimeName") != self.time_range:
                                find_flag = False
                            if self.rule_description and tmp.get("aclRuleDescription") != self.rule_description:
                                find_flag = False
                            if tmp.get("aclLogFlag") != str(self.log_flag).lower():
                                find_flag = False

                            if find_flag:
                                break
                    else:
                        find_flag = False

                if self.state == "present":
                    need_cfg = bool(not find_flag)
                elif self.state == "absent":
                    need_cfg = bool(find_flag)
                else:
                    need_cfg = False

        self.cur_base_rule_cfg["need_cfg"] = need_cfg
예제 #4
0
    def check_netconf_args(self, result):
        """ Check invalid netconf args """

        need_cfg = True
        same_flag = True
        delete_flag = False
        result["target_host_info"] = []

        if self.host_name:

            if len(self.host_name) > 32 or len(self.host_name) < 1:
                self.module.fail_json(
                    msg='Error: The len of host_name is out of [1 - 32].')

            if self.vpn_name and self.is_public_net != 'no_use':
                if self.is_public_net == "true":
                    self.module.fail_json(
                        msg=
                        'Error: Do not support vpn_name and is_public_net at the same time.'
                    )

            conf_str = CE_GET_SNMP_TARGET_HOST_HEADER

            if self.domain:
                conf_str += "<domain></domain>"

            if self.address:
                if not check_ip_addr(ipaddr=self.address):
                    self.module.fail_json(
                        msg='Error: The host address [%s] is invalid.' %
                        self.address)
                conf_str += "<address></address>"

            if self.notify_type:
                conf_str += "<notifyType></notifyType>"

            if self.vpn_name:
                if len(self.vpn_name) > 31 or len(self.vpn_name) < 1:
                    self.module.fail_json(
                        msg='Error: The len of vpn_name is out of [1 - 31].')
                conf_str += "<vpnInstanceName></vpnInstanceName>"

            if self.recv_port:
                if int(self.recv_port) > 65535 or int(self.recv_port) < 0:
                    self.module.fail_json(
                        msg=
                        'Error: The value of recv_port is out of [0 - 65535].')
                conf_str += "<portNumber></portNumber>"

            if self.security_model:
                conf_str += "<securityModel></securityModel>"

            if self.security_name:
                if len(self.security_name) > 32 or len(self.security_name) < 1:
                    self.module.fail_json(
                        msg=
                        'Error: The len of security_name is out of [1 - 32].')
                conf_str += "<securityName></securityName>"

            if self.security_name_v3:
                if len(self.security_name_v3) > 32 or len(
                        self.security_name_v3) < 1:
                    self.module.fail_json(
                        msg=
                        'Error: The len of security_name_v3 is out of [1 - 32].'
                    )
                conf_str += "<securityNameV3></securityNameV3>"

            if self.security_level:
                conf_str += "<securityLevel></securityLevel>"

            if self.is_public_net != 'no_use':
                conf_str += "<isPublicNet></isPublicNet>"

            if self.interface_name:
                if len(self.interface_name) > 63 or len(
                        self.interface_name) < 1:
                    self.module.fail_json(
                        msg=
                        'Error: The len of interface_name is out of [1 - 63].')

                find_flag = False
                for item in INTERFACE_TYPE:
                    if item in self.interface_name.lower():
                        find_flag = True
                        break
                if not find_flag:
                    self.module.fail_json(
                        msg='Error: Please input full name of interface_name.')

                conf_str += "<interface-name></interface-name>"

            conf_str += CE_GET_SNMP_TARGET_HOST_TAIL
            recv_xml = self.netconf_get_config(conf_str=conf_str)

            if "<data/>" in recv_xml:
                if self.state == "present":
                    same_flag = False
                else:
                    delete_flag = False
            else:
                xml_str = recv_xml.replace('\r', '').replace('\n', '').\
                    replace('xmlns="urn:ietf:params:xml:ns:netconf:base:1.0"', "").\
                    replace('xmlns="http://www.huawei.com/netconf/vrp"', "")

                root = ElementTree.fromstring(xml_str)
                target_host_info = root.findall("snmp/targetHosts/targetHost")
                if target_host_info:
                    for tmp in target_host_info:
                        tmp_dict = dict()
                        for site in tmp:
                            if site.tag in [
                                    "nmsName", "domain", "address",
                                    "notifyType", "vpnInstanceName",
                                    "portNumber", "securityModel",
                                    "securityName", "securityNameV3",
                                    "securityLevel", "isPublicNet",
                                    "interface-name"
                            ]:
                                tmp_dict[site.tag] = site.text

                        result["target_host_info"].append(tmp_dict)

                if result["target_host_info"]:
                    for tmp in result["target_host_info"]:

                        same_flag = True

                        if "nmsName" in tmp.keys():
                            if tmp["nmsName"] != self.host_name:
                                same_flag = False
                            else:
                                delete_flag = True

                        if "domain" in tmp.keys():
                            if tmp["domain"] != self.domain:
                                same_flag = False

                        if "address" in tmp.keys():
                            if tmp["address"] != self.address:
                                same_flag = False

                        if "notifyType" in tmp.keys():
                            if tmp["notifyType"] != self.notify_type:
                                same_flag = False

                        if "vpnInstanceName" in tmp.keys():
                            if tmp["vpnInstanceName"] != self.vpn_name:
                                same_flag = False

                        if "portNumber" in tmp.keys():
                            if tmp["portNumber"] != self.recv_port:
                                same_flag = False

                        if "securityModel" in tmp.keys():
                            if tmp["securityModel"] != self.security_model:
                                same_flag = False

                        if "securityName" in tmp.keys():
                            if tmp["securityName"] != self.security_name:
                                same_flag = False

