def module():
argument_spec = meraki_argument_spec()
set_module_args({
'auth_key': 'abc123',
})
module = AnsibleModule(argument_spec=argument_spec,
supports_check_mode=False)
return MerakiModule(module)
def main():
# define the available arguments/parameters that a user can pass to
# the module
argument_spec = meraki_argument_spec()
argument_spec.update(
net_id=dict(type='str'),
net_name=dict(type='str', aliases=['network']),
state=dict(type='str', default='present', choices=['query',
'present']),
service=dict(type='str', default=None, choices=['ICMP', 'SNMP',
'web']),
access=dict(type='str',
choices=['blocked', 'restricted', 'unrestricted']),
allowed_ips=dict(type='list', elements='str'),
)
mutually_exclusive = [('net_name', 'net_id')]
# the AnsibleModule object will be our abstraction working with Ansible
# this includes instantiation, a couple of common attr would be the
# args/params passed to the execution, as well as if the module
# supports check mode
module = AnsibleModule(argument_spec=argument_spec,
supports_check_mode=True,
mutually_exclusive=mutually_exclusive)
meraki = MerakiModule(module, function='firewalled_services')
module.params['follow_redirects'] = 'all'
net_services_urls = {
'firewalled_services': '/networks/{net_id}/firewalledServices'
}
services_urls = {
'firewalled_services':
'/networks/{net_id}/firewalledServices/{service}'
}
meraki.url_catalog['network_services'] = net_services_urls
meraki.url_catalog['service'] = services_urls
# manipulate or modify the state as needed (this is going to be the
# part where your module will do what it needs to do)
org_id = meraki.params['org_id']
if not org_id:
org_id = meraki.get_org_id(meraki.params['org_name'])
net_id = meraki.params['net_id']
if net_id is None:
nets = meraki.get_nets(org_id=org_id)
net_id = meraki.get_net_id(org_id,
meraki.params['net_name'],
data=nets)
if meraki.params['state'] == 'present':
if meraki.params['access'] != 'restricted' and meraki.params[
'allowed_ips'] is not None:
meraki.fail_json(
msg="allowed_ips is only allowed when access is restricted.")
payload = {'access': meraki.params['access']}
if meraki.params['access'] == 'restricted':
payload['allowedIps'] = meraki.params['allowed_ips']
if meraki.params['state'] == 'query':
if meraki.params['service'] is None:
path = meraki.construct_path('network_services', net_id=net_id)
response = meraki.request(path, method='GET')
meraki.result['data'] = response
meraki.exit_json(**meraki.result)
else:
path = meraki.construct_path(
'service',
net_id=net_id,
custom={'service': meraki.params['service']})
response = meraki.request(path, method='GET')
meraki.result['data'] = response
meraki.exit_json(**meraki.result)
elif meraki.params['state'] == 'present':
path = meraki.construct_path(
'service',
net_id=net_id,
custom={'service': meraki.params['service']})
original = meraki.request(path, method='GET')
if meraki.is_update_required(original,
payload,
optional_ignore=['service']):
if meraki.check_mode is True:
diff_payload = {
'service': meraki.params['service']
} # Need to add service as it's not in payload
diff_payload.update(payload)
meraki.generate_diff(original, diff_payload)
original.update(payload)
meraki.result['data'] = original
meraki.result['changed'] = True
meraki.exit_json(**meraki.result)
path = meraki.construct_path(
'service',
net_id=net_id,
custom={'service': meraki.params['service']})
response = meraki.request(path,
method='PUT',
payload=json.dumps(payload))
if meraki.status == 200:
meraki.generate_diff(original, response)
meraki.result['data'] = response
meraki.result['changed'] = True
else:
meraki.result['data'] = original
# in the event of a successful module execution, you will want to
# simple AnsibleModule.exit_json(), passing the key/value results
meraki.exit_json(**meraki.result)
def main():
# define the available arguments/parameters that a user can pass to
# the module
ospf_arg_spec = dict(
area=dict(type='str'),
cost=dict(type='int'),
is_passive_enabled=dict(type='bool'),
)
argument_spec = meraki_argument_spec()
argument_spec.update(
state=dict(type='str',
choices=['present', 'query', 'absent'],
default='present'),
serial=dict(type='str'),
name=dict(type='str'),
subnet=dict(type='str'),
interface_id=dict(type='str'),
interface_ip=dict(type='str'),
multicast_routing=dict(
type='str',
choices=['disabled', 'enabled', 'IGMP snooping querier']),
vlan_id=dict(type='int'),
default_gateway=dict(type='str'),
ospf_settings=dict(type='dict', default=None, options=ospf_arg_spec),
)
# the AnsibleModule object will be our abstraction working with Ansible
# this includes instantiation, a couple of common attr would be the
# args/params passed to the execution, as well as if the module
# supports check mode
module = AnsibleModule(
argument_spec=argument_spec,
supports_check_mode=True,
)
meraki = MerakiModule(module, function='ms_l3_interfaces')
meraki.params['follow_redirects'] = 'all'
query_urls = {
'ms_l3_interfaces': '/devices/{serial}/switch/routing/interfaces'
}
query_one_urls = {
'ms_l3_interfaces': '/devices/{serial}/switch/routing/interfaces'
}
create_urls = {
'ms_l3_interfaces': '/devices/{serial}/switch/routing/interfaces'
}
update_urls = {
'ms_l3_interfaces':
'/devices/{serial}/switch/routing/interfaces/{interface_id}'
}
delete_urls = {
'ms_l3_interfaces':
'/devices/{serial}/switch/routing/interfaces/{interface_id}'
}
meraki.url_catalog['get_all'].update(query_urls)
meraki.url_catalog['get_one'].update(query_one_urls)
meraki.url_catalog['create'] = create_urls
meraki.url_catalog['update'] = update_urls
meraki.url_catalog['delete'] = delete_urls
payload = None
if meraki.params['vlan_id'] is not None:
if meraki.params['vlan_id'] < 1 or meraki.params['vlan_id'] > 4094:
meraki.fail_json(msg='vlan_id must be between 1 and 4094')
interface_id = meraki.params['interface_id']
interfaces = None
if interface_id is None:
if meraki.params['name'] is not None:
path = meraki.construct_path(
'get_all', custom={'serial': meraki.params['serial']})
interfaces = meraki.request(path, method='GET')
interface_id = get_interface_id(meraki, interfaces,
meraki.params['name'])
# manipulate or modify the state as needed (this is going to be the
# part where your module will do what it needs to do)
if meraki.params['state'] == 'query':
if interface_id is not None: # Query one interface
path = meraki.construct_path('get_one',
custom={
'serial': meraki.params['serial'],
'interface_id': interface_id
})
response = meraki.request(path, method='GET')
meraki.result['data'] = response
meraki.exit_json(**meraki.result)
else: # Query all interfaces
path = meraki.construct_path(
'get_all', custom={'serial': meraki.params['serial']})
response = meraki.request(path, method='GET')
meraki.result['data'] = response
meraki.exit_json(**meraki.result)
elif meraki.params['state'] == 'present':
if interface_id is None: # Create a new interface
payload = construct_payload(meraki)
if meraki.check_mode is True:
meraki.result['data'] = payload
meraki.result['changed'] = True
meraki.exit_json(**meraki.result)
path = meraki.construct_path(
'create', custom={'serial': meraki.params['serial']})
response = meraki.request(path,
method='POST',
payload=json.dumps(payload))
meraki.result['data'] = response
meraki.result['changed'] = True
meraki.exit_json(**meraki.result)
else:
if interfaces is None:
path = meraki.construct_path(
'get_all', custom={'serial': meraki.params['serial']})
interfaces = meraki.request(path, method='GET')
payload = construct_payload(meraki)
interface = get_interface(interfaces, interface_id)
if meraki.is_update_required(interface, payload):
if meraki.check_mode is True:
interface.update(payload)
meraki.result['data'] = interface
meraki.result['changed'] = True
meraki.exit_json(**meraki.result)
path = meraki.construct_path('update',
custom={
'serial':
meraki.params['serial'],
'interface_id': interface_id
})
response = meraki.request(path,
method='PUT',
payload=json.dumps(payload))
meraki.result['data'] = response
meraki.result['changed'] = True
meraki.exit_json(**meraki.result)
else:
meraki.result['data'] = interface
meraki.exit_json(**meraki.result)
elif meraki.params['state'] == 'absent':
if meraki.check_mode is True:
meraki.result['data'] = {}
meraki.result['changed'] = True
meraki.exit_json(**meraki.result)
path = meraki.construct_path('delete',
custom={
'serial':
meraki.params['serial'],
'interface_id':
meraki.params['interface_id']
})
response = meraki.request(path, method='DELETE')
meraki.result['data'] = response
meraki.result['changed'] = True
# in the event of a successful module execution, you will want to
# simple AnsibleModule.exit_json(), passing the key/value results
meraki.exit_json(**meraki.result)
def main():
# define the available arguments/parameters that a user can pass to
# the module
fw_rules = dict(
policy=dict(type='str', choices=['allow', 'deny']),
protocol=dict(type='str', choices=['tcp', 'udp', 'icmp', 'any']),
dest_port=dict(type='str'),
dest_cidr=dict(type='str'),
src_port=dict(type='str'),
src_cidr=dict(type='str'),
comment=dict(type='str'),
syslog_enabled=dict(type='bool', default=False),
)
argument_spec = meraki_argument_spec()
argument_spec.update(
state=dict(type='str', choices=['present', 'query'],
default='present'),
net_name=dict(type='str'),
net_id=dict(type='str'),
rules=dict(type='list',
default=None,
elements='dict',
options=fw_rules),
syslog_default_rule=dict(type='bool'),
)
# the AnsibleModule object will be our abstraction working with Ansible
# this includes instantiation, a couple of common attr would be the
# args/params passed to the execution, as well as if the module
# supports check mode
module = AnsibleModule(
argument_spec=argument_spec,
supports_check_mode=True,
)
meraki = MerakiModule(module, function='mx_l3_firewall')
meraki.params['follow_redirects'] = 'all'
query_urls = {'mx_l3_firewall': '/networks/{net_id}/l3FirewallRules/'}
update_urls = {'mx_l3_firewall': '/networks/{net_id}/l3FirewallRules/'}
meraki.url_catalog['get_all'].update(query_urls)
meraki.url_catalog['update'] = update_urls
payload = None
# execute checks for argument completeness
# manipulate or modify the state as needed (this is going to be the
# part where your module will do what it needs to do)
org_id = meraki.params['org_id']
if org_id is None:
orgs = meraki.get_orgs()
for org in orgs:
if org['name'] == meraki.params['org_name']:
org_id = org['id']
net_id = meraki.params['net_id']
if net_id is None:
net_id = meraki.get_net_id(net_name=meraki.params['net_name'],
data=meraki.get_nets(org_id=org_id))
if meraki.params['state'] == 'query':
meraki.result['data'] = get_rules(meraki, net_id)
elif meraki.params['state'] == 'present':
rules = get_rules(meraki, net_id)
path = meraki.construct_path('get_all', net_id=net_id)
if meraki.params['rules'] is not None:
payload = assemble_payload(meraki)
else:
payload = dict()
update = False
if meraki.params['syslog_default_rule'] is not None:
payload['syslogDefaultRule'] = meraki.params['syslog_default_rule']
try:
if meraki.params['rules'] is not None:
if len(rules) - 1 != len(
payload['rules']
): # Quick and simple check to avoid more processing
update = True
if meraki.params['syslog_default_rule'] is not None:
if rules[len(rules) - 1]['syslogEnabled'] != meraki.params[
'syslog_default_rule']:
update = True
if update is False:
default_rule = rules[len(rules) - 1].copy()
del rules[len(rules) - 1] # Remove default rule for comparison
if len(rules) - 1 == 0:
normalize_case(rules[0])
normalize_case(payload['rules'][0])
# meraki.fail_json(msg='Compare', original=rules, payload=payload)
if meraki.is_update_required(rules[0],
payload['rules'][0]) is True:
update = True
else:
for r in range(len(rules) - 1):
normalize_case(rules[r])
normalize_case(payload['rules'][r])
# meraki.fail_json(msg='Full Compare', original=rules, payload=payload)
if meraki.is_update_required(
rules[r], payload['rules'][r]) is True:
update = True
rules.append(default_rule)
except KeyError:
pass
if update is True:
if meraki.check_mode is True:
if meraki.params['rules'] is not None:
data = payload['rules']
data.append(rules[len(rules) -
1]) # Append the default rule
if meraki.params['syslog_default_rule'] is not None:
data[len(payload) -
1]['syslog_enabled'] = meraki.params[
'syslog_default_rule']
else:
if meraki.params['syslog_default_rule'] is not None:
data = rules
data[len(data) - 1]['syslogEnabled'] = meraki.params[
'syslog_default_rule']
meraki.result['data'] = data
meraki.result['changed'] = True
meraki.exit_json(**meraki.result)
response = meraki.request(path,
method='PUT',
payload=json.dumps(payload))
if meraki.status == 200:
meraki.result['data'] = response
meraki.result['changed'] = True
else:
meraki.result['data'] = rules
# in the event of a successful module execution, you will want to
# simple AnsibleModule.exit_json(), passing the key/value results
meraki.exit_json(**meraki.result)
def main():
# define the available arguments/parameters that a user can pass to
# the module
argument_spec = meraki_argument_spec()
argument_spec.update(
net_id=dict(type='str'),
net_name=dict(type='str', aliases=['network']),
state=dict(type='str', default='present', choices=['present', 'query']),
allowed_urls=dict(type='list', elements='str'),
blocked_urls=dict(type='list', elements='str'),
blocked_categories=dict(type='list', elements='str'),
category_list_size=dict(type='str', choices=['top sites', 'full list']),
subset=dict(type='str', choices=['categories', 'policy']),
)
# the AnsibleModule object will be our abstraction working with Ansible
# this includes instantiation, a couple of common attr would be the
# args/params passed to the execution, as well as if the module
# supports check mode
module = AnsibleModule(argument_spec=argument_spec,
supports_check_mode=True,
)
meraki = MerakiModule(module, function='content_filtering')
module.params['follow_redirects'] = 'all'
category_urls = {'content_filtering': '/networks/{net_id}/contentFiltering/categories'}
policy_urls = {'content_filtering': '/networks/{net_id}/contentFiltering'}
meraki.url_catalog['categories'] = category_urls
meraki.url_catalog['policy'] = policy_urls
if meraki.params['net_name'] and meraki.params['net_id']:
meraki.fail_json(msg='net_name and net_id are mutually exclusive')
# manipulate or modify the state as needed (this is going to be the
# part where your module will do what it needs to do)
org_id = meraki.params['org_id']
if not org_id:
org_id = meraki.get_org_id(meraki.params['org_name'])
net_id = None
if net_id is None:
nets = meraki.get_nets(org_id=org_id)
net_id = meraki.get_net_id(org_id, meraki.params['net_name'], data=nets)
if meraki.params['state'] == 'query':
if meraki.params['subset']:
if meraki.params['subset'] == 'categories':
path = meraki.construct_path('categories', net_id=net_id)
elif meraki.params['subset'] == 'policy':
path = meraki.construct_path('policy', net_id=net_id)
meraki.result['data'] = meraki.request(path, method='GET')
else:
response_data = {'categories': None,
'policy': None,
}
path = meraki.construct_path('categories', net_id=net_id)
response_data['categories'] = meraki.request(path, method='GET')
path = meraki.construct_path('policy', net_id=net_id)
response_data['policy'] = meraki.request(path, method='GET')
meraki.result['data'] = response_data
if module.params['state'] == 'present':
payload = dict()
if meraki.params['allowed_urls']:
payload['allowedUrlPatterns'] = meraki.params['allowed_urls']
if meraki.params['blocked_urls']:
payload['blockedUrlPatterns'] = meraki.params['blocked_urls']
if meraki.params['blocked_categories']:
if len(meraki.params['blocked_categories']) == 0: # Corner case for resetting
payload['blockedUrlCategories'] = []
else:
category_path = meraki.construct_path('categories', net_id=net_id)
categories = meraki.request(category_path, method='GET')
payload['blockedUrlCategories'] = []
for category in meraki.params['blocked_categories']:
payload['blockedUrlCategories'].append(get_category_dict(meraki,
categories,
category))
if meraki.params['category_list_size']:
if meraki.params['category_list_size'].lower() == 'top sites':
payload['urlCategoryListSize'] = "topSites"
elif meraki.params['category_list_size'].lower() == 'full list':
payload['urlCategoryListSize'] = "fullList"
path = meraki.construct_path('policy', net_id=net_id)
current = meraki.request(path, method='GET')
proposed = current.copy()
proposed.update(payload)
if meraki.is_update_required(current, payload) is True:
if module.check_mode:
meraki.generate_diff(current, payload)
current.update(payload)
meraki.result['changed'] = True
meraki.result['data'] = current
meraki.exit_json(**meraki.result)
response = meraki.request(path, method='PUT', payload=json.dumps(payload))
meraki.result['data'] = response
meraki.result['changed'] = True
meraki.generate_diff(current, response)
else:
meraki.result['data'] = current
if module.check_mode:
meraki.result['data'] = current
meraki.exit_json(**meraki.result)
meraki.result['data'] = current
meraki.exit_json(**meraki.result)
# in the event of a successful module execution, you will want to
# simple AnsibleModule.exit_json(), passing the key/value results
meraki.exit_json(**meraki.result)
def main():
# define the available arguments/parameters that a user can pass to
# the module
destinations_arg_spec = dict(all_admins=dict(type='bool'),
snmp=dict(type='bool'),
emails=dict(type='list', elements='str'),
http_server_ids=dict(type='list', elements='str', default=[]),
)
alerts_arg_spec = dict(alert_type=dict(type='str'),
enabled=dict(type='bool'),
alert_destinations=dict(type='dict', default=None, options=destinations_arg_spec),
filters=dict(type='raw', default={}),
)
argument_spec = meraki_argument_spec()
argument_spec.update(
net_id=dict(type='str'),
net_name=dict(type='str', aliases=['name', 'network']),
state=dict(type='str', choices=['present', 'query'], default='present'),
default_destinations=dict(type='dict', default=None, options=destinations_arg_spec),
alerts=dict(type='list', elements='dict', options=alerts_arg_spec),
)
# the AnsibleModule object will be our abstraction working with Ansible
# this includes instantiation, a couple of common attr would be the
# args/params passed to the execution, as well as if the module
# supports check mode
module = AnsibleModule(argument_spec=argument_spec,
supports_check_mode=True,
)
meraki = MerakiModule(module, function='alert')
module.params['follow_redirects'] = 'all'
query_urls = {'alert': '/networks/{net_id}/alerts/settings'}
update_urls = {'alert': '/networks/{net_id}/alerts/settings'}
meraki.url_catalog['get_all'].update(query_urls)
meraki.url_catalog['update'] = update_urls
# manipulate or modify the state as needed (this is going to be the
# part where your module will do what it needs to do)
org_id = meraki.params['org_id']
if org_id is None:
org_id = meraki.get_org_id(meraki.params['org_name'])
net_id = meraki.params['net_id']
if net_id is None:
nets = meraki.get_nets(org_id=org_id)
net_id = meraki.get_net_id(net_name=meraki.params['net_name'], data=nets)
if meraki.params['state'] == 'query':
path = meraki.construct_path('get_all', net_id=net_id)
response = meraki.request(path, method='GET')
if meraki.status == 200:
meraki.result['data'] = response
meraki.exit_json(**meraki.result)
elif meraki.params['state'] == 'present':
path = meraki.construct_path('get_all', net_id=net_id)
original = meraki.request(path, method='GET')
payload = construct_payload(meraki, original)
# meraki.fail_json(msg="Compare", original=original, payload=payload)
# meraki.fail_json(msg=payload)
if meraki.is_update_required(original, payload):
if meraki.check_mode is True:
meraki.generate_diff(original, payload)
meraki.result['data'] = payload
meraki.result['changed'] = True
meraki.exit_json(**meraki.result)
path = meraki.construct_path('update', net_id=net_id)
response = meraki.request(path, method='PUT', payload=json.dumps(payload))
if meraki.status == 200:
meraki.generate_diff(original, payload)
meraki.result['data'] = response
meraki.result['changed'] = True
meraki.exit_json(**meraki.result)
else:
meraki.result['data'] = original
meraki.exit_json(**meraki.result)
# in the event of a successful module execution, you will want to
# simple AnsibleModule.exit_json(), passing the key/value results
meraki.exit_json(**meraki.result)
def main():
# define the available arguments/parameters that a user can pass to
# the module
urls_arg_spec = dict(
url=dict(type='str'),
comment=dict(type='str'),
)
files_arg_spec = dict(
sha256=dict(type='str', aliases=['hash']),
comment=dict(type='str'),
)
argument_spec = meraki_argument_spec()
argument_spec.update(
state=dict(type='str',
choices=['absent', 'present', 'query'],
default='query'),
net_name=dict(type='str', aliases=['network']),
net_id=dict(type='str'),
mode=dict(type='str', choices=['enabled', 'disabled']),
allowed_urls=dict(type='list',
default=None,
elements='dict',
options=urls_arg_spec),
allowed_files=dict(type='list',
default=None,
elements='dict',
options=files_arg_spec),
)
# the AnsibleModule object will be our abstraction working with Ansible
# this includes instantiation, a couple of common attr would be the
# args/params passed to the execution, as well as if the module
# supports check mode
module = AnsibleModule(
argument_spec=argument_spec,
supports_check_mode=True,
)
meraki = MerakiModule(module, function='malware')
meraki.params['follow_redirects'] = 'all'
query_url = {'malware': '/networks/{net_id}/appliance/security/malware'}
update_url = {'malware': '/networks/{net_id}/appliance/security/malware'}
meraki.url_catalog['get_one'].update(query_url)
meraki.url_catalog['update'] = update_url
org_id = meraki.params['org_id']
if org_id is None:
org_id = meraki.get_org_id(meraki.params['org_name'])
net_id = meraki.params['net_id']
if net_id is None:
nets = meraki.get_nets(org_id=org_id)
net_id = meraki.get_net_id(net_name=meraki.params['net_name'],
data=nets)
# Check for argument completeness
if meraki.params['state'] == 'present':
if meraki.params['allowed_files'] is not None or meraki.params[
'allowed_urls'] is not None:
if meraki.params['mode'] is None:
meraki.fail_json(
msg=
"mode must be set when allowed_files or allowed_urls is set."
)
# Assemble payload
if meraki.params['state'] == 'present':
payload = dict()
if meraki.params['mode'] is not None:
payload['mode'] = meraki.params['mode']
if meraki.params['allowed_urls'] is not None:
payload['allowedUrls'] = meraki.params['allowed_urls']
if meraki.params['allowed_files'] is not None:
payload['allowedFiles'] = meraki.params['allowed_files']
if meraki.params['state'] == 'query':
path = meraki.construct_path('get_one', net_id=net_id)
data = meraki.request(path, method='GET')
if meraki.status == 200:
meraki.result['data'] = data
elif meraki.params['state'] == 'present':
path = meraki.construct_path('get_one', net_id=net_id)
original = meraki.request(path, method='GET')
if meraki.is_update_required(original, payload):
if meraki.module.check_mode is True:
meraki.generate_diff(original, payload)
original.update(payload)
meraki.result['data'] = original
meraki.result['changed'] = True
meraki.exit_json(**meraki.result)
path = meraki.construct_path('update', net_id=net_id)
data = meraki.request(path,
method='PUT',
payload=json.dumps(payload))
if meraki.status == 200:
meraki.generate_diff(original, data)
meraki.result['data'] = data
meraki.result['changed'] = True
else:
meraki.result['data'] = original
# in the event of a successful module execution, you will want to
# simple AnsibleModule.exit_json(), passing the key/value results
meraki.exit_json(**meraki.result)
def main():
# define the available arguments/parameters that a user can pass to
# the module
application_arg_spec = dict(
id=dict(type='str'),
name=dict(type='str'),
)
rule_arg_spec = dict(
policy=dict(type='str', choices=['deny'], default='deny'),
type=dict(type='str',
choices=[
'application', 'application_category',
'blacklisted_countries', 'host', 'ip_range', 'port',
'whitelisted_countries'
]),
ip_range=dict(type='str'),
application=dict(type='dict',
default=None,
options=application_arg_spec),
host=dict(type='str'),
port=dict(type='str'),
countries=dict(type='list'),
)
argument_spec = meraki_argument_spec()
argument_spec.update(
state=dict(type='str', choices=['present', 'query'],
default='present'),
net_name=dict(type='str'),
net_id=dict(type='str'),
rules=dict(type='list',
default=None,
elements='dict',
options=rule_arg_spec),
categories=dict(type='bool'),
)
# seed the result dict in the object
# we primarily care about changed and state
# change is if this module effectively modified the target
# state will include any data that you want your module to pass back
# for consumption, for example, in a subsequent task
result = dict(changed=False, )
# the AnsibleModule object will be our abstraction working with Ansible
# this includes instantiation, a couple of common attr would be the
# args/params passed to the execution, as well as if the module
# supports check mode
module = AnsibleModule(
argument_spec=argument_spec,
supports_check_mode=True,
)
meraki = MerakiModule(module, function='mx_l7_firewall')
# check for argument completeness
if meraki.params['rules']:
for rule in meraki.params['rules']:
if rule['type'] == 'application' and rule['application'] is None:
meraki.fail_json(
msg=
"application argument is required when type is application."
)
elif rule['type'] == 'application_category' and rule[
'application'] is None:
meraki.fail_json(
msg=
"application argument is required when type is application_category."
)
elif rule['type'] == 'blacklisted_countries' and rule[
'countries'] is None:
meraki.fail_json(
msg=
"countries argument is required when type is blacklisted_countries."
)
elif rule['type'] == 'host' and rule['host'] is None:
meraki.fail_json(
msg="host argument is required when type is host.")
elif rule['type'] == 'port' and rule['port'] is None:
meraki.fail_json(
msg="port argument is required when type is port.")
elif rule['type'] == 'whitelisted_countries' and rule[
'countries'] is None:
meraki.fail_json(
msg=
"countries argument is required when type is whitelisted_countries."
)
meraki.params['follow_redirects'] = 'all'
query_urls = {'mx_l7_firewall': '/networks/{net_id}/l7FirewallRules/'}
query_category_urls = {
'mx_l7_firewall':
'/networks/{net_id}/l7FirewallRules/applicationCategories'
}
update_urls = {'mx_l7_firewall': '/networks/{net_id}/l7FirewallRules/'}
meraki.url_catalog['get_all'].update(query_urls)
meraki.url_catalog['get_categories'] = (query_category_urls)
meraki.url_catalog['update'] = update_urls
payload = None
# manipulate or modify the state as needed (this is going to be the
# part where your module will do what it needs to do)
org_id = meraki.params['org_id']
orgs = None
if org_id is None:
orgs = meraki.get_orgs()
for org in orgs:
if org['name'] == meraki.params['org_name']:
org_id = org['id']
net_id = meraki.params['net_id']
if net_id is None:
if orgs is None:
orgs = meraki.get_orgs()
net_id = meraki.get_net_id(net_name=meraki.params['net_name'],
data=meraki.get_nets(org_id=org_id))
if meraki.params['state'] == 'query':
if meraki.params['categories'] is True: # Output only applications
meraki.result['data'] = get_applications(meraki, net_id)
else:
meraki.result['data'] = restructure_response(
get_rules(meraki, net_id))
elif meraki.params['state'] == 'present':
rules = get_rules(meraki, net_id)
path = meraki.construct_path('get_all', net_id=net_id)
if meraki.params['rules']:
payload = {'rules': []}
for rule in meraki.params['rules']:
payload['rules'].append(assemble_payload(meraki, net_id, rule))
else:
payload = dict()
'''
The rename_* functions are needed because the key is id and
is_update_required() by default ignores id.
'''
rules = rename_id_to_appid(rules)
payload = rename_id_to_appid(payload)
if meraki.is_update_required(rules, payload):
rules = rename_appid_to_id(rules)
payload = rename_appid_to_id(payload)
if meraki.module.check_mode is True:
response = restructure_response(payload)
diff = recursive_diff(restructure_response(rules), response)
meraki.result['diff'] = {
'before': diff[0],
'after': diff[1],
}
meraki.result['data'] = response
meraki.result['changed'] = True
meraki.exit_json(**meraki.result)
response = meraki.request(path,
method='PUT',
payload=json.dumps(payload))
response = restructure_response(response)
if meraki.status == 200:
diff = recursive_diff(restructure_response(rules), response)
meraki.result['diff'] = {
'before': diff[0],
'after': diff[1],
}
meraki.result['data'] = response
meraki.result['changed'] = True
else:
rules = rename_appid_to_id(rules)
payload = rename_appid_to_id(payload)
if meraki.module.check_mode is True:
meraki.result['data'] = rules
meraki.result['changed'] = False
meraki.exit_json(**meraki.result)
meraki.result['data'] = payload
# in the event of a successful module execution, you will want to
# simple AnsibleModule.exit_json(), passing the key/value results
meraki.exit_json(**meraki.result)
def main():
# define the available arguments/parameters that a user can pass to
# the module
areas_arg_spec = dict(
area_id=dict(type='int', aliases=['id']),
area_name=dict(type='str', aliases=['name']),
area_type=dict(type='str',
aliases=['type'],
choices=['normal', 'stub', 'nssa']),
)
md5_auth_arg_spec = dict(
id=dict(type='str'),
passphrase=dict(type='str', no_log=True),
)
argument_spec = meraki_argument_spec()
argument_spec.update(
state=dict(type='str', choices=['present', 'query'],
default='present'),
net_id=dict(type='str'),
net_name=dict(type='str', aliases=['name', 'network']),
enabled=dict(type='bool'),
hello_timer=dict(type='int'),
dead_timer=dict(type='int'),
areas=dict(type='list',
default=None,
elements='dict',
options=areas_arg_spec),
md5_authentication_enabled=dict(type='bool'),
md5_authentication_key=dict(type='dict',
default=None,
options=md5_auth_arg_spec),
)
# the AnsibleModule object will be our abstraction working with Ansible
# this includes instantiation, a couple of common attr would be the
# args/params passed to the execution, as well as if the module
# supports check mode
module = AnsibleModule(
argument_spec=argument_spec,
supports_check_mode=True,
)
meraki = MerakiModule(module, function='ms_ospf')
meraki.params['follow_redirects'] = 'all'
query_urls = {'ms_ospf': '/networks/{net_id}/switch/routing/ospf'}
update_urls = {'ms_ospf': '/networks/{net_id}/switch/routing/ospf'}
meraki.url_catalog['get_all'].update(query_urls)
meraki.url_catalog['update'] = update_urls
payload = None
# execute checks for argument completeness
if meraki.params['dead_timer'] is not None:
if meraki.params['dead_timer'] < 1 or meraki.params[
'dead_timer'] > 65535:
meraki.fail_json(msg='dead_timer must be between 1 and 65535')
if meraki.params['hello_timer'] is not None:
if meraki.params['hello_timer'] < 1 or meraki.params[
'hello_timer'] > 255:
meraki.fail_json(msg='hello_timer must be between 1 and 65535')
if meraki.params['md5_authentication_enabled'] is False:
if meraki.params['md5_authentication_key'] is not None:
meraki.fail_json(
msg=
'md5_authentication_key must not be configured when md5_authentication_enabled is false'
)
# manipulate or modify the state as needed (this is going to be the
# part where your module will do what it needs to do)
org_id = meraki.params['org_id']
if not org_id:
org_id = meraki.get_org_id(meraki.params['org_name'])
net_id = meraki.params['net_id']
if net_id is None and meraki.params['net_name']:
nets = meraki.get_nets(org_id=org_id)
net_id = meraki.get_net_id(net_name=meraki.params['net_name'],
data=nets)
if meraki.params['state'] == 'query':
path = meraki.construct_path('get_all', net_id=net_id)
response = meraki.request(path, method='GET')
meraki.result['data'] = response
meraki.exit_json(**meraki.result)
elif meraki.params['state'] == 'present':
original = meraki.request(meraki.construct_path('get_all',
net_id=net_id),
method='GET')
payload = construct_payload(meraki)
if meraki.is_update_required(original, payload) is True:
if meraki.check_mode is True:
meraki.result['data'] = payload
meraki.result['changed'] = True
meraki.exit_json(**meraki.result)
path = meraki.construct_path('update', net_id=net_id)
response = meraki.request(path,
method='PUT',
payload=json.dumps(payload))
if 'md5_authentication_key' in response:
response['md5_authentication_key'][
'passphrase'] = 'VALUE_SPECIFIED_IN_NO_LOG_PARAMETER'
meraki.result['data'] = response
meraki.result['changed'] = True
meraki.exit_json(**meraki.result)
else:
if 'md5_authentication_key' in original:
original['md5_authentication_key'][
'passphrase'] = 'VALUE_SPECIFIED_IN_NO_LOG_PARAMETER'
meraki.result['data'] = original
meraki.exit_json(**meraki.result)
# in the event of a successful module execution, you will want to
# simple AnsibleModule.exit_json(), passing the key/value results
meraki.exit_json(**meraki.result)
def main():
# define the available arguments/parameters that a user can pass to
# the module
fixed_ip_arg_spec = dict(
mac=dict(type='str'),
ip=dict(type='str'),
name=dict(type='str'),
)
reserved_ip_arg_spec = dict(
start=dict(type='str'),
end=dict(type='str'),
comment=dict(type='str'),
)
argument_spec = meraki_argument_spec()
argument_spec.update(
state=dict(type='str',
choices=['absent', 'present', 'query'],
default='query'),
net_name=dict(type='str', aliases=['network']),
net_id=dict(type='str'),
vlan_id=dict(type='int'),
name=dict(type='str', aliases=['vlan_name']),
subnet=dict(type='str'),
appliance_ip=dict(type='str'),
fixed_ip_assignments=dict(type='list',
default=None,
elements='dict',
options=fixed_ip_arg_spec),
reserved_ip_range=dict(type='list',
default=None,
elements='dict',
options=reserved_ip_arg_spec),
vpn_nat_subnet=dict(type='str'),
dns_nameservers=dict(type='str'),
)
# the AnsibleModule object will be our abstraction working with Ansible
# this includes instantiation, a couple of common attr would be the
# args/params passed to the execution, as well as if the module
# supports check mode
module = AnsibleModule(
argument_spec=argument_spec,
supports_check_mode=True,
)
meraki = MerakiModule(module, function='vlan')
meraki.params['follow_redirects'] = 'all'
query_urls = {'vlan': '/networks/{net_id}/vlans'}
query_url = {'vlan': '/networks/{net_id}/vlans/{vlan_id}'}
create_url = {'vlan': '/networks/{net_id}/vlans'}
update_url = {'vlan': '/networks/{net_id}/vlans/'}
delete_url = {'vlan': '/networks/{net_id}/vlans/'}
meraki.url_catalog['get_all'].update(query_urls)
meraki.url_catalog['get_one'].update(query_url)
meraki.url_catalog['create'] = create_url
meraki.url_catalog['update'] = update_url
meraki.url_catalog['delete'] = delete_url
payload = None
org_id = meraki.params['org_id']
if org_id is None:
org_id = meraki.get_org_id(meraki.params['org_name'])
net_id = meraki.params['net_id']
if net_id is None:
nets = meraki.get_nets(org_id=org_id)
net_id = meraki.get_net_id(net_name=meraki.params['net_name'],
data=nets)
if meraki.params['state'] == 'query':
if not meraki.params['vlan_id']:
meraki.result['data'] = get_vlans(meraki, net_id)
else:
path = meraki.construct_path(
'get_one',
net_id=net_id,
custom={'vlan_id': meraki.params['vlan_id']})
response = meraki.request(path, method='GET')
meraki.result['data'] = response
elif meraki.params['state'] == 'present':
payload = {
'id': meraki.params['vlan_id'],
'name': meraki.params['name'],
'subnet': meraki.params['subnet'],
'applianceIp': meraki.params['appliance_ip'],
}
if is_vlan_valid(meraki, net_id,
meraki.params['vlan_id']) is False: # Create new VLAN
if meraki.module.check_mode is True:
meraki.result['data'] = payload
meraki.result['changed'] = True
meraki.exit_json(**meraki.result)
path = meraki.construct_path('create', net_id=net_id)
response = meraki.request(path,
method='POST',
payload=json.dumps(payload))
meraki.result['changed'] = True
meraki.result['data'] = response
else: # Update existing VLAN
path = meraki.construct_path(
'get_one',
net_id=net_id,
custom={'vlan_id': meraki.params['vlan_id']})
original = meraki.request(path, method='GET')
if meraki.params['dns_nameservers']:
if meraki.params['dns_nameservers'] not in ('opendns',
'google_dns',
'upstream_dns'):
payload['dnsNameservers'] = format_dns(
meraki.params['dns_nameservers'])
else:
payload['dnsNameservers'] = meraki.params[
'dns_nameservers']
if meraki.params['fixed_ip_assignments']:
payload['fixedIpAssignments'] = fixed_ip_factory(
meraki, meraki.params['fixed_ip_assignments'])
if meraki.params['reserved_ip_range']:
payload['reservedIpRanges'] = meraki.params[
'reserved_ip_range']
if meraki.params['vpn_nat_subnet']:
payload['vpnNatSubnet'] = meraki.params['vpn_nat_subnet']
ignored = ['networkId']
if meraki.is_update_required(original,
payload,
optional_ignore=ignored):
meraki.generate_diff(original, payload)
if meraki.module.check_mode is True:
original.update(payload)
meraki.result['changed'] = True
meraki.result['data'] = original
meraki.exit_json(**meraki.result)
path = meraki.construct_path('update', net_id=net_id) + str(
meraki.params['vlan_id'])
response = meraki.request(path,
method='PUT',
payload=json.dumps(payload))
meraki.result['changed'] = True
meraki.result['data'] = response
meraki.generate_diff(original, response)
else:
if meraki.module.check_mode is True:
meraki.result['data'] = original
meraki.exit_json(**meraki.result)
meraki.result['data'] = original
elif meraki.params['state'] == 'absent':
if is_vlan_valid(meraki, net_id, meraki.params['vlan_id']):
if meraki.module.check_mode is True:
meraki.result['data'] = {}
meraki.result['changed'] = True
meraki.exit_json(**meraki.result)
path = meraki.construct_path('delete', net_id=net_id) + str(
meraki.params['vlan_id'])
response = meraki.request(path, 'DELETE')
meraki.result['changed'] = True
meraki.result['data'] = response
# in the event of a successful module execution, you will want to
# simple AnsibleModule.exit_json(), passing the key/value results
meraki.exit_json(**meraki.result)
def main():
# define the available arguments/parameters that a user can pass to
# the module
argument_spec = meraki_argument_spec()
argument_spec.update(
state=dict(type='str', choices=['present', 'query'], default='query'),
serial=dict(type='str', required=True),
number=dict(type='str'),
name=dict(type='str', aliases=['description']),
tags=dict(type='str'),
enabled=dict(type='bool', default=True),
type=dict(type='str', choices=['access', 'trunk'], default='access'),
vlan=dict(type='int'),
voice_vlan=dict(type='int'),
allowed_vlans=dict(type='list', default='all'),
poe_enabled=dict(type='bool', default=True),
isolation_enabled=dict(type='bool', default=False),
rstp_enabled=dict(type='bool', default=True),
stp_guard=dict(
type='str',
choices=['disabled', 'root guard', 'bpdu guard', 'loop guard'],
default='disabled'),
access_policy_number=dict(type='str'),
link_negotiation=dict(type='str',
choices=[
'Auto negotiate', '100Megabit (auto)',
'100 Megabit full duplex (forced)'
],
default='Auto negotiate'),
)
# the AnsibleModule object will be our abstraction working with Ansible
# this includes instantiation, a couple of common attr would be the
# args/params passed to the execution, as well as if the module
# supports check mode
module = AnsibleModule(
argument_spec=argument_spec,
supports_check_mode=True,
)
meraki = MerakiModule(module, function='switchport')
meraki.params['follow_redirects'] = 'all'
if meraki.params['type'] == 'trunk':
if not meraki.params['allowed_vlans']:
meraki.params['allowed_vlans'] = [
'all'
] # Backdoor way to set default without conflicting on access
query_urls = {'switchport': '/devices/{serial}/switchPorts'}
query_url = {'switchport': '/devices/{serial}/switchPorts/{number}'}
update_url = {'switchport': '/devices/{serial}/switchPorts/{number}'}
meraki.url_catalog['get_all'].update(query_urls)
meraki.url_catalog['get_one'].update(query_url)
meraki.url_catalog['update'] = update_url