                        if "securityNameV3" in tmp.keys():
                            if tmp["securityNameV3"] != self.security_name_v3:
                                same_flag = False

                        if "securityLevel" in tmp.keys():
                            if tmp["securityLevel"] != self.security_level:
                                same_flag = False

                        if "isPublicNet" in tmp.keys():
                            if tmp["isPublicNet"] != self.is_public_net:
                                same_flag = False

                        if "interface-name" in tmp.keys():
                            if tmp.get("interface-name") is not None:
                                if tmp["interface-name"].lower(
                                ) != self.interface_name.lower():
                                    same_flag = False
                            else:
                                same_flag = False

                        if same_flag:
                            break

        if self.state == "present":
            need_cfg = True
            if same_flag:
                need_cfg = False
        else:
            need_cfg = False
            if delete_flag:
                need_cfg = True

        result["need_cfg"] = need_cfg
예제 #5
0
파일: ce_sflow.py 프로젝트: nasirhm/general
    def check_params(self):
        """Check all input params"""

        # check agent_ip
        if self.agent_ip:
            self.agent_ip = self.agent_ip.upper()
            if not check_ip_addr(self.agent_ip):
                self.module.fail_json(msg="Error: agent_ip is invalid.")

        # check source_ip
        if self.source_ip:
            self.source_ip = self.source_ip.upper()
            if not check_ip_addr(self.source_ip):
                self.module.fail_json(msg="Error: source_ip is invalid.")

        # check collector
        if self.collector_id:
            # check collector_ip and collector_ip_vpn
            if self.collector_ip:
                self.collector_ip = self.collector_ip.upper()
                if not check_ip_addr(self.collector_ip):
                    self.module.fail_json(
                        msg="Error: collector_ip is invalid.")
                if self.collector_ip_vpn and not is_valid_ip_vpn(
                        self.collector_ip_vpn):
                    self.module.fail_json(
                        msg="Error: collector_ip_vpn is invalid.")

            # check collector_datagram_size ranges from 1024 to 8100
            if self.collector_datagram_size:
                if not self.collector_datagram_size.isdigit():
                    self.module.fail_json(
                        msg="Error: collector_datagram_size is not digit.")
                if int(self.collector_datagram_size) < 1024 or int(
                        self.collector_datagram_size) > 8100:
                    self.module.fail_json(
                        msg=
                        "Error: collector_datagram_size is not ranges from 1024 to 8100."
                    )

            # check collector_udp_port ranges from 1 to 65535
            if self.collector_udp_port:
                if not self.collector_udp_port.isdigit():
                    self.module.fail_json(
                        msg="Error: collector_udp_port is not digit.")
                if int(self.collector_udp_port) < 1 or int(
                        self.collector_udp_port) > 65535:
                    self.module.fail_json(
                        msg=
                        "Error: collector_udp_port is not ranges from 1 to 65535."
                    )

            # check collector_description 1 to 255 case-sensitive characters
            if self.collector_description:
                if self.collector_description.count(" "):
                    self.module.fail_json(
                        msg=
                        "Error: collector_description should without spaces.")
                if len(self.collector_description) < 1 or len(
                        self.collector_description) > 255:
                    self.module.fail_json(
                        msg=
                        "Error: collector_description is not ranges from 1 to 255."
                    )

        # check sflow_interface
        if self.sflow_interface:
            intf_type = get_interface_type(self.sflow_interface)
            if not intf_type:
                self.module.fail_json(msg="Error: intf_type is invalid.")
            if intf_type not in [
                    'ge', '10ge', '25ge', '4x10ge', '40ge', '100ge',
                    'eth-trunk'
            ]:
                self.module.fail_json(
                    msg="Error: interface %s is not support sFlow." %
                    self.sflow_interface)

            # check sample_collector
            if self.sample_collector:
                self.sample_collector.sort()
                if self.sample_collector not in [["1"], ["2"], ["1", "2"]]:
                    self.module.fail_json(
                        msg="Error: sample_collector is invalid.")

            # check sample_rate ranges from 1 to 4294967295
            if self.sample_rate:
                if not self.sample_rate.isdigit():
                    self.module.fail_json(
                        msg="Error: sample_rate is not digit.")
                if int(self.sample_rate) < 1 or int(
                        self.sample_rate) > 4294967295:
                    self.module.fail_json(
                        msg=
                        "Error: sample_rate is not ranges from 1 to 4294967295."
                    )

            # check sample_length ranges from 18 to 512
            if self.sample_length:
                if not self.sample_length.isdigit():
                    self.module.fail_json(
                        msg="Error: sample_rate is not digit.")
                if int(self.sample_length) < 18 or int(
                        self.sample_length) > 512:
                    self.module.fail_json(
                        msg="Error: sample_length is not ranges from 18 to 512."
                    )

            # check counter_collector
            if self.counter_collector:
                self.counter_collector.sort()
                if self.counter_collector not in [["1"], ["2"], ["1", "2"]]:
                    self.module.fail_json(
                        msg="Error: counter_collector is invalid.")

            # counter_interval ranges from 10 to 4294967295
            if self.counter_interval:
                if not self.counter_interval.isdigit():
                    self.module.fail_json(
                        msg="Error: counter_interval is not digit.")
                if int(self.counter_interval) < 10 or int(
                        self.counter_interval) > 4294967295:
                    self.module.fail_json(
                        msg=
                        "Error: sample_length is not ranges from 10 to 4294967295."
                    )

        if self.rate_limit or self.rate_limit_slot or self.forward_enp_slot:
            self.module.fail_json(
                msg="Error: The following parameters cannot be configured"
                "because XML mode is not supported:rate_limit,rate_limit_slot,forward_enp_slot."
            )