payload = None
# if the user is working with this module in only check mode we do not
# want to make any changes to the environment, just return the current
# state with no modifications
# FIXME: Work with Meraki so they can implement a check mode
if module.check_mode:
meraki.exit_json(**meraki.result)
# execute checks for argument completeness
# manipulate or modify the state as needed (this is going to be the
# part where your module will do what it needs to do)
if meraki.params['state'] == 'query':
if meraki.params['number']:
path = meraki.construct_path('get_one',
custom={
'serial': meraki.params['serial'],
'number': meraki.params['number'],
})
response = meraki.request(path, method='GET')
meraki.result['data'] = response
else:
path = meraki.construct_path(
'get_all', custom={'serial': meraki.params['serial']})
response = meraki.request(path, method='GET')
meraki.result['data'] = response
elif meraki.params['state'] == 'present':
payload = dict()
for k, v in meraki.params.items():
try:
payload[param_map[k]] = v
except KeyError:
pass
allowed = set() # Use a set to remove duplicate items
if meraki.params['allowed_vlans'][0] == 'all':
allowed.add('all')
else:
for vlan in meraki.params['allowed_vlans']:
allowed.add(str(vlan))
if meraki.params['vlan'] is not None:
allowed.add(str(meraki.params['vlan']))
if len(allowed) > 1: # Convert from list to comma separated
payload['allowedVlans'] = sort_vlans(meraki, allowed)
else:
payload['allowedVlans'] = next(iter(allowed))
# Exceptions need to be made for idempotency check based on how Meraki returns
if meraki.params['type'] == 'access':
if not meraki.params[
'vlan']: # VLAN needs to be specified in access ports, but can't default to it
payload['vlan'] = 1
proposed = payload.copy()
query_path = meraki.construct_path('get_one',
custom={
'serial':
meraki.params['serial'],
'number':
meraki.params['number'],
})
original = meraki.request(query_path, method='GET')
if meraki.params['type'] == 'trunk':
proposed['voiceVlan'] = original[
'voiceVlan'] # API shouldn't include voice VLAN on a trunk port
if meraki.is_update_required(original,
proposed,
optional_ignore=['number']):
path = meraki.construct_path('update',
custom={
'serial': meraki.params['serial'],
'number': meraki.params['number'],
})
response = meraki.request(path,
method='PUT',
payload=json.dumps(payload))
meraki.result['data'] = response
meraki.result['changed'] = True
else:
meraki.result['data'] = original
# in the event of a successful module execution, you will want to
# simple AnsibleModule.exit_json(), passing the key/value results
meraki.exit_json(**meraki.result)
def main():
# define the available arguments/parameters that a user can pass to
# the module
one_to_one_allowed_inbound_spec = dict(
protocol=dict(type='str',
choices=['tcp', 'udp', 'icmp-ping', 'any'],
default='any'),
destination_ports=dict(type='list', element='str'),
allowed_ips=dict(type='list'),
)
one_to_many_port_inbound_spec = dict(
protocol=dict(type='str', choices=['tcp', 'udp']),
name=dict(type='str'),
local_ip=dict(type='str'),
local_port=dict(type='str'),
allowed_ips=dict(type='list'),
public_port=dict(type='str'),
)
one_to_one_spec = dict(
name=dict(type='str'),
public_ip=dict(type='str'),
lan_ip=dict(type='str'),
uplink=dict(type='str', choices=['internet1', 'internet2', 'both']),
allowed_inbound=dict(type='list',
element='dict',
options=one_to_one_allowed_inbound_spec),
)
one_to_many_spec = dict(
public_ip=dict(type='str'),
uplink=dict(type='str', choices=['internet1', 'internet2', 'both']),
port_rules=dict(type='list',
element='dict',
options=one_to_many_port_inbound_spec),
)
port_forwarding_spec = dict(
name=dict(type='str'),
lan_ip=dict(type='str'),
uplink=dict(type='str', choices=['internet1', 'internet2', 'both']),
protocol=dict(type='str', choices=['tcp', 'udp']),
public_port=dict(type='int'),
local_port=dict(type='int'),
allowed_ips=dict(type='list'),
)
argument_spec = meraki_argument_spec()
argument_spec.update(
net_id=dict(type='str'),
net_name=dict(type='str', aliases=['name', 'network']),
state=dict(type='str', choices=['present', 'query'],
default='present'),
subset=dict(type='list',
choices=['1:1', '1:many', 'all', 'port_forwarding'],
default='all'),
one_to_one=dict(type='list', elements='dict', options=one_to_one_spec),
one_to_many=dict(type='list',
elements='dict',
options=one_to_many_spec),
port_forwarding=dict(type='list',
elements='dict',
options=port_forwarding_spec),
)
# the AnsibleModule object will be our abstraction working with Ansible
# this includes instantiation, a couple of common attr would be the
# args/params passed to the execution, as well as if the module
# supports check mode
module = AnsibleModule(
argument_spec=argument_spec,
supports_check_mode=True,
)
meraki = MerakiModule(module, function='nat')
module.params['follow_redirects'] = 'all'
one_to_one_payload = None
one_to_many_payload = None
port_forwarding_payload = None
if meraki.params['state'] == 'present':
if meraki.params['one_to_one'] is not None:
rules = []
for i in meraki.params['one_to_one']:
data = {
'name': i['name'],
'publicIp': i['public_ip'],
'uplink': i['uplink'],
'lanIp': i['lan_ip'],
'allowedInbound': construct_payload(i['allowed_inbound'])
}
for inbound in data['allowedInbound']:
inbound['destinationPorts'] = list_int_to_str(
inbound['destinationPorts'])
rules.append(data)
one_to_one_payload = {'rules': rules}
if meraki.params['one_to_many'] is not None:
rules = []
for i in meraki.params['one_to_many']:
data = {
'publicIp': i['public_ip'],
'uplink': i['uplink'],
}
port_rules = []
for port_rule in i['port_rules']:
rule = {
'name': port_rule['name'],
'protocol': port_rule['protocol'],
'publicPort': str(port_rule['public_port']),
'localIp': port_rule['local_ip'],
'localPort': str(port_rule['local_port']),
'allowedIps': port_rule['allowed_ips'],
}
port_rules.append(rule)
data['portRules'] = port_rules
rules.append(data)
one_to_many_payload = {'rules': rules}
if meraki.params['port_forwarding'] is not None:
port_forwarding_payload = {
'rules': construct_payload(meraki.params['port_forwarding'])
}
for rule in port_forwarding_payload['rules']:
rule['localPort'] = str(rule['localPort'])
rule['publicPort'] = str(rule['publicPort'])
onetomany_urls = {'nat': '/networks/{net_id}/oneToManyNatRules'}
onetoone_urls = {'nat': '/networks/{net_id}/oneToOneNatRules'}
port_forwarding_urls = {'nat': '/networks/{net_id}/portForwardingRules'}
meraki.url_catalog['1:many'] = onetomany_urls
meraki.url_catalog['1:1'] = onetoone_urls
meraki.url_catalog['port_forwarding'] = port_forwarding_urls
if meraki.params['net_name'] and meraki.params['net_id']:
meraki.fail_json(msg='net_name and net_id are mutually exclusive')
org_id = meraki.params['org_id']
if not org_id:
org_id = meraki.get_org_id(meraki.params['org_name'])
net_id = meraki.params['net_id']
if net_id is None:
nets = meraki.get_nets(org_id=org_id)
net_id = meraki.get_net_id(org_id,
meraki.params['net_name'],
data=nets)
if meraki.params['state'] == 'query':
if meraki.params['subset'][0] == 'all':
path = meraki.construct_path('1:many', net_id=net_id)
data = {'1:many': meraki.request(path, method='GET')}
path = meraki.construct_path('1:1', net_id=net_id)
data['1:1'] = meraki.request(path, method='GET')
path = meraki.construct_path('port_forwarding', net_id=net_id)
data['port_forwarding'] = meraki.request(path, method='GET')
meraki.result['data'] = data
else:
for subset in meraki.params['subset']:
path = meraki.construct_path(subset, net_id=net_id)
data = {subset: meraki.request(path, method='GET')}
try:
meraki.result['data'][subset] = data
except KeyError:
meraki.result['data'] = {subset: data}
elif meraki.params['state'] == 'present':
meraki.result['data'] = dict()
if one_to_one_payload is not None:
path = meraki.construct_path('1:1', net_id=net_id)
current = meraki.request(path, method='GET')
if meraki.is_update_required(current, one_to_one_payload):
if meraki.module.check_mode is True:
diff = recursive_diff(current, one_to_one_payload)
current.update(one_to_one_payload)
if 'diff' not in meraki.result:
meraki.result['diff'] = {'before': {}, 'after': {}}
meraki.result['diff']['before'].update(
{'one_to_one': diff[0]})
meraki.result['diff']['after'].update(
{'one_to_one': diff[1]})
meraki.result['data'] = {'one_to_one': current}
meraki.result['changed'] = True
else:
r = meraki.request(path,
method='PUT',
payload=json.dumps(one_to_one_payload))
if meraki.status == 200:
diff = recursive_diff(current, one_to_one_payload)
if 'diff' not in meraki.result:
meraki.result['diff'] = {'before': {}, 'after': {}}
meraki.result['diff']['before'].update(
{'one_to_one': diff[0]})
meraki.result['diff']['after'].update(
{'one_to_one': diff[1]})
meraki.result['data'] = {'one_to_one': r}
meraki.result['changed'] = True
else:
meraki.result['data']['one_to_one'] = current
if one_to_many_payload is not None:
path = meraki.construct_path('1:many', net_id=net_id)
current = meraki.request(path, method='GET')
if meraki.is_update_required(current, one_to_many_payload):
if meraki.module.check_mode is True:
diff = recursive_diff(current, one_to_many_payload)
current.update(one_to_many_payload)
if 'diff' not in meraki.result:
meraki.result['diff'] = {'before': {}, 'after': {}}
meraki.result['diff']['before'].update(
{'one_to_many': diff[0]})
meraki.result['diff']['after'].update(
{'one_to_many': diff[1]})
meraki.result['data']['one_to_many'] = current
meraki.result['changed'] = True
else:
r = meraki.request(path,
method='PUT',
payload=json.dumps(one_to_many_payload))
if meraki.status == 200:
diff = recursive_diff(current, one_to_many_payload)
if 'diff' not in meraki.result:
meraki.result['diff'] = {'before': {}, 'after': {}}
meraki.result['diff']['before'].update(
{'one_to_many': diff[0]})
meraki.result['diff']['after'].update(
{'one_to_many': diff[1]})
meraki.result['data'].update({'one_to_many': r})
meraki.result['changed'] = True
else:
meraki.result['data']['one_to_many'] = current
if port_forwarding_payload is not None:
path = meraki.construct_path('port_forwarding', net_id=net_id)
current = meraki.request(path, method='GET')
if meraki.is_update_required(current, port_forwarding_payload):
if meraki.module.check_mode is True:
diff = recursive_diff(current, port_forwarding_payload)
current.update(port_forwarding_payload)
if 'diff' not in meraki.result:
meraki.result['diff'] = {'before': {}, 'after': {}}
meraki.result['diff']['before'].update(
{'port_forwarding': diff[0]})
meraki.result['diff']['after'].update(
{'port_forwarding': diff[1]})
meraki.result['data']['port_forwarding'] = current
meraki.result['changed'] = True
else:
r = meraki.request(
path,
method='PUT',
payload=json.dumps(port_forwarding_payload))
if meraki.status == 200:
if 'diff' not in meraki.result:
meraki.result['diff'] = {'before': {}, 'after': {}}
diff = recursive_diff(current, port_forwarding_payload)
meraki.result['diff']['before'].update(
{'port_forwarding': diff[0]})
meraki.result['diff']['after'].update(
{'port_forwarding': diff[1]})
meraki.result['data'].update({'port_forwarding': r})
meraki.result['changed'] = True
else:
meraki.result['data']['port_forwarding'] = current
# in the event of a successful module execution, you will want to
# simple AnsibleModule.exit_json(), passing the key/value results
meraki.exit_json(**meraki.result)
def main():
# define the available arguments/parameters that a user can pass to
# the module
argument_spec = meraki_argument_spec()
argument_spec.update(
state=dict(type='str', choices=['present', 'query'],
default='present'),
org_name=dict(type='str', aliases=['organization']),
org_id=dict(type='str'),
net_name=dict(type='str'),
net_id=dict(type='str'),
upgrade_strategy=dict(
type='str',
choices=['minimize_upgrade_time', 'minimize_client_downtime']),
ipv6_bridge_enabled=dict(type='bool'),
led_lights_on=dict(type='bool'),
location_analytics_enabled=dict(type='bool'),
meshing_enabled=dict(type='bool'),
)
# the AnsibleModule object will be our abstraction working with Ansible
# this includes instantiation, a couple of common attr would be the
# args/params passed to the execution, as well as if the module
# supports check mode
module = AnsibleModule(
argument_spec=argument_spec,
supports_check_mode=True,
)
meraki = MerakiModule(module, function='mr_settings')
meraki.params['follow_redirects'] = 'all'
query_urls = {'mr_settings': '/networks/{net_id}/wireless/settings'}
update_urls = {'mr_settings': '/networks/{net_id}/wireless/settings'}
meraki.url_catalog['get_one'].update(query_urls)
meraki.url_catalog['update'] = update_urls
org_id = meraki.params['org_id']
net_id = meraki.params['net_id']
if org_id is None:
org_id = meraki.get_org_id(meraki.params['org_name'])
if net_id is None:
nets = meraki.get_nets(org_id=org_id)
net_id = meraki.get_net_id(org_id,
meraki.params['net_name'],
data=nets)
if meraki.params['state'] == 'query':
path = meraki.construct_path('get_one', net_id=net_id)
response = meraki.request(path, method='GET')
meraki.result['data'] = response
meraki.exit_json(**meraki.result)
elif meraki.params['state'] == 'present':
path = meraki.construct_path('get_one', net_id=net_id)
original = meraki.request(path, method='GET')
payload = construct_payload(meraki)
if meraki.is_update_required(original, payload) is True:
if meraki.check_mode is True:
meraki.result['data'] = payload
meraki.result['changed'] = True
meraki.exit_json(**meraki.result)
path = meraki.construct_path('update', net_id=net_id)
response = meraki.request(path,
method='PUT',
payload=json.dumps(payload))
meraki.result['data'] = response
meraki.result['changed'] = True
meraki.exit_json(**meraki.result)
else:
meraki.result['data'] = original
meraki.exit_json(**meraki.result)
# in the event of a successful module execution, you will want to
# simple AnsibleModule.exit_json(), passing the key/value results
meraki.exit_json(**meraki.result)
def main():
# define the available arguments/parameters that a user can pass to
# the module
argument_spec = meraki_argument_spec()
argument_spec.update(
net_id=dict(type='str'),
type=dict(type='list',
elements='str',
choices=['wireless', 'switch', 'appliance'],
aliases=['net_type']),
tags=dict(type='list', elements='str'),
timezone=dict(type='str'),
net_name=dict(type='str', aliases=['name', 'network']),
state=dict(type='str',
choices=['present', 'query', 'absent'],
default='present'),
enable_vlans=dict(type='bool'),
local_status_page_enabled=dict(type='bool'),
remote_status_page_enabled=dict(type='bool'),
)
# the AnsibleModule object will be our abstraction working with Ansible
# this includes instantiation, a couple of common attr would be the
# args/params passed to the execution, as well as if the module
# supports check mode
module = AnsibleModule(
argument_spec=argument_spec,
supports_check_mode=True,
)
meraki = MerakiModule(module, function='network')
module.params['follow_redirects'] = 'all'
payload = None
create_urls = {'network': '/organizations/{org_id}/networks'}
update_urls = {'network': '/networks/{net_id}'}
delete_urls = {'network': '/networks/{net_id}'}
update_settings_urls = {'network': '/networks/{net_id}/settings'}
get_settings_urls = {'network': '/networks/{net_id}/settings'}
enable_vlans_urls = {
'network': '/networks/{net_id}/appliance/vlans/settings'
}
get_vlan_status_urls = {
'network': '/networks/{net_id}/appliance/vlans/settings'
}
meraki.url_catalog['create'] = create_urls
meraki.url_catalog['update'] = update_urls
meraki.url_catalog['update_settings'] = update_settings_urls
meraki.url_catalog['get_settings'] = get_settings_urls
meraki.url_catalog['delete'] = delete_urls
meraki.url_catalog['enable_vlans'] = enable_vlans_urls
meraki.url_catalog['status_vlans'] = get_vlan_status_urls
if not meraki.params['org_name'] and not meraki.params['org_id']:
meraki.fail_json(msg='org_name or org_id parameters are required')
if meraki.params['state'] != 'query':
if not meraki.params['net_name'] and not meraki.params['net_id']:
meraki.fail_json(
msg=
'net_name or net_id is required for present or absent states')
if meraki.params['net_name'] and meraki.params['net_id']:
meraki.fail_json(msg='net_name and net_id are mutually exclusive')
if not meraki.params['net_name'] and not meraki.params['net_id']:
if meraki.params['enable_vlans']:
meraki.fail_json(
msg=
"The parameter 'enable_vlans' requires 'net_name' or 'net_id' to be specified"
)
if meraki.params['local_status_page_enabled'] is True and meraki.params[
'remote_status_page_enabled'] is False:
meraki.fail_json(
msg=
'local_status_page_enabled must be true when setting remote_status_page_enabled'
)
# Construct payload
if meraki.params['state'] == 'present':
payload = dict()
if meraki.params['net_name']:
payload['name'] = meraki.params['net_name']
if meraki.params['type']:
payload['productTypes'] = meraki.params['type']
if meraki.params['tags']:
payload['tags'] = meraki.params['tags']
if meraki.params['timezone']:
payload['timeZone'] = meraki.params['timezone']
if meraki.params['local_status_page_enabled'] is not None:
payload['localStatusPageEnabled'] = meraki.params[
'local_status_page_enabled']
if meraki.params['remote_status_page_enabled'] is not None:
payload['remoteStatusPageEnabled'] = meraki.params[
'remote_status_page_enabled']
# manipulate or modify the state as needed (this is going to be the
# part where your module will do what it needs to do)
org_id = meraki.params['org_id']
if not org_id:
org_id = meraki.get_org_id(meraki.params['org_name'])
nets = meraki.get_nets(org_id=org_id)
net_id = meraki.params['net_id']
net_exists = False
if net_id is not None:
if is_net_valid(nets, net_id=net_id) is False:
meraki.fail_json(msg="Network specified by net_id does not exist.")
net_exists = True
elif meraki.params['net_name']:
if is_net_valid(nets, net_name=meraki.params['net_name']) is True:
net_id = meraki.get_net_id(net_name=meraki.params['net_name'],
data=nets)
net_exists = True
if meraki.params['state'] == 'query':
if not meraki.params['net_name'] and not meraki.params['net_id']:
meraki.result['data'] = nets
elif meraki.params['net_name'] or meraki.params['net_id'] is not None:
if meraki.params['local_status_page_enabled'] is not None or \
meraki.params['remote_status_page_enabled'] is not None:
meraki.result['data'] = get_network_settings(meraki, net_id)
meraki.exit_json(**meraki.result)
else:
meraki.result['data'] = meraki.get_net(
meraki.params['org_name'],
meraki.params['net_name'],
data=nets)
meraki.exit_json(**meraki.result)
elif meraki.params['state'] == 'present':
if net_exists is False: # Network needs to be created
if 'type' not in meraki.params or meraki.params['type'] is None:
meraki.fail_json(
msg="type parameter is required when creating a network.")
if meraki.check_mode is True:
data = payload
data['id'] = 'N_12345'
data['organization_id'] = org_id
meraki.result['data'] = data
meraki.result['changed'] = True
meraki.exit_json(**meraki.result)
path = meraki.construct_path('create', org_id=org_id)
r = meraki.request(path,
method='POST',
payload=json.dumps(payload))
if meraki.status == 201:
meraki.result['data'] = r
meraki.result['changed'] = True
else: # Network exists, make changes
if meraki.params[
'enable_vlans'] is not None: # Modify VLANs configuration
status_path = meraki.construct_path('status_vlans',
net_id=net_id)
status = meraki.request(status_path, method='GET')
payload = {'vlansEnabled': meraki.params['enable_vlans']}
if meraki.is_update_required(status, payload):
if meraki.check_mode is True:
data = {
'vlansEnabled': meraki.params['enable_vlans'],
'network_id': net_id,
}
meraki.result['data'] = data
meraki.result['changed'] = True
meraki.exit_json(**meraki.result)
path = meraki.construct_path('enable_vlans', net_id=net_id)
r = meraki.request(path,
method='PUT',
payload=json.dumps(payload))
if meraki.status == 200:
meraki.result['data'] = r
meraki.result['changed'] = True
meraki.exit_json(**meraki.result)
else:
meraki.result['data'] = status
meraki.exit_json(**meraki.result)
elif (meraki.params['local_status_page_enabled'] is not None
or meraki.params['remote_status_page_enabled'] is not None):
path = meraki.construct_path('get_settings', net_id=net_id)
original = meraki.request(path, method='GET')
payload = {}
if meraki.params['local_status_page_enabled'] is not None:
payload['localStatusPageEnabled'] = meraki.params[
'local_status_page_enabled']
if meraki.params['remote_status_page_enabled'] is not None:
payload['remoteStatusPageEnabled'] = meraki.params[
'remote_status_page_enabled']
if meraki.is_update_required(original, payload):
if meraki.check_mode is True:
original.update(payload)
meraki.result['data'] = original
meraki.result['changed'] = True
meraki.exit_json(**meraki.result)
path = meraki.construct_path('update_settings',
net_id=net_id)
response = meraki.request(path,
method='PUT',
payload=json.dumps(payload))
meraki.result['data'] = response
meraki.result['changed'] = True
meraki.exit_json(**meraki.result)
else:
meraki.result['data'] = original
meraki.exit_json(**meraki.result)
net = meraki.get_net(meraki.params['org_name'],
net_id=net_id,
data=nets)
if meraki.is_update_required(net, payload):
if meraki.check_mode is True:
data = net
net.update(payload)
meraki.result['data'] = net
meraki.result['changed'] = True
meraki.exit_json(**meraki.result)
path = meraki.construct_path('update', net_id=net_id)
r = meraki.request(path,
method='PUT',
payload=json.dumps(payload))
if meraki.status == 200:
meraki.result['data'] = r
meraki.result['changed'] = True
else:
meraki.result['data'] = net
elif meraki.params['state'] == 'absent':
if is_net_valid(nets, net_id=net_id) is True:
if meraki.check_mode is True:
meraki.result['data'] = {}
meraki.result['changed'] = True
meraki.exit_json(**meraki.result)
path = meraki.construct_path('delete', net_id=net_id)
r = meraki.request(path, method='DELETE')
if meraki.status == 204:
meraki.result['changed'] = True
# in the event of a successful module execution, you will want to
# simple AnsibleModule.exit_json(), passing the key/value results
meraki.exit_json(**meraki.result)
def main():
# define the available arguments/parameters that a user can pass to
# the module
hubs_args = dict(hub_id=dict(type='str'),
use_default_route=dict(type='bool'),
)
subnets_args = dict(local_subnet=dict(type='str'),
use_vpn=dict(type='bool'),
)
argument_spec = meraki_argument_spec()
argument_spec.update(state=dict(type='str', choices=['present', 'query'], default='present'),
net_name=dict(type='str'),
net_id=dict(type='str'),
hubs=dict(type='list', default=None, elements='dict', options=hubs_args),
subnets=dict(type='list', default=None, elements='dict', options=subnets_args),
mode=dict(type='str', choices=['none', 'hub', 'spoke']),
)
# the AnsibleModule object will be our abstraction working with Ansible
# this includes instantiation, a couple of common attr would be the
# args/params passed to the execution, as well as if the module
# supports check mode
module = AnsibleModule(argument_spec=argument_spec,
supports_check_mode=True,
)
meraki = MerakiModule(module, function='site_to_site_vpn')
meraki.params['follow_redirects'] = 'all'
query_urls = {'site_to_site_vpn': '/networks/{net_id}/appliance/vpn/siteToSiteVpn/'}
update_urls = {'site_to_site_vpn': '/networks/{net_id}/appliance/vpn/siteToSiteVpn/'}
meraki.url_catalog['get_all'].update(query_urls)
meraki.url_catalog['update'] = update_urls
payload = None
# manipulate or modify the state as needed (this is going to be the
# part where your module will do what it needs to do)
org_id = meraki.params['org_id']
if org_id is None:
orgs = meraki.get_orgs()
for org in orgs:
if org['name'] == meraki.params['org_name']:
org_id = org['id']
net_id = meraki.params['net_id']
if net_id is None:
net_id = meraki.get_net_id(net_name=meraki.params['net_name'],
data=meraki.get_nets(org_id=org_id))
if meraki.params['state'] == 'query':
path = meraki.construct_path('get_all', net_id=net_id)
response = meraki.request(path, method='GET')
meraki.result['data'] = response
elif meraki.params['state'] == 'present':
path = meraki.construct_path('get_all', net_id=net_id)
original = meraki.request(path, method='GET')
payload = assemble_payload(meraki)
comparable = deepcopy(original)
comparable.update(payload)
if meraki.is_update_required(original, payload):
path = meraki.construct_path('update', net_id=net_id)
response = meraki.request(path, method='PUT', payload=json.dumps(payload))
meraki.result['changed'] = True
meraki.result['data'] = response
else:
meraki.result['data'] = original
# in the event of a successful module execution, you will want to
# simple AnsibleModule.exit_json(), passing the key/value results
meraki.exit_json(**meraki.result)
def main():
# define the available arguments/parameters that a user can pass to
# the module
argument_spec = meraki_argument_spec()
policy_data_arg_spec = dict(
macs=dict(type='list', elements='str'),
state=dict(type='str',
choices=['merged', 'replaced', 'deleted'],
default='replaced'),
)
argument_spec.update(
state=dict(type='str', choices=['present', 'query'], default='query'),
serial=dict(type='str', required=True),
number=dict(type='str'),
name=dict(type='str', aliases=['description']),
tags=dict(type='list', elements='str'),
enabled=dict(type='bool', default=True),
type=dict(type='str', choices=['access', 'trunk'], default='access'),
vlan=dict(type='int'),
voice_vlan=dict(type='int'),
voice_vlan_state=dict(type='str',
choices=['present', 'absent'],
default='present'),
allowed_vlans=dict(type='list', elements='str', default='all'),
poe_enabled=dict(type='bool', default=True),
isolation_enabled=dict(type='bool', default=False),
rstp_enabled=dict(type='bool', default=True),
stp_guard=dict(
type='str',
choices=['disabled', 'root guard', 'bpdu guard', 'loop guard'],
default='disabled'),
access_policy_type=dict(type='str',
choices=[
'Open', 'Custom access policy',
'MAC allow list', 'Sticky MAC allow list'
]),
access_policy_number=dict(type='int'),
link_negotiation=dict(type='str',
choices=[
'Auto negotiate', '100 Megabit (auto)',
'100 Megabit full duplex (forced)'
],
default='Auto negotiate'),
mac_allow_list=dict(type='dict', options=policy_data_arg_spec),
sticky_mac_allow_list=dict(type='dict', options=policy_data_arg_spec),
sticky_mac_allow_list_limit=dict(type='int'),
)
# the AnsibleModule object will be our abstraction working with Ansible
# this includes instantiation, a couple of common attr would be the
# args/params passed to the execution, as well as if the module
# supports check mode
module = AnsibleModule(
argument_spec=argument_spec,
supports_check_mode=True,
)
meraki = MerakiModule(module, function='switchport')
if meraki.params.get('voice_vlan_state') == "absent" and meraki.params.get(
'voice_vlan'):
meraki.fail_json(
msg=
'voice_vlan_state cant be `absent` while voice_vlan is also defined.'
)
meraki.params['follow_redirects'] = 'all'
if meraki.params['type'] == 'trunk':
if not meraki.params['allowed_vlans']:
meraki.params['allowed_vlans'] = [
'all'
] # Backdoor way to set default without conflicting on access
query_urls = {'switchport': '/devices/{serial}/switch/ports'}
query_url = {'switchport': '/devices/{serial}/switch/ports/{number}'}
update_url = {'switchport': '/devices/{serial}/switch/ports/{number}'}
meraki.url_catalog['get_all'].update(query_urls)
meraki.url_catalog['get_one'].update(query_url)
meraki.url_catalog['update'] = update_url
# execute checks for argument completeness
# manipulate or modify the state as needed (this is going to be the
# part where your module will do what it needs to do)
if meraki.params['state'] == 'query':
if meraki.params['number']:
path = meraki.construct_path('get_one',
custom={
'serial': meraki.params['serial'],
'number': meraki.params['number'],
})
response = meraki.request(path, method='GET')
meraki.result['data'] = response
else:
path = meraki.construct_path(
'get_all', custom={'serial': meraki.params['serial']})
response = meraki.request(path, method='GET')
meraki.result['data'] = response
elif meraki.params['state'] == 'present':
payload = assemble_payload(meraki)
# meraki.fail_json(msg='payload', payload=payload)
allowed = set() # Use a set to remove duplicate items
if meraki.params['allowed_vlans'][0] == 'all':
allowed.add('all')
else:
for vlan in meraki.params['allowed_vlans']:
allowed.add(str(vlan))
if meraki.params['vlan'] is not None:
allowed.add(str(meraki.params['vlan']))
if len(allowed) > 1: # Convert from list to comma separated
payload['allowedVlans'] = sort_vlans(meraki, allowed)
else:
payload['allowedVlans'] = next(iter(allowed))
# Exceptions need to be made for idempotency check based on how Meraki returns
if meraki.params['type'] == 'access':
if not meraki.params[
'vlan']: # VLAN needs to be specified in access ports, but can't default to it
payload['vlan'] = 1
query_path = meraki.construct_path('get_one',
custom={
'serial':
meraki.params['serial'],
'number':
meraki.params['number'],
})
original = meraki.request(query_path, method='GET')
# Check voiceVlan to see if state is absent to remove the vlan.
if meraki.params.get('voice_vlan_state'):
if meraki.params.get('voice_vlan_state') == 'absent':
payload['voiceVlan'] = None
else:
payload['voiceVlan'] = meraki.params.get('voice_vlan')
if meraki.params.get('mac_allow_list'):
macs = get_mac_list(original.get('macAllowList'),
meraki.params["mac_allow_list"].get("macs"),
meraki.params["mac_allow_list"].get("state"))
payload['macAllowList'] = macs
# Evaluate Sticky Limit whether it was passed in or what is currently configured and was returned in GET call.
if meraki.params.get('sticky_mac_allow_list_limit'):
sticky_mac_limit = meraki.params.get('sticky_mac_allow_list_limit')
else:
sticky_mac_limit = original.get('stickyMacAllowListLimit')
if meraki.params.get('sticky_mac_allow_list'):
macs = get_mac_list(
original.get('stickyMacAllowList'),
meraki.params["sticky_mac_allow_list"].get("macs"),
meraki.params["sticky_mac_allow_list"].get("state"))
if int(sticky_mac_limit) < len(macs):
meraki.fail_json(
msg=
'Stick MAC Allow List Limit must be equal to or greater than length of Sticky MAC Allow List.'
)
payload['stickyMacAllowList'] = macs
payload['stickyMacAllowListLimit'] = sticky_mac_limit
proposed = payload.copy()
if meraki.params['type'] == 'trunk':
proposed['voiceVlan'] = original[
'voiceVlan'] # API shouldn't include voice VLAN on a trunk port
# meraki.fail_json(msg='Compare', original=original, payload=payload)
if meraki.is_update_required(original,
proposed,
optional_ignore=['number']):
if meraki.check_mode is True:
original.update(proposed)
meraki.result['data'] = original
meraki.result['changed'] = True
meraki.exit_json(**meraki.result)
path = meraki.construct_path('update',
custom={
'serial': meraki.params['serial'],
'number': meraki.params['number'],
})
# meraki.fail_json(msg=payload)
response = meraki.request(path,
method='PUT',
payload=json.dumps(payload))
meraki.result['data'] = response
meraki.result['changed'] = True
else:
meraki.result['data'] = original
# in the event of a successful module execution, you will want to
# simple AnsibleModule.exit_json(), passing the key/value results
meraki.exit_json(**meraki.result)
def main():
# define the available arguments/parameters that a user can pass to
# the module
allowedrules_arg_spec = dict(
rule_id=dict(type='str'),
message=dict(type='str'),
)
protected_nets_arg_spec = dict(
use_default=dict(type='bool'),
included_cidr=dict(type='list', elements='str'),
excluded_cidr=dict(type='list', elements='str'),
)
argument_spec = meraki_argument_spec()
argument_spec.update(
net_id=dict(type='str'),
net_name=dict(type='str', aliases=['name', 'network']),
state=dict(type='str',
choices=['absent', 'present', 'query'],
default='present'),
allowed_rules=dict(type='list',
default=None,
elements='dict',
options=allowedrules_arg_spec),
mode=dict(type='str', choices=['detection', 'disabled', 'prevention']),
ids_rulesets=dict(type='str',
choices=['connectivity', 'balanced', 'security']),
protected_networks=dict(type='dict',
default=None,
options=protected_nets_arg_spec),
)
# the AnsibleModule object will be our abstraction working with Ansible
# this includes instantiation, a couple of common attr would be the
# args/params passed to the execution, as well as if the module
# supports check mode
module = AnsibleModule(
argument_spec=argument_spec,
supports_check_mode=True,
)
meraki = MerakiModule(module, function='intrusion_prevention')
module.params['follow_redirects'] = 'all'
payload = None
query_org_urls = {
'intrusion_prevention':
'/organizations/{org_id}/appliance/security/intrusion'
}
query_net_urls = {
'intrusion_prevention':
'/networks/{net_id}/appliance/security/intrusion'
}
set_org_urls = {
'intrusion_prevention':
'/organizations/{org_id}/appliance/security/intrusion'
}
set_net_urls = {
'intrusion_prevention':
'/networks/{net_id}/appliance/security/intrusion'
}
meraki.url_catalog['query_org'] = query_org_urls
meraki.url_catalog['query_net'] = query_net_urls
meraki.url_catalog['set_org'] = set_org_urls
meraki.url_catalog['set_net'] = set_net_urls
if not meraki.params['org_name'] and not meraki.params['org_id']:
meraki.fail_json(msg='org_name or org_id parameters are required')
if meraki.params['net_name'] and meraki.params['net_id']:
meraki.fail_json(msg='net_name and net_id are mutually exclusive')
if meraki.params['net_name'] is None and meraki.params[
'net_id'] is None: # Organization param check
if meraki.params['state'] == 'present':
if meraki.params['allowed_rules'] is None:
meraki.fail_json(
msg=
'allowed_rules is required when state is present and no network is specified.'
)
if meraki.params['net_name'] or meraki.params[
'net_id']: # Network param check
if meraki.params['state'] == 'present':
if meraki.params['protected_networks'] is not None:
if meraki.params['protected_networks'][
'use_default'] is False and meraki.params[
'protected_networks']['included_cidr'] is None:
meraki.fail_json(
msg=
"included_cidr is required when use_default is False.")
if meraki.params['protected_networks'][
'use_default'] is False and meraki.params[
'protected_networks']['excluded_cidr'] is None:
meraki.fail_json(
msg=
"excluded_cidr is required when use_default is False.")
org_id = meraki.params['org_id']
if not org_id:
org_id = meraki.get_org_id(meraki.params['org_name'])
net_id = meraki.params['net_id']
if net_id is None and meraki.params['net_name']:
nets = meraki.get_nets(org_id=org_id)
net_id = meraki.get_net_id(net_name=meraki.params['net_name'],
data=nets)
# Assemble payload
if meraki.params['state'] == 'present':
if net_id is None: # Create payload for organization
rules = []
for rule in meraki.params['allowed_rules']:
rules.append({
'ruleId': rule['rule_id'],
'message': rule['message'],
})
payload = {'allowedRules': rules}
else: # Create payload for network
payload = dict()
if meraki.params['mode']:
payload['mode'] = meraki.params['mode']
if meraki.params['ids_rulesets']:
payload['idsRulesets'] = meraki.params['ids_rulesets']
if meraki.params['protected_networks']:
payload['protectedNetworks'] = {}
if meraki.params['protected_networks']['use_default']:
payload['protectedNetworks'].update({
'useDefault':
meraki.params['protected_networks']['use_default']
})
if meraki.params['protected_networks']['included_cidr']:
payload['protectedNetworks'].update({
'includedCidr':
meraki.params['protected_networks']['included_cidr']
})
if meraki.params['protected_networks']['excluded_cidr']:
payload['protectedNetworks'].update({
'excludedCidr':
meraki.params['protected_networks']['excluded_cidr']
})
elif meraki.params['state'] == 'absent':
if net_id is None: # Create payload for organization
payload = {'allowedRules': []}
if meraki.params['state'] == 'query':
if net_id is None: # Query settings for organization
path = meraki.construct_path('query_org', org_id=org_id)
data = meraki.request(path, method='GET')
if meraki.status == 200:
meraki.result['data'] = data
else: # Query settings for network
path = meraki.construct_path('query_net', net_id=net_id)
data = meraki.request(path, method='GET')
elif meraki.params['state'] == 'present':
path = meraki.construct_path('query_org', org_id=org_id)
original = meraki.request(path, method='GET')
if net_id is None: # Set configuration for organization
if meraki.is_update_required(original,
payload,
optional_ignore=['message']):
if meraki.module.check_mode is True:
original.update(payload)
meraki.result['data'] = original
meraki.result['changed'] = True
meraki.exit_json(**meraki.result)
path = meraki.construct_path('set_org', org_id=org_id)
data = meraki.request(path,
method='PUT',
payload=json.dumps(payload))
if meraki.status == 200:
meraki.result['data'] = data
meraki.result['changed'] = True
else:
meraki.result['data'] = original
meraki.result['changed'] = False
else: # Set configuration for network
path = meraki.construct_path('query_net', net_id=net_id)
original = meraki.request(path, method='GET')
if meraki.is_update_required(original, payload):
if meraki.module.check_mode is True:
payload.update(original)
meraki.result['data'] = payload
meraki.result['changed'] = True
meraki.exit_json(**meraki.result)
path = meraki.construct_path('set_net', net_id=net_id)
data = meraki.request(path,
method='PUT',
payload=json.dumps(payload))
if meraki.status == 200:
meraki.result['data'] = data
meraki.result['changed'] = True
else:
meraki.result['data'] = original
meraki.result['changed'] = False
elif meraki.params['state'] == 'absent':
if net_id is None:
path = meraki.construct_path('query_org', org_id=org_id)
original = meraki.request(path, method='GET')
if meraki.is_update_required(original, payload):
if meraki.module.check_mode is True:
payload.update(original)
meraki.result['data'] = payload
meraki.result['changed'] = True
meraki.exit_json(**meraki.result)
path = meraki.construct_path('set_org', org_id=org_id)
data = meraki.request(path,
method='PUT',
payload=json.dumps(payload))
if meraki.status == 200:
meraki.result['data'] = data
meraki.result['changed'] = True
else:
meraki.result['data'] = original
meraki.result['changed'] = False
# in the event of a successful module execution, you will want to
# simple AnsibleModule.exit_json(), passing the key/value results
meraki.exit_json(**meraki.result)
def main():
# define the available arguments/parameters that a user can pass to
# the module
network_arg_spec = dict(
id=dict(type='str'),
network=dict(type='str'),
access=dict(type='str'),
)
tag_arg_spec = dict(
tag=dict(type='str'),
access=dict(type='str'),
)
argument_spec = meraki_argument_spec()
argument_spec.update(
state=dict(type='str',
choices=['present', 'query', 'absent'],
required=True),
name=dict(type='str'),
email=dict(type='str'),
org_access=dict(type='str',
aliases=['orgAccess'],
choices=['full', 'read-only', 'none']),
tags=dict(type='list', elements='dict', options=tag_arg_spec),
networks=dict(type='list', elements='dict', options=network_arg_spec),
org_name=dict(type='str', aliases=['organization']),
org_id=dict(type='str'),
)
# the AnsibleModule object will be our abstraction working with Ansible
# this includes instantiation, a couple of common attr would be the
# args/params passed to the execution, as well as if the module
# supports check mode
module = AnsibleModule(
argument_spec=argument_spec,
supports_check_mode=True,
)
meraki = MerakiModule(module, function='admin')
meraki.function = 'admin'
meraki.params['follow_redirects'] = 'all'
query_urls = {
'admin': '/organizations/{org_id}/admins',
}
create_urls = {
'admin': '/organizations/{org_id}/admins',
}
update_urls = {
'admin': '/organizations/{org_id}/admins/',
}
revoke_urls = {
'admin': '/organizations/{org_id}/admins/',
}
meraki.url_catalog['query'] = query_urls
meraki.url_catalog['create'] = create_urls
meraki.url_catalog['update'] = update_urls
meraki.url_catalog['revoke'] = revoke_urls
try:
meraki.params['auth_key'] = os.environ['MERAKI_KEY']
except KeyError:
pass
# if the user is working with this module in only check mode we do not
# want to make any changes to the environment, just return the current
# state with no modifications
# execute checks for argument completeness
if meraki.params['state'] == 'query':
meraki.mututally_exclusive = ['name', 'email']
if not meraki.params['org_name'] and not meraki.params['org_id']:
meraki.fail_json(msg='org_name or org_id required')
meraki.required_if = [
(['state'], ['absent'], ['email']),
]
# manipulate or modify the state as needed (this is going to be the
# part where your module will do what it needs to do)
org_id = meraki.params['org_id']
if not meraki.params['org_id']:
org_id = meraki.get_org_id(meraki.params['org_name'])
if meraki.params['state'] == 'query':
admins = get_admins(meraki, org_id)
if not meraki.params['name'] and not meraki.params[
'email']: # Return all admins for org
meraki.result['data'] = admins
if meraki.params['name'] is not None: # Return a single admin for org
admin_id = get_admin_id(meraki, admins, name=meraki.params['name'])
meraki.result['data'] = admin_id
admin = get_admin(meraki, admins, admin_id)
meraki.result['data'] = admin
elif meraki.params['email'] is not None:
admin_id = get_admin_id(meraki,
admins,
email=meraki.params['email'])
meraki.result['data'] = admin_id
admin = get_admin(meraki, admins, admin_id)
meraki.result['data'] = admin
elif meraki.params['state'] == 'present':
r = create_admin(
meraki,
org_id,
meraki.params['name'],
meraki.params['email'],
)
if r != -1:
meraki.result['data'] = r
elif meraki.params['state'] == 'absent':
if meraki.module.check_mode is True:
meraki.result['data'] = {}
meraki.result['changed'] = True
meraki.exit_json(**meraki.result)
admin_id = get_admin_id(meraki,
get_admins(meraki, org_id),
email=meraki.params['email'])
r = delete_admin(meraki, org_id, admin_id)
if r != -1:
meraki.result['data'] = r
meraki.result['changed'] = True
# in the event of a successful module execution, you will want to
# simple AnsibleModule.exit_json(), passing the key/value results
meraki.exit_json(**meraki.result)
def main():
# define the available arguments/parameters that a user can pass to
# the module
argument_spec = meraki_argument_spec()
argument_spec.update(state=dict(type='str', choices=['absent', 'present', 'query'], default='query'),
net_name=dict(type='str', aliases=['network']),
net_id=dict(type='str'),
serial=dict(type='str'),
serial_uplink=dict(type='str'),
serial_lldp_cdp=dict(type='str'),
lldp_cdp_timespan=dict(type='int'),
hostname=dict(type='str', aliases=['name']),
model=dict(type='str'),
tags=dict(type='str'),
lat=dict(type='float', aliases=['latitude']),
lng=dict(type='float', aliases=['longitude']),
address=dict(type='str'),
move_map_marker=dict(type='bool'),
note=dict(type='str'),
)
# seed the result dict in the object
# we primarily care about changed and state
# change is if this module effectively modified the target
# state will include any data that you want your module to pass back
# for consumption, for example, in a subsequent task
result = dict(
changed=False,
)
# the AnsibleModule object will be our abstraction working with Ansible
# this includes instantiation, a couple of common attr would be the
# args/params passed to the execution, as well as if the module
# supports check mode
module = AnsibleModule(argument_spec=argument_spec,
supports_check_mode=True,
)
meraki = MerakiModule(module, function='device')
if meraki.params['serial_lldp_cdp'] and not meraki.params['lldp_cdp_timespan']:
meraki.fail_json(msg='lldp_cdp_timespan is required when querying LLDP and CDP information')
if meraki.params['net_name'] and meraki.params['net_id']:
meraki.fail_json(msg='net_name and net_id are mutually exclusive')
meraki.params['follow_redirects'] = 'all'
query_urls = {'device': '/networks/{net_id}/devices'}
query_org_urls = {'device': '/organizations/{org_id}/inventory'}
query_device_urls = {'device': '/networks/{net_id}/devices/'}
claim_device_urls = {'device': '/networks/{net_id}/devices/claim'}
bind_org_urls = {'device': '/organizations/{org_id}/claim'}
update_device_urls = {'device': '/networks/{net_id}/devices/'}
delete_device_urls = {'device': '/networks/{net_id}/devices/'}
meraki.url_catalog['get_all'].update(query_urls)
meraki.url_catalog['get_all_org'] = query_org_urls
meraki.url_catalog['get_device'] = query_device_urls
meraki.url_catalog['create'] = claim_device_urls
meraki.url_catalog['bind_org'] = bind_org_urls
meraki.url_catalog['update'] = update_device_urls
meraki.url_catalog['delete'] = delete_device_urls
payload = None
# if the user is working with this module in only check mode we do not
# want to make any changes to the environment, just return the current
# state with no modifications
# FIXME: Work with Meraki so they can implement a check mode
if module.check_mode:
meraki.exit_json(**meraki.result)
# execute checks for argument completeness
# manipulate or modify the state as needed (this is going to be the
# part where your module will do what it needs to do)
org_id = meraki.params['org_id']
if org_id is None:
org_id = meraki.get_org_id(meraki.params['org_name'])
nets = meraki.get_nets(org_id=org_id)
net_id = None
if meraki.params['net_id'] or meraki.params['net_name']:
net_id = meraki.params['net_id']
if net_id is None:
net_id = meraki.get_net_id(net_name=meraki.params['net_name'], data=nets)
if meraki.params['state'] == 'query':
if meraki.params['net_name'] or meraki.params['net_id']:
device = []
if meraki.params['serial']:
path = meraki.construct_path('get_device', net_id=net_id) + meraki.params['serial']
request = meraki.request(path, method='GET')
device.append(request)
meraki.result['data'] = device
elif meraki.params['serial_uplink']:
path = meraki.construct_path('get_device', net_id=net_id) + meraki.params['serial_uplink'] + '/uplink'
meraki.result['data'] = (meraki.request(path, method='GET'))
elif meraki.params['serial_lldp_cdp']:
if meraki.params['lldp_cdp_timespan'] > 2592000:
meraki.fail_json(msg='LLDP/CDP timespan must be less than a month (2592000 seconds)')
path = meraki.construct_path('get_device', net_id=net_id) + meraki.params['serial_lldp_cdp'] + '/lldp_cdp'
path = path + '?timespan=' + str(meraki.params['lldp_cdp_timespan'])
device.append(meraki.request(path, method='GET'))
meraki.result['data'] = device
elif meraki.params['hostname']:
path = meraki.construct_path('get_all', net_id=net_id)
devices = meraki.request(path, method='GET')
for unit in devices:
try:
if unit['name'] == meraki.params['hostname']:
device.append(unit)
meraki.result['data'] = device
except KeyError:
pass
elif meraki.params['model']:
path = meraki.construct_path('get_all', net_id=net_id)
devices = meraki.request(path, method='GET')
device_match = []
for device in devices:
if device['model'] == meraki.params['model']:
device_match.append(device)
meraki.result['data'] = device_match
else:
path = meraki.construct_path('get_all', net_id=net_id)
request = meraki.request(path, method='GET')
meraki.result['data'] = request
else:
path = meraki.construct_path('get_all_org', org_id=org_id)
devices = meraki.request(path, method='GET')
if meraki.params['serial']:
for device in devices:
if device['serial'] == meraki.params['serial']:
meraki.result['data'] = device
else:
meraki.result['data'] = devices
elif meraki.params['state'] == 'present':
device = []
if meraki.params['hostname']:
query_path = meraki.construct_path('get_all', net_id=net_id)
device_list = meraki.request(query_path, method='GET')
if is_device_valid(meraki, meraki.params['serial'], device_list):
payload = {'name': meraki.params['hostname'],
'tags': format_tags(meraki.params['tags']),
'lat': meraki.params['lat'],
'lng': meraki.params['lng'],
'address': meraki.params['address'],
'moveMapMarker': meraki.params['move_map_marker'],
'notes': meraki.params['note'],
}
query_path = meraki.construct_path('get_device', net_id=net_id) + meraki.params['serial']
device_data = meraki.request(query_path, method='GET')
ignore_keys = ['lanIp', 'serial', 'mac', 'model', 'networkId', 'moveMapMarker', 'wan1Ip', 'wan2Ip']
# meraki.fail_json(msg="Compare", original=device_data, payload=payload, ignore=ignore_keys)
if meraki.is_update_required(device_data, payload, optional_ignore=ignore_keys):
path = meraki.construct_path('update', net_id=net_id) + meraki.params['serial']
updated_device = []
updated_device.append(meraki.request(path, method='PUT', payload=json.dumps(payload)))
meraki.result['data'] = updated_device
meraki.result['changed'] = True
else:
meraki.result['data'] = device_data
else:
if net_id is None:
device_list = get_org_devices(meraki, org_id)
if is_device_valid(meraki, meraki.params['serial'], device_list) is False:
payload = {'serial': meraki.params['serial']}
path = meraki.construct_path('bind_org', org_id=org_id)
created_device = []
created_device.append(meraki.request(path, method='POST', payload=json.dumps(payload)))
meraki.result['data'] = created_device
meraki.result['changed'] = True
else:
query_path = meraki.construct_path('get_all', net_id=net_id)
device_list = meraki.request(query_path, method='GET')
if is_device_valid(meraki, meraki.params['serial'], device_list) is False:
if net_id:
payload = {'serial': meraki.params['serial']}
path = meraki.construct_path('create', net_id=net_id)
created_device = []
created_device.append(meraki.request(path, method='POST', payload=json.dumps(payload)))
meraki.result['data'] = created_device
meraki.result['changed'] = True
elif meraki.params['state'] == 'absent':
device = []
query_path = meraki.construct_path('get_all', net_id=net_id)
device_list = meraki.request(query_path, method='GET')
if is_device_valid(meraki, meraki.params['serial'], device_list) is True:
path = meraki.construct_path('delete', net_id=net_id)
path = path + meraki.params['serial'] + '/remove'
request = meraki.request(path, method='POST')
meraki.result['changed'] = True
# in the event of a successful module execution, you will want to
# simple AnsibleModule.exit_json(), passing the key/value results
meraki.exit_json(**meraki.result)
def main():
# define the available arguments/parameters that a user can pass to
# the module
fixed_ip_arg_spec = dict(
mac=dict(type='str'),
ip=dict(type='str'),
name=dict(type='str'),
)
reserved_ip_arg_spec = dict(
start=dict(type='str'),
end=dict(type='str'),
comment=dict(type='str'),
)
argument_spec = meraki_argument_spec()
argument_spec.update(
net_id=dict(type='str'),
net_name=dict(type='str'),
name=dict(type='str'),
subnet=dict(type='str'),
gateway_ip=dict(type='str'),
state=dict(type='str',
default='present',
choices=['absent', 'present', 'query']),
fixed_ip_assignments=dict(type='list',
elements='dict',
options=fixed_ip_arg_spec),
reserved_ip_ranges=dict(type='list',
elements='dict',
options=reserved_ip_arg_spec),
route_id=dict(type='str'),
enabled=dict(type='bool'),
)
# the AnsibleModule object will be our abstraction working with Ansible
# this includes instantiation, a couple of common attr would be the
# args/params passed to the execution, as well as if the module
# supports check mode
module = AnsibleModule(
argument_spec=argument_spec,
supports_check_mode=True,
)
meraki = MerakiModule(module, function='static_route')
module.params['follow_redirects'] = 'all'
payload = None
query_urls = {'static_route': '/networks/{net_id}/staticRoutes'}
query_one_urls = {
'static_route': '/networks/{net_id}/staticRoutes/{route_id}'
}
create_urls = {'static_route': '/networks/{net_id}/staticRoutes/'}
update_urls = {
'static_route': '/networks/{net_id}/staticRoutes/{route_id}'
}
delete_urls = {
'static_route': '/networks/{net_id}/staticRoutes/{route_id}'
}
meraki.url_catalog['get_all'].update(query_urls)
meraki.url_catalog['get_one'].update(query_one_urls)
meraki.url_catalog['create'] = create_urls
meraki.url_catalog['update'] = update_urls
meraki.url_catalog['delete'] = delete_urls
if not meraki.params['org_name'] and not meraki.params['org_id']:
meraki.fail_json(
msg="Parameters 'org_name' or 'org_id' parameters are required")
if not meraki.params['net_name'] and not meraki.params['net_id']:
meraki.fail_json(
msg="Parameters 'net_name' or 'net_id' parameters are required")
if meraki.params['net_name'] and meraki.params['net_id']:
meraki.fail_json(msg="'net_name' and 'net_id' are mutually exclusive")
# Construct payload
if meraki.params['state'] == 'present':
payload = dict()
if meraki.params['net_name']:
payload['name'] = meraki.params['net_name']
# manipulate or modify the state as needed (this is going to be the
# part where your module will do what it needs to do)
org_id = meraki.params['org_id']
if not org_id:
org_id = meraki.get_org_id(meraki.params['org_name'])
net_id = meraki.params['net_id']
if net_id is None:
nets = meraki.get_nets(org_id=org_id)
net_id = meraki.get_net_id(net_name=meraki.params['net_name'],
data=nets)
if meraki.params['state'] == 'query':
if meraki.params['route_id'] is not None:
meraki.result['data'] = get_static_route(meraki, net_id,
meraki.params['route_id'])
else:
meraki.result['data'] = get_static_routes(meraki, net_id)
elif meraki.params['state'] == 'present':
payload = {
'name': meraki.params['name'],
'subnet': meraki.params['subnet'],
'gatewayIp': meraki.params['gateway_ip'],
}
if meraki.params['fixed_ip_assignments'] is not None:
payload['fixedIpAssignments'] = fixed_ip_factory(
meraki, meraki.params['fixed_ip_assignments'])
if meraki.params['reserved_ip_ranges'] is not None:
payload['reservedIpRanges'] = meraki.params['reserved_ip_ranges']
# meraki.fail_json(msg="payload", payload=payload)
if meraki.params['enabled'] is not None:
payload['enabled'] = meraki.params['enabled']
if meraki.params['route_id']:
existing_route = get_static_route(meraki, net_id,
meraki.params['route_id'])
proposed = existing_route.copy()
proposed.update(payload)
if module.check_mode:
meraki.result['data'] = proposed
meraki.result['data'].update(payload)
meraki.exit_json(**meraki.result)
if meraki.is_update_required(existing_route,
proposed,
optional_ignore=['id']):
path = meraki.construct_path(
'update',
net_id=net_id,
custom={'route_id': meraki.params['route_id']})
meraki.result['data'] = meraki.request(
path, method="PUT", payload=json.dumps(payload))
meraki.result['changed'] = True
else:
meraki.result['data'] = existing_route
else:
if module.check_mode:
meraki.result['data'] = payload
meraki.exit_json(**meraki.result)
path = meraki.construct_path('create', net_id=net_id)
meraki.result['data'] = meraki.request(path,
method="POST",
payload=json.dumps(payload))
meraki.result['changed'] = True
elif meraki.params['state'] == 'absent':
if module.check_mode:
meraki.exit_json(**meraki.result)
path = meraki.construct_path(
'delete',
net_id=net_id,
custom={'route_id': meraki.params['route_id']})
meraki.result['data'] = meraki.request(path, method='DELETE')
meraki.result['changed'] = True
# in the event of a successful module execution, you will want to
# simple AnsibleModule.exit_json(), passing the key/value results
meraki.exit_json(**meraki.result)
def main():
default_payload = {
'name': 'Unconfigured SSID',
'auth_mode': 'open',
'splashPage': 'None',
'perClientBandwidthLimitUp': 0,
'perClientBandwidthLimitDown': 0,
'ipAssignmentMode': 'NAT mode',
'enabled': False,
'bandSelection': 'Dual band operation',
'minBitrate': 11,
}
# define the available arguments/parameters that a user can pass to
# the module
radius_arg_spec = dict(
host=dict(type='str', required=True),
port=dict(type='int'),
secret=dict(type='str', no_log=True),
)
vlan_arg_spec = dict(
tags=dict(type='list', elements='str'),
vlan_id=dict(type='int'),
)
argument_spec = meraki_argument_spec()
argument_spec.update(
state=dict(type='str',
choices=['absent', 'present', 'query'],
default='present'),
number=dict(type='int', aliases=['ssid_number']),
name=dict(type='str'),
org_name=dict(type='str', aliases=['organization']),
org_id=dict(type='str'),
net_name=dict(type='str'),
net_id=dict(type='str'),
enabled=dict(type='bool'),
auth_mode=dict(type='str',
choices=[
'open', 'psk', 'open-with-radius', '8021x-meraki',
'8021x-radius'
]),
encryption_mode=dict(type='str', choices=['wpa', 'eap', 'wpa-eap']),
psk=dict(type='str', no_log=True),
wpa_encryption_mode=dict(type='str',
choices=[
'WPA1 and WPA2', 'WPA2 only',
'WPA3 Transition Mode', 'WPA3 only'
]),
splash_page=dict(type='str',
choices=[
'None', 'Click-through splash page', 'Billing',
'Password-protected with Meraki RADIUS',
'Password-protected with custom RADIUS',
'Password-protected with Active Directory',
'Password-protected with LDAP',
'SMS authentication', 'Systems Manager Sentry',
'Facebook Wi-Fi', 'Google OAuth',
'Sponsored guest'
]),
radius_servers=dict(type='list',
default=None,
elements='dict',
options=radius_arg_spec),
radius_coa_enabled=dict(type='bool'),
radius_failover_policy=dict(type='str',
choices=['Deny access', 'Allow access']),
radius_load_balancing_policy=dict(
type='str', choices=['Strict priority order', 'Round robin']),
radius_accounting_enabled=dict(type='bool'),
radius_accounting_servers=dict(type='list',
elements='dict',
options=radius_arg_spec),
ip_assignment_mode=dict(type='str',
choices=[
'NAT mode', 'Bridge mode',
'Layer 3 roaming',
'Layer 3 roaming with a concentrator',
'VPN'
]),
use_vlan_tagging=dict(type='bool'),
concentrator_network_id=dict(type='str'),
vlan_id=dict(type='int'),
default_vlan_id=dict(type='int'),
ap_tags_vlan_ids=dict(type='list',
default=None,
elements='dict',
options=vlan_arg_spec),
walled_garden_enabled=dict(type='bool'),
walled_garden_ranges=dict(type='list', elements='str'),
min_bitrate=dict(type='float',
choices=[1, 2, 5.5, 6, 9, 11, 12, 18, 24, 36, 48,
54]),
band_selection=dict(type='str',
choices=[
'Dual band operation', '5 GHz band only',
'Dual band operation with Band Steering'
]),
per_client_bandwidth_limit_up=dict(type='int'),
per_client_bandwidth_limit_down=dict(type='int'),
)
# the AnsibleModule object will be our abstraction working with Ansible
# this includes instantiation, a couple of common attr would be the
# args/params passed to the execution, as well as if the module
# supports check mode
module = AnsibleModule(
argument_spec=argument_spec,
supports_check_mode=True,
)
meraki = MerakiModule(module, function='ssid')
meraki.params['follow_redirects'] = 'all'
query_urls = {'ssid': '/networks/{net_id}/wireless/ssids'}
query_url = {'ssid': '/networks/{net_id}/wireless/ssids/{number}'}
update_url = {'ssid': '/networks/{net_id}/wireless/ssids/'}
meraki.url_catalog['get_all'].update(query_urls)
meraki.url_catalog['get_one'].update(query_url)
meraki.url_catalog['update'] = update_url
payload = None
# execute checks for argument completeness
if meraki.params['psk']:
if meraki.params['auth_mode'] != 'psk':
meraki.fail_json(
msg='PSK is only allowed when auth_mode is set to psk')
if meraki.params['encryption_mode'] != 'wpa':
meraki.fail_json(msg='PSK requires encryption_mode be set to wpa')
if meraki.params['radius_servers']:
if meraki.params['auth_mode'] not in ('open-with-radius',
'8021x-radius'):
meraki.fail_json(
msg=
'radius_servers requires auth_mode to be open-with-radius or 8021x-radius'
)
if meraki.params['radius_accounting_enabled'] is True:
if meraki.params['auth_mode'] not in ('open-with-radius',
'8021x-radius'):
meraki.fails_json(
msg=
'radius_accounting_enabled is only allowed when auth_mode is open-with-radius or 8021x-radius'
)
if meraki.params['radius_accounting_servers'] is True:
if meraki.params['auth_mode'] not in (
'open-with-radius', '8021x-radius'
) or meraki.params['radius_accounting_enabled'] is False:
meraki.fail_json(
msg=
'radius_accounting_servers is only allowed when auth_mode is open_with_radius or 8021x-radius and \
radius_accounting_enabled is true')
if meraki.params['use_vlan_tagging'] is True:
if meraki.params['default_vlan_id'] is None:
meraki.fail_json(
msg="default_vlan_id is required when use_vlan_tagging is True"
)
# manipulate or modify the state as needed (this is going to be the
# part where your module will do what it needs to do)
org_id = meraki.params['org_id']
net_id = meraki.params['net_id']
if org_id is None:
org_id = meraki.get_org_id(meraki.params['org_name'])
if net_id is None:
nets = meraki.get_nets(org_id=org_id)
net_id = meraki.get_net_id(org_id,
meraki.params['net_name'],
data=nets)
if meraki.params['state'] == 'query':
if meraki.params['name']:
ssid_id = get_ssid_number(meraki.params['name'],
get_ssids(meraki, net_id))
path = meraki.construct_path('get_one',
net_id=net_id,
custom={'number': ssid_id})
meraki.result['data'] = meraki.request(path, method='GET')
elif meraki.params['number'] is not None:
path = meraki.construct_path(
'get_one',
net_id=net_id,
custom={'number': meraki.params['number']})
meraki.result['data'] = meraki.request(path, method='GET')
else:
meraki.result['data'] = get_ssids(meraki, net_id)
elif meraki.params['state'] == 'present':
payload = construct_payload(meraki)
ssids = get_ssids(meraki, net_id)
number = meraki.params['number']
if number is None:
number = get_ssid_number(meraki.params['name'], ssids)
original = ssids[number]
if meraki.is_update_required(original,
payload,
optional_ignore=['secret']):
ssid_id = meraki.params['number']
if ssid_id is None: # Name should be used to lookup number
ssid_id = get_ssid_number(meraki.params['name'], ssids)
if ssid_id is False:
ssid_id = get_available_number(ssids)
if ssid_id is False:
meraki.fail_json(
msg=
'No unconfigured SSIDs are available. Specify a number.'
)
if meraki.check_mode is True:
original.update(payload)
meraki.result['data'] = original
meraki.result['changed'] = True
meraki.exit_json(**meraki.result)
path = meraki.construct_path('update',
net_id=net_id) + str(ssid_id)
result = meraki.request(path, 'PUT', payload=json.dumps(payload))
meraki.result['data'] = result
meraki.result['changed'] = True
else:
meraki.result['data'] = original
elif meraki.params['state'] == 'absent':
ssids = get_ssids(meraki, net_id)
ssid_id = meraki.params['number']
if ssid_id is None: # Name should be used to lookup number
ssid_id = get_ssid_number(meraki.params['name'], ssids)
if ssid_id is False:
ssid_id = get_available_number(ssids)
if ssid_id is False:
meraki.fail_json(
msg=
'No SSID found by specified name and no number was referenced.'
)
if meraki.check_mode is True:
meraki.result['data'] = {}
meraki.result['changed'] = True
meraki.exit_json(**meraki.result)
path = meraki.construct_path('update', net_id=net_id) + str(ssid_id)
payload = default_payload
payload['name'] = payload['name'] + ' ' + str(ssid_id + 1)
result = meraki.request(path, 'PUT', payload=json.dumps(payload))
meraki.result['data'] = result
meraki.result['changed'] = True
# in the event of a successful module execution, you will want to
# simple AnsibleModule.exit_json(), passing the key/value results
meraki.exit_json(**meraki.result)
def main():
# define the available arguments/parameters that a user can pass to
# the module
fw_rules = dict(
policy=dict(type='str', choices=['allow', 'deny']),
protocol=dict(type='str', choices=['tcp', 'udp', 'icmp', 'any']),
dest_port=dict(type='str'),
dest_cidr=dict(type='str'),
comment=dict(type='str'),
)
argument_spec = meraki_argument_spec()
argument_spec.update(
state=dict(type='str', choices=['present', 'query'],
default='present'),
net_name=dict(type='str'),
net_id=dict(type='str'),
number=dict(type='str', aliases=['ssid_number']),
ssid_name=dict(type='str', aliases=['ssid']),
rules=dict(type='list',
default=None,
elements='dict',
options=fw_rules),
allow_lan_access=dict(type='bool', default=True),
)
# the AnsibleModule object will be our abstraction working with Ansible
# this includes instantiation, a couple of common attr would be the
# args/params passed to the execution, as well as if the module
# supports check mode
module = AnsibleModule(
argument_spec=argument_spec,
supports_check_mode=True,
)
meraki = MerakiModule(module, function='mr_l3_firewall')
meraki.params['follow_redirects'] = 'all'
query_urls = {
'mr_l3_firewall': '/networks/{net_id}/ssids/{number}/l3FirewallRules'
}
update_urls = {
'mr_l3_firewall': '/networks/{net_id}/ssids/{number}/l3FirewallRules'
}
meraki.url_catalog['get_all'].update(query_urls)
meraki.url_catalog['update'] = update_urls
payload = None
# execute checks for argument completeness
# manipulate or modify the state as needed (this is going to be the
# part where your module will do what it needs to do)
org_id = meraki.params['org_id']
orgs = None
if org_id is None:
orgs = meraki.get_orgs()
for org in orgs:
if org['name'] == meraki.params['org_name']:
org_id = org['id']
net_id = meraki.params['net_id']
if net_id is None:
if orgs is None:
orgs = meraki.get_orgs()
net_id = meraki.get_net_id(net_name=meraki.params['net_name'],
data=meraki.get_nets(org_id=org_id))
number = meraki.params['number']
if meraki.params['ssid_name']:
number = get_ssid_number(meraki.params['ssid_name'],
get_ssids(meraki, net_id))
if meraki.params['state'] == 'query':
meraki.result['data'] = get_rules(meraki, net_id, number)
elif meraki.params['state'] == 'present':
rules = get_rules(meraki, net_id, number)
path = meraki.construct_path('get_all',
net_id=net_id,
custom={'number': number})
if meraki.params['rules']:
payload = assemble_payload(meraki)
else:
payload = dict()
update = False
try:
if len(rules) != len(
payload['rules']
): # Quick and simple check to avoid more processing
update = True
if update is False:
for r in range(len(rules) - 2):
if meraki.is_update_required(rules[r], payload[r]) is True:
update = True
except KeyError:
pass
if rules[len(rules) - 2] != meraki.params['allow_lan_access']:
update = True
if update is True:
payload['allowLanAccess'] = meraki.params['allow_lan_access']
if meraki.check_mode is True:
# This code is disgusting, rework it at some point
if 'rules' in payload:
cleansed_payload = payload['rules']
cleansed_payload.append(rules[len(rules) - 1])
cleansed_payload.append(rules[len(rules) - 2])
if meraki.params['allow_lan_access'] is None:
cleansed_payload[len(cleansed_payload) -
2]['policy'] = rules[len(rules) -
2]['policy']
else:
if meraki.params['allow_lan_access'] is True:
cleansed_payload[len(cleansed_payload) -
2]['policy'] = 'allow'
else:
cleansed_payload[len(cleansed_payload) -
2]['policy'] = 'deny'
else:
if meraki.params['allow_lan_access'] is True:
rules[len(rules) - 2]['policy'] = 'allow'
else:
rules[len(rules) - 2]['policy'] = 'deny'
cleansed_payload = rules
meraki.result['data'] = cleansed_payload
meraki.result['changed'] = True
meraki.exit_json(**meraki.result)
response = meraki.request(path,
method='PUT',
payload=json.dumps(payload))
if meraki.status == 200:
meraki.result['data'] = response
meraki.result['changed'] = True
else:
meraki.result['data'] = rules
# in the event of a successful module execution, you will want to
# simple AnsibleModule.exit_json(), passing the key/value results
meraki.exit_json(**meraki.result)
def main():
# define the available arguments/parameters that a user can pass to
# the module
argument_spec = meraki_argument_spec()
argument_spec.update(
state=dict(type='str',
choices=['absent', 'present', 'query'],
default='query'),
net_name=dict(type='str', aliases=['network']),
net_id=dict(type='str'),
name=dict(type='str'),
url=dict(type='str'),
shared_secret=dict(type='str', no_log=True),
webhook_id=dict(type='str'),
test=dict(type='str', choices=['test', 'status']),
test_id=dict(type='str'),
)
# the AnsibleModule object will be our abstraction working with Ansible
# this includes instantiation, a couple of common attr would be the
# args/params passed to the execution, as well as if the module
# supports check mode
module = AnsibleModule(
argument_spec=argument_spec,
supports_check_mode=True,
)
meraki = MerakiModule(module, function='webhooks')
meraki.params['follow_redirects'] = 'all'
query_url = {'webhooks': '/networks/{net_id}/httpServers'}
query_one_url = {'webhooks': '/networks/{net_id}/httpServers/{hookid}'}
create_url = {'webhooks': '/networks/{net_id}/httpServers'}
update_url = {'webhooks': '/networks/{net_id}/httpServers/{hookid}'}
delete_url = {'webhooks': '/networks/{net_id}/httpServers/{hookid}'}
test_url = {'webhooks': '/networks/{net_id}/httpServers/webhookTests'}
test_status_url = {
'webhooks': '/networks/{net_id}/httpServers/webhookTests/{testid}'
}
meraki.url_catalog['get_all'].update(query_url)
meraki.url_catalog['get_one'].update(query_one_url)
meraki.url_catalog['create'] = create_url
meraki.url_catalog['update'] = update_url
meraki.url_catalog['delete'] = delete_url
meraki.url_catalog['test'] = test_url
meraki.url_catalog['test_status'] = test_status_url
org_id = meraki.params['org_id']
if org_id is None:
org_id = meraki.get_org_id(meraki.params['org_name'])
net_id = meraki.params['net_id']
if net_id is None:
nets = meraki.get_nets(org_id=org_id)
net_id = meraki.get_net_id(net_name=meraki.params['net_name'],
data=nets)
webhook_id = meraki.params['webhook_id']
if webhook_id is None and meraki.params['name']:
webhooks = get_all_webhooks(meraki, net_id)
webhook_id = get_webhook_id(meraki.params['name'], webhooks)
if meraki.params['state'] == 'present' and meraki.params['test'] is None:
payload = {
'name': meraki.params['name'],
'url': meraki.params['url'],
'sharedSecret': meraki.params['shared_secret']
}
if meraki.params['state'] == 'query':
if webhook_id is not None: # Query a single webhook
path = meraki.construct_path('get_one',
net_id=net_id,
custom={'hookid': webhook_id})
response = meraki.request(path, method='GET')
if meraki.status == 200:
meraki.result['data'] = response
else:
path = meraki.construct_path('get_all', net_id=net_id)
response = meraki.request(path, method='GET')
if meraki.status == 200:
meraki.result['data'] = response
elif meraki.params['state'] == 'present':
if meraki.params['test'] == 'test':
payload = {'url': meraki.params['url']}
path = meraki.construct_path('test', net_id=net_id)
response = meraki.request(path,
method='POST',
payload=json.dumps(payload))
if meraki.status == 200:
meraki.result['data'] = response
meraki.exit_json(**meraki.result)
elif meraki.params['test'] == 'status':
if meraki.params['test_id'] is None:
meraki.fail_json(
"test_id is required when querying test status.")
path = meraki.construct_path(
'test_status',
net_id=net_id,
custom={'testid': meraki.params['test_id']})
response = meraki.request(path, method='GET')
if meraki.status == 200:
meraki.result['data'] = response
meraki.exit_json(**meraki.result)
if webhook_id is None: # Make sure it is downloaded
if webhooks is None:
webhooks = get_all_webhooks(meraki, net_id)
webhook_id = get_webhook_id(meraki.params['name'], webhooks)
if webhook_id is None: # Test to see if it needs to be created
if meraki.check_mode is True:
meraki.result['data'] = payload
meraki.result['data']['networkId'] = net_id
meraki.result['changed'] = True
meraki.exit_json(**meraki.result)
path = meraki.construct_path('create', net_id=net_id)
response = meraki.request(path,
method='POST',
payload=json.dumps(payload))
if meraki.status == 201:
meraki.result['data'] = response
meraki.result['changed'] = True
else: # Need to update
path = meraki.construct_path('get_one',
net_id=net_id,
custom={'hookid': webhook_id})
original = meraki.request(path, method='GET')
if meraki.is_update_required(original, payload):
if meraki.check_mode is True:
meraki.generate_diff(original, payload)
original.update(payload)
meraki.result['data'] = original
meraki.result['changed'] = True
meraki.exit_json(**meraki.result)
path = meraki.construct_path('update',
net_id=net_id,
custom={'hookid': webhook_id})
response = meraki.request(path,
method='PUT',
payload=json.dumps(payload))
if meraki.status == 200:
meraki.generate_diff(original, response)
meraki.result['data'] = response
meraki.result['changed'] = True
else:
meraki.result['data'] = original
elif meraki.params['state'] == 'absent':
if webhook_id is None: # Make sure it is downloaded
if webhooks is None:
webhooks = get_all_webhooks(meraki, net_id)
webhook_id = get_webhook_id(meraki.params['name'], webhooks)
if webhook_id is None:
meraki.fail_json(msg="There is no webhook with the name {0}".
format(meraki.params['name']))
if webhook_id: # Test to see if it exists
if meraki.module.check_mode is True:
meraki.result['data'] = None
meraki.result['changed'] = True
meraki.exit_json(**meraki.result)
path = meraki.construct_path('delete',
net_id=net_id,
custom={'hookid': webhook_id})
response = meraki.request(path, method='DELETE')
if meraki.status == 204:
meraki.result['data'] = response
meraki.result['changed'] = True
# in the event of a successful module execution, you will want to
# simple AnsibleModule.exit_json(), passing the key/value results
meraki.exit_json(**meraki.result)
def main():
# define the available arguments/parameters that a user can pass to
# the module
switch_ports_args = dict(
serial=dict(type='str'),
port_id=dict(type='str'),
)
switch_profile_ports_args = dict(
profile=dict(type='str'),
port_id=dict(type='str'),
)
argument_spec = meraki_argument_spec()
argument_spec.update(
state=dict(type='str',
choices=['absent', 'present', 'query'],
default='present'),
org_name=dict(type='str', aliases=['organization']),
org_id=dict(type='str'),
net_name=dict(type='str'),
net_id=dict(type='str'),
lag_id=dict(type='str'),
switch_ports=dict(type='list',
default=None,
elements='dict',
options=switch_ports_args),
# switch_profile_ports=dict(type='list', default=None, elements='dict', options=switch_profile_ports_args),
)
# the AnsibleModule object will be our abstraction working with Ansible
# this includes instantiation, a couple of common attr would be the
# args/params passed to the execution, as well as if the module
# supports check mode
module = AnsibleModule(
argument_spec=argument_spec,
supports_check_mode=True,
)
meraki = MerakiModule(module, function='ms_link_aggregation')
meraki.params['follow_redirects'] = 'all'
query_urls = {
'ms_link_aggregation': '/networks/{net_id}/switch/linkAggregations'
}
create_url = {
'ms_link_aggregation': '/networks/{net_id}/switch/linkAggregations'
}
update_url = {
'ms_link_aggregation':
'/networks/{net_id}/switch/linkAggregations/{lag_id}'
}
delete_url = {
'ms_link_aggregation':
'/networks/{net_id}/switch/linkAggregations/{lag_id}'
}
meraki.url_catalog['get_all'].update(query_urls)
meraki.url_catalog['create'] = create_url
meraki.url_catalog['update'] = update_url
meraki.url_catalog['delete'] = delete_url
payload = None
# execute checks for argument completeness
# manipulate or modify the state as needed (this is going to be the
# part where your module will do what it needs to do)
org_id = meraki.params['org_id']
if org_id is None:
org_id = meraki.get_org_id(meraki.params['org_name'])
net_id = meraki.params['net_id']
if net_id is None:
nets = meraki.get_nets(org_id=org_id)
net_id = meraki.get_net_id(org_id,
meraki.params['net_name'],
data=nets)
if meraki.params['state'] == 'query':
path = meraki.construct_path('get_all', net_id=net_id)
response = meraki.request(path, method='GET')
meraki.result['data'] = response
meraki.exit_json(**meraki.result)
elif meraki.params['state'] == 'present':
if meraki.params['lag_id'] is not None: # Need to update
lag = is_lag_valid(get_lags(meraki, net_id),
meraki.params['lag_id'])
if lag is not False: # Lag ID is valid
payload = construct_payload(meraki)
if meraki.is_update_required(lag, payload) is True:
path = meraki.construct_path(
'update',
net_id=net_id,
custom={'lag_id': meraki.params['lag_id']})
response = meraki.request(path,
method='PUT',
payload=json.dumps(payload))
meraki.result['changed'] = True
meraki.result['data'] = response
else:
meraki.result['data'] = lag
else:
meraki.fail_json("Provided lag_id is not valid.")
else:
path = meraki.construct_path('create', net_id=net_id)
payload = construct_payload(meraki)
response = meraki.request(path,
method='POST',
payload=json.dumps(payload))
meraki.result['changed'] = True
meraki.result['data'] = response
meraki.exit_json(**meraki.result)
elif meraki.params['state'] == 'absent':
path = meraki.construct_path(
'delete',
net_id=net_id,
custom={'lag_id': meraki.params['lag_id']})
response = meraki.request(path, method='DELETE')
meraki.result['data'] = {}
meraki.result['changed'] = True
# in the event of a successful module execution, you will want to
# simple AnsibleModule.exit_json(), passing the key/value results
meraki.exit_json(**meraki.result)
def main():
# define the available arguments/parameters that a user can pass to
# the module
argument_spec = meraki_argument_spec()
argument_spec.update(
state=dict(type='str', choices=['present', 'query'], default='query'),
net_name=dict(type='str'),
net_id=dict(type='str'),
broadcast_threshold=dict(type='int'),
multicast_threshold=dict(type='int'),
unknown_unicast_threshold=dict(type='int'),
)
# the AnsibleModule object will be our abstraction working with Ansible
# this includes instantiation, a couple of common attr would be the
# args/params passed to the execution, as well as if the module
# supports check mode
module = AnsibleModule(
argument_spec=argument_spec,
supports_check_mode=True,
)
meraki = MerakiModule(module, function='switch_storm_control')
meraki.params['follow_redirects'] = 'all'
query_urls = {
'switch_storm_control': '/networks/{net_id}/switch/stormControl'
}
update_url = {
'switch_storm_control': '/networks/{net_id}/switch/stormControl'
}
meraki.url_catalog['get_all'].update(query_urls)
meraki.url_catalog['update'] = update_url
payload = None
org_id = meraki.params['org_id']
if not org_id:
org_id = meraki.get_org_id(meraki.params['org_name'])
net_id = meraki.params['net_id']
if net_id is None:
nets = meraki.get_nets(org_id=org_id)
net_id = meraki.get_net_id(net_name=meraki.params['net_name'],
data=nets)
# execute checks for argument completeness
# manipulate or modify the state as needed (this is going to be the
# part where your module will do what it needs to do)
if meraki.params['state'] == 'query':
path = meraki.construct_path('get_all', net_id=net_id)
response = meraki.request(path, method='GET')
if meraki.status == 200:
meraki.result['data'] = response
elif meraki.params['state'] == 'present':
path = meraki.construct_path('get_all', net_id=net_id)
original = meraki.request(path, method='GET')
payload = construct_payload(meraki.params)
if meraki.is_update_required(original, payload) is True:
diff = recursive_diff(original, payload)
if meraki.check_mode is True:
original.update(payload)
meraki.result['data'] = original
meraki.result['changed'] = True
meraki.result['diff'] = {'before': diff[0], 'after': diff[1]}
meraki.exit_json(**meraki.result)
path = meraki.construct_path('update', net_id=net_id)
response = meraki.request(path,
method='PUT',
payload=json.dumps(payload))
if meraki.status == 200:
meraki.result['diff'] = {'before': diff[0], 'after': diff[1]}
meraki.result['data'] = response
meraki.result['changed'] = True
else:
meraki.result['data'] = original
# in the event of a successful module execution, you will want to
# simple AnsibleModule.exit_json(), passing the key/value results
meraki.exit_json(**meraki.result)
def main():
# define the available arguments/parameters that a user can pass to
# the module
argument_spec = meraki_argument_spec()
argument_spec.update(
net_id=dict(type='str'),
type=dict(type='list',
choices=['wireless', 'switch', 'appliance'],
aliases=['net_type']),
tags=dict(type='list'),
timezone=dict(type='str'),
net_name=dict(type='str', aliases=['name', 'network']),
state=dict(type='str',
choices=['present', 'query', 'absent'],
default='present'),
enable_vlans=dict(type='bool'),
disable_my_meraki=dict(type='bool', removed_in_version=2.13),
enable_my_meraki=dict(type='bool'),
enable_remote_status_page=dict(type='bool'),
)
# the AnsibleModule object will be our abstraction working with Ansible
# this includes instantiation, a couple of common attr would be the
# args/params passed to the execution, as well as if the module
# supports check mode
module = AnsibleModule(argument_spec=argument_spec,
supports_check_mode=False,
mutually_exclusive=[
('disable_my_meraki', 'enable_my_meraki'),
])
meraki = MerakiModule(module, function='network')
module.params['follow_redirects'] = 'all'
payload = None
create_urls = {'network': '/organizations/{org_id}/networks'}
update_urls = {'network': '/networks/{net_id}'}
delete_urls = {'network': '/networks/{net_id}'}
enable_vlans_urls = {'network': '/networks/{net_id}/vlansEnabledState'}
get_vlan_status_urls = {'network': '/networks/{net_id}/vlansEnabledState'}
meraki.url_catalog['create'] = create_urls
meraki.url_catalog['update'] = update_urls
meraki.url_catalog['delete'] = delete_urls
meraki.url_catalog['enable_vlans'] = enable_vlans_urls
meraki.url_catalog['status_vlans'] = get_vlan_status_urls
if not meraki.params['org_name'] and not meraki.params['org_id']:
meraki.fail_json(msg='org_name or org_id parameters are required')
if meraki.params['state'] != 'query':
if not meraki.params['net_name'] and not meraki.params['net_id']:
meraki.fail_json(
msg=
'net_name or net_id is required for present or absent states')
if meraki.params['net_name'] and meraki.params['net_id']:
meraki.fail_json(msg='net_name and net_id are mutually exclusive')
if not meraki.params['net_name'] and not meraki.params['net_id']:
if meraki.params['enable_vlans']:
meraki.fail_json(
msg=
"The parameter 'enable_vlans' requires 'net_name' or 'net_id' to be specified"
)
if meraki.params['enable_my_meraki'] is True and meraki.params[
'enable_remote_status_page'] is False:
meraki.fail_json(
msg=
'enable_my_meraki must be true when setting enable_remote_status_page'
)
# if the user is working with this module in only check mode we do not
# want to make any changes to the environment, just return the current
# state with no modifications
if module.check_mode:
return meraki.result
# Construct payload
if meraki.params['state'] == 'present':
payload = dict()
if meraki.params['net_name']:
payload['name'] = meraki.params['net_name']
if meraki.params['type']:
payload['type'] = list_to_string(meraki.params['type'])
if meraki.params['tags']:
payload['tags'] = construct_tags(meraki.params['tags'])
if meraki.params['timezone']:
payload['timeZone'] = meraki.params['timezone']
if meraki.params['enable_my_meraki'] is not None:
if meraki.params['enable_my_meraki'] is True:
payload['disableMyMerakiCom'] = False
else:
payload['disableMyMerakiCom'] = True
elif meraki.params['disable_my_meraki'] is not None:
payload['disableMyMerakiCom'] = meraki.params['disable_my_meraki']
if meraki.params['enable_remote_status_page'] is not None:
if meraki.params['enable_remote_status_page'] is True:
payload['disableRemoteStatusPage'] = False
# meraki.fail_json(msg="Debug", payload=payload)
else:
payload['disableRemoteStatusPage'] = True
# manipulate or modify the state as needed (this is going to be the
# part where your module will do what it needs to do)
org_id = meraki.params['org_id']
if not org_id:
org_id = meraki.get_org_id(meraki.params['org_name'])
nets = meraki.get_nets(org_id=org_id)
# check if network is created
net_id = meraki.params['net_id']
net_exists = False
if net_id is not None:
if is_net_valid(nets, net_id=net_id) is False:
meraki.fail_json(msg="Network specified by net_id does not exist.")
net_exists = True
elif meraki.params['net_name']:
if is_net_valid(nets, net_name=meraki.params['net_name']) is True:
net_id = meraki.get_net_id(net_name=meraki.params['net_name'],
data=nets)
net_exists = True
if meraki.params['state'] == 'query':
if not meraki.params['net_name'] and not meraki.params['net_id']:
meraki.result['data'] = nets
elif meraki.params['net_name'] or meraki.params['net_id'] is not None:
meraki.result['data'] = meraki.get_net(meraki.params['org_name'],
meraki.params['net_name'],
data=nets)
elif meraki.params['state'] == 'present':
if net_exists is False: # Network needs to be created
if 'type' not in meraki.params or meraki.params['type'] is None:
meraki.fail_json(
msg="type parameter is required when creating a network.")
path = meraki.construct_path('create', org_id=org_id)
r = meraki.request(path,
method='POST',
payload=json.dumps(payload))
if meraki.status == 201:
meraki.result['data'] = r
meraki.result['changed'] = True
else: # Network exists, make changes
# meraki.fail_json(msg="nets", nets=nets, net_id=net_id)
# meraki.fail_json(msg="compare", original=net, payload=payload)
if meraki.params[
'enable_vlans'] is not None: # Modify VLANs configuration
status_path = meraki.construct_path('status_vlans',
net_id=net_id)
status = meraki.request(status_path, method='GET')
payload = {'enabled': meraki.params['enable_vlans']}
# meraki.fail_json(msg="here", payload=payload)
if meraki.is_update_required(status, payload):
path = meraki.construct_path('enable_vlans', net_id=net_id)
r = meraki.request(path,
method='PUT',
payload=json.dumps(payload))
if meraki.status == 200:
meraki.result['data'] = r
meraki.result['changed'] = True
meraki.exit_json(**meraki.result)
else:
meraki.result['data'] = status
meraki.exit_json(**meraki.result)
net = meraki.get_net(meraki.params['org_name'],
net_id=net_id,
data=nets)
if meraki.is_update_required(net, payload):
path = meraki.construct_path('update', net_id=net_id)
# meraki.fail_json(msg="Payload", path=path, payload=payload)
r = meraki.request(path,
method='PUT',
payload=json.dumps(payload))
if meraki.status == 200:
meraki.result['data'] = r
meraki.result['changed'] = True
else:
meraki.result['data'] = net
elif meraki.params['state'] == 'absent':
if is_net_valid(nets, net_id=net_id) is True:
path = meraki.construct_path('delete', net_id=net_id)
r = meraki.request(path, method='DELETE')
if meraki.status == 204:
meraki.result['changed'] = True
# in the event of a successful module execution, you will want to
# simple AnsibleModule.exit_json(), passing the key/value results
meraki.exit_json(**meraki.result)
def main():
# define the available arguments/parameters that a user can pass to
# the module
server_arg_spec = dict(
host=dict(type='str'),
port=dict(type='int', default="514"),
roles=dict(type='list',
elements='str',
choices=[
'Wireless Event log',
'Appliance event log',
'Switch event log',
'Air Marshal events',
'Flows',
'URLs',
'IDS alerts',
'Security events',
]),
)
argument_spec = meraki_argument_spec()
argument_spec.update(
net_id=dict(type='str'),
servers=dict(type='list', elements='dict', options=server_arg_spec),
state=dict(type='str', choices=['present', 'query'],
default='present'),
net_name=dict(type='str', aliases=['name', 'network']),
)
# the AnsibleModule object will be our abstraction working with Ansible
# this includes instantiation, a couple of common attr would be the
# args/params passed to the execution, as well as if the module
# supports check mode
module = AnsibleModule(
argument_spec=argument_spec,
supports_check_mode=True,
)
meraki = MerakiModule(module, function='syslog')
module.params['follow_redirects'] = 'all'
payload = None
syslog_urls = {'syslog': '/networks/{net_id}/syslogServers'}
meraki.url_catalog['query_update'] = syslog_urls
if not meraki.params['org_name'] and not meraki.params['org_id']:
meraki.fail_json(msg='org_name or org_id parameters are required')
if meraki.params['state'] != 'query':
if not meraki.params['net_name'] and not meraki.params['net_id']:
meraki.fail_json(
msg=
'net_name or net_id is required for present or absent states')
if meraki.params['net_name'] and meraki.params['net_id']:
meraki.fail_json(msg='net_name and net_id are mutually exclusive')
# if the user is working with this module in only check mode we do not
# want to make any changes to the environment, just return the current
# state with no modifications
# manipulate or modify the state as needed (this is going to be the
# part where your module will do what it needs to do)
org_id = meraki.params['org_id']
if not org_id:
org_id = meraki.get_org_id(meraki.params['org_name'])
net_id = meraki.params['net_id']
if net_id is None:
nets = meraki.get_nets(org_id=org_id)
net_id = meraki.get_net_id(net_name=meraki.params['net_name'],
data=nets)
if meraki.params['state'] == 'query':
path = meraki.construct_path('query_update', net_id=net_id)
r = meraki.request(path, method='GET')
if meraki.status == 200:
meraki.result['data'] = r
elif meraki.params['state'] == 'present':
# Construct payload
payload = dict()
payload['servers'] = meraki.params['servers']
# Convert port numbers to string for idempotency checks
for server in payload['servers']:
if server['port']:
server['port'] = str(server['port'])
path = meraki.construct_path('query_update', net_id=net_id)
r = meraki.request(path, method='GET')
if meraki.status == 200:
original = dict()
original['servers'] = r
if meraki.is_update_required(original, payload):
if meraki.module.check_mode is True:
meraki.generate_diff(original, payload)
original.update(payload)
meraki.result['data'] = original
meraki.result['changed'] = True
meraki.exit_json(**meraki.result)
path = meraki.construct_path('query_update', net_id=net_id)
r = meraki.request(path, method='PUT', payload=json.dumps(payload))
if meraki.status == 200:
meraki.generate_diff(original, r)
meraki.result['data'] = r
meraki.result['changed'] = True
else:
if meraki.module.check_mode is True:
meraki.result['data'] = original
meraki.exit_json(**meraki.result)
meraki.result['data'] = original
# in the event of a successful module execution, you will want to
# simple AnsibleModule.exit_json(), passing the key/value results
meraki.exit_json(**meraki.result)
def main():
# define the available arguments/parameters that a user can pass to
# the module
rules_arg_spec = dict(
comment=dict(type='str'),
policy=dict(type='str', choices=['allow', 'deny']),
ip_version=dict(type='str', choices=['ipv4', 'ipv6', 'any']),
protocol=dict(type='str', choices=['tcp', 'udp', 'any']),
src_cidr=dict(type='str'),
src_port=dict(type='str'),
dst_cidr=dict(type='str'),
dst_port=dict(type='str'),
vlan=dict(type='str'),
)
argument_spec = meraki_argument_spec()
argument_spec.update(
state=dict(type='str',
choices=['absent', 'present', 'query'],
default='query'),
net_name=dict(type='str', aliases=['network']),
net_id=dict(type='str'),
rules=dict(type='list', elements='dict', options=rules_arg_spec),
)
# the AnsibleModule object will be our abstraction working with Ansible
# this includes instantiation, a couple of common attr would be the
# args/params passed to the execution, as well as if the module
# supports check mode
module = AnsibleModule(
argument_spec=argument_spec,
supports_check_mode=True,
)
meraki = MerakiModule(module, function='switch_access_list')
meraki.params['follow_redirects'] = 'all'
query_url = {
'switch_access_list': '/networks/{net_id}/switch/accessControlLists'
}
update_url = {
'switch_access_list': '/networks/{net_id}/switch/accessControlLists'
}
meraki.url_catalog['get_all'].update(query_url)
meraki.url_catalog['update'] = update_url
org_id = meraki.params['org_id']
if org_id is None:
org_id = meraki.get_org_id(meraki.params['org_name'])
net_id = meraki.params['net_id']
if net_id is None:
nets = meraki.get_nets(org_id=org_id)
net_id = meraki.get_net_id(net_name=meraki.params['net_name'],
data=nets)
if meraki.params['state'] == 'query':
path = meraki.construct_path('get_all', net_id=net_id)
result = meraki.request(path, method='GET')
if meraki.status == 200:
meraki.result['data'] = result
elif meraki.params['state'] == 'present':
path = meraki.construct_path('get_all', net_id=net_id)
original = meraki.request(path, method='GET')
payload = construct_payload(meraki.params)
comparable = deepcopy(original)
if len(comparable['rules']) > 1:
del comparable['rules'][
len(comparable['rules']) -
1] # Delete the default rule for comparison
else:
del comparable['rules'][0]
if meraki.is_update_required(comparable, payload):
if meraki.check_mode is True:
default_rule = original['rules'][len(original['rules']) - 1]
payload['rules'].append(default_rule)
new_rules = {'rules': payload['rules']}
meraki.result['data'] = new_rules
meraki.result['changed'] = True
diff = recursive_diff(original, new_rules)
meraki.result['diff'] = {'before': diff[0], 'after': diff[1]}
meraki.exit_json(**meraki.result)
path = meraki.construct_path('update', net_id=net_id)
response = meraki.request(path,
method='PUT',
payload=json.dumps(payload))
if meraki.status == 200:
diff = recursive_diff(original, payload)
meraki.result['data'] = response
meraki.result['changed'] = True
meraki.result['diff'] = {'before': diff[0], 'after': diff[1]}
else:
meraki.result['data'] = original
# in the event of a successful module execution, you will want to
# simple AnsibleModule.exit_json(), passing the key/value results
meraki.exit_json(**meraki.result)
def main():
# define the available arguments/parameters that a user can pass to
# the module
argument_spec = meraki_argument_spec()
argument_spec.update(state=dict(type='str', choices=['absent', 'present', 'query'], default='query'),
net_name=dict(type='str', aliases=['network']),
net_id=dict(type='str'),
serial=dict(type='str'),
lldp_cdp_timespan=dict(type='int'),
hostname=dict(type='str', aliases=['name']),
model=dict(type='str'),
tags=dict(type='list', elements='str', default=None),
lat=dict(type='float', aliases=['latitude'], default=None),
lng=dict(type='float', aliases=['longitude'], default=None),
address=dict(type='str', default=None),
move_map_marker=dict(type='bool', default=None),
note=dict(type='str', default=None),
query=dict(type='str', default=None, choices=['lldp_cdp', 'uplink'])
)
# the AnsibleModule object will be our abstraction working with Ansible
# this includes instantiation, a couple of common attr would be the
# args/params passed to the execution, as well as if the module
# supports check mode
module = AnsibleModule(argument_spec=argument_spec,
supports_check_mode=False,
)
meraki = MerakiModule(module, function='device')
if meraki.params['query'] is not None \
and meraki.params['query'] == 'lldp_cdp' \
and not meraki.params['lldp_cdp_timespan']:
meraki.fail_json(msg='lldp_cdp_timespan is required when querying LLDP and CDP information')
if meraki.params['net_name'] and meraki.params['net_id']:
meraki.fail_json(msg='net_name and net_id are mutually exclusive')
meraki.params['follow_redirects'] = 'all'
query_urls = {'device': '/networks/{net_id}/devices'}
query_org_urls = {'device': '/organizations/{org_id}/devices'}
query_device_urls = {'device': '/networks/{net_id}/devices/{serial}'}
query_device_lldp_urls = {'device': '/networks/{net_id}/devices/{serial}/lldp_cdp'}
claim_device_urls = {'device': '/networks/{net_id}/devices/claim'}
bind_org_urls = {'device': '/organizations/{org_id}/claim'}
update_device_urls = {'device': '/networks/{net_id}/devices/'}
delete_device_urls = {'device': '/networks/{net_id}/devices/{serial}/remove'}
meraki.url_catalog['get_all'].update(query_urls)
meraki.url_catalog['get_all_org'] = query_org_urls
meraki.url_catalog['get_device'] = query_device_urls
meraki.url_catalog['get_device_uplink'] = query_device_urls
meraki.url_catalog['get_device_lldp'] = query_device_lldp_urls
meraki.url_catalog['create'] = claim_device_urls
meraki.url_catalog['bind_org'] = bind_org_urls
meraki.url_catalog['update'] = update_device_urls
meraki.url_catalog['delete'] = delete_device_urls
payload = None
# execute checks for argument completeness
# manipulate or modify the state as needed (this is going to be the
# part where your module will do what it needs to do)
org_id = meraki.params['org_id']
if org_id is None:
org_id = meraki.get_org_id(meraki.params['org_name'])
nets = meraki.get_nets(org_id=org_id)
net_id = None
if meraki.params['net_id'] or meraki.params['net_name']:
net_id = meraki.params['net_id']
if net_id is None:
net_id = meraki.get_net_id(net_name=meraki.params['net_name'], data=nets)
if meraki.params['state'] == 'query':
if meraki.params['net_name'] or meraki.params['net_id']:
device = []
if meraki.params['serial']:
path = meraki.construct_path('get_device', net_id=net_id, custom={'serial': meraki.params['serial']})
request = meraki.request(path, method='GET')
device.append(request)
meraki.result['data'] = device
if meraki.params['query'] == 'uplink':
path = meraki.construct_path('get_device_uplink', net_id=net_id, custom={'serial': meraki.params['serial']})
meraki.result['data'] = (meraki.request(path, method='GET'))
elif meraki.params['query'] == 'lldp_cdp':
if meraki.params['lldp_cdp_timespan'] > 2592000:
meraki.fail_json(msg='LLDP/CDP timespan must be less than a month (2592000 seconds)')
path = meraki.construct_path('get_device_lldp', net_id=net_id, custom={'serial': meraki.params['serial']})
path = path + '?timespan=' + str(meraki.params['lldp_cdp_timespan'])
device.append(meraki.request(path, method='GET'))
meraki.result['data'] = device
elif meraki.params['hostname']:
path = meraki.construct_path('get_all', net_id=net_id)
devices = meraki.request(path, method='GET')
for unit in devices:
try:
if unit['name'] == meraki.params['hostname']:
device.append(unit)
meraki.result['data'] = device
except KeyError:
pass
elif meraki.params['model']:
path = meraki.construct_path('get_all', net_id=net_id)
devices = meraki.request(path, method='GET')
device_match = []
for device in devices:
if device['model'] == meraki.params['model']:
device_match.append(device)
meraki.result['data'] = device_match
else:
path = meraki.construct_path('get_all', net_id=net_id)
request = meraki.request(path, method='GET')
meraki.result['data'] = request
else:
path = meraki.construct_path('get_all_org', org_id=org_id, params={'perPage': '1000'})
devices = meraki.request(path, method='GET', pagination_items=1000)
if meraki.params['serial']:
for device in devices:
if device['serial'] == meraki.params['serial']:
meraki.result['data'] = device
else:
meraki.result['data'] = devices
elif meraki.params['state'] == 'present':
device = []
if net_id is None: # Claim a device to an organization
device_list = get_org_devices(meraki, org_id)
if is_device_valid(meraki, meraki.params['serial'], device_list) is False:
payload = {'serial': meraki.params['serial']}
path = meraki.construct_path('bind_org', org_id=org_id)
created_device = []
created_device.append(meraki.request(path, method='POST', payload=json.dumps(payload)))
meraki.result['data'] = created_device
meraki.result['changed'] = True
else: # A device is assumed to be in an organization
device_list = get_net_devices(meraki, net_id)
if is_device_valid(meraki, meraki.params['serial'], device_list) is True: # Device is in network, update
query_path = meraki.construct_path('get_all', net_id=net_id)
if is_device_valid(meraki, meraki.params['serial'], device_list):
payload = construct_payload(meraki.params)
query_path = meraki.construct_path('get_device', net_id=net_id, custom={'serial': meraki.params['serial']})
device_data = meraki.request(query_path, method='GET')
ignore_keys = ['lanIp', 'serial', 'mac', 'model', 'networkId', 'moveMapMarker', 'wan1Ip', 'wan2Ip']
if meraki.is_update_required(device_data, payload, optional_ignore=ignore_keys):
path = meraki.construct_path('update', net_id=net_id) + meraki.params['serial']
updated_device = []
updated_device.append(meraki.request(path, method='PUT', payload=json.dumps(payload)))
meraki.result['data'] = updated_device
meraki.result['changed'] = True
else:
meraki.result['data'] = device_data
else: # Claim device into network
query_path = meraki.construct_path('get_all', net_id=net_id)
device_list = meraki.request(query_path, method='GET')
if is_device_valid(meraki, meraki.params['serial'], device_list) is False:
if net_id:
payload = {'serials': [meraki.params['serial']]}
path = meraki.construct_path('create', net_id=net_id)
created_device = []
created_device.append(meraki.request(path, method='POST', payload=json.dumps(payload)))
meraki.result['data'] = created_device
meraki.result['changed'] = True
elif meraki.params['state'] == 'absent':
device = []
query_path = meraki.construct_path('get_all', net_id=net_id)
device_list = meraki.request(query_path, method='GET')
if is_device_valid(meraki, meraki.params['serial'], device_list) is True:
path = meraki.construct_path('delete', net_id=net_id, custom={'serial': meraki.params['serial']})
request = meraki.request(path, method='POST')
meraki.result['changed'] = True
# in the event of a successful module execution, you will want to
# simple AnsibleModule.exit_json(), passing the key/value results
meraki.exit_json(**meraki.result)
def main():
# define the available arguments/parameters that a user can pass to
# the module
argument_spec = meraki_argument_spec()
argument_spec.update(
clone=dict(type='str'),
state=dict(type='str',
choices=['absent', 'present', 'query'],
default='present'),
org_name=dict(type='str', aliases=['name', 'organization']),
org_id=dict(type='str', aliases=['id']),
delete_confirm=dict(type='str'),
)
# the AnsibleModule object will be our abstraction working with Ansible
# this includes instantiation, a couple of common attr would be the
# args/params passed to the execution, as well as if the module
# supports check mode
module = AnsibleModule(
argument_spec=argument_spec,
supports_check_mode=True,
)
meraki = MerakiModule(module, function='organizations')
meraki.params['follow_redirects'] = 'all'
create_urls = {'organizations': '/organizations'}
update_urls = {'organizations': '/organizations/{org_id}'}
delete_urls = {'organizations': '/organizations/{org_id}'}
clone_urls = {'organizations': '/organizations/{org_id}/clone'}
meraki.url_catalog['create'] = create_urls
meraki.url_catalog['update'] = update_urls
meraki.url_catalog['clone'] = clone_urls
meraki.url_catalog['delete'] = delete_urls
payload = None
# manipulate or modify the state as needed (this is going to be the
# part where your module will do what it needs to do)
orgs = meraki.get_orgs()
if meraki.params['state'] == 'query':
if meraki.params['org_name']: # Query by organization name
module.warn(
'All matching organizations will be returned, even if there are duplicate named organizations'
)
for o in orgs:
if o['name'] == meraki.params['org_name']:
meraki.result['data'] = o
elif meraki.params['org_id']:
for o in orgs:
if o['id'] == meraki.params['org_id']:
meraki.result['data'] = o
else: # Query all organizations, no matter what
meraki.result['data'] = orgs
elif meraki.params['state'] == 'present':
if meraki.params['clone']: # Cloning
payload = {'name': meraki.params['org_name']}
response = meraki.request(meraki.construct_path(
'clone', org_name=meraki.params['clone']),
payload=json.dumps(payload),
method='POST')
if meraki.status != 201:
meraki.fail_json(msg='Organization clone failed')
meraki.result['data'] = response
meraki.result['changed'] = True
elif not meraki.params['org_id'] and meraki.params[
'org_name']: # Create new organization
payload = {'name': meraki.params['org_name']}
response = meraki.request(meraki.construct_path('create'),
method='POST',
payload=json.dumps(payload))
if meraki.status == 201:
meraki.result['data'] = response
meraki.result['changed'] = True
elif meraki.params['org_id'] and meraki.params[
'org_name']: # Update an existing organization
payload = {
'name': meraki.params['org_name'],
'id': meraki.params['org_id'],
}
original = get_org(meraki, meraki.params['org_id'], orgs)
if meraki.is_update_required(original,
payload,
optional_ignore=['url']):
response = meraki.request(meraki.construct_path(
'update', org_id=meraki.params['org_id']),
method='PUT',
payload=json.dumps(payload))
if meraki.status != 200:
meraki.fail_json(msg='Organization update failed')
meraki.result['data'] = response
meraki.result['changed'] = True
else:
meraki.result['data'] = original
elif meraki.params['state'] == 'absent':
if meraki.params['org_name'] is not None:
org_id = meraki.get_org_id(meraki.params['org_name'])
elif meraki.params['org_id'] is not None:
org_id = meraki.params['org_id']
if meraki.params['delete_confirm'] != org_id:
meraki.fail_json(
msg=
"delete_confirm must match the network ID of the network to be deleted."
)
if meraki.check_mode is True:
meraki.result['data'] = {}
meraki.result['changed'] = True
meraki.exit_json(**meraki.result)
path = meraki.construct_path('delete', org_id=org_id)
response = meraki.request(path, method='DELETE')
if meraki.status == 204:
meraki.result['data'] = {}
meraki.result['changed'] = True
# in the event of a successful module execution, you will want to
# simple AnsibleModule.exit_json(), passing the key/value results
meraki.exit_json(**meraki.result)
